Christian Siefkes
Christian Siefkes
ToJSON instance of newtype UserPass should go away in order to avoid accidental leakage of cleartext passwords. (Under no circumstances render to something like "[password hidden]", as that can cause...
In several instances, errors in the config file lead to an `error` being thrown in the code. It would be better to reserve `error` for programming mistakes and instead `throwError...
We need to show them to be in compliance. See BUG marker in `thentos-core/src/Thentos/Frontend/State.hs`.
`serviceLoginH`: The session token seems to be contained in the URL. So if people copy the url from the address bar and send it to someone, they will get the...
Use csrf protection for `userLogoutConfirmH, emailUpdateH, serviceCreateH, serviceRegisterH` (if needed). See BUG markers in `thentos-core/src/Thentos/Frontend/Handlers.hs`.
Use csrf protection for `userLogoutConfirmSnippet`, if needed. See BUG marker in `thentos-core/src/Thentos/Frontend/Pages.hs`.
The ServiceSessionToken needs to be stored in the query of the redirect url. See BUG marker in `thentos-core/src/Thentos/Frontend/Handlers.hs`.
The frontend expects "/user/register_confirm/", but the link is now generated in the backend and has the form "/activate/". See BUG marker in `thentos-core/src/Thentos/Frontend/Handlers.hs`.
Get csrfToken from state instead of using a hard-coded one. See BUG marker in `thentos-core/src/Thentos/Frontend/Pages.hs`.
Design and implement a REST API that allows A3 to create and delete contexts. In the planned setup, A3 will call Thentos (rather then the other way around) when process...