aboutsummaryrefslogtreecommitdiffstats
path: root/t/app/controller/auth.t
Commit message (Collapse)AuthorAgeLines
* Add option to check password on Have I Been Pwned.Matthew Somerville2020-07-07-0/+17
| | | | | | | If switched on, sends first five letters of the SHA1 hash of the entered password to HIBP's API, which then returns all matching hashes in their database of breached passwords. If we find a match, tell the user they need to pick a different password.
* Only show access tokens once, and store hashed.Matthew Somerville2020-06-30-5/+6
|
* Allow cobrands to skip 2FA requirement.Matthew Somerville2019-12-09-1/+19
|
* Replace use of FixMyStreet::App with DB in tests.Matthew Somerville2019-11-22-9/+9
|
* Fix password reset on 2FA accounts again.Matthew Somerville2019-11-05-0/+5
| | | | | | Just after fixing it, 3d593bc68 broke it again, because it took anyone who must have 2FA switched on to the must-have-2FA sign up flow, even if they already had 2FA set up.
* Add optional enforced password expiry.Matthew Somerville2019-11-04-0/+28
|
* Record time of password change.Matthew Somerville2019-11-04-1/+3
|
* If 2FA enforced, do it for an email login as well.Matthew Somerville2019-10-30-0/+34
|
* Fix password reset on 2FA accounts.Matthew Somerville2019-10-30-0/+23
|
* Allow enforcement of 2FA for staff users.Matthew Somerville2019-10-30-4/+44
|
* Allow non-superusers to store 2FA secrets.Matthew Somerville2019-10-28-1/+0
|
* Simplify /auth sign in page.Matthew Somerville2018-11-09-28/+11
|
* Merge branch '2fa-superuser'Matthew Somerville2018-02-07-0/+23
|\
| * Add two-factor authentication for superusers.Matthew Somerville2018-02-07-0/+23
| |
* | Add length/common password checking.Matthew Somerville2018-02-06-1/+24
|/
* Add an access token authentication credential.Matthew Somerville2017-11-29-0/+25
| | | | This allows access if you have a token associated with your user.
* Add ability to log in on /auth via text.Matthew Somerville2017-09-30-20/+20
| | | | A confirmation code is sent via Twilio to be entered on the site.
* Move some auth functions to their own controllers.Matthew Somerville2017-09-30-121/+1
| | | | | | Move the social auth functions to Auth::Social, and the change email/password functions to Auth::Profile. There are no actual code changes.
* Add SIGNUPS_DISABLED config flagDave Arter2017-08-31-2/+91
|
* Run each test file in a transaction.Matthew Somerville2017-06-20-3/+0
| | | | This means that the tests can be run in parallel.
* Auto-add strict/warnings/Test::More with TestMech.Matthew Somerville2017-05-31-4/+0
|
* Make sure all MapIt tests can run offline.Matthew Somerville2017-03-23-0/+4
|
* Pass test if NXDOMAINs are intercepted.Matthew Somerville2016-11-24-0/+8
| | | | | Mock out the DNS lookup to fail, in case the test is being run somewhere where the ISP hijacks NXDOMAIN results and redirects them elsewhere.
* Add HTML email templates.Matthew Somerville2016-08-01-14/+5
| | | | | | | | | | | | | | | | | | | | | | | | Design is all Zarino. This adds the ability to send HTML emails, including attached inline images. When included, this is done as a multipart/related email containing a multipart/alternative (of plain and HTML) and any attached images, so that the images are available even if HTML mail is not. The alert emails list data has been improved so it can be constructed in the templates rather than the code. Various templates have been tidied. Various workarounds for email clients have been made, including: * <th> is used so that the Android 4.x mail client can give them `block` styling in the small screen media query. * Font settings defined on every table cell (<th>) so that sans-serif fonts are used in Outlook, rather than Times New Roman. * A three-column wrapper table to create a 620px centred content area that also shrinks down on narrow screens. (Outlook doesn’t like max-width, so this is the simplest alternative.) * Enforcing a sensible (500px) min-width for the main content area, on clients that don’t support media queries (eg: native Gmail app). * Giant borders on buttons so Outlook displays them * Image alignment with align rather than float.
* Allow users to update their email address.Matthew Somerville2016-06-20-3/+51
|
* Improve CSRF tokens and add to more forms.Matthew Somerville2016-06-20-1/+1
|
* Better spotting of signing in on /auth form.Matthew Somerville2014-06-20-1/+19
| | | | | | | | | If your browser autocompleted form fields, you could fill in the signing in part of the form but still be sent a confirmation email. This commit will now default to trying to sign in if the sign in button is clicked or there is data in the signing in password field. Fixes #816.
* Update all email templates with new text.Myfanwy Nixon2014-05-16-1/+1
| | | | And FixMyStreet.com specific open questionnaire page.
* Fix test as M tokens now not deleted.Matthew Somerville2013-05-13-6/+1
|
* Fix test word change.Matthew Somerville2013-03-11-1/+1
|
* Move site_name/site_title into templates where they belong.Matthew Somerville2012-08-17-1/+1
|
* Have a whole fake mapit (for #182) that works if MAPIT_URL is set accordingly.Matthew Somerville2012-07-13-2/+2
| | | | | | | | | Setting MAPIT_URL to .../fakemapit/ will then return one area, ID 161 and type ZZZ, whatever co-ordinate it is given. This means the default area type is now ZZZ, the UK specific types are moved into the UK cobrands, and the tests updated accordingly to still function (they assume UK-ness a lot, so probably need an ALLOWED_COBRANDS entry of "fixmystreet: 'localhost'" and for your host's domain to show fixmystreet too).
* fix failing test due to now having error messages in js elsewhere on the pageStruan Donald2011-09-05-6/+6
|
* Get cookie expiry to work, and correct IDs on checkboxes.Matthew Somerville2011-06-29-5/+3
|
* Sort problems, and have a map, maybe.Matthew Somerville2011-06-28-2/+1
|
* Allow people to sign in (or not) as they make a report.Matthew Somerville2011-06-27-1/+1
|
* Sign in over login; tidy CSS.Matthew Somerville2011-06-24-13/+13
|
* Allow people to give name/pw on auth page.Matthew Somerville2011-06-24-2/+2
|
* Implement redirect upon sign in to where the user came from; tidy up error ↵Matthew Somerville2011-06-21-3/+6
| | | | display.
* Fix session cookie test, and test based on contact_name that might change.Matthew Somerville2011-06-09-3/+4
|
* Tidy up some strings for translation, remove some migrated code.Matthew Somerville2011-06-06-1/+1
|
* More robust testsEdmund von der Burg2011-04-11-5/+4
|
* Add the 'remember_me' checkbox on loginEdmund von der Burg2011-04-07-17/+27
|
* Abstracted out some email testsEdmund von der Burg2011-03-25-13/+13
|
* Move login/out methods into TestMechEdmund von der Burg2011-03-25-19/+10
|
* Completed auth section (main parts at least)Edmund von der Burg2011-03-04-35/+134
|
* Allow users to create an account, confirm it and logoutEdmund von der Burg2011-03-03-0/+127
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 16:28:24 +0000