Commit Graph

29 Commits

Author SHA1 Message Date
Thomas Citharel
15b3940262
Revoke old refresh token when doing a refresh token rotation
See
https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/
for details for instance

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:24 +02:00
Thomas Citharel
a7da5ab269
Improve JWT tokens expiration
- Reduce access tokens TTL to 15 minutes
- Set refresh tokens TTL to 60 days
- Set Guardian.DB to only track refresh tokens
- Remove refresh token when logging out

Closes #710 #705 #706

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-04 13:33:22 +02:00
Thomas Citharel
cb4a801519
Small fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 17:10:34 +02:00
Thomas Citharel
d98e68203e
Handle sending mail more properly
With custom sentry reporting issues

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-20 15:02:24 +02:00
Thomas Citharel
7aadc447e1
Handle changing default actor unlogged
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:38:31 +01:00
Thomas Citharel
95516a4067
Fix registering new user account with same email as unconfirmed
Refactors get_user_by_email/2

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:22:40 +01:00
Thomas Citharel
346d6438f8
Fix changing changing email and validating new email with bad token
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-23 16:38:37 +01:00
Thomas Citharel
aa2c79d312
Fixes for Bamboo 2.0
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-09 14:33:09 +01:00
Thomas Citharel
b05f0fe3e6
simplify user resolver errors
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-11-30 12:48:22 +01:00
Thomas Citharel
c9457fe0d3
Track usage of media files and add a job to clean them
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-11-26 17:53:33 +01:00
Thomas Citharel
6a1cd42d2c
Add backend to list an user's pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-11-23 17:00:42 +01:00
Thomas Citharel
3c6916360d
Completely delete user when user request self destruction
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-10-13 15:10:27 +02:00
Thomas Citharel
aced4d039b
Fix posts and rework graphql errors
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-10-01 15:07:15 +02:00
Thomas Citharel
49a5725da3
Improve and activate groups
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-09-29 10:25:00 +02:00
Thomas Citharel
45fa3e8ad0
Add login information to user
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-08-28 09:23:49 +02:00
Thomas Citharel
2ea6286d3f
Fix account suspension
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-08-18 17:21:58 +02:00
Thomas Citharel
9c9f1385fb
Introduce group posts
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-07-30 16:55:35 +02:00
Thomas Citharel
69841cbb45
Fix 3rd-party auth issues
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-07-06 17:33:40 +02:00
Thomas Citharel
9a080c1f10
Introduce support for 3rd-party auth (OAuth2 & LDAP)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-07-06 15:42:59 +02:00
Thomas Citharel
b5f295c5d9
UI improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-17 15:55:21 +02:00
Thomas Citharel
7cd45a1351
Fixup
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-16 18:02:53 +02:00
Thomas Citharel
5cb3f478ae
Allow to change language
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-16 18:00:27 +02:00
Thomas Citharel
ef6a1a21ac
Even more fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-15 19:41:11 +02:00
Thomas Citharel
beb35a09c6
Introduce basic user and profile management
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-12 19:16:40 +02:00
Thomas Citharel
4144e9ffd0
Introduce group basic federation, event new page and notifications
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-03 16:01:26 +02:00
Thomas Citharel
9f007da286
Allow to edit account email and delete account
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-02-13 16:21:26 +01:00
rustra
3505736705 Fix Credo code readability issues 2020-01-28 20:15:59 +01:00
rustra
8856cc2f55 Rename MobilizonWeb to Mobilizon.Web 2020-01-26 21:39:49 +01:00
rustra
ba3ad713c0 Split GraphQL as separate context 2020-01-26 20:34:25 +01:00