github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 21:53:54 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
21,867 Commits 214 Branches 500 Tags 960 MiB
0f6a2b912a
Commit Graph

3470 Commits

Author SHA1 Message Date
Sam
0f6a2b912a SECURITY: always allow staff to resend activation mails 2017-03-13 10:33:21 -04:00
Guo Xiang Tan
1c44c87945 FIX: Store user's id instead for sending activation email. 
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
 2017-03-13 20:57:21 +08:00
Guo Xiang Tan
8c5e13afd6 SECURITY: Only allow users to resend activation email with a valid session. 
* Improve error when an active user tries to request for an activation email.
 2017-03-13 20:57:17 +08:00
Guo Xiang Tan
395f43d92f FIX: Don't mark user as active if verified email is different. 2017-03-13 20:57:02 +08:00
Robin Ward
2c9a43e4fd Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email." 
This reverts commit 1060239e2d.
 2017-02-27 13:37:08 -05:00
Guo Xiang Tan
5cd680b0be SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc Revert "SECURITY: Ensure that user has been authenticated." 
This reverts commit d1091f7f57.
 2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57 SECURITY: Ensure that user has been authenticated. 2017-02-24 11:46:59 +08:00
Sam
7912966209 SECURITY: inactive/suspended accounts should be banned from api 
Also fixes edge cases around users presenting multiple credentials
 2017-02-17 11:09:08 -05:00
Sam
1d3f04d4bb SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:48 -05:00
Régis Hanol
f49c9f6c43 FIX: log backups download/destroy staff action 
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
 2017-01-16 19:58:04 +01:00
Robin Ward
8f34c2332d Version bump to v1.7.1 2017-01-13 11:08:58 -05:00
Régis Hanol
9f3c38832e FIX: don't onebox to IP addresses 2017-01-12 22:36:59 +01:00
Guo Xiang Tan
38496985ef Fix syntax error. 2017-01-12 10:03:37 +08:00
Guo Xiang Tan
23d4435af1 Oops. 2017-01-12 09:56:20 +08:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Régis Hanol
887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Neil Lalonde
b177827841 more specs for staff action logging 2017-01-11 11:41:21 -05:00
Guo Xiang Tan
1758af9a1d FIX: Perform emoji unescape for topic titles in quotes. 2017-01-11 17:23:13 +08:00
Guo Xiang Tan
cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Régis Hanol
185dcb2ca1 handle emails with localized headers 😠 2017-01-09 22:59:30 +01:00
Guo Xiang Tan
3d21ccd4a5 FIX: Add validation to disallow censored words in topic title. 2017-01-09 16:55:41 +08:00
Régis Hanol
98c62bccb5 FIX: mark forwarded email as read by the forwarder 
FIX: 'Re:' prefix is mostly used for replies and not forwarded emails
 2017-01-06 15:33:55 +01:00
Guo Xiang Tan
58f3a2e9a9 Fix randomly failing spec. 2017-01-06 15:25:49 +08:00
Guo Xiang Tan
68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Guo Xiang Tan
d10fe51b72 Fix broken specs since all urls will be oneboxed. 2017-01-06 10:05:51 +08:00
Guo Xiang Tan
f473a119ff Remove unnecessary stub. 2017-01-06 08:53:30 +08:00
Arpit Jalan
7a1ff59822 FIX: PM email to suspended member was broken 2017-01-05 13:58:14 +05:30
Guo Xiang Tan
a89f60b85b Merge pull request #4631 from tgxworld/prevent_users_from_changing_permissions_of_non_real_users 
FIX: Do not allow admins to meddle with admin and moderation access o…
 2017-01-04 09:10:27 +08:00
Robin Ward
cf7774bdd9 FEATURE: Block muted users from sending you PMs 2017-01-03 14:51:53 -05:00
Guo Xiang Tan
c68bcfeb72 Improve spec. 2017-01-03 15:36:36 +08:00
Guo Xiang Tan
ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Arpit Jalan
495a511862 simplify quote markup in emails 2017-01-02 21:37:01 +05:30
Guo Xiang Tan
f1beef43a8 Merge pull request #4618 from tgxworld/fix_invalid_emails 
FIX: Don't allow invalid email to be saved.
 2016-12-30 07:11:48 +08:00
Guo Xiang Tan
c7b151683d FIX: Do not allow admins to meddle with admin and moderation access of non real users. 2016-12-29 11:11:33 +08:00
Neil Lalonde
9c40657ba4 FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level 2016-12-28 17:36:04 -05:00
Sam
d28d8a1f85 FIX: order by op_likes leads to broken browsing 2016-12-27 19:08:54 +11:00
Arpit Jalan
d72cbcb2a4 FEATURE: new setting to validate user website 2016-12-26 21:29:27 +05:30
Guo Xiang Tan
5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan
8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Sam
c531f4ded5 remove rails-observers 
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
 2016-12-22 16:46:53 +11:00
Sam
019f1a1d06 UserEmailObserver is now removed 
no big surprises here was pretty straightforward

after_commit semantics sure are weird though
 2016-12-22 16:46:53 +11:00
Sam
2f6a4cc6de remove UserActionObserver, replace with after_save and service 
interestingly there was some left over dead code from when stars
existed in the topic_users table
 2016-12-22 16:46:53 +11:00
Sam
0a78ae739d Remove SearchObserver, aim is to remove all observers 
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
 2016-12-22 13:13:14 +11:00
Guo Xiang Tan
28befcb5d4 Fix specs. 2016-12-21 21:21:39 +08:00
Guo Xiang Tan
076a08d8e1 FIX: Unactivated users should not be automatically added into groups as well. 2016-12-21 18:15:01 +08:00
Guo Xiang Tan
7228081820 FIX: Automatic group membership should not add staged or unactivated users. 2016-12-21 18:04:26 +08:00
Guo Xiang Tan
13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Guo Xiang Tan
5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Neil Lalonde
c75bebdea2 FIX: uncategorized setting to control whether topic featured links are allowed 2016-12-20 15:55:30 -05:00