mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-14 00:15:51 +02:00
Code Issues Releases Wiki Activity
2,517 Commits 90 Branches 55 Tags
f42273e679080398e33744dd58d1c3dd8ef07412
Commit Graph

17 Commits

Author SHA1 Message Date
Toby Zerner
5672819549 Use Illuminate Session component instead of Symfony 
Symfony's component relies on PHP's native session functionality, which
is not ideal. It automatically sets its own cookie headers, resulting in
this issue: https://github.com/flarum/core/issues/1084#issuecomment-364569953

The Illuminate component is more powerful and has a simpler API for
extension with other drivers and such, and fits in nicely with other
components we use (the majority of which are from Illuminate).
 2018-03-18 14:43:44 +01:00
Toby Zerner
160493e725 fire -> dispatch 
As per Illuminate\Contracts\Events\Dispatcher
 2018-02-10 12:09:35 +10:30
Toby Zerner
d807171c44 Fix URL generator usage 2017-12-29 21:29:04 +10:30
Daniël Klabbers
f65e4dcba3 merges 5.5 and master into next-back 2017-12-14 01:00:16 +01:00
Franz Liedke
c6ce172caa Apply suggestions from StyleCI 2017-12-13 23:08:35 +01:00
Toby Zerner
92de751154 Fix last commit 2017-11-29 22:22:14 +10:30
Toby Zerner
5b46ec801d Generate URL in the controller instead of the view 2017-11-29 22:20:06 +10:30
Toby Zerner
ba769e0c7e Preserve return URL when confirming logout 2017-11-29 13:47:00 +10:30
Toby Zerner
e8a4e5e0ef Add log out confirmation if CSRF token is invalid. fixes #1282 2017-11-29 13:03:16 +10:30
Franz Liedke
78f3681fc1 Fix namespace orderings 
(Thanks, StyleCI!)
 2017-10-03 18:54:06 +02:00
Franz Liedke
4a13cd8088 Move another trait out of obsolete Flarum\Core namespace 2017-10-03 18:49:53 +02:00
Franz Liedke
564ea8ff73 Extract new Flarum\User namespace 2017-10-03 18:47:23 +02:00
Sajjad Hashemian
92b555a246 prevent unsafe redirect via logout controller 2017-03-04 14:51:21 +03:30
Toby Zerner
1031826a3d Apply fixes from StyleCI 
[ci skip] [skip ci]
 2016-11-29 05:03:53 +00:00
Toby Zerner
f7709aff95 Allow custom redirection after logging out 2016-01-02 15:08:50 +10:30
Toby Zerner
387109002e Rework sessions, remember cookies, and auth again 
- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.
 2015-12-05 15:11:25 +10:30
Toby Zerner
9896378b59 Overhaul sessions, tokens, and authentication 
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default.
- Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes.
- Refactor and clean up the authentication middleware.
- Add an `onhide` hook to the Modal component. (+1 squashed commit)
 2015-12-03 15:11:57 +10:30