Robin Ward
32e2d7963a
FEATURE: Show FAQ at top of the hamburger until the user reads it
2015-09-04 16:56:02 -04:00
Arpit Jalan
99edcddafb
FEATURE: show pending/redeemed invite count in tabs
2015-08-25 01:12:46 +05:30
Arpit Jalan
91519fdfe7
FIX: do not persist error message
2015-08-24 00:29:58 +05:30
Kane York
2a897a8a6b
SECURITY: Remove email validation check bypass
...
- Increase size of email column to varchar(513)
- Give error message on signup when email is too large
Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-13 15:36:17 -07:00
Arpit Jalan
e0c9054748
FEATURE: invite page tabs
2015-07-13 09:42:51 +05:30
Doug
5e615ef26e
Fixed bug that caused substrings of reserved usernames to be treated as reserved.
2015-07-06 23:54:25 -07:00
Kane York
df988a20eb
FEATURE: Reserved usernames
...
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Sam
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam Saffron
c58b495e15
SECURITY: Query @usernames in bulk
...
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
Sam Saffron
4409a3072d
FEATURE: we need admin login always
2015-06-05 18:43:59 +10:00
Régis Hanol
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
Régis Hanol
b7f8680618
fix build (:fired:)
2015-05-20 17:51:33 +02:00
Régis Hanol
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
Ryan Fox
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Sam
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
Sam
77cc087b13
FIX: proper error message when account created is hit with no session
2015-05-07 11:00:22 +10:00
Arpit Jalan
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
Robin Ward
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Sam
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
Sam
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
Régis Hanol
1ec73b5ba0
FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency
2015-04-02 16:24:27 +02:00
Robin Ward
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
Robin Ward
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
Robin Ward
7ef306cd3b
A bunch of tweaks to the Users directory
...
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Neil Lalonde
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
Sam
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
Robin Ward
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
Sam
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam
3a0cd0b760
make custom fields a bit more permissive input wise
2015-02-06 09:03:23 +11:00
Ryan Fox
1f0915bf83
Allow periods in the external_id value used in the /users/by-external route.
2015-02-02 12:55:32 -05:00
Sam
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Régis Hanol
cd2c9edb46
FIX: 🐛 upload on IE9 wasn't working :'(
...
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Greg Kempe
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
riking
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Robin Ward
987504c6ab
Rename no_js
layout to no_ember
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Régis Hanol
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
Blake Erickson
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Blake Erickson
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Régis Hanol
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
Régis Hanol
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
Robin Ward
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Régis Hanol
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
Robin Ward
f9a8f6d6ce
FEATURE: Support for a required
setting on user fields.
2014-10-08 15:10:19 -04:00
Sam
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
Robin Ward
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
Arpit Jalan
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
Robin Ward
be93f224a6
Revert "add user email on account created page"
...
This reverts commit 164fc1108a
.
2014-10-01 10:30:26 -04:00
Arpit Jalan
164fc1108a
add user email on account created page
2014-10-01 13:53:50 +05:30
Robin Ward
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
Régis Hanol
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
Sam
a901d682fe
raise not found if user is not found
2014-09-25 17:45:45 +10:00
Sam
8f8ea735ee
FIX: allow retry activation of account by username or password
2014-09-25 17:42:48 +10:00
Arpit Jalan
b3838c2c1c
Trigger browser password manager after sigining up
2014-09-24 01:04:36 +05:30
Sam
7a4082cbad
FIX: allow API to create users when invite_only is true
2014-09-23 09:06:19 +10:00
Neil Lalonde
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
riking
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
Robin Ward
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
Robin Ward
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
Arpit Jalan
4cd8abc905
FEATURE: dynamically load invites
2014-08-05 22:20:23 +05:30
Neil Lalonde
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce
Check honeypot/challenge value on activation too
2014-07-15 14:07:35 -04:00
riking
915f60b0fc
Don't redirect to login when activating account...
2014-07-15 10:50:28 -07:00
Neil Lalonde
766196af87
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations
2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85
FEATURE: Require Javascript to activate an account via email link
2014-07-14 12:26:10 -04:00
Sam
4a2cc269ab
FIX: allow selection of no title
2014-07-14 18:07:07 +10:00
Sam
833c50c460
FEATURE: Read Faq badge
2014-07-11 17:32:29 +10:00
Sam
9a9ad9bda8
FEATURE: Badge progress
...
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam
5a0aed2bfa
FIX: regression, forgot password broken
...
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward
9000c358d1
REFACTOR: Use common path for RESTful DELETE
action from upload image
...
component
2014-06-30 14:13:59 -04:00
Robin Ward
4088fba4f2
REFACTOR: Convert profile background uploader to be an ember component
2014-06-30 14:13:59 -04:00
Andrew Bezzub
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
riking
6e698315d6
Allow all /my URLs
...
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam
91b6459f2b
BUGFIX: allow users to pick no avatar
2014-05-30 14:45:55 +10:00
Sam
5adc486cef
BUGFIX: missing avatars in topic map
...
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam
504cfcff96
Fix specs for avatars
...
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
Neil Lalonde
6e0eb89697
Don't show suspended users in autocomplete fields unless you are staff
2014-05-13 11:44:15 -04:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
f61f29439e
Track the ip address where user was registered
2014-04-29 14:37:56 -04:00
Vikhyat Korrapati
b4e037dfb2
Allow badges to be marked as "titleable".
2014-04-28 10:30:38 +05:30
Régis Hanol
64b8f2f759
TRIVIAL: remove puts statement (cc. @eviltrout)
2014-04-21 23:00:13 +02:00
Robin Ward
b9ca124756
Support for /my/preferences to automatically redirect to the logged in
...
user.
2014-04-21 11:52:11 -04:00
Vikhyat Korrapati
8113e8d897
Basic UI for selecting gold/silver badges as titles.
2014-04-18 09:20:51 +05:30
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
Sam
be06156629
SECURITY: when enabled_local_logins is false users could log in via API
...
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Sam
619fa50d4b
BUGFIX: twitter auth asking for a password
2014-03-20 14:49:25 +11:00
Neil Lalonde
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
Johan Jatko
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Leonard Teo
c13aa8852b
Whitelist :active param so that we can automatically create users that are active via API
2014-02-04 15:40:30 -05:00