b084750953
FIX: don't redirect incorrectly after full screen login ( #7170 )
...
Fixes two issues:
1. Redirecting to an external origin's path after login did not work
2. User would be erroneously redirected to the external origin after logout
https://meta.discourse.org/t/109755
2019-03-19 12:39:13 +00:00
0f734e2ae2
FIX: Return authenticated=true when reconnecting
...
This prevents a registration popup on the client
2018-12-11 17:40:02 +00:00
c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled ( #6754 )
...
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.
Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
92bf3c667e
FIX: Flash authentication data not rendered in latest iOS safari browser
2018-10-30 04:00:36 +05:30
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
de92913bf4
FIX: store the topic links using the cooked upload url
2018-08-14 12:23:32 +02:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
06deffc9da
FIX: returns provider_not_enabled error even if enabled
2018-07-13 22:49:30 +05:30
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
21e9315416
FIX: Use user account email instead of auth email when totp is enabled.
...
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
2cf6fb7359
FIX: always unstage users when they log in
2018-05-13 17:00:02 +02:00
142571bba0
Remove use of rescue nil.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
5a462b930d
REFACTOR: Prefer exists? over present.
2018-03-01 10:22:41 +08:00
e2d82b882e
FIX: redirect to original URL after social login
2018-01-26 18:52:27 +01:00
492af81e67
FIX: save registration_ip_address for staged users logging in via social auth
2017-12-12 17:41:16 +05:30
cef64e8f03
UX: Use no_ember styling for omniauth error page
2017-11-15 14:04:26 -05:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
4e49b3b140
FIX: do not create new email token if there already exists a confirmed one
2017-09-14 10:52:29 +05:30
104d97695d
FIX: don't activate un-confirmed email on omniauth authentication ( #5176 )
2017-09-12 17:36:17 +02:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
038454bde2
FIX: always confirm emails when SSO says so
2017-06-08 01:05:33 +02:00
ca965f83c3
Revert "FIX: If login is required, redirect to the /login route instead of root"
...
This reverts commit 8a8dec550b2eaffa402968bf0bbd0d681fe0a805.
2017-05-25 14:04:28 -04:00
8a8dec550b
FIX: If login is required, redirect to the /login route instead of root
2017-05-25 13:35:15 -04:00
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
3d347fb9c4
FIX: Don't mark user as active if verified email is different.
2017-03-02 14:24:30 +08:00
e6fcaadd45
FIX: redirects back to origin for SSO and omniauth login
2016-09-16 13:48:50 +10:00
0303080586
we do not define auth providers for builtins
2016-08-29 11:12:24 +10:00
22b8c0d44e
FIX: fullscreen login set from client needs to be respected
2016-08-29 10:13:51 +10:00
841f36b058
FIX: automatically unstage user when signing in using OAuth
2016-04-04 19:04:10 +02:00
5c603bf8ec
Added Instagram login method
2016-02-25 12:13:59 +10:00
a9823ab59a
FIX: Use a cookie to bypass the anon cache
2015-10-28 17:16:56 -04:00
b6c2aa13e6
clean up implementation of non frame login / registration
2015-10-13 14:49:09 +11:00
b3aebca406
FEATURE: allow auto provider to specify "full screen login"
...
this feature means we attempt to log in without opening a frame.
2015-10-13 12:23:34 +11:00
b4960d48b4
Better support for passing up errors when OmniAuth fails after auth
2015-06-24 12:12:43 -04:00
eaa1afeaf5
remove Google OpenID auth, since Google doesn't support it anymore
2015-05-25 15:13:44 -04:00
7c14db44cc
UX: improve message when admin login is blocked because of admin ip address whitelisting
2015-03-02 12:13:22 -05:00
987504c6ab
Rename no_js layout to no_ember
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
e6dba8adc2
SECURITY: don't echo the "strategy" param returned by auto provider
2015-01-06 16:28:45 +11:00
90771937f0
FIX: broken external auth
2014-10-03 16:15:00 -04:00
ebf46450bc
Refactor omniauth_callbacks_controller for extensibility
2014-10-03 11:02:04 -04:00
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
742841ddce
Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites.
2014-05-21 18:35:10 -04:00
1167b5c4b5
I can see this on git hub but it is being missing by the test
2014-02-11 17:25:54 -08:00
7ad00f426c
FEATURE REMOVAL: persona login
...
see: https://meta.discourse.org/t/pulling-persona-out-of-discourse-core/12613
2014-02-11 16:56:48 +11:00
da825451d0
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-21 16:56:41 -05:00
2f0e20bc11
add session to auth hash in oauth complete method
2013-11-19 09:58:12 -08:00
b56b11d96a
add qunit to autospec
2013-11-01 23:57:50 +01:00
