Commit Graph

93 Commits

Author SHA1 Message Date
David Sevilla Martín
cc95faa07d Add migration to add 'fa fa-' to group icons (#1597)
* Add migration to add 'fa fa-' (FA v4 shim) to group icons

* StyleCI

* Change prefix to `fas fa-`
2018-10-10 00:39:19 +02:00
Franz Liedke
bf61753361
Merge pull request #1577 from flarum/tz/database-indices
Database indices
2018-09-24 23:49:23 +02:00
David Sevilla Martín
8c679c715c Allow admins to see last online text (#1540)
* Allow admins to see last online text

* Use viewLastSeenAt permission

* Move permission to UserSerializer, removed from ForumSerializer

* Remove extra comma from ForumSerializer to keep diff clean

* Add permission to new seed migration
2018-09-22 23:55:53 +02:00
Toby Zerner
5dfb9b474c
Auth token and avatarUrl security improvements (#1514)
* Remove AbstractOAuth2Controller

There is no reason to provide an implementation for a specific oAuth2
library in core; it's not generic enough (eg. auth-twitter can't use it).

This code could be moved into another package which auth extensions
depend on, but it's a negligible amount of relatively simple code that
I don't think it's worth the trouble.

* Introduce login providers

Users can have many login providers (a combination of a provider name
and an identifier for that user, eg. their Facebook ID).

After retrieving user data from a provider (eg. Facebook), you pass the
login provider details into the Auth\ResponseFactory. If an associated
user is found, a response that logs them in will be returned. If not, a
registration token will be created so the user can proceed to sign up.
Once the token is fulfilled, the login provider will be associated with
the user.
2018-09-22 13:48:27 +09:30
Toby Zerner
54aa9ee3cf Add database indices. closes #127 2018-09-15 14:32:51 +09:30
Toby Zerner
5635bd26f9 Fix query error 2018-09-15 12:44:59 +09:30
Toby Zerner
622bf26510 Inline permissions migration 2018-09-15 12:40:32 +09:30
Toby Zerner
6bc434c918 Remove user_user table
Since there is currently no core code that facilitates use of this table,
we are removing it for now. It can be re-added in a subsequent PR.
2018-08-24 15:15:40 +09:30
Toby Zerner
5438aea759 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-08-01 03:55:21 +00:00
Toby Zerner
e46ce861dc Change TIMESTAMP columns to DATETIME manually 2018-08-01 13:24:55 +09:30
Toby Zerner
254d5d0c5b Fix group/permission seeding
Updating the Migration::addPermission helper table name means we need
to move the seed migration to after the table rename migration. We also
add a sanity check for each permission's group since the foreign key
will fail if the group doesn't exist. Of course, the only way to make
sure groups are seeded before permissions is to move them into another
migration.
2018-07-21 23:02:44 +09:30
Toby Zerner
baeaa73597 Wrap column names; use whereColumn where possible 2018-07-21 22:02:54 +09:30
Toby Zerner
677a7dd2d3 Merge branch 'master' into 1236-database-changes
# Conflicts:
#	src/Forum/Controller/IndexController.php
#	src/User/UserMetadataUpdater.php
2018-07-21 21:37:49 +09:30
Toby Zerner
aa4c4b07bd Revert notifications_from table
I didn't think this change through and it's going to be too difficult
to implement right now. It can wait until we do the notifications
revamp. For now reverting back to the old structure, with the
`sender_id` column renamed to `from_user_id`.
2018-07-21 18:35:50 +09:30
Toby Zerner
4f259425b0 Fix entity deletion
Foreign keys take care of most of this for us!
2018-07-21 17:18:40 +09:30
Toby Zerner
d0115de771 No need for deleted_at in notifications table 2018-07-21 17:13:51 +09:30
Toby Zerner
9d790c18d6 Change TIMESTAMP columns to DATETIME 2018-07-21 17:12:51 +09:30
Toby Zerner
fe73cf3237 Clean up migrations
* Make filenames and order more consistent

* Split foreign keys into their own migrations, add statements to ensure
  data integrity prior to adding them

