Commit Graph

3859 Commits

Author SHA1 Message Date
Arpit Jalan
1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Arpit Jalan
8dea70d354 Revert "FIX: User website allows new TLDs" 2017-04-18 13:18:51 +05:30
Rafael dos Santos Silva
4289dbe3e5 FIX: User website allows new TLDs 2017-04-18 00:30:37 -03:00
Robin Ward
1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Sam
5e3a0846f7 FEATURE: allow themes to share color schemes 2017-04-17 15:56:24 -04:00
Arpit Jalan
7389831961 Fix the build 2017-04-15 15:52:35 +05:30
Arpit Jalan
0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Jeff Atwood
d12ba0548c Merge pull request #4812 from cpradio/spec-auto-notification-update
Add spec for auto notification update
2017-04-14 16:01:38 -07:00
cpradio
e3ad50de05 Add spec for auto notification update
It should update the topic subscription so long as what is being requested is higher than what is currently set for the user and the given topic
It should not update the topic subscription if the requested subscription is less than what is currently set for the user and given topic
2017-04-14 18:30:01 -04:00
Sam
4b6c49b13f correct specs 2017-04-14 15:25:34 -04:00
Sam
def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Sam
809fbb25ce FIX: blanking theme field was not properly removing it 2017-04-13 17:24:15 -04:00
Guo Xiang Tan
3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Guo Xiang Tan
bda20cc44a FIX: Don't enqueue topic status update job if topic is deleted. 2017-04-13 12:02:35 +08:00
Guo Xiang Tan
57788200ec REFACTOR: Add User.reserved_username?. 2017-04-13 10:44:26 +08:00
Sam
a7ed8a0310 correct theme importer to support embedded.scss 2017-04-12 11:30:16 -04:00
Sam
95d095c97d test should be configuring git info 2017-04-12 11:19:47 -04:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Dean Taylor
1a9afa976d FEATURE: Add AWS S3 EU (London) "eu-west-2" region 2017-04-12 10:38:17 -04:00
Guo Xiang Tan
24d3c77d19 Fix the build. 2017-04-12 10:38:17 -04:00
Guo Xiang Tan
7cb389a235 Add DiscourseEvent trigger when user's topic notification level changes. 2017-04-12 11:56:50 +08:00
Arpit Jalan
8fb41bf5fb FIX: update timestamp when resending invite 2017-04-11 20:02:32 +05:30
Guo Xiang Tan
5a57278a8e Fix build. 2017-04-11 21:37:57 +08:00
Guo Xiang Tan
73180c8a19 FIX: Private message can be set to publish in the future. 2017-04-11 20:44:25 +08:00
Guo Xiang Tan
3861bd2793 FIX: Quotes should be ignored when parsing for onebox source. 2017-04-11 15:22:21 +08:00
Guo Xiang Tan
0a4c30bce3 FIX: Handle cases where alt and title tag is blank when parsing excerpt. 2017-04-11 14:18:27 +08:00
Guo Xiang Tan
c076f7b1aa Fix broken specs. 2017-04-11 10:43:34 +08:00
Guo Xiang Tan
aadf4805a5 FIX: Topic status update not being deleted once it has been executed. 2017-04-11 10:32:13 +08:00
Guo Xiang Tan
e49f3a408e FEATURE: Add option for ExcerptParser to keep onebox source. 2017-04-10 16:11:58 +08:00
Robin Ward
e2ff06ce02 FIX: rounding error in spec 2017-04-07 17:44:02 -04:00
Robin Ward
40cee37bcc FIX: Don't insert topic status messages unless the status changes 2017-04-07 17:10:43 -04:00
Guo Xiang Tan
9663a74445 FIX: Ensure username param is valid in NotificationsController. 2017-04-07 17:32:52 +08:00
Guo Xiang Tan
71501feaf3 Improve validation for TopicStatusUpdate. 2017-04-07 15:32:00 +08:00
Guo Xiang Tan
690d2f4bd3 UX: Publish topic changes when topic is published. 2017-04-07 15:32:00 +08:00
Guo Xiang Tan
48a9860f07 FIX: Publish topic to a category should unlist it as well. 2017-04-07 13:58:52 +08:00
David Rodríguez
934bff43d9 FIX: Copy post actions when moving a topic. 2017-04-06 12:16:22 +08:00
Robin Ward
40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Sam Saffron
