Commit Graph

139 Commits

Author SHA1 Message Date
Maciej Ziarkowski
e2e37d88b8 Set max pass length to 128
OWASP Authentication cheatsheet says 128 is typical max password length
It suggests to not set it too low to let users use complex passwords
2019-09-18 15:17:22 +01:00
Tom Russell
a022d90e59
Merge branch 'develop' into feature/view_edit_refactor 2019-09-17 21:25:50 +01:00
Maciej Ziarkowski
9fd690c1ac Update cache invalidation mechanism 2019-09-17 18:12:18 +01:00
Maciej Ziarkowski
ef4d46e36b Add asyncController 2019-09-17 18:05:05 +01:00
Maciej Ziarkowski
31efae3885 Add username and password validation 2019-09-11 16:28:05 +01:00
Maciej Ziarkowski
d14c4ce671 Prevent logging passwords in failed login attempts 2019-09-10 15:38:01 +01:00
Maciej Ziarkowski
0f30573180 Add comments to non-obvious code 2019-09-09 15:17:44 +01:00
Maciej Ziarkowski
7491d2aa1c Unify imports/export 2019-09-09 15:17:24 +01:00
Tom Russell
1c1e8df704
Merge pull request #402 from mz8i/feature/61-forgotten-password
Introduce env variable for webapp origin
2019-08-30 13:59:38 +01:00
Maciej Ziarkowski
6733d02876 Add data extract controllers and routes 2019-08-29 17:54:08 +01:00
Maciej Ziarkowski
1008c09905 Add data extract service 2019-08-29 17:53:48 +01:00
Maciej Ziarkowski
9e62d4c114 Move asyncController calls to controller files 2019-08-29 17:52:30 +01:00
Tom Russell
b76eb35ade Drop user routes from api.ts 2019-08-23 17:38:22 +01:00
Tom Russell
a35289d9b8
Merge branch 'master' into feature/63-delete-account-frontend 2019-08-23 12:42:03 +01:00
Maciej Ziarkowski
7cc358dcb7 Introduce env variable for webapp origin 2019-08-22 15:56:04 +01:00
Maciej Ziarkowski
6d4c514c00 Remove always failing error commited accidentally 2019-08-22 10:29:40 +01:00
Maciej Ziarkowski
2622269f77 Add global error handler 2019-08-21 14:47:44 +01:00
Maciej Ziarkowski
4d27c3b889 Add controller and route for password reset 2019-08-21 14:47:23 +01:00
Maciej Ziarkowski
fc2666364d Add backend services for password reset 2019-08-21 14:46:14 +01:00
Maciej Ziarkowski
4259778224 Add email service and config template 2019-08-21 14:42:27 +01:00
Maciej Ziarkowski
54bd565cc8 Split /users into routes/controller/service 2019-08-19 14:31:35 +01:00
Maciej Ziarkowski
90da2a1522 Add user delete API endpoint
The deleted user username will be changed to 'deleted_'
plus the 13 initial characters of the standard format user_id.
Email, hashed password and API key are all cleared for the user.
The endpoint is currently only available through /api/users/me
and only allows a logged-in user to delete their own account.
2019-08-16 11:12:18 +01:00
mz8i
b5b72e7152
Switch from express app to router in API
Co-Authored-By: Tom Russell <tomalrussell@gmail.com>
2019-08-16 10:57:15 +01:00
Maciej Ziarkowski
185a94b5cb Add user delete API endpoint
The deleted user username will be changed to 'deleted_'
plus the 13 initial characters of the standard format user_id.
Email, hashed password and API key are all cleared for the user.
The endpoint is currently only available through /api/users/me
and only allows a logged-in user to delete their own account.
2019-08-15 16:12:01 +01:00
Maciej Ziarkowski
be564dccea Add JSON API 404 handler 2019-08-14 14:13:14 +01:00
Maciej Ziarkowski
2c9b5ea3d8 Modify routes, refactor API structure 2019-08-14 14:05:49 +01:00
Maciej Ziarkowski
a2394ef962 Move JSON API into its own directory 2019-08-14 10:54:13 +01:00
Maciej Ziarkowski
4421930942 Squash TypeScript errors and fix bugs
Most errors highglighted by TS were due to a lack of type definitions
and were ignored by settings types to `any`.
Some minor bugs were resolved where the fix was obvious.
TODO marks left where `any` needs to be later removed or bugfix verified
2019-08-09 18:49:43 +01:00
Tom Russell
39be3507a2 Include edit history in building data from API 2019-06-07 14:01:48 +01:00
Tom Russell
1ad7e1de4d Fix transaction mode for likes 2019-05-27 21:28:19 +01:00
Tom Russell
f6e933ff8f Lint empty lines 2019-05-27 18:33:36 +01:00
Tom Russell
9b96872922 Lint prop-types, camelCase 2019-05-27 18:26:29 +01:00
Tom Russell
aef53a0ae0 Lint multi-spaces 2019-05-27 16:46:54 +01:00
Tom Russell
907afa29f0 Lint single quotes 2019-05-27 16:31:48 +01:00
Tom Russell
4362c9c947 Rewrite cache to allow expiry, use promises
- tileserver changes use of cache (slightly simplified from callbacks)
- cache methods return promises
- add 'remove' method to cache, with remove_all_at_bbox helper
- from api/building.js, call remove after successful db updates
2019-04-27 15:56:16 +01:00
Martin-dJ
29f3bff0d5 Revised fix for issue #216 Reduce log noise (my previous attempt was incorrect). Switched to db.oneOrNone 2019-03-14 17:02:26 +00:00
Martin-dJ
c83f2bc0c2 Attempt to fix issue #216-Reduce log noise 2019-03-14 12:32:49 +00:00
Tom Russell
2d8b62fb84 Lint spacing 2019-02-24 19:28:11 +00:00
Tom Russell
961441c5c0 Move api/tiles modules to subfolders 2019-02-24 12:17:59 +00:00