Commit Graph

403 Commits

Author SHA1 Message Date
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
David Taylor
2bb08d93e4 FIX: When activating a user, ensure the change is reflected immediately
When activating a user via an external provider, this would cause the "this account is not activated" message to show on the first attempt, even though the account had been activated correctly.
2019-08-28 14:07:16 +01:00
Robin Ward
1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Neil Lalonde
6f747c6b71 FIX: don't allow username to be changed to same as password
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
2019-05-13 16:43:40 -04:00
Daniel Waterworth
e219588142 DEV: Prefabrication (test optimization) (#7414)
* Introduced fab!, a helper that creates database state for a group

It's almost identical to let_it_be, except:

 1. It creates a new object for each test by default,
 2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
Sam Saffron
9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Sam Saffron
4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Gerhard Schlager
7a27c93c03 FIX: URL encode username and first letter in avatar URL
And it adds specs as a follow-up to aadb7da7
2019-04-29 15:08:14 +02:00
Sam Saffron
45285f1477 DEV: remove update_attributes which is deprecated in Rails 6
See: https://github.com/rails/rails/pull/31998

update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Gerhard Schlager
a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Daniel Waterworth
bf313c1b68 DEV: User email test optimization (#7405) 2019-04-23 17:49:05 +08:00
David Taylor
24ef4f7b2b Remove support for disable_jump_reply user setting (#7359) 2019-04-12 09:03:06 +10:00
Robin Ward
c1ea63bdc1 FIX: Reviewables should not be created for users until they are active
Conversely, if a user is deactivated the reviewable should automatically
be rejected.

Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel
7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Robin Ward
fa5a158683 REFACTOR: Move queue_jobs out of SiteSetting
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Robin Ward
d1d9a4f128 Add new run_jobs_synchronously! helper for tests
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.

I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
David Taylor
fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator (#7120)
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Joffrey JAFFEUX
703c724cf3
REFACTOR: Migrate InstagramAuthenticator to use ManagedAuthenticator (#7081) 2019-03-04 14:54:28 +01:00
David Taylor
f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Robin Ward
c719658f9f human? helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Sam
d5ecf8e8c2 FIX: properly clean out post and user actions on destroy user
This corrects 2 issues:

First is a regression with d7c08e21 for some reason dependent :delete_all
respects default scopes where-as dependent :destroy bypasses it.

Secondly, we were keeping orphan user actions around on user destroy, this
ensures we remove all the user actions not only ones that originated by
the user.

So for example: if I like a post of user A we create a user action saying I
did that, but once user A is deleted we were not removing the action leading
to an orphan action in the database.
2019-01-17 12:40:30 +11:00
Neil Lalonde
ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Arpit Jalan
7550e9ff95 FIX: purge unactivated users with a message from non-human users 2018-06-29 13:03:04 +05:30
Jeff Wong
bc52bdfa12 Feature: unconditionally consider TL0 users as "first day" users 2018-06-21 10:53:08 -07:00
Guo Xiang Tan
7fc8a36529 DEV: Take 2 Queue jobs in tests by default.
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan
56e9ff6853 Revert "DEV: Queue jobs in tests by default."
Too risky for now

This reverts commit be28154d3b.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan
be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
Gerhard Schlager
beed676b04 FIX: Check group names when checking username availability 2018-05-22 21:55:54 +02:00
Arpit Jalan
aee4045dd0 FIX: suggest name when username/name is provided 2018-05-17 10:36:36 +05:30
Régis Hanol
39aceed63d FIX: don't purge unactivated users with a message 2018-05-16 18:24:11 +02:00
Régis Hanol
a28c58feb1 FIX: automatic group membership when using SSO 2018-05-15 01:48:30 +02:00
Sam
8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Guo Xiang Tan
221503cd10 FIX: Add server side uniqueness validations for Group#name and User#username.
https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2018-04-02 18:19:18 +08:00
Guo Xiang Tan
35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Guo Xiang Tan
f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan
69a53210d3 Improve UserEmail#email validation to use the index. 2018-03-20 10:22:06 +08:00
Gerhard Schlager
fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Arpit Jalan
c66405df7e correct spec description 2018-02-15 17:49:57 +05:30
Arpit Jalan
f07b1a5c05 FIX: activate user even if email token is already confirmed 2018-02-14 20:44:48 +05:30
Arpit Jalan
f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Gerhard Schlager
b784c1eda4 FIX: Remove all notifications of staged user during sign-up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
d9515c37b3 FIX: Show message from discobot when staged user signs up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Guo Xiang Tan
8a3bbcb19a FIX: Add guard to prevent a primary UserEmail from being reassigned. 2018-01-04 19:40:50 +08:00
Régis Hanol
62a5b174e1 FIX: wasn't able to use the same username when taking over a staged account 2017-12-12 11:26:00 +01:00
Vinoth Kannan
7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Guo Xiang Tan
defea6245c REFACTOR: Always validate email by default. 2017-10-25 13:48:34 +08:00
Guo Xiang Tan
19f3b81161 Revert "FIX: always trigger the ':user_updated' event"
This reverts commit 519b70ea46.

