gristlabs_grist-core

Archives/gristlabs_grist-core

Fork 0

mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00

Commit Graph

Author	SHA1	Message	Date
George Gevoian	0d005eb78d	(core) Enable MFA configuration (and add SMS) Summary: Enables configuration of multi-factor authentication from the account page (for users who sign in with email/password), and adds SMS as an authentication method. Test Plan: Project, browser and server tests. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D3215	2022-01-19 13:55:54 -08:00
Paul Fitzpatrick	f9630b3aa4	(core) clean up a collection of small problems affecting grist-core Summary: * Remove adjustSession hack, interfering with loading docs under saml. * Allow the anonymous user to receive an empty list of workspaces for the merged org. * Behave better on first page load when org is in path - this used to fail because of lack of cookie. This is very visible in grist-core, as a failure to load localhost:8484 on first visit. * Mark cookie explicitly as SameSite=Lax to remove a warning in firefox. * Make errorPages available in grist-core. This changes the default behavior of grist-core to now start off in anonymous mode, with an explicit sign-in step available. If SAML is not configured, the sign-in operation will unconditionally sign the user in as a default user, without any password check or other security. The user email is taken from GRIST_DEFAULT_EMAIL if set. This is a significant change, but makes anonymous mode available in grist-core (which is convenient for testing) and makes behavior with and without SAML much more consistent. Test Plan: updated test; manual (time to start adding grist-core tests though!) Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2980	2021-08-17 21:44:50 -04:00

Author

SHA1

Message

Date

George Gevoian

0d005eb78d

(core) Enable MFA configuration (and add SMS)

Summary:
Enables configuration of multi-factor authentication from the
account page (for users who sign in with email/password), and adds
SMS as an authentication method.

Test Plan: Project, browser and server tests.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D3215

2022-01-19 13:55:54 -08:00

Paul Fitzpatrick

f9630b3aa4

(core) clean up a collection of small problems affecting grist-core

Summary:
 * Remove adjustSession hack, interfering with loading docs under saml.
 * Allow the anonymous user to receive an empty list of workspaces for
   the merged org.
 * Behave better on first page load when org is in path - this used to
   fail because of lack of cookie.  This is very visible in grist-core,
   as a failure to load localhost:8484 on first visit.
 * Mark cookie explicitly as SameSite=Lax to remove a warning in firefox.
 * Make errorPages available in grist-core.

This changes the default behavior of grist-core to now start off in
anonymous mode, with an explicit sign-in step available.  If SAML is not configured,
the sign-in operation will unconditionally sign the user in as a default
user, without any password check or other security.  The user email is
taken from GRIST_DEFAULT_EMAIL if set.  This is a significant change, but
makes anonymous mode available in grist-core (which is convenient
for testing) and makes behavior with and without SAML much more consistent.

Test Plan: updated test; manual (time to start adding grist-core tests though!)

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2980

2021-08-17 21:44:50 -04:00

2 Commits