Commit Graph

198 Commits

Author SHA1 Message Date
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
81a1c0955b Fix some issues with dropdown positioning 2015-12-03 14:51:55 +10:30
dcsjapan
c432ed7d5c Add third-level namespacing to deleted_user_text 2015-11-30 11:17:11 +09:00
Franz Liedke
b3a5822ddb Rename HTTP method override header
This is the name recommended by the JSON-API spec:
http://jsonapi.org/recommendations/#patchless-clients
2015-11-26 17:43:32 +01:00
Toby Zerner
1f4e03d1fa Make sure dropdowns stay within the viewport horizontally too 2015-11-20 12:35:07 +10:30
Toby Zerner
25932cf7c4 Add label to back button, change behaviour
The back button longer shows if the user hasn't actually navigated anywhere. e.g. if they come in directly to a discussion, it will be hidden.
2015-11-03 15:54:05 +10:30
Toby Zerner
119d1721e0 Revert e1315d2; always attempt to parse JSON
This way if there is a PHP error which outputs a 200 OK text/html response, Flarum will correctly show an error message.
2015-10-31 14:49:14 +10:30
Toby Zerner
eb571c5595 Change ItemList API 2015-10-30 22:45:58 +10:30
Toby Zerner
e1315d27a4 Only parse as JSON if appropriate content type 2015-10-29 17:52:52 +10:30
Toby Zerner
7127bea15e Solidify ItemList API 2015-10-29 17:52:52 +10:30
Toby Zerner
415b68f84f Add flood control
closes #271
2015-10-22 16:57:48 +10:30
Toby Zerner
c0364cbc9d Clean up some old code 2015-10-22 12:25:22 +10:30
dcsjapan
323ced8b00 Rename the key for the "Hidden" badge tooltip
- Shortens the key name for consistency with `badge:` namespace.
- Revised YAML to follow.
2015-10-22 09:31:13 +09:00
Toby Zerner
ea98e4bda9 More helpful avatar upload error messages
ref #165, #118
2015-10-22 10:40:38 +10:30
dcsjapan
2903a7068c Add namespacing for badges
- Adds a `lib.badge` namespace to match extension handling.
2015-10-21 16:30:53 +09:00
Toby Zerner
2a5c0c1c7a Improve request error debug output 2015-10-21 10:47:07 +10:30
Toby Zerner
14af6c0e8b Remove app.trans shortcut
Use `app.translator.trans` instead.
2015-10-21 10:31:28 +10:30
Toby Zerner
b23e821013 Merge branch 'key-adjustment' of https://github.com/dcsjapan/flarum-core into dcsjapan-key-adjustment
# Conflicts:
#	js/forum/src/components/LogInModal.js
2015-10-21 10:02:07 +10:30
Toby Zerner
12830265d9 Change back to 401 error on invalid login
See 26a821e3e2 (commitcomment-13866552)
2015-10-21 09:04:58 +10:30
dcsjapan
49d59089e4 Add third tier to key namespacing
- Changes all `app.trans` calls to `app.translator.trans` calls.
- Changes existing keys to [three-tier namespace structure](https://github.com/flarum/english/pull/12).
- Extracts additional strings for `lib:` namespace.
- Extracts two previously missed strings for EditGroupModal.js.
2015-10-20 13:04:43 +09:00
Toby Zerner
26a821e3e2 Improve client XHR error handling
The default XHR error handler produce an alert which is appropriate to the response status code. It can be overridden per-request (by specifying the `errorHandler` option) so that the alert can be suppressed or displayed in a different position (e.g. inside a modal).

ref #118
2015-10-20 12:48:26 +10:30
Toby Zerner
c08b62af80 Refactor translation and validation
We now use Symfony's Translation component. Yay! We get more powerful pluralisation and better a fallback mechanism. Will want to implement the caching mechanism at some point too. The API is replicated in JavaScript, which could definitely use some testing.

Validators have been refactored so that they are decoupled from models completely (i.e. they simply validate arrays of user input). Language packs should include Laravel's validation messages.

ref #267
2015-10-15 22:30:45 +10:30
Toby Zerner
bdf626b552 Basic parsing of HTML tags in translations
This allows text to be wrapped with a virtual element:

	key: "This is a <test>Test</test>"

	app.trans('key', {test: <a href="#"/>});

closes #574
2015-10-14 15:24:28 +10:30
Toby Zerner
c7c2d9a755 Fake PATCH/PUT/DELETE requests
closes #502
2015-10-14 12:46:59 +10:30
Toby Zerner
e3569d39cc Clean up, don't use mixin
PhpStorm/WebStorm doesn't like the mixin syntax, and it's clearer to just use Object.assign.
2015-10-13 16:57:18 +10:30
Toby Zerner
33dd5fff36 Initialise component state in init() instead of constructor
This allows component state to be overridden via monkey-patch. ref #246
2015-10-13 16:55:56 +10:30
Toby Zerner
7387dfb7da Concatenate items in {second}, not {first} 2015-10-11 10:09:22 +10:30
Toby Zerner
bddbf24055 Make punctuate translatable, rename to punctuateSeries 2015-10-08 22:42:03 +10:30
Toby Zerner
dd67291ce0 Major refactor and improvements
- Reorganised all namespaces and class names for consistency and structure. Following PSR bylaws (Abstract prefix, Interface/Trait suffix).
  - Move models into root of Core, because writing `use Flarum\Core\Discussion` is nice. Namespace the rest by type. (Namespacing by entity was too arbitrary.)
  - Moved some non-domain stuff out of Core: Database, Formatter, Settings.
  - Renamed config table and all references to "settings" for consistency.
  - Remove Core class and add url()/isInstalled()/inDebugMode() as instance methods of Foundation\Application.
  - Cleanup, docblocking, etc.

