github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 04:04:21 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
34,339 Commits 190 Branches 500 Tags 938 MiB
c468abe9d0
Commit Graph

84 Commits

Author SHA1 Message Date
David Taylor
213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Saurabh Patel
08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Sam Saffron
1be01f8dd4 DEV: Add support for Rails 6 
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
 2019-05-02 16:23:25 +10:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts (#6528) 
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
 2018-10-25 09:52:01 -04:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Régis Hanol
0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Guo Xiang Tan
70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Guo Xiang Tan
a9699da672 UX: Specify pattern and maxlength for 2FA input fields. 2018-02-26 18:29:46 +08:00
Guo Xiang Tan
1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Guo Xiang Tan
964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Guo Xiang Tan
edf326a9a5 Fix incorrect translation. 2018-02-22 08:06:37 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP 
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
 2018-02-21 09:04:07 +08:00
Vinoth Kannan
f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Neil Lalonde
66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward
cef64e8f03 UX: Use no_ember styling for omniauth error page 2017-11-15 14:04:26 -05:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Neil Lalonde
bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Neil Lalonde
0b41046238 don't force SiteSetting.title into meta title tag 2017-06-12 13:50:50 -04:00
Robin Ward
b381372184 Use Ember.js for the /u/account-created path so we can add controls 2017-05-03 11:18:01 -04:00
Sam
b43d2e42f4 missing spots 2017-04-17 12:30:20 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward
45a257815a Convert front end paths from /users/ to /u/ 2017-03-30 10:23:24 -04:00
Neil Lalonde
c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Sam
0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
Jeff Atwood
1386f9c8c9 make the activate account button a btn-primary 2016-07-14 03:40:55 -07:00
Robin Ward
f7c303c82e FIX: If there's no window.opener use the localStorage method for login 2016-07-08 14:45:34 -04:00
Robin Ward
eff2865278 FIX: Support create account on facebook browser 2016-06-10 11:12:46 -04:00
Robin Ward
171dbd4b09 Allow redirects on Facebook Browser 2016-06-09 15:51:46 -04:00
Robin Ward
f6eb5e823b Temporarily remove FB browser redirect 2016-06-09 15:35:17 -04:00
Robin Ward
ba5993ae79 FIX: Invalid escaping of URL 2016-06-09 15:10:21 -04:00
Robin Ward
4730c82b3a FIX: Detect window.opener 2016-06-09 14:51:38 -04:00
Robin Ward
eee15dfe7f FIX: On facebook browser, don't close the window but redirect instead 2016-06-09 14:20:44 -04:00
Arpit Jalan
cf97efb643 make the text field autofocus on admin-login page 2016-05-25 23:41:07 +05:30
Arpit Jalan
05164d4cae FEATURE: add Google Analytics code to more user pages 2016-04-02 01:29:08 +05:30
Robin Ward
5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Arpit Jalan
50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
Neil Lalonde
c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Neil Lalonde
2d7c3067ba FIX: automatic redirect after activating account on subfolder installs 2015-12-15 14:46:35 -05:00
Sam
d6932e4ac4 add missing include 2015-11-25 22:47:50 +11:00
Régis Hanol
37c5909a31 FIX: use the first image in the first post in the topic as opengraph image 
FEATURE: new 'default_opengraph_image_url' setting
 2015-10-15 11:00:47 +02:00
Sam
b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam
fab51496cb correct full screen login feature 2015-10-13 13:11:49 +11:00
Sam
b3aebca406 FEATURE: allow auto provider to specify "full screen login" 
this feature means we attempt to log in without opening a frame.
 2015-10-13 12:23:34 +11:00
Sam
57e3323663 redirect back to base uri if there is no window opener. 2015-10-13 12:03:43 +11:00
Robin Ward
b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Arpit Jalan
f3687b6e56 UX: show caps lock warning on password reset page 2015-05-04 13:01:35 +05:30
Arpit Jalan
2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30
Sam
f5af4768eb FEATURE: add clean support for running Discourse in a subfolder 
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
 2015-03-09 13:14:29 +11:00
Sam
17927b2e8b FIX: don't use flash cause we are not redirecting 
(we should probably change that though)
 2015-02-20 10:28:58 +11:00