github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-25 09:57:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
20,468 Commits 270 Branches 512 Tags
214056e782ea66fc3cc646b9da31fe49c89d69d6
Commit Graph

41 Commits

Author SHA1 Message Date
Sam
be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Sam
c4bf138d2c FIX: incorrect error being raised 2016-08-26 10:39:13 +10:00
Sam
b09922b58a we have to allow message bus for read clients 2016-08-19 15:22:52 +10:00
Sam
3ea68f8f6c tweak headers so they can be consumed 2016-08-18 14:38:33 +10:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
fc095acaaa Feature: User API key support (server side implementation) 
- Supports throttled read and write
- No support for push yet, but data is captured about intent
 2016-08-15 17:59:36 +10:00
Sam
5cc8bb535b SECURITY: do cookie auth rate limiting earlier 2016-08-09 10:02:18 +10:00
Sam
16a383ea1e SECURITY: limit bad cookie auth attempts 
- Also cleans up the _t cookie if it is invalid
 2016-07-28 12:58:49 +10:00
Sam
b5fbff947b FIX: don't expire old sessions when logging in 2016-07-26 11:37:41 +10:00
Sam
c1f62d8657 Revert "make upgrade a bit more seamless" 
This reverts commit 78b88a1633925a1551cf27732213b7f613634b4e.
 2016-07-25 12:49:33 +10:00
Sam
78b88a1633 make upgrade a bit more seamless 2016-07-25 12:30:52 +10:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour 
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
 2016-07-25 12:07:31 +10:00
Arpit Jalan
a9207dafa7 FEATURE: configure session time via site setting for all the users (#4343) 2016-07-23 02:57:30 +05:30
Guo Xiang Tan
22ade1f811 FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Sam
f88cf4e2f0 Merge pull request #4226 from xfalcox/non-persistent-session 
FEATURE: add setting permanent_session_cookie to configure session st…
 2016-06-29 16:47:31 +10:00
Régis Hanol
9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Sam
52c3b0b0ce clear mini profiler cookie when admin logs off 2016-05-18 17:27:54 +10:00
Rafael dos Santos Silva
09ef5f613e FEATURE: add setting permanent_session_cookie to configure session stickiness 
Now admins can turn make the login cookie die after the browser is closed, so the user needs to log in everytime.
 2016-05-17 01:12:09 -03:00
Arpit Jalan
74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193) 
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
 2016-04-26 13:08:19 -04:00
Sam
803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Robin Ward
5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Sam
3483c8318f FEATURE: logging out logs you out everywhere 
can be disabled by changing the setting "log_out_strict" to false
 2015-01-28 12:56:41 +11:00
Sam
a9cda0f947 FEATURE: allow restricting API keys to a particular range 2014-11-20 15:21:49 +11:00
Sam
aa9b3bb35a FEATURE: allow long polling to go to a different url 
Added the site setting long_polling_base_url , this allows you
to farm long polling to a different server.

This setting is very important if a CDN is serving dynamic content.
 2014-10-24 13:38:38 +11:00
riking
12cb682548 Start passing more context to Discourse.handle_exception 2014-07-17 14:11:56 -07:00
Sam
67db561429 BUGFIX: missed a key rename 
BUGFIX: API spec not enabling CSRF
 2014-05-23 08:43:19 +10:00
Sam
cf254000cf Revert "Revert "BUGFIX: improve error messages for invalid API keys"" 
This reverts commit e9afe28586cd887b92fa86c52db78d543a70e433.
 2014-05-23 08:43:19 +10:00
Neil Lalonde
e9afe28586 Revert "BUGFIX: improve error messages for invalid API keys" 2014-05-22 14:55:36 -04:00
Sam
eeef775f21 BUGFIX: improve error messages for invalid API keys 
BUGFIX: don't track last seen for message bus
 2014-05-22 09:01:29 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring. 
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
 2014-05-06 14:41:59 +01:00
Neil Lalonde
1da59e7e2e FIX: deactivated users shouldn't be able to log in 2014-04-28 13:46:28 -04:00
Sam
7e7c4efcc0 FEATURE: on initial boot hint users on how to get admin 2014-03-24 18:03:39 +11:00
Sam
2c8ae22b87 FEATURE: add a simple queue Scheduler::Defer.later {} 
For quick jobs that do not need to be sent to sidekiq,
runs inline in a single thread but does not block
 2014-03-17 12:16:19 +11:00
Sam
ceb80611d6 PERF: defer last_ip_address and last_seen updates 2014-03-03 15:16:38 +11:00
Neil Lalonde
0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Sam
8ff35d4b10 automatically make developers admins on account creation, this solves the user #1 problem 
you can simply set the DEVELOPER_EMAILS to a comma delimited list and the users will be auto admined
 2013-11-02 10:26:02 +11:00
Régis Hanol
b56b11d96a add qunit to autospec 2013-11-01 23:57:50 +01:00
Robin Ward
f73a64982a Raise an error if a api_username is supplied and does not match the key 2013-10-23 11:05:49 -04:00
Robin Ward
348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00
Sam
1b81f73325 logged in requests were being treated as anon, causing major havoc 2013-10-17 10:37:18 +11:00
Sam
7993845bfa add current_user_provider so people can override current_user bevior cleanly, see 
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
 2013-10-09 15:11:54 +11:00