Commit Graph

7 Commits

Author SHA1 Message Date
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
33dd5fff36 Initialise component state in init() instead of constructor
This allows component state to be overridden via monkey-patch. ref #246
2015-10-13 16:55:56 +10:30
Toby Zerner
0474f410a4 Refactor start/endComputation into lazyRedraw method 2015-08-31 12:04:51 +09:30
Toby Zerner
3f809761d3 Improve extensions page
- Allow extensions to define an icon in their flarum.json
- Show a "please wait" modal when enabling/disabling an extension
- Styling tweaks
2015-08-07 08:51:03 +09:30
Toby Zerner
49e9ab362a Persist modal across routes
Don't hide it unless it's already been shown, otherwise bootstrap JS
won't be initialized correctly
2015-07-22 09:54:00 +09:30
Toby Zerner
a9ded36b57 Major CSS revamp
- Get rid of Bootstrap (except we still rely on some JS)
- Use BEM class names
- Rework variables/theme config
- Fix various bugs, including some on mobile

The CSS is still not ideal – it needs to be cleaned up some more. But
that can be a focus for after beta.
2015-07-17 14:47:49 +09:30
Toby Zerner
ab6c03c0cc Massive JavaScript cleanup
- Use JSX for templates
- Docblock/comment everything
- Mostly passes ESLint (still some work to do)
- Lots of renaming, refactoring, etc.

CSS hasn't been updated yet.
2015-07-15 14:01:11 +09:30