Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Sam
3483c8318f
FEATURE: logging out logs you out everywhere
...
can be disabled by changing the setting "log_out_strict" to false
2015-01-28 12:56:41 +11:00
Neil Lalonde
427487783b
remove block_login? check from current user
2014-10-06 14:39:48 -04:00
Neil Lalonde
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
Sam
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
Sam
1aef6de4b0
automatically approve invited users on forum where moderators must approve (keep in mind only moderators can invite)
...
speed up specs a touch
allow invite controller to accept an email in absence of user (cleans up API)
2013-07-11 11:22:00 +10:00
Sam
850b042cab
introduce rack:cache as a default, so users don't need to configure apache or nginx
...
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)
reorganised so mini profilers can be cleanly disabled from config file
added caching for categories index
move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
Sam
c57ec611e1
basic api support
2013-03-25 18:04:46 -07:00
Sam
deb603f41c
Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
...
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
Kuba Brecka
113d0e0257
fix duplicate auth_token in development database images
2013-03-22 18:33:56 +01:00
Gosha Arinich
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
Sam Saffron
47fedd8f4d
correct breakage
...
don't set permanent cookie, kill session if it conflicts
2013-02-24 22:56:08 +11:00
Sam Saffron
fd2e9a99bf
cookie recovery cause we have been messing with it.
2013-02-24 21:50:34 +11:00
Sam Saffron
b66db4153d
refactor and organise current_user better
2013-02-24 21:42:04 +11:00
Sam
ab97dc8fd6
Update lib/current_user.rb
2013-02-24 17:24:40 +11:00
tms
3e6641c07e
Unsign auth token cookies per discussion on #215
2013-02-23 13:40:21 -05:00
tms
5616fdc475
Sign the auth token cookie and make it httpOnly
2013-02-20 17:24:19 -05:00
Sam Saffron
eb188c57e8
started work on message bus diags
2013-02-15 19:23:40 +11:00
Robin Ward
74220b4194
Don't update the current ip to an empty string
2013-02-11 16:01:53 -05:00
Robin Ward
57049b55a2
Little things:
...
- Retries on deadlock when calculating average time
- Removes Warning: When specifying html format for errors
- Doesn't use manual SQL to update user's ip address
2013-02-11 15:47:28 -05:00
Robin Ward
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00