Commit Graph

25 Commits

Author SHA1 Message Date
David Taylor d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
David Taylor 213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor 3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Vinoth Kannan f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Neil Lalonde 66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward cef64e8f03 UX: Use `no_ember` styling for omniauth error page 2017-11-15 14:04:26 -05:00
Robin Ward f7c303c82e FIX: If there's no `window.opener` use the localStorage method for login 2016-07-08 14:45:34 -04:00
Robin Ward eff2865278 FIX: Support create account on facebook browser 2016-06-10 11:12:46 -04:00
Robin Ward 171dbd4b09 Allow redirects on Facebook Browser 2016-06-09 15:51:46 -04:00
Robin Ward f6eb5e823b Temporarily remove FB browser redirect 2016-06-09 15:35:17 -04:00
Robin Ward ba5993ae79 FIX: Invalid escaping of URL 2016-06-09 15:10:21 -04:00
Robin Ward 4730c82b3a FIX: Detect `window.opener` 2016-06-09 14:51:38 -04:00
Robin Ward eee15dfe7f FIX: On facebook browser, don't close the window but redirect instead 2016-06-09 14:20:44 -04:00
Sam b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam fab51496cb correct full screen login feature 2015-10-13 13:11:49 +11:00
Sam b3aebca406 FEATURE: allow auto provider to specify "full screen login"
this feature means we attempt to log in without opening a frame.
2015-10-13 12:23:34 +11:00
Sam 57e3323663 redirect back to base uri if there is no window opener. 2015-10-13 12:03:43 +11:00
Robin Ward b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Neil Lalonde 4762b4ac24 FIX: on completion of external auth, window.close may fail because of iOS Safari bug. Prompt user to manually close the window. 2014-10-15 11:00:34 -04:00
Sam 075002a6d5 refactoring the plugin interfaces to allow for better extensible 2013-08-26 12:59:17 +10:00
Kuba Brecka 9bf5e31f94 some more extracted strings for translation 2013-03-03 23:00:16 +01:00
Jesse Pollak ad5a5b4866 This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml 2013-02-14 18:08:40 -08:00
xdite 9189d937f7 move all logic to omniauth
implement omniauth-facebook / omniauth-twitter
2013-02-13 15:08:38 +08:00