Guo Xiang Tan
8c2fa99f78
FIX: Remove :term
from admin/search_logs/term/:term
route.
...
Search log terms is a string that can contain characters like `/` which
messes with the route.
2019-03-29 09:48:20 +08:00
Robin Ward
b58867b6e9
FEATURE: New 'Reviewable' model to make reviewable items generic
...
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.
Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Bianca Nenciu
a9798f0c47
FEATURE: Add page for all group membership requests. ( #6909 )
2019-03-27 13:30:59 +02:00
Tarek Khalil
ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels ( #7248 )
...
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Gerhard Schlager
4f04ae5692
FIX: Failed to show details about some bounced emails
...
Bounces sent to reply_by_email_address could not be found.
2019-03-26 18:00:27 +01:00
Sam Saffron
40ac895ef7
SECURITY: properly validate return URL for SSO
...
Previously carefully crafted URLs could redirect off site
2019-03-25 09:02:42 +11:00
David Taylor
a9d5ffbe3d
FIX: Prevent critical emails bypassing disable, and improve email test logic
...
- The test_email job is removed, because it was always being run synchronously (not in sidekiq)
- 34b29f62
added a bypass for critical emails, to match the spec. This removes the bypass, and removes the spec.
- This adapts the specs for 72ffabf6
, so that they check for emails being sent
- This reimplements c2797921
, allowing test emails to be sent even when emails are disabled
2019-03-22 17:28:43 +08:00
David Taylor
3f9e7eb326
FIX: Respect the disable_emails=non-staff site setting correctly
...
This reverts commit c279792130
.
This commit inadvertently removed all of the non-staff email logic, rather than just for the 'test email' button.
https://meta.discourse.org/t/112231/5
2019-03-21 21:44:14 +00:00
Maja Komel
34730a0b16
UX: show if webhook is disabled ( #7217 )
...
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil
5852e86226
FEATURE: Only allow TL2 Users to ignore other users ( #7212 )
2019-03-20 15:02:33 +01:00
Leo McArdle
b084750953
FIX: don't redirect incorrectly after full screen login ( #7170 )
...
Fixes two issues:
1. Redirecting to an external origin's path after login did not work
2. User would be erroneously redirected to the external origin after logout
https://meta.discourse.org/t/109755
2019-03-19 12:39:13 +00:00
Gerhard Schlager
3fd04df781
FEATURE: Locale support for seeded categories and topics ( #7110 )
2019-03-18 21:09:13 +01:00
Penar Musaraj
2506acae80
FIX: Respect permalinks starting with "/category" ( #7171 )
2019-03-18 10:24:46 -04:00
Guo Xiang Tan
5e410dc5e0
FEATURE: Ability to exclude category from search results. ( #7194 )
...
This commit also adds `Category#search_priority` which sets the ground
work to enable prioritizing of posts for certain categories when searching.
2019-03-18 15:25:45 +08:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications ( #7143 )
...
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by
* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Bianca Nenciu
d352baa1a2
FEATURE: Enforce two-factor authentication. ( #6348 )
2019-03-15 13:09:37 +02:00
Penar Musaraj
d6d4a5ba4a
FEATURE: support custom icons in themes ( #7155 )
...
* First take
* Add support for sprites in themes
Automatically register any custom icons added via themes or plugins
* Fix theme sprite caching
* Simplify test
* Update lib/svg_sprite/svg_sprite.rb
Co-Authored-By: pmusaraj <pmusaraj@gmail.com>
* Fix /svg-sprite/search request
2019-03-15 17:16:15 +11:00
Robin Ward
fa5a158683
REFACTOR: Move queue_jobs
out of SiteSetting
...
It is not a setting, and only relevant in specs. The new API is:
```
Jobs.run_later! # jobs will be thrown on the queue
Jobs.run_immediately! # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Guo Xiang Tan
1c6a2262b3
FIX: StaticController#favicon
reads from disk when using local store. ( #7160 )
...
Since uploads site settings are now backed by an actual upload, we don't
have to reach over the network just to fetch the favicon. Instead, we
can just read the upload directly from disk.
2019-03-14 04:17:36 +08:00
Guo Xiang Tan
b0c8fdd7da
FIX: Properly support defaults for upload site settings.
2019-03-13 16:36:57 +08:00
Bianca Nenciu
e6c2faf186
FIX: Disable 'Create Topic' button if tag is staff-only. ( #6984 )
...
* FIX: Disable 'Create Topic' button if tag is staff-only.
* FIX: Staff-only tags should always return 404.
2019-03-12 19:23:36 +11:00
Bianca Nenciu
191e31dccf
FEATURE: Log user approvals. ( #7121 )
2019-03-12 19:16:56 +11:00
Robin Ward
d1d9a4f128
Add new run_jobs_synchronously!
helper for tests
...
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.
I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
venarius
411ddbeef0
FIX: Added test for has_more
2019-03-11 12:56:15 -04:00
Joffrey JAFFEUX
7ae1afa7d9
FIX: ensures tag-groups are used to allow category edit on topics ( #7141 )
2019-03-11 15:02:27 +01:00
David Taylor
fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator ( #7120 )
...
