Commit graph

301 commits

Author SHA1 Message Date
Andy Allan
d581f17665 Avoid using or comparing explicit model ids
The code is easier to read using higher-level concepts.
2017-10-22 21:58:09 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
24fc94944b Change user forms to use current user instead of @user 2017-07-27 19:40:20 +01:00
Tom Hughes
555a821c3e Merge remote-tracking branch 'upstream/pull/1595' 2017-07-27 19:18:31 +01:00
Andy Allan
41000078b9 Convert remaining controller code to use current_user
The `self.current_user` is important when assigning to the current user,
to avoid creating a local variable called `current_user`
2017-07-27 10:07:51 +01:00
Tom Hughes
4874219ab8 Mark account suspended flash message as HTML safe
Fixes #1590
2017-07-19 00:31:03 +01:00
Tom Hughes
3893fd72a9 Fix some tests for changes in rails 5 2017-06-27 08:26:44 +01:00
Tom Hughes
d85621c7ae Replace deprecated ActiveModel::Errors get/set methods 2017-06-05 22:41:23 +01:00
Tom Hughes
d4df87c1e1 Replace deprecated env method with request.env 2017-06-05 22:38:27 +01:00
Tom Hughes
80d27a7fae Sanitise parameters used in URL generation 2017-06-02 20:27:07 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
2017-06-02 19:12:05 +01:00
Tom Hughes
9b89d4eefe Remove conditions from delete_all
Passing conditions directory to delete_all is deprecated
in rails 5.0 so use a separate where instead.
2017-06-02 16:33:48 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
e17b89e89f Fix rubocop warnings 2016-10-20 22:35:51 +01:00
Andy Allan
41e05f0929 Remove unnecessary controller references from the redirect hashes.
Rails redirect_to uses the current controller by default, so there
is no need to re-iterate this in the code when the redirect targets
the current controller.

The short-form is already used elsewhere, this just tidies up those
which were still using the long-form.
2016-10-12 14:32:49 +01:00
Tom Hughes
b72bc8bf30 Improve code readability 2016-08-19 12:31:45 +01:00
Simon Poole
c6fe828286 Fix rubocop warnings 2016-08-19 09:31:47 +02:00
Simon Poole
0837205d02 Merge message when Gravatar status has changed with email confirmation
Merge message when Gravatar status has changed with email confirmation and make messages more verbose and friendly.
2016-08-19 08:59:40 +02:00
Simon Poole
90b7101cc3 Add tests for change of gravatar use depending on email 2016-08-16 22:09:11 +02:00
Simon Poole
05cd781b25 Remove default enabling of gravatar, check on initial confirmation of e-mail address and on any changes afterward if
a gravatar exists and enable then if the user hasn't uploaded a picture.
2016-08-16 21:42:02 +02:00
Tom Hughes
13c2ac5cdb Reorder auth_success handlers
Only treat auth_success as a possible login attempt if we're not
in the middle of validating a new user, or a change to a user.

Also validate the uniqueness of external auth credentials at the
rails level rather than just at the database level, and make sure
any errors are properly reported.

Fixes #1265
2016-08-14 18:30:13 +01:00
Tom Hughes
6be39fca2f Make support email address configurable 2016-03-20 18:58:50 +00:00
Tom Hughes
f0fa701563 Treeat user as logged in after a password reset
Fixes #1160
2016-02-26 16:30:32 +00:00
Tom Hughes
480c17be58 Preserve username and "remember me" when login fails
Fixes #1159
2016-02-26 15:32:40 +00:00
Tom Hughes
5d3ecffa28 Fix new rubocop warnings 2016-02-05 13:35:26 +00:00
Tom Hughes
8fe1899596 Fix rubocop warnings 2016-01-19 09:51:24 +00:00
Tom Hughes
67f3658431 Preserve URL fragments through external authentication
Fixes #1102
2015-12-12 16:08:09 +00:00
Ilya Zverev
988ee11fe4 Facebook emails are verified
Per https://developers.facebook.com/docs/graph-api/reference/user the
offical description of the email field is:

> The person's primary email address listed on their profile. This
> field will not be returned if no valid email address is available

Therefore we can treat the fact that the email is returned as proof
that it has been verified.
2015-12-07 14:23:23 +00:00
Tom Hughes
d218d5bf7d Fix display of raw HTML in flash message
Fixes #1095
2015-11-30 08:56:26 +00:00
Tom Hughes
e479a8297c Mark some flash messages as html safe 2015-08-27 20:43:50 +01:00
Tom Hughes
c9d35839be Fix new rubocopy warnings 2015-08-18 20:57:14 +01:00
Tom Hughes
629ae62b73 Require a valid session token to resend a confirmation
Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.

Fixes #1010
2015-07-20 21:32:34 +01:00
Tom Hughes
9fdea1c739 Temporary fix to avoid showing emails 2015-07-20 15:07:18 +01:00
Tom Hughes
dd4e766788 Redirect to the login page if auth failure has no origin 2015-04-16 11:16:18 +01:00
Tom Hughes
2111ace158 Prefer username/password to openid_url if both are set 2015-04-16 11:14:57 +01:00
Tom Hughes
eeb9866d50 Add support for Google OAuth2 authentication
This replaces OpenID authentication, which is going away soon, but
provides an upgrade path where we can migrate users that already have
a Google OpenID setup to the new system transparently.
2015-04-14 10:08:07 +01:00
Tom Hughes
2af0840ff3 Fix style issues found by new rubocop version 2015-04-14 09:38:24 +01:00
Tom Hughes
f8de0c1811 Ever more tests... 2015-03-08 16:47:35 +00:00
Tom Hughes
15b550182c Yet more tests... 2015-03-02 21:20:01 +00:00
Tom Hughes
dbe165bbb3 Fix some rubocop rails style issues 2015-02-26 00:12:54 +00:00
Tom Hughes
e434cb154c Convert OpenID authentication to generic third party authentication 2015-02-25 01:07:23 +00:00
Tom Hughes
b0150caee6 Convert OpenID authentication to use OmniAuth 2015-02-25 01:07:23 +00:00
Tom Hughes
8e404f3a46 Fix some more rubocop style issues 2015-02-20 20:39:52 +00:00
Tom Hughes
dc2a2c8ebd Standardise on double quoted strings 2015-02-20 19:47:26 +00:00
Tom Hughes
5cbd4038ed Fix rubocop style issues 2015-02-20 08:56:16 +00:00
Tom Hughes
ef7f3d800c Fix most auto-correctable rubocop issues 2015-02-20 08:56:16 +00:00
Thijs Alkemade
17f926fefb Fix two issues with the remember_me_openid button
1. It didn't work, the code only checked the remember_me button, not
   the remember_me_openid button.

2. It did not have a unique id, making the label next to it not work
   for selecting the checkbox.
2015-02-01 10:33:45 +00:00
Tom Hughes
046fbdc177 Replace deprecated reset method with restore method 2015-01-11 12:53:06 +00:00
Tom Hughes
360d68ea5c Replace deprecated deliver method with deliver_now 2015-01-11 12:53:06 +00:00
Tom Hughes
f9ae6d252f Drop the slim layout
The slim layout is not really needed since the redesign as the
pages it was used for in the OAuth flow now have less chrome and
work fine on small screens with the normal layout.

Fixes #689
2014-02-16 16:03:00 +00:00