mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-03-30 20:51:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,713 Commits 54 Branches 76 Tags
dafee90b24dae88939c8aaba3266c311dd93f8a9
Commit Graph

2713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel O'Connor
dafee90b24 #645 #556 Add facebook auth management 2015-08-27 11:56:37 +09:30
Daniel O'Connor
f6790a5f9b #556 When an avatar is set from an oauth provider, don't encourage the user to update gravatar. 2015-08-27 11:52:49 +09:30
Daniel O'Connor
20b89f0d2f #556 Default to the oauth provided image on account creation 2015-08-27 11:27:15 +09:30
Daniel O'Connor
9564866f6d #645 Avoid collisions by using a 20 character random string as a fallback 2015-08-24 17:33:28 +09:30
Daniel O'Connor
994296640b #645 Implement all of finish signup, fix an edge case of an authentication without a member, fix error messages on failed oauth. 2015-08-24 16:20:39 +09:30
Daniel O'Connor
9a68c7e1c3 #645 Add a 'finish signup' flow 2015-08-24 11:41:36 +09:30
Daniel O'Connor
ec597d4e6e #645 Fix minor logic error 2015-08-24 11:23:41 +09:30
Daniel O'Connor
86e9cd0ec6 #645 Improve error handling and login_name generation. Annoyingly still a change of collisions. 2015-08-21 13:43:58 +09:30
Daniel O'Connor
3a05f75ab0 #645 Add notes around permissions/scopes of later interest 2015-08-21 13:43:24 +09:30
Daniel O'Connor
34b4d30014 #645 Enable account creation or authorisation from a facebook signin (and should work for others with minimal extra work) 2015-08-21 13:22:49 +09:30
Daniel O'Connor
89b6c47bfb #645 Configure devise / omniauth in only one spot, to avoid CSRF errors 2015-08-21 12:21:55 +09:30
Daniel O'Connor
70f48108b4 #645 Add handling for facebook 2015-08-21 12:21:23 +09:30
Daniel O'Connor
df5689ec18 #645 Rename 2015-08-21 11:36:26 +09:30
Daniel O'Connor
22d72b13d5 #645 Add example keys 2015-08-21 11:36:17 +09:30
Daniel O'Connor
dee7ff34c9 #645 Indicate that a member is omniauthable, so devise knows to render sign-in-with-facebook 2015-08-21 11:36:04 +09:30
Daniel O'Connor
07eb305992 #645 Ask for name, email address only 2015-08-21 11:25:57 +09:30
Daniel O'Connor
c7f0076ee6 #645 Add facebook omniauth middleware 2015-08-21 11:21:44 +09:30
Daniel O'Connor
93bc5255e7 #645 Add facebook omniauth provider 2015-08-21 11:21:30 +09:30
pozorvlak
c404d8220d Merge pull request #791 from cesy/cachethumbnails 
Cache thumbnails
 2015-08-19 15:11:16 +01:00
Cesy
48409698ab Merge pull request #787 from twconquest/show-roles 
Show roles in member profile page
 2015-08-19 14:13:32 +01:00
pozorvlak
4d7c4f38ae Merge pull request #804 from cesy/issue658i18n 
Issue #658 i18n
 2015-08-17 19:52:10 +01:00
twconquest
c2e4686a23 Add negative tests for roles on profiles 2015-08-17 18:29:00 +00:00
twconquest
24df32ba7f Merge upstream/dev into show-roles and re-add myself to CONTRIBUTORS.md 
Conflicts:
	CONTRIBUTORS.md
 2015-08-17 17:48:50 +00:00
Cesy
744caef4f2 Merge pull request #806 from CloCkWeRX/bump_ruby_2_1_6 
Upgrade to ruby 2.1.6 for CVE-2015-1855
 2015-08-13 09:06:48 +01:00
Daniel O'Connor
5cac8743f8 Upgrade to ruby 2.1.6 for CVE-2015-1855: Ruby OpenSSL Hostname Verification 2015-08-13 15:06:56 +10:00
pozorvlak
9c4d83dad3 Merge pull request #801 from CloCkWeRX/fix_cve_2015_2963 
Fix CVE-2015-2963,  CVE-2015-3448, CVE-2015-1820 & CVE-2015-1840
 2015-08-12 17:08:27 +01:00
Cesy
fd3e69c9ab Removing footer translation as it's now in the CMS 2015-08-12 14:57:13 +00:00
Cesy
b6dfeb980c i18n example 2015-08-12 14:56:36 +00:00
Cesy
e784ec9b33 Making it trigger the crop thumbnail cache properly 2015-08-12 11:45:18 +00:00
Cesy
1df0c36e72 Keying the cache correctly 2015-08-12 10:49:48 +00:00
Cesy
a5e7a8d315 Cache crop thumbnails 2015-08-12 10:49:48 +00:00
Daniel O'Connor
cafd49c143 Name: jquery-rails 
Version: 3.1.2
Advisory: CVE-2015-1840
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Title: CSRF Vulnerability in jquery-ujs and jquery-rails
Solution: upgrade to >= 4.0.4, ~> 3.1.3
 2015-08-12 16:59:14 +09:30
Daniel O'Connor
7c7c66348c Name: rest-client 
Version: 1.7.2
Advisory: CVE-2015-3448
Criticality: Unknown
URL: http://www.osvdb.org/show/osvdb/117461
Title: Rest-Client Gem for Ruby logs password information in plaintext
Solution: upgrade to >= 1.7.3

