Commit Graph

53 Commits

Author SHA1 Message Date
Rigel Kent 2d53be0267
replace numbers with typed http status codes (#3409) 2020-12-07 14:32:36 +01:00
Chocobozzz e9c5f12338
Do not reuse reset password links 2020-08-12 09:16:08 +02:00
kimsible 69db147043 Make channelName optionnal only for the API 2020-08-11 08:46:35 +02:00
kimsible 3d215dc5f9 Add channelName to user-create server-side and models 2020-08-11 08:46:35 +02:00
Chocobozzz edbc932546 Add server API to abuse messages 2020-07-31 11:35:19 +02:00
kimsible 963023abe6 Fix: display username in password-reset and verify-email notifs 2020-07-20 16:56:32 +02:00
Rigel Kent ea7337cfde
add check-params test for user list
fixes #2918
2020-07-03 10:29:03 +02:00
Rigel Kent 8491293b02
add blocked filter in users list to filter banned users
fixes #2914
2020-07-02 22:50:33 +02:00
Chocobozzz 1e904cde34
Fix users tests 2020-07-02 14:23:50 +02:00
Rigel Kent 2c31866430
update openapi spec with links and callback for search 2020-06-27 13:12:34 +02:00
Chocobozzz 26d6bf6533
Split types and typings 2020-06-18 10:46:27 +02:00
Chocobozzz faa9d434b4
Update server dependencies 2020-06-17 11:42:50 +02:00
Chocobozzz e1c5503114 Support logout and add id and pass tests 2020-05-04 16:21:39 +02:00
Chocobozzz 7fed637506 Begin auth plugin support 2020-05-04 16:21:39 +02:00
John Livingston 45f1bd72a0
Creating a user with an empty password will send an email to let him set his password (#2479)
* Creating a user with an empty password will send an email to let him set his password

* Consideration of Chocobozzz's comments

* Tips for optional password

* API documentation

* Fix circular imports

* Tests
2020-02-17 10:16:52 +01:00
Chocobozzz 9a11f73392
Upgrade express-rate-limit 2020-02-04 10:52:05 +01:00
Chocobozzz 6f3fe96f40
Add action hooks to user routes 2019-12-06 15:59:12 +01:00
Chocobozzz 1ca9f7c3f7
Type toFormattedJSON 2019-08-20 19:23:10 +02:00
Chocobozzz 453e83ea5d
Stronger model typings 2019-08-19 17:26:35 +02:00
Chocobozzz a95a4cc891
Moderators can only manage users 2019-07-30 09:59:19 +02:00
Chocobozzz c1340a6ac3
Add rate limit to registration and API endpoints 2019-07-04 16:42:40 +02:00
Chocobozzz d1ab89deb7
Handle email update on server 2019-06-11 14:31:11 +02:00
Chocobozzz 1f20622f2b
Improve registration
* Add ability to set the user display name
 * Use display name to guess the username/channel name
 * Add explanations about what is the purpose of a username/channel name
 * Add a loader at the "done" step
2019-06-07 17:05:42 +02:00
Chocobozzz 6091983127
Upgrade server dependencies 2019-06-06 15:39:11 +02:00
Chocobozzz 57cfff7885
Remove unused actor uuid field 2019-05-31 14:49:31 +02:00
Chocobozzz e590b4a512
Add ability to specify channel on registration 2019-05-28 10:46:32 +02:00
Chocobozzz 1eddc9a74f
Add user adminFlags 2019-04-15 14:39:52 +02:00
Chocobozzz 74dc3bca2b
Don't expose constants directly in initializers/ 2019-04-11 14:26:41 +02:00
Chocobozzz 6dd9de95df
Move config in its own file 2019-04-11 13:45:39 +02:00
Chocobozzz dae86118ed
Cleanup express locals typings 2019-03-19 10:35:15 +01:00
Chocobozzz f0a3988066 Add to playlist dropdown 2019-03-18 11:17:59 +01:00
Chocobozzz df0b219d36 Add playlist rest tests 2019-03-18 11:17:59 +01:00
Chocobozzz 374c1db98c
Upgrade server dependencies 2019-02-21 14:22:39 +01:00
Chocobozzz b426edd485
Cleanup reset user password by admin
And add some tests
2019-02-11 10:37:27 +01:00
Rigel Kent 328c78bc4a
allow administration to change/reset a user's password 2019-02-11 09:26:29 +01:00
Chocobozzz cf405589f0
Move subscriptions controllers in its own file 2019-01-14 10:44:59 +01:00
Chocobozzz f7cc67b455 Add new follow, mention and user registered notifs 2019-01-09 11:15:15 +01:00
Chocobozzz cef534ed53 Add user notification base code 2019-01-09 11:15:15 +01:00
Chocobozzz 8b9a525a18
Add history on server side
Add ability to disable, clear and list user videos history
2018-12-18 11:35:50 +01:00
Josh Morel fc2ec87a8c enable email verification by admin (#1348)
* enable email verification by admin

