Commit Graph

922 Commits

Author SHA1 Message Date
Gerhard Schlager
f43345b75a FIX: Remove google+ from share_links site setting
Follow-up to 2748822576
2019-01-10 21:31:20 +01:00
Joffrey JAFFEUX
1fdbf0fc9b
FIX: uses compiler version to force rebaking of themes (#6870)
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 12:36:13 +01:00
Joffrey JAFFEUX
f9648de897
DEV: upgrades from Ember 2.13 to Ember 3.5.1 (#6808)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 11:06:01 +01:00
Guo Xiang Tan
7896c74c2b DEV: Remove use of ActiveRecord in migration.
It makes the migration brittle to changes. If I could I would go back in
time and tell the 2016 version of me that.
2019-01-10 11:10:21 +08:00
Sam
37088c4221 PERF: index on topic_id for user_histories table
We query this table when getting composer messages with the queries
such as:

```
SELECT  1 AS one FROM "user_histories"
WHERE "user_histories"."target_user_id" = 1 AND
 "user_histories"."action" = 9 AND
 "user_histories"."topic_id" = 105794
LIMIT 1
```

This index ensures this query remains very quick, regardless of user
history size.
2019-01-06 15:14:41 +11:00
Vinoth Kannan
75dbb98cca FEATURE: Add S3 etag value to uploads table (#6795) 2019-01-04 14:16:22 +08:00
Sam
6961a4f43e Revert "Revert "FEATURE: force rebake of all posts with images""
This reverts commit cb317430a1.
No longer needed per: 70269c7c97
2019-01-04 09:25:04 +11:00
David Taylor
cb317430a1 Revert "FEATURE: force rebake of all posts with images"
This reverts commit 30a1d29a7e due to performance issues on large clusters
2019-01-03 17:52:31 +00:00
Sam
30a1d29a7e FEATURE: force rebake of all posts with images
This was done to pick up 3 changes

1. New pngquant which will result in much smaller images
2. Placeholder images which are missing from old posts
3. Retina images missing from old posts

Also picks up on Image Magick upgrade which slightly alters resize algorithm.

Rebake trickles per: `rebake_old_posts_count` site setting. (100 per 15 minutes)
2019-01-03 17:19:38 +11:00
Sam
570877da3c FEATURE: store thumbnail algorithm version in optimized image table
Previously we had no idea what algorithm generated thumbnails, this starts tracking the version.

We also bumped up the version to force all optimized images to be generated. This is important cause we recently introduced pngquant which results in much smaller images.
2019-01-03 17:07:30 +11:00
Gerhard Schlager
7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
David Taylor
9db829134c
FIX: Use database to persist metadata during social registration (#6750)
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 15:10:06 +00:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Saurabh Patel
9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Maja Komel
4a8f21d387 FIX: prevent minimum_required_tags on category being set to null (#6703)
* FIX: prevent minimum_required_tags on category being set to null

