Commit Graph

890 Commits

Author SHA1 Message Date
Toby Zerner
c8027d344a Add admin-only email: gambit to look up users by email 2016-01-02 15:09:56 +10:30
Toby Zerner
f7709aff95 Allow custom redirection after logging out 2016-01-02 15:08:50 +10:30
Toby Zerner
46818ccd94 Extend access token lifetime when remembering a login 2016-01-02 15:08:28 +10:30
Toby Zerner
f6f9e45085 Disable session (and thus enable sudo mode) when authenticating with API token 2016-01-02 15:07:33 +10:30
Toby Zerner
ff0ce09620 Ensure routes are only populated after extensions have registered listeners
Because extensions can have dependencies injected, a RouteCollection could potentially be instantiated, and thus the ConfigureRoutes event would be called before extensions have had a chance to subscribe to it. Instead, we instantiate the RouteCollection on demand, but only populate it when the application boots.
2016-01-02 15:03:11 +10:30
Toby Zerner
e86cc39f5b API: Add an event to configure server middleware 2016-01-02 15:00:07 +10:30
Toby Zerner
a719d4109f Ensure a new asset revision identifier is generated if there is none 2016-01-02 14:59:09 +10:30
Toby Zerner
5a4e3b09cf Allow extensions to modify text/XML prior to formatting 2015-12-30 15:27:34 +10:30
Toby Zerner
08dae7b530 Add getters 2015-12-30 15:26:24 +10:30
Toby Zerner
aa516fb5c3 Extract method 2015-12-30 15:26:11 +10:30
Toby Zerner
1cac48f90a Always grant master API keys sudo mode 2015-12-30 15:26:07 +10:30
Toby Zerner
5e476fae16 Merge branch 'oauth2-controller' 2015-12-29 11:13:00 +10:30
Toby Zerner
341ffaced5 Bypass email activation when admin creates user via API 2015-12-29 11:02:07 +10:30
Franz Liedke
595d715b1d Installer: Loosen restrictions on MySQL connection details
Closes #602.
2015-12-27 17:31:42 +01:00
Daniel Klabbers
ffb76715f6 fixes flarum/core#678 phpdoc for ip_address on Post model 2015-12-23 13:54:58 +01:00
Franz Liedke
32601d2c98 Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
d9d52dab3c Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
d743e56bc1 Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
0cf000122f Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
973ca16eee Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
262dc70fe1 Garbage-collect email/password/auth tokens. closes #217 2015-12-05 15:24:05 +10:30
Toby Zerner
3efd5fbcb0 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
1d9e7b0262 Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
094ad74abc Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
67e9e23df1 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
287ce2fddd Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
cea1cbc2d6 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
2015-12-03 15:08:28 +10:30
Franz Liedke
b3a5822ddb Rename HTTP method override header
This is the name recommended by the JSON-API spec:
http://jsonapi.org/recommendations/#patchless-clients
2015-11-26 17:43:32 +01:00
young
a80d72d165 Fix #627 2015-11-26 02:03:00 +08:00
Toby Zerner
153a82e937 cs fix 2015-11-23 14:18:56 +10:30
Toby Zerner
262a934747 Prevent error if no input is given in create actions 2015-11-23 14:15:30 +10:30
Toby Zerner
a61929730e Validate avatar URL
Still needs refactor
2015-11-23 14:14:53 +10:30
Toby Zerner
ce02387ee4 Prevent crash if logged in user has been deleted 2015-11-23 11:54:30 +10:30
Toby Zerner
2c4fae60bc Allow provision of an avatar URL to upload during sign up
This can be used by authentication extensions (i.e. mirror Facebook/Twitter profile picture). Rough implementation, needs refactoring.
2015-11-23 11:53:57 +10:30
Franz Liedke
6d895e6d77 Inject hardcoded prerequisite parameters
This affects version numbers, extensions and paths, which might be
skeleton-specific. This commit moves those hardcoded values out of
the classes and instead injects them through the constructor. This
way, all prerequisites can be configured in the service provider.
2015-11-11 19:30:35 +01:00
Franz Liedke
439b867dde Update version number 2015-11-05 09:58:05 +01:00
Toby Zerner
9e3ecd528e Parse fallback catalogues for => references too 2015-11-04 18:34:41 +10:30
Toby Zerner
d806c4491d Fix regression in permission logic: make sure admins can do everything 2015-11-04 09:27:06 +10:30
Toby Zerner
c9a878d49c Make sure all locale JS files are flushed
Even when no language packs are enabled, a forum-en-xxx.js (or whatever the default locale is) file is still generated because other extensions may contain translations. But when enabling the English language pack, since no locales are registered with the LocaleManager, that file doesn't get flushed and therefore doesn't get regenerated with the English translations. This fix always registers the default locale with the LocaleManager so that's not the case.
2015-11-04 09:27:06 +10:30
Toby Zerner
d497782f65 Release 0.1.0-beta.3 2015-11-03 10:01:52 +10:30
Toby Zerner
98ccfdcee5 Improve performance of translation reference parsing 2015-11-02 23:22:00 +10:30
Toby Zerner
b4439dc6b3 Automatically include the appropriate translations from extensions 2015-11-02 18:51:12 +10:30
Toby Zerner
72a2749943 Fall back to en after the forum's default locale
Since we'll be encouraging (requiring?) people to include an "en" translation in extensions they want to put on the Marketplace, we should have a further fallback to "en" if it can't find translations in the forum's default language. That way if people only use extensions from the Marketplace, they'll hardly ever see any key names.

