Commit Graph

17 Commits

Author SHA1 Message Date
Dan Brown
88e6f93abf
Prevented auto-login from direct email confirmation actions
Was done for convenience but could potentially be exploited by an
attacker using signing up via one of these routes, then forwarding
an email confirmation to another user so they unknowingly utilise
an account someone else controls.

Tweaks the flow of confirming email, and the user invite flow.

For #3050
2021-11-15 10:50:28 +00:00
Dan Brown
f77236aa38
Laravel 7.x Shift (#3011)
* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7

Co-authored-by: Shift <shift@laravelshift.com>
2021-10-26 22:04:18 +01:00
Dan Brown
78e94bb003
Improved login redirect and setup experience
- Updated auth system for mfa to not update intended URL so that the
  user is not redirected to mfa setup after eventual login.
- Added notification for users setting up MFA, after setup when
  redirected back to login screen to advise that MFA setup was complete
  but they need to login again.
- Updated some bits of wording to display better.
2021-08-21 15:14:24 +01:00
Dan Brown
f1f59cf086
Extracted text to translation files
Also aligned mfa method delete route to align with others.
2021-08-08 14:24:44 +01:00
Dan Brown
4597069083
Added Backup code verification logic
Also added testing to cover as part of this in addition to adding the
core backup code handling required.

Also added the standardised translations for switching mfa mode and
adding testing for this switching.
2021-08-02 16:35:37 +01:00
Dan Brown
ba1be9d710
Updated password reset process not to indicate if email exists
- Intended to prevent enumeration to check if a user exists.
- Updated messages on both the reqest-reset and set-password elements.
- Also updated notification auto-hide to be dynamic based upon the
amount of words within the notification.
- Added tests to cover.

For #2016
2020-04-10 13:38:08 +01:00
Dan Brown
140298bd96
Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown
42d8548960
Finished new user invite flow 2019-08-18 13:11:30 +01:00
Dan Brown
44330bdd24
Start user invite system 2019-08-17 15:52:33 +01:00
Dan Brown
e0c229114f
Updated register link text/placement on login card
- Also extracted "Already have account?" text to translation files.
2019-04-21 12:45:09 +01:00
Dan Brown
2753629dbe
Cleaned up script and formatted remaining EN files 2018-12-16 13:12:13 +00:00
Dan Brown
86625a7642
Neatened up social login/register buttons 2017-02-05 15:28:53 +00:00
Dan Brown
573357a08c
Extracted text from logic files 2016-12-04 16:51:39 +00:00
Dan Brown
0775cd09a1
Extracted text for remaining views 2016-12-04 14:08:04 +00:00
Dan Brown
694a9459c1
Moved text from auth views into lang files 2016-11-13 16:34:28 +00:00
Dan Brown
e0235fda8b
Made registration gravatar/email requests fail gracefully
* Extracted any email confirmation text into langs.
* Added new notification on confirmation email send fail.

Closes #187
2016-09-17 21:33:55 +01:00
Dan Brown
9dc9724e15 Laravel 5.3 upgrade (#189)
* Started move to laravel 5.3

* Started updating login & registration flows for laravel 5.3 update

* Updated app emails to notification system

* Fixed registations bugs and removed email confirmation model

* Fixed large portion of laravel post-upgrade issues

* Fixed and tested LDAP process
2016-09-17 18:22:04 +01:00