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Gerhard Schlager
4000978452
FIX: Failed to save email template with pluralized subject
2019-03-06 16:51:04 +01:00
Arpit Jalan
05ebb52ec4
FEATURE: defer flags when deleting child replies ( #7111 )
2019-03-06 14:32:25 +05:30
Tim Lange
83f4c4a3f2
FIX: Fixed editing whispers bumps topic ( #7106 )
2019-03-05 18:02:20 +01:00
Arpit Jalan
ad5f5b931d
DEV: deprecate blank files for static modal pages
2019-03-04 15:05:33 +05:30
Arpit Jalan
01e2180548
FIX: /signup and /password-reset direct links were broken
2019-03-04 09:02:22 +05:30
Joffrey JAFFEUX
1cd64f68f1
FIX: staff/admin shouldn’t be able to create uncategorized topics ( #7077 )
2019-02-28 15:51:13 +01:00
Tarek Khalil
986cc8a0fb
FEATURE: Introduce Ignore user ( #7072 )
2019-02-27 14:49:07 +01:00
Maja Komel
6f427589b2
FIX: make it possible to use backup code everywhere where 2FA required ( #7010 )
2019-02-27 10:37:33 +01:00
Davide Porrovecchio
75aaae5d5c
FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting ( #6779 )
2019-02-26 17:03:20 +01:00
Joffrey JAFFEUX
7ccb0b882f
FIX: ensures topic’s category allows topics tags ( #7060 )
2019-02-26 11:21:55 +01:00
Gerhard Schlager
dc961fecb9
FIX: Outgoing emails were not disabled after restoring backup
2019-02-25 16:07:24 +01:00
Vinoth Kannan
d1bad881ea
FEATURE: Allow moderators to change topic timestamps ( #7053 )
2019-02-22 14:33:52 +05:30
Sam
667d3a3fd6
PERF: include content-length header for CDN
...
Attempt to force NGINX to include content length when doing X-SendFile
This does not seem to be required when bypassing NGINX.
Without this header some CDNs may have issues caching
2019-02-22 11:21:07 +11:00
Sam
31d41f532e
PERF: do not include suggested topics when loading new posts
...
When a new post is triggered via message bus post stream will attempt to load
it, previously the `/topic/TOPIC_ID/posts.json` would unconditionally include
suggested topics, this caused excessive load on the server.
New pattern defaults to exclude suggested and related topics from this API
unless people explicitly ask for suggested.
2019-02-22 10:37:18 +11:00
Guo Xiang Tan
72d14a11ab
DEV: Properly flush DistributedMemoizer
in spec.
...
- $redis.flushall may hide state leak from other tests.
2019-02-21 15:17:37 +08:00
Guo Xiang Tan
58b0e945bd
UX: Lightbox support for image uploader. ( #7034 )
2019-02-21 10:13:37 +08:00
Sam
33269c4172
FEATURE: do no search for groups unless a term is specified
...
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.
Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
David Taylor
f04471e422
REFACTOR: Proxy letter avatars in rails instead of nginx
...
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.
NGINX config has been updated to add caching. This change will require
a container rebuild.
The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Sam
f52378ca5f
Make rubocop happy
...
oops I forgot a newline
2019-02-14 18:06:06 +11:00
Sam
ebd4140492
FIX: logspam due to 404s on CSS files
...
We had a missing formats: string on our render partial that caused logs to
spam when CSS files got 404s.
Due to magic discourse_public_exceptions.rb was actually returning the
correct 404 cause it switched format when rendering the error.
2019-02-14 17:58:16 +11:00
Dan Ungureanu
90ce448675
PERF: Cache build_not_found_page
2019-02-12 21:20:33 +11:00
Robin Ward
bc3efab816
FIX: When disagreeing with a flag that silenced a user, unsilence them
...
Previously it would unhide their post but leave them silenced.
This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)
This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
Arpit Jalan
ab2c2ea605
FIX: validate Invite email against EmailValidator.email_regex
( #6975 )
2019-02-06 22:38:06 +05:30
David Taylor
f3cfce4a93
FEATURE: Calculate sprite-sheet based on currently active themes ( #6973 )
...
Previously there was only one sprite sheet, which always included icons from all themes even if they were disabled
2019-02-06 15:51:23 +00:00
Arpit Jalan
381793243e
FIX: include error message if the "accept invite" process fails
2019-02-06 19:20:25 +05:30
Vinoth Kannan
e7821a63e7
FIX: Users should able check the emails for self
2019-02-05 23:31:19 +05:30
David Taylor
7b7bc3db39
FIX: Rescue and display import errors when updating theme via git
2019-02-05 13:49:16 +00:00
Régis Hanol
1021a42b22
FIX: new mailgun webhooks
2019-01-31 17:52:33 +01:00
David Taylor
d8bd3c32ca
DEV: Allow theme CLI to specify which theme to synchronize ( #6963 )
...
Currently the theme is matched by name, which can be fragile when there are many themes with the same name. This functionality will be used by the next version of theme CLI.
2019-01-30 14:17:04 +00:00
Guo Xiang Tan
60c1cd9f81
FIX: Return 400 when username params is invalid.
2019-01-30 16:06:55 +08:00
Robin Ward
6f656f6e7d
FIX: Better error handling if a file cannot be sent
...
If for some reason `Discourse.store.path_for` returns `nil`, the
forum would throw an error rather than returning 404.
Why would it be `nil`? One cause could be changing the type of
file store and having the `url` field no longer be relative.
2019-01-29 16:47:25 -05:00
Blake Erickson
de47b35b2d
FIX: user_id handling on remove user from group
...
Under some conditions it was possible to pass in a user_id as an
integer, but we would try and parse it as a comma delimited string
resulting in an error. This has been fixed so that we are no longer
mapping the user_id param to user_ids.
2019-01-24 17:40:48 -07:00
David Taylor
afd449089f
FEATURE: Import and export themes in a .tar.gz format ( #6916 )
2019-01-23 14:40:21 +00:00
Guo Xiang Tan
4dee7ed6d9
DEV: Fix randomlly failing spec.
2019-01-22 15:19:31 +08:00
Guo Xiang Tan
f89a32e759
FIX: Text logo does not show up on non ember pages.
