Commit Graph

1711 Commits

Author SHA1 Message Date
Toby Zerner
1cac48f90a Always grant master API keys sudo mode 2015-12-30 15:26:07 +10:30
Toby Zerner
5e476fae16 Merge branch 'oauth2-controller' 2015-12-29 11:13:00 +10:30
Toby Zerner
341ffaced5 Bypass email activation when admin creates user via API 2015-12-29 11:02:07 +10:30
Franz Liedke
595d715b1d Installer: Loosen restrictions on MySQL connection details
Closes #602.
2015-12-27 17:31:42 +01:00
Toby Zerner
08f0425c43 Merge pull request #690 from Luceos/phpdoc
fixes flarum/core#678 phpdoc for ip_address on Post model
2015-12-24 10:11:23 +10:30
Daniel Klabbers
ffb76715f6 fixes flarum/core#678 phpdoc for ip_address on Post model 2015-12-23 13:54:58 +01:00
Toby Zerner
9cb45c98d8 Extract notification settings into an item list 2015-12-21 10:38:15 +10:30
Franz Liedke
e0db5823ee Merge pull request #684 from ahsanity/settings-migration
Converted 'settings' table 'value' column from BLOB to TEXT
2015-12-18 13:45:20 +01:00
Ahsanul Bari
46f7f6b3fe Issue#669: Convert 'settings' table 'value' column to TEXT instead of BLOB 2015-12-18 02:25:50 +06:00
Franz Liedke
32601d2c98 Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
d9d52dab3c Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
d743e56bc1 Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
0cf000122f Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
973ca16eee Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
262dc70fe1 Garbage-collect email/password/auth tokens. closes #217 2015-12-05 15:24:05 +10:30
Toby Zerner
3efd5fbcb0 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
c97b01a445 Log in immediately after registration
Newly-created accounts are allowed to log in straight away, but they still have the permissions of a guest until they've confirmed their email address. Instead of showing a success message after registration, we reload the page since they're already logged in.

Still todo: show a message explaining that they need to verify their email address to do anything, and allow it to be resent.
2015-12-05 15:22:25 +10:30
Toby Zerner
b0b3af0305 Improve LoginButton styles, make popup window smaller 2015-12-05 15:19:24 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
1d9e7b0262 Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
094ad74abc Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
67e9e23df1 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
287ce2fddd Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
cea1cbc2d6 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
2015-12-03 15:08:28 +10:30
Toby Zerner
b9148364fa Various user interface tweaks 2015-12-03 15:02:52 +10:30
Toby Zerner
2ba890c239 Fix notifications icon/badge color for dark header 2015-12-03 15:02:29 +10:30
Toby Zerner
55e80f135d Tweak admin side-pane styles
Position the side-pane absolutely when scrolled to the top so that it does not disjoin from the header in Safari.
2015-12-03 15:02:07 +10:30
Toby Zerner
81a1c0955b Fix some issues with dropdown positioning 2015-12-03 14:51:55 +10:30
Toby Zerner
05386b1259 Clean up 2015-12-03 14:51:35 +10:30
Toby Zerner
d96e57eabb Truncate long title controls on mobile 2015-12-01 11:48:54 +10:30
Toby Zerner
173de809b8 Merge pull request #648 from dcsjapan/adjust-key
Add third-level namespacing to deleted_user_text
2015-11-30 15:28:39 +10:30
dcsjapan
c432ed7d5c Add third-level namespacing to deleted_user_text 2015-11-30 11:17:11 +09:00
Toby Zerner
172fffd1ed Merge pull request #645 from dcsjapan/leftover-translations
Extract leftover strings
2015-11-28 18:54:27 +10:30
dcsjapan
4bfbf68bca Extract leftover strings
Extracts strings that were missed previously in:
- Dashboard page of admin interface.
- Edit Custom CSS modal of admin interface.
- Settings modal of admin interface.
- Post activity list on user page of forum UI.
Hopefully there aren't any more!
2015-11-28 17:14:22 +09:00
Toby Zerner
cd411a0c6b Merge pull request #644 from dcsjapan/update-locale-template
Update locale file template
2015-11-28 17:33:53 +10:30
dcsjapan
7f05d9dce3 Update locale file template
Adjusts comments to match current english locale files.
2015-11-28 15:55:21 +09:00
Franz Liedke
b3a5822ddb Rename HTTP method override header
This is the name recommended by the JSON-API spec:
http://jsonapi.org/recommendations/#patchless-clients
2015-11-26 17:43:32 +01:00
Toby Zerner
a1e1635019 Update changelog 2015-11-26 10:43:48 +10:30
Toby Zerner
1cc5e1cb26 Merge pull request #642 from binaryoung/master
Fixed #627
2015-11-26 10:32:36 +10:30
young
a80d72d165 Fix #627 2015-11-26 02:03:00 +08:00
Toby Zerner
153a82e937 cs fix 2015-11-23 14:18:56 +10:30
Toby Zerner
262a934747 Prevent error if no input is given in create actions 2015-11-23 14:15:30 +10:30
Toby Zerner
a61929730e Validate avatar URL
Still needs refactor
2015-11-23 14:14:53 +10:30
Toby Zerner
ce02387ee4 Prevent crash if logged in user has been deleted 2015-11-23 11:54:30 +10:30
Toby Zerner
2c4fae60bc Allow provision of an avatar URL to upload during sign up
This can be used by authentication extensions (i.e. mirror Facebook/Twitter profile picture). Rough implementation, needs refactoring.
2015-11-23 11:53:57 +10:30
Toby Zerner
7eab206f91 Don't pad the body when the composer is positioned absolutely (on mobile) 2015-11-23 10:07:23 +10:30
Toby Zerner
599958354c Refactor composer preview logic 2015-11-23 08:47:16 +10:30
Toby Zerner
2088fceb8b Truncate long dropdown menu items (e.g. tags in the sidebar)
ref #391
2015-11-21 14:01:07 +10:30