Thanks to @dcsjapan for the suggestion.
2015-11-02 17:55:31 +10:30
Toby Zerner
f13ded1255 Fix error when renaming discussion
Discussion/user info is needed when serialising posts (checking permissions, etc.) so we can't just use the ID.
2015-11-02 17:53:26 +10:30
Toby Zerner
90def3f0db Fix permissions being incorrectly granted 2015-11-01 09:38:25 +10:30
Franz Liedke
17619843b5 Update to newest version of Whoops middleware 2015-10-31 12:56:38 +01:00
Toby Zerner
d46316e979 Use relative path for core migrations 2015-10-31 18:22:03 +10:30
Toby Zerner
b44ffd9f8d Only attempt to get default locale if db is up to date 2015-10-31 18:21:39 +10:30
Toby Zerner
953f81176b Fix check for whether there is a translation for a group name 2015-10-31 18:20:55 +10:30
Toby Zerner
73c44adb96 Merge pull request #615 from oldskool/ip-logging
Minor changes:
- Rename/restyle migration, fix namespace
- Make IP address optional on PostReply command
2015-10-31 10:04:06 +10:30
Toby Zerner
95e3ff8fa8 Update for new tobscure/json-api relationship handling 2015-10-30 11:03:38 +10:30
Toby Zerner
a3a5d0a351 Disable extensions that require credentials by default 2015-10-29 17:52:52 +10:30
Jan Dorsman
49fddbd450 WIP IP Logging 2015-10-27 21:53:21 +01:00
Kirk Bushell
400aa4fef9 Added more tests 2015-10-27 13:22:30 +00:00
Toby Zerner
68498cedae Use exception handlers instead of JsonApiSerializableInterface 2015-10-26 11:14:48 +10:30
Toby Zerner
0a65d2bb0d i18n: Make cross-file translation references work 2015-10-24 13:16:26 +10:30
Toby Zerner
59fa623f11 Don't let users view discussions without permission
closes #599
2015-10-22 21:52:31 +10:30
Toby Zerner
9836fa64ed Allow hyphens in referenced key names 2015-10-22 17:01:21 +10:30
Toby Zerner
415b68f84f Add flood control
closes #271
2015-10-22 16:57:48 +10:30
Toby Zerner
ea98e4bda9 More helpful avatar upload error messages
ref #165, #118
2015-10-22 10:40:38 +10:30
Toby Zerner
fc7db914db Translate basic HTML views
app('view') call to set translator is temporary. See #189
2015-10-21 11:36:49 +10:30
Toby Zerner
a7c2a7a2d3 Increase username max length
Not sure why it was at 8!
2015-10-21 11:13:55 +10:30
Toby Zerner
12830265d9 Change back to 401 error on invalid login
See 26a821e3e2 (commitcomment-13866552)
2015-10-21 09:04:58 +10:30
Toby Zerner
845daf1ab6 Don't use array_filter flag (PHP 5.6 only) 2015-10-20 22:25:20 +10:30
Toby Zerner
22ffb76cb5 Fix installation 2015-10-20 22:07:35 +10:30
Toby Zerner
26a821e3e2 Improve client XHR error handling
The default XHR error handler produce an alert which is appropriate to the response status code. It can be overridden per-request (by specifying the `errorHandler` option) so that the alert can be suppressed or displayed in a different position (e.g. inside a modal).

