Tom Hughes
43f40c5d03
Stop using session flash to communicate with callbacks
2025-02-12 00:09:40 +00:00
Tom Hughes
a42b654606
Make the "remember me" option work as intended
2024-11-13 12:18:23 +00:00
Tom Hughes
20bdbb05c3
Switch to using rails builtin content security policy support
2024-05-22 16:38:59 +01:00
Tom Hughes
74cc88fce4
Stop using the session to persist the referer during login
2024-05-06 10:55:07 +01:00
Milan Cvetkovic
9649b192c0
Add preferred provider social signup
...
- Add preferred provider for authorization to login and signup pages.
To use, the 3rd party application would have to add `preferred_provider=...`
parameter to OAuth2 authorization request.
- Resize 3rd party provider icons
- Add "login to authorize" heading to login and signup screens
2024-04-29 11:32:54 +00:00
Tom Hughes
4dff06a629
Use rails tokens for signup confirmations
2024-02-24 13:53:05 +00:00
Simon Legner
a0aef5c722
SessionsController: strip username
2024-02-11 21:53:03 +01:00
Tom Hughes
dc28f1dccc
Fix new rubocop warnings
2022-11-22 18:32:02 +00:00
Andy Allan
972249ce9d
Reconfigure the suspended flash message to avoid html_safe
...
This also avoids having raw html in the translation strings
2022-11-17 12:04:28 +00:00
Tom Hughes
40ec4734fb
Fix new rubocop warnings
2022-05-16 19:16:53 +01:00
Tom Hughes
988d7cd90d
Remove form_action restrictions for sessions#login
...
Login may redirect to ouath2_authorizations#create which may then
redirect to arbitrary schemes if the application is already authorized
so we need to allow login to redirect to any scheme.
Fixes #3424
2022-01-17 11:01:07 +00:00
Tom Hughes
407b61857e
Improve fallback behaviour for unsafe referer redirects
2021-11-23 17:18:41 +00:00
Tom Hughes
bf3743f190
Add missing callbacks to session controller
2021-03-29 20:36:07 +01:00
Andy Allan
f18baae22e
Refactor login/logout into sessions controller
...
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
2021-03-24 11:32:46 +00:00
