From d8b3718a08eb30589a2eee0d285d3041277b3a77 Mon Sep 17 00:00:00 2001 From: flaburgan Date: Tue, 11 Jun 2019 13:00:03 +0200 Subject: [PATCH 1/6] Fix wrong padding for captcha label in registration form fixes #8016 closes #8028 --- app/assets/stylesheets/registration.scss | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/app/assets/stylesheets/registration.scss b/app/assets/stylesheets/registration.scss index 5fb2a2bc6..6fd755464 100644 --- a/app/assets/stylesheets/registration.scss +++ b/app/assets/stylesheets/registration.scss @@ -38,16 +38,13 @@ width: 120px; } - .captcha-input { + .form-control.captcha-input { border-bottom: 1px solid $input-border; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px; box-sizing: border-box; - font-size: 16px; - height: 40px; line-height: $line-height-base; - padding: 10px 10px 10px 130px; - width: 100%; + padding-left: 130px; } .terms > a { From 78538d034a3fe90295bf9c4514359b2a882d3d13 Mon Sep 17 00:00:00 2001 From: flaburgan Date: Tue, 11 Jun 2019 13:32:08 +0200 Subject: [PATCH 2/6] Harmonize markdown titles sizes fixes #7757 closes #8029 --- Changelog.md | 1 + app/assets/stylesheets/markdown-content.scss | 24 ++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/Changelog.md b/Changelog.md index 16e59a54e..312916363 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # 0.7.12.0 ## Refactor +* Harmonize markdown titles sizes [#8029](https://github.com/diaspora/diaspora/pull/8029) ## Bug fixes * Improve handling of mixed case hostnames while fetching OpenGraph data [#8021](https://github.com/diaspora/diaspora/pull/8021) diff --git a/app/assets/stylesheets/markdown-content.scss b/app/assets/stylesheets/markdown-content.scss index 6b092dbdb..c5813de21 100644 --- a/app/assets/stylesheets/markdown-content.scss +++ b/app/assets/stylesheets/markdown-content.scss @@ -16,6 +16,30 @@ } } + h1 { + font-size: 2.7rem; + } + + h2 { + font-size: 2.3rem; + } + + h3 { + font-size: 2rem; + } + + h4 { + font-size: 1.8rem; + } + + h5 { + font-size: 1.6rem; + } + + h6 { + font-size: 1.4rem; + } + .img-responsive { display: inline; } From ef31ea6b965f2955983429c7de784e3c2db6234a Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Thu, 6 Jun 2019 02:19:17 +0200 Subject: [PATCH 3/6] Enable remember me for all forms fixes #8023 --- app/models/user.rb | 4 ++++ app/views/devise/passwords/edit.haml | 1 - app/views/sessions/_form.haml | 1 - 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 8d30efa97..8ab4f9be6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -591,6 +591,10 @@ class User < ApplicationRecord end end + def remember_me + true + end + private def clearable_fields diff --git a/app/views/devise/passwords/edit.haml b/app/views/devise/passwords/edit.haml index 126ae62f4..28e2126ea 100644 --- a/app/views/devise/passwords/edit.haml +++ b/app/views/devise/passwords/edit.haml @@ -37,7 +37,6 @@ autocorrect: "off", aria: {labelledby: "passwordConfirmationLabel"} - = hidden_field(:user, :remember_me, value: 1) = f.submit t("devise.passwords.edit.change_password"), class: "btn btn-block btn-primary" .text-center diff --git a/app/views/sessions/_form.haml b/app/views/sessions/_form.haml index ba56cbf04..a4e608386 100644 --- a/app/views/sessions/_form.haml +++ b/app/views/sessions/_form.haml @@ -40,5 +40,4 @@ autocorrect: "off", aria: {labelledby: "passwordLabel"} - = f.hidden_field :remember_me, value: 1 = f.submit t("devise.sessions.new.sign_in"), class: "btn btn-large btn-block btn-primary" From 88e35d3f3a585c88d3b262b140d9052f3fb18ce8 Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Sun, 16 Jun 2019 04:46:42 +0200 Subject: [PATCH 4/6] Use :database_authenticatable strategy to check password for OTP user This: * makes sure that after_database_authentication is called for users with enabled 2fa. * handles paranoid mode correctly --- app/controllers/sessions_controller.rb | 10 +++++----- config/initializers/devise.rb | 5 ----- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9d483a0cc..fc3aa97b3 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -19,14 +19,14 @@ class SessionsController < Devise::SessionsController def authenticate_with_2fa self.resource = find_user - u = find_user - return true unless u&.otp_required_for_login? + return true unless resource&.otp_required_for_login? if params[:user][:otp_attempt].present? && session[:otp_user_id] - authenticate_with_two_factor_via_otp(u) - elsif u&.valid_password?(params[:user][:password]) - prompt_for_two_factor(u) + authenticate_with_two_factor_via_otp(resource) + else + strategy = Warden::Strategies[:database_authenticatable].new(warden.env, :user) + prompt_for_two_factor(strategy.user) if strategy.valid? && strategy._run!.successful? end end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 327cef80e..5cb23cc6d 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -15,11 +15,6 @@ end # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| - config.warden do |manager| - manager.default_strategies(scope: :user).unshift :two_factor_authenticatable - manager.default_strategies(scope: :user).unshift :two_factor_backupable - end - # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. From 5602dc4418d4c5bc3e8af4e0eaec22f7cf5699dd Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Sun, 16 Jun 2019 04:48:56 +0200 Subject: [PATCH 5/6] Use username parameter first if present this makes sure we don't use an old otp_user_id from an old session closes #8031 --- Changelog.md | 1 + app/controllers/sessions_controller.rb | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index 312916363..883529eba 100644 --- a/Changelog.md +++ b/Changelog.md @@ -5,6 +5,7 @@ ## Bug fixes * Improve handling of mixed case hostnames while fetching OpenGraph data [#8021](https://github.com/diaspora/diaspora/pull/8021) +* Fix "remember me" with two factor authentication enabled [#8031](https://github.com/diaspora/diaspora/pull/8031) ## Features * Add line mentioning diaspora\* on the splash page [#7966](https://github.com/diaspora/diaspora/pull/7966) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index fc3aa97b3..e679c85a4 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,9 +12,9 @@ class SessionsController < Devise::SessionsController # rubocop:enable Rails/LexicallyScopedActionFilter def find_user - return User.find(session[:otp_user_id]) if session[:otp_user_id] + return User.find_for_authentication(username: params[:user][:username]) if params[:user][:username] - User.find_for_authentication(username: params[:user][:username]) if params[:user][:username] + User.find(session[:otp_user_id]) if session[:otp_user_id] end def authenticate_with_2fa From d674f5391046f27b62aa1d450bc1283fde0a8fd2 Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Mon, 17 Jun 2019 01:18:12 +0200 Subject: [PATCH 6/6] Start 0.7.13.0 cycle --- Changelog.md | 8 ++++++++ config/defaults.yml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 883529eba..ffc4bb5f3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,11 @@ +# 0.7.13.0 + +## Refactor + +## Bug fixes + +## Features + # 0.7.12.0 ## Refactor diff --git a/config/defaults.yml b/config/defaults.yml index d866ccec6..e50131b2e 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.7.11.99" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.7.12.99" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/"