stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-12 00:45:21 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,668 Commits 4 Branches 0 Tags
ec052d71301acbf519947897f8adda7fdcf7fefb
Commit Graph

472 Commits

Author SHA1 Message Date
ckieffer
9911372d58 Removed self-closing slash from opening <li> tag. 2010-06-15 09:14:09 -07:00
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
27b29afd7c Add user::valid_username() as a validation helper. 2010-04-17 12:26:52 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
74113f869a Fix for ticket #1037: Only show language drop-down when there's actually a choice. 2010-02-27 20:21:22 -08:00
Andy Staudacher
a18ddd2fe9 Add more randomness to reset password mechanism. 2010-02-27 15:39:36 -08:00
Chad Kieffer
f4fc245603 Add link to edit user group names. Closes ticket #1028. 2010-02-20 10:48:27 -07:00
Bharat Mediratta
7d98d4b7b9 Revert "Fix for ticket #491: Make user and group names translatable." 
This reverts commit 4091219425.
 2010-02-18 16:20:59 -08:00
Bharat Mediratta
99c131e845 Revert "Never assign a SafeString instance to a Model member (or hell will break loose)." 
This reverts commit dcddc68f58.
 2010-02-18 16:20:23 -08:00
Andy Staudacher
dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Andy Staudacher
7099fc71f1 Fix for ticket 1004: Replace all uses of split with explode (none actually required regular expressions). Thanks to Brian Hartsock for providing a patch! 2010-02-06 13:05:44 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
b351ee48fe Fix a bug in valid_password() where an empty password was considered valid. 2010-02-02 21:34:20 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
6030d4eb65 Fix a bug in valid_name where it wasn't checking for name collisions on new users. 2010-02-01 21:20:05 -08:00
Bharat Mediratta
e1bf010d89 Force all non-guest users to have an email address since that's 
required in model validation.  Without this, any save on a user
without email will fail which means that you can't log in.

Bump user module to version 3.
 2010-01-31 20:50:52 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
69897b4c66 Fix the valid_admin code -- it was considering all non-admins invalid. 
Fixes ticket #997 (highest prime under 1000!)
 2010-01-30 16:20:44 -08:00
Tim Almdal
c4e3604315 Strongly type the argument list to the model::validate method. 2010-01-29 14:04:27 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
4b32a71afc Convert back to using ORM::factory(..., $id) instead of calling where(). 2010-01-27 22:34:11 -08:00
Bharat Mediratta
b6dab323ac Use ORM to create the users since now our validation can handle doing 
it the right way.  Set a default email address for admins.
 2010-01-25 20:42:48 -08:00
Bharat Mediratta
01dfa29888 Make some exceptions for guests: 
1) They don't require email
2) Guest users aren't in the everybody group.
 2010-01-25 20:40:44 -08:00
Bharat Mediratta
fecac4a859 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 
Conflicts:
	modules/gallery/tests/xss_data.txt
 2010-01-23 16:29:10 -08:00
Tim Almdal
b01fce613b Remove the g-right class on groups element on the manage user/groups page. fixes ticket #911 2010-01-22 14:16:41 -08:00
Tim Almdal
df313cac56 Change the check_environment method in the module helper and the module installers to can_activate to reflect that it is doing more than just checking the environment. 2010-01-22 12:30:17 -08:00
Tim Almdal
ae568b6182 Refactor the identity provider installation in to a common helper method (change_provider) with an initialization callback. 2010-01-22 12:09:11 -08:00
Tim Almdal
603c3049a1 Treat identity providers just like other modules and use the admin_module to 
install and switch to a different identity provider.
 2010-01-22 09:39:29 -08:00
Bharat Mediratta
e56318d07f Don't try to access ORM::$changed externally; it's protected. 2010-01-22 01:48:03 -08:00
Bharat Mediratta
2f9077e26a Simplify the test using the test helper. 2010-01-21 19:08:40 -08:00
Bharat Mediratta
b0ff4418d2 Stop using MY_ORM::original() 2010-01-20 22:55:22 -08:00
Bharat Mediratta
f0780486ee Fix typo: edit_user -> add_user. 2010-01-20 22:53:51 -08:00
Bharat Mediratta
b23f62259d Stop using MY_ORM::original(). 2010-01-20 22:52:11 -08:00
Bharat Mediratta
76da85a1a0 Extend Gallery_Unit_Test_Case instead of Unit_Test_Case. 2010-01-19 22:38:19 -08:00
Bharat Mediratta
f20fa2cfed Change IdentityProvider::create_user() to take $email as well, since that's a required 
parameter for the Gallery driver.
 2010-01-17 20:37:25 -08:00
Bharat Mediratta
ab7be17b7f Switch to model based validation approach. 2010-01-17 20:17:50 -08:00
Bharat Mediratta
5162e35d49 Use an empty password for the guest user. 2010-01-17 17:54:14 -08:00