- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
Add warning to twofactor.html that other sessions will be logged out and they have to log in again
Change cache-control header to no-cache, even though private is secure (prevent showing cached page without outdated secret)
set a new default font which is common on linux, in debian repos, and has the chess characters
remove 24MB font file that came from i dont even remember where
Close#479 add endpoints for board and global settings.json to api with options that would be useful for a 3rd party app. Add the associated tasks, calls to them in settings.
Small change and add comments in lib/build/render.
Generators changes:
- take captchaoptions as argument, so no longer require config.get or captchas db imports
- return the captcha object (gm instance) and solution (whatever).
The model itself inserts the solution to db, gets captchaid for filename and cookie, and writes the image to disk.
Slightly cleaner imo, and makes the captcha generators more testable without requiring any mocking for DB/config.
note: only for making posts (for now), pending a refactor of some checks that are shared and duplicated between other file upload models e.g. banners/asset
re: the captcha one, roundrobin = too fast expiring, sampling expireAfter $gte some time = possible to not get returned a captcha. so stucking with random. been working fine.
note: i am dumb and the testing account has BYPASS_FILTERS so what i broke in changing filters went unnoticed
in future, will add more tests w/ different permission levels
property name fixes/change, category -> type, type -> range, now they reflect more what they actually are
bantable updated, bit cleaner mixin
bantables now more compact, will overflow (with scroll) and no text wrap
close#446
and refactor the deleting to return the bulkwrites
partly related to #215, moveposts/editposts it makes sense to remarkup because in those case we can even be adding quotes.
bugfix already appealed bans showing as "appealable"
minor ban form/ban mixin tweaks
no more sketchy way of "clearing" the form and resubmitting to show bans page. nice!
