Merge branch 'TriliumNext:develop' into develop

yiranlus · web-flow · commit 0fa084711e78 · 2025-04-15T16:11:16.000+02:00
diff --git a/docs/Release Notes/Release Notes/v0.92.8-beta.md b/docs/Release Notes/Release Notes/v0.92.8-beta.md
@@ -12,6 +12,8 @@
     *   [Most tree context menu on mobile are broken](https://github.com/TriliumNext/Notes/issues/671)
 *   [Quick search launch bar item does nothing in vertical layout](https://github.com/TriliumNext/Notes/issues/1680)
 *   [Note background is gray in 0.92.7 (light theme)](https://github.com/TriliumNext/Notes/issues/1689)
+*   [config.Session.cookieMaxAge is ignored](https://github.com/TriliumNext/Notes/issues/1709) by @pano9000
+*   [Return correct HTTP status code on failed login attempts instead of 200](https://github.com/TriliumNext/Notes/issues/1707) by @pano9000
 
 ## ✨ Improvements
 
diff --git a/src/public/app/widgets/type_widgets/ckeditor/config.ts b/src/public/app/widgets/type_widgets/ckeditor/config.ts
@@ -74,7 +74,7 @@ export function buildConfig() {
         heading: {
             options: [
                 { model: "paragraph" as const, title: "Paragraph", class: "ck-heading_paragraph" },
-                // // heading1 is not used since that should be a note's title
+                // heading1 is not used since that should be a note's title
                 { model: "heading2" as const, view: "h2", title: "Heading 2", class: "ck-heading_heading2" },
                 { model: "heading3" as const, view: "h3", title: "Heading 3", class: "ck-heading_heading3" },
                 { model: "heading4" as const, view: "h4", title: "Heading 4", class: "ck-heading_heading4" },
diff --git a/src/routes/login.ts b/src/routes/login.ts
@@ -92,11 +92,10 @@ function login(req: Request, res: Response) {
     const rememberMe = req.body.rememberMe;
 
     req.session.regenerate(() => {
-        if (rememberMe) {
-            req.session.cookie.maxAge = 21 * 24 * 3600000;  // 3 weeks
-        } else {
+        if (!rememberMe) {
             // unset default maxAge set by sessionParser
-            // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)
+            // Cookie becomes non-persistent and expires
+            // after current browser session (e.g. when browser is closed)
             req.session.cookie.maxAge = undefined;
         }
 
@@ -134,7 +133,7 @@ function sendLoginError(req: Request, res: Response, errorType: 'password' | 'to
         log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
     }
 
-    res.render('login', {
+    res.status(401).render('login', {
         wrongPassword: errorType === 'password',
         wrongTotp: errorType === 'totp',
         totpEnabled: totp.isTotpEnabled(),
