discourse
/
discourse-oauth2-basic
mirror of https://github.com/discourse/discourse-oauth2-basic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
146 Commits 4 Branches 0 Tags 1.1 MiB
Commit Graph

146 Commits

Author SHA1 Message Date
discoursebot cc359e10fb
DEV: Update CI workflows (#55) 
Co-authored-by: davidtaylorhq <davidtaylorhq@users.noreply.github.com>
 2021-12-16 16:19:32 +00:00
Discourse Translator Bot 83d88d3d1b
Update translations (#54) 2021-12-14 14:54:04 +01:00
Angus McLeod 2303143266
DEV: Update plugin_spec (#53) 2021-11-24 10:38:12 +00:00
discoursebot 60c3a6e02a
DEV: Update CI workflows (#52) 
Co-authored-by: CvX <CvX@users.noreply.github.com>
 2021-09-15 19:58:40 +02:00
dependabot[bot] 5663d1ff9e
Bump path-parse from 1.0.6 to 1.0.7 (#51) 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-13 00:52:20 +02:00
Roman Rizzi 96d815c56c
DEV: Restos skipped test. Plugins can reset a single registry now. follow-up to 3e3c2ae (#50) 2021-07-02 13:38:59 -03:00
discoursebot 785a97a4c8
DEV: Update CI workflows (#49) 
Co-authored-by: davidtaylorhq <davidtaylorhq@users.noreply.github.com>
 2021-07-02 16:40:15 +02:00
Alan Guo Xiang Tan 3e3c2ae44d
DEV: Skip test that is resetting state of other plugins. (#48) 
Follow-up to d1a912ebc8
 2021-07-02 16:16:03 +08:00
Roman Rizzi d1a912ebc8
FEATURE: Fetch custom attributes from the user details. (#47) 
Other plugins can tell the authenticator to traverse the user details JSON using custom paths and store the values in the user associated account extra field.
 2021-07-01 18:23:27 -03:00
dependabot[bot] 6ee31f6b02
Bump glob-parent from 5.1.1 to 5.1.2 (#46) 
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-12 13:58:46 +02:00
Discourse Translator Bot c3404ed877
Update translations (#45) 2021-06-01 15:11:22 +02:00
Discourse Translator Bot 50aca4050f
Update translations (#44) 2021-05-25 15:26:44 +02:00
dependabot[bot] ed3255fea0
Bump lodash from 4.17.20 to 4.17.21 (#43) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-10 13:39:55 -04:00
dependabot[bot] 60a8ba05c2
Bump rexml from 3.2.4 to 3.2.5 (#42) 
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-02 17:07:53 +02:00
Robin Ward 60eeb0d338
Hide the `oauth2_disable_csrf` setting (#41) 
It can be useful for homegrown CSRF setups or while debugging but it is
not secure and should only be used if you really know what you're doing.
 2021-04-21 13:30:28 -04:00
David Taylor f45cd3edf9
FEATURE: Handle invalid email_verified data from identity provider (#40) 
Some identity providers send email_verfied as a 'true'/'false' string, not a boolean. (e.g. this bug in Auth0: https://community.auth0.com/t/27553)

This commit adds automatic handling for this case, so that the string is automatically converted into a real boolean.
 2021-04-21 11:16:25 +01:00
Discourse Translator Bot 76eeb5a35d
Update translations (#39) 2021-04-20 15:30:18 +02:00
babayotakun cef99620a1
Allow to disable CSRF check during the oauth login. (#38) 
* Ignore CSRF check.

* Ignore CSRF check as a plugin setting.

Co-authored-by: Kalach, Dmitry <d.kalach@itransition.com>
 2021-04-19 12:39:45 -04:00
dependabot[bot] f025ed03f2
Bump y18n from 4.0.0 to 4.0.1 (#37) 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-01 09:56:39 +02:00
David Taylor 59c3d9aa5e
DEV: Clean up plugin.rb (#36) 
- Remove Faraday version check - all versions of Discourse now have Faraday 1.0
- Remove custom button CSS. Core now takes care of styling login buttons
- Remove deprecated `message` parameter from auth_provider registration
 2021-03-30 11:29:22 +01:00
Discourse Translator Bot aaf3044043
Update translations (#35) 2021-03-16 15:45:23 +01:00
David Taylor a9ad67c4c6
FEATURE: Allow using a different authorize_url for signup (#34) 
If specified, the oauth2_authorize_signup_url will be used when the user starts the auth flow via the 'sign up' buttons in the UI. If not specified, the regular authorize_url continues to be used.
 2021-03-10 12:29:58 +00:00
discoursebot b0c42536f6
DEV: Update CI workflows (#32) 
Co-authored-by: CvX <CvX@users.noreply.github.com>
 2021-03-10 13:10:36 +01:00
David Taylor 96a0bde0aa
FEATURE: Allow JSON paths with literal dots in the keys (#33) 
This is achieved by surrounding a key with double quotes, or by escaping
the dot character with a backslash.

