Sam
99f4d5082b
FIX: Improve token rotation and increase logging
...
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Neil Lalonde
0661cebbcf
fix intermittent failing spec
2017-03-07 11:59:05 -05:00
Neil Lalonde
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
Robin Ward
dad57fa033
FIX: More errors with non-ascii URLs
2017-03-07 11:21:41 -05:00
Guo Xiang Tan
d1e587c10a
Merge pull request #4737 from oblakeerickson/approve_invited_user
...
FIX: approve invited user
2017-03-07 21:14:34 +08:00
Régis Hanol
0abe433495
Merge pull request #4736 from techAPJ/group-bulk-add
...
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
Guo Xiang Tan
7d82a53dfe
FIX: Group#name
is case insensitive.
2017-03-06 17:24:03 +08:00
Arpit Jalan
d5bcc70e9c
FIX: grant trust level when bulk adding users to group
2017-03-06 14:39:53 +05:30
Guo Xiang Tan
66b5f97743
Merge pull request #4739 from tgxworld/fix_cant_recover_a_topic_that_belongs_to_a_deleted_user
...
Fix cant recover a topic that belongs to a deleted user
2017-03-06 15:12:54 +08:00
Guo Xiang Tan
8aea3caf00
FIX: Ensure that we only move posts that belong to the original topic.
2017-03-06 15:04:10 +08:00
Guo Xiang Tan
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Guo Xiang Tan
a28704bcee
FIX: Can't recover a post when its user has been deleted.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 14:29:06 +08:00
Blake Erickson
dbb3ddc7a6
FIX: approve invited user
...
This commit fixes the case where invited users who typed in a password
would not be approved by default. Because we moved the user create logic
for an invited user there was a clash with the `save` in the user model
and the `save` in the invite_redeemer class.
- added approve logic into invite_redeemer class.
- added tests to verify that the user is approved
- added a check to see if must_approve_users is on
- added a check to see if the inviter is staff
- go ahead and approve the user if must_approve_users is off
- keep existing User.approve workflow if user exists
- improve if/else logic to remove duplicate code
- use `Time.zone.now`
2017-03-05 06:58:23 -07:00
Sam
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
Guo Xiang Tan
bcf634ca85
Merge pull request #4728 from nbianca/username-regex
...
Add support for username regex.
2017-03-03 22:59:23 +08:00
Bianca Nenciu
30909ec54e
Add support for username regex.
2017-03-02 13:53:45 +02:00
Guo Xiang Tan
3d347fb9c4
FIX: Don't mark user as active
if verified email is different.
2017-03-02 14:24:30 +08:00
Neil Lalonde
51d7dc4355
switch contents of embeddable_host_fabricator.rb and category_fabricator.rb
2017-03-01 15:13:31 -05:00
Neil Lalonde
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
Blake Erickson
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan
e27b1b98d1
FIX: handle new user when logging name change
2017-03-01 13:43:57 +05:30
Guo Xiang Tan
107d6783a9
Remove use of stubs in tests.
2017-03-01 10:53:03 +08:00
Guo Xiang Tan
76dd6933d2
Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
...
This reverts commit e6d75f6844
.
This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Robin Ward
d27575176a
Enforce a minimum amount of posters in a topic for get_a_room
2017-02-28 16:47:16 -05:00
Sam
122fb8025d
FIX: last seen date erroneously updated when browser in background
...
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde
292dd8623c
Merge pull request #4622 from dmacjam/master
...
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Sam
3ac4709903
FIX: on initial token issue stop unmarking token as unseen
...
prev and current are the same so we need special logic to bypass
2017-02-28 10:38:22 -05:00
Guo Xiang Tan
e6d75f6844
Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
...
This reverts commit 0e3def7d2b
.
2017-02-28 11:27:14 +08:00
Sam
1e980ad4e6
Merge pull request #4721 from oblakeerickson/sort_admin_users_api
...
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Arpit Jalan
6661cebff8
FIX: do not log duplicate username changes
2017-02-28 01:32:00 +05:30
Neil Lalonde
e634b37f9a
FIX: from field of emails should be including email_site_title or site title settings
2017-02-27 14:23:07 -05:00
Arpit Jalan
b32d3d66e5
FEATURE: log all username and name changes
2017-02-28 00:23:27 +05:30
Robin Ward
0e3def7d2b
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:19:26 -05:00
Robin Ward
bf9626d031
FIX: Embedding was broken with non-english URLs and ports
2017-02-27 12:17:52 -05:00
Arpit Jalan
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
jomaxro
f5673fbd47
Remove references to elder
...
