Commit Graph

6 Commits

Author SHA1 Message Date
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Sam
7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00