Commit Graph

74 Commits

Author SHA1 Message Date
Vinoth Kannan
b7ebb0268f FIX: returns provider_not_enabled error even if enabled 2018-07-16 11:08:48 +01:00
David Taylor
6f25421a06 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:26:44 +10:00
Guo Xiang Tan
21e9315416 FIX: Use user account email instead of auth email when totp is enabled.
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
5a462b930d REFACTOR: Prefer exists? over present. 2018-03-01 10:22:41 +08:00
Régis Hanol
e2d82b882e FIX: redirect to original URL after social login 2018-01-26 18:52:27 +01:00
Arpit Jalan
492af81e67 FIX: save registration_ip_address for staged users logging in via social auth 2017-12-12 17:41:16 +05:30
Robin Ward
cef64e8f03 UX: Use no_ember styling for omniauth error page 2017-11-15 14:04:26 -05:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Arpit Jalan
4e49b3b140 FIX: do not create new email token if there already exists a confirmed one 2017-09-14 10:52:29 +05:30
Leo McArdle
104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol
038454bde2 FIX: always confirm emails when SSO says so 2017-06-08 01:05:33 +02:00
Robin Ward
ca965f83c3 Revert "FIX: If login is required, redirect to the /login route instead of root"
This reverts commit 8a8dec550b.
2017-05-25 14:04:28 -04:00
Robin Ward
8a8dec550b FIX: If login is required, redirect to the /login route instead of root 2017-05-25 13:35:15 -04:00
Robin Ward
777f1f0f47 FIX: Return a 404 if the auth session is not present 2017-05-04 15:35:24 -04:00
Arpit Jalan
7fb17b83c4 FIX: confirm email token for user created via social login 2017-04-13 14:15:32 +05:30
Guo Xiang Tan
3d347fb9c4 FIX: Don't mark user as active if verified email is different. 2017-03-02 14:24:30 +08:00
Sam
e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam
0303080586 we do not define auth providers for builtins 2016-08-29 11:12:24 +10:00
Sam
22b8c0d44e FIX: fullscreen login set from client needs to be respected 2016-08-29 10:13:51 +10:00
Régis Hanol
841f36b058 FIX: automatically unstage user when signing in using OAuth 2016-04-04 19:04:10 +02:00
Ubuntu
5c603bf8ec Added Instagram login method 2016-02-25 12:13:59 +10:00
Robin Ward
a9823ab59a FIX: Use a cookie to bypass the anon cache 2015-10-28 17:16:56 -04:00
Sam
b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam
b3aebca406 FEATURE: allow auto provider to specify "full screen login"
this feature means we attempt to log in without opening a frame.
2015-10-13 12:23:34 +11:00
Robin Ward
b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Neil Lalonde
eaa1afeaf5 remove Google OpenID auth, since Google doesn't support it anymore 2015-05-25 15:13:44 -04:00
Neil Lalonde
7c14db44cc UX: improve message when admin login is blocked because of admin ip address whitelisting 2015-03-02 12:13:22 -05:00
Robin Ward
987504c6ab Rename no_js layout to no_ember
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Sam
e6dba8adc2 SECURITY: don't echo the "strategy" param returned by auto provider 2015-01-06 16:28:45 +11:00
Neil Lalonde
90771937f0 FIX: broken external auth 2014-10-03 16:15:00 -04:00
Neil Lalonde
ebf46450bc Refactor omniauth_callbacks_controller for extensibility 2014-10-03 11:02:04 -04:00
Neil Lalonde
ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Neil Lalonde
742841ddce Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites. 2014-05-21 18:35:10 -04:00
Erik Ordway
1167b5c4b5 I can see this on git hub but it is being missing by the test 2014-02-11 17:25:54 -08:00
Sam
7ad00f426c FEATURE REMOVAL: persona login
see: https://meta.discourse.org/t/pulling-persona-out-of-discourse-core/12613
2014-02-11 16:56:48 +11:00
Neil Lalonde
da825451d0 Invite link can't be used to log in after you set a password or sign in with 3rd party 2014-01-21 16:56:41 -05:00
Shiv Kumar
2f0e20bc11 add session to auth hash in oauth complete method 2013-11-19 09:58:12 -08:00
Régis Hanol
b56b11d96a add qunit to autospec 2013-11-01 23:57:50 +01:00
Neil Lalonde
b06f928568 Fix missing provider param message when using Persona 2013-09-23 09:46:25 -07:00
Emili Parreno
ee96fabcba Allow CAS authentication 2013-08-28 14:34:51 +02:00
Sam
61281a3c81 invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users 2013-08-28 17:18:31 +10:00
Sam
c4a0152dc6 recover from bad CSRF tokens without requiring a hard refresh of the browser 2013-08-27 15:56:12 +10:00
Sam
213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam
b52aba15e0 major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-26 12:59:17 +10:00
Michael Kirk
9e8d8870f5 fixed: record Oauth2 user email 2013-08-19 11:21:27 -07:00
Michael Kirk
4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00