* Keep the user on login page on failure
* Show an error if username already exists
* Check the password format in the backend
* Return a better message if username is invalid
* Add a title to the login page
* wip: Improve look of login and register pages
* Set a capital M in username help message
On the registration page, username tip started with a minuscule, while
the password tip started with a capital.
* Change message if username is taken
* Better performance with yield
Largely decrease the time to first byte, and reduced memory consumtion.
Before, we used to make several copies in memory of the whole list of
articles before sending them to the client. Now streamed as they are
processed.
* Travis
* No pre for enclosure-description
#fix https://github.com/FreshRSS/FreshRSS/issues/2807
In browsers, the styling `white-space:pre-line` will be applied by CSS,
but no styling will be done for clients via API.
* Corresponding CSS change
- Add a maintenance section to be able to clear cache and force reload a feed.
- Add an icon next to path field to show a pop-up with the result of the content path.
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Marien Fressinaud <dev@marienfressinaud.fr>
This fix makes the authors part of the "title item", so it's not
considered as another block. This is not perfect since authors will
disappear on small screens, but we can discuss of putting titles on
multi-lines (see https://github.com/FreshRSS/FreshRSS/issues/2344)
The `FreshRSS_Auth::hasAccess` method is called during auth
initialization (`app/FreshRSS.php:78`), only for `user#create` action.
However, at this step, the `user` configuration namespace hasn't be
initialized yet, and so users weren't able to register because of the
exception... quite critical!
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
* Fix wrong getHeader refactoring
Fix regression introduced by
https://github.com/FreshRSS/FreshRSS/pull/2373
The refactoring required a call to init() even for static functions,
which is most of the time not done.
Removed premature abstraction of `$_SERVER`, which was the root cause of
the bug.
https://github.com/FreshRSS/FreshRSS/issues/2748#issuecomment-569898931
* Refactoring: Move serverIsPublic to Minz_Request
* Add mitigations for wrong configurations
Due to the regression, we have some existing configurations with a bad
base_url
* Forgot one instance
* Fix logging environment constants
* COPY_LOG_TO_SYSLOG was only working when Syslog was used
* FRESHRSS_ENV was not properly used to set logging level
* Simplify code
Always call `openlog()` even when it is not used
* Always specify syslog properties
https://github.com/FreshRSS/FreshRSS/pull/2745#discussion_r362207445
* $username is also needed further down
* No new line in syslog
* Rework the travis file to enable PHPUnit
I realized that unit tests weren't executed on Travis. While working on
this file to enable these tests, I started to think we could simplify
it.
I separated jobs so:
- PHP linter and tests are only performed on PHP 7.3
- Translations are tested separatly so they can fail (it was already the
case but it was hard to understand the way it was done)
- PHP 5.6 only checks syntax issues
- the last job checks css, js, etc. (it didn't change)
PHPUnit is not executed on 5.6 because only the version 5 is available
while the latest version is the 8 (https://phpunit.de/supported-versions.html).
I think it's easier to read (each job is more explicit) but I'm not a
Travis expert so maybe there's some room for improvements.
* Fix failing tests
The category `_name` regression was introduced in commit b323ed084.
I wasn't able to understand when and why Search tests was wrong.
The rest is about upgrade of PHPUnit.
For an extension, I needed to call a script from an external domain.
Unfortunately, the CSP headers didn't allow this domain and I had to
patch manually the FreshRSS FrontController for my extension. It's
obviously not a long-term solution since it has nothing to do in the
core of FRSS, and I don't want to apply this patch manually at each
update.
With this patch, I allow changing the CSP header from inside the
controller actions. It allows extensions to modify headers. It's also an
opportunity to remove a bit of code from the FrontController. I wasn't
happy with the previous implementation anyhow.
Reference: https://github.com/flusio/xExtension-Flus/commit/ed12d56#diff-ff12e33ed31b23bda327499fa6e84eccR143
I'm currently playing with a small extension to improve the email sharing
system. It allows to create a message and send an email directly through
FreshRSS. For that, I need to retrieve the shared article. I could use
the link or the title but it would be less robust and less efficient.
Reference: https://github.com/FreshRSS/FreshRSS/issues/300
When managing users, I've added the language they selected to be able
to communicate with them with the selected language (if I know it).
It could be useful when managing a community or a paid service.
* Update i18n cli tools
Few things were bugging me when using the cli tool for i18n. So I've modified
the tools to be easier to use.
First, the tool automatically adds missing keys to all languages. This way, we
always have all keys in all languages.
Second, the tool detects all untranslated keys and adds automatically the todo
comment after the value.
Third, when adding a new key, the key is pushed to all languages at once. There
is no need to duplicate it manually. Thus making the duplication process obsolete.
Fourth, translation and ignore keys are manipulated at the same time. Thus we
don't have obsolete ignored strings anymore.
* Add i18n rules
I find that having the common rules in the Makefile is easier to use,
as long as you know they are here. As it is self documented, people
will see the new rules when using make.
* Use long parameters in Makefile
I find that using long parameters in scripts makes it easier to understand
what's going on. So I've switched all short parameters to long one.
* Format all i18n files
I've used the updated version of the cli tools to have some output
that can be consistently formated. This commit is a huge formating
commit. Nothing was added but some comments were removed in the
process.
* Extract hashPassword method from userController
* Extract and refactor fever key-related methods
* Move update of API password to dedicated action
* Simplify the controller by refactoring feverUtil
* Add locales
Before, the use of the user management page was a little bit tedious
when there was many users. One must select a user to view some
metrics, to update it, or to delete it.
Now, the view is clearer because it shows all users at once with
their metrics. I introduced a detail page that repeats the metrics
but also allow to purge the user's feeds, to update or delete the
user.
This is the first step to make that page more useful and user-friendly.
I have in mind to add a pager for when there is a lot of users, a metric
to know when was the last time the user was using the application, and
a flag to know if the user has admin rights.
See #2096 and #2504 for ideas and inspiration
While I was looking at the number of articles of my users, I discovered
some of them had none, while having a bunch of feeds though. I took a
look at the logs generated by `app/actualize_script.php` and discovered
that the script stopped strangely (in this example, "OK" for denise is
expected, and more users too):
```
FreshRSS[1681]: FreshRSS Start feeds actualization...
Starting feed actualization at 2019-11-29T16:37:19+00:00
Actualize alice...
Actualize denise...
Results:
alice OK
denise
```
After digging a bit, I quickly realized the script stopped always on
users who didn't validate their emails. And indeed, we trigger a
`Minz_Request::forward(..., true)` for these users, in the `FreshRSS`
class. This function calls the `exit` function, which stops the script.
This patch only allows the feed#actualize action to be executed for
unverified users in order to avoid an early-`exit`. This is a quick-win
solution, but I don't think it's a good one on the long term. I'll
propose an alternative in another patch, later.
Before, there was no user log when the fever api credential saving process
was failing. There was one though for the admin user but it did not appear
in the interface.
Now, there is a user log showing what the problem is. The admin log is still
there but catch only unknown errors.
See #2663
Before, some ad-blocker rules were preventing to display the sharing page
because of its name. I've renamed that page to integration but kept every
thing else identical. So it's still called sharing through out the
application.
If needed, this can be addressed as well.
See #2509 and #2419