github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-12 07:53:58 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
28,187 Commits 214 Branches 500 Tags 960 MiB
30be1b0d2b
Commit Graph

1200 Commits

Author SHA1 Message Date
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701) 
Add profile_background and card_background fields into Discourse SSO.
 2018-05-07 10:03:26 +02:00
Guo Xiang Tan
21007a4a8d Rewrite push notifications controller specs as request specs. 
* Improve assertions to test for the outcome we expected instead
  of just asserting for a 200 response.

* Remove duplicated assertion.
 2018-05-07 15:40:46 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792) 
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
 2018-05-04 15:31:48 -07:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Sam
b26e27bdab correct specs 2018-04-26 17:24:16 +10:00
Guo Xiang Tan
9eabf7c02c Fix randomly failing specs due to SearchLog cache. 2018-04-23 10:10:10 +08:00
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Sam
71d0035a7e groups should be text to match add_group etc. 2018-04-10 13:47:07 +10:00
Guo Xiang Tan
c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Sam
4111f17f64 add missing test for rel next/prev 2018-04-09 15:01:16 +10:00
Guo Xiang Tan
eb755dd2a7 Fix the build. 2018-04-06 10:40:57 +08:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil. 
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
 2018-04-02 13:52:51 +08:00
Neil Lalonde
73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Guo Xiang Tan
52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Guo Xiang Tan
5f4ff4a8c0 Fix failing spec. 2018-03-28 12:01:50 +08:00
Arpit Jalan
d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Régis Hanol
89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Guo Xiang Tan
2ad2ed2eb2 FIX: Couldn't move a topic into the uncategorized category. 2018-03-13 10:20:47 +08:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos 
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
 2018-03-09 16:14:38 +11:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan
0fabf80dca Migrate controller type specs to request types for omniauth. 2018-03-01 15:33:00 +08:00
Guo Xiang Tan
c64f09b6b7 REFACTOR: Simplify and DRY Group#invite. 2018-02-26 11:59:07 +08:00
Régis Hanol
0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Gerhard Schlager
23498e54aa Fix the build 2018-02-23 13:35:15 +01:00
Guo Xiang Tan
ea1733ca64 Fix failing spec. 2018-02-23 11:31:10 +08:00
Guo Xiang Tan
1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Guo Xiang Tan
964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Sam
720e1965e3 FEATURE: add category suppress from latest 
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
 2018-02-22 09:56:35 +11:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP 
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
 2018-02-21 09:04:07 +08:00
Guo Xiang Tan
b6e82815bd Fix rspec description. 2018-02-21 09:02:42 +08:00
Régis Hanol
6b67192d99 fix the build 2018-02-19 22:52:54 +01:00
OsamaSayegh
f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364) 
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
 2018-02-19 10:44:24 +01:00
Sam
cda3f72ab8 SECURITY: don't onebox whispers 2018-02-16 08:57:20 +11:00
Sam
57e140dc07 FIX: oneboxing to private messages 2018-02-16 08:00:22 +11:00
Régis Hanol
8e0da35857 FIX: allow local oneboxes to public topics/posts in PM 2018-02-15 18:14:41 +01:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks 
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
 2018-02-14 10:40:46 +11:00
Robin Ward
7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email 
Co-authored-by: tgxworld <tgx@discourse.org>
 2018-02-13 16:14:39 +08:00
Muhlis Cahyono
cc3cf6588b FEATURE: Notification API Endpoints for Admins 
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
 2018-02-13 01:38:26 -05:00
Gerhard Schlager
8765279c90 FIX: Customizing site texts ignored current locale for _MF keys 2018-02-07 16:57:08 +01:00
Robin Ward
8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths 
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
 2018-02-01 12:26:45 +11:00
Régis Hanol
5c1eaeca9e FIX: prevent users from moving whispers to new topic 2018-01-22 17:23:19 +01:00
Sam
906f189914 have to clear debounce cache for tests 2018-01-15 15:29:54 +11:00
Sam
49ed382c2a FIX: return 429 when admin api key is limited on admin route 
This also handles a general case where exceptions leak out prior to being handled by the application controller
 2018-01-12 14:15:26 +11:00
Arpit Jalan
672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Sam
8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Joffrey JAFFEUX
642645ba9a
FIX: broken select badge as user title (#5474) 
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
 2018-01-05 16:58:15 +01:00
Arpit Jalan
ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Régis Hanol
7f69362d9d FIX: external links in whisper ended up in a white page 
FIX: clicking a link in a onebox wasn't properly extracting the post_id
 2017-12-20 17:55:15 +01:00
Philipp Daniels
6a2bce1931 FIX: Data loss on update of single user_field. 
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
 2017-12-20 16:33:23 +08:00
Guo Xiang Tan
97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter. 
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
 2017-12-18 11:25:22 +08:00
Sam
96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Sam
a393d3bcbb FIX: ensure staged accounts are always inactive 
If for any reason active is stored in the user model, clear it out
prior to creating an account
 2017-12-13 14:22:16 +11:00
Arpit Jalan
1d43d7f136 optimize spec 2017-12-12 13:00:53 +05:30
Arpit Jalan
d21db0f186 add a test case to verify presence of registration_ip_address for staged users 2017-12-11 21:33:00 +05:30
Robin Ward
74b9828731 FIX: Remove mentions filters from user and groups 
Additionally return no data if disabled
 2017-12-07 16:29:02 -05:00
Arpit Jalan
5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Sam
dd70ef3abf Revert "Revert "PERF: improve speed of rate limiter"" 
This reverts commit 2373d85239.
 2017-12-04 21:23:11 +11:00
Sam
2373d85239 Revert "PERF: improve speed of rate limiter" 
This reverts commit a9bcdd7f27.
 2017-12-04 21:19:28 +11:00
Sam
a9bcdd7f27 PERF: improve speed of rate limiter 
Also

- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
 2017-12-04 18:17:30 +11:00
Arpit Jalan
496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements 
FEATURE: support search click through tracking for user, category and tags
 2017-12-01 12:08:38 +05:30
Arpit Jalan
e3925278e2 FEATURE: support search click through tracking for user, category and tags 
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj

This commit adds following features:

- support for tracking click through to user, tag and category
- new filter for search type (header, full page)

This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
 2017-12-01 12:04:55 +05:30
Vinoth Kannan
7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Guo Xiang Tan
1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check 
FIX: Re-enable invalid interpolation keys check and allow default key…
 2017-11-30 13:04:54 +08:00
Guo Xiang Tan
1d8b834301
Merge pull request #5369 from vinothkannans/queued 
FIX: Error if queued post not found while updating
 2017-11-28 17:51:05 +08:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Vinoth Kannan
31aa21b5a4 FIX: Error if queued post not found while updating 2017-11-27 19:25:51 +05:30
Guo Xiang Tan
5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides. 
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
 2017-11-27 11:00:08 +08:00
Sam
eb428ef54d FEATURE: uploads are processed a faster 
Also cleans up API to always return 422 on upload error. (previously returned 200)

Uploads are processed using new hijack pattern
 2017-11-27 12:43:35 +11:00
Sam
e0e99d4bbd PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-24 15:31:40 +11:00
Guo Xiang Tan
82222e8d18 Improve specs to test for the right response status. 2017-11-24 09:32:44 +08:00
Sam
e61629ed84 remove spec containing mock 2017-11-23 17:54:27 +11:00
Robin Ward
628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Robin Ward
0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Gerhard Schlager
92a831bae6 FEATURE: user directory returns staged users during search 2017-11-19 01:17:31 +01:00
OsamaSayegh
4c4410225e UX: cap likes 2 (#5237) 2017-11-15 11:28:54 +11:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Sam
47e4c9bb46 FIX: import/export theme should work with uploads 2017-11-14 16:30:23 +11:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde
9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Neil Lalonde
d7880af0bb FIX: change password form validation should instruct admins to use min password length for admin accounts 2017-11-07 16:14:56 -05:00
Sam
56412adad5 FEATURE: custom setting for large square site icon 
This icon is used for android splash screen
 2017-11-03 16:19:31 +11:00
Sam
1bd9e64a36 FIX: offline controller regression 2017-10-31 15:44:50 +11:00
Erick Guan
7c3123a2dd Downcase encoded slug by default and more specs 2017-10-26 16:50:29 +08:00
Rafael dos Santos Silva
5d5268a82b Feature: Group handling 2017-10-25 22:49:17 -02:00
Arpit Jalan
9586f0bdc9 fix the build - take 2 2017-10-20 21:34:56 +05:30
Arpit Jalan
13b2bf52c9 fix the build 2017-10-20 20:31:49 +05:30
Neil Lalonde
2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Robin Ward
f73a3cc0d4 Don't include suspended_at or suspended_till unless suspended 2017-10-13 12:17:54 -04:00
Arpit Jalan
a2183c3f1d SECURITY: verify that inviter can invite new user to a topic 2017-10-09 15:59:41 +05:30
Neil Lalonde
1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde
e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Guo Xiang Tan
85c5bb4ea4 Fix randomly failing spec. 2017-10-03 11:59:26 +08:00
Guo Xiang Tan
8140e54675 FIX: More fixes for Group#mentionable and Group#messageable feature. 2017-10-02 17:45:58 +08:00
Guo Xiang Tan
c872225762 Improve MessageBus.track_publish to allow filter by channel. 2017-10-02 11:34:57 +08:00
Guo Xiang Tan
b295a39977 Fix randomly failing spec. 2017-10-02 11:24:48 +08:00
Guo Xiang Tan
049d925213 Remove controller spec that is rewritten as request spec. 2017-10-02 10:47:22 +08:00
Eleanor Demis
ac04f5e0cc update response error when deleting tags (#5213) 2017-09-30 16:31:32 +02:00