For example, given the JSON

```
{ "www.example.com/uid": "myuid" }
```

Previously, there was no way to access this value. The dots would make
the parser try to access `json["www"]["example"]["com/uid"]`.

Now, this value can be accessed by using a `oauth2_json_user_id_path` like:

```
www\.example\.com/uid
```
or alternatively:
```
"www.example.com/uid"
```
 2021-03-10 11:48:58 +00:00
Discourse Translator Bot 0be01f0afd
Update translations (#31) 2021-02-09 14:47:52 +01:00
Discourse Translator Bot df0b2c5460
Update translations (#30) 2021-01-26 14:48:54 +01:00
discoursebot b3abeec4ca
DEV: Update CI workflows (#28) 
Co-authored-by: justindirose <justindirose@users.noreply.github.com>
 2021-01-04 14:18:20 -06:00
Discourse Translator Bot 66b0d391ef
Update translations (#27) 2020-12-22 14:46:10 +01:00
Discourse Translator Bot 820a6f856f
Update translations (#26) 2020-12-15 15:23:29 +01:00
Discourse Translator Bot 29e828fccf
Update translations (#25) 2020-11-24 17:22:12 +01:00
Discourse CI 485aec9148 DEV: Update CI workflows 2020-11-15 16:09:42 +00:00
Discourse CI 80d7ea85a5 DEV: Update CI workflows 2020-10-14 16:27:52 +00:00
Discourse CI d9c7312be6 DEV: Update CI workflows 2020-10-12 08:16:48 +00:00
Discourse CI c1f4e63063 DEV: Update CI workflows 2020-10-09 19:03:13 +00:00
Justin DiRose 005457ccf8
DEV: Apply coding standards (#24) 2020-10-09 13:50:54 -05:00
Discourse CI 365cfbc209 DEV: Update CI workflows 2020-10-09 16:15:04 +00:00
Discourse CI d025d1f186 DEV: Update CI workflows 2020-10-09 15:09:49 +00:00
Discourse Translator Bot db84540470 Update translations 2020-10-06 15:19:21 +02:00
Discourse Translator Bot 13ed44486a Update translations 2020-09-22 13:05:19 +00:00
Discourse Translator Bot 1f6eced849 Update translations 2020-09-16 10:19:28 +00:00
Discourse Translator Bot d2cb7e9470 Update translations 2020-08-18 13:03:21 +00:00
Discourse Translator Bot 399685ee83 Update translations 2020-08-11 13:05:09 +00:00
Discourse Translator Bot 3c3aa6e0b0 Update translations 2020-08-05 13:29:14 +00:00
Discourse Translator Bot 16543fad72 DEV: Switch from Transifex to Crowdin 2020-07-16 14:01:06 +02:00
Neil Lalonde c6245de6fb
Update translations 2020-06-24 11:41:41 -04:00
Neil Lalonde 6dc9131fb9
Update translations 2020-05-27 16:54:50 -04:00
Neil Lalonde e045df91d7
Update translations 2020-05-04 10:50:16 -04:00
Guo Xiang Tan 56e32d9bf6
DEV: Move to rubocop-discourse. 2020-05-04 10:34:14 +08:00
David Taylor 5984e52dc6
DEV: Fix rubocop offences 2020-04-30 18:49:15 +01:00
David Taylor be136eacb4
FEATURE: Allow disabling request_body authentication for token endpoint 
By default we include both authentication data in both the Authorization header, and in the request body. This provides maximum compatibility, although is technically a breach of the OAuth2 specification. This commit introduces a new site setting `oauth2_send_auth_body`, which allows the behavior to be controlled.
 2020-04-30 17:28:22 +01:00