https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
Guo Xiang Tan
c872225762 Improve MessageBus.track_publish to allow filter by channel. 2017-10-02 11:34:57 +08:00
Guo Xiang Tan
e542884b00 FIX: Incorrect notification state being published. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Neil Lalonde
d7d9923b8e FIX: display email validation error messages 2017-09-11 13:22:14 -04:00
Neil Lalonde
398604ac71 FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users 2017-08-25 15:20:06 -04:00
Sam
bcbee91f0c lint 2017-08-24 13:24:52 -04:00
Sam
f60a1b0275 correct erratic spec 2017-08-24 13:19:26 -04:00
Guo Xiang Tan
b77aa29e71 Merge pull request #5013 from LeoMcA/alternate-emails-phase-1.5
FIX: add additional email to tests and clean up resulting mess
2017-08-16 16:19:28 +09:00
Guo Xiang Tan
0bc690ed11 FIX: Staged users are still missing primary email. 2017-08-09 12:03:49 +09:00
Régis Hanol
519b70ea46 FIX: always trigger the ':user_updated' event
We don't always use the UserUpdated class to update a user's record
2017-08-04 18:12:10 +02:00
Leo McArdle
836dee1120 FIX: add additional email to tests and clean up resulting mess 2017-07-31 22:27:29 +00:00
Guo Xiang Tan
305b9b2da0 Add spec to ensure that even staged users contain a primary email. 2017-07-31 12:16:08 +09:00
Guo Xiang Tan
24e0e000b9 FIX: Always validate presence of user's primary_email. 2017-07-31 11:47:29 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam Saffron
045a2abcec FEATURE: remove the timecop gem
We should only have one way of mocking time, misuse of timecop
was causing build stability issues
2017-07-24 12:11:10 -04:00
Leo McArdle
d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Guo Xiang Tan
13f3de4bf6 Nuke all SiteSetting.stubs from our codebase. 2017-07-07 15:09:14 +09:00
Régis Hanol
d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Guo Xiang Tan
bd486100c0 Remove stubs on DiscourseEvent in tests. 2017-06-01 16:21:00 +09:00
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Guo Xiang Tan
57788200ec REFACTOR: Add User.reserved_username?. 2017-04-13 10:44:26 +08:00
Arpit Jalan
4812417192 FIX: do not add user to group based on email domain unless email is confirmed 2017-03-28 15:02:40 +05:30
Guo Xiang Tan
4d4a1a1552 Add scope for human users. 2017-03-11 14:25:09 +08:00
Bianca Nenciu
30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Neil Lalonde
3fb50d587d FIX: invited users and new TL1 users will see their first notification highlighted 2017-02-17 10:30:29 -05:00
Robin Ward
e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol
84af84dc52 prevent inactive & staged users from being automatically added to a group 2017-02-06 17:49:27 +01:00
Guo Xiang Tan
63954c1b33 FIX: Same user record being saved twice causing validation to fail. 2017-01-16 16:41:03 +08:00
Guo Xiang Tan
ed5fa20b0c Revert "FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level"
This reverts commit 9c40657ba4.