ref #118
2015-10-20 12:48:26 +10:30
Toby Zerner
7490709af8 Fix migrate command and generated migration namespace 2015-10-19 16:48:16 +10:30
Toby Zerner
96c42ed337 Translate group names during serialization
closes #564
2015-10-19 15:44:28 +10:30
Toby Zerner
1242fa79af Implement proper update process
If the version in the settings table mismatches the code version, then we return a 503 error for all requests coming through index.php and api.php, while admin.php serves up a form prompting for the database password which will run outstanding migrations.
2015-10-19 15:09:54 +10:30
Toby Zerner
ddfedcb4dd Add Interface suffix to SettingsRepository 2015-10-19 14:58:47 +10:30
Toby Zerner
43c44efe3d Make emails translatable
closes #267
2015-10-19 11:23:39 +10:30
Toby Zerner
7e763ec22b Gracefully fail for LESS compilation errors, not just parsing ones 2015-10-17 15:55:03 +10:30
Toby Zerner
e0b6aacc9e Prevent crash when no locales are enabled 2015-10-16 14:02:09 +10:30
Toby Zerner
46ba8a3b8d cs fix 2015-10-15 22:51:26 +10:30
Toby Zerner
c08b62af80 Refactor translation and validation
We now use Symfony's Translation component. Yay! We get more powerful pluralisation and better a fallback mechanism. Will want to implement the caching mechanism at some point too. The API is replicated in JavaScript, which could definitely use some testing.

Validators have been refactored so that they are decoupled from models completely (i.e. they simply validate arrays of user input). Language packs should include Laravel's validation messages.

ref #267
2015-10-15 22:30:45 +10:30
Toby Zerner
dfb9f23eee Fix default forum route controller 2015-10-14 17:03:29 +10:30
Toby Zerner
4b3e1b16d9 Remove forum. prefix from permissions
closes #425
2015-10-14 16:11:00 +10:30
Toby Zerner
cde8dd0dc4 Store temporary files in storage dir
closes #482
2015-10-14 15:49:31 +10:30
Toby Zerner
b928cb523a CS fix 2015-10-14 12:26:48 +10:30
Toby Zerner
60bdbe6e52 Show 404 errors as the "pretty" page even in debug mode
closes #503
2015-10-14 12:23:20 +10:30
Toby Zerner
b83c81c06e Clean up 2015-10-14 11:14:36 +10:30
Toby Zerner
2ae7392dea Publish core/extension assets
Core assets are copied into the root/assets directory on installation.

The contents of an "assets" directory within any extension is copied into root/assets/extensions/{name}/ whenever the extension is enabled, and deleted whenever the extension is uninstalled.

Still needs to be refactored
2015-10-13 16:52:45 +10:30
Toby Zerner
6df48b04c2 Fix installation regressions 2015-10-13 15:55:18 +10:30
Toby Zerner
4c2ff6e82d Revamp admin extensions page
- New look
- Groups extensions by keywords
2015-10-12 15:02:59 +10:30
Toby Zerner
b53e612007 Fix failing tests + CS 2015-10-11 23:37:51 +10:30
Toby Zerner
1c3fda4a71 Update some APIs
- Rename DiscussionSearchWillBePerformed to ConfigureDiscussionSearch, same with users
- Add some handy methods
2015-10-11 22:31:06 +10:30
Toby Zerner
663de42917 Fix extension uninstallation 2015-10-11 22:29:25 +10:30
Toby Zerner
cde7dd3ce1 Make sure activation status/email is returned when creating a user 2015-10-11 22:29:14 +10:30
Toby Zerner
60483b2c62 Fix ConfigureNotificationTypes API 2015-10-11 13:08:57 +10:30
Toby Zerner
0b888ea342 Fix installation 2015-10-11 10:05:40 +10:30
Toby Zerner
6f1c46819e Minify each JS file individually, caching the result
This means that the expensive minification process will only be run for a file if it hasn't before. Greatly speeds up extension enabling/disabling.

