Sam
e6dba8adc2
SECURITY: don't echo the "strategy" param returned by auto provider
2015-01-06 16:28:45 +11:00
Neil Lalonde
90771937f0
FIX: broken external auth
2014-10-03 16:15:00 -04:00
Neil Lalonde
ebf46450bc
Refactor omniauth_callbacks_controller for extensibility
2014-10-03 11:02:04 -04:00
Neil Lalonde
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
Neil Lalonde
742841ddce
Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites.
2014-05-21 18:35:10 -04:00
Erik Ordway
1167b5c4b5
I can see this on git hub but it is being missing by the test
2014-02-11 17:25:54 -08:00
Sam
7ad00f426c
FEATURE REMOVAL: persona login
...
see: https://meta.discourse.org/t/pulling-persona-out-of-discourse-core/12613
2014-02-11 16:56:48 +11:00
Neil Lalonde
da825451d0
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-21 16:56:41 -05:00
Shiv Kumar
2f0e20bc11
add session to auth hash in oauth complete method
2013-11-19 09:58:12 -08:00
Régis Hanol
b56b11d96a
add qunit to autospec
2013-11-01 23:57:50 +01:00
Neil Lalonde
b06f928568
Fix missing provider param message when using Persona
2013-09-23 09:46:25 -07:00
Emili Parreno
ee96fabcba
Allow CAS authentication
2013-08-28 14:34:51 +02:00
Sam
61281a3c81
invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users
2013-08-28 17:18:31 +10:00
Sam
c4a0152dc6
recover from bad CSRF tokens without requiring a hard refresh of the browser
2013-08-27 15:56:12 +10:00
Sam
213ce33af2
Fixed all broken specs
...
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam
b52aba15e0
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-26 12:59:17 +10:00
Michael Kirk
9e8d8870f5
fixed: record Oauth2 user email
2013-08-19 11:21:27 -07:00
Michael Kirk
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Sam
803d023e23
Fixed GitHub auth, GitHub can provide us with a valid email - so automatically log in for those cases
2013-08-02 12:16:44 +10:00
Sam
160107a712
working plugin interface for custom openid auth, custom css and custom js
2013-08-01 16:02:43 +10:00
Sam
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
Sam
c7697bbae2
remove duplicate code
2013-07-16 15:44:38 +10:00
Andreas Haller
661f2057f7
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
...
* Make omniauth controller specs more robust by using shared examples for all authentication providers in controller spec. – Still passing. Yay!
* Return "casuser", instead of "casuser@" when no cas_domainname is configured.
* If no cas_domainname is configured, the CAS authentication would return "casuser@" for the users email field, because it tried to assume the email adress of the CAS user by it's username + cas_domainname.
Now it just returns the username instead of adding an "@" if cas_domainname is not configured.
This especially makes sense on CAS setups where the username equals the users email adress.
The old behaviour, if cas_domainname is configured, was not changed.
* Fetch the email from CAS attributes if provided
If the cas:authenticationSuccess (handled via omniauth-cas) response gives us an email use that.
If not, behave as before (username or username@cas_domainname).
* Fetch the (full) name from CAS attributes if provided
If the CAS response by omniauth provides a [:info][:name] field, prefer this over the uid, because we want the name to be a "Full Name", instead of just a "shortname"
2013-07-04 12:01:39 +02:00
Dmitriy Budnik
2722029d38
stylistic refactorings
...
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
Juan de Dios Herrero
96d23ddd8d
Refactored user_name suggestion methods into a module to reduce the complexity of User model
2013-06-06 16:40:10 +02:00
Chris Hunt
acf147ef88
Disable OmniAuth account creation if 'invite only'
2013-06-05 11:11:02 -07:00
Sam
5e305eaf0a
missing skip filter for omniauth
2013-06-05 10:30:51 +10:00
Erik Ordway
364a59d344
remove hardcoded value and replace with SiteSetting.cas_domainname
2013-05-29 15:47:49 -07:00
Erik Ordway
1575ce7b10
add cas support with a few tests
2013-05-23 13:40:50 -07:00
Mark Rushakoff
56acb5fcce
Don't call to_sym on param
2013-04-08 22:55:39 -07:00
Robin Ward
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
Sarah Vessels
54c7b1ab63
Use consistent new-style hashes in render calls *twitch*
2013-03-22 14:08:11 -04:00
Régis Hanol
239cbd2d58
enforce coding convention
...
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Robin Ward
51f6ae69c9
Check when logging in whether a auth provider is enabled, including specs
2013-03-04 13:44:41 -05:00
Dan Callahan
23d812a4ab
Use AJAX for submitting Persona credentials.
...
Fixes issue with needing to unblock popups.
2013-03-01 14:00:56 -06:00
Dan Callahan
ef8cf2f734
Add basic Persona functionality
...
1. No session integration yet, so automatic login/logout events are suppressed.
2. Popup blockers must be disabled: submits form to target="_blank"
2013-03-01 14:00:56 -06:00
nverba
b45f872c04
Added Github authentication option, disabled by default with enable options in settings.
2013-02-26 05:00:21 +00:00
Neil Lalonde
3ca2d92b2f
Fix the missing {{provider}} value message
2013-02-19 16:28:12 -05:00
Jesse Pollak
ad5a5b4866
This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml
2013-02-14 18:08:40 -08:00
Robin Ward
f00006ee7d
Fix broken Yahoo! signup.
2013-02-13 12:37:48 -05:00
xdite
9189d937f7
move all logic to omniauth
...
implement omniauth-facebook / omniauth-twitter
2013-02-13 15:08:38 +08:00