Calling this whenever a user is initialize is hurting us bad
on performance.
2017-01-16 09:44:10 +08:00
Guo Xiang Tan
f1beef43a8 Merge pull request #4618 from tgxworld/fix_invalid_emails
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Neil Lalonde
9c40657ba4 FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level 2016-12-28 17:36:04 -05:00
Sam
2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Guo Xiang Tan
13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
8c6d8c85db Stop showing first notification prompt once user sees the notification. 2016-11-17 09:44:00 +08:00
Guo Xiang Tan
98c1e0832c FIX: Track first notification read using Redis. 2016-11-16 16:20:38 +08:00
Guo Xiang Tan
16fdcdfc00 FIX: Add conditions on when to show first pm notification. 2016-11-16 14:17:47 +08:00
Leo McArdle
784366f1a0 FIX: display only 1 trust level badge on user card
refactoring graciously provided by @xfalcox
2016-11-14 20:53:24 +00:00
Arpit Jalan
9e69798285 FEATURE: watch first post default site setting 2016-11-10 00:09:52 +05:30
Guo Xiang Tan
b18439a1e2 Fix build. 2016-11-08 17:00:44 +08:00
Guo Xiang Tan
a8b7599d4a FEATURE: Add a radial ping when user's first notification has not been read. 2016-11-08 16:23:12 +08:00
cpradio
6f1c31d777 Add notification level user preference when replying to a topic 2016-09-30 14:58:07 -04:00
Erick Guan
c463cf63d4 FEATURE: Webhook for user creation and approval 2016-09-19 10:12:55 +08:00
Robin Ward
9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
Guo Xiang Tan
90a0327fd2 FIX: Check against reserved usernames should be case insensitive. 2016-08-31 21:53:41 +08:00
Robin Ward
2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
cpradio
64bdededd3 Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. (#4333) 2016-07-18 09:02:41 +02:00
Sam Saffron
46b34e3c62 FEATURE: remove user option for edit history public
Users can no longer opt-in for "public" edit history
if site owner disables it.

This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Guo Xiang Tan
e4a82cdd85 Merge pull request #4306 from tgxworld/add_discourse_event_trigger_when_user_logs_out
FEATURE: Add event trigger when a user is logged out.
2016-07-05 19:50:46 +08:00
Régis Hanol
59680af329 disable email white/blacklisting for staged users 2016-07-04 16:05:01 +02:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Neil Lalonde
487c20959c FEATURE: max topics/replies per day for new users now starts counting from the first post, not signup date 2016-06-20 16:55:11 -04:00
Régis Hanol
470da6205c FIX: staged users should not watch/track/mute categories by default 2016-06-14 16:45:47 +02:00
Guo Xiang Tan
cb5be1fe8f
Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
James Kiesel
feffe23cc5 FEATURE: More granular mailing list mode (#4068)
* Rearrange frontend to account for mailing list mode

* Allow update of user preference for mailing list frequency

* Add mailing list frequency estimate

* Simplify frequency estimate; disable activity summary for mailing list mode

* Remove combined updates

* Add specs for enqueue mailing list mode job

* Write mailing list method for mailer

* Fix linting error

* Account for stale topics

* Add translations for default mailing list setting

* One query for mailing list topics

* Fix failing spec

* WIP

* Flesh out html template

* First pass at text-based mailing list summary

* Add user avatar

* Properly format posts for mailing list

* Move make_all_links_absolute into Email::Styles

* Apply first_seen_at to user

* Send mailing list email summary hourly based on first_seen_at

* Branch and test cleanup

* Use existing mailing list mode estimate

* Fix failing specs
2016-05-21 15:17:54 +02:00
Arpit Jalan
74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam
a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Robin Ward
1006b1ba94 Various Plugin Enhancements and Extension Points 2016-03-11 15:53:37 -05:00
Neil Lalonde
c1aea91d63 FEATURE: More digest email frequency options. Digests can be sent as often as every 30 minutes. 2016-03-02 15:43:47 -05:00
Sam
f0e942f647 PERF: move 3 more option columns out of the user table 2016-02-18 16:57:22 +11:00
Sam
3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Andy Waite
3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Sam
88f1a8f0b1 Merge pull request #3821 from mpalmer/letter-avatar-proxy
Proxy letter avatars by default
2015-11-19 20:02:16 +11:00
Régis Hanol
92ba6125c4 FEATURE: new 'automatically_unpin_topics' user preference 2015-11-17 18:21:40 +01:00
Sam Saffron
6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Matt Palmer
c09f345cff Proxy letter avatars by default
On sites that don't otherwise configure an avatar fallback, Discourse will
now tell the client to get its letter avatars from a location which nginx
proxies to the centralised `avatars.discourse.org` service.  This alleviates
privacy concerns, whilst still providing some degree of performance benefit
(no need for every site to delay avatar response by 300ms for image
rendering).