2019-01-18 15:11:42 +08:00
David Taylor
880311dd4d
FEATURE: Support for localized themes ( #6848 )
...
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.
- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).
- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.
- Theme developers should access defined translations using the new theme prefix variables:
JavaScript: `I18n.t(themePrefix("my_translation_key"))`
Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`
- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript
- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Guo Xiang Tan
ebe65577ed
FEATURE: Consolidate likes notifications. ( #6879 )
2019-01-16 10:40:16 +08:00
Saurabh Patel
99856478d6
FIX: use discourse route_for function to check url route
...
it takes care if there is a relative url root
2019-01-11 14:58:45 +08:00
Guo Xiang Tan
d10694150e
Revert "FIX: Partial reply key search in email sent logs."
...
This reverts commit e9b2018bc8
.
2019-01-10 10:05:56 +08:00
Saurabh Patel
b63b399799
DEV: remove uploaded_meta_id column from category ( #6725 )
...
* DEV: remove uploaded_meta_id column from category
* remove uploaded_meta part
2019-01-10 09:37:21 +08:00
Guo Xiang Tan
e9b2018bc8
FIX: Partial reply key search in email sent logs.
...
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Sam
f947e3c6cc
FIX: always serve new avatar for previous version
...
Previously we killed caching on old avatars cause we kept serving blank
this meant we would front many more avatar requests after a version change
This change ensures all old avatars do not cause a flood of requests on the
server
2019-01-08 19:51:33 +11:00
Arpit Jalan
05c015d252
DEV: add a spec for "accept invite" log_on_user behaviour
2019-01-08 12:41:21 +05:30
Arpit Jalan
e0bc82657b
FIX: better accept invite flow when user is invited via a link
2019-01-07 14:22:08 +05:30
cfitz
19d7545318
FEATURE: Make auth_redirect param options on user_api_keys
...
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation ( which can be copied
pasted into an env for a CLI, for example )
Also: Show instructions when creating user-api-key w/out redirect
This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Vinoth Kannan
385829d7be
FEATURE: Display error message when category restriction is applied for tags
2019-01-04 00:29:13 +05:30
Gerhard Schlager
b089ac1537
FIX: Posting without bump raised an error for TL4
2019-01-03 14:14:02 +01:00
Guo Xiang Tan
c666ef556d
Fix the build.
...
Ref 570877da3c
2019-01-03 15:34:39 +08:00
Arpit Jalan
bea7a8a4d1
FIX: show accurate error message based on invite token validity
2019-01-03 07:46:05 +05:30
Gerhard Schlager
c30996129f
FEATURE: Allow TL4 users to reset bump date
2019-01-02 16:57:05 +01:00
Arpit Jalan
70fdc10365
FEATURE: move posts to new/existing PM ( #6802 )
2018-12-31 17:17:22 +05:30
Vinoth Kannan
2b006c0429
FEATURE: Invalidate broken images cache on Rebuild HTML action
2018-12-26 23:22:07 +05:30
Vinoth Kannan
e7e4074856
FIX: raises an error if q param is empty in search page
2018-12-20 21:43:14 +05:30
Maja Komel
2fcbbead45
FIX: move sso provider into its own class so it doesn't interfere with sso client ( #6767 )
2018-12-19 10:22:10 +01:00
Neil Lalonde
6774b64aef
FEATURE: add /conduct as an alias for /guidelines
2018-12-18 16:40:24 -05:00
Rishabh
c279792130
FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff ( #6792 )
2018-12-18 16:12:05 +01:00
Vinoth Kannan
a313b01148
DEV: raise error if search term length is less than required
2018-12-18 20:06:59 +05:30
Vinoth Kannan
341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column ( #6791 )
2018-12-18 19:13:46 +05:30
Bianca Nenciu
1023003eba
FIX: Strip remote url before import. ( #6762 )
2018-12-17 15:27:49 +01:00
Guo Xiang Tan
e9ea0102a5
FIX: Consistency about our response for invalid user id in Admin::UsersController
.
2018-12-15 08:01:35 +08:00
Maja Komel
9f89aadd33
FIX: delete all posts in batches without hijack ( #6747 )
2018-12-14 11:04:18 +01:00
Maja Komel
dbbadb5c35
FEATURE: add short_site_description setting to be included in title tag on homepage
2018-12-12 11:46:58 +01:00
David Taylor
0f734e2ae2
FIX: Return authenticated=true when reconnecting
...
This prevents a registration popup on the client
2018-12-11 17:40:02 +00:00
Gerhard Schlager
688755baf2
DEV: Improve specs and handle invalid email token
...
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor
c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled ( #6754 )
...
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.
Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
Gerhard Schlager
7977b09025
FEATURE: Activate users invited via email when invite is redeemed
...
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator ( #6739 )
...
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Saurabh Patel
9e3143445b
DEV:add uploaded_meta option in category for category meta image ( #6724 )
2018-12-07 16:24:07 +01:00
David Taylor
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature ( #6738 )
2018-12-07 15:01:44 +00:00
Bianca Nenciu
b585f7f336
DEV: Apply code review.
2018-12-05 21:56:18 +01:00
Bianca Nenciu
1a4f592749
FIX: Always allow admins upload selectable avatars.
2018-12-05 21:55:23 +01:00
Guo Xiang Tan
978f0db109
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-05 16:43:07 +01:00
Régis Hanol
3c9c95ac83
Update Rubocop to 0.60
2018-12-04 10:48:16 +01:00
David Taylor
9248ad1905
DEV: Enable Style/SingleLineMethods
and Style/Semicolon
in Rubocop ( #6717 )
2018-12-04 11:48:13 +08:00
Sam
f555582eb2
DEV: add extra diagnostics for intermittent test fail
2018-12-03 11:46:31 +11:00
Sam
c6adf7f032
DEV: correct heisentest
...
