Commit Graph

15 Commits

Author SHA1 Message Date
Jorge Manrubia 2e4138b585 Tie etag to sessions
So that we don't get CSRF token issues if sharing sessions in the same browser
2025-09-15 16:31:01 +02:00
Mike Dalessio 5540b0fd1b Make sure session cookie has the correct path for the tenant
ref: https://fizzy.37signals.com/5986089/collections/7/cards/1234
2025-08-10 18:53:52 -04:00
Mike Dalessio 57269b1b9c Allow local authentication with LOCAL_AUTHENTICATION=1
You can touch `tmp/local-auth.txt` to persist this setting.
2025-08-06 17:05:35 -04:00
Mike Dalessio 8e13ce5b78 Drop Current.account and just use Account.sole
I had reintroduced this in dacb53b8 after David removed it in
6bbf68a4, but now I agree we don't need it.

Also, fix a CORS error when trying to redirect a user to an untenanted
path after login (see
https://fizzy.37signals.com/5986089/collections/2/cards/1032).
2025-07-20 13:00:09 -04:00
Mike Dalessio 0c341d14e1 Untenanted access in authenticated controllers should request auth 2025-07-03 10:05:55 -04:00
Mike Dalessio da69bd1689 Remove local authentication code 2025-07-02 11:59:21 -04:00
Mike Dalessio d0dcb6dfa8 Redirect unauthenticated users to Launchpad 2025-06-20 17:14:58 -04:00
Mike Dalessio ee60e8dd01 Signup::AccountsController suppports signing up with a new identity 2025-06-20 15:16:57 -04:00
Mike Dalessio dacb53b8b1 Launchpad login works for existing 37id identities 2025-06-20 15:16:56 -04:00
Mike Dalessio 7dee9ed9d6 Log the authenticated user
to help track down issues reported by individuals in the logs
2025-05-07 17:13:25 -04:00
David Heinemeier Hansson dbf61f4fc3 Use _path in all cases where we are not potentially changing the domain 2025-04-13 08:17:36 +02:00
Jeffrey Hardy e6bb6ad76b Join links for user registration 2024-09-24 14:30:22 -04:00
Jeffrey Hardy 696b155f55 Use find_signed directly
There's no penalty to calling with a nil value. That's why both find_signed
and find_signed! exist. Use the latter when you expect a result.
2024-09-04 13:44:23 -04:00
Jeffrey Hardy e3983d5bbe Use Rails' new sessions generator to replace the existing setup
Ref: https://github.com/rails/rails/pull/52328
2024-08-20 14:17:05 -04:00
Kevin McConnell c4fb1bdc76 Add minimal authentication flow to get started 2024-06-21 16:45:29 +01:00