8 Commits

Author	SHA1	Message	Date
David Taylor	46dc189850	DEV: Improve robustness of associate_accounts_controller ... This handles a few edge cases which are extremely rare (due to the UI layout), but still technically possible: - Ensure users are authenticated before attempting association. - Add a message and logic for when a user already has an association for a given auth provider.	2021-08-10 15:07:40 +01:00
David Taylor	2cae29f644	DEV: Update associate_accounts_controller to use secure_session ... This is much cleaner than using redis directly. It also opens the door to more complex association change flows which may happen during login.	2021-08-10 15:07:40 +01:00
Roman Rizzi	044de6d670	DEV: Give callback listeners access to the request object. (#13965) ... Plugins listening on the `before_auth` callback can interact with the request object and access data like the user agent or the remote IP address. We'll later store this data in the user record, but it might not exist at this point if we're authenticating a new account.	2021-08-06 11:26:11 -03:00
David Taylor	c94879ea43	DEV: Remove incorrect method descriptions ... These do not accurately describe the methods. They were likely copy/pasted from another controller.	2021-07-29 18:23:56 +08:00
Roman Rizzi	0da2197219	DEV: Pass the cookie jar to the :after_auth event (#13591) ... Plugins can add custom cookies by hooking to this event. The auth result is also included in this event so they can know if auth was successful.	2021-07-01 09:44:58 -03:00
David Taylor	dc005c593e	DEV: Introduce :before_auth DiscourseEvent (#11233) ... This is useful for plugins to manipulate the auth hash from OmniAuth before it is read by the Authenticator class	2020-11-13 14:41:54 +00:00
Joffrey JAFFEUX	0d3d2c43a0	DEV: s/\$redis/Discourse\.redis (#8431) ... This commit also adds a rubocop rule to prevent global variables.	2019-12-03 10:05:53 +01:00
David Taylor	0a6cae654b	SECURITY: Add confirmation screen when connecting associated accounts	2019-07-24 10:28:15 +01:00