Also:
- Don't check file last modification times in production for a bit of extra perf.
- Only flush CSS when theme settings are changed. This speeds up the page reload a bit.
2015-10-09 01:52:51 +10:30
Toby Zerner
18def302d6 Bundle unminified JS; minify via ClosureCompilerService when in production
Falls back to a less effective minification library if ClosureCompilerService errors or is unavailable. Minification takes a while (20 seconds or so), but it only happens when assets are modified. Still, this means enabling/disabling extensions is taking far too long. Possible solutions:

- Don't minify initially; set a process running in the background to do minification, and server unminified assets in the meantime.
- Refactor compiler to send each JS file to CCS individually, only if that particular file has been modified.

flarum/gulp has also been updated to no longer support uglification.

closes #582
2015-10-09 00:33:53 +10:30
Toby Zerner
bddbf24055 Make punctuate translatable, rename to punctuateSeries 2015-10-08 22:42:03 +10:30
Toby Zerner
0ce014b3bb Flush forum assets when extensions are enabled/disabled 2015-10-08 17:46:03 +10:30
Toby Zerner
72a3582287 Update various event APIs 2015-10-08 16:49:11 +10:30
Toby Zerner
dd67291ce0 Major refactor and improvements
- Reorganised all namespaces and class names for consistency and structure. Following PSR bylaws (Abstract prefix, Interface/Trait suffix).
  - Move models into root of Core, because writing `use Flarum\Core\Discussion` is nice. Namespace the rest by type. (Namespacing by entity was too arbitrary.)
  - Moved some non-domain stuff out of Core: Database, Formatter, Settings.
  - Renamed config table and all references to "settings" for consistency.
  - Remove Core class and add url()/isInstalled()/inDebugMode() as instance methods of Foundation\Application.
  - Cleanup, docblocking, etc.

- Improvements to HTTP architecture
  - API and forum/admin Actions are now actually all the same thing (simple PSR-7 Request handlers), renamed to Controllers.
  - Upgrade to tobscure/json-api 0.2 branch.
  - Where possible, moved generic functionality to tobscure/json-api (e.g. pagination links). I'm quite happy with the backend balance now re: #262

- Improvements to other architecture
  - Use Illuminate's Auth\Access\Gate interface/implementation instead of our old Locked trait. We still use events to actually determine the permissions though. Our Policy classes are actually glorified event subscribers.
  - Extract model validation into Core\Validator classes.
  - Make post visibility permission stuff much more efficient and DRY.

- Renamed Flarum\Event classes for consistency. ref #246
  - `Configure` prefix for events dedicated to configuring an object.
  - `Get` prefix for events whose listeners should return something.
  - `Prepare` prefix when a variable is passed by reference so it can be modified.
  - `Scope` prefix when a query builder is passed.

- Miscellaneous improvements/bug-fixes. I'm easily distracted!
  - Increase default height of post composer.
  - Improve post stream redraw flickering in Safari by keying loading post placeholders with their IDs. ref #451
  - Use a PHP JavaScript minification library for minifying TextFormatter's JavaScript, instead of ClosureCompilerService (can't rely on external service!)
  - Use UrlGenerator properly in various places. closes #123
  - Make Api\Client return Response object. closes #128
  - Allow extensions to specify custom icon images.
  - Allow external API/admin URLs to be optionally specified in config.php. If the value or "url" is an array, we look for the corresponding path inside. Otherwise, we append the path to the base URL, using the corresponding value in "paths" if present. closes #244
2015-10-08 14:28:02 +10:30
Toby Zerner
8c7cdb184f Fix installation 2015-10-03 17:38:23 +09:30
Toby Zerner
296b822636 Merge branch 'master' into composer 2015-10-03 16:41:23 +09:30
Toby Zerner
232f3b6bc6 API: Reverse splitting of BuildClientView event, but add checker methods 2015-10-03 16:40:41 +09:30
Toby Zerner
03f862fe8c Merge branch 'master' into composer 2015-10-02 17:57:24 +09:30
Toby Zerner
b4cb5a11da Allow extension icon styles to reference assets
Example usage:

"icon": {
    "backgroundImage": "url('{$assets}/icon.svg')"
}
2015-10-02 17:55:42 +09:30
Toby Zerner
ef2cc9b0cd Remove ability for extensions to register a service provider
The concept of returning a bootstrapper function is simpler and the use of service providers had no advantage over it.
2015-10-02 17:54:53 +09:30
Toby Zerner
2a17590412 Change migration namespace format 2015-10-02 17:49:43 +09:30
Toby Zerner
e251cf34c4 Use composer.json for extension metadata 2015-10-02 17:49:16 +09:30
Toby Zerner
0142b01cc5 Add server 2015-10-02 17:47:12 +09:30
Toby Zerner
89338290a4 Only include namespaced translations 2015-10-02 17:43:41 +09:30
Toby Zerner
58eaf79a98 API: Split BuildClientView into two separate events
Much easier to work with. Extension stub hasn't been updated yet.
2015-10-02 17:42:34 +09:30
Toby Zerner
f255d318ef Add multiple UrlGenerator classes for forum/api/admin
Spent quite a while looking into the best solution here and ended up going with three separate classes. Thanks to @Luceos for the PR that got this rolling (#518). My reasoning is:

- The task of routing and URL generation is independent for each section of the app. Take Flarum\Api\Users\IndexAction for example. I don't want to generate a URL to a Flarum route... I specifically want to generate a URL to an API route. So there should be a class with that specific responsibility.
- In fact, each URL generator is slightly different, because we need to add a certain prefix to the start (e.g. /api)
- This also allows us to get rid of the "flarum.api" prefix on each route's name.
- It's still DRY, because they all extend a base class.

At the same time, I could see no reason this needed to be "interfaced", so all of the classes are concrete.

Goes a long way to fixing #123 - still just a few places left remaining with hardcoded URLs.
2015-10-02 17:35:29 +09:30
Toby Zerner
aa203de6e9 Update docblocks 2015-09-29 16:41:34 +09:30
Toby Zerner
e0aa99fabb Properly mark all notifications as read
Previously, clicking the "mark all notifications as read" button would individually mark each of the visible notifications as read. Since we now always show a badge with the number of unread notifications, we need to make sure that all notifications (not just the visible ones) can be marked as read. Otherwise it would be possible to get stuck with an unread badge there.

This commit adds a new API endpoint which marks *all* of a user's notifications as read. The JSON-API spec doesn't cover this kind of thing (updating all instances of a certain resource type), so I'm a bit unsure regarding what the endpoint should actually be. For now I've gone with POST /notifications/read, but I'm open to suggestions.

ref #500
2015-09-29 16:41:05 +09:30
Franz Liedke
5382d0ce1a Remove unused import 2015-09-29 01:31:34 +02:00
Franz Liedke
295f29e53e Make linter happy 2015-09-29 01:31:09 +02:00
Franz Liedke
040ce52724 Return both unread and new notification count from the API
Related to #500.
2015-09-29 01:28:47 +02:00
kirkbushell
c3374197d1 Added zend-stragility (missing), removed some redundant code. 2015-09-28 15:59:07 +01:00
Toby Zerner
3efbffdcec Extract English translations into a language pack
To make this work, we add support for the client working without any locale.

