TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 02:11:44 +03:00
Code Issues Projects Releases Wiki Activity
12,961 Commits 250 Branches 1,686 Tags 392 MiB
d08ea611b7
Commit Graph

5 Commits

Author SHA1 Message Date
Thibaut Patel
2bcc934eb4 Disable CSRF on the oauth callback route 
no issue

Keeping CSRF enabled there would prevent oauth from working as users are redirected from the provider domain to the /callback route, where they are logged-in
 2021-05-18 20:44:21 +02:00
Thibaut Patel
14cae4b154 Added notes to oauth code for future improvements 
no issue
 2021-05-14 12:10:27 +02:00
Thibaut Patel
b1e8cd3179 Added oauth parameters to get a refresh token during login 
issue https://github.com/TryGhost/Team/issues/614
 2021-04-23 11:20:40 +02:00
Thibaut Patel
90f5a97c15 Fixed linting error 
commit c471ae11d4
 2021-04-21 19:45:03 +02:00
Thibaut Patel
c471ae11d4 Added oauth login and invitation acceptance 
issue https://github.com/TryGhost/Team/issues/614

- Users who have a password can directly sign-in via oauth
- User who are logged-in get their password disabled
- Users accepting an invitation get their password disabled
- The way we disable password is by setting it to a long random password
 2021-04-21 19:36:27 +02:00