1
0
Fork 0
forked from OpenNeo/impress
Dress to Impress, a big fancy Neopets customization tool!
Find a file
Emi Matchu 58d86cf3ac Prevent user from removing all their login methods
Oh right, if you can remove your email, there's a way to fully lock out
your account:

1. Create account via NeoPass, so no password is set.
2. Ensure you have an email saved, then disconnect NeoPass.
3. Remove the email.
4. Now you have no NeoPass, no email, and no password!

In this change, we add a validation that requires an account to always
have at least one login method. This works well for the case described
above, and also helps offer server-side validation to the "can't
disconnect NeoPass until you have an email and password" stuff that
previously was only enforced by disabling the button.

That is, the following procedure could also lock you out before,
whereas now it raises the "Whoops, there was an error disconnecting
your NeoPass from your account, sorry." message:

1. Create account via NeoPass, so no password is set.
2. Ensure you have an email saved, so "Disconnect" button is enabled.
3. Open a new browser tab, and remove the email.
4. In the original browser tab, click "Disconnect".
2024-04-09 06:40:56 -07:00
.devcontainer Save last trade activity time onto User 2024-01-19 00:00:46 -08:00
.husky Set up eslint for wardrobe-2020 2023-11-02 18:11:07 -07:00
app Prevent user from removing all their login methods 2024-04-09 06:40:56 -07:00
bin Actually create user from NeoPass authentication! <3 <3 2024-03-14 19:11:06 -07:00
config Eject AuthUsersController from the default Devise controller 2024-04-08 04:02:54 -07:00
db Connect a NeoPass to an existing account 2024-04-08 05:33:58 -07:00
deploy Install cron job to run rails public_data:commit weekly in production 2024-03-01 13:20:59 -08:00
lib Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00
public Add handlers for requests that were stopped during the reboot process 2024-02-28 13:50:13 -08:00
test Save last trade activity time onto User 2024-01-19 00:00:46 -08:00
vendor Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00
.eslintrc.json Set up eslint for wardrobe-2020 2023-11-02 18:11:07 -07:00
.gitignore Create rails public_data:commit task, to share public data dumps 2024-02-29 14:30:33 -08:00
.ruby-version Finish migrating to Ruby 3.3.0 2024-02-22 12:05:02 -08:00
.yarnrc.yml Upgrade to Yarn 4.0.2 2024-01-14 23:05:53 -08:00
config.ru Upgrade to Rails 6.1.7.4 2023-10-23 19:05:07 -07:00
falcon.rb Remove supervisor from the Falcon process? 2024-01-24 00:20:23 -08:00
Gemfile Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00
Gemfile.lock Refactor to use OpenID Connect OmniAuth gem instead of plain OAuth2 2024-03-14 18:11:40 -07:00
LICENSE.md Update GitHub links to point to our self-hosted OpenNeo Code 2024-02-29 11:24:21 -08:00
package.json Split NeoPass dev server into main/backing servers 2024-03-14 15:06:13 -07:00
Procfile.dev Use local-only HTTPS certs for the development neopass-server 2024-03-14 18:01:54 -07:00
Rakefile Uninstall resque 2023-10-23 19:05:04 -07:00
README.md Oops, needs to be a README.md file! 2023-10-25 16:31:41 -07:00
yarn.lock Split NeoPass dev server into main/backing servers 2024-03-14 15:06:13 -07:00

Dress to Impress beach logo

Dress to Impress

Oh! We've been revitalizing the Rails app! Fun!

There'll be more to say about it here soon :3