After you visit a page in Rails an INFO is logged, this depending on
timing could land in the string or not
This changes the level to WARN which avoids the issue
2018-11-30 15:03:41 +11:00
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies ( #6702 )
2018-11-29 22:44:18 +05:30
Maja Komel
4a8f21d387
FIX: prevent minimum_required_tags on category being set to null ( #6703 )
...
* FIX: prevent minimum_required_tags on category being set to null
* add migration for NOT_NULL constraint for minimum_required_tags
* add specs
2018-11-29 18:10:14 +01:00
Saurabh Patel
55945ec7c8
FIX: throw error when link in reason for grant badge is an external link ( #6690 )
2018-11-28 18:01:41 +01:00
Gerhard Schlager
e7b76b319a
FEATURE: Setting for short title used by Android on homescreen
2018-11-28 14:59:30 +01:00
Arpit Jalan
654d7996ae
FIX: title was repeating on about page
2018-11-28 08:06:14 +05:30
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) ( #6673 )
...
* Add missing icons to set
* Revert FA5 revert
This reverts commit 42572ff
* use new SVG syntax in locales
* Noscript page changes (remove login button, center "powered by" footer text)
* Cast wider net for SVG icons in settings
- include any _icon setting for SVG registry (offers better support for plugin settings)
- let themes store multiple pipe-delimited icons in a setting
- also replaces broken onebox image icon with SVG reference in cooked post processor
* interpolate icons in locales
* Fix composer whisper icon alignment
* Add support for stacked icons
* SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
* load SVG sprite with pre-initializers
* FIX: enable caching on SVG sprites
* PERF: use JSONP for SVG sprites so they are served from CDN
This avoids needing to deal with CORS for loading of the SVG
Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is
* Add missing SVG sprite JSONP script to CSP
* Upgrade to FA 5.5.0
* Add support for all FA4.7 icons
- adds complete frontend and backend for renamed FA4.7 icons
- improves performance of SvgSprite.bundle and SvgSprite.all_icons
* Fix group avatar flair preview
- adds an endpoint at /svg-sprites/search/:keyword
- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset
* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Arpit Jalan
0ee822c550
remove unneeded variable assignment
2018-11-25 23:36:34 +05:30
Arpit Jalan
b5bf182ad5
FIX: validate topic deletion when acting on a flag
2018-11-25 23:24:03 +05:30
David Taylor
a3ed570124
FIX: Fix routes ending in :username
for usernames containing periods ( #6660 )
2018-11-23 17:41:41 +00:00
Bianca Nenciu
c38f7b240b
DEV: Fix build.
2018-11-23 17:34:50 +02:00
David Taylor
f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' ( #6649 )
2018-11-22 19:12:04 +00:00
Kyle Zhao
8e32aa1483
FEATURE: show post approvals in Moderation History ( #6643 )
2018-11-22 10:22:23 +08:00
Arpit Jalan
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
Sam
20268385a5
FIX: never attempt to log invalid post numbers
...
Previously in some cases we would queue logging of invalid post numbers
The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src
( #6611 )
2018-11-15 12:14:16 -05:00
Sam
8e55e61a2e
Correct spec
2018-11-15 15:42:16 +11:00
Sam
e7001f879a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Sam
6556a87629
FIX: only check for conflict on edit drafts
...
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Leo McArdle
7bc121a065
allow CSP reports to be sent when header isn't set by Discourse ( #6594 )
2018-11-14 16:23:29 -05:00
Régis Hanol
c78dcde973
FIX: only send originalText when we need to
2018-11-14 17:47:59 +01:00
David Taylor
d003ae45f9
DEV: Correct typo in users_controller_spec
2018-11-14 14:30:44 +00:00
Bianca Nenciu
34e4d82f1a
FEATURE: Report edit conflicts when saving draft. ( #6585 )
2018-11-14 12:56:25 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
Robin Ward
467be59d75
FEATURE: Allow expanded posts to return user custom fields
2018-11-13 12:44:54 -05:00
Guo Xiang Tan
d5df1db3c4
DEV: Improve tests to provide better errors when it fails.
2018-11-13 16:48:04 +08:00
Sam
80ceb57c76
DEV: add API endpoint to destroy_timings only of last post
...
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Kyle Zhao
3493ea85cc
remove Logster from CSP whitelist ( #6593 )
...
Logster 1.3 no longer has inline JS and is now CSP compliant
2018-11-13 09:55:57 +11:00
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags ( #6587 )
...
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Sam
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
e6b3310577
FIX: never redirect back to /sso
it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Sam
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Robin Ward
ec91450aae
FEATURE: Track how many user flags are agreed/disagreed/ignored
...
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Régis Hanol
addf6f6d17
FIX: support comma in 'sso_provider_secrets' site setting
2018-10-24 21:23:18 +02:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b45
, which fixes the duplicate tags problem.
The fix introduced by 5685b45
is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Blake Erickson
f1ba981ae9
Improve add user to group spec for uppercase usernames
...
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
Arpit Jalan
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
Kyle Zhao
99d1ded3b3
rename route /javascripts
to /theme-javascripts
( #6495 )
2018-10-15 11:32:52 -04:00
Maja Komel
c104256991
FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility
2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
Maja Komel
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
Guo Xiang Tan
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
.
2018-10-15 09:43:31 +08:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Guo Xiang Tan
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
.
