discourse
/
discourse-oauth2-basic
mirror of https://github.com/discourse/discourse-oauth2-basic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
122 Commits 3 Branches 0 Tags 1 MiB
Commit Graph

50 Commits

Author SHA1 Message Date
David Taylor 5984e52dc6
DEV: Fix rubocop offences 2020-04-30 18:49:15 +01:00
David Taylor be136eacb4
FEATURE: Allow disabling request_body authentication for token endpoint 
By default we include both authentication data in both the Authorization header, and in the request body. This provides maximum compatibility, although is technically a breach of the OAuth2 specification. This commit introduces a new site setting `oauth2_send_auth_body`, which allows the behavior to be controlled.
 2020-04-30 17:28:22 +01:00
David Taylor d8a8724f2b
FEATURE: Add detailed OAuth2 request and response logs 
This makes use of Faraday middleware to log precise details about all requests made by the OAuth2 gem. This should make it easier to debug configuration issues
 2020-04-30 17:15:35 +01:00
Josh Kerxhalli-Kleinfield ca5f555750
FEATURE: Allow using array indexes in json paths (#22) 2020-04-21 14:46:42 +01:00
David Taylor 1b9937b27d
DEV: Remove deprecated use of full_screen_login_setting 2020-04-20 14:20:02 +01:00
David Taylor 47a8211d9a
DEV: Correct OAuth2BasicAuthenticator namespace, remove spec workarounds 2020-04-14 21:32:35 +01:00
Penar Musaraj b00dce0684 Rubocop redundant return fix 2019-11-14 15:08:57 -05:00
Angus McLeod 5ae9f35e81 FEATURE: Migrate to ManagedAuthenticator (#21) 
This brings the plugin in-line with recent core improvements. Advantages include

- Account-linking logic and storage is shared between all authentication providers
- Optionally, users can be allowed to disconnect/reconnect their accounts
- The 'last used' date of an association is recorded
- Association metadata is recorded in the database for use in data explorer and other plugins

Data migration will be performed automatically, and all existing functionality is maintained.
 2019-07-27 16:34:17 +01:00
Angus McLeod eb31cdf44f Handle fetch user details failure (#20) 
* handle failure in get_user_details request

* add spec

* improve spec

* return nil on failure
 2019-07-11 10:31:51 -04:00
Angus McLeod a634ff896d Use token callback user details (#18) 
* Add way to use user details returned in token response

* Add spec

* Apply suggestions from code review

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
 2019-07-05 10:27:07 -04:00
Angus McLeod ef5b3ee1ff FEATURE: Allow provider to set email verification state (#17) 2019-06-26 11:03:52 +01:00
David Taylor 725717339e DEV: Remove use of deprecated parameter 2019-06-26 10:52:23 +01:00
Guo Xiang Tan c13a7b6f61
FIX: Keep compatibility with older version of Discourse. 2019-05-14 16:39:59 +08:00
Guo Xiang Tan 5a459fbb6e Add frozen string literal comment to files. 2019-05-13 10:49:26 +08:00
David Taylor 722fe23b4e FEATURE: Add site setting to override user email address during login 2019-03-26 20:38:46 +00:00
David Taylor 4ccc4d1d5a FIX: Send the `Accept: application/json` header when fetching user JSON 2019-03-12 11:58:40 +00:00
David Taylor 090f63c429 FIX: Download avatar for new users 
Previously avatars were only loaded on subsequent logins
 2019-02-05 14:53:34 +00:00
David Taylor 9ad5050143 DEV: Apply rubocop 2018-10-22 20:13:46 +01:00
Neil Lalonde 718ebbfbfe FIX: callback url on subfolder installs 2018-08-20 14:16:05 -04:00
David Taylor 3ce35cb7dd Add `enabled?` function to authenticator 2018-08-03 10:12:03 +01:00
Nick Shearer 0381f91bbe Add site setting to allow full screen login 2018-07-26 10:42:51 -05:00
Blake Erickson 04ef6494de Add support for scope and add some missing translations 
See this post on meta about the need for the ability to request a custom
scope:

https://meta.discourse.org/t/oauth2-basic-support/33879/116?u=blake
 2018-05-25 15:35:52 -06:00
misaka4e21 f603604caa
FEATURE: Support avatar retrieval. 2018-05-25 14:34:50 +08:00
Blake Erickson bce6e9e878 ADD: can now walk json that contains arrays 
I feel like this is kind of a hack to handle a change with Auth0 where
the actual user id is inside of an array of identities. While I do think
it would be good to build an actual plugin for Auth0 to better handle
their use case I do feel that it is important that we can handle Auth0
with this plugin for now.
 2018-05-16 14:53:10 -06:00
David Mejorado 6b5d7b4ef2 Remove unnecessary requires 2018-04-23 09:45:41 -07:00
David Mejorado 4d0be8081a Bump minor version 2018-04-20 19:33:53 -07:00
David Mejorado 287dcc15cc Add request methods for token and user_json urls 
Defaults to `GET`.

Context:

https://meta.discourse.org/t/oauth2-basic-support/33879/66?u=davidmh
 2018-04-20 15:58:24 -07:00
Leo McArdle 8fc2429496 FIX: make work with user_emails migration 2017-09-05 20:12:45 +01:00
Guo Xiang Tan be6b6ee9bb Fix rubocop offenses. 2017-08-02 15:05:31 +09:00
Robin Ward 4996165a84 SECURITY: Always validate `state` parameter 2017-05-17 15:24:43 -04:00
Robin Ward e2e999014f Add temporary parameter to ignore state with oauth2 basic 2017-05-08 10:53:46 -04:00
jomaxro 1a60017cc0 Add URL to plugin.rb 2017-04-26 00:42:12 -04:00
Robin Ward 5959f5f1bb FIX: Don't add `code` and `state` since most servers dont' want it 2017-03-28 17:35:41 -04:00
Neil Lalonde 6cbeeffc73 after successful auth, add record to PluginStore if record doesn't already exist 2016-11-04 11:34:24 -04:00
Sam 5efdb91abb remove debug code 2016-05-28 10:17:02 +10:00
Sam 120e2cfce4 jiggle stuff till it works 2016-05-27 18:10:01 +10:00
Sam ac16343335 pull in id from token 2016-05-27 17:58:02 +10:00
Sam 812364b9bb try id 2016-05-25 18:21:00 +10:00
Sam e8b2307acd Add setting for authorize options 2016-05-25 17:46:06 +10:00
Sam 9332779972 auth object is way to heavy 2016-05-25 16:40:57 +10:00
Sam 5bf30f90c2 we need more logging and somehow some stuff is being suppressed 2016-05-25 16:23:09 +10:00
Sam 870361be98 add option for debugging of auth 2016-05-25 15:44:18 +10:00
Robin Ward 7584d84986 Add option for setting Authorization header 2015-12-04 10:59:57 -05:00
Mikhail Vink b557addab2 Improvement: downcase the email when searching for an account by email 
Improvement of 2b9869e (FEATURE: If the email is verified, we can use that to find accounts): Downcasing the email which has been got from the OAuth provider, as the email entity is not case-sensitive in Discourse.
 2015-11-15 21:23:09 +01:00
Robin Ward 2b9869ef2e FEATURE: If the email is verified, we can use that to find accounts 2015-11-13 12:07:28 -05:00
Robin Ward 27ff369904 FIX: Looks like `token_params` weren't being attached properly 2015-11-11 13:00:40 -05:00
Robin Ward 7bc71b5378 FIX: Include the `Authorization` header for services that need it 2015-10-26 12:46:42 -04:00
Robin Ward fc46c60a81 Add `Authorization` header support. 2015-10-01 15:34:30 -04:00
Will Smith dd9f7404bc Fixes property name for user_id 2015-10-01 14:59:53 -04:00
Robin Ward 42cd312d07 Initial stab at basic OAuth2 2015-09-24 16:44:39 -04:00