Commit Graph

722 Commits

Author SHA1 Message Date
Matt Baer d6b7a5925f Restrict /invite/{code} route to valid chars
Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
2020-01-29 09:11:02 -05:00
Matt Baer 93dd2341c2
Merge pull request #191 from writeas/T670-local-time
show timestamps in local date/locale
2020-01-29 07:10:43 -05:00
Matt Baer 4d5f58a7e6 Fix date-based post header links
Posts without an explicit title render the date as the post header in
lists of posts (like on the blog index and tag pages). This updates
localdate.js to properly adjust those dates, too.
2020-01-29 06:42:32 -05:00
Matt Baer 3e902461f1 Merge branch 'develop' into T670-local-time 2020-01-29 06:24:46 -05:00
Matt Baer 5ddd73eff4
Merge pull request #247 from writeas/update-upgrade-script
update upgrade script for recent changes
2020-01-29 05:53:58 -05:00
Matt Baer b25cec8381 Update copyright in upgrade script 2020-01-29 05:49:12 -05:00
Matt Baer be0885698e Change "restarting" to "starting" in upgrade script 2020-01-29 05:47:19 -05:00
Matt Baer fe26594e8c
Merge pull request #245 from writeas/fix-editor-open-access
Require authenticated user for editor access
2020-01-20 15:42:24 -05:00
Rob Loranger 2c075c0347
update upgrade script for recent changes
changes accounted for
- the tar directory structure had changed to use a subdirectory
- there are now multiple linux targets released

bugs
- the service must be stopped before replacing the binary
- migrations were not being run during an upgrade
2020-01-19 15:57:58 -08:00
Matt Baer 8e09e72979 Require authenticated user for editor access
Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.

Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
2020-01-16 14:50:29 -05:00
Matt Baer b9914dd65a
Merge pull request #244 from writeas/oauth-signup-tweaks
OAuth signup form tweaks

Resolves T715
2020-01-16 14:46:48 -05:00
Matt Baer c1ec6b2605 Fix copyright years in oauth_slack.go 2020-01-16 14:43:32 -05:00
Matt Baer dcdd4dd1ef Add and update copyright notices 2020-01-16 14:39:18 -05:00
Matt Baer 803dd78df5 Remove Password field from OAuth signup page
This removes a bit of friction.

Ref T715 T712
2020-01-16 14:30:09 -05:00
Matt Baer f7dabd39c2 Skip password requirement on OAuth signup
This makes it possible to complete OAuth signup without creating a
password on the WriteFreely instance.

A user can then add a password to their account through their Account
Settings page without any admin action (all of this logic is already in
place).

Ref T715 T712
2020-01-16 14:25:33 -05:00
Matt Baer b5a38efd28 Fall back to username as coll title on OAuth signup
This uses the given username as the Display Name / Collection Title if a
user doesn't give one -- as might happen when authenticating with
Write.as.

Ref T712
2020-01-16 14:09:42 -05:00
Matt Baer 130c9eb747 Change Blog Title to Display Name in OAuth signup
Ref T712
2020-01-16 13:58:14 -05:00
Matt Baer 6842ab2e3b Rename collTitle from alias
"alias" is the name of a different collection field, so this renames the
variable internally to make things clearer.
2020-01-16 13:50:37 -05:00
Matt Baer 4d5c89e7ef Fix false login state on OAuth signup page
Having a `Username` field populated in the page data tells the base
template to display navigation that only a logged in user should see. So
this renames the field to `LoginUsername`, similar to our login.tmpl
page.

Ref T712
2020-01-16 13:37:44 -05:00
Matt Baer 33a6129d1e Add async username check on OAuth signup form
This checks the user's inputted username as they type it, and prevents
form submission if the name is taken.

Ref T712
2020-01-16 13:18:23 -05:00
Matt Baer f2f779e4a2 Generate non-colliding usernames in all lowercase
All usernames should be lowercase, so this generates any username suffix
(in cases of collision) with only lowercase letters. It also removes
vowels to prevent bad 5-letter words from forming.

Ref T712
2020-01-16 12:29:01 -05:00
Matt Baer d297859705 Reserve the username "oauth" 2020-01-16 12:18:21 -05:00
Matt Baer 75e2b60328
Merge pull request #172 from writeas/import-text
add basic text file imports

Resolves T609
2020-01-14 12:33:57 -05:00
Matt Baer 3e97625cca Fix Unix timestamps on client during import
File API gives timestamp in milliseconds, not seconds, so this converts
it on the client-side and sends it the correct time to the server.

