github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-04 02:31:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/config
History
Jarek Radosz 704778f448
FIX: Don't invite new users via group with SSO on or local logins off (#11950) 
Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339

Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on.

We already prevent that in most places. This adds required checks to `GroupsController`.
2021-02-03 18:13:00 +01:00
..
cloud/cloud66
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
environments
FEATURE: support DISCOURSE_SMTP_FORCE_TLS option (#11733)
2021-01-18 11:56:18 -05:00
initializers
DEV: apply cdn headers to public javascripts endpoint too. (#11942)
2021-02-03 20:15:52 +05:30
locales
FIX: Don't invite new users via group with SSO on or local logins off (#11950)
2021-02-03 18:13:00 +01:00
application.rb
FEATURE: Add Google Universal Analytics v4 as an option (#11123)
2020-11-06 14:15:36 -06:00
boot.rb
DEV: Remove deprecated bootsnap options (#11929)
2021-02-02 14:39:51 +01:00
cdn.yml.sample
database.yml
DEV: Disable migration advisory locks in dev and test environment.
2020-08-25 14:20:58 +08:00
deploy.rb.sample
discourse_defaults.conf
FEATURE: support DISCOURSE_SMTP_FORCE_TLS option (#11733)
2021-01-18 11:56:18 -05:00
discourse.config.sample
discourse.pill.sample
environment.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
logrotate.conf
multisite.yml.production-sample
DEV: Remove db_id from sample multisite config.
2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf
DEV: Use $upstream for logging performance headers in NGINX (#11856)
2021-01-26 21:03:20 +00:00
projections.json
DEV: Use .hbr for raw template file extension (#8883)
2020-02-11 13:38:12 -06:00
puma.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
routes.rb
DEV: Remove bulk group admin endpoints (#11949)
2021-02-03 18:12:22 +01:00
sidekiq.yml
FEATURE: introduce ultra_low priority queue
2019-01-17 14:53:19 +11:00
site_settings.yml
UX: respect email_editable site setting in user activation page. (#11835)
2021-01-25 22:19:26 +05:30
spring.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn_launcher
FIX: Increase timeout when trying to reload unicorn.
2018-12-04 13:43:14 +08:00
unicorn_upstart.conf
unicorn.conf.rb
FEATURE: Allow plugins to register demon processes (#11493)
2020-12-16 09:43:39 +00:00