* Add renameColumns helper, use other helpers where possible
2018-07-21 15:23:37 +09:30
Daniel Klabbers
c7efbba0da resetting to short annotation for dropping foreign key constraint, as per docs, must use array notation for this to work 2018-07-20 09:35:16 +02:00
Daniel Klabbers
be266a73cd fixed another foreign key drop with incorrect name 2018-07-20 09:24:42 +02:00
Daniel Klabbers
e1a282e0e1 forgot to name a few constraints properly on the dropForeign statement 2018-07-20 09:23:03 +02:00
Daniel Klabbers
5a04635e7a decided to leave the posts.discussion_id foreign key constraint to discussions out for now 2018-07-20 08:41:01 +02:00
Daniel Klabbers
90792abf10 added constraints, discussions_first_post_id_foreign blocks here 2018-07-19 10:36:46 +02:00
Daniel Klabbers
5139ce647e instead of changing fulltext, use medium text schema builder change on posts.content 2018-07-19 09:52:20 +02:00
Daniel Klabbers
8779e40ec5 remove migration (initially was intended) to change settings.value to longblob 2018-07-19 09:45:29 +02:00
Daniel Klabbers
1e372f3881 split up the migration to create and seed notifications_from 2018-07-19 09:22:34 +02:00
Franz Liedke
c76d9e1298
Move initial permission setup to migrations
Refs #1466.
2018-07-16 15:12:46 +02:00
Franz Liedke
665f241348
Add migration for new hidePosts permission
Refs #1387 and #1466.
2018-07-16 00:41:55 +02:00
Daniel Klabbers
2c15597ec9 reset the relation table naming from groups_users to adhere to laravel convention group_user 2018-07-09 11:53:59 +02:00
luceos
cf80cf86e5 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-06-27 19:34:07 +00:00
Daniël Klabbers
a23dc0dfcd
fixed some migration names and used helper where appropriate 2018-06-27 21:33:53 +02:00
Daniël Klabbers
4d2d7465ee
Revert "migrating user preferences obviously works on empty table"
This reverts commit 066baed5b9.
2018-06-27 21:22:28 +02:00
Daniël Klabbers
9449fb4f1f
not dropping bio due to not having a replacement 2018-06-27 21:09:32 +02:00
Daniël Klabbers
d9b357c18e
we need to leave the preferences column for now 2018-06-22 23:43:37 +02:00
Daniël Klabbers
066baed5b9
migrating user preferences obviously works on empty table 2018-06-12 21:33:17 +02:00
Daniel Klabbers
665ac178e9 restarted the branch using the already created migrations 2018-04-17 11:41:55 +02:00
Toby Zerner
322a84f516
Improve search performance (#1339)
* Improve fulltext gambit

* Only search in visible posts

This change relies on the `visibility-scoping` branch to be merged.

* Change posts table to use InnoDB engine

Doing a JOIN between an InnoDB table (discussions) and a MyISAM table
(posts) is very very (very) bad for performance. FULLTEXT indexes are
fully supported in InnoDB now, and it is a superior engine in every
other way, so there is no longer any reason to be using MyISAM.

* Use ::class

* Only search for comment posts

* Add fulltext index to discussions.title

* Fix migration not working if there is a table prefix

* Update frontend appearance

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Show search result excerpts on mobile
2018-02-08 06:38:08 +10:30
Franz Liedke
c8a1a5fcfa
Fix more incompatibilities with Laravel 5.5 2017-12-20 00:20:23 +01:00
Daniël Klabbers
04c4806f6f making posts and discussions private (#1153)
* flagrow/byobu#11 making posts and discussions private

* tested migrations and tested setting is_private on discussion and post manually

* added phpdoc for Post and Discussion and added the casting for these attributes

* satisfying styleci

* fixes for review

* added new private discussion event and included it in the access policy

* added new private post event and included it in the access policy
2017-05-27 14:19:15 +09:30
Stephen Finney
986102c1d3 Change content column from TEXT to MEDIUMTEXT
Fixes #1044
2017-04-09 16:12:34 -04:00
Toby Zerner
1031826a3d Apply fixes from StyleCI
[ci skip] [skip ci]
2016-11-29 05:03:53 +00:00
Toby Zerner
a6cf10f854 Applied fixes from StyleCI 2016-02-25 22:09:39 -05:00
Franz Liedke
2b5dab73f9 Use the new migration shortcuts in most of core's migrations 2016-02-25 00:50:54 +09:00
Franz Liedke
13fe162db3 Add two missing copyright headers 2016-02-24 22:25:09 +09:00
Franz Liedke
51955504aa Revamp migration structure
They are now simply files that return an array of closures, for
running the named "up" and "down" actions, respectively.

Related to #732.
2016-02-24 22:23:49 +09:00
Franz Liedke
d15a9dc0f0 Avoid use of model class in migration
See commit 0831256
2016-02-10 14:17:38 +01:00
Franz Liedke
97979b2189 Store discussion slug in database table
In preparation for #646.
2016-02-04 11:46:30 +01:00
Ahsanul Bari
46f7f6b3fe Issue#669: Convert 'settings' table 'value' column to TEXT instead of BLOB 2015-12-18 02:25:50 +06:00
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30