Commit Graph

32 Commits

Author SHA1 Message Date
Baptiste Gelez
a2b9d7ec44
Password reset (#448)
* Password reset

* Various improvements and fixes for password reset

- Reorganize src/mail.rs to make it  cleaner
- add a build_mail function
- only make the requests invalid after 2 hours
- avoid infintely-growing list of requests by deleting them once completed, or after 24 hours
- avoid sending many requests for the same user
- validate the password reset form

* Avoid locking so many times

Fix durations

* Remove old requests even if the current one is not valid

* Remove unused feature

* Also remove the custom_derive and plugin features while we are at it

* Forgot a 0 è_é

* Avoid panicking while owning a request lock

* Use master branch of lettre so that we can build with the latest OpenSSL

* Fix the debug mailer
2019-02-27 13:29:26 +01:00
fdb-hiroshima
2896eb1705
Fix login issue (#401)
Regression introduced by 4059a840be
2018-12-31 11:45:59 +01:00
Baptiste Gelez
80a4dae8bd
Avoid panics (#392)
- Use `Result` as much as possible
- Display errors instead of panicking

TODO (maybe in another PR? this one is already quite big):
- Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error`
- Display more details about the error, to make it easier to debug

(sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes)
2018-12-29 09:36:07 +01:00
Baptiste Gelez
b0089e59b7
Remove useless pagination routes (#351)
Rocket 0.4 let us have routes with optional query parameter
2018-12-13 22:20:19 +01:00
fdb-hiroshima
e1ecc7289f
Upgrade plume dependencies (#332)
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
2018-12-07 21:00:12 +01:00
Trinity Pointard
b4e4b497ee Works on template
Use uri! to generate links instead of hardcoded urls
Fix #110
Fix invalid links needing to be POST forms
Translate login message for boost and like directly from template
Put js for search in its own file
2018-12-07 12:10:03 +01:00
Baptiste Gelez
70af57c6e1
Use Ructe (#327)
All the template are now compiled at compile-time with the `ructe` crate.

I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).

The diff is quite huge, but there is normally no changes in functionality.

Fixes #161 and unblocks #110 and #273
2018-12-06 18:54:16 +01:00
fdb-hiroshima
74c398d60c
Run cargo clippy on whole project (#322)
* Run cargo clippy on plume-common

Run clippy on plume-common and adjuste code accordingly

* Run cargo clippy on plume-model

Run clippy on plume-model and adjuste code accordingly

* Reduce need for allocation in plume-common

* Reduce need for allocation in plume-model

add a quick compilation failure if no database backend is enabled

* Run cargo clippy on plume-cli

* Run cargo clippy on plume
2018-11-26 10:21:52 +01:00
Trinity Pointard
fd92383f87 Normalize panic message and return 400 or 404 when suitable 2018-10-20 11:04:20 +02:00
Trinity Pointard
fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Thomas Letan
0ef4717a7f deps: Update to a more recent rocket and rust toolchain
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.

Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
2018-09-08 15:51:55 +02:00
Bat
3373bb66cd Fake password verification when trying to login with inexistant account
Fix #170
2018-09-03 18:04:21 +01:00
Bat
3013eec579 Redesign menu items 2018-09-03 14:59:02 +01:00
Bat
7fc5d7b5b0 Fix #167 2018-08-18 12:37:40 +02:00
Bat
3775d3a9c9 HTML validation + Actually associate messages to errors + Fix inverted behavior on new blog and post form 2018-07-07 22:51:48 +02:00
Bat
e5c1b3259d Make LoginForm serializable 2018-07-06 21:59:17 +02:00
Bat
5f3afe900f Display errors on invalid forms
It will probably need a bit of styling…
2018-07-06 19:29:36 +02:00
Bat
153400959c Actually validate forms 2018-07-06 11:51:19 +02:00
Bat
c81bb9ec25 Make forms validatable 2018-06-29 14:56:00 +02:00
Trinity Pointard
30e9620d0a Add csrf protection 2018-06-24 18:58:57 +02:00
Bat
68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00
Bat
152eafc06f Translate Rust strings 2018-06-17 17:06:47 +01:00
Bat
b18aa33c70 Update to the latest version of Rocket, to use rocket_contrib::Template::custom 2018-06-16 18:39:22 +01:00
Trinity Pointard
2fde47d909 add optional login message and callback 2018-06-04 20:21:43 +02:00
Bat
b55622f2b1 Reorganize use statements 2018-05-19 08:39:59 +01:00
Bat
6de9d5b82a Articles listings on blogs and users pages 2018-05-12 14:31:09 +01:00
Bat
a74215ef07 Start an actual design 2018-05-10 21:31:52 +01:00
Bat
8047df6848 Display remote profiles! 2018-05-01 12:48:19 +01:00
Bat
0c9a1bfc3a Reorganize uses 2018-04-24 10:21:39 +01:00
Bat
656b201244 Pluralize model modules 2018-04-23 16:19:28 +01:00
Bat
4f9df753f5 Implement logout 2018-04-23 12:13:49 +01:00
Bat
5f4cb6c065 Authentication 2018-04-23 10:52:44 +01:00