Commit Graph

109 Commits

Author SHA1 Message Date
Rish
58084ac96e Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Katharina Irrgang
7fb0b96f3e Added Node v10 Support (#10058)
* Added Node v10 Support

no issue

Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>

* Bump amperize to version 0.3.8

no issue

* Bump mysql to version 2.16.0

no issue

- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()

* Bump sub dependencies

no issue

- e.g. knex-migrator used mysql 2.15.0

* Bump dependencies

no issue

* Replaced `new Buffer` with `Buffer.from`

no issue

- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Katharina Irrgang
7d9e2a21ad Dynamic Routing: Added migration for routes.yaml file (#9692)
refs #9601

- the home.hbs behaviour for the index collection (`/`) is hardcoded in Ghost
- we would like to migrate all existing routes.yaml files
- we only replace the file if the contents of the routes.yaml file equals the old routes.yaml format (with home.hbs as template)
- updated README of settings folder
- if we don't remove the home.hbs template from the default routes.yaml file, home.hbs will be rendered for any page of the index collection
  - the backwards compatible behaviour was different
  - only render home.hbs for page 1
- remember: the default routes.yaml file reflects how Ghost was working without dynamic routing
2018-06-22 20:28:01 +02:00
Ivan Akulov
e9d1d34739 Fixed missing Bluebird require in security/password.js (#9624)
no issue
2018-05-28 23:01:01 +02:00
kirrg001
c19a0c9942 🔥 Drop Node v4 Support
no issue

- support ends today
- see https://github.com/nodejs/Release
- removed `use strict`
2018-05-01 14:06:18 +02:00
kirrg001
a0ee411e6e Added unit tests for models.Invite.add
no issue

- replaced token creation by `lib.common.security`
- added unit tests for adding invites
- allow a different invite status for internal access
2018-04-25 11:56:45 +02:00
kirrg001
5d1a4418bd Added lib.security.password lib
no issue

- move password hashing and password comparison to lib/security/password
- added two unit test
- FYI: password hashing takes ~100ms
  - we could probably mock password hashing in certain cases when unit testing
2018-02-15 21:13:04 +01:00
kirrg001
72911862e7 Moved unique identifier generation to lib/security
refs #9178
2017-12-14 13:52:20 +01:00
kirrg001
411ce69006 Moved tokens, url safe and safe string utility to lib/security
refs #9178

- we could now also move any crypto usages to lib/security, but no priority
- the main goal is to tidy up our utils folder
2017-12-14 13:38:00 +01:00