Ref T609
2020-01-14 12:26:02 -05:00
Matt Baer 65e2e5126b Revert "Fix unix timestamp in file upload"
This reverts commit 2b066997d1.
2020-01-14 12:24:57 -05:00
Matt Baer 2b066997d1 Fix unix timestamp in file upload
File API gives timestamp in milliseconds, not seconds, so this converts
it correctly.

Ref T609
2020-01-14 12:23:01 -05:00
Rob Loranger aae2f28bb6
pass original file modified date for imports 2020-01-14 08:59:30 -08:00
Matt Baer c7b797929b
Merge pull request #238 from writeas/oauth-bugfix-alias-signature
OAuth alias field not set correctly
2020-01-14 10:59:48 -05:00
Nick Gerakines f7995bee48 Fixing bug where display name was not set correctly. 2020-01-14 10:28:40 -05:00
Matt Baer 659392ac4f
Merge pull request #235 from writeas/date-stamps
Add dates to blog posts

Resolves T669
2020-01-14 09:51:12 -05:00
Matt Baer c00daf64b0
Merge pull request #236 from writeas/oauth-provider-callback-hotfix
Fixing bug in oauth callback URL registration.
2020-01-14 09:12:28 -05:00
Nick Gerakines a77d403dfb
Fixing bug in oauth callback URL registration.
Fixing a bug in the oauth callback URL registration where the lack of provider context was overwriting the previous oauth callback route registration call.
2020-01-10 16:16:43 -05:00
Matt Baer 9958a1122b Show published date on post pages if Blog
Dates now display on blog post pages if the collection's chosen display
format is "Blog". It updates the chorus-collection-post template to now
respect this value (previously, it always showed the date).

Ref T669
2020-01-09 16:50:02 -05:00
Matt Baer 812136357e Move Format from DisplayCollection to CollectionObj 2020-01-09 16:48:22 -05:00
Matt Baer f5d21c8c1a Reorder federation check logic on upload
Ref T609
2020-01-09 13:29:30 -05:00
Matt Baer 18d3456a23 Tweak user-facing upload errors + internal logs
Ref T609
2020-01-09 13:29:07 -05:00
Matt Baer 03eeca179e Fix potential resource leaks from defer calls in for loop
This moves file operations inside the `for` loop into an anonymous func,
so the `defer` calls don't wait until the end of the handler call to
actually execute.

Ref T609
2020-01-09 12:36:58 -05:00
Matt Baer 6860c0a3ff Fix collection logic on import
- Only retrieve a collection from database if an alias is submitted
- Only call GetCollection() once (previously, it was inside the loop)
- Return error if user doesn't own the collection

Ref T609
2020-01-09 12:08:06 -05:00
Matt Baer 5b7f37aed8 Restyle Import page
- Changes Import link location in dropdown menu
- Makes design consistent with Invite People page (and extracts some
  common CSS into core.less)
- Selects the user's first blog by default in the dropdown
- Changes the copy a bit

Ref T609
2020-01-09 11:16:26 -05:00
Matt Baer a2a9f60976
Merge pull request #232 from writeas/T712-oauth-registration-improvements
OAuth registration improvements

Resolves T712
2020-01-08 14:09:32 -05:00
Nick Gerakines 8ddfce4f19 oauth signup page changes per PR feedback. T712 2020-01-07 22:13:29 -05:00
Nick Gerakines 6d79ed3cfd Updating oauth form validation per PR feedback. T712 2020-01-07 21:52:55 -05:00
Nick Gerakines 5e76565271 Code cleanup per PR feedback. T712 2020-01-07 21:52:55 -05:00
Matt Baer e5671cd1e6 Fix GetCollections() call 2020-01-07 16:51:40 -05:00
Matt Baer be76f865a4 Merge branch 'develop' into import-text 2020-01-07 16:35:23 -05:00
Matt Baer d66091a356 Bump Travis build to Go 1.13 2020-01-07 16:27:25 -05:00
Nick Gerakines 28cf4dd5f5 Added state location register hook. T712. 2020-01-07 15:22:25 -05:00
Matt Baer 9be534038b
Merge pull request #233 from writeas/markdown-api-rename
Rename base_url to collection_url in Markdown API
2020-01-05 12:50:07 -05:00
Matt Baer 9fb8de48d4 Rename base_url to collection_url in MD API
Ref T519
2020-01-05 11:22:22 -05:00
Matt Baer 77e0126808 Move and restyle OAuth login links
- Move them above local login form
- Restyle as side-by-side buttons

Ref T712
2020-01-05 11:00:58 -05:00