Commit Graph

608 Commits

Author SHA1 Message Date
Guo Xiang Tan
b16471edfb FIX: Invalid token error incorrectly displayed on email login page. 2018-02-21 15:46:53 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Arpit Jalan
79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam
d9788a5fb3 missed a spec 2018-01-15 14:51:04 +11:00
Sam
49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Arpit Jalan
9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Guo Xiang Tan
647cf7545d Fix randomly failing spec. 2018-01-03 14:42:16 +08:00
Robin Ward
69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Arpit Jalan
eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Guo Xiang Tan
97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam
5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam
96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Arpit Jalan
492af81e67 FIX: save registration_ip_address for staged users logging in via social auth 2017-12-12 17:41:16 +05:30
Robin Ward
410994b7f5 FEATURE: Show a button to Staff for "Moderation History" on posts/topics
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
Vinoth Kannan
6e054b2572 FEATURE: Convert HTML to Markdown while pasting in composer 2017-12-05 12:23:39 -05:00
Vinoth Kannan
7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Guo Xiang Tan
1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Sam
d5e7691ae9 favicon proxy now uses hijack 2017-11-27 14:51:14 +11:00
Guo Xiang Tan
5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Guo Xiang Tan
82222e8d18 Improve specs to test for the right response status. 2017-11-24 09:32:44 +08:00
Robin Ward
628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Régis Hanol
2d48caffdf FIX: be more lenient when deleting a custom emoji 2017-11-20 23:50:23 +01:00
Gerhard Schlager
41673c322c dear Rubocop, don't be so pedantic ;-) 2017-11-19 12:45:33 +01:00
Gerhard Schlager
92a831bae6 FEATURE: user directory returns staged users during search 2017-11-19 01:17:31 +01:00
Arpit Jalan
3831663fea FEATURE: search logs page (#5313) 2017-11-15 11:13:50 +11:00
Robin Ward
9ebb1412d3 FIX: Brittle, order dependent spec 2017-11-04 09:30:17 -04:00
Guo Xiang Tan
d320f4840d FIX: Unable to invite groups that are not public visible into pms.
https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6
2017-11-03 21:40:33 +08:00
Guo Xiang Tan
ab2a5cef38 FIX: Can't edit membership request template on group page. 2017-11-02 08:51:43 +08:00
Arpit Jalan
9586f0bdc9 fix the build - take 2 2017-10-20 21:34:56 +05:30
Guo Xiang Tan
a6f2533d38 SECURITY: Fix XSS on unsubscribed page. 2017-10-09 09:04:46 +08:00
Guo Xiang Tan
6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan
190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Guo Xiang Tan
3efde2618d UX: Do not display non-human users on group page.
https://meta.discourse.org/t/members-of-groups-staff/71437
2017-10-06 10:35:40 +08:00
Neil Lalonde
beca02c046 FIX: moderators couldn't see flagged topics list 2017-10-05 14:12:07 -04:00
Neil Lalonde
c29334cf23 FEATURE: the hide_email_address_taken setting works with the change email address form in user preferences 2017-10-04 11:41:25 -04:00
Régis Hanol
fafe7cc661 remove trailing whitespaces 2017-10-03 13:02:04 +02:00
Régis Hanol
daf1dda700 FIX: username autocomplete in assign modal wasn't working 2017-10-03 12:49:45 +02:00
Gerhard Schlager
5bb326a452 Add specs for EmailTemplatesController 2017-10-02 14:53:27 +02:00
Guo Xiang Tan
8140e54675 FIX: More fixes for Group#mentionable and Group#messageable feature. 2017-10-02 17:45:58 +08:00
Guo Xiang Tan
c872225762 Improve MessageBus.track_publish to allow filter by channel. 2017-10-02 11:34:57 +08:00
Guo Xiang Tan
4e07bbfbbf FIX: Only allow intergers for page params. 2017-10-02 10:45:54 +08:00
Guo Xiang Tan
4319d8a142 FIX: Missing template error when rendering topics#show error message. 2017-09-28 11:06:44 +08:00
Robin Ward
d7c37d9369 Add front end service for staff controls 2017-09-25 12:25:14 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Leo McArdle
104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Guo Xiang Tan
5c1143cd55 Add missing test case for PostController#timings. 2017-09-04 16:36:02 +08:00
Bianca Nenciu
6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Guo Xiang Tan
41ca527d7a Fix Rubocop error. 2017-08-24 15:28:18 +09:00
Guo Xiang Tan
8779490ce4 Move new controller specs to reqeusts folder. 2017-08-24 12:01:11 +09:00
Sam
a9c5d843f7 remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-11 10:50:48 +11:00
Sam
2843f1cf4b collapse some slow tests 2013-04-22 11:06:10 +10:00
Gosha Arinich
cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00