We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
Robin Ward
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Gerhard Schlager
2f90c15d7a
Fix random build error
2018-10-09 01:03:05 +02:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site ( #6462 )
2018-10-08 11:52:57 +02:00
Sam
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
Kyle Zhao
819f090d6a
move large blobs out of <head>
( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list ( #6418 )
2018-09-21 09:07:13 +08:00
Sam
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Vinoth Kannan
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
Guo Xiang Tan
f2fbf1fdb0
DEV: Basic specs for TagGroupsController
.
2018-09-18 08:22:03 +08:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
Kyle Zhao
6659417807
FEATURE: match user title when primary group changes
...
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
pmusaraj
7f05af5995
cleanup
2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec
better test name
2018-09-12 11:09:30 -04:00
pmusaraj
11fd18b254
code-styling fixes
2018-09-12 11:06:30 -04:00
pmusaraj
3a00c2adeb
add test to ensure that userA cannot see drafts stream of userB
2018-09-12 10:13:20 -04:00
Sam
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Robin Ward
3bb4f4c5ef
Adds test to make sure moderators can't make master keys
...
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
Neil Lalonde
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
26082688d1
FIX: Zero is a valid value for the page parameter
2018-09-05 20:43:05 +02:00
Vinoth Kannan
d9be4f47e8
SPEC: redirect to original URL after social signup
2018-09-05 03:24:50 +05:30
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Sam
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Bianca Nenciu
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
Sam
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Blake Erickson
c6f339a0b5
format json better with spaces in my test
2018-08-30 14:39:40 -06:00
Blake Erickson
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
David Taylor
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
Bianca Nenciu
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
Neil Lalonde
ebe7835316
FIX: links in rss feeds are sometimes wrong on subfolder installs
2018-08-27 18:05:15 -04:00
Raul Tambre
2271918be2
FEATURE: Use S3 dualstack endpoints
...
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
Osama Sayegh
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
Sam
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Osama Sayegh
2711f173dc
FIX: don't allow inviting more than max_allowed_message_recipients
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
James Kiesel
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
Gerhard Schlager
17dc8f2490
UX: Wizard resends activation email when user exists
2018-08-21 19:13:41 +02:00
Sam
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
Guo Xiang Tan
b4f92a05b3
FIX: Load more on groups page does not account for params.
...
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
Sam
f5fe58384f
correct regression around file renaming
2018-08-20 16:08:05 +10:00
Sam
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
Sam
d7b1919ead
correct specs
2018-08-20 12:46:14 +10:00
Guo Xiang Tan
a9e502936f
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 13:09:48 +08:00
Sam
f62073a22a
correct regression uploading images
2018-08-16 18:49:08 +10:00
Gerhard Schlager
937ab3f213
FIX: Validation of min_posts and max_posts didn't work
2018-08-16 10:36:53 +02:00
Sam
796164b58c
FIX: automatically correct bad avatars on access
...
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Sam
38c10a3dc2
correct the validator
2018-08-15 14:56:24 +10:00
Misaka 0x4e21
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Sam
06f82a7d72
correct exception handling, always do to_i in array
2018-08-15 11:31:42 +10:00
Sam
bc47148d35
add validation to exclude_category_ids
2018-08-15 09:53:28 +10:00
Régis Hanol
12bab65167
FIX: going from /categories to /latest on mobile might break infinite scrolling
2018-08-15 01:22:03 +02:00
Gerhard Schlager
ba0e322fd0
FIX: Validation of topic params broke discourse-assign
2018-08-14 18:45:46 +02:00
Sam
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
Guo Xiang Tan
d10c9d7d75
FIX: Missing extensions for non-image uploads due to 2b57239389
.
2018-08-13 10:58:55 +08:00
Gerhard Schlager
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
Gerhard Schlager
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
Neil Lalonde
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
Sam
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Guo Xiang Tan
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
Sam
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
David Taylor
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Penar Musaraj
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Guo Xiang Tan
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
Neil Lalonde
1708ff1808
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:38:08 -04:00
David Taylor
f38942d121
FIX: Destroy session between omniauth callbacks controller tests
2018-07-25 16:33:42 +01:00
Gerhard Schlager
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
Guo Xiang Tan
fad9c2b971
PERF: Move EmailLog#reply_key
into new post_reply_keys
table.
2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
Neil Lalonde
f4b5eccad3
FIX: categories page crawler view had incorrect URLs
2018-07-23 14:54:41 -04:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joffrey JAFFEUX
a2281fbb19
FEATURE: allows to jump to a date in a topic
2018-07-19 16:00:13 +02:00
Régis Hanol
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
Sam
ac0053f491
FEATURE: navigate to first post and auto bump category settings
...
### navigate_to_first_post_after_read setting for categories
When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)
### num_auto_bump_daily
Set a number of topics that will automatically bump daily on a category.
- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day
Also some minor organisation on category settings
Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Leo McArdle
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
Guo Xiang Tan
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
Kyle Zhao
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Guo Xiang Tan
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
OsamaSayegh
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Guo Xiang Tan
0a28181c62
Fix the build take 2.
2018-07-10 11:27:03 +08:00
Guo Xiang Tan
5374a0e720
Fix the build.
2018-07-10 09:48:57 +08:00
Jordan Seanor
10bc69a62f
FEATURE: Event on topic merge ( #6057 )
2018-07-10 09:28:57 +08:00
David Taylor
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
Guo Xiang Tan
9948f57a99
REFACTOR: Update test to assert for the right objects.
2018-07-09 09:54:14 +08:00
Maja Komel
18f5f646b1
FEATURE: allow selecting a tag when moving posts to a new topic ( #6072 )
2018-07-06 18:21:32 +02:00
Sam
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
Sam
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
Sam
982df3c17b
FIX: return status 400 for invalid member params
...
