Commit Graph

3255 Commits

Author SHA1 Message Date
Guo Xiang Tan
8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Robin Ward
5c40ae9e63 FIX: Links in quotes should be counted for rate limits 2018-02-20 20:42:01 -05:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan
226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Sam
86d12bd44b FEATURE: search within title using in:title
Also

- Significantly improved search ranking, title is treated most strongly
- Adds tag names to the index
- Run search re-indexer more aggressively
- Re-index topic and all posts on category change
2018-02-20 14:41:21 +11:00
Arpit Jalan
c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
Neil Lalonde
991dfadad7 FIX: CategoryTagStat queries need to exclude PMs with tags 2018-02-15 12:13:42 -05:00
Arpit Jalan
f07b1a5c05 FIX: activate user even if email token is already confirmed 2018-02-14 20:44:48 +05:30
Sam
f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Gerhard Schlager
5a56746610 FIX: Embedded topic was not found when URL contained query string 2018-02-14 00:28:30 +01:00
Robin Ward
4c9959f795 FIX: Don't allow silenced users to reach TL3 2018-02-12 17:20:11 -05:00
Neil Lalonde
76c309fe6b PERF: a faster way to count tags used per category 2018-02-12 15:16:47 -05:00
Robin Ward
cee3337357 Don't allow users to auto-hide staff posts 2018-02-09 19:53:58 -05:00
Robin Ward
5466389f4e FIX: Consider oneboxes links wrt to min_trust_level_to_post_links 2018-02-08 18:27:40 -05:00
Gerhard Schlager
0ecdf90023 FIX: Validations could prevent moving posts 2018-02-08 13:36:13 +01:00
Gerhard Schlager
8ab6689f43 FIX: Preserve original date when moving first post 2018-02-08 12:55:32 +01:00
Gerhard Schlager
890ffb1eb5 FIX: overriding _MF translations worked only for English 2018-02-07 12:47:15 +01:00
Sam Saffron
884b9d4b78 PERF: optimize performance of new topics query (home page)
This ensures the bypass is always applied to query plan
also, add frozen strings
2018-02-06 12:37:23 -05:00
Vinoth Kannan
e8559f222c FIX: After moving the posts topic timestamp should be updated with newest post 2018-02-02 19:30:52 +05:30
Neil Lalonde
ef2a7ac0f7 FIX: admin reports would sometimes return fewer than 30 days of data, causing current 30 day period counts to be too small and prev30day counts to count the wrong days 2018-02-01 15:50:51 -05:00
Joshua Rosenfeld
f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Arpit Jalan
f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan
25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Régis Hanol
4bcf9c5bf3 FIX: only count 'human' users in group.user_count 2018-01-31 21:55:01 +01:00
Arpit Jalan
1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Gerhard Schlager
b784c1eda4 FIX: Remove all notifications of staged user during sign-up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
d9515c37b3 FIX: Show message from discobot when staged user signs up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Sam
c42bb94362 PERF: slow down optimizing images per host 2018-01-24 08:53:17 +11:00
Sam
bfd052a317 PERF: guard so we only create one optimized image per process
This protectd sidekiq and other cases where optimized images are created on
demand so they do not dominate the machine.
2018-01-24 08:22:28 +11:00
Gerhard Schlager
dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Kyle Zhao
83c549bd31 FEATURE: grant badges in post admin wrench (#5498)
* FEATURE: grant badges in post admin wrench

* only grant manually grantable badges

* extract GrantBadgeController mixin
2018-01-22 14:10:53 +11:00
Rafael dos Santos Silva
70c5f6ae17
Merge pull request #5489 from discourse/fix-shared-s3-cdn
FIX: Allow shared CDN for s3 and assets
2018-01-17 16:32:11 -02:00
Sam
b7023da894 PERF: reduce queries required for post timings
- also freezes a bunch of strings
- bypass active record for an exists query
2018-01-17 15:50:41 +11:00
Sam
2d2602edf0 no need to log anything if term is blank 2018-01-17 11:02:53 +11:00
Neil Lalonde
ce79ec0127 FIX: subfolder: top referred topics report was missing subfolder in links 2018-01-15 17:28:35 -05:00
Arpit Jalan
785d063a6b
Merge pull request #5496 from techAPJ/admin-graphs
FIX: graphs should go to zero for missing dates
2018-01-15 11:10:29 +05:30
Arpit Jalan
b7ba490df7 FIX: graphs should go to zero for missing dates 2018-01-15 10:16:34 +05:30
Sam
bf68d394f4 PERF: handle debounce in redis cause SQL can be slow 2018-01-15 14:48:28 +11:00
Neil Lalonde
298ee26908 FIX: when deleting a tag, the warning modal has the wrong topic count 2018-01-12 16:35:27 -05:00
Neil Lalonde
ad58a1743b rename topic_list.tags to topic_list.top_tags 2018-01-12 16:35:27 -05:00
Neil Lalonde
6d68275ef9 don't show tag groups if they're restricted to categories you can't access 2018-01-12 14:25:42 -05:00
Neil Lalonde
2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Rafael dos Santos Silva
b9a343afe7 FIX: Allow shared CDN for s3 and assets 2018-01-12 01:08:15 -02:00
Vinoth Kannan
b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Neil Lalonde
8f21c96ea5 FIX: don't downcase watched words on input since it can break the watched_words_regular_expressions setting 2018-01-09 16:51:59 -05:00
Guo Xiang Tan
e90187cbf7
Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned
FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
2018-01-09 13:35:08 +08:00