Commit Graph

1735 Commits

Author SHA1 Message Date
Toby Zerner
08dbc246dd Clean up 2016-01-02 15:26:05 +10:30
Toby Zerner
3767ee4bf6 Allow admins to set a time when creating a post via the API
Again, the use-case for this is to allow the API to be used to import data from an old forum.
2016-01-02 15:25:48 +10:30
Toby Zerner
248de34242 Don't automatically activate users created by admins - require an attribute to be set 2016-01-02 15:24:35 +10:30
Toby Zerner
8d671f4de4 Make sure GetPermission event arguments array is empty if there is no model 2016-01-02 15:23:48 +10:30
Toby Zerner
6de7038f83 Allow setting the token lifetime 2016-01-02 15:22:53 +10:30
Toby Zerner
07a20a10fd Move flood control from core to API layer
This means that flood control can be disabled depending on the nature of the request (i.e. when authenticated using a master API key). The particular use case for this is to allow using the API to migrate data from an old forum.
2016-01-02 15:22:16 +10:30
Toby Zerner
c8027d344a Add admin-only email: gambit to look up users by email 2016-01-02 15:09:56 +10:30
Toby Zerner
f7709aff95 Allow custom redirection after logging out 2016-01-02 15:08:50 +10:30
Toby Zerner
46818ccd94 Extend access token lifetime when remembering a login 2016-01-02 15:08:28 +10:30
Toby Zerner
f6f9e45085 Disable session (and thus enable sudo mode) when authenticating with API token 2016-01-02 15:07:33 +10:30
Toby Zerner
ff0ce09620 Ensure routes are only populated after extensions have registered listeners
Because extensions can have dependencies injected, a RouteCollection could potentially be instantiated, and thus the ConfigureRoutes event would be called before extensions have had a chance to subscribe to it. Instead, we instantiate the RouteCollection on demand, but only populate it when the application boots.
2016-01-02 15:03:11 +10:30
Toby Zerner
e86cc39f5b API: Add an event to configure server middleware 2016-01-02 15:00:07 +10:30
Toby Zerner
a719d4109f Ensure a new asset revision identifier is generated if there is none 2016-01-02 14:59:09 +10:30
Toby Zerner
1aaf588341 Merge branch 'scrubber-display-only-comments' of https://github.com/ahsanity/core 2016-01-02 12:04:04 +10:30
Toby Zerner
0fcc8dca46 Merge pull request #676 from petermein/user-online-indicators
User online indicators
2016-01-02 09:34:11 +10:30
Toby Zerner
5a4e3b09cf Allow extensions to modify text/XML prior to formatting 2015-12-30 15:27:34 +10:30
Toby Zerner
bf87518161 Use username helper when displaying user search results 2015-12-30 15:26:54 +10:30
Toby Zerner
08dae7b530 Add getters 2015-12-30 15:26:24 +10:30
Toby Zerner
aa516fb5c3 Extract method 2015-12-30 15:26:11 +10:30
Toby Zerner
1cac48f90a Always grant master API keys sudo mode 2015-12-30 15:26:07 +10:30
Toby Zerner
5e476fae16 Merge branch 'oauth2-controller' 2015-12-29 11:13:00 +10:30
Toby Zerner
341ffaced5 Bypass email activation when admin creates user via API 2015-12-29 11:02:07 +10:30
Franz Liedke
595d715b1d Installer: Loosen restrictions on MySQL connection details
Closes #602.
2015-12-27 17:31:42 +01:00
Peter Mein
8c8de8eb22 Fixed name to camel case 2015-12-26 13:06:58 +01:00
Peter Mein
5431a90dbd Changed case on helper function
Stub for renaming case of file
2015-12-26 13:06:31 +01:00
Ahsanul Bari
7a8c7518bd Issue #197: Make PostStreamScrubber display numbers relating to only comment posts 2015-12-25 13:01:42 +06:00
Toby Zerner
08f0425c43 Merge pull request #690 from Luceos/phpdoc
fixes flarum/core#678 phpdoc for ip_address on Post model
2015-12-24 10:11:23 +10:30
Daniel Klabbers
ffb76715f6 fixes flarum/core#678 phpdoc for ip_address on Post model 2015-12-23 13:54:58 +01:00
Toby Zerner
9cb45c98d8 Extract notification settings into an item list 2015-12-21 10:38:15 +10:30
Franz Liedke
e0db5823ee Merge pull request #684 from ahsanity/settings-migration
Converted 'settings' table 'value' column from BLOB to TEXT
2015-12-18 13:45:20 +01:00
Ahsanul Bari
46f7f6b3fe Issue#669: Convert 'settings' table 'value' column to TEXT instead of BLOB 2015-12-18 02:25:50 +06:00
Peter Mein
fbcd2cf88c Added missing import 2015-12-16 13:48:38 +01:00
Peter Mein
e55b7a14e5 Added user online indicator to post 2015-12-16 13:43:46 +01:00
Franz Liedke
32601d2c98 Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
d9d52dab3c Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
d743e56bc1 Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
0cf000122f Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
973ca16eee Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
262dc70fe1 Garbage-collect email/password/auth tokens. closes #217 2015-12-05 15:24:05 +10:30
Toby Zerner
3efd5fbcb0 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
c97b01a445 Log in immediately after registration
Newly-created accounts are allowed to log in straight away, but they still have the permissions of a guest until they've confirmed their email address. Instead of showing a success message after registration, we reload the page since they're already logged in.

Still todo: show a message explaining that they need to verify their email address to do anything, and allow it to be resent.
2015-12-05 15:22:25 +10:30
Toby Zerner
b0b3af0305 Improve LoginButton styles, make popup window smaller 2015-12-05 15:19:24 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
1d9e7b0262 Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
094ad74abc Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
67e9e23df1 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
287ce2fddd Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
cea1cbc2d6 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
2015-12-03 15:08:28 +10:30