Commit Graph

1728 Commits

Author SHA1 Message Date
Toby Zerner
7d55b81d8e Allow custom redirection after logging out 2016-01-02 15:08:50 +10:30
Toby Zerner
1fe6ff1b6f Extend access token lifetime when remembering a login 2016-01-02 15:08:28 +10:30
Toby Zerner
d242894938 Disable session (and thus enable sudo mode) when authenticating with API token 2016-01-02 15:07:33 +10:30
Toby Zerner
2777162d32 Ensure routes are only populated after extensions have registered listeners
Because extensions can have dependencies injected, a RouteCollection could potentially be instantiated, and thus the ConfigureRoutes event would be called before extensions have had a chance to subscribe to it. Instead, we instantiate the RouteCollection on demand, but only populate it when the application boots.
2016-01-02 15:03:11 +10:30
Toby Zerner
d53a525383 API: Add an event to configure server middleware 2016-01-02 15:00:07 +10:30
Toby Zerner
5091dd038f Ensure a new asset revision identifier is generated if there is none 2016-01-02 14:59:09 +10:30
Toby Zerner
cc8494f8af Merge branch 'scrubber-display-only-comments' of https://github.com/ahsanity/core 2016-01-02 12:04:04 +10:30
Toby Zerner
9d9e5c8fcb Merge pull request #676 from petermein/user-online-indicators
User online indicators
2016-01-02 09:34:11 +10:30
Toby Zerner
80d75fe712 Allow extensions to modify text/XML prior to formatting 2015-12-30 15:27:34 +10:30
Toby Zerner
f50a11b885 Use username helper when displaying user search results 2015-12-30 15:26:54 +10:30
Toby Zerner
1ae24178ff Add getters 2015-12-30 15:26:24 +10:30
Toby Zerner
9786568749 Extract method 2015-12-30 15:26:11 +10:30
Toby Zerner
fc168ef675 Always grant master API keys sudo mode 2015-12-30 15:26:07 +10:30
Toby Zerner
2f3abb9cae Merge branch 'oauth2-controller' 2015-12-29 11:13:00 +10:30
Toby Zerner
7cc2e46173 Bypass email activation when admin creates user via API 2015-12-29 11:02:07 +10:30
Franz Liedke
52cf465a90 Installer: Loosen restrictions on MySQL connection details
Closes #602.
2015-12-27 17:31:42 +01:00
Peter Mein
596ed23495 Fixed name to camel case 2015-12-26 13:06:58 +01:00
Peter Mein
e607297635 Changed case on helper function
Stub for renaming case of file
2015-12-26 13:06:31 +01:00
Ahsanul Bari
6d2de8db07 Issue #197: Make PostStreamScrubber display numbers relating to only comment posts 2015-12-25 13:01:42 +06:00
Toby Zerner
f69369fb88 Merge pull request #690 from Luceos/phpdoc
fixes flarum/core#678 phpdoc for ip_address on Post model
2015-12-24 10:11:23 +10:30
Daniel Klabbers
3eebf207cc fixes flarum/core#678 phpdoc for ip_address on Post model 2015-12-23 13:54:58 +01:00
Toby Zerner
cb48fffa7e Extract notification settings into an item list 2015-12-21 10:38:15 +10:30
Franz Liedke
829b9bbdb8 Merge pull request #684 from ahsanity/settings-migration
Converted 'settings' table 'value' column from BLOB to TEXT
2015-12-18 13:45:20 +01:00
Ahsanul Bari
dec7a314ba Issue#669: Convert 'settings' table 'value' column to TEXT instead of BLOB 2015-12-18 02:25:50 +06:00
Peter Mein
b6464a719e Added missing import 2015-12-16 13:48:38 +01:00
Peter Mein
2e110b6ccb Added user online indicator to post 2015-12-16 13:43:46 +01:00
Franz Liedke
79c1fdf5db Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
448870721f Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
94a1bbf9ef Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
f3e0fd5903 Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
f25bd6d196 Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
b4d3f2e648 Garbage-collect email/password/auth tokens. closes #217 2015-12-05 15:24:05 +10:30
Toby Zerner
09a281dbc5 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
b5133fab8f Log in immediately after registration
Newly-created accounts are allowed to log in straight away, but they still have the permissions of a guest until they've confirmed their email address. Instead of showing a success message after registration, we reload the page since they're already logged in.

Still todo: show a message explaining that they need to verify their email address to do anything, and allow it to be resent.
2015-12-05 15:22:25 +10:30
Toby Zerner
f81c489eee Improve LoginButton styles, make popup window smaller 2015-12-05 15:19:24 +10:30
Toby Zerner
cda00550aa Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
3f8cdd1e7e Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
8e38197756 Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
7498f488f5 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
d55ba2c483 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
32e9c0587c Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
1c094c175e Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
127b4a7607 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
2015-12-03 15:08:28 +10:30
Toby Zerner
d4e52a6ad8 Various user interface tweaks 2015-12-03 15:02:52 +10:30
Toby Zerner
8664a5e0b0 Fix notifications icon/badge color for dark header 2015-12-03 15:02:29 +10:30
Toby Zerner
11ff30cfdc Tweak admin side-pane styles
Position the side-pane absolutely when scrolled to the top so that it does not disjoin from the header in Safari.
2015-12-03 15:02:07 +10:30
Toby Zerner
95472a5d65 Fix some issues with dropdown positioning 2015-12-03 14:51:55 +10:30
Toby Zerner
d1d33cba44 Clean up 2015-12-03 14:51:35 +10:30
Toby Zerner
88f03f1d95 Truncate long title controls on mobile 2015-12-01 11:48:54 +10:30
Toby Zerner
d36d3c013a Merge pull request #648 from dcsjapan/adjust-key
Add third-level namespacing to deleted_user_text
2015-11-30 15:28:39 +10:30