Commit Graph

79 Commits

Author SHA1 Message Date
Robin Ward
e4287d9de9 FIX: Resend activation email was busted 2014-09-16 10:24:02 -04:00
riking
3d3313d5ee SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:21:06 -04:00
Robin Ward
ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Robin Ward
9a1580244a FIX: Don't show profile pages for inactive users and don't show them in
search results.
2014-08-13 13:30:25 -04:00
Neil Lalonde
939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
Neil Lalonde
766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Régis Hanol
b5c57fa947 FIX: don't mess with fixtures when running the specs 2014-07-14 17:34:23 +02:00
Sam
8fcc019ff8 FIX: only allow badge title selection if it exists 2014-07-09 15:31:49 +10:00
Sam
7909ca2a17 fix spec 2014-07-05 09:13:53 +10:00
Sam
5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward
e22688a204 FEATURE: Can upload images to categories 2014-06-30 14:14:00 -04:00
Robin Ward
9000c358d1 REFACTOR: Use common path for RESTful DELETE action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward
4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Andrew Bezzub
386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
Neil Lalonde
ad2bd11d6e Add a way to get user based on sso external id 2014-06-18 14:40:25 -04:00
riking
6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam
03087679f0 FEATURE: Support custom preferences for users, injected by plugins 2014-06-11 15:50:37 +10:00
Sam
106838b92b Correct invalid spec 2014-05-30 14:48:07 +10:00
Sam
504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam
0fc4c47927 Merge pull request #2295 from vikhyat/badge-system
Titleable badges
2014-04-29 11:26:51 +10:00
Vikhyat Korrapati
b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Sam
4445b8c3c0 Factor out mocks 2014-04-28 00:34:55 +10:00
Robin Ward
b9ca124756 Support for /my/preferences to automatically redirect to the logged in
user.
2014-04-21 11:52:11 -04:00
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam
be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Johan Jatko
98c479c3c4 FEATURE: Profile Backgrounds
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde
8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Scott Albertson
51eff92170 Refactor UsersController#create
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde
981d8f6aea Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing... 2013-11-19 14:15:28 -05:00
Scott Albertson
77b59b54ce Refactor UsersController#invited
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
railsaholic
58f78e9001 Refactor Users#upload_avatar method
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```

Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
sirMackk
af67284995 User ctrl refactor - breaks up large methods, moves some logic into model
Includes missing methods from backup for travis to pass

fix missing code, failing specs

keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Scott Albertson
72bfa4471f Move logic for updating a user into a service class 2013-11-07 08:39:39 -08:00
Scott Albertson
c0cffca1e6 Test title updating 2013-11-01 13:43:31 -07:00
Scott Albertson
3cc17ad4cd Add test coverage for #update 2013-11-01 13:43:31 -07:00
Scott Albertson
58f96bdfb5 Remove duplication in test setup 2013-11-01 13:43:31 -07:00
Scott Albertson
2e7696630b Make #update specs consistent
* Use expect syntax
* Avoid lets
* Stub Guardian method used in the controller
2013-11-01 13:43:31 -07:00
Robin Ward
3d6d7c8abe SiteSetting to hide regular names from users 2013-10-30 15:45:34 -04:00
Scott Carleton
cbef844a57 Build out a URI Adapter to allow uploading an avatar via a url
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
dbarbera
9106596a9a add image authorization on upload_avatar 2013-10-12 14:11:44 +02:00
Régis Hanol
23bf4436f5 FIX: avatar was attached to the user who uploaded it... 2013-10-12 10:55:41 +02:00
Matthieu Guillemot
3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Emili Parreno
4a0f3b3ac2 fix user_controller_spec when testing too long usernames 2013-09-05 17:36:53 +02:00