48d9c69117 remove confusing comment 2017-04-05 08:46:35 -04:00
Sam Saffron
cd39049262 SECURITY: do not send push notifications to suspended users 2017-04-05 08:28:24 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward
a649014adf Add spec for validation on group mention updater 2017-04-04 11:22:39 -04:00
Guo Xiang Tan
ad44d2a400 Merge pull request #4790 from tgxworld/add_publish_to_topic_status_update
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:18:53 +08:00
Guo Xiang Tan
f4758a4c4d FEATURE: Allow admins to schedule a topic to be published in the future. 2017-04-04 11:16:05 +08:00
Robin Ward
ebe232da47 Weigh staff votes more for New User of the Month badges 2017-04-03 16:52:31 -04:00
Robin Ward
a13a8dc96c FIX: Safeguard to not award NewUserOfTheMonth if it hasn't been a month 2017-04-03 13:26:51 -04:00
Arpit Jalan
5ff29ce321 add test case for topic status update based on last post 2017-04-03 22:35:56 +05:30
Robin Ward
3d64f33d40 Require at least two likes to get the "New User of the Month" badge 2017-04-03 13:03:28 -04:00
Robin Ward
b189486fc0 We can do a lot less work in the test since we eased the criteria 2017-04-03 12:15:24 -04:00
Guo Xiang Tan
dc5a6e7cda Remove empty test. 2017-04-03 21:12:20 +08:00
Guo Xiang Tan
5cf75c67df FIX: Callback undefined error when topic has been deleted. 2017-04-03 09:06:15 +08:00
Robin Ward
e4b1376146 Change New User of the Month Badge to use trust level rather than age 2017-03-31 16:56:58 -04:00
Robin Ward
a8d3779f0b Update New User of the Month badge to require 4 posts in 2 topics 2017-03-31 16:52:00 -04:00
Robin Ward
fc7fa4c0ad Rename "Rookie of the Month" to "New User of the Month" 2017-03-31 16:30:30 -04:00
Robin Ward
893e93dfbe New badge, Rookie of the Month, for two new high quality users. 2017-03-31 15:06:31 -04:00
Guo Xiang Tan
0bbad5040a topic-status-info component wasn't updated when topic is closed/opened. 2017-03-31 15:58:26 +08:00
Guo Xiang Tan
b6e9871b4b Update Topic#closed client side when closing/opening a topic temporarily. 2017-03-31 15:05:00 +08:00
Guo Xiang Tan
ed577fbff8 FEATURE: Pause a topic instead of permanently closing when flag threshold is reached. 2017-03-31 14:35:05 +08:00
Guo Xiang Tan
34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
7b6242bfbb Minor cleanup of /users/ rename 2017-03-30 10:23:24 -04:00
Robin Ward
14410b71fb Convert server side paths to use /u/ 2017-03-30 10:23:24 -04:00
Robin Ward
45a257815a Convert front end paths from /users/ to /u/ 2017-03-30 10:23:24 -04:00
Robin Ward
6b976433c9 Support for both /users/ and /u/ paths 2017-03-30 10:23:24 -04:00
Yana Agun Siswanto
cd2d2f16e5 Allow to order search results by the topic creation date
based on: https://meta.discourse.org/t/allow-to-order-search-results-by-the-topic-creation-date/38544
2017-03-30 01:18:38 +07:00
Guo Xiang Tan
7cf0f39066 Require Sidekiq::Testing in rails helper. 2017-03-29 11:10:25 +08:00
Arpit Jalan
4812417192 FIX: do not add user to group based on email domain unless email is confirmed 2017-03-28 15:02:40 +05:30
Arpit Jalan
8bf12502bd Merge pull request #4780 from techAPJ/send-statistics
FEATURE: Send anonymized usage statistics to Discourse if "Discourse Hub" can't reach the site
2017-03-28 10:02:05 +05:30
Arpit Jalan
f3cd5f61c5 FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site 2017-03-28 09:07:23 +05:30
Régis Hanol
dd1cc23caf fix randomly failing specs 2017-03-27 22:47:41 +02:00
Arpit Jalan
3378e2d49f FIX: update topic fancy title when updating category name 2017-03-26 12:29:53 +05:30
Régis Hanol
dfe1d3adfd Merge pull request #4778 from techAPJ/admin-message-format
FIX: admin locales were not getting converted to message format
2017-03-25 11:59:56 +01:00
Guo Xiang Tan
7c17966171 FEATURE: Include email in User webhook.