* add migration for NOT_NULL constraint for minimum_required_tags

* add specs
2018-11-29 18:10:14 +01:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Maja Komel
592f8c1637 FIX: escape sso_secret string when migrating to sso_provider_secret (#6634) 2018-11-20 15:28:37 +01:00
Régis Hanol
4459665dee
REFACTOR: use tables instead of custom fields for polls (#6359)
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
2018-11-19 14:50:00 +01:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Erin Kosewic
51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Guo Xiang Tan
40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Arpit Jalan
3e17ef0507
Merge pull request #6414 from techAPJ/user-field-unique-key
FEATURE: add external details to user fields
2018-09-20 22:29:39 +05:30
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Arpit Jalan
72be638728 FEATURE: add external details to user fields 2018-09-20 08:10:51 +05:30
Guo Xiang Tan
6dbe1d832d Rename Jobs::RecoverPostUploads to rerun the job.
Running a migration to destroy the onceoff job doesn't work
because an instance running the old code may execute the job.
2018-09-19 21:59:44 +08:00
Guo Xiang Tan
95293a6997 Re-run Jobs::RecoverPostUploads.
Previously, `UploadRecovery` did not account for uploads which
may be present in links. This meant that attachments were not
recovered.
2018-09-19 12:17:01 +08:00
OsamaSayegh
c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
Régis Hanol
0bfb1f83fc make migration irreversible 2018-09-14 11:09:36 +02:00
Bianca Nenciu
aca195e4a7 Remove unused site setting. (#6398) 2018-09-14 07:49:32 +00:00
Sam
740308675b FEATURE: erode bounce score every time an email is sent
Introduces a hidden setting (default is 0.1) that erodes bounce score
every time we send an email. This means that erratic failures are less
painful cause system auto corrects
2018-08-28 17:02:12 +10:00
Sam
9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Kris
faf09bb8c8 Replacing default brown category color 2018-08-24 14:18:14 -04:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Guo Xiang Tan
6ede7c4623 PERF: Add missing index on EmailLog#bounced.
* Also remove index on `user_id_and_created_at` which
  isn't being used alot.
2018-08-03 17:07:18 +08:00
Guo Xiang Tan
87537b679c Drop reply_key, skipped and skipped_reason from email_logs. 2018-07-30 11:39:28 +08:00
Arpit Jalan
fc3b904e1f remove "track external right clicks" feature 2018-07-29 15:01:33 +05:30
Sam
178cb480fa correct migration 2018-07-24 18:36:18 +10:00
Guo Xiang Tan
01a63f8b4b Drop EmailLogs#topic_id. 2018-07-24 15:18:57 +08:00
Guo Xiang Tan
fad9c2b971 PERF: Move EmailLog#reply_key into new post_reply_keys table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
Guo Xiang Tan
09a00016ad PERF: Tune indexes to speed up lookup for bounced email. 2018-07-19 19:03:00 +08:00
Guo Xiang Tan
3553375dd2 PERF: Store EmailLog#reply_key as uuid data type. 2018-07-17 17:05:42 +08:00
Guo Xiang Tan
a6e9f4f44b FIX: DROP NOT NULL instead of changing all the rows in the table.
```
change_column :topic_views, :ip_address, :inet, null: true
```

translates to

```
"ALTER TABLE \"topic_views\" ALTER COLUMN \"ip_address\" TYPE inet"
```

which locks the whole table while the migration is taking place.
2018-07-17 11:03:41 +08:00
David Taylor
f4c902b434 FIX: set default on theme.key, if it has not yet been dropped (#6095) 2018-07-17 08:40:35 +10:00
Guo Xiang Tan
59e72b466a Add uniq_ip_or_user_id_topic_views index concurrently. 2018-07-16 23:45:38 +08:00
Guo Xiang Tan
c0c263405a
PERF: Store EmailLog#bounce_key as uuid data type. (#6093)
PERF: Store `EmailLog#bounce_key` as `uuid` data type.
2018-07-16 20:05:54 +08:00
Sam
ac0053f491 FEATURE: navigate to first post and auto bump category settings
### navigate_to_first_post_after_read setting for categories

When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)

### num_auto_bump_daily

Set a number of topics that will automatically bump daily on a category.

- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day

Also some minor organisation on category settings

Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Guo Xiang Tan
6761f8ecbf PERF: Add missing index on user_id for user_second_factors table. 2018-07-16 14:21:07 +08:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Vinoth Kannan
b49c662aa4 Remove the clean up migration for vote post action 2018-07-10 16:57:12 +05:30
Guo Xiang Tan
21f333654c REFACTOR: Reduce dependency on the post stream in TopicView.
This will allow us to drop the post stream from the payload for
mega-topics. On smaller topics, the extra query is fast because
of an existing index.
2018-07-10 15:53:00 +08:00
Guo Xiang Tan
96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
Leo McArdle
c3129444ea FIX: allow multiple secondary emails 2018-07-03 18:21:35 +08:00
Guo Xiang Tan
c1972f8438 PERF: Add index_topic_id_percent_rank_on_posts.
Speeds up the `Posts#summary` mode query for large topics.
2018-06-21 09:49:15 +08:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
2018-06-20 17:53:49 +10:00
riking
1de0ef137e FIX: SearchLog: Do not store IP of logged in users 2018-06-20 10:44:11 +10:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
riking
4b2e2ea8ef Change TopicViewItem to allow null IP address 2018-06-12 12:43:56 +10:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan
78c705f5de Remove migration code that is no longer valid. 2018-06-07 08:57:01 +08:00
riking
501bc0e9af FIX: UserProfileView: Do not log IP of logged-in users 2018-05-25 15:54:14 +10:00
riking
9b0efe9c84 FIX: TopicLinkClick: do not log IP of logged in users 2018-05-22 16:05:38 +10:00
Arpit Jalan
9f422c93f6 FIX: restrict updates on confirm_old_email email templates 2018-05-19 12:19:59 +05:30
Régis Hanol
e9abdaebbe UX: show an enveloppe icon when a badge is used in messages
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
Arpit Jalan
27efa45800 fix deprecated setting migration 2018-05-09 08:14:45 +05:30
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Sam
3a06cb461e FEATURE: remove support for legacy auth tokens 2018-05-04 10:12:10 +10:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Neil Lalonde
70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Arpit Jalan
9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Robin Ward
6aef8f9cd9 Add an index on category_id to shared drafts 2018-03-28 14:05:09 -04:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Sam
6c70925c6f PERF: add missing index for akismet
Note, current practice if for plugins to submit PRs to core for any
migrations required for plugins, so we can better control schema.