Also fixes #412.
2015-09-25 16:12:09 +09:30
Toby Zerner
02e40f7c47 Allow extensions to return a callback instead of a provider name
This is useful for very simple extensions like language packs, because it means no Composer/namespacing and thus bootstrap.php doesn't have to be changed at all.
2015-09-25 16:05:01 +09:30
Franz Liedke
de216af08d Change name of header for faking HTTP methods
Refs #502.
2015-09-25 00:35:57 +02:00
Franz Liedke
418b1b9bac Implement middleware for faking HTTP methods
Refs #502.
2015-09-25 00:31:31 +02:00
Daniel Klabbers
68369ac5bb heavier validation for username 2015-09-24 23:07:30 +02:00
Franz Liedke
7404debb21 Clean up unused variable
Closes #501.
2015-09-24 16:27:00 +02:00
Toby Zerner
35360b690c Temporary solution to resolve translation references
Just implemented this roughly so I can keep working :D /cc @franzliedke
2015-09-24 09:27:47 +09:30
Toby Zerner
b9bda2d443 Compile all core translations for now
May need to be specific again once we have admin translations, or it
may be better to just put admin translations under a different
namespace...
2015-09-24 09:06:44 +09:30
Toby Zerner
91fb24f7a3 Fix is:unread gambit
closes #485
2015-09-24 08:31:56 +09:30
Toby Zerner
273461040c Update local copy of notification when marking as read 2015-09-23 10:52:26 +09:30
Franz Liedke
ee9862004d Make sure JSON request bodies are parsed as array.
Refs #533.
2015-09-22 15:19:54 +02:00
Toby Zerner
db067c7d87 Refresh discussion metadata to make sure it's correct
The new Approval extension may hide new posts, in which case we don't
want to increment the comments count/set the last post.
2015-09-22 17:57:20 +09:30
Toby Zerner
7a0299d246 Relax self edit/rename restrictions
- Fixes the last post not being self-editable if it's hidden
- Fixes the discussion not being self-renameable its only post is hidden
2015-09-22 17:56:09 +09:30
Toby Zerner
264725d872 Allow discussions to be hidden and restored 2015-09-22 17:48:21 +09:30
Toby Zerner
8e19312534 Add API to run callback after a model instance is saved 2015-09-22 17:22:25 +09:30
Toby Zerner
ed602c6032 Remove importer for the time being 2015-09-22 17:14:01 +09:30
Toby Zerner
d6ed04ffce Fix incorrect version requirement in extension generator 2015-09-22 17:13:41 +09:30
Toby Zerner
8937050aed Rename column for consistency 2015-09-22 16:54:32 +09:30
Toby Zerner
8f387bbd52 Allow formatter to be used for things other than post formatting 2015-09-18 13:29:43 +09:30
Toby Zerner
c4dc1a5ee2 Allow settings to be deleted using LIKE
Also give migrations access to the SettingsRepository
2015-09-18 13:28:38 +09:30
Toby Zerner
ca09e834b1 Add events for serializing/unserializing config values 2015-09-18 13:16:35 +09:30
Toby Zerner
f4a4ed8b49 Extend social login access token expiry 2015-09-17 12:57:22 +09:30
Toby Zerner
dbd33f687c Remove "custom" home page input
Also add an API to let extensions define additional default route
options.

Allowing default routes with parameters (e.g. /d/123) is very difficult
because of the way Mithril routing works, and it doesn't have a
convincing use-case to justify the trouble. So I've removed the custom
input altogether.

closes #427
2015-09-17 12:56:39 +09:30
Toby Zerner
e038c5c9d9 Add migration generator 2015-09-17 12:16:38 +09:30
Toby Zerner
7fb582e8d7 Namespace migrations to avoid potential conflicts
Core migrations are under the Flarum\Migrations\Core namespace.
Extension migrations must be under the
Flarum\Migrations\{ExtensionName} namespace.

closes #422
2015-09-17 08:54:31 +09:30
Daniel Klabbers
84e670082b fixed flarum/core#489 missing meta description from admin area 2015-09-16 21:43:53 +02:00
Franz Liedke
ad060126ae Small cleanup in extension manager 2015-09-16 08:56:27 +02:00
Davide Bellini
fc8dfd8893 Changed default Admin password
Default Admin password doesn't pass the new validation rule (min 8 chars)

See: cbcad27679 (diff-2e6d4ed85cd06d3e11f7f8428746214eR126)
2015-09-15 17:52:33 +02:00
Toby Zerner
701ad0a977 Add API to set asset compiler filename 2015-09-15 21:20:32 +09:30
Franz Liedke
cd5f5515e2 Try to make PHP extension requirement message clearer 2015-09-15 09:18:26 +02:00
Toby Zerner
d8c2cbc265 Mark all notifications with the same subject as read 2015-09-15 16:20:22 +09:30
Toby Zerner
f6ad891850 Rename ExternalAuthenticator to Authenticator 2015-09-15 16:03:10 +09:30
Toby Zerner
e524c59f97 Improve external authentication API
Some providers (e.g. Twitter) don't expose user email addresses, so it
turns out we can't use that as the sole form of identification/account
matching.

