Commit Graph

72 Commits

Author SHA1 Message Date
Sam aa6c92922d SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00
Sam c7697bbae2 remove duplicate code 2013-07-16 15:44:38 +10:00
Andreas Haller 661f2057f7 Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
* Make omniauth controller specs more robust by using shared examples for all authentication providers in controller spec. – Still passing. Yay!

* Return "casuser", instead of "casuser@" when no cas_domainname is configured.

* If no cas_domainname is configured, the CAS authentication would return "casuser@" for the users email field, because it tried to assume the email adress of the CAS user by it's username + cas_domainname.
  Now it just returns the username instead of adding an "@" if cas_domainname is not configured.
  This especially makes sense on CAS setups where the username equals the users email adress.
  The old behaviour, if cas_domainname is configured, was not changed.

* Fetch the email from CAS attributes if provided
  If the cas:authenticationSuccess (handled via omniauth-cas) response gives us an email use that.
  If not, behave as before (username or username@cas_domainname).

* Fetch the (full) name from CAS attributes if provided
  If the CAS response by omniauth provides a [:info][:name] field, prefer this over the uid, because we want the name to be a "Full Name", instead of just a "shortname"
2013-07-04 12:01:39 +02:00
Dmitriy Budnik 2722029d38 stylistic refactorings
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
Juan de Dios Herrero 96d23ddd8d Refactored user_name suggestion methods into a module to reduce the complexity of User model 2013-06-06 16:40:10 +02:00
Chris Hunt acf147ef88 Disable OmniAuth account creation if 'invite only' 2013-06-05 11:11:02 -07:00
Sam 5e305eaf0a missing skip filter for omniauth 2013-06-05 10:30:51 +10:00
Erik Ordway 364a59d344 remove hardcoded value and replace with SiteSetting.cas_domainname 2013-05-29 15:47:49 -07:00
Erik Ordway 1575ce7b10 add cas support with a few tests 2013-05-23 13:40:50 -07:00
Mark Rushakoff 56acb5fcce Don't call to_sym on param 2013-04-08 22:55:39 -07:00
Robin Ward 738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra 5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Sarah Vessels 54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Régis Hanol 239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Robin Ward 51f6ae69c9 Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00
Dan Callahan 23d812a4ab Use AJAX for submitting Persona credentials.
Fixes issue with needing to unblock popups.
2013-03-01 14:00:56 -06:00
Dan Callahan ef8cf2f734 Add basic Persona functionality
1. No session integration yet, so automatic login/logout events are suppressed.

2. Popup blockers must be disabled: submits form to target="_blank"
2013-03-01 14:00:56 -06:00
nverba b45f872c04 Added Github authentication option, disabled by default with enable options in settings. 2013-02-26 05:00:21 +00:00
Neil Lalonde 3ca2d92b2f Fix the missing {{provider}} value message 2013-02-19 16:28:12 -05:00
Jesse Pollak ad5a5b4866 This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml 2013-02-14 18:08:40 -08:00
Robin Ward f00006ee7d Fix broken Yahoo! signup. 2013-02-13 12:37:48 -05:00
xdite 9189d937f7 move all logic to omniauth
implement omniauth-facebook / omniauth-twitter
2013-02-13 15:08:38 +08:00