Especially if core tables are being touched.

In this case index has close to zero cost unless akismet is installed

This reduces the akismet admin query from 20ms on every new page load to 0.5ms
2018-03-27 17:36:13 +11:00
Neil Lalonde
f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Robin Ward
58ec4d04c0 FIX: Rails has bugs when a has_one has no id column :( 2018-03-23 12:25:10 -04:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Gerhard Schlager
43f63c435d FIX: Drop unused tables with a delay 2018-03-21 16:45:44 +01:00
Sam
6a3c8fe69c FEATURE: protect against accidental column or table drops
Often we need to amend our schema, it is tempting to use
drop_table, rename_column and drop_column to amned schema
trouble though is that existing code that is running in production
can depend on the existance of previous schema leading to application
breaking until new code base is deployed.

The commit enforces new rules to ensure we can never drop tables or
columns in migrations and instead use Migration::ColumnDropper and
Migration::TableDropper to defer drop the db objects
2018-03-21 15:43:32 +11:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Guo Xiang Tan
10d6101eae Fix incorrect function name. 2018-03-08 15:52:07 +08:00
Guo Xiang Tan
3ef5661608 Clean up unused function left in the database. 2018-03-08 15:25:10 +08:00
Gerhard Schlager
8e48b339fa Drop unused tables (#5630) 2018-03-05 17:27:30 -05:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Neil Lalonde
3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan
4ac5fc8cd3 Fix incorrect data type for SiteSetting.google_oauth2_prompt. 2018-02-23 12:20:21 +08:00
Sam
720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Neil Lalonde
76c309fe6b PERF: a faster way to count tags used per category 2018-02-12 15:16:47 -05:00
Sam Saffron
fb91d24deb PERF: add index on user email logs
This index makes it much faster to figure out if a user reached
email limit on sites where lots of emails are skipped
2018-02-07 11:33:28 -05:00
Arpit Jalan
f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Guo Xiang Tan
55f47491a4 Remove stale GA site setting records from the DB. 2018-01-27 09:15:46 +08:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Guo Xiang Tan
9c66473c4c Add index for EmailLog#topic_id and EmailLog#post_id. 2018-01-11 17:28:14 +08:00
Arpit Jalan
84026ad1fd FIX: check for existing translation keys before replacing blocked with silenced 2017-12-28 18:58:18 +05:30
Arpit Jalan
5ca558c7c5 FIX: add migration to replace 'blocked_by_staff' with 'silenced_by_staff' 2017-12-28 18:11:39 +05:30
Sam
67aecff59c FEATURE: store twitter supplied email for auditing 2017-12-14 15:54:32 +11:00
Arpit Jalan
895cc0666b FIX: replace invitee_name to inviter_name in translation overrides 2017-12-13 18:17:52 +05:30
Arpit Jalan
e3925278e2 FEATURE: support search click through tracking for user, category and tags
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj

This commit adds following features:

- support for tracking click through to user, tag and category
- new filter for search type (header, full page)

