discourse

Commit Graph

Author	SHA1	Message	Date
David Taylor	923c46f5df	DEV: Provide method for auth plugins to generate a CSRF token	2019-08-13 01:13:08 +01:00
David Taylor	750802bf56	UX: Improve error handling for common OmniAuth exceptions (#7991 ) This displays more useful messages for the most common issues we see: - CSRF (when the user switches browser) - Invalid IAT (when the server clock is wrong) - OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.	2019-08-12 10:55:02 +01:00
David Taylor	3b8c468832	SECURITY: Require POST with CSRF token for OmniAuth request phase	2019-08-08 11:58:00 +01:00

Author

SHA1

Message

Date

David Taylor

923c46f5df

DEV: Provide method for auth plugins to generate a CSRF token

2019-08-13 01:13:08 +01:00

David Taylor

750802bf56

UX: Improve error handling for common OmniAuth exceptions (#7991 )

This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.

2019-08-12 10:55:02 +01:00

David Taylor

3b8c468832

SECURITY: Require POST with CSRF token for OmniAuth request phase

2019-08-08 11:58:00 +01:00

3 Commits