Name: rest-client
Version: 1.7.2
Advisory: CVE-2015-1820
Criticality: Unknown
URL: https://github.com/rest-client/rest-client/issues/369
Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
Solution: upgrade to >= 1.8.0
 2015-08-12 16:57:58 +09:30
Daniel O'Connor
00ae4ed49f Name: paperclip 
Version: 4.2.1
Advisory: CVE-2015-2963
Criticality: Medium
URL: https://robots.thoughtbot.com/paperclip-security-release
Title: Paperclip Gem for Ruby vulnerable to content type spoofing
Solution: upgrade to >= 4.2.2
 2015-08-12 16:23:48 +09:30
Cesy
12a1484a26 Merge pull request #800 from CloCkWeRX/fix_all_checkbox_labels 
Fix more checkbox labels in registration and email editing
 2015-08-11 09:51:05 +01:00
Cesy
5bacdb71cc Merge pull request #798 from CloCkWeRX/cve-2015-3226 
Minor rails version upgrade to apply security fixes
 2015-08-11 08:23:58 +01:00
Cesy
6565e79057 Merge pull request #797 from CloCkWeRX/minor_usability_checkbox_login 
Style checkbox for 'remember me'
 2015-08-11 08:21:39 +01:00
Cesy
f4e53a58de Merge pull request #799 from CloCkWeRX/patch-1 
Update CONTRIBUTORS.md
 2015-08-11 08:17:38 +01:00
Daniel O'Connor
97cf1347d5 Fix clickable area for checkboxes in email editing 2015-08-11 13:45:47 +09:30
Daniel O'Connor
367e298d48 Fix clickable area for checkboxes in registration 2015-08-11 13:44:17 +09:30
Daniel O'Connor
e765387e22 Update CONTRIBUTORS.md 2015-08-11 10:31:43 +09:30
Daniel O'Connor
7b30c4237b Name: activesupport 
Version: 4.1.9
Advisory: CVE-2015-3227
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Title: Possible Denial of Service attack in Active Support
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22

Name: activesupport
Version: 4.1.9
Advisory: CVE-2015-3226
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
Title: XSS Vulnerability in ActiveSupport::JSON.encode
Solution: upgrade to >= 4.2.2, ~> 4.1.11
 2015-08-11 10:28:07 +09:30
Daniel O'Connor
b788cb44ef Remember that we're working in haml, not slim. 2015-08-11 10:23:50 +09:30
Daniel O'Connor
f61e2438e8 Style checkbox for 'remember me' and allow it to be clickable (minor usability/mobile UI annoyance) 2015-08-10 16:08:09 +09:30
pozorvlak
e503b1079d Merge pull request #796 from cesy/issue677 
Fix #677 by adding organic/GMO/heirloom to CSV and RSS
 2015-08-06 14:54:10 +01:00
pozorvlak
ccca343959 Merge pull request #795 from cesy/issue788 
Fix issue #788 with uncaught nil
 2015-08-06 14:46:53 +01:00
pozorvlak
63de10efd4 Merge pull request #794 from Growstuff/revert-793-revert-790-homepagetests 
Fixing #790 properly - caching posts on homepage
 2015-08-06 14:30:04 +01:00
Cesy
17c5fd61a3 Fix #677 by adding organic/GMO/heirloom to CSV and RSS 2015-08-06 12:23:00 +00:00
Cesy
44b8500fa8 Fix issue #788 with uncaught nil 2015-08-06 12:12:29 +00:00
Cesy
5a12b47c7c Revert "Revert "Fixing relative caching of post summary on homepage, fixed #789"" 2015-08-06 12:37:59 +01:00