Commit Graph

189 Commits

Author SHA1 Message Date
Princi Vershwal
3f1fa96003
Updated code for fetching location (#21368)
Ref:
https://linear.app/ghost/issue/ENG-1660/undefined-location-when-logging-in-on-ios
2024-10-23 06:43:42 +01:00
Sam Lord
3ed1f6a8ca Added tests for sessions API with 2fa enabled 2024-10-21 11:01:40 +01:00
Sam Lord
c9c8709fd3 Added publication icon to 2fa email if available 2024-10-21 11:01:40 +01:00
Princi Vershwal
d2ca6e4a74 Added siteLogo to session service emails 2024-10-21 11:01:40 +01:00
Djordje Vlaisavljevic
548ff8d14a Updated design for 2FA verification code email
ref https://linear.app/tryghost/issue/ENG-1636/email-template-design-for-verification-code-email
2024-10-21 11:01:40 +01:00
Princi Vershwal
0c0ac6f0ab Changed subject for verification code email 2024-10-21 11:01:40 +01:00
Princi Vershwal
5ee2f91557 Added support for fetching device details when creating session 2024-10-21 11:01:40 +01:00
Sam Lord
1f687ae466 Moved 2fa labs flag usage to avoid logging out users
After migrations run, any sessions made with the labs flag turned off
will have the verified flag set. We also need new sessions made after
that to gain the verified flag, so that they aren't logged out at the
point that the labs flag is enabled (or removed).
2024-10-21 11:01:40 +01:00
Sam Lord
db107bd789 Fixed sendAuthCodeForUser to find user on first request
ref ENG-1641

Using `getUserFromSession` requires the cookie header to be set, but
at this point we may still be constructing the session. Instead we can
get the user id from the session itself
2024-10-21 11:01:40 +01:00
Princi Vershwal
3bf0b7d8ed Added sending of 2fa code email on sign in 2024-10-21 11:01:40 +01:00
Sam Lord
f772008c69 Prevent regression / e2e tests from trying to use 2fa 2024-10-21 11:01:40 +01:00
Sam Lord
5f192344f8 Switched to 1 token per minute, 10 tokens accepted
More typical in TOTP setups for each token to last 1 minute, and to
allow some older tokens.

Also moved the options setting out of the generate scope in case
verify is called first (unlikely but possible).
2024-10-21 11:01:40 +01:00
Sam Lord
0b852bcb38 Added check for verified sessions
refs ENG-1610
2024-10-21 11:01:40 +01:00
Michael Barrett
7a18e829c5 Added endpoints for supporting 2FA
no refs

- Added `POST /session/verify` to send the user a verification code
- Added `PUT /session/verify` to verify the user's verification code
2024-10-21 11:01:40 +01:00
Princi Vershwal
51fa21324d Added logic for generating and verifying otp 2024-10-21 11:01:40 +01:00
Princi Vershwal
1106d64706 Added API for sendingAuthCode 2024-10-21 11:01:40 +01:00
Paul Davis
a70e88b903 Add 2fa code email template 2024-10-21 11:01:40 +01:00
Sam Lord
8f7c81ac84 Added "verified" status to session
refs ENG-1622

Currently unused by the API, this session variable will be used to
confirm whether the user has authenticated their session with an email
OTP. The verified status is not removed on logout, so sessions are now
retained instead of being destroyed.
2024-10-21 11:01:40 +01:00
renovate[bot]
62d7b7ea52 Update dependency express to v4.21.1 2024-10-08 21:53:17 +01:00
renovate[bot]
43a392d734 Update dependency express to v4.21.0 2024-09-12 07:37:27 +02:00
renovate[bot]
979e704410 Update dependency express to v4.20.0 2024-09-11 08:21:15 +02:00
renovate[bot]
4b28812861 Update TryGhost packages 2024-08-05 12:12:34 +02:00
Daniel Lockyer
265a8dd16f Added function names to more middleware
refs 319f251ad2

- this helps debugging because all middleware in the stack will have a
  function name, so it'll show up instead of `<anonymous>`
2024-05-06 17:51:39 +02:00
renovate[bot]
a33dccf8cd Update TryGhost packages 2024-05-01 17:01:41 +02:00
renovate[bot]
dcbbfbba70 Update dependency express to v4.19.2 [SECURITY] 2024-03-27 11:18:44 +01:00
renovate[bot]
dfdd4e5cfa Update dependency express to v4.19.1 2024-03-21 11:50:48 +01:00
renovate[bot]
3301332253 Update dependency express to v4.18.3 2024-03-07 13:42:27 +01:00
Daniel Lockyer
85d41d0562 Aligned dependencies with resolution values
- this commit brings all dependencies up-to-date with the version set as
  a resolution
2023-10-13 08:37:36 +02:00
Daniel Lockyer
85098e07d4 Configured all unit tests to use dot reporter
refs https://ghost.slack.com/archives/C02G9E68C/p1696490748701419

