osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
3e0c8d48e9
osr-discourse-src/app/assets/javascripts/discourse/app/controllers
History
Osama Sayegh eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386) 
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
..
badges FIX: Don't try to load badges if there none left (#13695) 2021-07-14 14:42:31 +10:00
discovery FEATURE: Add mobile support for subcategories-with-featured-topics (#16118) 2022-03-08 22:06:27 +00:00
navigation DEV: Use import { inject as controller} Ember idiom (#13140) 2021-05-25 18:37:32 +02:00
preferences FIX: Allow admins to change user ignore list (#16129) 2022-03-09 14:51:30 +10:00
about.js FIX: do not include contact url & email in client site settings payload (#13004) 2021-05-19 16:15:24 +10:00
account-created-edit-email.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
account-created-index.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
activation-edit.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
application.js FIX: iOS do not have working push notifications yet (#15888) 2022-03-03 16:19:46 -03:00
associate-account-confirm.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
auth-token.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
avatar-selector.js FEATURE: upload an avatar option for uploading avatars with selectable avatars (#15878) 2022-02-24 12:57:39 -08:00
basic-modal-body.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
bookmark.js FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
bulk-notification-level.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
change-owner.js FIX: Call _clearFlash() when displaying a modal (#14848) 2021-11-09 17:51:50 -05:00
change-post-notice.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
change-timestamp.js FIX: Call _clearFlash() when displaying a modal (#14848) 2021-11-09 17:51:50 -05:00
composer.js FEATURE: Allow multiple required tag groups for a category (#16381) 2022-04-06 14:08:06 +01:00
convert-to-public-topic.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
create-account.js DEV: Fix set-after-destroy issues (#15078) 2021-11-24 20:13:52 +01:00
create-invite-bulk.js FEATURE: Various improvements to invite system (#12023) 2021-03-03 11:45:29 +02:00
create-invite.js FEATURE: Show error if invite to topic is invalid (#15959) 2022-02-16 18:35:02 +02:00
delete-topic-confirm.js FIX: Call _clearFlash() when displaying a modal (#14848) 2021-11-09 17:51:50 -05:00
discard-draft.js FEATURE: Allow users to save draft and close composer (#12439) 2021-03-19 09:19:15 -04:00
discovery-sortable.js DEV: allow min_posts to be automatically passed (#16042) 2022-02-23 20:06:17 -05:00
discovery.js FIX: When loading more topics, showFooter was not updated properly 2022-01-05 15:12:40 -05:00
dismiss-notification-confirmation.js Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
do-not-disturb.js FEATURE: Create notification schedule to automatically set do not disturb time (#11665) 2021-01-20 10:31:52 -06:00
download-calendar.js FIX: improvements for download local dates (#14588) 2021-10-14 09:22:44 +11:00
edit-category-tabs.js UX: Small tweak to category delete warning (#11799) 2021-01-26 09:43:47 -05:00
edit-slow-mode.js UX: show Update button instead of Enable button when slow mode is already enabled (#13077) 2021-05-25 13:33:39 +04:00
edit-topic-timer.js FIX: Call _clearFlash() when displaying a modal (#14848) 2021-11-09 17:51:50 -05:00
edit-user-directory-columns.js DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
email-login.js DEV: Bump eslint-config-discourse (#14868) 2021-11-10 09:31:41 +10:00
exception.js FEATURE: Improvement to history stack handling on server errors 2021-06-21 11:09:23 -07:00
explain-reviewable.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
feature-topic-on-profile.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
feature-topic.js DEV: Use import { inject as controller} Ember idiom (#13140) 2021-05-25 18:37:32 +02:00
flag.js DEV: avoid sending events to a destroying object and enable few skipped tests (#15030) 2021-12-01 18:21:44 +04:00
forgot-password.js FEATURE: hide_email_address_taken forces use of email in forgot password form (#15362) 2021-12-20 12:54:10 +11:00
full-page-search.js REFACTOR: Abstract search link click logging (#16317) 2022-03-30 10:10:39 -04:00
fullscreen-code.js FEATURE: Add fullscreen button for code blocks (#16044) 2022-03-01 08:37:24 +10:00
grant-badge.js DEV: Bump eslint-config-discourse (#14868) 2021-11-10 09:31:41 +10:00
group-activity-posts.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
group-activity-topics.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
group-activity.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
group-add-members.js FIX: Reintroduce add group user by email (#13581) 2021-06-30 17:59:22 +03:00
group-default-notifications.js FEATURE: update existing users when group default notifications changed. (#13434) 2021-07-15 19:53:57 +05:30
group-index.js DEV: don't swallow a promise from group.findMembers method and switch to using async/await (#13888) 2021-07-30 21:00:34 +04:00
group-manage-categories.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
group-manage-logs.js DEV: enforces eslint’s curly rule to the codebase (#10720) 2020-09-22 16:28:28 +02:00
group-manage-profile.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
group-manage-tags.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
