Commit Graph

1012 Commits

Author SHA1 Message Date
Gabor Javorszky
be7ed2dfdc Added validation for signup and login screens
Closes #374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
2013-08-20 09:42:42 +01:00
Jacob Gable
a1d00b56b2 Trim title and don't allow negative pages
Added a .trim() to the slug generation and redirect to the first page if
the page parameter is parsed as less than 1.
2013-08-19 21:18:39 -05:00
William Dibbern
4f2421fac7 MySQL Support
Closes #364
- Confirmed integration with local mysql installation works.
- Updated fixtures and migration with appropriate schema-conforming
values.
- Updated schema with appropriate defaults and nullable columns.
- Updated fixDates function on model base to appropriately deserialize
values coming from SQLite now that dates are stored as actual DateTime
objects/ISO strings.
- Updated default language to be 'en_US'.
2013-08-19 17:25:02 -05:00
Hannah Wolfe
fd33b276a0 Merge pull request #419 from jgable/postPermissions
Edit Post Permissions
2013-08-18 12:11:55 -07:00
Jacob Gable
53061a4c04 Fix multiple title slug generation
Change slug generation to not append multiple hyphens
2013-08-18 13:23:15 -05:00
Jacob Gable
bbe5105048 Edit Post Permissions 2013-08-18 12:28:05 -05:00
Gabor Javorszky
f6d164b5d8 Current user added
Closes #340. Closes #375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
2013-08-17 22:02:46 +01:00
Hannah Wolfe
2f11f053ab Minor code cleanup, docs and other bits & pieces 2013-08-06 22:24:40 +01:00
Gabor Javorszky
071f9769c6 Users can change password
Closes #282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.

On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.

Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 00:49:06 +01:00
Hannah Wolfe
338109c762 Data models import, export, and reset for 002
- added line to index.js to set node_env to development if it is not set
 - fixed a small bug with the persistent notifications and used them on debug page from server side
 - added 002 files to manage export and import for 002
 - 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
 - added reset to models and migration, which does the down operation the same way that init does the up operation
 - import and reset clear session & redirect to login / signup
 - additional unit tests
2013-08-05 13:56:30 +01:00
Jacob Gable
9393a956f4 Magnificent Migrations of Magical Majesty 2013-08-05 13:56:30 +01:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00