Master to 0.4.0 #616
Master to 0.4.0 #616
Conversation
It used to fail silently (client only displays error when a message is available).
The user password salt should be encoded with Base64 before being saved to the database. The current code adds an unecessary step of converting the result of crypto.randomBytes() (which already returns a SlowBuffer) to a Base64 string and back again to a Buffer, and misses the final step of converting the Buffer's bytes back to a Base64 string. Because of this, the salt stored in the database is garbled. This is inconvenient when manipulating the data in a terminal or text editor. When generating the password hash, the crypto.pbkdf2Sync() method creates a new Buffer directly from the data supplied. Due to the incorrect encoding of the salt, entropy is lost at this step, weakening the security of stored passwords against brute force attacks.
Currently createTransport is unnecessarily called upon every time a password request is made.
…ub.com/lirantal/meanjs into lirantal-enhancements-express-cookie-parameters Conflicts: config/env/all.js
…ookie-parameters Enhancements express cookie parameters
Fixed two tiny typos.
… application startup
details on breaking changes: https://github.com/angular-ui/bootstrap/blob/eec68d81f4f72363d37493c495b 892347bdb9e1b/CHANGELOG.md Conflicts: bower.json
…h is replaced by new output
fix getToggleElement on dropdown by updating to angular-bootstrap 0.12.0 #250
Removed unneeded comas from gruntfile.
Abstract nodemailer createTransport
Show error message when sending password request mail fails
Remove unecessary comment in karma.conf.js
| @@ -95,4 +95,4 @@ | |||
| "karma-firefox-launcher": "~0.1.3", | |||
| "karma-phantomjs-launcher": "~0.1.2" | |||
| } | |||
| } | |||
| } | |||
|
@lirantal @roieki @amoshaviv @NeverOddOrEven @Shrizzy Left some comments to review. |
…d from the merge of 0.4.0 into master
|
thanks @ilanbiala I addressed all issues you mentioned |
- remove access.log (*.log is enough) - Move local.js config under MEAN.JS - Rename iOS/Apple => OS (this is a mix of windows/osx stuff anyways)
Sort out gitignore
|
@ilanbiala I think we're good to merge this to 0.4, right? |
|
Yes, I think so. |
|
Had a holiday weekend, so I didn't spend much time at my computer over the last few days. So far it looks good to me. I'm still going through it right now. |
|
Update dependencies: #622 |
|
All seems fine with me as well. I think we can start merging this into 0.4 |
|
I forked this repository. I then checked the master_to_0.4.0 branch out, and tested locally. Everything went fine, and I merged it to the 0.4.0. The merge had no issues at all, and everything seems to be working perfectly. I'm not sure what I should do next to help this merge, and then to begin helping out with merging all the PR's. Forgive me, but I'm a bit new to the forking and contributing aspect of GitHub. Should I push my new 0.4.0 branch to my repo, and create a pull request? I did make one modification to the gitingore. I added VS files. |
|
@mleanos thanks for helping out.
At the moment I'm just waiting to figure out if we're merging this PR #622 to master_to_0.4.0 before I'm closing it, and then we can continue. @mleanos once step (2) is finished we'll need quite some help with testing the 0.4.0 branch and that's where you can help the most. It'll be a few days/week until we're there. Thanks for chiming in! |
update dependencies
| openssl genrsa -out ./config/sslcerts/key.pem -aes256 1024 | ||
| openssl req -new -key ./config/sslcerts/key.pem -out ./config/sslcerts/csr.pem | ||
| openssl x509 -req -days 9999 -in ./config/sslcerts/csr.pem -signkey ./config/sslcerts/key.pem -out ./config/sslcerts/cert.pem | ||
| rm ./config/sslcerts/csr.pem | ||
| # resolve issue with bad password... | ||
| # Error: error:0906A068:PEM routines:PEM_do_header:bad password read |
There was a problem hiding this comment.
@lirantal for some reason I get this error running with ssl after generating a cert with a password:
Error: error:0906A068:PEM routines:PEM_do_header:bad password read
my suspicion is that node is not asking me for the password when running grunt prod. I am running with node v0.12.5
to resolve, I needed to remove the password from the pem like so:
openssl rsa -in ./config/sslcerts/key.pem -out ./config/sslcerts/newkey.pem && mv ./config/sslcerts/newkey.pem ./config/sslcerts/key.pem
chmod 0600 ./config/sslcerts/key.pem ./config/sslcerts/cert.pem
not sure if anyone else has seen this, but I mentioned the a reference to another person solving this issue the same way:
http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/
should I open a ticket for this?
There was a problem hiding this comment.
@jloveland yes, please open an issue on that and assign it to me, I'll get to it later this week.
This is 0.4.0 branch after I merged it with changes from master and fixes.
Once we review it and want to continue forward with move to 0.4.0: