Commit Graph

18 Commits

Author SHA1 Message Date
Hannah Wolfe
0ce2958ee7 Updating password length validation
- setting it back to 7 chars so that people who have 7 char passwords, which were valid, can login.
2013-08-20 10:43:11 +01:00
Hannah Wolfe
4cc3a11cda Manually merging pull request #439 from javorszky/iss354
Conflicts:
	core/client/views/login.js
2013-08-20 10:11:09 +01:00
Gabor Javorszky
be7ed2dfdc Added validation for signup and login screens
Closes #374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
2013-08-20 09:42:42 +01:00
Gabor Javorszky
4e1aa2119c Removed flash, renamed file, unbroken logout / login request notifications
Closes #354
* Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/)
* Reintroduced the "Successfully logged out" message
* Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications
* Removed flash from everywhere. Even from package.json.
* Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly
* Added function to parse GET variables on client side
2013-08-20 08:15:06 +01:00
Gabor Javorszky
f6d164b5d8 Current user added
Closes #340. Closes #375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
2013-08-17 22:02:46 +01:00
Hannah Wolfe
2f11f053ab Minor code cleanup, docs and other bits & pieces 2013-08-06 22:24:40 +01:00
Hannah Wolfe
eac3047d45 Merge pull request #339 from javorszky/iss282
Users can change password
2013-08-06 01:17:43 -07:00
Gabor Javorszky
071f9769c6 Users can change password
Closes #282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.

On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.

Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 00:49:06 +01:00
cobbspur
558c9d6caa Added image upload reusable plugin
issue #40 and issue #280

- Adds uploader jquery plugin
- includes settings for enabling/disabling upload progress bar
- adds routing for image uploads
- adds directories by year and month based on upload date
- Implements plugin on settings - general pane
- Implements plugin on editor
- adjusted general tab to save uploaded image src

TODO:
- Add error handling
- Storing information on editor
- Add events
2013-08-05 23:01:48 +01:00
Hannah Wolfe
52dc22c952 Editable user profiles in settings screen
closes #276

 - settings screen now loads a model when a pane is requested, rather than when the whole screen is requested
 - added browse, read and edit methods and routes for users to the API
 - added user model & template to client and wired everything up.
 - provided default images for cover and profile picture
2013-08-05 18:26:44 +01:00
Hannah Wolfe
338109c762 Data models import, export, and reset for 002
- added line to index.js to set node_env to development if it is not set
 - fixed a small bug with the persistent notifications and used them on debug page from server side
 - added 002 files to manage export and import for 002
 - 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
 - added reset to models and migration, which does the down operation the same way that init does the up operation
 - import and reset clear session & redirect to login / signup
 - additional unit tests
2013-08-05 13:56:30 +01:00
Hannah Wolfe
6a2851e9ca JSLint fixes for new version
- forgot to force install
- had to clean up grunt task now we no longer need the 'm' alias
- cleaned up a couple of issues it wasn't picking up before
2013-07-31 09:21:22 +01:00
Hannah Wolfe
97eb827d47 Replaced user menu label with current Ghost version no
closes #286
- added current version as an app.local variable available on both client and server
- swapped out the user menu label for the version no
2013-07-30 12:56:16 +01:00
ErisDS
6dd753212f Show message and don't start on unsupported node versions
closes #292
- added engines and enginestrict properties to package.json
- these provide warnings / errors when installing through npm
- added our own check using this info on start, throws a useful error and stops the app if the node version is not supported
- also switched sqlite3 to the latest version and checked it works with various node versions
2013-07-30 11:47:13 +01:00
Christopher Giffard
799911c4a3 Adjusted launch procedure to use conditional app configuration based on NODE_ENV. Also included a warning on launch that Ghost is development software. 2013-07-25 22:22:45 +10:00
Gabor Javorszky
b77a8fd0d9 Notifications on front end
Should close #37. There are persistent and passive notifications.

Persistent ones:
* are stored on `ghost.notifications`.
* have an api made to add / remove them with client side ajax logic (probably not the most elegant, but works)
* uses a modified `flashes.hbs` template
* will only disappear if user closes the bar
* stack

Passive
* added with backbone view / collection combo
* stack
* disappears on navigation and when user closes it
2013-07-22 14:41:27 +01:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00
Hannah Wolfe
3d2b56b6a9 Config and naming
- issue #154, issue #224 and issue #220
- change port number from 3333 to 2368
- change main file name from app.js to index.js
- update README & package.json to match
2013-07-07 16:50:50 +01:00