stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-12 08:55:20 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,668 Commits 4 Branches 0 Tags
ec052d71301acbf519947897f8adda7fdcf7fefb
Commit Graph

182 Commits

Author SHA1 Message Date
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
74113f869a Fix for ticket #1037: Only show language drop-down when there's actually a choice. 2010-02-27 20:21:22 -08:00
Andy Staudacher
a18ddd2fe9 Add more randomness to reset password mechanism. 2010-02-27 15:39:36 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
e56318d07f Don't try to access ORM::$changed externally; it's protected. 2010-01-22 01:48:03 -08:00
Bharat Mediratta
f0780486ee Fix typo: edit_user -> add_user. 2010-01-20 22:53:51 -08:00
Bharat Mediratta
b23f62259d Stop using MY_ORM::original(). 2010-01-20 22:52:11 -08:00
Bharat Mediratta
9488684220 Move model rules down into their validate() function for consistency. 
Change "in_use" error to "conflict" for consistency.
 2010-01-17 12:30:24 -08:00
Bharat Mediratta
5c49c041e7 Use "(string) $form" instead of "$form->__toString()" 2010-01-16 22:42:02 -08:00
Bharat Mediratta
4a2d5bc9e2 Convert Users_Controller to model based validation. 2010-01-16 21:24:18 -08:00
Bharat Mediratta
6a4dda9bde Convert Admin_Users_Controller, User_Model and Group_Model to use 
model based validation.
 2010-01-16 21:15:12 -08:00
Bharat Mediratta
a691dcc63c Convert Admin_Users::add_user() to use model based validation. Get 
the rules and business logic out of the form and user::create(), and
move it into User_Model::save().
 2010-01-16 19:58:55 -08:00
Bharat Mediratta
ff728b3ccd Whitespace. 2010-01-16 17:51:57 -08:00
Bharat Mediratta
057e8d09af Convert a bunch of leftover kohana::show_404 calls to throw 
Kohana_404_Exception instead.  These are the ones where we used a
lower-case 'k' so my previous filter didn't catch it.
 2009-12-23 20:51:33 -08:00
Bharat Mediratta
0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
6bdb8c3d55 Correct inconsistent captialization. Fixes #906 2009-11-21 09:36:19 -08:00
Bharat Mediratta
1067e68292 Redesign the way that we consider page types to create buckets of page 
types, and a subtype for specifics.  Currently the top level bucket

   collection, item, other

Here are the core subtypes so far:

   collection: album, search, tag
   item: movie, photo
   other: login, reset, comment-fragment, comment

It's legal to create new page_subtypes whenever you want.  Use the
appropriate page_type to get the coarse grain behavior that you want.
 2009-11-17 14:04:45 -08:00
Chad Kieffer
dbe6476255 Remove width class from add group form, it sizes the form's elements, not the form itself. 2009-11-06 20:26:09 -07:00
Tim Almdal
1c428df9e0 Revert "Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag." 
This reverts commit 04bf50bfb4.
 2009-10-31 16:16:47 -07:00
Tim Almdal
ddf8734a41 Caught a few more incorrect capitalizations. 2009-10-30 08:33:31 -07:00
Tim Almdal
04bf50bfb4 Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag. 2009-10-29 17:09:01 -07:00
Tim Almdal
3b4a64c698 Check the minimum length when adding or modifying users via the admin screen. 2009-10-27 14:21:59 -07:00
Tim Almdal
1347a30050 Add a password strength meter. 2009-10-27 12:23:48 -07:00
Tim Almdal
156a99beef Set the minimum password length to 5. The gallery owner can change this in the advance settings. 2009-10-27 10:13:52 -07:00
Tim Almdal
2dcd8f8a25 When we are changing the password using the change password from as part of the password reset, the input value is in the post[hash] variable as opposed to the get(key) value. This should fix ticket #850. 2009-10-27 07:35:28 -07:00
Tim Almdal
0a6b540092 Merge branch 'master' into talmdal_dev 
Conflicts:
	modules/server_add/helpers/server_add_theme.php
 2009-10-24 07:28:22 -07:00
Chad Kieffer
3814186592 Created user.css. Moved user-related form css to the new sheet. 2009-10-23 22:25:36 -06:00
Tim Almdal
2e998664d5 move controllers and views to the user module to make the Identity Provider refactor smaller 2009-10-23 09:23:02 -07:00
Tim Almdal
3c936d661a Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class 2009-10-22 13:11:03 -07:00
Tim Almdal
098b57bf18 Simplify the user interface by moving the password reset functionality into the user module 
Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names.
Make sure all the unit tests work.
 2009-10-19 12:53:44 -07:00
Tim Almdal
78ee4193b7 Remove all non Identity API methods from Identity.php. Created an MY_Session class to provide the user state changes in the session and a login.php helper that has the login form. 2009-10-16 10:06:58 -07:00
Tim Almdal
bc241e44c2 Cleanup merge of user/group helpers into Identity interface. Reduce redundant code in the user module and remove references to the Identity helper from the user module as the user module should be able to access things directly. Simplify the get_user_list api method to just accept an array of ids to return user objects for. 2009-10-16 08:55:26 -07:00
Tim Almdal
00eacd659f Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module. 2009-10-16 08:53:31 -07:00