Thomas Lynch
d68a32b831
Add some additional improved permission.js tests, and null check rather than !Metadata in permission handleBody (because else 0 would be true)
2 years ago
Thomas Lynch
473eb94d39
Update permission.test.js to correctly expect() the .every rather than in the every callback, else it would only check the first one
2 years ago
Thomas Lynch
fba680f40c
permissions metadata change, allow blocking editing/disable checkbox
2 years ago
Thomas Lynch
277745a5ca
Fix the completely fucked up "my permission", the board equivalent, and staff permissions page since a recent permission update. Upside is it now considers the "parent" thing, which is nice.
2 years ago
Thomas Lynch
7a3095594f
Change permissions metadata to be keyed by the permission bits
...
Refactor form handling for permissions in editrole/editaccount, make mush shorter and more maintainable
2 years ago
Thomas Lynch
5a7368a0a4
Add a new property to permissions metadata and reflect on frontend inability for users without that "parent" permission to edit roles/accounts to have some permissions e.g. root, edit roles, edit accs
...
Put the metadata into permissions.js (also TODO: key the metadata by bits instead? i.e [Permisions.whatever]: {})
2 years ago
Thomas Lynch
7e3c424da3
Small note about global board management permissions, allow subtitles along with titles in permission metadata
2 years ago
Thomas Lynch
bdf5da0adc
Ban type ip display and storage improvement
2 years ago
Thomas Lynch
1bba36b48e
Make label form of url/link posting regex support mailto
2 years ago
Thomas Lynch
326c11b95c
Close #503 attach ip version to cloak
2 years ago
Thomas Lynch
6b394aca69
Bugfix to 2fa, code-reuse prevention was blocking all codes rather than only a recently used correct code.
2 years ago
Thomas Lynch
f4328812f2
Add e2e tests for twofactor
...
Remove some cruft from package-lock from speakeasy
Add guard in dotwofactor for no/null (not blank) twofactor
2 years ago
Thomas Lynch
29bb4856ab
2fa improvements
...
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
2 years ago
Thomas Lynch
d9288a137a
Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async
2 years ago
Thomas Lynch
4d86406483
Initial commit of 2FA for accounts, TOTP-based
2 years ago
Thomas Lynch
78bd713274
Hide note from dynamicresponse in filteractions, and make seen default to true
2 years ago
Thomas Lynch
3b08cc684b
Start on ban notes
2 years ago
Thomas Lynch
190410cc54
Bugfix issue with tor and renewing bypasses in some situations. Should be fetching *upserted* id from db or just using known ID.
2 years ago
Thomas Lynch
353926f44d
fix captcha tests, update to support new captchaOptions format with font
2 years ago
Thomas Lynch
0fc87e752d
make captcha font apply to text AND grid
...
set a new default font which is common on linux, in debian repos, and has the chess characters
remove 24MB font file that came from i dont even remember where
2 years ago
Thomas Lynch
ff7db40f42
make font size of grid captcha scale roughly to the current ratio of 20-30:120
2 years ago
Thomas Lynch
2a48b10054
Fix duplicate key in projectedsettings for board settings, and make custompages jsons get removed on deleting custom page.
...
Close #479 add endpoints for board and global settings.json to api with options that would be useful for a 3rd party app. Add the associated tasks, calls to them in settings.
Small change and add comments in lib/build/render.