This commit introduces a new `auth_tokens` table which stores arbitrary
attributes during the sign up process. For example, when Twitter is
authenticated, a new auth token containing the user's Twitter ID will
be created. When sign up is completed with this token, that Twitter ID
will be set as an attribute on the user's account.
2015-09-15 15:56:48 +09:30
Toby Zerner
6beb4fe898 Add external authenticator (social login) API
Allows registrations to be completed with a pre-confirmed email address
and no password.
2015-09-15 11:27:31 +09:30
Toby Zerner
cbcad27679 Improve installer validation
Very rough, but works for now. The basic premise being that we need to
collect all user data before we proceed with installation.
2015-09-14 18:13:24 +09:30
Toby Zerner
60323e0cf9 Bump version number 2015-09-14 16:32:31 +09:30
Toby Zerner
8cccaaaf6b Improve API error handling
- Change 'path' key to 'source.pointer', as per spec
- Add 500 error detail if debug mode is on
2015-09-14 15:40:07 +09:30
Toby Zerner
190aa925ac Set cookies to be HTTP only 2015-09-14 14:40:05 +09:30
Toby Zerner
60b19efe0a Password is not necessarily required
e.g. on my LAMP setup, I sometimes use a MySQL account without a
password
2015-09-14 14:39:18 +09:30
Franz Liedke
e7d7df3b0c Cleanup 2015-09-11 09:16:53 +02:00
Franz Liedke
3b5a01e603 Implement more validation in installer 2015-09-11 09:16:43 +02:00
Franz Liedke
902d01712b Remove pointless JSON-API action base class
Cleanup related to #118.
2015-09-09 09:04:49 +02:00
Franz Liedke
502a3787d5 Move remaining extension handling to middleware 2015-09-09 08:56:11 +02:00
Franz Liedke
b8ac49ffcc Move exception handling for Flarum exception classes to middleware
Related to #118.
2015-09-08 22:36:32 +02:00
Franz Liedke
4b4cea4d87 Implement interface to serialize exceptions to JSON-API format
Related to #118
2015-09-08 22:35:39 +02:00
Toby Zerner
8c4e095f23 Allow first post to be hidden/restored
Anti-spam extensions may automatically hide the first post in a
discussion, and thus we had to implement smarter permissions so
discussions with zero posts wouldn't be visible to users other than the
author/mods. This change allows those hidden posts to be restored again.
2015-09-07 16:03:45 +09:30
Toby Zerner
84012ca2fd Preliminary implementation of master API keys
Part of #205
2015-09-07 08:37:33 +09:30
Toby Zerner
6ee9412f35 Prevent invalid LESS from crashing application
Failure is silent for now... The default LESS will compile without the
invalid customisations. Not sure if we should log an error somewhere
and display it on the admin page?