- this configures mocha to use the dot reporter because the default is
  way too verbose in CI
2023-10-05 12:24:24 +02:00
Daniel Lockyer
841fb1f5c9 Updated @tryghost/errors 1.2.21 to 1.2.24
- we have this set as a higher resolution anyway, but I think having
  some hardcoded lower versions causes some weird yarn issues
- at the very least, this removes any mention of 1.2.21 from our
  yarn.lock
2023-09-12 12:56:14 +02:00
Daniel Lockyer
c6cb35074a Updated linting and testing packages 2023-09-01 15:51:17 +02:00
renovate[bot]
7dce046786 Update Test & linting packages 2023-07-11 15:26:07 +02:00
Hannah Wolfe
b80b90229f Added consistent linting pattern to all packages
refs: https://github.com/TryGhost/Toolbox/issues/188

- some of our older packages used a pattern for linting which missed using test config for linting tests
- we need this to be consistent so that we can add more eslint rules for testing
- two packages also didn't use the lib pattern, which made the lint pattern error - so this was fixed as well
2023-06-13 10:43:29 +01:00
Fabien "egg" O'Carroll
104f84f252 Added eslint rule for file naming convention
As discussed with the product team we want to enforce kebab-case file names for
all files, with the exception of files which export a single class, in which
case they should be PascalCase and reflect the class which they export.

This will help find classes faster, and should push better naming for them too.

Some files and packages have been excluded from this linting, specifically when
a library or framework depends on the naming of a file for the functionality
e.g. Ember, knex-migrator, adapter-manager
2023-05-09 12:34:34 -04:00
renovate[bot]
83373e1751 Update Test & linting packages 2023-04-05 15:16:08 +02:00
renovate[bot]
2223db5379
Update Test & linting packages 2023-03-13 02:36:20 +00:00
Daniel Lockyer
6b1966ad9b Updated sinon dependency
- this is being done manually instead of merging the Renovate PR because
  the PR bundles another bump which doesn't pass yet
2023-03-02 12:43:42 +01:00
Daniel Lockyer
2d1f9fff0c
Updated @tryghost/errors dependency
- there's a weird situation when we have mixed versions of the
  dependency because different libraries try to compare instances
- this brings the usage up to 1.2.21 so we can fix the build for now
2023-02-22 11:32:11 +01:00
renovate[bot]
cf7ecb492c
Update dependency c8 to v7.13.0 2023-02-16 22:15:50 +00:00
Daniel Lockyer
08b786af3b Bumped TryGhost-owned dependencies and lockfile
- this was all getting terribly behind so I've done several things:
  - majority of `@tryghost/*` except Lexical packages
  - gscan + knex-migrator to remove old `@tryghost/errors` usage
  - bumped lockfile
2023-01-02 20:55:22 +01:00
Daniel Lockyer
6f4e663d74
Updated @tryghost dependencies (#16005)
- also includes `knex-migrator` with a simple `sqlite3` bump
2022-12-14 11:18:55 +07:00
renovate[bot]
13abcf6c9d
Update dependency mocha to v10.2.0 2022-12-12 13:20:22 +00:00
renovate[bot]
8fa9f1e7e6
Update Test & linting packages 2022-11-07 20:39:48 +00:00
renovate[bot]
e9587e02d0
Update dependency mocha to v10.1.0 2022-10-17 08:41:28 +00:00
renovate[bot]
6fc497743d
Updated @tryghost dependencies (#15479)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-12 10:16:05 +07:00
renovate[bot]
82441e943d Update dependency express to v4.18.2 2022-10-10 10:29:34 +07:00
renovate[bot]
2c2ee81adb
Update Test & linting packages 2022-10-05 00:36:08 +00:00
renovate[bot]
9eb3c84a23
Updated @tryghost dependencies (#15434)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-27 08:31:35 +07:00
renovate[bot]
225765241c
Updated @tryghost dependencies (#15404)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-19 12:09:33 +01:00
Daniel Lockyer
54aa9f016b Fixed full Admin test suite running during unit tests
- because of how the npm scripts were set up, we were running the full
  Admin integration tests during the unit tests phase of CI
- this commit renames the majority of `test` to `test:unit` in the
  package.json files, and aliases `test` to `test:unit`
- special packages like Admin have no-op'd `test:unit` scripts so we
  don't end up running its tests
2022-08-15 15:34:52 +02:00