Commit Graph

2552 Commits

Author SHA1 Message Date
Franz Liedke
32601d2c98 Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
d9d52dab3c Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
d743e56bc1 Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
0cf000122f Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
973ca16eee Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
262dc70fe1 Garbage-collect email/password/auth tokens. closes 2015-12-05 15:24:05 +10:30
Toby Zerner
3efd5fbcb0 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
c97b01a445 Log in immediately after registration
Newly-created accounts are allowed to log in straight away, but they still have the permissions of a guest until they've confirmed their email address. Instead of showing a success message after registration, we reload the page since they're already logged in.

Still todo: show a message explaining that they need to verify their email address to do anything, and allow it to be resent.
2015-12-05 15:22:25 +10:30
Toby Zerner
b0b3af0305 Improve LoginButton styles, make popup window smaller 2015-12-05 15:19:24 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
1d9e7b0262 Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
094ad74abc Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
67e9e23df1 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
287ce2fddd Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
cea1cbc2d6 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes 
2015-12-03 15:08:28 +10:30
Toby Zerner
b9148364fa Various user interface tweaks 2015-12-03 15:02:52 +10:30
Toby Zerner
2ba890c239 Fix notifications icon/badge color for dark header 2015-12-03 15:02:29 +10:30
Toby Zerner
55e80f135d Tweak admin side-pane styles
Position the side-pane absolutely when scrolled to the top so that it does not disjoin from the header in Safari.
2015-12-03 15:02:07 +10:30
Toby Zerner
81a1c0955b Fix some issues with dropdown positioning 2015-12-03 14:51:55 +10:30
Toby Zerner
05386b1259 Clean up 2015-12-03 14:51:35 +10:30
Toby Zerner
d96e57eabb Truncate long title controls on mobile 2015-12-01 11:48:54 +10:30
Toby Zerner
173de809b8 Merge pull request from dcsjapan/adjust-key
Add third-level namespacing to deleted_user_text
2015-11-30 15:28:39 +10:30
dcsjapan
c432ed7d5c Add third-level namespacing to deleted_user_text 2015-11-30 11:17:11 +09:00
Toby Zerner
172fffd1ed Merge pull request from dcsjapan/leftover-translations
Extract leftover strings
2015-11-28 18:54:27 +10:30
dcsjapan
4bfbf68bca Extract leftover strings
Extracts strings that were missed previously in:
- Dashboard page of admin interface.
- Edit Custom CSS modal of admin interface.
- Settings modal of admin interface.
- Post activity list on user page of forum UI.
Hopefully there aren't any more!
2015-11-28 17:14:22 +09:00
Toby Zerner
cd411a0c6b Merge pull request from dcsjapan/update-locale-template
Update locale file template
2015-11-28 17:33:53 +10:30
dcsjapan
7f05d9dce3 Update locale file template
Adjusts comments to match current english locale files.
2015-11-28 15:55:21 +09:00
Franz Liedke
b3a5822ddb Rename HTTP method override header
This is the name recommended by the JSON-API spec:
http://jsonapi.org/recommendations/#patchless-clients
2015-11-26 17:43:32 +01:00
Toby Zerner
a1e1635019 Update changelog 2015-11-26 10:43:48 +10:30
Toby Zerner
1cc5e1cb26 Merge pull request from binaryoung/master
Fixed 
2015-11-26 10:32:36 +10:30
young
a80d72d165 Fix 2015-11-26 02:03:00 +08:00
Toby Zerner
153a82e937 cs fix 2015-11-23 14:18:56 +10:30
Toby Zerner
262a934747 Prevent error if no input is given in create actions 2015-11-23 14:15:30 +10:30
Toby Zerner
a61929730e Validate avatar URL
Still needs refactor
2015-11-23 14:14:53 +10:30
Toby Zerner
ce02387ee4 Prevent crash if logged in user has been deleted 2015-11-23 11:54:30 +10:30
Toby Zerner
2c4fae60bc Allow provision of an avatar URL to upload during sign up
This can be used by authentication extensions (i.e. mirror Facebook/Twitter profile picture). Rough implementation, needs refactoring.
2015-11-23 11:53:57 +10:30
Toby Zerner
7eab206f91 Don't pad the body when the composer is positioned absolutely (on mobile) 2015-11-23 10:07:23 +10:30
Toby Zerner
599958354c Refactor composer preview logic 2015-11-23 08:47:16 +10:30
Toby Zerner
2088fceb8b Truncate long dropdown menu items (e.g. tags in the sidebar)
ref 
2015-11-21 14:01:07 +10:30
Toby Zerner
5b25a77e82 Improve spacing of drawer elements 2015-11-21 13:21:27 +10:30
Toby Zerner
59c534a882 Tweak mobile drawer appearance 2015-11-21 13:16:46 +10:30
Toby Zerner
c79bda6279 Fix composer preview button on mobile. closes 2015-11-21 13:16:25 +10:30
Toby Zerner
6374f92676 Improve composer appearance/usability on mobile
On mobile:
- Move submit button to right side of toolbar
- Move first header item to toolbar
- Size textarea correctly
2015-11-21 13:16:05 +10:30
Toby Zerner
1f4e03d1fa Make sure dropdowns stay within the viewport horizontally too 2015-11-20 12:35:07 +10:30
Toby Zerner
acf67ca416 Add a "load more" button to the end of the post stream
This is necessary if the page is viewed in a context with no scrolling, i.e. an auto-resizing iframe
2015-11-20 12:35:07 +10:30
Toby Zerner
bd750ca154 Show "reply" action in discussion menu on mobile 2015-11-20 12:35:07 +10:30
Franz Liedke
61b09ac982 Update text-formatter dependency 2015-11-19 13:00:32 +01:00
Franz Liedke
6d895e6d77 Inject hardcoded prerequisite parameters
This affects version numbers, extensions and paths, which might be
skeleton-specific. This commit moves those hardcoded values out of
the classes and instead injects them through the constructor. This
way, all prerequisites can be configured in the service provider.
2015-11-11 19:30:35 +01:00