stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-23 21:09:11 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,317 Commits 4 Branches 0 Tags
dcddc68f58dac2f0fe71f5a00ea4af32618efa13
Commit Graph

462 Commits

Author SHA1 Message Date
Andy Staudacher
dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Andy Staudacher
7099fc71f1 Fix for ticket 1004: Replace all uses of split with explode (none actually required regular expressions). Thanks to Brian Hartsock for providing a patch! 2010-02-06 13:05:44 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
b351ee48fe Fix a bug in valid_password() where an empty password was considered valid. 2010-02-02 21:34:20 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
6030d4eb65 Fix a bug in valid_name where it wasn't checking for name collisions on new users. 2010-02-01 21:20:05 -08:00
Bharat Mediratta
e1bf010d89 Force all non-guest users to have an email address since that's 
required in model validation.  Without this, any save on a user
without email will fail which means that you can't log in.

Bump user module to version 3.
 2010-01-31 20:50:52 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
69897b4c66 Fix the valid_admin code -- it was considering all non-admins invalid. 
Fixes ticket #997 (highest prime under 1000!)
 2010-01-30 16:20:44 -08:00
Tim Almdal
c4e3604315 Strongly type the argument list to the model::validate method. 2010-01-29 14:04:27 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
4b32a71afc Convert back to using ORM::factory(..., $id) instead of calling where(). 2010-01-27 22:34:11 -08:00
Bharat Mediratta
b6dab323ac Use ORM to create the users since now our validation can handle doing 
it the right way.  Set a default email address for admins.
 2010-01-25 20:42:48 -08:00
Bharat Mediratta
01dfa29888 Make some exceptions for guests: 
1) They don't require email
2) Guest users aren't in the everybody group.
 2010-01-25 20:40:44 -08:00
Bharat Mediratta
fecac4a859 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 
Conflicts:
	modules/gallery/tests/xss_data.txt
 2010-01-23 16:29:10 -08:00
Tim Almdal
b01fce613b Remove the g-right class on groups element on the manage user/groups page. fixes ticket #911 2010-01-22 14:16:41 -08:00
Tim Almdal
df313cac56 Change the check_environment method in the module helper and the module installers to can_activate to reflect that it is doing more than just checking the environment. 2010-01-22 12:30:17 -08:00
Tim Almdal
ae568b6182 Refactor the identity provider installation in to a common helper method (change_provider) with an initialization callback. 2010-01-22 12:09:11 -08:00
Tim Almdal
603c3049a1 Treat identity providers just like other modules and use the admin_module to 
install and switch to a different identity provider.
 2010-01-22 09:39:29 -08:00
Bharat Mediratta
e56318d07f Don't try to access ORM::$changed externally; it's protected. 2010-01-22 01:48:03 -08:00
Bharat Mediratta
2f9077e26a Simplify the test using the test helper. 2010-01-21 19:08:40 -08:00
Bharat Mediratta
b0ff4418d2 Stop using MY_ORM::original() 2010-01-20 22:55:22 -08:00
Bharat Mediratta
f0780486ee Fix typo: edit_user -> add_user. 2010-01-20 22:53:51 -08:00
Bharat Mediratta
b23f62259d Stop using MY_ORM::original(). 2010-01-20 22:52:11 -08:00
Bharat Mediratta
76da85a1a0 Extend Gallery_Unit_Test_Case instead of Unit_Test_Case. 2010-01-19 22:38:19 -08:00
Bharat Mediratta
f20fa2cfed Change IdentityProvider::create_user() to take $email as well, since that's a required 
parameter for the Gallery driver.
 2010-01-17 20:37:25 -08:00
Bharat Mediratta
ab7be17b7f Switch to model based validation approach. 2010-01-17 20:17:50 -08:00
Bharat Mediratta
5162e35d49 Use an empty password for the guest user. 2010-01-17 17:54:14 -08:00
Bharat Mediratta
cfb27dde02 Adjust installers to work with model based validation. 2010-01-17 13:28:24 -08:00
Bharat Mediratta
9488684220 Move model rules down into their validate() function for consistency. 
Change "in_use" error to "conflict" for consistency.
 2010-01-17 12:30:24 -08:00
Bharat Mediratta
5c49c041e7 Use "(string) $form" instead of "$form->__toString()" 2010-01-16 22:42:02 -08:00
Bharat Mediratta
4a2d5bc9e2 Convert Users_Controller to model based validation. 2010-01-16 21:24:18 -08:00
Bharat Mediratta
6a4dda9bde Convert Admin_Users_Controller, User_Model and Group_Model to use 
model based validation.
 2010-01-16 21:15:12 -08:00
Bharat Mediratta
a691dcc63c Convert Admin_Users::add_user() to use model based validation. Get 
the rules and business logic out of the form and user::create(), and
move it into User_Model::save().
 2010-01-16 19:58:55 -08:00
Bharat Mediratta
7f20f66079 Whitespace. 2010-01-16 18:00:02 -08:00
Bharat Mediratta
ff728b3ccd Whitespace. 2010-01-16 17:51:57 -08:00
Bharat Mediratta
dcf4b5e71a Don't pass MY_ORM::original() to update event handlers, since after 
parent::save() it'll be reset.  Clone it first.

This is an alternate fix for #978.
 2010-01-16 00:13:28 -08:00
Bharat Mediratta
058a84ed76 Convert ORM::in() to ORM::where(.., "IN", ..) for K24 compatibility. 2010-01-06 17:04:44 -08:00