aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App/Controller/Auth.pm
Commit message (Collapse)AuthorAgeLines
* Simplify /auth sign in page.Matthew Somerville2018-11-09-6/+14
|
* Move all test endpoints under /_dev.Zarino Zappia2018-08-29-5/+0
|
* add a send login email button to user edit pageStruan Donald2018-06-25-1/+2
| | | | | | | | | Add a button to the user edit page that sends a login token email to the user. Helpful for user support situations where someone is having trouble logging in. Also for situations where you have added a user and want to get them logged in. Fixes #2041
* Use CSV escaping for categories in URLs.Matthew Somerville2018-06-21-1/+1
| | | | | Categories could contain commas, so splitting on comma is not good enough. Let’s escape the fields as if it’s a line in CSV. Fixes #2166.
* Merge branch '2fa-superuser'Matthew Somerville2018-02-07-0/+8
|\
| * Allow two-factor to work during creation flow.Matthew Somerville2018-02-07-0/+5
| |
| * Add two-factor authentication for superusers.Matthew Somerville2018-02-07-0/+3
| |
* | Merge branch 'password-tests'Matthew Somerville2018-02-06-2/+56
|\ \
| * | Add length/common password checking.Matthew Somerville2018-02-06-2/+56
| |/
* / Increase bcrypt cost.Matthew Somerville2018-02-01-0/+6
|/ | | | Though when running tests, decrease it for speed.
* Add an access token authentication credential.Matthew Somerville2017-11-29-0/+2
| | | | This allows access if you have a token associated with your user.
* Accept +1 geographic numbers as possibly mobile.Matthew Somerville2017-10-05-1/+1
| | | | | We have no way of knowing whether a +1 geographic number is fixed line or mobile, so accept them all as potentially mobile.
* Allow verify/change/add email/phone in profile.Matthew Somerville2017-09-30-13/+15
| | | | | | This expands the 'change email' functionality to work with phone number also, allow addition of missing details, and verifying of unverified details.
* Adapt things that assume email will be present.Matthew Somerville2017-09-30-1/+2
| | | | | | This includes stopping some emails being sent (moderation, alert, questionnaire), dealing with Open311/email report sending, and tokenised_url.
* Add ability to log in on /auth via text.Matthew Somerville2017-09-30-47/+66
| | | | A confirmation code is sent via Twilio to be entered on the site.
* Add 'verified' database columns for email/phone.Matthew Somerville2017-09-30-2/+2
| | | | | These are so we can state whether a user's email address or phone number have been verified by confirmation email/text.
* Move some auth functions to their own controllers.Matthew Somerville2017-09-30-249/+2
| | | | | | Move the social auth functions to Auth::Social, and the change email/password functions to Auth::Profile. There are no actual code changes.
* Add SIGNUPS_DISABLED config flagDave Arter2017-08-31-0/+20
|
* Don't redirect if logged in & auth form submitted.Matthew Somerville2017-08-08-1/+1
| | | | | | If you submit the auth form (as opposed to clicking a link to something that redirects to the auth form), we should assume you want to treat that as a login.
* Make sure all MapIt tests can run offline.Matthew Somerville2017-03-23-1/+1
|
* Use Token params for redirect on loginpezholio2017-02-15-3/+7
| | | | | Tokens can include a 'p' field in their data to set query params for the post-login redirect URL.
* Redirect to category-filtered /reports on loginDave Arter2017-02-14-1/+20
| | | | If the user has a from_body and at least one category set.
* Follow redirect to /admin after login if allowedDave Arter2017-02-14-1/+1
|
* Lowercase email when signing in.Matthew Somerville2017-01-26-0/+1
|
* Make sure csrf_time is deleted after use.Matthew Somerville2017-01-12-2/+3
| | | | | | If an out-of-date token was passed to check_csrf_token, then no new token would be output on the error page because csrf_time was still present.
* Return 400/500 for some client/server errors.Matthew Somerville2016-12-16-8/+5
|
* Use normal user authentication to control access to /adminMatthew Somerville2016-07-19-1/+1
| | | | | | | | | - Adds is_superuser flag to User - Logged-in user must be a superuser or have from_body set in order to access anything within /admin - has_permission_to on a superuser will always return true - Only superusers can create/grant superusers - New `createsuperuser` command for creating superusers
* Fix CSRF issue with new login during process.Matthew Somerville2016-07-05-0/+3
| | | | | | If you had no session cookie, started reporting a problem, logged in through that process, you would then get a CSRF error as the token had been created before the session was.
* Allow users to update their email address.Matthew Somerville2016-06-20-6/+56
|
* Improve CSRF tokens and add to more forms.Matthew Somerville2016-06-20-3/+37
|
* Improve auth flow taken when return key used.Matthew Somerville2016-06-20-5/+6
|
* Add Twitter social login.Matthew Somerville2016-04-08-16/+93
|
* Add login by Facebook on generic auth screen.Matthew Somerville2016-01-22-12/+16
|
* Add login by Facebook when reporting.Matthew Somerville2016-01-22-0/+108
|
* Switch to JSON::MaybeXS, remove JSON::XS.Matthew Somerville2016-01-22-4/+4
| | | | | | Travis has Cpanel::JSON::XS preinstalled, which means that the build would fail there, as JSON::MaybeXS would try and upgrade JSON::XS to version 3 which the snapshot did not contain.
* If a sign-in button explicitly clicked, use it.Matthew Somerville2015-09-21-3/+5
| | | | Fixes #1091.
* Add way to see "Please check your email" pages.Matthew Somerville2015-09-17-0/+5
| | | | This makes testing easier.
* Alter token logging in and timeout behaviour.Matthew Somerville2015-07-10-0/+5
| | | | | | | Restrict email_sign_in token to one day, unused confirmation tokens to one month. Used tokens will redirect to the created thing but not log in; don't log in with alert links (unsubscribe link never expires, reply link will still show "reopen" tickbox).
* Factor out all uses of param()/params.Matthew Somerville2015-07-07-17/+16
| | | | | | | Use a central get_param and get_param_list functions dependent on whether we're after a scalar or a list (almost always a scalar). This prevents any possibility of confusion where param() could return a list, or params->{} an arrayref.
* Better spotting of signing in on /auth form.Matthew Somerville2014-06-20-2/+4
| | | | | | | | | If your browser autocompleted form fields, you could fill in the signing in part of the form but still be sent a confirmation email. This commit will now default to trying to sign in if the sign in button is clicked or there is data in the signing in password field. Fixes #816.
* Don't remove /M tokens upon use.Matthew Somerville2013-05-10-4/+1
|
* Redirect better to prevent possible infinite loop, update test.Matthew Somerville2013-02-05-1/+4
|
* Redirect from auth to admin if already logged in on Zurich.Matthew Somerville2013-02-05-1/+2
|
* Zurich admin auth with front end.Matthew Somerville2012-12-19-1/+1
|
* inital pass at sign in/sign out functionalityStruan Donald2012-06-01-0/+49
|
* Carry through name/phone/password updates through report/update creation via ↵Matthew Somerville2011-07-04-3/+7
| | | | token. Only store encrypted password, and override EncodedColumn to prevent double encrypting.
* Assume if they've filled in one side of the password form, they're ↵Matthew Somerville2011-07-01-1/+2
| | | | submitting that side.
* Get cookie expiry to work, and correct IDs on checkboxes.Matthew Somerville2011-06-29-1/+5
|
* Sign in over login; tidy CSS.Matthew Somerville2011-06-24-26/+28
|
* Allow people to give name/pw on auth page.Matthew Somerville2011-06-24-8/+13
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 05:59:28 +0000