Commit graph

115 commits

Author SHA1 Message Date
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Jonathan Roes
057b4768e6 strip whitespace when changing e-mail addresses
Fixes #778.
2013-04-27 23:03:06 -04:00
Philipp Weissensteiner
3dcb1905e3 Refactor user controller, create action, mostly.
The gist of the commit are a few improvements in the
create action, where:

* long boolean statemenst have been wrapped in smaller more readable
  methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
  visual clutter)
* specs have been added where I came across untested methods/branches

Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Robin Ward
738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Neil Lalonde
2ebe0336ae On signup, handle duplicate key errors on email and username better 2013-03-07 14:56:55 -05:00
Neil Lalonde
ff3e012034 Add a link that allows you to send activation email again 2013-02-22 11:49:58 -05:00
Neil Lalonde
39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Neil Lalonde
824b09389f Don't allow signups without a password 2013-02-12 15:42:16 -05:00
Neil Lalonde
ce7088f081 check_username api now returns correct error message for invalid lengths etc 2013-02-08 14:12:48 -05:00
Neil Lalonde
79dfccf717 Username validation in signup and username change forms 2013-02-07 18:23:52 -05:00
Mike Moore
d72c26ff92 Refactor UserSearch tests 2013-02-07 09:35:38 -07:00
Neil Lalonde
471c61fd69 Add honeypot and challenge to signup form 2013-02-06 19:25:36 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00