1
0
mirror of https://github.com/flarum/core.git synced 2025-08-25 09:22:52 +02:00
Commit Graph

1958 Commits

Author SHA1 Message Date
Franz Liedke
537ab6e41f Remove empty line 2016-01-11 08:15:14 +01:00
Daniel Klabbers
159810c335 removed patch from api routes, fixes #725 2016-01-11 08:09:01 +01:00
Albert221
e8a6fe2f7b #719 Fixed PermissionDeniedException
...causing Whoops on debug and 500 HTTP error
instead of 403 Forbidden error page.
2016-01-07 19:09:57 +01:00
Franz Liedke
417b7f7972 Clarify console option 2016-01-07 16:32:01 +01:00
Franz Liedke
9e3771cac3 Clean up code in FileDataProvider 2016-01-07 16:31:21 +01:00
Franz Liedke
819728d8dd Merge pull request #718 from opi/install-from-config-file
Add configuration file installation method.
2016-01-07 16:29:34 +01:00
opi
e3c7f5379b Add configuration file installation method. 2016-01-07 15:20:41 +01:00
Albert221
6d42bcb5ce 256 Added created gambit 2016-01-05 17:04:41 +01:00
Albert221
096aae7919 #696 Added support for prefixes in AbstractUrlGenerator. 2016-01-04 15:28:55 +01:00
Toby Zerner
5bbcba6332 Allow existing user to be activated via API 2016-01-04 15:43:23 +10:30
Albert221
9d89d8a127 Fixed code style 2016-01-03 14:30:35 +01:00
Albert221
6dfe455fd6 #256 Added multiple author search gambit 2016-01-03 14:26:41 +01:00
Toby Zerner
08dbc246dd Clean up 2016-01-02 15:26:05 +10:30
Toby Zerner
3767ee4bf6 Allow admins to set a time when creating a post via the API
Again, the use-case for this is to allow the API to be used to import data from an old forum.
2016-01-02 15:25:48 +10:30
Toby Zerner
248de34242 Don't automatically activate users created by admins - require an attribute to be set 2016-01-02 15:24:35 +10:30
Toby Zerner
8d671f4de4 Make sure GetPermission event arguments array is empty if there is no model 2016-01-02 15:23:48 +10:30
Toby Zerner
6de7038f83 Allow setting the token lifetime 2016-01-02 15:22:53 +10:30
Toby Zerner
07a20a10fd Move flood control from core to API layer
This means that flood control can be disabled depending on the nature of the request (i.e. when authenticated using a master API key). The particular use case for this is to allow using the API to migrate data from an old forum.
2016-01-02 15:22:16 +10:30
Toby Zerner
c8027d344a Add admin-only email: gambit to look up users by email 2016-01-02 15:09:56 +10:30
Toby Zerner
f7709aff95 Allow custom redirection after logging out 2016-01-02 15:08:50 +10:30
Toby Zerner
46818ccd94 Extend access token lifetime when remembering a login 2016-01-02 15:08:28 +10:30
Toby Zerner
f6f9e45085 Disable session (and thus enable sudo mode) when authenticating with API token 2016-01-02 15:07:33 +10:30
Toby Zerner
ff0ce09620 Ensure routes are only populated after extensions have registered listeners
Because extensions can have dependencies injected, a RouteCollection could potentially be instantiated, and thus the ConfigureRoutes event would be called before extensions have had a chance to subscribe to it. Instead, we instantiate the RouteCollection on demand, but only populate it when the application boots.
2016-01-02 15:03:11 +10:30
Toby Zerner
e86cc39f5b API: Add an event to configure server middleware 2016-01-02 15:00:07 +10:30
Toby Zerner
a719d4109f Ensure a new asset revision identifier is generated if there is none 2016-01-02 14:59:09 +10:30
Toby Zerner
5a4e3b09cf Allow extensions to modify text/XML prior to formatting 2015-12-30 15:27:34 +10:30
Toby Zerner
08dae7b530 Add getters 2015-12-30 15:26:24 +10:30
Toby Zerner
aa516fb5c3 Extract method 2015-12-30 15:26:11 +10:30
Toby Zerner
1cac48f90a Always grant master API keys sudo mode 2015-12-30 15:26:07 +10:30
Toby Zerner
5e476fae16 Merge branch 'oauth2-controller' 2015-12-29 11:13:00 +10:30
Toby Zerner
341ffaced5 Bypass email activation when admin creates user via API 2015-12-29 11:02:07 +10:30
Franz Liedke
595d715b1d Installer: Loosen restrictions on MySQL connection details
Closes #602.
2015-12-27 17:31:42 +01:00
Daniel Klabbers
ffb76715f6 fixes flarum/core#678 phpdoc for ip_address on Post model 2015-12-23 13:54:58 +01:00
Franz Liedke
32601d2c98 Don't return from inside a finally block
This is not supported in HHVM:
https://github.com/facebook/hhvm/issues/5162

Reported on the forum:
https://discuss.flarum.org/d/1390-migrating-from-php-5-6-x-to-php-7-0-x/7
2015-12-10 11:35:51 +01:00
Toby Zerner
d9d52dab3c Fix admin login 2015-12-06 08:47:51 +10:30
Toby Zerner
d743e56bc1 Fix tests and CS 2015-12-05 22:31:33 +10:30
Toby Zerner
0cf000122f Allow username capitalisation to be changed
See https://discuss.flarum.org/d/1573-uppercase-lowercase-username-flagged-as-taken
2015-12-05 15:43:40 +10:30
Toby Zerner
973ca16eee Add base OAuth2 controller 2015-12-05 15:25:10 +10:30
Toby Zerner
262dc70fe1 Garbage-collect email/password/auth tokens. closes #217 2015-12-05 15:24:05 +10:30
Toby Zerner
3efd5fbcb0 Clean up some method arguments 2015-12-05 15:22:42 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
2015-12-05 15:11:25 +10:30
Toby Zerner
1d9e7b0262 Fix case-sensitive class names 2015-12-03 18:29:00 +10:30
Toby Zerner
094ad74abc Allow forum to be taken offline via config 2015-12-03 17:56:27 +10:30
Toby Zerner
67e9e23df1 Fix previous commit 2015-12-03 17:56:04 +10:30
Toby Zerner
1cfae4ad14 Merge branch 'sudo-mode'
# Conflicts:
#	CHANGELOG.md
2015-12-03 15:12:51 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
2015-12-03 15:11:57 +10:30
Toby Zerner
287ce2fddd Fix crash when loading notifications in some instances
Specifically, the crash would occur when the first notification had a subject without a discussion relationship (e.g. the Subscriptions extension's newPost notification, where the subject itself was a discussion). Instead of simply eager loading the nested subject.discussion relationship, we load discussions manually instead.
2015-12-03 15:10:05 +10:30
Toby Zerner
cea1cbc2d6 Fuzzy-match global forum permissions
This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
2015-12-03 15:08:28 +10:30
Franz Liedke
b3a5822ddb Rename HTTP method override header
This is the name recommended by the JSON-API spec:
http://jsonapi.org/recommendations/#patchless-clients
2015-11-26 17:43:32 +01:00
young
a80d72d165 Fix #627 2015-11-26 02:03:00 +08:00