- Improvements to HTTP architecture
  - API and forum/admin Actions are now actually all the same thing (simple PSR-7 Request handlers), renamed to Controllers.
  - Upgrade to tobscure/json-api 0.2 branch.
  - Where possible, moved generic functionality to tobscure/json-api (e.g. pagination links). I'm quite happy with the backend balance now re: #262

- Improvements to other architecture
  - Use Illuminate's Auth\Access\Gate interface/implementation instead of our old Locked trait. We still use events to actually determine the permissions though. Our Policy classes are actually glorified event subscribers.
  - Extract model validation into Core\Validator classes.
  - Make post visibility permission stuff much more efficient and DRY.

- Renamed Flarum\Event classes for consistency. ref #246
  - `Configure` prefix for events dedicated to configuring an object.
  - `Get` prefix for events whose listeners should return something.
  - `Prepare` prefix when a variable is passed by reference so it can be modified.
  - `Scope` prefix when a query builder is passed.

- Miscellaneous improvements/bug-fixes. I'm easily distracted!
  - Increase default height of post composer.
  - Improve post stream redraw flickering in Safari by keying loading post placeholders with their IDs. ref #451
  - Use a PHP JavaScript minification library for minifying TextFormatter's JavaScript, instead of ClosureCompilerService (can't rely on external service!)
  - Use UrlGenerator properly in various places. closes #123
  - Make Api\Client return Response object. closes #128
  - Allow extensions to specify custom icon images.
  - Allow external API/admin URLs to be optionally specified in config.php. If the value or "url" is an array, we look for the corresponding path inside. Otherwise, we append the path to the base URL, using the corresponding value in "paths" if present. closes #244
2015-10-08 14:28:02 +10:30
dcsjapan
a590150698 Fixes core.deleted_username as well. 2015-10-02 16:37:09 +09:00
Franz Liedke
f5b5d9ca5c Use correct method for notification drawer on mobile
Refs #500.
2015-09-29 01:28:47 +02:00
Franz Liedke
040ce52724 Return both unread and new notification count from the API
Related to #500.
2015-09-29 01:28:47 +02:00
Toby Zerner
88372640aa Remove core key reorganization comments 2015-09-24 14:22:32 +09:30
dcsjapan
d5d7185794 Primary key renaming
Improved consistency for existing core translation key names.

See flarum/core#265
- Completely overhauled core en.yml
- Replaced existing key names in all core JS files to match
- Extracted a hardcoded string in IndexPage.js
- Combined two app.trans calls in DiscussionControls.js
- Removed hardcoded spaces from LogInModal.js and SignUpModal.js
- Added two new keys from DiscussionControls.js (soft delete)
- Created two new “reused keys” to YML to accommodate same
2015-09-23 14:58:33 +09:00
Toby Zerner
264725d872 Allow discussions to be hidden and restored 2015-09-22 17:48:21 +09:30
Toby Zerner
ab6e3351b4 Redraw old data after unsuccessful save 2015-09-22 17:23:28 +09:30
Toby Zerner
f591851cb2 Patch Mithril with a route shortcut attribute
Instead of:

<a href={app.route.user(user)} config={m.route}>

We can use:

<a route={app.route.user(user)}>
2015-09-22 17:09:38 +09:30
Toby Zerner
d610ea663f Keep post actions visible when controls dropdown is open
Also show without hover on touch devices
2015-09-22 17:05:14 +09:30
Toby Zerner
efca923d30 Add "Debug" button to inspect the response of a failed AJAX request
Related to #118
2015-09-18 16:46:46 +09:30
Toby Zerner
514eec7466 Clean up 2015-09-18 13:29:50 +09:30
Toby Zerner
0b406a06a1 Patch Mithril with a bidi attribute
Enables quick bidirectional bindings. So instead of this:

<input value={prop()} oninput={m.withAttr('value', prop)}/>

... we can do this:

<input bidi={prop}/>
2015-09-18 13:06:37 +09:30
Franz Liedke
9767bce1e3 Move dropdown mouseover to correct location
Related to #496.
2015-09-16 09:00:33 +02:00
Franz Liedke
ffcba1f173 Always use label as tooltip for header icons
Closes #496.
2015-09-16 08:45:45 +02:00
Toby Zerner
b0da51309e Copy properties when monkey-patching 2015-09-16 16:03:25 +09:30
Toby Zerner
8414a59908 Don't use a default dropdown label 2015-09-16 10:12:49 +09:30
Toby Zerner
6beb4fe898 Add external authenticator (social login) API
Allows registrations to be completed with a pre-confirmed email address
and no password.
2015-09-15 11:27:31 +09:30
Toby Zerner
8cccaaaf6b Improve API error handling
- Change 'path' key to 'source.pointer', as per spec
- Add 500 error detail if debug mode is on
2015-09-14 15:40:07 +09:30
Toby Zerner
d5b58b3146 Only set XHR authorization header if token isn't empty 2015-09-14 14:49:11 +09:30
Toby Zerner
6a5427b600 Make unread discussion titles less overwhelming 2015-09-08 10:27:50 +09:30