discourse/app/controllers
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
..
admin FEATURE: per client user tokens 2017-02-07 09:22:16 -05:00
users FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
about_controller.rb PERF: Rendering crawler's template is expensive. 2016-04-07 16:28:31 +02:00
application_controller.rb SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
badges_controller.rb Advanced Search UI 2016-10-04 11:18:01 -04:00
categories_controller.rb Merge pull request #4609 from joebuhlig/category-topics-wiki 2016-12-20 09:15:51 +11:00
category_hashtags_controller.rb FIX: Query for category hashtag should be case sensitive. 2016-03-28 11:15:10 +08:00
clicks_controller.rb PERF: avoid preloading json in cases where it is not needed 2015-05-20 17:12:16 +10:00
composer_messages_controller.rb FIX: Duplicate link shouldn't happen on edit 2016-06-08 17:22:23 -04:00
directory_items_controller.rb PERF: Remove ordering by username. 2016-10-15 01:13:58 +08:00
draft_controller.rb PERF: avoid preloading json in cases where it is not needed 2015-05-20 17:12:16 +10:00
email_controller.rb User interface for watching first post 2016-07-07 11:21:50 -04:00
embed_controller.rb Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
exceptions_controller.rb
export_csv_controller.rb FIX: export user list based on trust level filter 2016-03-07 18:49:31 +05:30
extra_locales_controller.rb FIX: Ensure that translations bundle exists before merging plugin bundle. 2016-09-30 14:29:30 +08:00
finish_installation_controller.rb FIX: Show an error page if finish-installation can't run 2016-12-07 11:10:08 -05:00
forums_controller.rb Delete useless home_redirect method from ForumsController. 2016-10-27 15:45:22 +01:00
groups_controller.rb FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
highlight_js_controller.rb PERF: avoid cookies for all static, public, cached forever assets 2015-05-22 16:15:46 +10:00
invites_controller.rb fix the build 2017-02-03 15:35:33 +05:30
list_controller.rb FIX: Add tags to list options from params 2016-11-26 08:24:52 -06:00
metadata_controller.rb Use any orientation for web app manifest. 2017-01-11 17:32:24 +08:00
notifications_controller.rb FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
onebox_controller.rb FIX: prevent DDoS with lots of _oneboxable_ links 2016-12-20 00:31:10 +01:00
permalinks_controller.rb FIX: permalinks redirect on subfolder installs could add the subfolder to the url twice 2015-10-12 16:54:53 -04:00
post_action_users_controller.rb FIX: You can click to see your own PMs from flags 2015-09-30 12:28:55 -04:00
post_actions_controller.rb FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
posts_controller.rb FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
queued_posts_controller.rb FIX: better error message when trying to approve post for closed/deleted topic 2016-06-24 15:11:45 +05:30
robots_txt_controller.rb FIX: robots.txt should be accessible even when login is required 2015-10-15 11:42:41 +02:00
safe_mode_controller.rb FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
search_controller.rb SECURITY: restrict constantize classes in search controller 2016-06-17 13:47:34 +10:00
session_controller.rb FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
similar_topics_controller.rb FIX: similar topics api shouldn't return error if params are below minimum lengths 2015-08-31 10:54:45 -04:00
site_controller.rb FEATURE: basic info route for all sites, even ones that require login 2016-08-12 17:10:35 +10:00
site_customizations_controller.rb FEATURE: Can create stylesheets for embedded comments 2015-08-10 10:21:04 -04:00
static_controller.rb FIX: on 404 from brotli asset path return a correctly encoded doc 2016-12-15 16:05:20 +11:00
steps_controller.rb FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
stylesheets_controller.rb fix missing rtl stylesheets 2015-05-23 15:25:05 +10:00
tag_groups_controller.rb PERF: tag groups index query 2016-07-15 17:16:26 -04:00
tags_controller.rb FIX: tags canonical url can raise error or be wrong 2017-01-05 15:17:23 -05:00
topics_controller.rb SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
uploads_controller.rb FIX: Can't use an internal name here if SiteSetting.convert_pasted_images_to_hq_jpg is false. 2017-02-01 14:51:56 +08:00
user_actions_controller.rb got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
user_api_keys_controller.rb FEATURE: user API now contains scopes so permission is granular 2016-10-14 16:05:42 +11:00
user_avatars_controller.rb SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
user_badges_controller.rb FIX: badge grant count wasn't filtered to the current user in the user summary 2016-03-30 23:11:00 +02:00
users_controller.rb FEATURE: per client user tokens 2017-02-07 09:22:16 -05:00
users_email_controller.rb SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
webhooks_controller.rb FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
wizard_controller.rb FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00