112 Commits (7496c1b6556303ddad063edff023d792140cf470)

Author SHA1 Message Date
Claire 4885232358 Add users index on unconfirmed_email (#25672)
1 year ago
Claire fe1735f409 Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669)
1 year ago
Eugen Rochko 937764ce4b Fix always redirecting to onboarding in web UI (#25396)
1 year ago
Frankie Roberto 9cf831be0b Order sessions by most-recent to least-recently updated (#25005)
2 years ago
Claire 844d8e101e Add hCaptcha support (#25019)
2 years ago
Matt Jankowski 390aa577e7 Fix Rails/ActionOrder cop (#24692)
2 years ago
Eugen Rochko 3ca64638d4 Refactor `Cache-Control` and `Vary` definitions (#24347)
2 years ago
Eugen Rochko 9a7a4d79ec Add progress indicator to sign-up flow (#24545)
2 years ago
Claire db2b09bdd4 Fix invalid/expired invites being processed on sign-up (#24337)
2 years ago
CSDUMMI 5f9f43d051 Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073)
2 years ago
Nick Schonning ae51248ffe Enable Rubocop HTTP status rules (#23717)
2 years ago
Nick Schonning 793f8c7dd5 Autofix Rubocop Style/IfUnlessModifier (#23697)
2 years ago
David Vega 4c10de8ae3 Fix single name variables on controller folder (#20092)
2 years ago
Francis Murillo 3a11a90dd3 Revoke all authorized applications on password reset (#21325)
2 years ago
Claire 3b81318a0f Fix form-action CSP directive for external login (#20962)
2 years ago
Daniel Axtens e61dc520ae Add 'private' to Cache-Control, match Rails expectations (#20608)
2 years ago
Claire 811f8d2175 Fix crash when external auth provider has no display_name set (#19962)
2 years ago
Claire 8c94b641a9 Fix invites (#19560)
2 years ago
Eugen Rochko 448d8ae2df Add server rules to sign-up flow (#19296)
2 years ago
Eugen Rochko b2e1224baa Add ability to block sign-ups from IP (#19037)
2 years ago
Claire d28d7d4b72 Fix suspicious sign-in mails never being sent (#18599)
2 years ago
Eugen Rochko 89d4d6fd3b Fix confirmation redirect to app without `Location` header (#18523)
3 years ago
Eugen Rochko f982d56b4e Remove sign-in token authentication, instead send e-mail about new sign-in (#17970)
3 years ago
chandrn7 ce5bebf108 Allow login through OpenID Connect (#16221)
3 years ago
Claire 514842c9c6 Change old moderation strikes to be displayed in a separate page (#17566)
3 years ago
Eugen Rochko 82f8d19424 Add appeals (#17364)
3 years ago
Claire 06f653972a Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)
3 years ago
Claire 12bb24ea35 Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
3 years ago
Eugen Rochko 7b3972c270 Remove IP tracking columns from users table (#16409)
3 years ago
Claire 9e122d774d Fix reviving revoked sessions and invalidating login (#16943)
3 years ago
Claire 1dbc4a8611 Fix webauthn secure key authentication (#16792)
3 years ago
Truong Nguyen 567021abeb Explicitly set userVerification to discoraged (#16545)
3 years ago
Claire 84566f17de Fix authentication failures after going halfway through a sign-in attempt (#16607)
3 years ago
Daniel eb30899df2 Fix undefined variable for Auth::OmniauthCallbacksController (#16654)
3 years ago
Eugen Rochko 2067b0bf34 Add authentication history (#16408)
3 years ago
Claire db57eaf207 Change confirmations controller to redirect to / for approved users (#16151)
4 years ago
ThibG e1ef5f3b31 Add honeypot fields and minimum fill-out time for sign-up form (#15276)
4 years ago
Eugen Rochko 90faa8039c Fix 2FA/sign-in token sessions being valid after password change (#14802)
4 years ago
Eugen Rochko da4c730c47 Add IP-based rules (#14963)
4 years ago
santiagorodriguez96 f142983484 Add WebAuthn as an alternative 2FA method (#14466)
4 years ago
abcang aca93fa882 Fix rubocop warning (#14288)
4 years ago
Eugen Rochko a79c5e5e63 Fix other sessions not being logged out on password change (#14252)
4 years ago
Eugen Rochko 2dbf6bc5ad Add e-mail-based sign in challenge for users with disabled 2FA (#14013)
5 years ago
ThibG e9227d8c10 Remove confusing “You are already signed in.” flash message (#13547)
5 years ago
ThibG ddd9bad7f1 Fix sign-ups without checked user agreement being accepted through the web form (#13088)
5 years ago
Eugen Rochko e4aa4a1c28 Fix password change/reset not immediately invalidating other sessions (#12928)
5 years ago
Eugen Rochko 49b6881379 Fix settings pages being cacheable by the browser (#12714)
5 years ago
Eugen Rochko 3773115066 Fix authentication before 2FA challenge (#11943)
5 years ago
Eugen Rochko 1781358bd9 Add password challenge to 2FA settings, e-mail notifications (#11878)
5 years ago
Eugen Rochko 8eb0d880cb Fix 2FA challenge and password challenge for non-database users (#11831)
5 years ago