Commit Graph

28 Commits

Author SHA1 Message Date
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. ()
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. () 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Sam
3483c8318f FEATURE: logging out logs you out everywhere
can be disabled by changing the setting "log_out_strict" to false
2015-01-28 12:56:41 +11:00
Neil Lalonde
427487783b remove block_login? check from current user 2014-10-06 14:39:48 -04:00
Neil Lalonde
ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam
7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam
aa6c92922d SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00
Sam
1aef6de4b0 automatically approve invited users on forum where moderators must approve (keep in mind only moderators can invite)
speed up specs a touch
allow invite controller to accept an email in absence of user (cleans up API)
2013-07-11 11:22:00 +10:00
Sam
850b042cab introduce rack:cache as a default, so users don't need to configure apache or nginx
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)

reorganised so mini profilers can be cleanly disabled from config file

added caching for categories index

move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
Sam
c57ec611e1 basic api support 2013-03-25 18:04:46 -07:00
Sam
deb603f41c Merge pull request from kid0m4n/convert-ruby-1-9-syntax
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
Karan Misra
5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Kuba Brecka
113d0e0257 fix duplicate auth_token in development database images 2013-03-22 18:33:56 +01:00
Gosha Arinich
cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Sam Saffron
47fedd8f4d correct breakage
don't set permanent cookie, kill session if it conflicts
2013-02-24 22:56:08 +11:00
Sam Saffron
fd2e9a99bf cookie recovery cause we have been messing with it. 2013-02-24 21:50:34 +11:00
Sam Saffron
b66db4153d refactor and organise current_user better 2013-02-24 21:42:04 +11:00
Sam
ab97dc8fd6 Update lib/current_user.rb 2013-02-24 17:24:40 +11:00
tms
3e6641c07e Unsign auth token cookies per discussion on 2013-02-23 13:40:21 -05:00
tms
5616fdc475 Sign the auth token cookie and make it httpOnly 2013-02-20 17:24:19 -05:00
Sam Saffron
eb188c57e8 started work on message bus diags 2013-02-15 19:23:40 +11:00
Robin Ward
74220b4194 Don't update the current ip to an empty string 2013-02-11 16:01:53 -05:00
Robin Ward
57049b55a2 Little things:
- Retries on deadlock when calculating average time
- Removes Warning: When specifying html format for errors
- Doesn't use manual SQL to update user's ip address
2013-02-11 15:47:28 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00