| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
People leave their window open for a while, and that's fine.
|
|
|
|
Only place where this isn't applied (yet?): Sorting user lists still
goes by the old username and board names don't use the new unicode
names.
I have to say, I quite like the sql_user() and user_() pattern. It's not
without problems when applied to everything, but it's good enough for
several use cases.
|
|
This ensures that the email address linked to a user is always valid and
actually belong(s|ed) to that user.
|
|
This improves the password reset workflow a bit.
The users.passwd field is now no longer used for reset tokens, meaning
that the current password isn't affected until the user actually clicks
the link and changes it.
It is now also possible to have multiple active password reset tokens,
in case one of the emails got lost. All existing tokens are invalidated
when the user finally changes their password.
Tokens are now valid for at most 1 week instead of indefinitely.
|
|
This will be helpful when adding other types of sessions with different
expiration.
|
|
This bloats the users table a little bit, but that's fine. The main
advantage of this change is that we now have a proper schema for user
preferences, rather than the schemaless key-value mess we had before.
This commit also splits the 'tags_cat' preference up into tags_cont,
tags_ero and tags_tech bools, as that's more compact to store and easier
to work with.
This commit also changes the 'notify_nodbedit' preference to
'notify_dbedit' with inverted meaning. The reason the value was negated
in the first place was because the old schemaless approach did not
support positive defaults.
|
|
The insecure-password-change flow is now slightly more friendly. The
logout functionality has been hardened to use POST and require CSRF.
|
|
The FCGI module is only required when running in FastCGI mode, which
isn't how the container is configured. The AnyEvent::HTTP module, on the
other hand, is required for many of the new Multi::* modules. They're
not enabled by default but are still a significant part of Multi, so
it's good to have the dependencies available.
|
|
This bumps the minimum Perl version to 5.26 in order to make use of
lexical subroutines - a feature I've been wanting for a while. This
should be the last version bump, 5.26 is the highest version in Ubuntu
LTS at the moment. Not that I use Ubuntu, but it's used by the Docker
container and it's a sensible reference.
I merged the 'maintabs' and 'hiddenmsg' features into the primary
framework_ function; It fits quite well there, removes a little bit
of boilerplate from the DB entry page code and reduces the reliance on
common "dbSomethingGet()" methods.
I was hoping I'd be able to reduce the boilerplate required for defining
revisions, but I don't think that's going to happen. What I did do was
reimplement the diffing to handle item and text diffs separately, with
sensible defaults for the old split/join/diff options. Diffing is now
performed on the raw structured data rather than on formatted HTML,
which, combined with the db_entry() functions, ought to be less brittle.
|
|
More churn!
Also converted v3 to use VNWeb::Auth, considering the API is pretty much
the same. Converted VNWeb::* to use VNDB::Config directly rather than
read from tuwf->{}, converted VNWeb::HTML to use VNWeb::Auth, and
updated util/vndb.pl with the new code style.
I tested as much as I could, but I'm sure I broke something.
|
