Commit Graph

96 Commits

Author SHA1 Message Date
Toby Zerner
f2ce4e11e2 Fix class name 2018-01-01 10:34:19 +10:30
Toby Zerner
d807171c44 Fix URL generator usage 2017-12-29 21:29:04 +10:30
Daniël Klabbers
f65e4dcba3
merges 5.5 and master into next-back 2017-12-14 01:00:16 +01:00
Toby Zerner
1a239ee93a Fix crash when post's user has been deleted 2017-12-10 21:02:35 +10:30
Toby Zerner
b806dc3db2 Move view logic into middleware 2017-11-29 22:25:57 +10:30
Toby Zerner
5b46ec801d Generate URL in the controller instead of the view 2017-11-29 22:20:06 +10:30
Toby Zerner
ba769e0c7e Preserve return URL when confirming logout 2017-11-29 13:47:00 +10:30
Toby Zerner
ea2fc1ff8a Add a "return home" link to 404 errors 2017-11-29 13:23:25 +10:30
Toby Zerner
b7c1cc5cef New design for error pages. closes #252 2017-11-29 13:03:55 +10:30
Toby Zerner
e8a4e5e0ef Add log out confirmation if CSRF token is invalid. fixes #1282 2017-11-29 13:03:16 +10:30
Toby Zerner
9392e1bec3 New design for reset password view 2017-11-29 12:53:06 +10:30
Toby Zerner
479e44dd04 Restructure views
- Use Laravel's view namespacing rather than the full file path
- Organise views into directories
2017-11-29 12:51:24 +10:30
Daniel Klabbers
44e9007790 using blade @json directive to parse raw json into frontend` 2017-11-01 13:22:16 +01:00
Toby Zerner
40ebc13292 Only apply custom CSS and header HTML on forum, not admin 2017-10-25 13:40:57 +10:30
Toby Zerner
ea4d889b76 Fix post contentHtml sometimes breaking script parsing
<\/script> tags in post content would sometimes be recognized as
actually ending the script tag, even when escaped (not exactly sure
why). This is fixed by encoding the < > characters in unicode.
2017-10-05 11:48:10 +10:30
Franz Liedke
b72407440d
Combine URL generator classes into one 2017-10-03 18:54:06 +02:00
Toby Zerner
89d4a1e849 Remove MySQL port field from visual installer
Port can still be specified by suffixing the host with a :

closes #825
2017-07-22 11:32:07 +09:30
Sajjad Hashemian
8cc117d89d Prevent crawlers to index nojs pages 2017-02-26 19:48:33 +03:30
David Sevilla Martín
fcfc1b2a37 Add more attributes in app.blade.php and add a setDescription method. (#1105)
* Added `language` and `direction` properties to WebAppView

* Use properties `language` and `direction` in app.blade.php

* Added WebAppView::setDescription to set the meta description

* Whoops! Changed "ltr" to \'ltr\'. Thanks StyleCI :)

* Removed unnecessary `= null` for

* Changed `.. ? .. : ..` to `.. ?: ..`. Useful thing right there ;)
2017-02-03 23:09:22 +01:00
Franz Liedke
2225fdec72 Merge pull request #989 from nielstholenaar/master
Fixes #825
2017-02-03 17:51:07 +01:00
Toby Zerner
4b8eb5d6e4 Make reset password form look slightly nicer
(Still needs a proper makeover!)
2016-11-13 09:01:38 +10:30
Toby Zerner
b2c691a03d Improve password reset validation/error handling 2016-11-13 08:51:38 +10:30
Niels Tholenaar
05c9ce335e Fixes #825 2016-06-20 12:34:41 +02:00
Toby Zerner
998bb5708e Display header HTML in layout rather than app wrapper
This is so a custom layout can opt-out of displaying header HTML (e.g. embed extension)
2016-06-05 09:53:08 +09:30
Toby Zerner
feffe53a86 Add ability to upload a logo + favicon, and add custom header HTML
Closes #268. Not going to bother with a preview SVG or anything fancy for now – we can think about that as part of #746. Right now it's just good to finally get this functionality in!

Also need to think about apple-touch-icon, msTile stuff, and social sharing image. Not sure if this is all too much for core, but it's definitely too much for the current Appearance page layout. Again, something to think about as part of #746.