2 years ago
Thomas Lynch
641c087ecc
Add public json for modlog list, logs, custompages
...
update the banners task to output json (not just render it), so it can be reached on first pageload
close #491
2 years ago
Thomas Lynch
1e70a5aa62
Fix incorrect arg to Modlogs.deleteOld not pruning modlogs when updating modloglist. (the public page was still "correct" since it filtered the dates beforehand)
2 years ago
Thomas Lynch
df409471bb
Close #483 migrate from socket.io-redis to @socket.io/redis-adapter
2 years ago
Thomas Lynch
8061ffecb4
Add solvedCaptcha=true check also to blockbypass for the few routes which check block bypass w/o verifyCaptcha middleware before
2 years ago
Thomas Lynch
2de0c0021e
Ignore imghash failing close #481
2 years ago
Thomas Lynch
65c06cc39e
Remove cruft of old pre-bypass captcha verification skip
2 years ago
Thomas Lynch
47083e149b
Fix the anonymizer bypass captcha permission issue (and fix the stupid pre-bypass and postsEarly in general)
2 years ago
Thomas Lynch
3a4737ad8e
Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers
2 years ago
Thomas Lynch
fb5b9ddb1f
write the captchas to tmp in tests ref #469 !258
2 years ago
Thomas Lynch
fb57aa6fd5
Add captcha generators tests (doesnt write them to disk, but runs the generator function for catching issues like !255 ref #469
2 years ago
Thomas Lynch
b1751f1706
allow grid captcha yIconOffset=0
2 years ago
Thomas Lynch
06828da6c0
Refactor captcha generators and captcha model
...
Generators changes:
- take captchaoptions as argument, so no longer require config.get or captchas db imports
- return the captcha object (gm instance) and solution (whatever).
The model itself inserts the solution to db, gets captchaid for filename and cookie, and writes the image to disk.
Slightly cleaner imo, and makes the captcha generators more testable without requiring any mocking for DB/config.
2 years ago
Thomas Lynch
f0ae0691a4
Remove duplicate call to randomof and setting characters
...
Remove debug
ref #469
2 years ago
Thomas Lynch
c969814f54
First version of grid v2
2 years ago
Thomas Lynch
6e80af2eec
Fix another non integer argument to randomrange :^)
2 years ago
some random guy
f6631068d1
captcha/getdistorts: randomRange requires integers
2 years ago
some random guy
f0780291b6
captcha/getdistorts: randomRange requires integers
2 years ago
Thomas Lynch
8f74885ba2
Add noise and paint slider options to grid captcha
2 years ago
Thomas Lynch
05413d72c6
Ref #418 add the abandoned boards handling
...
Fix small bug with incorrect schema for the setting
Set both schedules to immediate: false
2 years ago
Thomas Lynch
6ec6b32ed5
Change "wave" and "paint" text effect captcha options from toggle to slider
...
Add "noise" text captcha effect slider
Add font lib to get list of system fonts
Add "font" text captcha option
ref #469
2 years ago
Thomas Lynch
70eb647321
Fix rng captcha generation error. Couldnt cherry-pick 0c2e99a96b
because I decided to accidentally include an unrelated change
2 years ago
Thomas Lynch
0c2e99a96b
Fix issue of randomrange min < max constraint sometimes being violated
2 years ago
Thomas Lynch
c1dc877459
Set now non-default defParamCharset: "utf8" busboy option to correctly handle encoding of filenames that need utf8
2 years ago
Thomas Lynch
c8ebf9a579
Improvement to grid v1 to allow customising, allowing for something like this.
...
-true characters
-false characters
-question text
Make optional (and add additional options for) some filters/effects
-paint
-line
-wave
2 years ago
Thomas Lynch
18ab7d24ee
When strict mime validation is enabled, actually tell the user what the server thinks the mime is in the mismatch error message.
...
note: only for making posts (for now), pending a refactor of some checks that are shared and duplicated between other file upload models e.g. banners/asset
2 years ago
Thomas Lynch
cc21f9390f
Replace randomRange with native crypto.randomInt close #464
...
Cleanup the captcha generators a bit, add comments, refactor duplicate getting distortions code to separate file.
2 years ago
Thomas Lynch
36ed7a8fc4
Update some scoped packages and switch to using published npm rather than off git+https to gitgud
2 years ago
Thomas Lynch
aaae81ff5b
Move alphaNumericRegex to schema checker from todo
2 years ago