Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
3b08cc684b
Start on ban notes
2 years ago
Thomas Lynch
190410cc54
Bugfix issue with tor and renewing bypasses in some situations. Should be fetching *upserted* id from db or just using known ID.
2 years ago
Thomas Lynch
8061ffecb4
Add solvedCaptcha=true check also to blockbypass for the few routes which check block bypass w/o verifyCaptcha middleware before
2 years ago
Thomas Lynch
2de0c0021e
Ignore imghash failing close #481
2 years ago
Thomas Lynch
65c06cc39e
Remove cruft of old pre-bypass captcha verification skip
2 years ago
Thomas Lynch
47083e149b
Fix the anonymizer bypass captcha permission issue (and fix the stupid pre-bypass and postsEarly in general)
2 years ago
Thomas Lynch
3a4737ad8e
Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers
2 years ago
Thomas Lynch
c1dc877459
Set now non-default defParamCharset: "utf8" busboy option to correctly handle encoding of filenames that need utf8
2 years ago
Thomas Lynch
d8f2e8292f
add eslint rules
...
no-template-curly-in-string (+find and fix minor bug in redirect)
curly
no-multiple-empty-lines
2 years ago
Thomas Lynch
e047782249
eslint lib, migrations, db, models, test, schedules and root dir
2 years ago
Thomas Lynch
a9af02e105
bugfix incorrect fallback for arraysetting in board tags
...
undo a change in paramconverter that could mess with array inputs being unset
migration to unfuck any broken board tags from this
2 years ago
Thomas Lynch
3de70f05b9
fix tmp dir
2 years ago
Thomas Lynch
30c0bc9b7f
Session expiry 1 day -> 3 days
2 years ago
Thomas Lynch
62678c2b19
Bans can now be "upgraded" retroactively to expand single IP bans to qrange/hrange bans.
...
The ban table now has a column or whether a ban is of an IP or Bypass ID. (Or pruned IP, if you were dumb enough to ban one of those)
2 years ago
Thomas Lynch
e22715517d
dont leak issuer if !ban.showUser in new json of bans for ban/appeal modal
2 years ago
Thomas Lynch
7805054635
modal shows bans, and are appealable from the modal
...
bugfix already appealed bans showing as "appealable"
minor ban form/ban mixin tweaks
no more sketchy way of "clearing" the form and resubmitting to show bans page. nice!
2 years ago
Thomas Lynch
bb582c2de8
"helpers" -> "lib
...
god help anybody who gets serious merge conflicts from this
close #434
2 years ago
Thomas Lynch
4f525b6613
move, rename, reorganise "helpers" => "lib"
2 years ago