Commit Graph

19 Commits

Author SHA1 Message Date
Penar Musaraj 6bbf832400
DEV: Allow HTML in grant admin dialog (#20133)
In a private plugin, we need to show an error message containing HTML
when the Grant Admin action fails. This change introduces a new flag
(`html_message: true`) that when used will allow the dialog to render
the HTML tags in the error message correctly.
2023-02-02 09:09:25 -05:00
Penar Musaraj 7547878cde
FIX: Regression with admin user delete dialog buttons (#18179)
This also adds a test to prevent regressions and refactors the very similar delete dialog in the user summary screen.
2022-09-05 09:31:17 +02:00
Penar Musaraj 4116bce902
DEV: Add A11Y-friendly dialog addon (#18028)
This adds a new framework for accessible dialogs that will eventually replace bootbox. Under the hood, it uses the a11y-dialog package and an in-repo Ember addon. See PR for usage details.
2022-08-29 13:59:57 -04:00
Osama Sayegh e7c16bc49a
DEV: Remove grant admin 2FA modal (#16347)
The `grant-admin-second-factor` modal is no longer being used since dd6ec65061.
2022-03-31 19:01:11 +03:00
Osama Sayegh dd6ec65061
FEATURE: Centralized 2FA page (#15377)
2FA support in Discourse was added and grown gradually over the years: we first
added support for TOTP for logins, then we implemented backup codes, and last
but not least, security keys. 2FA usage was initially limited to logging in,
but it has been expanded and we now require 2FA for risky actions such as
adding a new admin to the site.

As a result of this gradual growth of the 2FA system, technical debt has
accumulated to the point where it has become difficult to require 2FA for more
actions. We now have 5 different 2FA UI implementations and each one has to
support all 3 2FA methods (TOTP, backup codes, and security keys) which makes
it difficult to maintain a consistent UX for these different implementations.
Moreover, there is a lot of repeated logic in the server-side code behind these
5 UI implementations which hinders maintainability even more.

This commit is the first step towards repaying the technical debt: it builds a
system that centralizes as much as possible of the 2FA server-side logic and
UI. The 2 main components of this system are:

1. A dedicated page for 2FA with support for all 3 methods.
2. A reusable server-side class that centralizes the 2FA logic (the
`SecondFactor::AuthManager` class).

From a top-level view, the 2FA flow in this new system looks like this:

1. User initiates an action that requires 2FA;

2. Server is aware that 2FA is required for this action, so it redirects the
user to the 2FA page if the user has a 2FA method, otherwise the action is
performed.

3. User submits the 2FA form on the page;

4. Server validates the 2FA and if it's successful, the action is performed and
the user is redirected to the previous page.

A more technically-detailed explanation/documentation of the new system is
available as a comment at the top of the `lib/second_factor/auth_manager.rb`
file. Please note that the details are not set in stone and will likely change
in the future, so please don't use the system in your plugins yet.

Since this is a new system that needs to be tested, we've decided to migrate
only the 2FA for adding a new admin to the new system at this time (in this
commit). Our plan is to gradually migrate the remaining 2FA implementations to
the new system.

For screenshots of the 2FA page, see PR #15377 on GitHub.
2022-02-17 12:12:59 +03:00
Martin Brennan 23b7b42acd
DEV: Bump eslint-config-discourse (#14868)
Changes for 4f7aba06c0

Also fixes all of the object-shorthand violations in our JS code.
2021-11-10 09:31:41 +10:00
Bianca Nenciu 6a7ea66670
FEATURE: Use second factor for admin confirmation (#14293)
Administrators can use second factor to confirm granting admin access
without using email. The old method of confirmation via email is still
used as a fallback when second factor is unavailable.
2021-09-14 15:19:28 +03:00
Arpit Jalan 419d71abcb
FEATURE: allow admin to delete all posts by a user irrespectively (#14128)
This commit allows admin to delete all posts by a user irrespective of
site settings `delete_user_max_post_age` and `delete_all_posts_max`.
2021-08-25 10:14:22 +05:30
Jean e7b8e75583
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
Arpit Jalan a174c8b8d4
FIX: hide sso payload behind a button click and log views (#12110) 2021-02-17 21:27:51 +05:30
David Taylor 821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
Kris 2ee63a6a83
DEV: Update icon structure in bootbox buttons (#11925) 2021-02-02 15:47:10 -05:00
Roman Rizzi f3cd5dc096
FIX: Restore user summary's delete button behavior. (#11844)
The user summary's delete button UX relied on the "admin-user.js" destroy function, which was called through the "admin-tools" service. After #11724, we no longer put UX behavior on Ember models.
2021-01-26 13:10:46 -03:00
David Taylor cd11689446
FIX: Check the confirmation result before deleting SSO record (#11816) 2021-01-22 19:16:43 +00:00
Krzysztof Kotlarek 8b10fc2f8c
FIX: remove rendering UX from ember models (#11724)
Fix for `admin-user.js` and `backup.js` models.
2021-01-20 16:04:21 +11:00
Roman Rizzi bbe5d8d5cf
DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
Roman Rizzi 1c2358ba16
DEV: Tidy up imports. (#11364)
Only allow one import definition per file and add a new eslint rule to enforce it.
2020-11-27 11:30:16 -03:00
Arpit Jalan 00b41437b0
FIX: hide sso email behind a button click and log views (#11186) 2020-11-11 00:42:44 +05:30
Robin Ward ce3fe2f4c4 REFACTOR: Support bundling our `admin` section as an ember addon 2020-09-22 15:14:29 -04:00