clone/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/TiddlyWiki/TiddlyWiki5.git synced 2026-04-29 00:14:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add user profile management and account deletion functionality (#8712)

Browse Source 
* mws authentication

* add more tests and permission checkers

* add logic to ensure that only authenticated users' requests are handled

* add custom login page

* Implement user authentication as well as session handling

* work on user operations authorization

* add middleware to route handlers for bags & tiddlers routes

* add feature that only returns the tiddlers and bags which the user has permission to access on index page

* refactor auth routes & added user management page

* fix Ci Test failure issue

* fix users list page, add manage roles page

* add commands and scripts to create new user & assign roles and permissions

* resolved ci-test failure

* add ACL permissions to bags & tiddlers on creation

* fix comments and access control list bug

* fix indentation issues

* working on user profile edit

* remove list users command & added support for database in server options

* implement user profile update and password change feature

* update plugin readme

* implement command which triggers protected mode on the server

* revert server-wide auth flag. Implement selective authorization

* ACL management feature

* Complete Access control list implementation

* Added support to manage users' assigned role by admin

* fix comments

* fix comment

* Add user profile management and account deletion functionality
This commit is contained in:
webplusai
2024-10-30 19:38:21 +01:00
committed by GitHub
parent 6a7612ddf8
commit c7531e53ab
13 changed files with 304 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/change-user-password.js
View File

@@ -29,9 +29,18 @@ exports.handler = function (request, response, state) {
}
var auth = authenticator(state.server.sqlTiddlerDatabase);
var userId = state.authenticatedUser.user_id;
var userId = state.data.userId;
var newPassword = state.data.newPassword;
var confirmPassword = state.data.confirmPassword;
var currentUserId = state.authenticatedUser.user_id;
var hasPermission = ($tw.utils.parseInt(userId, 10) === currentUserId) || state.authenticatedUser.isAdmin;
if(!hasPermission) {
response.writeHead(403, "Forbidden", { "Content-Type": "text/plain" });
response.end("Forbidden");
return;
}
if(newPassword !== confirmPassword) {
response.setHeader("Set-Cookie", "flashMessage=New passwords do not match; Path=/; HttpOnly; Max-Age=5");