TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-15 19:52:01 +03:00
Code Issues Projects Releases Wiki Activity
6,351 Commits 253 Branches 1,686 Tags 364 MiB
6238dbc784
Commit Graph

14 Commits

Author SHA1 Message Date
Hannah Wolfe
1f8a4fe97d Add user and client authentication events 
no issue

- slowly rolling out events across the app
 2016-04-08 23:11:33 +01:00
Jason Williams
07dab144bd Add middleware for handling CORS 
Refs #6644
- deps: cors@2.7.1; Add express cors package.
- Adds new middleware for proper CORS support.
- Handles CORS pre-flight checks.
- Separates request authentication/authorization from
  CORS.
 2016-03-31 10:58:52 -05:00
Jason Williams
23c162796a Relax origin checking in auth middleware 
Refs #6642
- Do not send CORS headers on an invalid "origin"
  header, but otherwise allow the response to
  proceed normally. This enforces CORS for the browser
  but does not blow up non-CORS requests.
 2016-03-31 10:58:52 -05:00
rfpe
7abcc43907 Harvest server side strings 
closes #5617
- Replace all hard-coded server-side strings with i18n translations
 2015-12-19 12:12:16 +01:00
Hannah Wolfe
883152ff15 Improvements to client auth error logging 
no issue

- If client credentials are missing, or not valid, output a clear message in the server console
- Still defaults to sending the 'access denied to url' error to the frontend
 2015-12-15 08:29:44 +00:00
Hannah Wolfe
4bfacf6b86 Change server-side labs utility to be synchronous 
refs #6165

- Use the settings cache to populate config.labs whenever settings change
- Use the labs util just to check if a flag isSet synchronously
 2015-12-03 16:05:50 +00:00
Sebastian Gierlinger
ee275f4d0c OAuth Middleware refactor 
refs #5286
- moved oauth server initialization to oauth.js
- moved generateAccessToken() to oauth.js
- added tests
 2015-12-01 21:20:11 +01:00
Sebastian Gierlinger
245095c199 Origin Header revisited 
closes #6106
- added override for my-ghost-blog.com
- added local IP addresses to be allowed
- changed localhost/127.0.0.1 to be allowed in production
 2015-11-26 13:11:31 +01:00
Sebastian Gierlinger
8c50609491 Handling Origin Header 
closes #6106
- added better error message for client and console
- added exclusion of localhost/127.0.0.1 for dev mode
 2015-11-23 18:21:19 +01:00
Austin Burdine
67a6b4c07b allow api requests to be made with the access token as a query parameter 
closes #6040
- adds check for access token query parameter in auth middleware
 2015-11-12 11:26:18 -06:00
Hannah Wolfe
df82895db7 Move get helper behind labs flag 
issue #5976

- break out the labs check into a utility
- wrap the get helper in a labs check, so it only works if the checkbox is checked
- make the get helper output an error to both the server and browser console if used when not enabled
 2015-11-03 19:39:37 +00:00
Sebastian Gierlinger
bf65c136ce Move Public API behind labs flag 
closes #5941
- added UI to labs page
- added method to determine if full authentication is required
- updated public_api tests to enable public api first
 2015-11-02 14:18:58 +01:00
cobbspur
d0d126eba7 Ensure public api can uses limit parameter 
No Issue

- removes client id and secret after authentication
- adds tests to check default limit, all and integer
 2015-10-29 15:36:54 +00:00
Sebastian Gierlinger
f48dfb09cf Public API 
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
 2015-10-22 15:28:47 +02:00