Code is a bit rough around the edges, but figured there's not much point in using the command bus properly since #870.
2016-06-04 18:05:46 +09:30
Toby Zerner
9bfb797fdc Refactor the web app bootstrapping code
- All custom JS variables are now preloaded into the `app.data` object, rather than directly on the `app` object. This means that admin settings are available in `app.data.settings` rather than `app.settings`, etc.
- Cleaner route handler generation
- Renamed ConfigureClientView to ConfigureWebApp, though the former still exists and is deprecated
- Partial fix for #881 (strips ?nojs=1 from URL if possible, so that refreshing will attempt to load JS version again)
2016-05-26 19:04:24 +09:30
dcsjapan
b068536dbd Fix translation key for deleted username 2016-04-07 20:50:35 +09:00
dcsjapan
6d5582e4ac Extract translations from core blade files.
- Extracts translations from `reset.blade.php`.
- Adjusts namespacing of translations in other files.
- Fixes one direct reference to a `core.ref` key.
2016-04-07 17:45:58 +09:00
Toby Zerner
1395ce6c30 Upgrade to flarum-gulp 0.2.0 / Babel 6 2016-03-18 09:31:01 +10:30
Toby Zerner
e37c7a9b06 Remove sudo mode and add password confirmation when changing email address
closes #674
2016-03-11 12:44:18 +10:30
Toby Zerner
a6cf10f854 Applied fixes from StyleCI 2016-02-25 22:09:39 -05:00
Franz Liedke
9ecb5f437a Use stored slug for generating server-rendered link to discussion
Fixes #646.
2016-02-04 11:47:03 +01:00
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
a6eff9383b Show loading indicator for admin client too 2015-11-04 11:51:25 +10:30
Toby Zerner
7dcb99621d Display "Loading..." text while JS is loading 2015-11-02 16:47:36 +10:30
Toby Zerner
fc7db914db Translate basic HTML views
app('view') call to set translator is temporary. See #189
2015-10-21 11:36:49 +10:30
Toby Zerner
9aeaccf9a4 Improve client boot failure error message/appearance 2015-10-21 09:59:22 +10:30
Toby Zerner
1242fa79af Implement proper update process
If the version in the settings table mismatches the code version, then we return a 503 error for all requests coming through index.php and api.php, while admin.php serves up a form prompting for the database password which will run outstanding migrations.
2015-10-19 15:09:54 +10:30
Toby Zerner
43c44efe3d Make emails translatable
closes #267
2015-10-19 11:23:39 +10:30
Toby Zerner
f255d318ef Add multiple UrlGenerator classes for forum/api/admin
Spent quite a while looking into the best solution here and ended up going with three separate classes. Thanks to @Luceos for the PR that got this rolling (#518). My reasoning is:

- The task of routing and URL generation is independent for each section of the app. Take Flarum\Api\Users\IndexAction for example. I don't want to generate a URL to a Flarum route... I specifically want to generate a URL to an API route. So there should be a class with that specific responsibility.
- In fact, each URL generator is slightly different, because we need to add a certain prefix to the start (e.g. /api)
- This also allows us to get rid of the "flarum.api" prefix on each route's name.
- It's still DRY, because they all extend a base class.

At the same time, I could see no reason this needed to be "interfaced", so all of the classes are concrete.

Goes a long way to fixing #123 - still just a few places left remaining with hardcoded URLs.
2015-10-02 17:35:29 +09:30
Franz Liedke
393f2de146 Fix last commit 2015-09-23 18:30:28 +02:00
Franz Liedke
6f47f4a86f Fix infinite redirect on some nojs pages. 2015-09-23 17:55:16 +02:00
Toby Zerner
69a50565bb Don't catch JS error in debug mode 2015-09-23 10:52:26 +09:30
Daniel Klabbers
84e670082b fixed flarum/core#489 missing meta description from admin area 2015-09-16 21:43:53 +02:00
Toby Zerner
9bf485359a Prevent XML from being interpreted as PHP short tags 2015-09-14 18:12:36 +09:30
Toby Zerner
1f8f79d272 Don't require database password confirmation 2015-09-04 21:45:52 +09:30
Franz Liedke
85fc0a3129 Web installer: Fix name of table prefix field 2015-09-04 12:14:48 +02:00
Franz Liedke
0a992ee9f2 Reorder installer fields 2015-09-04 12:00:39 +02:00
Franz Liedke
42f1abacaf Ask for password confirmation in web installer, too
Closes #405.
2015-09-04 12:00:03 +02:00