diff options
author | Yorhel <git@yorhel.nl> | 2019-09-30 18:05:28 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2019-09-30 18:05:41 +0200 |
commit | 2d7e855cfb37f35cb2cd0f8f39754002c20c8a7c (patch) | |
tree | b1ff536adee289c3b6e1a56c1f1a71acd1da6c87 /lib/VNWeb/Elm.pm | |
parent | 24e08e0f2caf8dede4a0c8a77b8ede1e13899785 (diff) |
v2rw: Convert login, logout & insecure-password-change forms
The insecure-password-change flow is now slightly more friendly. The
logout functionality has been hardened to use POST and require CSRF.
Diffstat (limited to 'lib/VNWeb/Elm.pm')
-rw-r--r-- | lib/VNWeb/Elm.pm | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/lib/VNWeb/Elm.pm b/lib/VNWeb/Elm.pm index ea181e3c..7838d194 100644 --- a/lib/VNWeb/Elm.pm +++ b/lib/VNWeb/Elm.pm @@ -29,13 +29,16 @@ our @EXPORT = qw/ # # These API responses are available in Elm in the `Gen.Api.Response` union type. my %apis = ( - Unauth => [], # Not authorized - Unchanged => [], # No changes - Changed => [ { id => 1 }, { uint => 1 } ], # [ id, chrev]; DB entry has been successfully changed - Success => [], - CSRF => [], # Invalid CSRF token - Invalid => [], # POST data did not validate the schema - Content => [{}], # Rendered HTML content (for markdown/bbcode APIs) + Unauth => [], # Not authorized + Unchanged => [], # No changes + Changed => [ { id => 1 }, { uint => 1 } ], # [ id, chrev]; DB entry has been successfully changed + Success => [], + CSRF => [], # Invalid CSRF token + Invalid => [], # POST data did not validate the schema + Content => [{}], # Rendered HTML content (for markdown/bbcode APIs) + BadLogin => [], # Invalid user or pass + LoginThrottle => [], # Too many failed login attempts + InsecurePass => [], # Password is in a dictionary or breach database ); @@ -218,7 +221,8 @@ sub write_api { sub write_types { my $data = ''; - $data .= def urlStatic => String => string config->{url_static}; + $data .= def urlStatic => String => string config->{url_static}; + $data .= def adminEMail => String => string config->{admin_email}; write_module Types => $data; } |