Commit Graph

26 Commits

Author SHA1 Message Date
Robin Ward 1252e7324f Added easy impersonate route while in development mode 2014-10-07 12:25:50 -04:00
riking 2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Neil Lalonde ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam e0a82d3088 FIX: rate limit password reset email 2014-08-18 10:55:30 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde 1da59e7e2e FIX: deactivated users shouldn't be able to log in 2014-04-28 13:46:28 -04:00
Sam a3b2b4baca FEATURE: custom fields on User 2014-04-22 13:52:13 +10:00
Sam be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Stephen Birarda c3eb2025d8 add option to override user attributes from SSO payload
add an external_username attribute for username from SSO payload

repair the field name in SingleSignOnRecord migration

move setting of external_username for sso to controller

add settings toggle to override username/email from SSO payload

fix changing of external username after override toggle

complete tests and logic for sso override

add some extra context to username override option

add external_email and external_name to single sign on record

add setting for name override from SSO payload

complete override with stored external_email and external_name

add missing checks to tests

remove an unneeded describe block

break up a monster method for single sign on

fixes for sso attribute override after failed tests
2014-03-04 09:52:21 -08:00
Sam 557af84ae2 FIX: broken spec 2014-02-26 10:52:11 +11:00
Sam 50a8d3caae BUGFIX: sso to send welcome emails 2014-02-26 10:28:03 +11:00
Sam 440435f023 FEATURE: SSO to handle return_path automatically 2014-02-26 09:58:30 +11:00
Sam 6f31d3f0e5 FEATURE: single sign on support
Added support for outsourcing auth to a different website, documentation on meta
2014-02-25 14:31:03 +11:00
Robin Ward 1dac3cfd64 API endpoint for retrieving the current user 2014-02-05 13:46:24 -05:00
Neil Lalonde 0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Neil Lalonde c74da0d262 Admins who haven't been approved can log in when must_approve_users is enabled 2013-08-06 16:51:29 -04:00
Michael Campagnaro 25f8692a79 Strip leading/trailing spaces from login 2013-07-23 23:03:38 -04:00
Neil Lalonde 5d6ad8f39c Show a useful message when a banned user tries to log in 2013-06-27 15:14:42 -04:00
Chris Hunt 93fc0e74bc Test correct login behavior when pending approval 2013-06-06 18:36:16 -07:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Régis Hanol b24c1a1ad9 better consistency around email case sensitivity 2013-04-15 02:20:33 +02:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
tms 3e6641c07e Unsign auth token cookies per discussion on #215 2013-02-23 13:40:21 -05:00
tms 5616fdc475 Sign the auth token cookie and make it httpOnly 2013-02-20 17:24:19 -05:00
Neil Lalonde c18b85873f Prevent login until email is confirmed 2013-02-11 11:18:37 -05:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00