haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,276 Commits 42 Branches 853 Tags 10 MiB
08f994103a
Commit Graph

4276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sibi Prabakaran
08f994103a
Add documentation for JSON endpoints for Yesod.Auth.Email module 2016-12-08 14:25:08 +05:30
Michael Snoyman
9a484f9163 defaultMessageWidget 2016-12-07 20:08:47 -05:00
Michael Snoyman
706a995b67 blaze-markup in extra-deps 2016-12-07 09:42:26 -05:00
Michael Snoyman
98854b4de3 Version bump for #1317 2016-12-07 09:23:53 -05:00
Michael Snoyman
d7be78f82e Merge pull request #1317 from psibi/json-auth 
JSON endpoints for Auth.Email, haddock, and i18n fix
 2016-12-07 09:23:00 -05:00
Michael Snoyman
03c1ee4807 Compilation fix for GHC 7.8 2016-12-07 08:54:53 -05:00
Michael Snoyman
ae7dfd2408 Changelog for #1310 2016-12-07 08:52:55 -05:00
Michael Snoyman
f54b924137 Merge pull request #1318 from s9gf4ult/master 
Exports some internals and fix version bounds
 2016-12-07 08:50:52 -05:00
Aleksey Uimanov
80f0b3cd70 Add comments and bump minor version to 1.4.29 2016-12-07 14:04:51 +05:00
Sibi Prabakaran
60f66b4c3a
Add relevant changelog 2016-12-07 14:09:01 +05:30
Sibi Prabakaran
8f8c99db88
Do parseJsonBody only when form data is not found 2016-12-07 14:08:37 +05:30
Sibi Prabakaran
0255f93c22
Export croatianMessage 2016-12-06 18:44:46 +05:30
Sibi Prabakaran
47b2877c79
More Haddock fixes 2016-12-06 18:44:38 +05:30
Sibi Prabakaran
75df4e0468
Use @since for proper haddock rendering 2016-12-06 18:21:36 +05:30
Sibi Prabakaran
83575e92a0
Fix typo: /s/interoprate/interoperate 2016-12-06 18:20:18 +05:30
Sibi Prabakaran
85bd15d109
Add json support for postPasswordR 2016-12-06 18:17:19 +05:30
Sibi Prabakaran
b6cd72f49f
Implement Login via JSON endpoint 
Add additional handling of JSON endpoint in addition to the HTML form
method.
 2016-12-06 15:20:51 +05:30
Aleksey Uimanov
47ef36012d export getGetMaxExpires 2016-12-05 19:33:04 +05:00
Sibi Prabakaran
19840cdc89
Add json support for postRegisterR 2016-12-05 19:32:23 +05:30
Aleksey Uimanov
2bd3a936c9 fix blaze-markup version bounds 2016-12-02 16:26:19 +05:00
Aleksey Uimanov
d1697a3fde export toWaiAppYre 2016-12-02 15:55:09 +05:00
Michael Snoyman
9c38a4b08e Version bump for #1314 2016-12-01 06:53:41 +02:00
Jason Whittle
7b12f61a91 yesod-test: add getLocation test helper. 2016-11-30 18:05:48 -05:00
Michael Snoyman
fbdaa2f675 Add since lines 2016-11-30 19:36:29 +02:00
Michael Snoyman
312adc40d5 Version bump for #1310 2016-11-30 13:40:46 +02:00
Michael Snoyman
51a5641435 Merge pull request #1310 from yesodweb/text_toWidget 
Add ToWidget instances for strict text, lazy text, and text builder
 2016-11-30 13:39:59 +02:00
Michael Snoyman
a337bf6d58 websockets 0.10 support 2016-11-30 06:42:15 +02:00
Michael Snoyman
58407c292e Fix a build failure 2016-11-29 13:51:02 +02:00
Michael Snoyman
2c4e19e0b6 Version bump for #1309 2016-11-29 13:48:42 +02:00
Michael Snoyman
00cf852216 Version bump for #1308 2016-11-29 13:47:33 +02:00
Michael Snoyman
a921d6cb31 Add caveat about possible Docker integration issues 2016-11-29 13:44:46 +02:00
Michael Snoyman
784f04ae7a Merge branch '1304-stack-based-devel' 2016-11-29 13:43:01 +02:00
Michael Snoyman
3883063ec2 Devel server indicates when recompilation is occurring 
Pinging @amitaibu
 2016-11-28 09:58:48 +02:00
Andrew Martin
1781699cab Add ToWidget instances for strict text, lazy text, and text builder 2016-11-27 15:27:54 -05:00
Michael Snoyman
ed87ded970 Merge pull request #1308 from sbditto85/default_attrs_julius 
added jsAttributes for the script tag generated by julius files
 2016-11-27 05:45:48 +02:00
Michael Snoyman
3159745ee8 Merge pull request #1309 from filipg/master 
remove invalid Google OpenID link
 2016-11-27 05:44:26 +02:00
Casey Allred
9458e57a58 adjusted to use *{..} syntax 2016-11-26 12:07:49 -07:00
Filip Gralinski
a3929aa9bb remove invalid Google OpenID link 2016-11-26 19:39:24 +01:00
Michael Snoyman
b1f1e4e222 Revert to runghc 2016-11-26 17:57:32 +02:00
Casey Allred
cec6f42a99 added jsAttributes for the script tag generated by julius files 2016-11-25 21:36:51 -07:00
Michael Snoyman
f3fc735a25 README.md, and some minor code cleanups 2016-11-24 07:51:54 +02:00
Michael Snoyman
ab4d6540ca Workaround for compatibility with older fsnotify 2016-11-23 15:59:58 +02:00
Michael Snoyman
6048a2c9bf Got my logic backwards :( 2016-11-23 15:34:14 +02:00
Michael Snoyman
db3beff4f3 Some CPP for Cabal API changes 2016-11-23 15:19:27 +02:00
Michael Snoyman
03307a8cc8 Fix dependency problems for older snapshots 2016-11-23 15:05:41 +02:00
Michael Snoyman
83d3a12a23 Rewrite yesod devel based on Stack #1304 
Please see ChangeLog for explanation.
 2016-11-23 13:59:56 +02:00
Maximilian Tagher
54cc4205d8 Merge pull request #1302 from psibi/csrf-fix 
yesod-auth: Fix CSRF security vulnerability in registerHelper function
 2016-11-22 10:49:26 -08:00
Sibi Prabakaran
696faa3fd0
req is not needed. 2016-11-20 13:43:01 +05:30
Sibi Prabakaran
10850f5cee
Use checkCsrfHeaderOrParam instead of manual check 2016-11-20 13:32:15 +05:30
Sibi Prabakaran
7f17d829b3
Fix CSRF security vulnerability in registerHelper function 
Return a 403 status code if the csrf tokens are matched. This currently
affects two endpoints: During registration and during password reset
forms.

This curl request demonstrates how this can be exploited to register new
email:

curl -i --header "Accept: application/json" --request POST -F
"email=sibi@psibi.in" http://localhost:3005/auth/page/email/register

With the patch applied, it will respond with this:

{"message":"Permission Denied. A valid CSRF token wasn't present in HTTP
headers or POST parameters. Because the request could have been forged,
it's been rejected altogether. Check the Yesod.Core.Handler docs of the
yesod-core package for details on CSRF protection."}
 2016-11-20 03:59:32 +05:30