Sam
|
fdc89b1735
|
SECURITY: GitHub authenticator returning unverified emails
|
2014-09-03 12:53:22 +10:00 |
Régis Hanol
|
7c65adfd6f
|
FEATURE: raise an exception when the email is missing in the OpenId callback
|
2014-08-07 19:28:50 +02:00 |
Neil Lalonde
|
030c748adb
|
Revert "FIX: google oauth2 for sites using https. Need to specify the redirect_uri during setup in this case."
This reverts commit fe6235b40e .
|
2014-07-31 16:56:08 -04:00 |
Neil Lalonde
|
fe6235b40e
|
FIX: google oauth2 for sites using https. Need to specify the redirect_uri during setup in this case.
|
2014-07-31 14:50:46 -04:00 |
riking
|
12cb682548
|
Start passing more context to Discourse.handle_exception
|
2014-07-17 14:11:56 -07:00 |
Neil Lalonde
|
01a68f8cc7
|
Emails are case insensitive
|
2014-07-16 10:22:01 -04:00 |
Sam
|
67db561429
|
BUGFIX: missed a key rename
BUGFIX: API spec not enabling CSRF
|
2014-05-23 08:43:19 +10:00 |
Sam
|
cf254000cf
|
Revert "Revert "BUGFIX: improve error messages for invalid API keys""
This reverts commit e9afe28586 .
|
2014-05-23 08:43:19 +10:00 |
Neil Lalonde
|
e9afe28586
|
Revert "BUGFIX: improve error messages for invalid API keys"
|
2014-05-22 14:55:36 -04:00 |
Sam
|
eeef775f21
|
BUGFIX: improve error messages for invalid API keys
BUGFIX: don't track last seen for message bus
|
2014-05-22 09:01:29 +10:00 |
Neil Lalonde
|
742841ddce
|
Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites.
|
2014-05-21 18:35:10 -04:00 |
Louis Rose
|
1574485443
|
Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
|
2014-05-06 14:41:59 +01:00 |
Neil Lalonde
|
1da59e7e2e
|
FIX: deactivated users shouldn't be able to log in
|
2014-04-28 13:46:28 -04:00 |
Sam
|
5897d3419c
|
BUGFIX: identity_url was not fished out correctly
If I user logged in with Google and then changed email,
they would no longer be able to log in with google
|
2014-03-26 14:52:50 +11:00 |
Sam
|
35ee341122
|
SECURITY: GitHub returns unvalidated emails
|
2014-03-26 10:55:36 +11:00 |
Sam
|
7e7c4efcc0
|
FEATURE: on initial boot hint users on how to get admin
|
2014-03-24 18:03:39 +11:00 |
Neil Lalonde
|
a74764c833
|
Log when facebook doesn't provide an email address
|
2014-03-19 13:31:17 -04:00 |
Sam
|
2c8ae22b87
|
FEATURE: add a simple queue Scheduler::Defer.later {}
For quick jobs that do not need to be sent to sidekiq,
runs inline in a single thread but does not block
|
2014-03-17 12:16:19 +11:00 |
Sam
|
ceb80611d6
|
PERF: defer last_ip_address and last_seen updates
|
2014-03-03 15:16:38 +11:00 |
Sam
|
70c50d321a
|
BUGFIX: allow facebook auth for people refusing email
|
2014-02-17 14:45:17 +11:00 |
Erik Ordway
|
f1e8bdaee5
|
Remove cas auth from core and convert the settings over so they can be used by the plugin
|
2014-02-11 15:57:08 -08:00 |
Sam
|
7ad00f426c
|
FEATURE REMOVAL: persona login
see: https://meta.discourse.org/t/pulling-persona-out-of-discourse-core/12613
|
2014-02-11 16:56:48 +11:00 |
Neil Lalonde
|
7fa07f3401
|
create_account_controller.js passwordRequired needs the same logic as user_authenticator. Make twitter and facebook signup work again.
|
2013-12-17 12:39:29 -05:00 |
Neil Lalonde
|
0c6f794eb0
|
Used the term suspended instead of banned.
|
2013-11-07 13:53:49 -05:00 |
Sam
|
8ff35d4b10
|
automatically make developers admins on account creation, this solves the user #1 problem
you can simply set the DEVELOPER_EMAILS to a comma delimited list and the users will be auto admined
|
2013-11-02 10:26:02 +11:00 |
Régis Hanol
|
b56b11d96a
|
add qunit to autospec
|
2013-11-01 23:57:50 +01:00 |
Robin Ward
|
f73a64982a
|
Raise an error if a `api_username` is supplied and does not match the key
|
2013-10-23 11:05:49 -04:00 |
Robin Ward
|
348e2e3ef2
|
Support for per-user API keys
|
2013-10-22 17:34:39 -04:00 |
Sam
|
1b81f73325
|
logged in requests were being treated as anon, causing major havoc
|
2013-10-17 10:37:18 +11:00 |
Sam
|
7993845bfa
|
add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
|
2013-10-09 15:11:54 +11:00 |
Gaurish Sharma
|
f3c9822142
|
Typo fix
|
2013-09-24 18:47:57 +05:30 |
Sam
|
61281a3c81
|
invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users
|
2013-08-28 17:18:31 +10:00 |
Sam
|
bec463564f
|
BUGFIX: When running under a forking server (apache or unicorn) openid strategy was caching a redis connection from the parent, this made "login with google" only work some of the time.
|
2013-08-27 14:44:06 +10:00 |
Sam
|
982b763216
|
correct facebook logic
|
2013-08-26 18:01:01 +10:00 |
Sam
|
d0b4c751b7
|
fix facebook authenticator
|
2013-08-26 17:36:20 +10:00 |
Sam
|
213ce33af2
|
Fixed all broken specs
Moved middleware config into authenticators
|
2013-08-26 12:59:17 +10:00 |
Sam
|
eebe21a8c8
|
fix open id so it creates records properly
|
2013-08-26 12:59:17 +10:00 |
Sam
|
b52aba15e0
|
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
|
2013-08-26 12:59:17 +10:00 |