openproject

Commit Graph

Author	SHA1	Message	Date
Jens Ulferts	9a2268cc7a	fixes references to OmniauthLogin	10 years ago
Markus Kahl	100f3d00c6	also disable login per post	10 years ago
Markus Kahl	902654a91d	omniauth direct login	10 years ago
Michael Frister	98f81665db	CSRF Protection: Prevent login CSRF	11 years ago
Markus Kahl	e624f84c87	log login directly during omniauth procedure	11 years ago
Markus Kahl	8c94da8d89	log last login for omniauth too added tests	11 years ago
Michael Frister	d02fde7c40	Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).	11 years ago
Michael Frister	d29f5b8421	Fix flash message shown when an account is inactive Show different messages depending on whether the user is locked or registered. In the latter case, also show different messages depending on the self_registration setting (manual activation vs. mail).	11 years ago
Michael Frister	c91d04981e	Show error on attempt to register with disabled self registration This happens for normal registration as well as registration via omniauth. This also changes the redirect to not go to / and go to signin_url instead.	11 years ago
Philipp Tessenow	281b8d8e5b	extract omniauth logic from AccountController into separate omniauth concern	11 years ago
Philipp Tessenow	49c8bec8ec	extract methods from omniauth_login	11 years ago
Philipp Tessenow	759775b37a	small refactorings in ApplicationController#omniauth_login	11 years ago
kgalli	a0af103553	Removal of unnecessary CGI.unescape for back url	11 years ago
kgalli	2a43d74e88	Bugfix for back url if registration is performed via omniauth	11 years ago
Michael Frister	40982532b0	Omniauth: Fix user redirect after pending account and login When registering an account, the account was pending and the user logged in from the same login page after activation, the user was redirected to the authentication provider (at least that's what the back_url was being set to, this would probably have been blocked later by redirect_back_or_default). Setting the back_url explicitly has the advantage of redirecting the user to the original page where the user clicked on the Omniauth link.	11 years ago
Michael Frister	cd6fb1dcd4	Redirect user back to original page when logging in via omniauth	11 years ago
Michael Frister	e00d26d604	AccountController: Remove unused open_id_authenticate	11 years ago
kgalli	2dbff1fbb2	Log warning if omniauth error occurs but show generic message to user	11 years ago
Michael Frister	c5d1d58fad	AccountController: Refactor registration via AuthSource into own method	11 years ago
Michael Frister	09cbe712b2	Login: Fix log warning being shown on not allowed password change	11 years ago
Michael Frister	0978e24dc0	AccountController#register: Refactor omniauth part into own method	11 years ago
kgalli	9e4f84844b	Removal of trailing white spaces	11 years ago
kgalli	a4b155eef2	Removal of unnecessary auth_hash method	11 years ago
kgalli	8f0c7cbfcd	bugfix for register method and refactoring of specs Bugfix register method was missing user.save for exteranl authentication other than omniauth. Refactoring of omniauth specs to use let method to set omniauth hash.	11 years ago
kgalli	5cb176124a	add omniauth failure callback and specs for omniauth login/registration	11 years ago
Michael Frister	068c04b1d1	AccountController: Rename method	11 years ago
kgalli	decc834ea6	Replace of flash notice for registration scenarios with automatic login	11 years ago
kgalli	35c334c6c5	redirect to first_login page for all new users to set accessibility mode	11 years ago
Michael Frister	d16e062b41	Omniauth: Fix lost_password deciding whether to allow reset	11 years ago
Michael Frister	475d0b33c5	Omniauth: Allow correcting validation errors via registration form This also sets User#password_change_allowed? to false for users authenticated via Omniauth and thus hides login and passwords fields from the register form when using Omniauth.	11 years ago
Michael Frister	673c620306	Begin to replace OpenID with omniauth Only UI yet is a link on the dedicated login page, a lot of OpenID remains are still in there and things are absolutely not secure or nice.	11 years ago
Michael Frister	3c324bdc42	Use strong_parameters for User, remove safe_attribtues	11 years ago
Johannes Wollert	8b096975fe	updates copyright headers updates more copyright more copyright headers	11 years ago
Michael Frister	626848551b	Rename Redmine::Configuration to OpenProject::Configuration This removes the configuration test, the test will later be updated and re-added as a spec.	11 years ago
Philipp Tessenow	a1e67dd460	new copyright header #1903	11 years ago
Michael Frister	1a848ee2f5	Add password expiry check Conflicts: doc/CHANGELOG.md	11 years ago
Philipp Tessenow	7aeb2fc979	fix #1405 : fake invalid credentials when a blocked user tries to login	11 years ago
Michael Frister	4e439e2551	Don't show notice about brute force prevention when it's disabled	11 years ago
Michael Frister	d01ec32b3d	Block user on too many failed logins within specific period	11 years ago
Michael Frister	c75820a3e1	Don't force password change after using lost password Fixes: * don't redirect after login * show login name on my/password page	12 years ago
Michael Frister	7ba90102a7	Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec	12 years ago
Michael Frister	089db98541	Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.	12 years ago
Jens Ulferts	21459a384f	provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update	12 years ago
Philipp Tessenow	ec3829e11b	be careful with nested namespace'd controllers in our controllers	12 years ago
Jens Ulferts	d5daa90937	prevents exploiting implicit mysql typecasting This should prevent an attacker from issuing a request where he sends a token param casted to integer. MySql would cast the value attribute of Token to integer which is either the integer at the beginning of the value or, in absence of such, 0.	12 years ago
Martin Linkhorst	6eafde439d	force attributes to be set where needed	12 years ago
Martin Linkhorst	2ed585a297	converted account activation requested email	12 years ago
Martin Linkhorst	a585c1b437	renamed lost_password to password_lost	12 years ago
Martin Linkhorst	727a232d3d	use the new mailer!	12 years ago
Tom Rochette	eed627011c	Login should redirect to welcome/home page if already logged in.	13 years ago

1 2 3 4 5

223 Commits (0acfcfd9eb54df12850a4d2991cf0551a0d53636)