* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
* Use of existing tag name via input field
Use existing tag name, when tag name is typed into tag list's text field
* Indentation mistake
Just an indentation correction
* Final correction
Missed line 35.
We output a space by default in the user interface for setting feed
passwords, in order to prevent aggressive password autocompletion
https://github.com/FreshRSS/FreshRSS/pull/881
However, user might not always override this white space when entering
the password. So here we trim.
(I believe legitimate leading / trailing spaces in passwords are
sufficiently rare not to be a problem)
When the user do not want to use a shortcut, he can let the shortcut value
empty. This will save an empty configuration thus disabling the shortcut.
The load default action allows to use default shortcut only for disabled
shortcuts.
See #3110
FeedMe is able to add/remove subscriptions.
Fix minor bug introduced by
https://github.com/FreshRSS/FreshRSS/pull/1731
If the category ID is provided, we must first search for the existing
category before trying to add a category with the provided name.
Fix:
```
SQL error addCategory: ["23000",19,"UNIQUE constraint failed:
category.name"]
```
Even if the issue #3035 seemed pretty simple at a first glance, it was
more complicated than I expected. Because we send CSP headers AFTER
running the controller actions, it means we can't "echo" any content
from the controller. It's in fact a good practice, but it was easier at
the time we developed the feature.
To fix that, the only thing I had to do was to move the `print()` and
`readfile()` function into the view. The problem was that we needed to
output the content from the CLI too. Then, things became more
complicated. I decided to extract the export-related methods in a
`FreshRSS_Export_Service` class, in order to use it from both the
controller and the CLI. It was an opportunity to refactor the whole
feature in order to make it a bit more linear and easy to read.
Reference: https://github.com/FreshRSS/FreshRSS/issues/3035
Before, the user queries were working filter-wise but they failed at being displayed
properly in the configuration page. Thus they were stored without the search param.
Now, the search is URL encoded to avoid that kind of behavior and keep the search
param through out the user query's life.
Before, when the user was not logged in, pages where translated with the '_' user language.
Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.
* Fix fetch preview
#fix https://github.com/FreshRSS/FreshRSS/issues/2923
In MariaDB / MySQL, we cannot start a new query if we have not consumed
the previous buffered query fully.
* Fix for reload
* Typo in comment
* Fix nav_menu mark-as-read
#Fix https://github.com/FreshRSS/FreshRSS/issues/2905
Fix regression from https://github.com/FreshRSS/FreshRSS/pull/2588
We need info about the first item (id_max) before being able to output
nav_menu. Before https://github.com/FreshRSS/FreshRSS/pull/2588 we used
to output everything in memory before starting to produce an output. Now
that we stream the output, we need a temporary buffer until we have
received the first item/article.
* Repair loading page
* Simplify CSS
Make it work in Chrome as well
* Lint
* Partial revert
* Base max_id solely on current time
* Add new last_login param to default user config
* Add English translation strings for last login feature
* Update last_login when user successfully logs in.
* Add last_login column to manage users screen
* Add last_login to user details screen
* Remove accidental docker-compose.yml
* Fix whitespace
* Use last modified time for config file
* Remove last_login field from default user config
* Touch user configuration file upon succesful login
* Add translations with todos
* Fix whitespace
* Use last_user_activity
* Semi-colomn
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Filenames were created with the username of the current user. However,
when we export the files with the CLI, the current user is "_".
This commit makes the username always required in the `exportFile`
method so we make sure to always manipulate a real value. Consequently,
the filenames can be formatted correctly.
Obviously, this has absolutely no impacts since the CLI doesn't consider
the HTTP headers. It just makes things a bit more clear. It's a first
step to remove the concept of "default user".
Small fixes related to when WebSub changes address:
* When unsubscribing, one must use the current/old address, not the
newly found selfUrl;
* This change
https://github.com/FreshRSS/FreshRSS/pull/2659#discussion_r347263068 was
wrong, so reverted to the first version. We must obey the rules also for
feeds for which the initial WebSub enabling is not finished, otherwise
we never have a chance to redirect the feed to the proper selfUrl.
* Keep the user on login page on failure
* Show an error if username already exists
* Check the password format in the backend
* Return a better message if username is invalid
* Add a title to the login page
* wip: Improve look of login and register pages
* Set a capital M in username help message
On the registration page, username tip started with a minuscule, while
the password tip started with a capital.
* Change message if username is taken
* Better performance with yield
Largely decrease the time to first byte, and reduced memory consumtion.
Before, we used to make several copies in memory of the whole list of
articles before sending them to the client. Now streamed as they are
processed.
* Travis
- Add a maintenance section to be able to clear cache and force reload a feed.
- Add an icon next to path field to show a pop-up with the result of the content path.
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Marien Fressinaud <dev@marienfressinaud.fr>
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
For an extension, I needed to call a script from an external domain.