It is still possible to gain the benefits of global image caching and the
lower latency of requesting directly from a CDN, by explicitly changing the
`external_system_avatars_url` site setting to
`https://avatars.discourse.org/letter/{first_letter}/{color}/{size}.png`.
2015-11-06 14:13:44 +11:00
Arpit Jalan
a439500bac FIX: do not mark post as spam if the previous flag was disagreed 2015-10-17 01:30:53 +05:30
Arpit Jalan
b60bceba36 fix the build 2015-10-14 19:20:30 +05:30
Régis Hanol
fe656fb04d FIX: select appropriate period when redirecting to top 2015-09-21 20:28:20 +02:00
Sam
83efde79f0 specs to account for new default letter avatar location 2015-09-15 13:25:15 +10:00
Sam
262f561a87 FEATURE: relax username rules to allow - and . and leading _
This relaxes our very strict username rules to allow for some long asked for requests

- leading _ is now allowed
- . is allowed except for trailing char and confusing extensions like .gif .json
- dash (-) is now permitted
2015-09-02 12:13:44 +10:00
Régis Hanol
bef80633b1 FEATURE: global admin override of most of the user preferences 2015-08-21 20:39:21 +02:00
Neil Lalonde
782dd13e78 FEATURE: track user visits on mobile and display on admin dashboard in a new Mobile section 2015-07-07 14:06:42 -04:00
Sam Saffron
feeb509a97 SECURITY: expire all existing email tokens on password reset 2015-06-06 03:50:06 +10:00
Sam Saffron
4171eb758c SECURITY: expire all existing sessions if user changes passwords 2015-06-06 03:09:19 +10:00
Régis Hanol
acafa491b2 user avatar urls/templates refactor 2015-05-29 18:51:17 +02:00
Arpit Jalan
220b9c5abe FIX: match subdomain with email domain blacklist 2015-05-13 21:02:02 +05:30
Neil Lalonde
963ebf5963 FIX: if approving a user when must_approve_users is false, don't send an email 2015-05-04 15:30:25 -04:00
Robin Ward
151b559e4c FIX: If you delete a user, delete their queued posts as well. 2015-04-24 16:04:44 -04:00
Régis Hanol
a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Sam Saffron
296add56e6 correct letter avatar template 2015-04-20 13:07:12 +10:00
Sam
5aa1272f05 clean up first day user definition and object model 2015-03-26 16:48:36 +11:00
Sam
9834d11503 Staff and TL2 up are immune to newuser checks and not considered new users 2015-03-26 16:04:46 +11:00
Régis Hanol
6cd4330335 FIX: show all deleted posts 2015-03-11 18:07:47 +01:00
Neil Lalonde
608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Régis Hanol
e74b9ee5da FIX: should not count disagreed flags 2015-02-19 18:11:07 +01:00
Robin Ward
3ce2077aa8 Migrate unsubscribe keys to the database.
This should reduce a lot of the keys in redis.
2015-02-13 14:24:15 -05:00
Arpit Jalan
6c410ed093 FIX: strip whitespaces from user email 2015-01-30 01:44:24 +05:30
Arpit Jalan
58f46137d6 FIX: allow developer emails to bypass email blacklist/whitelist restriction 2015-01-30 00:10:03 +05:30
Régis Hanol
256519dddf FEATURE: automatic group membership based on email address 2015-01-23 18:25:43 +01:00
Jason W. May
a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Luciano Sousa
b3d769ff4f Update rspec syntax to v3
update rspec syntax to v3

