Commit Graph

9 Commits

Author SHA1 Message Date
Neil Lalonde
5d6ad8f39c Show a useful message when a banned user tries to log in 2013-06-27 15:14:42 -04:00
Chris Hunt
93fc0e74bc Test correct login behavior when pending approval 2013-06-06 18:36:16 -07:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Régis Hanol
b24c1a1ad9 better consistency around email case sensitivity 2013-04-15 02:20:33 +02:00
Gosha Arinich
cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
tms
3e6641c07e Unsign auth token cookies per discussion on #215 2013-02-23 13:40:21 -05:00
tms
5616fdc475 Sign the auth token cookie and make it httpOnly 2013-02-20 17:24:19 -05:00
Neil Lalonde
c18b85873f Prevent login until email is confirmed 2013-02-11 11:18:37 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00