6417173082
DEV: Apply syntax_tree formatting to lib/*
2023-01-09 12:10:19 +00:00
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
3483c8318f
FEATURE: logging out logs you out everywhere
...
can be disabled by changing the setting "log_out_strict" to false
2015-01-28 12:56:41 +11:00
427487783b
remove block_login? check from current user
2014-10-06 14:39:48 -04:00
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
1aef6de4b0
automatically approve invited users on forum where moderators must approve (keep in mind only moderators can invite)
...
speed up specs a touch
allow invite controller to accept an email in absence of user (cleans up API)
2013-07-11 11:22:00 +10:00
850b042cab
introduce rack:cache as a default, so users don't need to configure apache or nginx
...
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)
reorganised so mini profilers can be cleanly disabled from config file
added caching for categories index
move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
c57ec611e1
basic api support
2013-03-25 18:04:46 -07:00
deb603f41c
Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
...
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
113d0e0257
fix duplicate auth_token in development database images
2013-03-22 18:33:56 +01:00
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
47fedd8f4d
correct breakage
...
don't set permanent cookie, kill session if it conflicts
2013-02-24 22:56:08 +11:00
fd2e9a99bf
cookie recovery cause we have been messing with it.
2013-02-24 21:50:34 +11:00
b66db4153d
refactor and organise current_user better
2013-02-24 21:42:04 +11:00
ab97dc8fd6
Update lib/current_user.rb
2013-02-24 17:24:40 +11:00
3e6641c07e
Unsign auth token cookies per discussion on #215
2013-02-23 13:40:21 -05:00
5616fdc475
Sign the auth token cookie and make it httpOnly
2013-02-20 17:24:19 -05:00
eb188c57e8
started work on message bus diags
2013-02-15 19:23:40 +11:00
74220b4194
Don't update the current ip to an empty string
2013-02-11 16:01:53 -05:00
57049b55a2
Little things:
...
- Retries on deadlock when calculating average time
- Removes Warning: When specifying html format for errors
- Doesn't use manual SQL to update user's ip address
2013-02-11 15:47:28 -05:00
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00