https://meta.discourse.org/t/should-the-email-address-of-a-new-user-be-included-in-the-webhook/59255
2017-03-25 08:23:01 +08:00
Arpit Jalan
3449339fea FIX: admin locales were not getting converted to message format 2017-03-25 01:12:23 +05:30
Guo Xiang Tan
b87c5eb1b6 Fix randomly failing spec. 2017-03-24 15:46:42 +08:00
Guo Xiang Tan
3ef82bb32c SECURITY: CSRF vulnerabilities in Admin::BackupsController. 2017-03-23 10:29:35 +08:00
Neil Lalonde
11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Arpit Jalan
786fd6bbd2 Merge pull request #4774 from techAPJ/email-prefix
FIX: use email prefix only in subject
2017-03-22 14:18:50 +05:30
Arpit Jalan
295cf8839e FIX: better error message when invited user already exists 2017-03-22 13:55:28 +05:30
Arpit Jalan
1853a4852c FIX: use email prefix only in subject 2017-03-21 20:29:57 +05:30
Arpit Jalan
df246c79b6 FEATURE: add user profile fields in user list export 2017-03-21 15:51:52 +05:30
Arpit Jalan
82c0f5f587 Merge pull request #4767 from techAPJ/activate-account
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan
7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Sam
74dbe877d8 test for side effect without mock 2017-03-20 16:15:23 -04:00
Sam
c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Arpit Jalan
8cbfa24ca2 Fix failing test 2017-03-20 20:14:25 +05:30
Arpit Jalan
521c88fe58 FIX: enqueue activation email for invited user that has password set 2017-03-20 17:13:21 +05:30
Guo Xiang Tan
a1d04a7a9a Fix rspec tests. 2017-03-20 12:35:08 +08:00
Guo Xiang Tan
6057e17ae7 Fix weird test failure. 2017-03-20 12:06:37 +08:00
Robin Ward
fd591257a8 Merge pull request #4759 from kennym/support-ports-for-ip-addresses-in-embedding
FIX: Allow ports for embed host IPs
2017-03-16 11:23:42 -04:00
Guo Xiang Tan
5169ef8814 Fix broken specs. 2017-03-16 15:05:28 +08:00
Guo Xiang Tan
bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Erick Guan
cfbfea0596 FEATURE: Allow easier customization to the web hook event serialization. 2017-03-16 10:09:05 +08:00
Guo Xiang Tan
bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Kenny Meyer
ae957bca25 Allow ports for embed host IPs 2017-03-15 18:16:34 -03:00
Guo Xiang Tan
685c26961f Fix randomly failing specs. 2017-03-14 16:28:05 +08:00
Guo Xiang Tan
6312b8b7e4 Fix failing specs. 2017-03-14 14:58:22 +08:00
Guo Xiang Tan
d173473509 Fix randomly failing specs. 2017-03-14 14:43:48 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Sam
64680286f4 correct logic, so revalidation is reset
correct test so it can run at any point
2017-03-13 10:47:43 -04:00
Sam
a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Sam
ef24fd54ba FEATUE: automatically validate token is stored in redis
This ensures we have some handling for redis flushall

We attempt to recover our in-memory session token once every 30 seconds

Code is careful to only set the token if it is nil, to allow for manual
cycling to remain safe if needed
2017-03-13 10:19:02 -04:00
Sam
82ca0e368e FEATURE: stop escaping special chars in title prettify
This feature is confusting and just leads to inconsistency
2017-03-13 10:02:20 -04:00
Guo Xiang Tan
9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan
848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Guo Xiang Tan
4d4a1a1552 Add scope for human users. 2017-03-11 14:25:09 +08:00
Sam
6ebddc42d1 FIX: include children categories when searching a category 2017-03-10 15:58:47 -05:00
Neil Lalonde
402ddb810c FIX: email customizations now apply to both html and text parts 2017-03-10 14:08:03 -05:00
Sam
bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Guo Xiang Tan
9cc79363e0 Merge pull request #4744 from tgxworld/feature_seen_unseen_search
FEATURE: Search can be scoped to posts that the current user has seen…
2017-03-09 07:11:19 +08:00
Régis Hanol
23b06d2895 FIX: should not try to send digest to users who reached the bounce threshold 2017-03-08 19:19:11 +01:00
Guo Xiang Tan
c623951306 FEATURE: Search can be scoped to posts that the current user has seen/unseen.