group-manage.js FIX: Show group Email settings if just SMTP enabled (#13362) 2021-06-15 10:09:25 +10:00
group-messages.js FIX: Allow mobile-nav to work without loading transitions (#12184) 2021-02-23 11:16:40 +00:00
group-permissions.js FEATURE: Group category permissions tab (#10388) 2020-08-10 09:49:05 -05:00
group-requests.js FIX: Ascending/descending sorting in the group membership requests page 2021-07-16 11:02:24 +03:00
group.js UX: Don't display group messages link for group with no messages. (#14453) 2021-09-29 10:18:56 +08:00
groups-index.js Revert "Revert "DEV: Wrap Ember.run.debounce. (#11352)"" (#11509) 2020-12-18 10:18:52 -03:00
groups-new.js DEV: Deprecate {{user-selector}} and replace it with {{email-group-user-chooser}} (#12042) 2021-02-12 13:51:36 +03:00
history.js FEATURE: Highlight changed tags in post revisions (#15072) 2021-11-24 18:51:25 +02:00
ignore-duration-with-username.js FIX: Allow admins to change user ignore list (#16129) 2022-03-09 14:51:30 +10:00
ignore-duration.js FIX: Bug setting notification level to muted/ignored on user page (#16268) 2022-03-25 10:51:45 -05:00
insert-hyperlink.js FIX: Close hyperlink modal on ESC key (#13166) 2021-05-26 15:11:12 -04:00
invites-show.js UX: Require a password for invited users (#16291) 2022-04-05 14:57:15 +03:00
json-schema-editor.js DEV: Add experimental json_scheme site setting type (#12226) 2021-03-01 09:15:17 -05:00
jump-to-post.js DEV: minor refactoring or jump-to-post (#15312) 2021-12-15 12:09:26 +01:00
keyboard-shortcuts-help.js DEV: API to add keyboard shortcuts to help modal (#16075) 2022-03-01 14:37:26 -06:00
login.js FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
modal.js DEV: Add the missing app subdirectory (#9499) 2020-04-23 10:07:54 -03:00
move-to-topic.js FIX: post mover validation color and message (#15688) 2022-02-02 16:22:52 +11:00
not-activated.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
password-reset.js DEV: Bump eslint-config-discourse (#14868) 2021-11-10 09:31:41 +10:00
preferences.js FIX: don't allow category and tag tracking settings on staged users (#13688) 2021-07-16 14:50:40 -04:00
publish-page.js UX: publishes page, on public change, only when page is published (#12123) 2021-02-18 17:34:50 +01:00
raw-email.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
reject-reason-reviewable.js FEATURE: reason to reject user signup (#11700) 2021-01-15 09:43:26 +11:00
reorder-categories.js UX: Improvements for reordering categories (#13013) 2021-06-09 13:01:06 +03:00
request-group-membership-form.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
review-index.js FIX: review queue scrolling is not working after take an action. (#16346) 2022-04-04 14:48:06 +05:30
review-settings.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
second-factor-add-security-key.js DEV: Bump eslint-config-discourse (#14868) 2021-11-10 09:31:41 +10:00
second-factor-add-totp.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
second-factor-auth.js FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386) 2022-04-13 15:04:09 +03:00
second-factor-backup-edit.js DEV: Sort imports alphabetically (#11382) 2020-12-01 15:31:26 -03:00
second-factor-edit-security-key.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
second-factor-edit.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
share-and-invite.js DEV: Add the missing app subdirectory (#9499) 2020-04-23 10:07:54 -03:00
share-topic.js SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
static.js UX: fix button alignment on log-in required page (#11965) 2021-02-04 14:38:58 +11:00
tag-groups-edit.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
tag-groups-new.js UX: Adjustments to tag groups layout (#13269) 2021-06-03 13:58:28 -04:00
tag-groups.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
tag-show.js DEV: Refactor tag-show route (#16217) 2022-03-21 12:20:51 +00:00
tags-index.js DEV: rename refresh action to avoid regressions in the future (#14721) 2021-10-27 14:53:04 +04:00
topic-bulk-actions.js FEATURE: Rename Reset Read bulk action to Defer (#15972) 2022-02-21 22:45:01 +02:00
topic.js FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
user-activity-bookmarks.js FEATURE: Save scroll position on bookmarks page (#15296) 2021-12-15 15:27:09 +02:00
user-activity.js FEATURE: Display pending posts on user’s page 2021-11-29 10:26:33 +01:00
user-badges.js FEATURE: Make max number of favorite configurable (#13480) 2021-06-22 18:58:03 +03:00
user-card.js FEATURE: Optional filtered replies view (#11387) 2020-12-10 12:02:07 -05:00
user-invited-show.js DEV: Invite page changes (#15175) 2021-12-02 13:18:11 -06:00
user-invited.js UX: Improve route hierarchy in for user-invites (#14583) 2021-10-12 17:39:47 +01:00
user-notifications.js FEATURE: improve "blank page syndrome" on the user notifications page (#14103) 2021-08-25 20:57:27 +04:00
user-posts.js DEV: Use method definition syntax consistently (#14915) 2021-11-13 14:01:55 +01:00
user-private-messages-tags.js DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
user-private-messages.js DEV: Use @bind instead of repeated .bind(this) (#14931) 2021-11-15 10:07:53 +01:00
user-summary.js DEV: Use import { inject as controller} Ember idiom (#13140) 2021-05-25 18:37:32 +02:00
user-topics-list.js FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
user.js FIX: hide user notifications tab for moderator users. (#16406) 2022-04-07 14:37:37 +05:30
users.js FIX: set null to group if groupAttrs param is not available. (#14795) 2021-11-14 19:53:50 +05:30