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
Robin Ward
fd7bb8e656
FIX: Scope the cn
to the subfolder
2018-06-28 11:03:36 -04:00
Maja Komel
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
Arpit Jalan
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
Arpit Jalan
7efdccdbc5
FIX: allow staff to remove tags from queued topics
2018-06-26 17:08:40 +05:30
Guo Xiang Tan
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
Michael Brown
ae5d255f83
FIX: Reference example.com instead of somesite.com in examples
...
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
Sam
5f86434bf1
DEV: make tests less fragile
2018-06-14 18:31:07 +10:00
Rafael dos Santos Silva
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
OsamaSayegh
4a9dadb646
Add test case for topic embed CSS
2018-06-13 16:22:54 +10:00
OsamaSayegh
249a256cd2
Fix build
2018-06-11 09:12:28 +03:00
OsamaSayegh
77f1cdf20e
REFACTOR: admin backups controller specs to requests ( #5953 )
2018-06-11 13:26:24 +08:00
OsamaSayegh
1dbe13886f
REFACTOR: admin site texts controller specs to requests ( #5958 )
2018-06-11 12:59:21 +08:00
OsamaSayegh
4f06d6078b
REFACTOR: admin themes controller specs to requests ( #5954 )
2018-06-11 12:54:16 +08:00
OsamaSayegh
1fe092da0a
REFACTOR: admin badges controller specs to requests ( #5960 )
2018-06-11 12:50:56 +08:00
OsamaSayegh
bf8d392a51
REFACTOR: admin user fields controller specs to requests ( #5961 )
2018-06-11 12:50:21 +08:00
OsamaSayegh
4c8939d530
REFACTOR: admin email controller specs to requests ( #5962 )
2018-06-11 12:50:08 +08:00
OsamaSayegh
c0776884dd
REFACTOR: admin reports controller specs to requests ( #5963 )
2018-06-11 12:49:28 +08:00
OsamaSayegh
da94eaa81d
REFACTOR: admin color schemes controller specs to requests ( #5964 )
2018-06-11 12:48:58 +08:00
OsamaSayegh
767f022b29
REFACTOR: admin screened ip addresses controller specs to requests ( #5965 )
2018-06-11 12:48:34 +08:00
OsamaSayegh
93b1386fb2
REFACTOR: admin site settings controller specs to requests ( #5966 )
2018-06-11 12:48:09 +08:00
OsamaSayegh
325f975ed3
REFACTOR: admin dashboard controller specs to requests ( #5967 )
2018-06-11 12:47:42 +08:00
OsamaSayegh
a4574cf2ca
REFACTOR: admin webhooks controller specs to requests ( #5969 )
2018-06-11 12:47:29 +08:00
OsamaSayegh
a914ec28fc
REFACTOR: admin impersonate controller specs to requests ( #5968 )
2018-06-11 12:47:14 +08:00
OsamaSayegh
d22b552c9b
REFACTOR: admin emojis controller specs to requests ( #5974 )
2018-06-11 12:39:31 +08:00
OsamaSayegh
12b1687e1f
REFACTOR: admin permalinks controller specs to requests ( #5970 )
2018-06-11 12:37:21 +08:00
OsamaSayegh
37c84451ed
REFACTOR: admin staff action logs controller specs to requests ( #5971 )
2018-06-11 12:37:06 +08:00
OsamaSayegh
65241c6778
REFACTOR: admin api controller specs to requests ( #5972 )
2018-06-11 12:35:45 +08:00
OsamaSayegh
2c8a9d36af
REFACTOR: admin versions controller specs to requests ( #5973 )
2018-06-11 12:35:05 +08:00
OsamaSayegh
237559c76f
REFACTOR: admin screened emails controller specs to requests ( #5975 )
2018-06-11 12:33:54 +08:00
OsamaSayegh
f30c2dacb2
REFACTOR: admin screened urls controller specs to requests ( #5976 )
2018-06-11 12:33:38 +08:00
OsamaSayegh
63b2207065
REFACTOR: admin plugins controller specs to requests ( #5977 )
2018-06-11 12:33:07 +08:00
OsamaSayegh
c6fe082fe4
REFACTOR: admin controller specs to requests ( #5978 )
2018-06-11 12:32:55 +08:00
OsamaSayegh
4ac7be1d1c
REFACTOR: admin embeddable hosts controller specs to requests ( #5979 )
2018-06-11 12:32:13 +08:00
OsamaSayegh
062aecd239
REFACTOR: admin embedding controller specs to requests ( #5980 )
2018-06-11 12:31:58 +08:00
OsamaSayegh
f5ad0022f7
REFACTOR: admin users controller specs to requests ( #5946 )
2018-06-08 12:42:06 +08:00
Guo Xiang Tan
3a8f69c3d2
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 16:11:09 +08:00
OsamaSayegh
1e805cfd3e
REFACTOR: composer messages controller specs to requests ( #5940 )
2018-06-07 13:51:52 +08:00
OsamaSayegh
c6c1ef71c1
REFACTOR: inline onebox controller specs to requests
2018-06-07 13:11:45 +08:00
OsamaSayegh
30be1b0d2b
REFACTOR: category hashtags controller specs to requests ( #5936 )
2018-06-07 13:09:23 +08:00
OsamaSayegh
9975f9751e
REFACTOR: metadata controller specs to requests ( #5935 )
2018-06-07 13:08:28 +08:00
OsamaSayegh
1957cb541b
REFACTOR: permalinks controller specs to requests ( #5934 )
2018-06-07 13:08:13 +08:00
OsamaSayegh
f2a5a84f0b
REFACTOR: similar topics controller specs to requests ( #5933 )
2018-06-07 13:07:53 +08:00
OsamaSayegh
37829a521a
