github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
7,599 Commits 1,974 Branches 1,623 Tags
fbde0a00a7a160e583ce00f71f846a504fd089ad
Commit Graph

7599 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Glasser
fbde0a00a7 Merge branch 'publish-packages' into library-refactor 
Conflicts:
	packages/domutils/package.js
	packages/handlebars/package.js
	packages/htmljs/package.js
	packages/liverange/package.js
	packages/spark/package.js
	packages/universal-events/package.js
	tools/bundler.js
	tools/help.txt
	tools/packages.js
	tools/run-app.js
	tools/run-mongo.js
	tools/skel/.meteor/packages
 2014-04-24 17:01:36 -07:00
David Glasser
3b21c2d9a7 Merge branch 'devel' into publish-packages 
Conflicts:
	packages/domutils/package.js
	packages/handlebars/package.js
	packages/htmljs/package.js
	packages/liverange/package.js
	packages/madewith/package.js
	packages/meteor-developer/meteor_developer_server.js
	packages/preserve-inputs/package.js
	packages/spark/package.js
	packages/universal-events/package.js
	tools/commands.js
	tools/files.js
	tools/help.txt
	tools/packages.js
 2014-04-24 16:27:21 -07:00
Emily Stark
42a65d0763 History tweaks 2014-04-24 15:31:31 -07:00
Emily Stark
bdcbe7fd4d Update History contributors list 2014-04-24 15:30:05 -07:00
David Glasser
c35593c574 Improve documentation of Meteor.settings 
Fixes #2005.
 2014-04-24 14:13:05 -07:00
David Glasser
4777e64336 Don't pass server-generated _id to allow/deny 
This lets you still use C.insert from the client but reject arbitrary
client-set _id's (as opposed to _id's generated using the Random.id()
algorithm with a client-determined _id).

If you don't want clients to be able to have any control over the _id at
all for inserts, then you'll have to forbid all direct inserts and use
your own methods which explicitly do `C.insert({_id: Random.id(), ...})`

Note that allow/deny rules with transforms still see an _id, because
transforms need to have (and preserve) _id.  This means that if you
really want to see the server-generated _id, you can just specify an
identity transform for your allow/deny rule.
 2014-04-24 14:01:39 -07:00
David Glasser
41b5b95b38 testAsyncMulti: Include block index in failures 2014-04-24 14:01:34 -07:00
emgee3
cbd55698fd Add collapsing TOC to Meteor Docs 
On small devices (< 768 px) make the Table of Contents hide by default.
 2014-04-24 13:45:55 -07:00
Emily Stark
9fb63da3c7 Handle unexpected keys for pending OAuth credentials. 
Duplicate keys aren't expected, but in case something weird happens,
just override the previous information associated with that key. We
simply insert nothing for non-string keys (e.g. an OAuth flow with no
`state` parameter, which should never happen normally).
 2014-04-24 10:06:39 -07:00
Nick Martin
682dd7895a Merge PR 2081 into devel 2014-04-23 19:37:31 -07:00
Nick Martin
a496fcab4c one more comment. 2014-04-23 19:37:03 -07:00
Andrew Wilcox
ab08191ac3 Allow validate login hook to override error from beginPasswordExchange 
Fixes #2058
 2014-04-23 19:37:03 -07:00
Justin SB
47b022841b Generalize reproducible inserted ID generation 
For example, calling `insert` inside a method body will now return
consistent IDs on the client and the server, and latency compensation
will work properly instead of producing flicker.