This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Gerhard Schlager
8f6d35aa59 FEATURE: category setting for mailinglist mirror 2017-11-17 15:29:14 +01:00
Neil Lalonde
b37e40eea9 FEATURE: show read time in last 60 days 2017-11-16 15:46:51 -05:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Michael Howell
38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268)
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Guo Xiang Tan
b3237d37f0 Drop unused email column from users table. 2017-11-07 10:12:33 +08:00
Guo Xiang Tan
79de10b212 FEATURE: Allow users to disable new PMs.
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Arpit Jalan
66f2925348 SECURITY: do not include links from whispers in topic summary map
https://meta.discourse.org/t/staff-whispers-links-in-whispers-showing-up-publicly-in-topics-summary/69134?u=techapj
2017-08-31 23:44:54 +05:30
Sam
e282f10d94 defer drop alias_level 2017-08-28 13:26:13 -04:00
Bianca Nenciu
6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Neil Lalonde
2c56f8df7c FEATURE: show tags in search results 2017-08-25 11:52:59 -04:00
Sam
237968b1b7 PERF: add an index on slug to make sure that slug lookups are quick 2017-08-24 13:33:25 -04:00
Erick Guan
6e59149a77 FIX: rebuild index when engine replaced (#5021) 2017-08-16 07:38:34 -04:00
Guo Xiang Tan
b404a4b97c Merge pull request #5034 from tgxworld/fix_staged_primary_email
FIX: Staged users are still missing primary email.
2017-08-10 10:30:51 +09:00
Guo Xiang Tan
7a4aee4a7e FIX: updated_at needs to be set in migration as well. 2017-08-09 20:52:13 +09:00
Guo Xiang Tan
a9613163b5 FEATURE: Force user to enter reason when requesting for group membership. 2017-08-09 15:45:28 +09:00
Guo Xiang Tan
0bc690ed11 FIX: Staged users are still missing primary email. 2017-08-09 12:03:49 +09:00
Guo Xiang Tan
9a0eb2eeb1 Fix the build. 2017-08-08 10:03:04 +09:00
Guo Xiang Tan
1103ea7c4c Remove Rails 5 deprecation warning. 2017-08-08 00:48:57 +09:00
Guo Xiang Tan
3f24ed2b3e Can't revert due to incompatibility of new site setting types.
Revert "Revert "FEATURE: Site settings defaults per locale""

This reverts commit 439fe8ba24.
2017-08-07 10:43:09 +09:00
Guo Xiang Tan
439fe8ba24 Revert "FEATURE: Site settings defaults per locale"
This reverts commit 468a8fcd20.
2017-08-07 10:31:50 +09:00
Erick Guan
468a8fcd20 FEATURE: Site settings defaults per locale
This change-set allows setting different defaults for different locales. 

It also:

- Adds extensive testing around site setting validation

- raises deprecation error if site setting has the default property based on env

- relocated site settings for dev and tests in the initializer

- deprecated client_setting in the site setting's loading process

- ensure it raises when a enum site setting being set

- default_locale is promoted to `required` category.

- fixes incorrect default setting and validation

- fixes ensure type check for site settings

- creates a benchmark for site setting

- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Neil Lalonde
5d528f0d15 Merge pull request #4958 from dmacjam/search_posts_by_filetype
FEATURE: Search posts by filetype
2017-07-31 11:55:34 -04:00
Guo Xiang Tan
6e74f726cf FIX: Staged users did not have a UserEmail record. 2017-07-31 12:40:32 +09:00
Guo Xiang Tan
4620dfe92d FEATURE: Add group settngs to allow users to leave a group freely.
https://meta.discourse.org/t/split-join-leave-freely-setting-on-groups/65565
2017-07-28 15:00:25 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde
24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Neil Lalonde
d8c27e3871 Merge branch 'master' into search_posts_by_filetype 2017-07-25 14:41:20 -04:00
Leo McArdle
d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Robin Ward
97e211f837 FEATURE: Log Search Queries 2017-07-14 14:30:58 -04:00
Jakub Macina
bb392973ca Add migration with extension column to uploads. 2017-07-06 19:15:30 +02:00
Sam Saffron
d0d60af510 add back column temporarily to make deployment smoother 2017-07-04 10:31:10 -04:00
Sam
845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
16d356ab4e FEATURE: resending invite should include original custom message
https://meta.discourse.org/t/will-resent-invite-include-original-custom-message/64699
2017-06-30 18:13:33 +05:30
Jakub Macina
67ce4b70a6 Add index to extension column in TopicLink. 2017-06-20 13:01:31 +02:00
Jakub Macina
4c22f3a0e2 Add file extension column to TopicLinks. 2017-06-09 13:56:18 +02:00
Guo Xiang Tan
0ecb668d49 Merge pull request #4893 from tgxworld/remove_unused_columns
Remove columns that are no longer being used.
2017-06-06 10:07:00 +09:00
Guo Xiang Tan
0c203e61cd Raise ActiveRecord::IrreversibleMigration instead of StandardError. 2017-06-05 11:02:24 +09:00
Guo Xiang Tan
1c05ca91ea Remove columns that are no longer being used. 2017-06-05 10:59:05 +09:00
Guo Xiang Tan
ac6c1acbed FIX: Groups that do not have any owners should not allow membership requests. 2017-06-05 10:02:37 +09:00
Sam
0aed2533ac Revert unread optimisation, has too many edge cases 2017-05-26 09:04:13 -04:00
Sam Saffron
6674611960 correct migration so it always populates column 2017-05-25 18:50:51 -04:00
Sam Saffron
7d59ff67b8 adjust qurey to include messages, once everything is read
then mark first_topic_unread_at to be current time
2017-05-25 18:40:32 -04:00
Sam Saffron
1a1f5d2101 create or replace 2017-05-25 18:12:45 -04:00
Sam
29fac1ac18 PERF: improve performance of unread queries
Figuring out what unread topics a user has is a very expensive
operation over time.

Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)

When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.

This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.

We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Guo Xiang Tan
0984763013 Remove use of rescue nil in migration. 2017-05-17 09:18:49 +08:00
Guo Xiang Tan
eccfab6a19 Use execute instead of exec_sql in migration. 2017-05-17 09:18:42 +08:00
Neil Lalonde
7821400141 FEATURE: staff can set a timer to remind them about a topic 2017-05-16 14:49:50 -04:00
Sam
e1dd543a93 FEATURE: allow users to select theme on single device 2017-05-15 12:48:16 -04:00
Neil Lalonde
8b9799507c fix deploy problems due to renamed table 2017-05-12 15:17:25 -04:00
Sam
2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Neil Lalonde
55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Pat David
b7d16de914 Fix migrate AddCssClassNameToEmbeddableHosts 2017-05-11 15:16:16 -04:00
Pat David
84cd19686c Fix migration file problem 2017-05-11 15:16:16 -04:00
Pat David
4bf8548dc5 Add embed class name setup for embeddable hosts 2017-05-11 15:16:16 -04:00
Régis Hanol
eabfc59d51 rename 'convert_pasted_images_quality' site setting to 'png_to_jpg_quality' 2017-05-11 10:01:20 +02:00
Régis Hanol
53257a87ff remove 'convert_pasted_image' site setting 2017-05-11 09:16:53 +02:00
Guo Xiang Tan
71a266b673 Remove daily mailing mode option as it doesn't scale.
https://meta.discourse.org/t/daily-updates-option-for-mailing-list-mode/45029/14?u=tgxworld
2017-05-05 12:21:50 +08:00
Sam
6a6eed4ed2 DEV: column dropper class for cleaner removal of superflous columns
Also fixes issues during deploy cause target column was renamed in
theme_fields
2017-05-04 10:15:41 -04:00
Sam
946f25098f Refactor theme fields so they support custom theme defined vars
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Guo Xiang Tan
1f6418f907 Track error message in SchedulerStats. 2017-04-26 01:34:25 +08:00
Arpit Jalan
aeead60036 FIX: make TopicEmbed trashable 2017-04-25 18:40:39 +05:30
Sam
7a9eee1b71 FEATURE: default notification level for group messages
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Sam
7eabb90b71 FEATURE: added error messages for bad theme CSS / JS 2017-04-19 16:46:46 -04:00
Sam
5e3a0846f7 FEATURE: allow themes to share color schemes 2017-04-17 15:56:24 -04:00
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Guo Xiang Tan
f4758a4c4d FEATURE: Allow admins to schedule a topic to be published in the future. 2017-04-04 11:16:05 +08:00
Guo Xiang Tan
34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Neil Lalonde
11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Neil Lalonde
6d7e968e30 FEATURE: box-style rendering of sub-categories 2017-03-13 15:25:52 -04:00
Sam
99f4d5082b FIX: Improve token rotation and increase logging
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Neil Lalonde
6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Guo Xiang Tan
66a0a89591 PERF: Add index to speed up DirectoryItem.refresh_period! query. 2017-03-03 16:25:06 +08:00