realized half the info from the signup form wasnt being stored in the JWT
used to create the account after email confirmation, and instead of
adding them, the -whole request- from the browser is stored temporarily
by the server, indexed by a smaller JWT that only includes the invite
code. Someone complained on reddit about me storing the password in the
JWT a while back, and although security-wise that isn't an issue (only
the server can decrypt the token), it doesn't happen anymore. Happy?
An almost identical set of functions to the discord/telegram/matrix
storage ones is now used for accessing invites. No more
parallelism-related issues, yay. Need to do this for everything
eventually.
Shares code with custom emails, so most related functions have had a
%s/Email/Message/g. Press the edit button on the user page setting to
add a message.
works identically to on the form, would like to eventually factor out
the discord/telegram/matrix verif stuff so it can be shared between the
two pages though.
can be enabled in settings > captcha, requires a site key & secret key
from google. New wiki article explains getting these. currently a little
ugly looking on the page itself, hopefully fixable.
if enabled (General>Auto redirect on success), the user will not have to
click "continue" on the form or creation success page and will
insted be redirected. For #242.
the version of the discord library with support for this isn't
necessarily stable, so normal ! commands will still be available. The
user is no longer DMed for the PIN, instead they type /pin <PIN>.
New "Access jfa-go" column allows you to select users for jfa-go access.
New "Allow All" setting allows all Jellyfin users access, as disabling
"Admin Only" no longer does this.
In each of the Discord/Telegram/Matrix sections, the "Show on user
registration" option can be disabled to hide the "Link xxx" button on
the registration form. This is useful is you're only using these
registrations for admin purposes.
Only appears with Reset links enabled.
Pressing this sends a PWR link to the users selected.
if one user is selected, or if one of you selected users doesn't have a
method of contact, a link is given to the admin to send to them
manually.
PIN is verified but not used currently. Works a little different than
the others, you input your matrix user ID and then the PIN is sent to
you. The bot doesn't support E2EE, so the bot being the first one to
message ensures the chat is unencrypted.
The "Send to" box on the invite tab now accepts username#discriminator,
and a search icon has been added which opens a search window similar to
the one on the accounts tab. DiscordDaemon.GetUsers was also very broken
and wouldn't work with full username#discriminator, that's been fixed.
Discord, Email & Telegram can be enabled, although email is always
enabled right now (will fix). Also apparently markdown hyperlinks don't
work in Discord, eventually will implement something to convert them to
embeds.
When signing up, the user is given a pin code which they send to a
telegram bot. This provides user verification, but more importantly
allows the bot to message the user, as the Telegram API requires the
user to interact with the bot before it can do the opposite.
The bot should recognize the correct language, but a /lang command is
also provided to change it.
The verification process is pretty much functional but ui is still
broken, and it isn't properly integrated yet.
When enabled (in Settings > Password Resets), a magic link will be sent
instead of a PIN when the user tries reset their password. By doing
this the user doesn't have to keep the Jellyfin tab open to enter the
code.
this will add an optional validity period to users, where their account
will be disabled (or deleted) a specified amount of time after they
created it.