openproject

Commit Graph

Author	SHA1	Message	Date
Markus Kahl	2ed52b163d	only use exit screen if login is required to view anything at all	10 years ago
Markus Kahl	d6401e79f5	polish	10 years ago
Markus Kahl	89731db2d1	some refactoring; test display of instructions	10 years ago
Markus Kahl	bbd4cad404	fix: #14385 (direct login infinite redirect loop)	10 years ago
Markus Kahl	c25f92576c	only append origin if back_url is given	10 years ago
Markus Kahl	9dc9d69000	redirect to last URL after direct omniauth login	10 years ago
Michael Frister	ee31c8de7d	Omniauth: Add after_login, remove on_success After a successfull login seems to be a much clearer description of when the callback will be executed than "on successful authorization". E.g. it's not clear whether ending up on the registration page also indicates successful authorization (which it does in the OmniAuth sense, but not in the OpenProject sense). The after login callback is called each time a user is logged in, no matter whether that happens via regular Omniauth login or after completing the registration process and being automatically logged in (when automated account activation is enabled).	10 years ago
Markus Kahl	41603b0f43	on_success callback for Authorization	10 years ago
Markus Kahl	c9a3dd87bd	put #disable_password_login? into OP Configuration	10 years ago
Till Breuer	2c4483544c	Merge branch 'dev' into feature/adding-and-removing-watchers Conflicts: app/assets/javascripts/angular/work_packages/controllers/work-package-details-controller.js karma/tests/controllers/work-package-details-controller-test.js lib/api/v3/work_packages/work_package_representer.rb	10 years ago
Markus Kahl	a572c6af7f	properly qualify OmniauthLogin everywhere	10 years ago
Markus Kahl	1e1ac3a742	fixed allow_registration?	10 years ago
Markus Kahl	f8770d5e93	block password-related functionality (e.g. lost)	10 years ago
Jens Ulferts	9a2268cc7a	fixes references to OmniauthLogin	10 years ago
Markus Kahl	100f3d00c6	also disable login per post	10 years ago
Markus Kahl	902654a91d	omniauth direct login	10 years ago
Michael Frister	98f81665db	CSRF Protection: Prevent login CSRF	11 years ago
Markus Kahl	e624f84c87	log login directly during omniauth procedure	11 years ago
Markus Kahl	8c94da8d89	log last login for omniauth too added tests	11 years ago
Michael Frister	d02fde7c40	Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).	11 years ago
Michael Frister	d29f5b8421	Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).	11 years ago
Michael Frister	c91d04981e	Show error on attempt to register with disabled self registration This happens for normal registration as well as registration via omniauth. This also changes the redirect to not go to / and go to signin_url instead.	11 years ago
Philipp Tessenow	281b8d8e5b	extract omniauth logic from AccountController into separate omniauth concern	11 years ago
Philipp Tessenow	49c8bec8ec	extract methods from omniauth_login	11 years ago
Philipp Tessenow	759775b37a	small refactorings in ApplicationController#omniauth_login	11 years ago
kgalli	a0af103553	Removal of unnecessary CGI.unescape for back url	11 years ago
kgalli	2a43d74e88	Bugfix for back url if registration is performed via omniauth	11 years ago
Michael Frister	40982532b0	Omniauth: Fix user redirect after pending account and login When registering an account, the account was pending and the user logged in from the same login page after activation, the user was redirected to the authentication provider (at least that's what the back_url was being set to, this would probably have been blocked later by redirect_back_or_default). Setting the back_url explicitly has the advantage of redirecting the user to the original page where the user clicked on the Omniauth link.	11 years ago
Michael Frister	cd6fb1dcd4	Redirect user back to original page when logging in via omniauth	11 years ago
Michael Frister	e00d26d604	AccountController: Remove unused open_id_authenticate	11 years ago
kgalli	2dbff1fbb2	Log warning if omniauth error occurs but show generic message to user	11 years ago
Michael Frister	c5d1d58fad	AccountController: Refactor registration via AuthSource into own method	11 years ago
Michael Frister	09cbe712b2	Login: Fix log warning being shown on not allowed password change	11 years ago
Michael Frister	0978e24dc0	AccountController#register: Refactor omniauth part into own method	11 years ago
kgalli	9e4f84844b	Removal of trailing white spaces	11 years ago
kgalli	a4b155eef2	Removal of unnecessary auth_hash method	11 years ago
kgalli	8f0c7cbfcd	bugfix for register method and refactoring of specs Bugfix register method was missing user.save for exteranl authentication other than omniauth. Refactoring of omniauth specs to use let method to set omniauth hash.	11 years ago
kgalli	5cb176124a	add omniauth failure callback and specs for omniauth login/registration	11 years ago
Michael Frister	068c04b1d1	AccountController: Rename method	11 years ago
kgalli	decc834ea6	Replace of flash notice for registration scenarios with automatic login	11 years ago
kgalli	35c334c6c5	redirect to first_login page for all new users to set accessibility mode	11 years ago
Michael Frister	d16e062b41	Omniauth: Fix lost_password deciding whether to allow reset	11 years ago
Michael Frister	475d0b33c5	Omniauth: Allow correcting validation errors via registration form This also sets User#password_change_allowed? to false for users authenticated via Omniauth and thus hides login and passwords fields from the register form when using Omniauth.	11 years ago
Michael Frister	673c620306	Begin to replace OpenID with omniauth Only UI yet is a link on the dedicated login page, a lot of OpenID remains are still in there and things are absolutely not secure or nice.	11 years ago
Michael Frister	3c324bdc42	Use strong_parameters for User, remove safe_attribtues	11 years ago
Johannes Wollert	8b096975fe	updates copyright headers updates more copyright more copyright headers	11 years ago
Michael Frister	626848551b	Rename Redmine::Configuration to OpenProject::Configuration This removes the configuration test, the test will later be updated and re-added as a spec.	11 years ago
Philipp Tessenow	a1e67dd460	new copyright header #1903	11 years ago
Michael Frister	1a848ee2f5	Add password expiry check Conflicts: doc/CHANGELOG.md	11 years ago
Philipp Tessenow	7aeb2fc979	fix #1405 : fake invalid credentials when a blocked user tries to login	11 years ago

1 2 3

129 Commits (033d6f4eb1da6f5e42212cf344548a5e61066a69)