* rename/label to set email as verified

to be more explicit that admin is not sending
another email to confirm

* add update user emailVerified check-params test

* make user.model emailVerified property required
2018-11-21 08:48:29 +01:00
Chocobozzz 7ad9b9846c Add ability for users to block an account/instance on server side 2018-10-16 16:41:36 +02:00
Chocobozzz 24b9417cec
Add users search filter 2018-10-08 15:55:32 +02:00
Chocobozzz 601527d795
Check video channel name is unique on our instance 2018-10-01 15:20:14 +02:00
Chocobozzz f201a74992
Cache user token 2018-09-20 11:45:59 +02:00
Chocobozzz 91411dba92
Limit associations fetch when loading token 2018-09-20 11:45:59 +02:00
Chocobozzz 993cef4b6e
Refractor audit user identifier 2018-09-19 17:02:27 +02:00
Chocobozzz 5cf84858d4
Add federation to ownership change 2018-09-04 10:49:53 +02:00
Gaëtan Rizio 74d6346935 Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names

To be able to transfer ownership to a user,
we need to be able to select him from the list of users.

Because the list could be too big, we add a autocomplete feature.

This commit does the following:

* Add a API endpoint to get a list of user names by searching its name

* [#510] The user can choose the next owner of the video

To be able to transfer ownership to a user,
we need the owner to be able to select the user.

The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.

This commit does the following:

* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection

* [#510] When the user choose the next owner, create a request in database

For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.

This commit does the following:

* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request

* [#510] A user can fetch its ownership requests sent to him

To be able to accept or refuse a change of ownership,
the user must be able to fetch them.

This commit does the following:

* Add an API to list ownership for a user
* Add the query to database model

* [#510] A user can validate an ownership requests sent to him - server

The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.

This commit does the following:

* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request

* [#510] A user can validate an ownership requests sent to him - web

The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.

This commit does the following:

* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video

* Correct lint - to squash

* [#510] PR reviews - to squash

This commit does the following:

* Search parameter for user autocompletion is required from middleware directly

* [#510] PR reviews - to squash with creation in database commit

This commit does the following:

* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`

* [#510] PR reviews - to squash with fetch ownership

This commit does the following:

* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares

* [#510] PR reviews - to squash with ownership validation - server

This commit does the following:

* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row

* [#510] PR reviews - to squash with ownership validation - client

This commit does the following:

* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax

* code style - to squash

* Add new user right - to squash

* Move the change to my-account instead of video-watch - to squash

As requested in pull-request, move the action to change ownership into my videos page.

The rest of the logic was not really changed.

This commit does the following:

- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic

* [#510] Add tests for the new feature

To avoid regression, we add tests for all api of ownership change.

This commit does the following:

- Create an end-to-end test for ownership change
- Divide it to one test per request

* [#510] Do not send twice the same request to avoid spam

We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.

This commit does the following:

- Check whether the request exist in database
- Add tests to verify this new condition

* [#510] Change icons

Change icons so they remains logic with the rest of the application.

This commit does the following:

- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons

* [#510] Add control about the user quota

The user should be able to accept a new video only if his quota allows it.

This commit does the following:

- Update the middleware to control the quota
- Add tests verifying the control

* Correct merge

- Use new modal system
- Move button to new directory `buttons`

* PR reviews - to squash
2018-09-04 08:57:13 +02:00
Chocobozzz 288fe38590
Use custom rate limiter when asking verif email 2018-08-31 11:44:44 +02:00
Josh Morel d9eaee3939 add user account email verificiation (#977)
* add user account email verificiation

includes server and client code to:

* enable verificationRequired via custom config
* send verification email with registration
* ask for verification email
* verify via email
* prevent login if not verified and required
* conditional client links to ask for new verification email

* allow login for verified=null

these are users created when verification not required
should still be able to login when verification is enabled

* refactor email verifcation pr

* change naming from verified to emailVerified
* change naming from askVerifyEmail to askSendVerifyEmail
* undo unrelated automatic prettier formatting on api/config
* use redirectService for home
* remove redundant success notification on email verified

* revert test.yaml smpt host
2018-08-31 09:18:19 +02:00