From fa350e13f6e89ae0ab1b293373ce86c1c5fc2538 Mon Sep 17 00:00:00 2001 From: Panagiotis Papadopoulos Date: Tue, 15 Apr 2025 08:37:10 +0200 Subject: [PATCH 1/3] fix(login): send back 401 Unauthorized on failed login attempt --- src/routes/login.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/login.ts b/src/routes/login.ts index 3f4d52f32..9387e18fc 100644 --- a/src/routes/login.ts +++ b/src/routes/login.ts @@ -134,7 +134,7 @@ function sendLoginError(req: Request, res: Response, errorType: 'password' | 'to log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`); } - res.render('login', { + res.status(401).render('login', { wrongPassword: errorType === 'password', wrongTotp: errorType === 'totp', totpEnabled: totp.isTotpEnabled(), From ce83c918fb7f33cdfb1620416f5375640be4e73d Mon Sep 17 00:00:00 2001 From: Panagiotis Papadopoulos Date: Tue, 15 Apr 2025 09:09:28 +0200 Subject: [PATCH 2/3] fix(login): fix regression that removed support for setting custom cookieMaxAge regression introduced with #401 custom cookieMaxAge feature added with #1156 fixes #1709 --- src/routes/login.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/routes/login.ts b/src/routes/login.ts index 3f4d52f32..7c783bbe7 100644 --- a/src/routes/login.ts +++ b/src/routes/login.ts @@ -92,11 +92,10 @@ function login(req: Request, res: Response) { const rememberMe = req.body.rememberMe; req.session.regenerate(() => { - if (rememberMe) { - req.session.cookie.maxAge = 21 * 24 * 3600000; // 3 weeks - } else { + if (!rememberMe) { // unset default maxAge set by sessionParser - // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed) + // Cookie becomes non-persistent and expires + // after current browser session (e.g. when browser is closed) req.session.cookie.maxAge = undefined; } From 627e90ef89cf07d85ec0f1a6940d5b497ac5c0bd Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Tue, 15 Apr 2025 13:13:23 +0300 Subject: [PATCH 3/3] chore(release): update change log --- docs/Release Notes/Release Notes/v0.92.8-beta.md | 2 ++ src/public/app/widgets/type_widgets/ckeditor/config.ts | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/Release Notes/Release Notes/v0.92.8-beta.md b/docs/Release Notes/Release Notes/v0.92.8-beta.md index de191a4db..3b99b9519 100644 --- a/docs/Release Notes/Release Notes/v0.92.8-beta.md +++ b/docs/Release Notes/Release Notes/v0.92.8-beta.md @@ -12,6 +12,8 @@ * [Most tree context menu on mobile are broken](https://github.com/TriliumNext/Notes/issues/671) * [Quick search launch bar item does nothing in vertical layout](https://github.com/TriliumNext/Notes/issues/1680) * [Note background is gray in 0.92.7 (light theme)](https://github.com/TriliumNext/Notes/issues/1689) +* [config.Session.cookieMaxAge is ignored](https://github.com/TriliumNext/Notes/issues/1709) by @pano9000 +* [Return correct HTTP status code on failed login attempts instead of 200](https://github.com/TriliumNext/Notes/issues/1707) by @pano9000 ## ✨ Improvements diff --git a/src/public/app/widgets/type_widgets/ckeditor/config.ts b/src/public/app/widgets/type_widgets/ckeditor/config.ts index 6d4726999..817825ac3 100644 --- a/src/public/app/widgets/type_widgets/ckeditor/config.ts +++ b/src/public/app/widgets/type_widgets/ckeditor/config.ts @@ -74,7 +74,7 @@ export function buildConfig() { heading: { options: [ { model: "paragraph" as const, title: "Paragraph", class: "ck-heading_paragraph" }, - // // heading1 is not used since that should be a note's title + // heading1 is not used since that should be a note's title { model: "heading2" as const, view: "h2", title: "Heading 2", class: "ck-heading_heading2" }, { model: "heading3" as const, view: "h3", title: "Heading 3", class: "ck-heading_heading3" }, { model: "heading4" as const, view: "h4", title: "Heading 4", class: "ck-heading_heading4" },