REFACTOR: stylesheets controller specs to requests
2018-06-07 13:06:32 +08:00
OsamaSayegh
a8d33603f9
REFACTOR: export CSV controller specs to requests
2018-06-07 13:02:02 +08:00
OsamaSayegh
0124209a96
REFACTOR: site controller specs to requests
2018-06-07 12:58:33 +08:00
OsamaSayegh
3c96ee4b6f
REFACTOR: clicks controller specs to requests ( #5929 )
2018-06-07 12:57:29 +08:00
OsamaSayegh
2688cc6241
REFACTOR: post action users controller specs to requests
2018-06-07 12:55:01 +08:00
OsamaSayegh
e2e566214d
REFACTOR: user avatars controller spec to requests
2018-06-07 12:53:33 +08:00
OsamaSayegh
05c1fe5c8f
REFACTOR: user actions controller specs to requests
2018-06-07 12:52:06 +08:00
OsamaSayegh
7f21892ad0
REFACTOR: finish installation controller specs to requests
2018-06-07 12:49:47 +08:00
OsamaSayegh
5ecaa55e50
REFACTOR: webhooks controller specs to requests
2018-06-07 12:46:29 +08:00
OsamaSayegh
cc82fb33b5
REFACTOR: queued posts controller specs to requests
2018-06-07 12:41:26 +08:00
OsamaSayegh
1b7d46c054
REFACTOR: post actions controller specs to requests
2018-06-07 12:38:17 +08:00
OsamaSayegh
f75d1e958d
REFACTOR: extra locales controller specs to requests
2018-06-07 12:34:39 +08:00
OsamaSayegh
d2880246cd
REFACTOR: steps controller specs to requests
2018-06-07 12:31:13 +08:00
Guo Xiang Tan
47ddb3a7ca
Merge branch 'wizard-controller' of https://github.com/OsamaSayegh/discourse into OsamaSayegh-wizard-controller
2018-06-07 12:27:48 +08:00
OsamaSayegh
600ff85ecd
REFACTOR: draft controller specs to requests ( #5942 )
2018-06-07 12:24:20 +08:00
OsamaSayegh
f5178ded56
REFACTOR: offline controller spec to requests ( #5943 )
2018-06-07 12:24:05 +08:00
Sam
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Vinoth Kannan
d8e641cd98
FIX: avatar_url includes upload_path twice when local storage used
2018-06-06 18:27:30 +05:30
OsamaSayegh
3244fb8959
REFACTOR: wizard controller specs to requests
2018-06-06 12:07:55 +03:00
Guo Xiang Tan
a83ab01264
REFACTOR: Remove extra param for group mentionable and messableable route.
2018-06-06 09:42:09 +08:00
Arpit Jalan
f8d82f135f
FIX: do not verify group visibility when checking for mentionable/messageable
2018-06-05 16:59:21 +05:30
OsamaSayegh
d3e610eed9
REFACTOR: topic controller (2) specs to requests ( #5911 )
2018-06-05 12:03:49 +08:00
OsamaSayegh
475d944d74
REFACTOR: onebox controller specs to requests ( #5914 )
2018-06-05 11:36:08 +08:00
OsamaSayegh
22fcc04d38
REFACTOR: user badges controller specs to requests ( #5912 )
2018-06-05 10:59:01 +08:00
OsamaSayegh
79dcd79470
REFACTOR: email controller specs to requests ( #5917 )
2018-06-05 10:57:11 +08:00
Guo Xiang Tan
a508e6a5f6
DEV: Stablize requests/search_controller_spec
.
2018-06-05 10:07:05 +08:00
OsamaSayegh
bc75cfe4b5
REFACTOR: tags controller specs ( #5908 )
2018-06-04 14:09:14 +08:00
OsamaSayegh
1f8805d3af
REFACTOR: user api keys contoller specs to request
2018-06-04 16:07:53 +10:00
OsamaSayegh
807223deef
REFACTOR: notifications controller specs to requests
2018-06-04 16:06:53 +10:00
OsamaSayegh
e4bdafb550
REFACTOR: categories controller specs to requests ( #5903 )
...
REFACTOR: categories controller specs to requests
2018-06-04 12:04:32 +08:00
OsamaSayegh
e58ed247f2
REFACTOR: uploads controller specs to requests ( #5907 )
2018-06-04 11:13:52 +08:00
OsamaSayegh
cfea837e88
REFACTOR: search controller specs to requests ( #5906 )
2018-06-04 11:12:38 +08:00
OsamaSayegh
9b4a98695e
REFACTOR: list controller specs to requests ( #5902 )
2018-06-04 11:09:59 +08:00
OsamaSayegh
474ff94df3
REFACTOR: convert invites controller specs to requests ( #5898 )
...
REFACTOR: convert invites controller specs to requests
2018-06-01 13:06:08 +08:00
OsamaSayegh
d4848f2d58
REFACTOR: topics controller specs to requests ( #5886 )
...
* REFACTOR: topics controller specs to requests
2018-05-31 22:45:32 +08:00
Guo Xiang Tan
7fc8a36529
DEV: Take 2 Queue jobs in tests by default.
...
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan
56e9ff6853
Revert "DEV: Queue jobs in tests by default."
...
Too risky for now
This reverts commit be28154d3b
.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan
be28154d3b
DEV: Queue jobs in tests by default.
2018-05-31 14:45:47 +08:00
Guo Xiang Tan
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
OsamaSayegh
4e21a031df
Remove trailing whitespace
2018-05-31 12:31:46 +10:00
OsamaSayegh
23e3a68592
REFACTOR: session controller specs to requests
2018-05-31 12:31:46 +10:00
Guo Xiang Tan
21e9315416
FIX: Use user account email instead of auth email when totp is enabled.
