Sebastian Gierlinger
01ae7ae49f
Subscribers: Model, API & CSV import/export
...
- subscriber model
- subscriber app updates
- subscriber end points
- import/export CSV
- added headers to export file
- added dynamic email field detection for import
- returns stats object after CSV import
- mask error message from DB
2016-05-11 10:28:10 +02:00
Katharina Irrgang
f644d99460
add small permission improvements
...
no issue
- do not check client type in auth middleware
- offer filtering for findAll function in base
- add isInternalContext to base model
2016-05-08 14:22:55 +02:00
Hannah Wolfe
1f8a4fe97d
Add user and client authentication events
...
no issue
- slowly rolling out events across the app
2016-04-08 23:11:33 +01:00
Jason Williams
07dab144bd
Add middleware for handling CORS
...
Refs #6644
- deps: cors@2.7.1; Add express cors package.
- Adds new middleware for proper CORS support.
- Handles CORS pre-flight checks.
- Separates request authentication/authorization from
CORS.
2016-03-31 10:58:52 -05:00
Jason Williams
23c162796a
Relax origin checking in auth middleware
...
Refs #6642
- Do not send CORS headers on an invalid "origin"
header, but otherwise allow the response to
proceed normally. This enforces CORS for the browser
but does not blow up non-CORS requests.
2016-03-31 10:58:52 -05:00
rfpe
7abcc43907
Harvest server side strings
...
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Hannah Wolfe
883152ff15
Improvements to client auth error logging
...
no issue
- If client credentials are missing, or not valid, output a clear message in the server console
- Still defaults to sending the 'access denied to url' error to the frontend
2015-12-15 08:29:44 +00:00
Hannah Wolfe
4bfacf6b86
Change server-side labs utility to be synchronous
...
refs #6165
- Use the settings cache to populate config.labs whenever settings change
- Use the labs util just to check if a flag isSet synchronously
2015-12-03 16:05:50 +00:00
Sebastian Gierlinger
ee275f4d0c
OAuth Middleware refactor
...
refs #5286
- moved oauth server initialization to oauth.js
- moved generateAccessToken() to oauth.js
- added tests
2015-12-01 21:20:11 +01:00
Sebastian Gierlinger
245095c199
Origin Header revisited
...
closes #6106
- added override for my-ghost-blog.com
- added local IP addresses to be allowed
- changed localhost/127.0.0.1 to be allowed in production
2015-11-26 13:11:31 +01:00
Sebastian Gierlinger
8c50609491
Handling Origin Header
...
closes #6106
- added better error message for client and console
- added exclusion of localhost/127.0.0.1 for dev mode
2015-11-23 18:21:19 +01:00
Austin Burdine
67a6b4c07b
allow api requests to be made with the access token as a query parameter
...
closes #6040
- adds check for access token query parameter in auth middleware
2015-11-12 11:26:18 -06:00
Hannah Wolfe
df82895db7
Move get helper behind labs flag
...
issue #5976
- break out the labs check into a utility
- wrap the get helper in a labs check, so it only works if the checkbox is checked
- make the get helper output an error to both the server and browser console if used when not enabled
2015-11-03 19:39:37 +00:00
Sebastian Gierlinger
bf65c136ce
Move Public API behind labs flag
...
closes #5941
- added UI to labs page
- added method to determine if full authentication is required
- updated public_api tests to enable public api first
2015-11-02 14:18:58 +01:00
cobbspur
d0d126eba7
Ensure public api can uses limit parameter
...
No Issue
- removes client id and secret after authentication
- adds tests to check default limit, all and integer
2015-10-29 15:36:54 +00:00
Sebastian Gierlinger
f48dfb09cf
Public API
...
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