Code that wants a random stream that is consistent between method stub
and real method execution can get one with `DDP.randomStream`.
 2014-04-23 16:05:32 -07:00
ekatek
ca2f2d54e5 glasser's comments on D650 2014-04-23 15:35:20 -07:00
David Glasser
d7a4e65226 rough draft of History update for 0.8.1 2014-04-23 12:53:12 -07:00
Avital Oliver
471f09cbce Oops. The test shouldn't throw errors on the server. 2014-04-22 21:39:46 -07:00
Avital Oliver
3ad2a70a03 Truncate HTTP errors at 500 characters, not 180. 
I hit this personally with a misconfigured OAuth service and
I couldn't diagnose the problem due to the message being too
short.
 2014-04-22 21:29:32 -07:00
David Glasser
a8869d07ec Provide a better error if ROOT_URL is not an URL 
Fixes #1404.
 2014-04-22 15:52:52 -07:00
ekatek
5fa2ba7df6 command cleanup, don't register plugins for test packages 2014-04-22 14:42:38 -07:00
ekatek
7e97bef5aa misc cleanup from D650 2014-04-22 13:11:48 -07:00
Emily Stark
fe13c30bfd Merge branch 'awwx-oauth-encryption' into devel 2014-04-22 11:56:37 -07:00
Emily Stark
326180ce0a Oauth -> OAuth 2014-04-22 11:44:13 -07:00
Emily Stark
20f2ec4226 Add OAuth token encryption to pending token collections 2014-04-22 11:41:55 -07:00
Emily Stark
55363a9b86 Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption 
Conflicts:
	History.md
	packages/facebook/facebook_client.js
	packages/github/github_client.js
	packages/google/google_client.js
	packages/meetup/meetup_client.js
	packages/meteor-developer/meteor_developer_client.js
	packages/twitter/twitter_client.js
	packages/weibo/weibo_client.js
 2014-04-22 11:31:31 -07:00
Emily Stark
739cb078f7 Add a couple more oauth encryption tests 2014-04-22 11:24:06 -07:00
Emily Stark
24e42e715b Remove Meteor._printDecryptionFailures. 
We can add it back in if users want it; for now it makes me nervous.
 2014-04-22 11:23:34 -07:00
Emily Stark
54f6d3654a Move userId out of AAD and into plaintext. 
We want to maintain compatibility with the node crypto module, which
doesn't currently have an interface for specifying AAD.
 2014-04-22 10:28:27 -07:00
Emily Stark
93cf643c0f Merge branch 'href-attr-handler' into devel 2014-04-22 09:45:15 -07:00
Emily Stark
c68c77d517 Add History entry for javascript: hrefs 2014-04-22 09:44:21 -07:00
Emily Stark
c445b57134 Avoid relying on HTMLAnchorElement.protocol; browser support not clear. 
Also avoid url.format, since we don't actually need server-side URL
normalization yet and it's not clear what, if any, normalization
url.format does.
 2014-04-21 22:11:02 -07:00
Emily Stark
775ff19345 Only update URL attribute values after checking protocol. 2014-04-21 21:56:16 -07:00
Emily Stark
af7aab41b6 Remove unnecessary DOM update in test. 2014-04-21 21:55:59 -07:00
David Glasser
3229f24ad0 Update Twitter configuration instructions again 
Also, advise turning on "Sign in with Twitter", which means that users
won't get an authorization question every time they log in.

Fixes #1164.
 2014-04-21 19:28:21 -07:00
David Glasser
ce201682f0 Warn about unready publications to spiderable docs 
Fixes #1149.
 2014-04-21 19:17:51 -07:00
ekatek
1f3daac20c remaining versions.json 2014-04-21 19:03:09 -07:00
ekatek
29f2216919 rename test-packages back, make catalog slightly more efficient, add remaining versions.json 2014-04-21 19:02:30 -07:00
David Glasser
3740d42f2d Document Accounts.loginServicesConfigured 
Fixes #1051.  See also #2048.
 2014-04-21 18:50:44 -07:00
Stephen Darnell
a9f65f0759 Stop node tar from including proprietary tags 
The linux tar whinges about unrecognised headers (though newer versions
include an option to not warn).
By building tar files without proprietary, we will be able to use
files.createTarball() in more places.
For example, undo commits 1c36bbaa79 and
1e2a40ef2b
 2014-04-21 18:45:21 -07:00
ekatek
9f543d4d03 versions files for packages 2014-04-21 18:16:31 -07:00
Emily Stark
b6501d4ebe Merge branch 'master' into devel 
Conflicts:
	History.md
	packages/oauth1/oauth1_server.js
 2014-04-21 15:29:31 -07:00
Emily Stark
f016894e7b Merge branch 'release-0.8.0.1' 
Conflicts:
	docs/.meteor/release
	docs/lib/release-override.js
	examples/clock/.meteor/release
	examples/leaderboard/.meteor/release
	examples/parties/.meteor/release
	examples/todos/.meteor/release
	examples/wordplay/.meteor/release
 2014-04-21 15:26:47 -07:00
Emily Stark
25e3428132 Add 0.7.2.1 to notices 2014-04-21 15:21:53 -07:00
Emily Stark
0e5e38f006 Update docs and examples to 0.8.0.1 2014-04-21 15:21:25 -07:00
Emily Stark
700673592c Update notices 2014-04-21 14:51:59 -07:00
Emily Stark
41d36b671a Update banner text 2014-04-21 14:50:56 -07:00
Emily Stark
dd7c90d3ae Update docs and examples 2014-04-21 14:47:00 -07:00
Emily Stark
3ad1672282 Fix open redirector in oauth1 login flow. 
Clients are no longer allowed to specify callback URLs.
release/0.8.0.1 release/0.8.0.1-rc1 		2014-04-21 14:26:40 -07:00
David Glasser
8c38550315 Improve error message for pre-config login 
Addresses #2048.

An earlier attempt (to wait for the config to load) ran into popup
blockers.

It would be nice to load the config statically with something like
Arunoda's fast-render. That said, even that's not good enough to allow
OAuth logins that bypass the popup blocker that aren't a result of a
user action, and for user actions it's easy enough to gate your login
button on `Accounts.loginServicesConfigured()`.

Longer term solutions include non-popup methods of OAuth login (see
Issue #438).
 2014-04-21 13:39:36 -07:00
David Glasser
a251255001 Revert "Meteor.loginWith<External> now waits for config" 
This reverts commit 76ded8feb2.
 2014-04-21 13:39:36 -07:00
Emily Stark
4c85670676 Check auth_ok before parsing decrypted ciphertext 2014-04-21 11:40:38 -07:00