Commit Graph

25 Commits

Author SHA1 Message Date
David Taylor
d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Jarek Radosz
d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
David Taylor
213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Vinoth Kannan
f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Neil Lalonde
66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward
cef64e8f03 UX: Use no_ember styling for omniauth error page 2017-11-15 14:04:26 -05:00
Robin Ward
f7c303c82e FIX: If there's no window.opener use the localStorage method for login 2016-07-08 14:45:34 -04:00
Robin Ward
eff2865278 FIX: Support create account on facebook browser 2016-06-10 11:12:46 -04:00
Robin Ward
171dbd4b09 Allow redirects on Facebook Browser 2016-06-09 15:51:46 -04:00
Robin Ward
f6eb5e823b Temporarily remove FB browser redirect 2016-06-09 15:35:17 -04:00
Robin Ward
ba5993ae79 FIX: Invalid escaping of URL 2016-06-09 15:10:21 -04:00
Robin Ward
4730c82b3a FIX: Detect window.opener 2016-06-09 14:51:38 -04:00
Robin Ward
eee15dfe7f FIX: On facebook browser, don't close the window but redirect instead 2016-06-09 14:20:44 -04:00
Sam
b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam
fab51496cb correct full screen login feature 2015-10-13 13:11:49 +11:00
Sam
b3aebca406 FEATURE: allow auto provider to specify "full screen login"
this feature means we attempt to log in without opening a frame.
2015-10-13 12:23:34 +11:00
Sam
57e3323663 redirect back to base uri if there is no window opener. 2015-10-13 12:03:43 +11:00
Robin Ward
b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Neil Lalonde
4762b4ac24 FIX: on completion of external auth, window.close may fail because of iOS Safari bug. Prompt user to manually close the window. 2014-10-15 11:00:34 -04:00
Sam
075002a6d5 refactoring the plugin interfaces to allow for better extensible 2013-08-26 12:59:17 +10:00
Kuba Brecka
9bf5e31f94 some more extracted strings for translation 2013-03-03 23:00:16 +01:00
Jesse Pollak
ad5a5b4866 This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml 2013-02-14 18:08:40 -08:00
xdite
9189d937f7 move all logic to omniauth
implement omniauth-facebook / omniauth-twitter
2013-02-13 15:08:38 +08:00