...
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Guo Xiang Tan
123a22e6d8
DEV: Clean up omniauth after mocking.
2018-05-28 15:12:54 +08:00
Guo Xiang Tan
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
...
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
OsamaSayegh
0347c97520
tgxworld feedback
2018-05-28 06:20:47 +03:00
Robin Ward
4195c7c9ea
FEATURE: Ability to clear a user's penalty history
...
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
OsamaSayegh
bac0482061
REFACTOR: users contollers specs => request specs
2018-05-25 05:04:25 +03:00
Neil Lalonde
3db1032bfd
FIX: not found page shouldn't include the Google search form for sites with login_required enabled
2018-05-23 16:59:02 -04:00
OsamaSayegh
609804f5ef
REFACTOR: merge posts controller specs into request specs
2018-05-23 08:53:46 +10:00
OsamaSayegh
450a600721
REFACTOR: about & badge controllers => requests
2018-05-22 13:45:13 +10:00
Sam
788ca1f112
FIX: stop adding email to unsubscribe url
...
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis
Also move controller to request specs
2018-05-22 09:07:03 +10:00
Guo Xiang Tan
b7b08b4173
Fix regression introduced in 2ceb107074
.
2018-05-21 13:26:23 +08:00
Guo Xiang Tan
2ceb107074
Refactor tests to use the json extension instead of headers.
2018-05-21 09:49:46 +08:00
Arpit Jalan
9f422c93f6
FIX: restrict updates on confirm_old_email
email templates
2018-05-19 12:19:59 +05:30
Arpit Jalan
9532d9a555
FIX: handle invalid tags
2018-05-17 19:33:12 +05:30
Régis Hanol
131b7f5da5
make 🤖 rubocop happy
2018-05-16 16:35:04 +02:00
Joe Buhlig
3cd4c82c49
Allow parameters for group and username filters on directory ( #5815 )
2018-05-16 16:20:17 +02:00
Régis Hanol
37232fcb58
FIX: staff members should see all tags
2018-05-13 17:50:21 +02:00
Guo Xiang Tan
2eb2f273a8
Refactor of PushSubscriptionPusher
.
2018-05-09 08:14:14 +08:00
Jeff Wong
7f1f697e97
FIX: de-duplicate push subscriptions - ensure unique user/key
2018-05-08 15:20:39 -07:00
Gerhard Schlager
52db0b31c1
FIX: Automatically add user to groups after updating email address
2018-05-08 21:27:22 +02:00
Arpit Jalan
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Guo Xiang Tan
21007a4a8d
Rewrite push notifications controller specs as request specs.
...
* Improve assertions to test for the outcome we expected instead
of just asserting for a 200 response.
* Remove duplicated assertion.
2018-05-07 15:40:46 +08:00
Guo Xiang Tan
aa0d32231c
FIX: Incorrect query when removing a group owner.
...
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Robin Ward
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
Sam
146a6c3592
FIX: exclude topics from latest in /categories on refresh
...
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
Robin Ward
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
Guo Xiang Tan
9eabf7c02c
Fix randomly failing specs due to SearchLog cache.
2018-04-23 10:10:10 +08:00
Guo Xiang Tan
70d181bff8
FIX: Better error message in GroupsController#add_members
.
...
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
Robin Ward
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Arpit Jalan
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
Sam
3632b8d8d6
FEATURE: provide extra signal about content age to crawlers
...
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Régis Hanol
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
Guo Xiang Tan
d9d86577ff
FIX: Staff users are not affected by enable_group_directory
site setting.
2018-04-10 09:22:01 +08:00
Guo Xiang Tan
c82b2dcc24
Remove admin group management pages.
2018-04-09 15:14:50 +08:00
Sam
4111f17f64
add missing test for rel next/prev
2018-04-09 15:01:16 +10:00
Guo Xiang Tan
0623785f69
FIX: Prevent group owners from editing admin only settings.
2018-04-06 11:44:58 +08:00
Sam
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
Guo Xiang Tan
e36e9de28a
Allow admin to view logs of automatic groups.
2018-04-05 16:31:55 +08:00
Guo Xiang Tan
8760c4d68c
Fix GroupsController#group_params
to allow more group attributes to be updated.
2018-04-05 13:53:00 +08:00
Vinoth Kannan
434cbc649f
FEATURE: Webhook for tag events
2018-04-04 17:49:20 +05:30
Vinoth Kannan
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Guo Xiang Tan
52e75eaee9
UX: Tweaks to group pages.
2018-03-29 17:04:48 +08:00
Guo Xiang Tan
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block
...
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Vinoth Kannan
62edf3c401
Add spec test for authComplete param carry-forward
2018-03-27 18:04:40 +05:30
Guo Xiang Tan
7edab1c0b9
UX: Add groups/custom/new
route for admins to create a new group.
2018-03-27 17:39:05 +08:00
Gerhard Schlager
558914b986
Fix random spec errors
2018-03-27 11:14:06 +02:00
Vinoth Kannan
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
Guo Xiang Tan
2ecd234e27
UX: Consolidation group manangement into a single tab.
2018-03-27 13:34:46 +08:00
Guo Xiang Tan
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Guo Xiang Tan
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Robin Ward
5f19ad9507
FIX: allow destination categories to be set if not at first
2018-03-23 11:33:02 -04:00
Robin Ward
38af67eb73
Update the destination category id when a user changes it
2018-03-23 11:12:56 -04:00
Guo Xiang Tan
27bde6bc11
Fix the build.
2018-03-23 11:43:32 +08:00
Neil Lalonde
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00