Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,502 Commits 181 Branches 500 Tags 920 MiB
Commit Graph

86 Commits

Author SHA1 Message Date
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107) 
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
 2019-10-01 12:04:39 -04:00
Krzysztof Kotlarek 32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083) 
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
 2019-09-12 10:41:50 +10:00
David Taylor 213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor 3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Saurabh Patel 08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6 
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
 2019-05-02 16:23:25 +10:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528) 
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
 2018-10-25 09:52:01 -04:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Régis Hanol 0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Guo Xiang Tan 70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Guo Xiang Tan a9699da672 UX: Specify pattern and maxlength for 2FA input fields. 2018-02-26 18:29:46 +08:00
Guo Xiang Tan 1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Guo Xiang Tan 964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Guo Xiang Tan edf326a9a5 Fix incorrect translation. 2018-02-22 08:06:37 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP 
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
 2018-02-21 09:04:07 +08:00
Vinoth Kannan f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Neil Lalonde 66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward cef64e8f03 UX: Use `no_ember` styling for omniauth error page 2017-11-15 14:04:26 -05:00
Neil Lalonde 7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Neil Lalonde bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Neil Lalonde 0b41046238 don't force SiteSetting.title into meta title tag 2017-06-12 13:50:50 -04:00
Robin Ward b381372184 Use Ember.js for the `/u/account-created` path so we can add controls 2017-05-03 11:18:01 -04:00
Sam b43d2e42f4 missing spots 2017-04-17 12:30:20 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward 45a257815a Convert front end paths from `/users/` to `/u/` 2017-03-30 10:23:24 -04:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Sam 0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
Jeff Atwood 1386f9c8c9 make the activate account button a btn-primary 2016-07-14 03:40:55 -07:00
Robin Ward f7c303c82e FIX: If there's no `window.opener` use the localStorage method for login 2016-07-08 14:45:34 -04:00
Robin Ward eff2865278 FIX: Support create account on facebook browser 2016-06-10 11:12:46 -04:00
Robin Ward 171dbd4b09 Allow redirects on Facebook Browser 2016-06-09 15:51:46 -04:00
Robin Ward f6eb5e823b Temporarily remove FB browser redirect 2016-06-09 15:35:17 -04:00
Robin Ward ba5993ae79 FIX: Invalid escaping of URL 2016-06-09 15:10:21 -04:00
Robin Ward 4730c82b3a FIX: Detect `window.opener` 2016-06-09 14:51:38 -04:00
Robin Ward eee15dfe7f FIX: On facebook browser, don't close the window but redirect instead 2016-06-09 14:20:44 -04:00
Arpit Jalan cf97efb643 make the text field autofocus on admin-login page 2016-05-25 23:41:07 +05:30
Arpit Jalan 05164d4cae FEATURE: add Google Analytics code to more user pages 2016-04-02 01:29:08 +05:30
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
Neil Lalonde c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Neil Lalonde 2d7c3067ba FIX: automatic redirect after activating account on subfolder installs 2015-12-15 14:46:35 -05:00
Sam d6932e4ac4 add missing include 2015-11-25 22:47:50 +11:00
Régis Hanol 37c5909a31 FIX: use the first image in the first post in the topic as opengraph image 
FEATURE: new 'default_opengraph_image_url' setting
 2015-10-15 11:00:47 +02:00
Sam b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam fab51496cb correct full screen login feature 2015-10-13 13:11:49 +11:00
Sam b3aebca406 FEATURE: allow auto provider to specify "full screen login" 
this feature means we attempt to log in without opening a frame.
 2015-10-13 12:23:34 +11:00
Sam 57e3323663 redirect back to base uri if there is no window opener. 2015-10-13 12:03:43 +11:00
Robin Ward b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Arpit Jalan f3687b6e56 UX: show caps lock warning on password reset page 2015-05-04 13:01:35 +05:30
Arpit Jalan 2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30