change syntax to rspec v3

oops. fix typo

mailers classes with rspec3 syntax

helpers with rspec3 syntax

jobs with rspec3 syntax

serializers with rspec3 syntax

views with rspec3 syntax

support to rspec3 syntax

category spec with rspec3 syntax
2015-01-05 11:59:30 -03:00
Erick Guan
97b3914b70 FIX: use utc time when generate reports; set boundary 2014-12-30 22:43:03 +08:00
Régis Hanol
521226f4c9 FIX: registration fails with timeout on gravatar 2014-12-15 22:10:27 +01:00
Jeff Atwood
ea269ccfb2 rename purge_inactive to purge_unactivated 2014-12-02 21:36:25 -08:00
Jason W. May
bdc7947cd6 rspec expect...to deprecations 2014-10-31 10:44:26 -07:00
Régis Hanol
ada750b384 fixed some more deprecations. 20 to go 2014-10-29 16:06:50 +01:00
Régis Hanol
de76b512c1 fix most deprecations in the specs (still some left) 2014-09-25 17:44:48 +02:00
Sam
c248d28c38 FEATURE: display associated accounts in admin user 2014-09-25 16:15:01 +10:00
riking
2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Robin Ward
3c6673aceb Purge inactive accounts that are older than 7 days 2014-08-13 14:13:41 -04:00
Robin Ward
9a1580244a FIX: Don't show profile pages for inactive users and don't show them in
search results.
2014-08-13 13:30:25 -04:00
Neil Lalonde
939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Andrew Bezzub
9ffd173873 move bio to UserProfile from User 2014-06-13 14:55:32 -04:00
Sam
fa6f22dd39 Move letter avatars out of upload system
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
Sam
d9f51961c4 BUGFIX: pick gravatar if it was just downloaded
BUGFIX: don't go rebaking unless all avatars are downloaded
2014-05-28 16:54:21 +10:00
Sam
1e28668e9f missed one spot where route changed 2014-05-28 01:09:01 +10:00
Sam
504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Sam
8f445e835b FIX broken spec 2014-05-22 09:08:09 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol
c21d3f41d0 BUGFIX: only redirect new users to top page once
Actually, new users will still be redirected to the top page during the first 30 seconds of their first visit.
2014-05-05 19:00:40 +02:00
Robin Ward
359d59242e If a new user receives a mention, quote or response to their post, allow
them to continue posting in a topic.
2014-04-29 12:59:14 -04:00
Régis Hanol
f8d9fb7bdc Revert "Merge pull request #2284 from jaimeiniesta/patch-1"
This reverts commit a6b88d1e7e, reversing
changes made to 9bee0b6e2d.
2014-04-25 11:40:38 +02:00
Sam
a6b88d1e7e Merge pull request #2284 from jaimeiniesta/patch-1
escape gravatar URLs to comply with W3C standards
2014-04-24 12:56:16 +10:00
Sam
a3b2b4baca FEATURE: custom fields on User 2014-04-22 13:52:13 +10:00
Jaime Iniesta
2c3a10aa5b fixes user specs about ampersands in gravatar URLs 2014-04-21 10:52:58 +02:00
Régis Hanol
ef24a4c71c FEATURE: add redirect_users_to_top_page site setting (default to true) 2014-03-31 21:53:38 +02:00
Sam
90139efc6f Fix spec, remove pointless have_many etc preamble 2014-03-17 12:47:47 +11:00
Vikhyat Korrapati
9b26c8584e Initial badge system implementation. 2014-03-14 21:49:26 +05:30
Régis Hanol
8214536614 BUGFIX: don't show redirect reason if you aren't redirected
Move the redirect to top page logic server-side and make sure the reason
is not shown when top is not in the navigation menu (top_menu).
2014-03-07 18:58:53 +01:00
Stephen Birarda
4a2dab9c5e allow for custom min_username_length
change constant in user to be global range and not default
2014-03-04 16:37:05 -08:00
Erik Ordway
557d1886bb remove what little CAS testing there was. 2014-02-11 17:53:20 -08:00
Robin Ward
b61df08d1b FEATURE: Admin selector to choose a primary group for a user, display it
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Neil Lalonde
7cc5da08fe Track how many posts a user reads each day in user_visits 2014-01-27 11:20:19 -05:00
Neil Lalonde
4f6b208e8d Posts by trust level 3 users do not have nofollow on their external links. 2014-01-15 11:40:51 -05:00
Régis Hanol
e732aa8a86 BUGFIX: we should not store absolute urls for locally uploaded avatar templates
Highly recommended to run: `RAILS_ENV=production bundle exec rake avatars:regenerate` to fix the avatar templates stored in the database.
2014-01-07 17:45:06 +01:00
Robin Ward
f145060315 Don't employ the "too many replies" if the user is staff, or if they created the topic.
See: http://meta.discourse.org/t/what-is-the-point-of-limiting-new-users-to-three-replies-per-topic/11696
2014-01-02 12:57:40 -05:00
Régis Hanol
82b78ec6ba schemaless avatar urls 2013-11-22 19:18:45 +01:00
Régis Hanol
3cf5a363f7 do not destroy uploads when destroying a user 2013-11-22 18:29:07 +01:00
railsaholic
34bba737ff Refactor SessionController#create, reduce complexity.
Don't compromise readablity
2013-11-15 22:09:03 +05:30