github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 13:38:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
30,913 Commits 190 Branches 500 Tags 938 MiB
8cb5ed3a7c
Commit Graph

166 Commits

Author SHA1 Message Date
David Taylor
9db829134c
FIX: Use database to persist metadata during social registration (#6750) 
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
 2018-12-10 15:10:06 +00:00
Sam
502a0fe778 FIX: support connecting GitHub with existing accounts 2018-12-10 09:27:00 +11:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739) 
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
 2018-12-07 15:39:06 +00:00
David Taylor
86f8734bc0 FIX: Prioritize explicit 'connect' over matching by email 
This is an edge case that was previously handled by TwitterAuthenticator, but not FacebookAuthenticator.
 2018-12-07 15:05:51 +00:00
David Taylor
3cad3f9df1 DEV: Add profile fetching support to ManagedAuthenticator 2018-12-07 15:05:51 +00:00
David Taylor
e117deb2ba FIX: Improve avatar loading, and add tests 
Follow-up from 4e2cc9c
 2018-12-04 15:09:32 +00:00
David Taylor
4e2cc9caf0 FIX: Use safe navigation operator when looking for avatar URL 2018-12-03 17:28:21 +00:00
David Taylor
9125b5fbc4 DEV: Reformat single line method definition 
Following comments on 71aaed272c
 2018-12-03 15:03:00 +00:00
David Taylor
71aaed272c
DEV: Correct auth_provider deprecation warning 2018-11-30 22:22:26 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate! 
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
 2018-11-30 16:58:18 +00:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator 
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
 2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator 
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
 2018-11-30 11:18:11 +00:00
David Taylor
f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' (#6649) 2018-11-22 19:12:04 +00:00
Régis Hanol
182b34243d
FIX: opts is a hash in 'log_on_user' 
cc @nbianca
 2018-11-12 16:00:12 +01:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534) 
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
 2018-11-12 15:34:12 +01:00
Bianca Nenciu
5fc09a6467 DEV: Fix build. 2018-11-05 14:16:03 +02:00
David Taylor
a84b6b6b0c SECURITY: Add CSRF protections to OpenID callback 2018-11-05 11:16:57 +00:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
David Taylor
56e0f47bcd FIX: Do not update last_seen for API access 
This regressed in 2dc3a50. I have now added tests for the behavior.
 2018-10-25 13:38:57 +01:00
Sam
45f01e637b FIX: when associating Github account disassociate others 
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
 2018-10-10 15:46:50 +11:00
Vinoth Kannan
d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
Guo Xiang Tan
d1af89e3b3 DEV: Extract global admin api rate limiting into a dedicated method. 
* We have a use case for overriding the rate limiting logic in a
  plugin.
 2018-09-04 16:37:54 +08:00
Guo Xiang Tan
3b337bfc6b Revert "FIX: Don't rate limit admin and staff constraints when matching routes." 
This reverts commit 651b50b1a1.
 2018-09-04 14:27:21 +08:00
Guo Xiang Tan
651b50b1a1 FIX: Don't rate limit admin and staff constraints when matching routes. 
* When an error is raised when checking route constraints, we
  can only return true/false which either lets the request
  through or return a 404 error. Therefore, we just skip
  rate limiting here and let the controller handle the
  rate limiting.
 2018-09-04 13:52:58 +08:00
Sam
272de95175 FIX: client duplicate registration should be cleaned up 
If for any reason we are unable to correct client id on a user api key
invalidate old keys for client/user
 2018-08-22 12:56:49 +10:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Gerhard Schlager
6ddf7fcd1f Fix warnings about already initialized constants 2018-08-09 17:29:02 +02:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer. 
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
 2018-08-06 09:25:48 +01:00
David Taylor
6566b2f11a FEATURE: Allow revoke and connect for Instagram logins 2018-07-30 14:38:53 +01:00
David Taylor
5f1fd0019b FEATURE: Allow revoke and connect for GitHub logins 2018-07-27 17:18:53 +01:00
David Taylor
6296f63804 FEATURE: Revoke and connect for Yahoo logins 2018-07-27 16:20:47 +01:00
David Taylor
9c72c00206 FEATURE: Revoke and reconnect for Twitter logins 2018-07-27 12:28:51 +01:00
David Taylor
fa399ce1c5 FEATURE: Add revoke and reconnect functionality for google logins 2018-07-25 16:03:14 +01:00
David Taylor
776fd0de66 FIX: Filter open-id logins by identifier 2018-07-25 11:47:09 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) 
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
 2018-07-23 16:51:57 +01:00
David Taylor
2dc3a50dac FIX: Do not update last seen time for suspended users 2018-07-18 16:04:57 +01:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Guo Xiang Tan
543b7cddfb FIX: Extra comma resulted in Github auth email result being an array. 
https://meta.discourse.org/t/github-2fa-flow-broken/88674
 2018-05-30 12:15:12 +08:00
OsamaSayegh
f6d412465b FIX: apply automatic group rules when using social login providers 2018-05-23 02:26:07 +03:00
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Sam
3d6dc764be needed to remove legacy from a few more spots 2018-05-04 11:12:01 +10:00
Sam
c7a0ced656 FIX: remove facebook_request_extra_profile_details 
Since this no longer works
 2018-04-26 14:14:35 +10:00
Vinoth Kannan
c5d26992d4 Prefer to use primary email for new user creation over other available emails 2018-03-19 17:10:35 +05:30
Robin Ward
c75fd34328 Allow Discourse installs to name the token cookie 2018-03-13 16:48:40 -04:00
Sam
0134e41286 FEATURE: detect when client thinks user is logged on but is not 
This cleans up an error condition where UI thinks a user is logged on
but the user is not. If this happens user will be prompted to refresh.
 2018-03-06 16:49:31 +11:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
24d0a7a4c7 Take 2 on f74d6bb605. 
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
 2018-02-23 07:53:01 +08:00
Joffrey JAFFEUX
1c790ae6bc Revert "Add prompt and HD settings to the Google OAuth2 plugin." 
This reverts commit f74d6bb605.
 2018-02-22 19:17:02 +01:00
Geoffrey Challen
f74d6bb605 Add prompt and HD settings to the Google OAuth2 plugin. 2018-02-22 12:29:19 +08:00
Sam
a3c7ee09b6 FIX: ruby bench not working properly 
- Remove thin which is no longer supported
- Bypass admin api rate limiting in profile environment
- Admin password was too short
- Run by default in concurrency 1 mode
- A skip bundle assets flag to speed up local testing
 2018-02-19 11:37:16 +11:00