Unfortunately, the CSP headers didn't allow this domain and I had to
patch manually the FreshRSS FrontController for my extension. It's
obviously not a long-term solution since it has nothing to do in the
core of FRSS, and I don't want to apply this patch manually at each
update.
With this patch, I allow changing the CSP header from inside the
controller actions. It allows extensions to modify headers. It's also an
opportunity to remove a bit of code from the FrontController. I wasn't
happy with the previous implementation anyhow.
Reference: https://github.com/flusio/xExtension-Flus/commit/ed12d56#diff-ff12e33ed31b23bda327499fa6e84eccR143
When managing users, I've added the language they selected to be able
to communicate with them with the selected language (if I know it).
It could be useful when managing a community or a paid service.
* Extract hashPassword method from userController
* Extract and refactor fever key-related methods
* Move update of API password to dedicated action
* Simplify the controller by refactoring feverUtil
* Add locales
Before, the use of the user management page was a little bit tedious
when there was many users. One must select a user to view some
metrics, to update it, or to delete it.
Now, the view is clearer because it shows all users at once with
their metrics. I introduced a detail page that repeats the metrics
but also allow to purge the user's feeds, to update or delete the
user.
This is the first step to make that page more useful and user-friendly.
I have in mind to add a pager for when there is a lot of users, a metric
to know when was the last time the user was using the application, and
a flag to know if the user has admin rights.
See #2096 and #2504 for ideas and inspiration
Before, there was no user log when the fever api credential saving process
was failing. There was one though for the admin user but it did not appear
in the interface.
Now, there is a user log showing what the problem is. The admin log is still
there but catch only unknown errors.
See #2663
Before, some ad-blocker rules were preventing to display the sharing page
because of its name. I've renamed that page to integration but kept every
thing else identical. So it's still called sharing through out the
application.
If needed, this can be addressed as well.
See #2509 and #2419
Related to https://github.com/FreshRSS/FreshRSS/pull/2625
If for some reasons branches have diverged:, e.g.:
```
$ git status -sb --porcelain remote
## dev...origin/dev [ahead 4, behind 1]
```
* Add category order
Each category has a new 'priority' attribute. It is used to sort categories in
views. Categories with the same priority are sorted alphabetically. Categories
with no priority are displayed after those with one.
For example, if we have the following categories:
- A (priority: 2)
- B (no priority)
- C (priority: 1)
- D (priority: 2)
- E (no priority)
- F (priority: 1)
They will be displayed in the following order:
- C
- F
- A
- D
- B
- E
See #190
* Shorten help text
It took too much room and will not be so necessary once we have drag &
drop
* Change archiving config page layout
I've changed some wording and moved actions into a
maintenance section.
* Update purge action
Now we have more control on the purge action. The configuration allows
us to choose what to keep and what to discard in a more precise way.
At the moment, the configuration applies for all feeds.
* Add purge configuration on feed level
Now the extend purge configuration is available on feed level.
It is stored as attributes and will be used in the purge action.
* Update purge action
Now the purge action uses the feed configuration if it exists and
defaults on user configuration if not.
* Add empty option in period list
* Fix configuration warnings
* Add archiving configuration on categories
See #2369
* Add user info back
* Add explanations in UI
* Fixes for SQLite + error + misc.
* Fix invalid feed reference
* Short array syntax
Only for new code, so far
* Fix prefix error
* Query performance, default values
Work in progress
* Fix default values and confirm before leaving
Form cancel and confirm changes before leaving were broken.
And start taking advantage of the short echo syntax `<?= ?>` as we have
moved to PHP 5.4+
* More work
* Tuning SQL
* Fix MariaDB + performance issue
* SQL performance
* Fix SQLite bug
* Fix some attributes JSON encoding bugs
Especially for SQLite export/import
* More uniform, fix bugs
More uniform between global, category, feed settings
* Drop special cases for old articles during refresh
Instead will use lastSeen date with the new archiving logic.
This was generating problems anyway
https://github.com/FreshRSS/FreshRSS/issues/2154
* Draft drop index keep_history
Not needed anymore
* MySQL typo
Now properly tested with MySQL, PostgreSQL, SQLite
* More work for legacy values
Important to avoid overriding user's preference and risking deleting
data erroneously
* Fix PHP 7.3 / 7.4 warnings
@aledeg "Trying to use values of type null, bool, int, float or resource
as an array (such as $null["key"]) will now generate a notice. "
https://php.net/migration74.incompatible
* Reintroduce min articles and take care of legacy parameters
* A few changes forgotten
* Draft of migration + DROP of feed.keep_history
* Fix several errors
And give up using const for SQL to allow multiple database types (and we
cannot redefine a const)
* Add keep_min to categories + factorise archiving logic
* Legacy fix
* Fix bug yield from
* Minor: Use JSON_UNESCAPED_SLASHE for attributes
And make more uniform
* Fix sign and missing variable
* Fine tune the logic