closes #400
2015-09-04 22:33:26 +09:30
Toby Zerner
478ca90c31 Fallback to English if system-wide default_locale doesn't exist 2015-09-04 22:19:28 +09:30
Toby Zerner
1f8f79d272 Don't require database password confirmation 2015-09-04 21:45:52 +09:30
Franz Liedke
db8b9ed0c0 Installer: Fix password confirmation 2015-09-04 12:11:13 +02:00
Franz Liedke
a3d59977b3 Clean up code 2015-09-04 12:05:12 +02:00
Franz Liedke
211d2d25cd Merge pull request #413 from WinterSilence/patch-2
Update RouteCollection::getPath
2015-09-04 12:03:51 +02:00
Franz Liedke
42f1abacaf Ask for password confirmation in web installer, too
Closes #405.
2015-09-04 12:00:03 +02:00
Franz Liedke
b26c67dd3c Require password confirmation in console installer
Refs #405.
2015-09-04 11:57:11 +02:00
Toby Zerner
fc7fc41383 Prevent error when hiding/restoring a post with a deleted user 2015-09-04 13:51:13 +09:30
Toby Zerner
ece23de750 API: Add User::hasPermissionLike() and User::getPermissions() 2015-09-04 12:23:50 +09:30
Toby Zerner
4705600d47 Fix typehint 2015-09-04 12:23:27 +09:30
Toby Zerner
8423de754c Fix bad query in isVisibleTo 2015-09-04 12:23:17 +09:30
Toby Zerner
b597e6f8f6 Don't load a custom relation if the relation is already loaded 2015-09-04 12:22:49 +09:30
Toby Zerner
276334ec52 Improve some post/discussion permission logic
- Allow users to see their own posts, even if they have been hidden by
someone else
- Don't require hiding a post to be necessarily attributed to a user
- Hide discussions with zero posts, unless the user can edit posts, or
they are the discussion author
2015-09-04 12:22:27 +09:30
Toby Zerner
f0186d7674 API: Add typehints 2015-09-04 12:18:09 +09:30
Daniel Klabbers
0413daab74 call to $this-> assertValidPassword from static context 2015-09-04 00:00:24 +02:00
Franz Liedke
21dd516eaa Fix code style issues 2015-09-03 08:48:26 +02:00
Franz Liedke
3c9d851889 Check prerequisites in console installer, too 2015-09-03 08:42:16 +02:00
Franz Liedke
942db77416 Extract installation prerequisites into composable classes and use those in the web-based installer 2015-09-03 08:23:34 +02:00
Anton
04db806995 Update RouteCollection.php 2015-09-02 19:22:40 +03:00
Anton
f3bc7d1c23 Update RouteCollection::getPath
This version work faster - old code create closure at every calling getPath
2015-09-02 10:58:44 +03:00
Johann Rodríguez
e35bb9e400 Fix enable extension in EntensionManager 2015-09-01 12:09:11 +01:00
Franz Liedke
753a846e7a Check MySQL version when installing on console
Related to #364.
2015-09-01 08:02:07 +02:00
Franz Liedke
d3e57d77b4 Fix typehint 2015-09-01 07:49:06 +02:00
Toby Zerner
6e0bffe395 API: Add more locale registration APIs 2015-09-01 10:08:37 +09:30
Toby Zerner
eec4e97d65 Tidy up default extension metadata 2015-09-01 10:08:37 +09:30
Toby Zerner
6aafe54ee7 Fix potential error when discussion doesn't exist
Not sure how this could be the case, but can't hurt to add the checks.
addresses #343
2015-09-01 10:08:36 +09:30
Franz Liedke
4c34d0867d Add field for table prefix in web installer
Related to #269.
2015-08-31 09:10:27 +02:00
Toby Zerner
f2a3a0cb10 Require the PHP fileinfo extension
It's required for the intervention/image package
2015-08-31 15:29:20 +09:30
Toby Zerner
5b7527144c Permit trailing slashes in discussion/user URLs
closes #334
2015-08-31 14:43:42 +09:30
Toby Zerner
6c169499b5 Only migrate enabled extensions when upgrading
Also remove the Extension::install() and Extension::uninstall()
methods, because they add nothing that can't be done with migrations.
2015-08-31 14:35:52 +09:30
Toby Zerner
5e22458014 Installer: Prevent crash when views directory is not writable
Use plain PHP templates instead of Blade templates so there is nothing
that needs to be written.

closes #376
2015-08-31 14:25:16 +09:30
Toby Zerner
c72bdc8238 Fix Laravel 5.1 compat
closes #307
2015-08-31 14:07:11 +09:30
Toby Zerner
bcc16a3329 Add target="_blank" and rel="nofollow" to all formatted links
closes #247
2015-08-31 13:36:54 +09:30
Toby Zerner
f5517fbd88 Validate password length
We can't do this using the ValidatesBeforeSave trait because the
password has been hashed by then. Instead, we must validate the
original password as it comes in.
2015-08-31 12:38:15 +09:30
Toby Zerner
6a0e3fcf2d Validate post length to prevent truncation
closes #235
2015-08-31 12:36:19 +09:30