https://meta.discourse.org/t/advanced-search-posts-that-i-have-seen/57966
2017-03-09 01:01:33 +08:00
Arpit Jalan
801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Régis Hanol
cf8bc4483f FIX: always send critical emails even when bounce score threshold has been reached 2017-03-08 10:06:16 +01:00
Arpit Jalan
090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Régis Hanol
ee9d621d9c FIX: surround the FROM alias with " in order to support the @ character 2017-03-07 23:37:21 +01:00
Sam
99f4d5082b FIX: Improve token rotation and increase logging
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Neil Lalonde
0661cebbcf fix intermittent failing spec 2017-03-07 11:59:05 -05:00
Neil Lalonde
d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Robin Ward
dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Guo Xiang Tan
d1e587c10a Merge pull request #4737 from oblakeerickson/approve_invited_user
FIX: approve invited user
2017-03-07 21:14:34 +08:00
Régis Hanol
0abe433495 Merge pull request #4736 from techAPJ/group-bulk-add
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
Guo Xiang Tan
7d82a53dfe FIX: Group#name is case insensitive. 2017-03-06 17:24:03 +08:00
Arpit Jalan
d5bcc70e9c FIX: grant trust level when bulk adding users to group 2017-03-06 14:39:53 +05:30
Guo Xiang Tan
66b5f97743 Merge pull request #4739 from tgxworld/fix_cant_recover_a_topic_that_belongs_to_a_deleted_user
Fix cant recover a topic that belongs to a deleted user
2017-03-06 15:12:54 +08:00
Guo Xiang Tan
8aea3caf00 FIX: Ensure that we only move posts that belong to the original topic. 2017-03-06 15:04:10 +08:00
Guo Xiang Tan
477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Guo Xiang Tan
a28704bcee FIX: Can't recover a post when its user has been deleted.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 14:29:06 +08:00
Blake Erickson
dbb3ddc7a6 FIX: approve invited user
This commit fixes the case where invited users who typed in a password
would not be approved by default. Because we moved the user create logic
for an invited user there was a clash with the `save` in the user model
and the `save` in the invite_redeemer class.

- added approve logic into invite_redeemer class.
- added tests to verify that the user is approved
- added a check to see if must_approve_users is on
- added a check to see if the inviter is staff
- go ahead and approve the user if must_approve_users is off
- keep existing User.approve workflow if user exists
- improve if/else logic to remove duplicate code
- use `Time.zone.now`
2017-03-05 06:58:23 -07:00
Sam
c99f4260c0 Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Guo Xiang Tan
bcf634ca85 Merge pull request #4728 from nbianca/username-regex
Add support for username regex.
