Sam
0b5c3f5a03
SECURITY: do cookie auth rate limiting earlier
2016-08-09 10:04:49 +10:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Sam
c1f62d8657
Revert "make upgrade a bit more seamless"
...
This reverts commit 78b88a1633
.
2016-07-25 12:49:33 +10:00
Sam
78b88a1633
make upgrade a bit more seamless
2016-07-25 12:30:52 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Arpit Jalan
a9207dafa7
FEATURE: configure session time via site setting for all the users ( #4343 )
2016-07-23 02:57:30 +05:30
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
Sam
f88cf4e2f0
Merge pull request #4226 from xfalcox/non-persistent-session
...
FEATURE: add setting permanent_session_cookie to configure session st…
2016-06-29 16:47:31 +10:00
Régis Hanol
9704603fab
FEATURE: sendgrid webhooks
2016-06-01 21:48:06 +02:00
Sam
52c3b0b0ce
clear mini profiler cookie when admin logs off
2016-05-18 17:27:54 +10:00
Rafael dos Santos Silva
09ef5f613e
FEATURE: add setting permanent_session_cookie to configure session stickiness
...
Now admins can turn make the login cookie die after the browser is closed, so the user needs to log in everytime.
2016-05-17 01:12:09 -03:00
Arpit Jalan
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Mark Biegel
70b287a053
Update instagram_authenticator.rb
2016-02-26 11:37:48 +10:00
Ubuntu
5c603bf8ec
Added Instagram login method
2016-02-25 12:13:59 +10:00
Sam
0ef141b2c3
FIX: skip jwt encoding for auth
2016-02-05 08:48:16 +11:00
Robin Ward
0b4c9005f9
FIX: Don't include name
in hash when names are disabled.
...
This could break some SSO implementations due to honeypot
not being triggered.
2015-10-29 12:19:45 -04:00
Robin Ward
7dbc2590a5
Support for auth plugins to freeze the username
2015-06-26 15:55:33 -04:00
Robin Ward
b4960d48b4
Better support for passing up errors when OmniAuth fails after auth
2015-06-24 12:12:43 -04:00
Sam
803feefd54
MessageBus handles readonly redis now, no need to wrap it
2015-05-04 12:21:00 +10:00
Robin Ward
5b3f99aa50
Don't blow up if Redis switches to READONLY
2015-04-24 14:37:16 -04:00
Neil Lalonde
7c14db44cc
UX: improve message when admin login is blocked because of admin ip address whitelisting
2015-03-02 12:13:22 -05:00
Sam
3483c8318f
FEATURE: logging out logs you out everywhere
...
can be disabled by changing the setting "log_out_strict" to false
2015-01-28 12:56:41 +11:00
Neil Lalonde
7412ff4da7
FIX: suspended users are logged out when they are suspended. Show a reason for suspension when they try to log in.
2015-01-19 12:37:02 -05:00
Greg Kempe
e979382ab4
Facebook auth without an email should allow user to enter email
...
In some cases Facebook doesn't send back a user's email. In this
case, allow the user to enter their email address.
See
https://meta.discourse.org/t/facebook-initial-login-create-account-dialog-leaves-email-field-blank/13815/15
2014-12-08 12:43:06 +02:00
Sam
a9cda0f947
FEATURE: allow restricting API keys to a particular range
2014-11-20 15:21:49 +11:00
Sam
aa9b3bb35a
FEATURE: allow long polling to go to a different url
...
Added the site setting long_polling_base_url , this allows you
to farm long polling to a different server.
This setting is very important if a CDN is serving dynamic content.
2014-10-24 13:38:38 +11:00
Neil Lalonde
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
Sam
fdc89b1735
SECURITY: GitHub authenticator returning unverified emails
2014-09-03 12:53:22 +10:00
Régis Hanol
7c65adfd6f
FEATURE: raise an exception when the email is missing in the OpenId callback
2014-08-07 19:28:50 +02:00
Neil Lalonde
030c748adb
Revert "FIX: google oauth2 for sites using https. Need to specify the redirect_uri during setup in this case."
...
This reverts commit fe6235b40e
.
2014-07-31 16:56:08 -04:00
Neil Lalonde
fe6235b40e
FIX: google oauth2 for sites using https. Need to specify the redirect_uri during setup in this case.
2014-07-31 14:50:46 -04:00
riking
12cb682548
Start passing more context to Discourse.handle_exception
2014-07-17 14:11:56 -07:00
Neil Lalonde
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
Sam
67db561429
BUGFIX: missed a key rename
...
BUGFIX: API spec not enabling CSRF
2014-05-23 08:43:19 +10:00
Sam
cf254000cf
Revert "Revert "BUGFIX: improve error messages for invalid API keys""
...
This reverts commit e9afe28586
.
2014-05-23 08:43:19 +10:00
Neil Lalonde
e9afe28586
Revert "BUGFIX: improve error messages for invalid API keys"
2014-05-22 14:55:36 -04:00
Sam
eeef775f21
BUGFIX: improve error messages for invalid API keys
...
BUGFIX: don't track last seen for message bus
2014-05-22 09:01:29 +10:00
Neil Lalonde
742841ddce
Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites.
2014-05-21 18:35:10 -04:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
1da59e7e2e
FIX: deactivated users shouldn't be able to log in
2014-04-28 13:46:28 -04:00
Sam
5897d3419c
BUGFIX: identity_url was not fished out correctly
...
If I user logged in with Google and then changed email,
they would no longer be able to log in with google
2014-03-26 14:52:50 +11:00
Sam
35ee341122
SECURITY: GitHub returns unvalidated emails
2014-03-26 10:55:36 +11:00
Sam
7e7c4efcc0
FEATURE: on initial boot hint users on how to get admin
2014-03-24 18:03:39 +11:00
Neil Lalonde
a74764c833
Log when facebook doesn't provide an email address
2014-03-19 13:31:17 -04:00
Sam
2c8ae22b87
FEATURE: add a simple queue Scheduler::Defer.later {}
...
For quick jobs that do not need to be sent to sidekiq,
runs inline in a single thread but does not block
2014-03-17 12:16:19 +11:00
Sam
ceb80611d6
PERF: defer last_ip_address and last_seen updates
2014-03-03 15:16:38 +11:00
Sam
70c50d321a
BUGFIX: allow facebook auth for people refusing email
2014-02-17 14:45:17 +11:00
Erik Ordway
f1e8bdaee5
Remove cas auth from core and convert the settings over so they can be used by the plugin
2014-02-11 15:57:08 -08:00
Sam
7ad00f426c
FEATURE REMOVAL: persona login
...
see: https://meta.discourse.org/t/pulling-persona-out-of-discourse-core/12613
2014-02-11 16:56:48 +11:00