Commit Graph

79 Commits

Author SHA1 Message Date
Sajjad Hashemian
8cc117d89d Prevent crawlers to index nojs pages 2017-02-26 19:48:33 +03:30
David Sevilla Martín
fcfc1b2a37 Add more attributes in app.blade.php and add a setDescription method. (#1105)
* Added `language` and `direction` properties to WebAppView

* Use properties `language` and `direction` in app.blade.php

* Added WebAppView::setDescription to set the meta description

* Whoops! Changed "ltr" to \'ltr\'. Thanks StyleCI :)

* Removed unnecessary `= null` for

* Changed `.. ? .. : ..` to `.. ?: ..`. Useful thing right there ;)
2017-02-03 23:09:22 +01:00
Franz Liedke
2225fdec72 Merge pull request #989 from nielstholenaar/master
Fixes #825
2017-02-03 17:51:07 +01:00
Toby Zerner
4b8eb5d6e4 Make reset password form look slightly nicer
(Still needs a proper makeover!)
2016-11-13 09:01:38 +10:30
Toby Zerner
b2c691a03d Improve password reset validation/error handling 2016-11-13 08:51:38 +10:30
Niels Tholenaar
05c9ce335e Fixes #825 2016-06-20 12:34:41 +02:00
Toby Zerner
998bb5708e Display header HTML in layout rather than app wrapper
This is so a custom layout can opt-out of displaying header HTML (e.g. embed extension)
2016-06-05 09:53:08 +09:30
Toby Zerner
feffe53a86 Add ability to upload a logo + favicon, and add custom header HTML
Closes #268. Not going to bother with a preview SVG or anything fancy for now – we can think about that as part of #746. Right now it's just good to finally get this functionality in!

Also need to think about apple-touch-icon, msTile stuff, and social sharing image. Not sure if this is all too much for core, but it's definitely too much for the current Appearance page layout. Again, something to think about as part of #746.

Code is a bit rough around the edges, but figured there's not much point in using the command bus properly since #870.
2016-06-04 18:05:46 +09:30
Toby Zerner
9bfb797fdc Refactor the web app bootstrapping code
- All custom JS variables are now preloaded into the `app.data` object, rather than directly on the `app` object. This means that admin settings are available in `app.data.settings` rather than `app.settings`, etc.
- Cleaner route handler generation
- Renamed ConfigureClientView to ConfigureWebApp, though the former still exists and is deprecated
- Partial fix for #881 (strips ?nojs=1 from URL if possible, so that refreshing will attempt to load JS version again)
2016-05-26 19:04:24 +09:30
dcsjapan
b068536dbd Fix translation key for deleted username 2016-04-07 20:50:35 +09:00
dcsjapan
6d5582e4ac Extract translations from core blade files.
- Extracts translations from `reset.blade.php`.
- Adjusts namespacing of translations in other files.
- Fixes one direct reference to a `core.ref` key.
2016-04-07 17:45:58 +09:00
Toby Zerner
1395ce6c30 Upgrade to flarum-gulp 0.2.0 / Babel 6 2016-03-18 09:31:01 +10:30
Toby Zerner
e37c7a9b06 Remove sudo mode and add password confirmation when changing email address
closes #674
2016-03-11 12:44:18 +10:30
Toby Zerner
a6cf10f854 Applied fixes from StyleCI 2016-02-25 22:09:39 -05:00
Franz Liedke
9ecb5f437a Use stored slug for generating server-rendered link to discussion
Fixes #646.
2016-02-04 11:47:03 +01:00
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
a6eff9383b Show loading indicator for admin client too 2015-11-04 11:51:25 +10:30
Toby Zerner
7dcb99621d Display "Loading..." text while JS is loading 2015-11-02 16:47:36 +10:30
Toby Zerner
fc7db914db Translate basic HTML views
app('view') call to set translator is temporary. See #189
2015-10-21 11:36:49 +10:30
Toby Zerner
9aeaccf9a4 Improve client boot failure error message/appearance 2015-10-21 09:59:22 +10:30
Toby Zerner
1242fa79af Implement proper update process
If the version in the settings table mismatches the code version, then we return a 503 error for all requests coming through index.php and api.php, while admin.php serves up a form prompting for the database password which will run outstanding migrations.
2015-10-19 15:09:54 +10:30
Toby Zerner
43c44efe3d Make emails translatable
closes #267
2015-10-19 11:23:39 +10:30
Toby Zerner
f255d318ef Add multiple UrlGenerator classes for forum/api/admin
Spent quite a while looking into the best solution here and ended up going with three separate classes. Thanks to @Luceos for the PR that got this rolling (#518). My reasoning is:

- The task of routing and URL generation is independent for each section of the app. Take Flarum\Api\Users\IndexAction for example. I don't want to generate a URL to a Flarum route... I specifically want to generate a URL to an API route. So there should be a class with that specific responsibility.
- In fact, each URL generator is slightly different, because we need to add a certain prefix to the start (e.g. /api)
- This also allows us to get rid of the "flarum.api" prefix on each route's name.
- It's still DRY, because they all extend a base class.

At the same time, I could see no reason this needed to be "interfaced", so all of the classes are concrete.

Goes a long way to fixing #123 - still just a few places left remaining with hardcoded URLs.
2015-10-02 17:35:29 +09:30
Franz Liedke
393f2de146 Fix last commit 2015-09-23 18:30:28 +02:00
Franz Liedke
6f47f4a86f Fix infinite redirect on some nojs pages. 2015-09-23 17:55:16 +02:00
Toby Zerner
69a50565bb Don't catch JS error in debug mode 2015-09-23 10:52:26 +09:30
Daniel Klabbers
84e670082b fixed flarum/core#489 missing meta description from admin area 2015-09-16 21:43:53 +02:00
Toby Zerner
9bf485359a Prevent XML from being interpreted as PHP short tags 2015-09-14 18:12:36 +09:30
Toby Zerner
1f8f79d272 Don't require database password confirmation 2015-09-04 21:45:52 +09:30
Franz Liedke
85fc0a3129 Web installer: Fix name of table prefix field 2015-09-04 12:14:48 +02:00
Franz Liedke
0a992ee9f2 Reorder installer fields 2015-09-04 12:00:39 +02:00
Franz Liedke
42f1abacaf Ask for password confirmation in web installer, too
Closes #405.
2015-09-04 12:00:03 +02:00
Franz Liedke
c91f8de1f5 Be more consistent in case AJAX does not work 2015-08-31 22:37:04 +02:00
Franz Liedke
5783dbe77b Try to fix Safari bug during installation 2015-08-31 22:35:12 +02:00
Franz Liedke
4c34d0867d Add field for table prefix in web installer
Related to #269.
2015-08-31 09:10:27 +02:00
Toby Zerner
5e22458014 Installer: Prevent crash when views directory is not writable
Use plain PHP templates instead of Blade templates so there is nothing
that needs to be written.

closes #376
2015-08-31 14:25:16 +09:30
Huy Tran
cf68c95fb8 Make Google Web Font work on both HTTP and HTTPS 2015-08-27 20:17:42 -07:00
Toby Zerner
5c5be89928 Check some requirements before installation 2015-08-27 20:11:06 +09:30
Toby Zerner
376031fdf5 Update links and remove license file extension 2015-08-27 19:56:37 +09:30
Franz Liedke
75a77e437c Fix installer link to Flarum website 2015-08-27 11:37:49 +02:00
Toby Zerner
02130eee3e Use new discussion URL format 2015-08-25 19:52:24 +09:30
Toby Zerner
ec2aa371b1 Fix installer issues 2015-08-17 14:32:38 +09:30
Toby Zerner
1052aa55ea Implement web installer 2015-08-17 14:12:02 +09:30
Toby Zerner
8065c980d4 Don't redirect to HTML-only mode if in debug mode 2015-08-14 12:50:15 +09:30
Toby Zerner
ee2497f300 Prepend base URL to assets 2015-08-13 10:44:16 +09:30
Toby Zerner
fa5c7cb123 Build very rough HTML-only content
And redirect to the "no JS" mode if the JS app crashes on boot.

ClientView/ClientAction is all a bit of a mess and will need to be
radically cleaned up at some point...
2015-08-06 12:21:11 +09:30
Toby Zerner
c8084c3925 Remove footer and move language selection to header 2015-08-06 12:16:55 +09:30
Toby Zerner
e204794b91 Allow custom variables to be set on the client app 2015-07-31 20:08:27 +09:30
Toby Zerner
ce14273c43 Use System.get instead of System.import
All of the modules we import should already be loaded, and we don't
want to ever attempt to import them anyway because we do not include a
Promise polyfill.
2015-07-29 21:08:24 +09:30