2017-03-03 22:59:23 +08:00
Bianca Nenciu
30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Guo Xiang Tan
3d347fb9c4 FIX: Don't mark user as active if verified email is different. 2017-03-02 14:24:30 +08:00
Neil Lalonde
51d7dc4355 switch contents of embeddable_host_fabricator.rb and category_fabricator.rb 2017-03-01 15:13:31 -05:00
Neil Lalonde
262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan
e27b1b98d1 FIX: handle new user when logging name change 2017-03-01 13:43:57 +05:30
Guo Xiang Tan
107d6783a9 Remove use of stubs in tests. 2017-03-01 10:53:03 +08:00
Guo Xiang Tan
76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Robin Ward
d27575176a Enforce a minimum amount of posters in a topic for get_a_room 2017-02-28 16:47:16 -05:00
Sam
122fb8025d FIX: last seen date erroneously updated when browser in background
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde
292dd8623c Merge pull request #4622 from dmacjam/master
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Sam
3ac4709903 FIX: on initial token issue stop unmarking token as unseen
prev and current are the same so we need special logic to bypass
2017-02-28 10:38:22 -05:00
Guo Xiang Tan
e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Sam
1e980ad4e6 Merge pull request #4721 from oblakeerickson/sort_admin_users_api
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Arpit Jalan
6661cebff8 FIX: do not log duplicate username changes 2017-02-28 01:32:00 +05:30
Neil Lalonde
e634b37f9a FIX: from field of emails should be including email_site_title or site title settings 2017-02-27 14:23:07 -05:00
Arpit Jalan
b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward
0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Robin Ward
bf9626d031 FIX: Embedding was broken with non-english URLs and ports 2017-02-27 12:17:52 -05:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
jomaxro
f5673fbd47 Remove references to elder
The use of the TL4 name Elder was changed in 2014 to Leader.  The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Sam Saffron
7e8f0dc967 FIX: attempt to handle ios edge case where token is seen but unsaved
This relaxes our security in the following way

- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)

- new auth token is marked unseen if we are presented with an old token
after we already saw new one

This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
Blake Erickson
0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
Blake Erickson
e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson
0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol
ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam
ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Neil Lalonde
0551b3f5ee FEATURE: replace emoji with unicode in title and description meta tags 2017-02-22 16:24:13 -05:00
Sam Saffron
b7d2edc7dc FIX: allow some auth token misses prior to clearing cookie
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Arpit Jalan
213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0 FIX: allow staff members to send PMs when enable_private_messages is disabled 2017-02-22 11:32:09 +05:30
Neil Lalonde
c94fdcea38 FIX: admin dashboard posts count should not include system posts and whispers 2017-02-21 14:45:41 -05:00
Arpit Jalan
046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Jakub Macina
4a2f13348a ADD: Append tags bulk action for topics 2017-02-20 18:14:32 +01:00
Régis Hanol
f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Robin Ward
e62c0a42fa FIX: Support multiple embeddable host records with the same host 2017-02-17 12:41:34 -05:00
Sam
7a85469c4c SECURITY: inactive/suspended accounts should be banned from api
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:03:09 -05:00
Neil Lalonde
c0e1722ca6 fix intermittent spec failure due to Time comparison with TimeWithZone 2017-02-17 10:30:29 -05:00
Neil Lalonde
3fb50d587d FIX: invited users and new TL1 users will see their first notification highlighted 2017-02-17 10:30:29 -05:00
Jeff Atwood
9b263a0559 increase req min unique pw chars from 5 to 6 2017-02-16 17:06:19 -08:00
Neil Lalonde
4b28bfaa15 Merge pull request #4710 from ento/fix-s3-config-check
FIX: admin dashboard shouldn't complain when using IAM profile for S3 access
2017-02-15 17:02:07 -05:00
Neil Lalonde
d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam
74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Sam
9c51e3e8e7 amend preloader api to supply topic list 2017-02-15 12:04:02 -05:00
Sam
2c59ffeb2c FIX: token rotation not accounting for overlapping tokens correctly
also... freeze_time has no block form, correct all usages and specs
2017-02-15 10:58:18 -05:00
Marica Odagaki
af9c97ec43 Add failing tests 2017-02-15 00:05:58 -08:00
Marica Odagaki
2c1279b740 Fix typo to be more consistent with other test descriptions 2017-02-15 00:04:10 -08:00
Sam
f2099c3811 adjust API 2017-02-14 16:32:33 -05:00
Sam
89d5e8ab4b FEATURE: allow plugins to preload data in topic list 2017-02-14 16:29:06 -05:00
Sam
8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Sam
783bac9ff7 less stubbing for better clarity and robustness 2017-02-13 14:34:15 -05:00
Sam
7652901b75 reduce mocking and stubbing in controller spec 2017-02-13 14:31:15 -05:00
Sam
0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Robin Ward
e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Jeff Atwood
3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Neil Lalonde
94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Sam Saffron
4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Neil Lalonde
1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00