Skip to content

Force HTTPS redirection for log in and sign up #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Mar 30, 2017
Merged

Force HTTPS redirection for log in and sign up #319

merged 10 commits into from
Mar 30, 2017

Conversation

andrewn
Copy link
Member

@andrewn andrewn commented Mar 9, 2017
edited
Loading

⚠️ #324 and #323 might make this easier to test

⚠️ Merge #327 first I've merged it into this branch

This implements client-side redirection to HTTPS of the /signup, /login and /reset-password views described in #139. If that view is mounted and is not on HTTPS then it's redirected, causing the app to reload.

New projects are created with a serveSecure: false flag. After sign-up/log-in/reset, this flag is used to decide which protocol to redirect back to.

serveSecure defaults to false. Until some user-facing UI switch is built (see #170) then it will always redirect back to HTTP.

andrewn added 4 commits March 1, 2017 18:40
@andrewn
Higher-order component to force some routes to HTTPS
e32f5c0
@andrewn
Force all user-management routes to HTTPS
cfe53e8
@andrewn
Redirect to sourceProtocol as route unmounts.
3dcebda 
By default, no redirection occurs if sourceProtocol is not explicitly
defined.
@andrewn
Sets serveSecure flag on new projects and usea after forcing protocol
1b07b95 
The flag is set to `false` on all projects and as the UI has no way to
change this, it always redirects to HTTP after a signup/login action.
@catarak
Copy link
Member

catarak commented Mar 9, 2017

🎉 🎉 🎉

@andrewn andrewn changed the title Force HTTPS redirection for log in and sign up [WIP] Force HTTPS redirection for log in and sign up Mar 9, 2017
@andrewn andrewn mentioned this pull request Mar 12, 2017
Merged
@andrewn andrewn changed the title [WIP] Force HTTPS redirection for log in and sign up Force HTTPS redirection for log in and sign up Mar 26, 2017
@andrewn
Copy link
Member Author

andrewn commented Mar 26, 2017

I think this is finally ready for review!

@catarak
Copy link
Member

catarak commented Mar 30, 2017

woohoo this looks great AND works great!

this is definitely territory for a new issue/PR, but I just realized that we'll need to do some pushing/popping of the redux state into localStorage, i.e. if a user is not logged in and starts working on a sketch, they have to log in to save it.

@catarak catarak merged commit dc801cc into processing:master Mar 30, 2017
@andrewn andrewn deleted the feature/force-https branch June 19, 2017 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewn @catarak