aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App/Controller/Auth.pm
Commit message (Collapse)AuthorAgeLines
* Make sure all MapIt tests can run offline.Matthew Somerville2017-03-23-1/+1
|
* Use Token params for redirect on loginpezholio2017-02-15-3/+7
| | | | | Tokens can include a 'p' field in their data to set query params for the post-login redirect URL.
* Redirect to category-filtered /reports on loginDave Arter2017-02-14-1/+20
| | | | If the user has a from_body and at least one category set.
* Follow redirect to /admin after login if allowedDave Arter2017-02-14-1/+1
|
* Lowercase email when signing in.Matthew Somerville2017-01-26-0/+1
|
* Make sure csrf_time is deleted after use.Matthew Somerville2017-01-12-2/+3
| | | | | | If an out-of-date token was passed to check_csrf_token, then no new token would be output on the error page because csrf_time was still present.
* Return 400/500 for some client/server errors.Matthew Somerville2016-12-16-8/+5
|
* Use normal user authentication to control access to /adminMatthew Somerville2016-07-19-1/+1
| | | | | | | | | - Adds is_superuser flag to User - Logged-in user must be a superuser or have from_body set in order to access anything within /admin - has_permission_to on a superuser will always return true - Only superusers can create/grant superusers - New `createsuperuser` command for creating superusers
* Fix CSRF issue with new login during process.Matthew Somerville2016-07-05-0/+3
| | | | | | If you had no session cookie, started reporting a problem, logged in through that process, you would then get a CSRF error as the token had been created before the session was.
* Allow users to update their email address.Matthew Somerville2016-06-20-6/+56
|
* Improve CSRF tokens and add to more forms.Matthew Somerville2016-06-20-3/+37
|
* Improve auth flow taken when return key used.Matthew Somerville2016-06-20-5/+6
|
* Add Twitter social login.Matthew Somerville2016-04-08-16/+93
|
* Add login by Facebook on generic auth screen.Matthew Somerville2016-01-22-12/+16
|
* Add login by Facebook when reporting.Matthew Somerville2016-01-22-0/+108
|
* Switch to JSON::MaybeXS, remove JSON::XS.Matthew Somerville2016-01-22-4/+4
| | | | | | Travis has Cpanel::JSON::XS preinstalled, which means that the build would fail there, as JSON::MaybeXS would try and upgrade JSON::XS to version 3 which the snapshot did not contain.
* If a sign-in button explicitly clicked, use it.Matthew Somerville2015-09-21-3/+5
| | | | Fixes #1091.
* Add way to see "Please check your email" pages.Matthew Somerville2015-09-17-0/+5
| | | | This makes testing easier.
* Alter token logging in and timeout behaviour.Matthew Somerville2015-07-10-0/+5
| | | | | | | Restrict email_sign_in token to one day, unused confirmation tokens to one month. Used tokens will redirect to the created thing but not log in; don't log in with alert links (unsubscribe link never expires, reply link will still show "reopen" tickbox).
* Factor out all uses of param()/params.Matthew Somerville2015-07-07-17/+16
| | | | | | | Use a central get_param and get_param_list functions dependent on whether we're after a scalar or a list (almost always a scalar). This prevents any possibility of confusion where param() could return a list, or params->{} an arrayref.
* Better spotting of signing in on /auth form.Matthew Somerville2014-06-20-2/+4
| | | | | | | | | If your browser autocompleted form fields, you could fill in the signing in part of the form but still be sent a confirmation email. This commit will now default to trying to sign in if the sign in button is clicked or there is data in the signing in password field. Fixes #816.
* Don't remove /M tokens upon use.Matthew Somerville2013-05-10-4/+1
|
* Redirect better to prevent possible infinite loop, update test.Matthew Somerville2013-02-05-1/+4
|
* Redirect from auth to admin if already logged in on Zurich.Matthew Somerville2013-02-05-1/+2
|
* Zurich admin auth with front end.Matthew Somerville2012-12-19-1/+1
|
* inital pass at sign in/sign out functionalityStruan Donald2012-06-01-0/+49
|
* Carry through name/phone/password updates through report/update creation via ↵Matthew Somerville2011-07-04-3/+7
| | | | token. Only store encrypted password, and override EncodedColumn to prevent double encrypting.
* Assume if they've filled in one side of the password form, they're ↵Matthew Somerville2011-07-01-1/+2
| | | | submitting that side.
* Get cookie expiry to work, and correct IDs on checkboxes.Matthew Somerville2011-06-29-1/+5
|
* Sign in over login; tidy CSS.Matthew Somerville2011-06-24-26/+28
|
* Allow people to give name/pw on auth page.Matthew Somerville2011-06-24-8/+13
|
* Use bcrypt.Matthew Somerville2011-06-24-2/+1
|
* Implement redirect upon sign in to where the user came from; tidy up error ↵Matthew Somerville2011-06-21-18/+46
| | | | display.
* Add the 'remember_me' checkbox on loginEdmund von der Burg2011-04-07-2/+8
|
* auth related fixesEdmund von der Burg2011-03-24-1/+6
|
* use .txt suffix on email templatesEdmund von der Burg2011-03-23-1/+1
|
* Clean up the flow - only mxcheck emails if we need to (ie not for logging in)Edmund von der Burg2011-03-04-28/+25
|
* Completed auth section (main parts at least)Edmund von der Burg2011-03-04-44/+98
|
* Allow users to create an account, confirm it and logoutEdmund von der Burg2011-03-03-0/+178
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 15:34:12 +0000