The use of the TL4 name Elder was changed in 2014 to Leader. The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Sam Saffron
7e8f0dc967
FIX: attempt to handle ios edge case where token is seen but unsaved
...
This relaxes our security in the following way
- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)
- new auth token is marked unseen if we are presented with an old token
after we already saw new one
This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
Blake Erickson
0e6cb752da
Clean up valid order names
...
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.
Example: 'created' => 'created_at'
Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
Blake Erickson
e9d5c3265c
Change param asc to ascending
...
For consistency, change param asc to ascending:
https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson
0a41da6bad
FEATURE: Add order logic to admin users controller
...
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.
https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649
Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.
Example:
`/admin/users/list/active.json?&order=post_count` which defaults to desc
and
`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol
ecdae9f863
FIX: i18n integrity specs
...
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit fbe51d68a7
.
Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7
SECURITY: Ensure that user has been authenticated.
2017-02-24 10:47:48 +08:00
Sam
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
Sam
ea1007e954
FEATURE: add support for same site cookies
...
Defaults to Lax, can be disabled or set to Strict.
Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Neil Lalonde
0551b3f5ee
FEATURE: replace emoji with unicode in title and description meta tags
2017-02-22 16:24:13 -05:00
Sam Saffron
b7d2edc7dc
FIX: allow some auth token misses prior to clearing cookie
...
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Neil Lalonde
c94fdcea38
FIX: admin dashboard posts count should not include system posts and whispers
2017-02-21 14:45:41 -05:00
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Jakub Macina
4a2f13348a
ADD: Append tags bulk action for topics
2017-02-20 18:14:32 +01:00
Régis Hanol
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
Robin Ward
e62c0a42fa
FIX: Support multiple embeddable host records with the same host
2017-02-17 12:41:34 -05:00
Sam
7a85469c4c
SECURITY: inactive/suspended accounts should be banned from api
...
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:03:09 -05:00
Neil Lalonde
c0e1722ca6
fix intermittent spec failure due to Time comparison with TimeWithZone
2017-02-17 10:30:29 -05:00
Neil Lalonde
3fb50d587d
FIX: invited users and new TL1 users will see their first notification highlighted
2017-02-17 10:30:29 -05:00
Jeff Atwood
9b263a0559
increase req min unique pw chars from 5 to 6
2017-02-16 17:06:19 -08:00
Neil Lalonde
4b28bfaa15
Merge pull request #4710 from ento/fix-s3-config-check
...
FIX: admin dashboard shouldn't complain when using IAM profile for S3 access
2017-02-15 17:02:07 -05:00
Neil Lalonde
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
Sam
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
Sam
9c51e3e8e7
amend preloader api to supply topic list
2017-02-15 12:04:02 -05:00
Sam
2c59ffeb2c
FIX: token rotation not accounting for overlapping tokens correctly
...
also... freeze_time has no block form, correct all usages and specs
2017-02-15 10:58:18 -05:00
Marica Odagaki
af9c97ec43
Add failing tests
2017-02-15 00:05:58 -08:00
Marica Odagaki
2c1279b740
Fix typo to be more consistent with other test descriptions
2017-02-15 00:04:10 -08:00
Sam
f2099c3811
adjust API
2017-02-14 16:32:33 -05:00
Sam
89d5e8ab4b
FEATURE: allow plugins to preload data in topic list
2017-02-14 16:29:06 -05:00
Sam
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
Sam
783bac9ff7
less stubbing for better clarity and robustness
2017-02-13 14:34:15 -05:00
Sam
7652901b75
reduce mocking and stubbing in controller spec
2017-02-13 14:31:15 -05:00
Sam
0ab96a7691
FEATURE: add hidden setting for verbose auth token logging
...
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Robin Ward
e1d358ffbf
FIX: Don't clear the login hint when the system user is saved
2017-02-13 10:54:20 -05:00
Jeff Atwood
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Neil Lalonde
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
Sam Saffron
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
Neil Lalonde
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
Robin Ward
9fe4427071
Clean up get_a_room
following review
2017-02-08 12:24:26 -05:00
Neil Lalonde
5a8bbe663a
FEATURE: include most popular tag in page title for webcrawlers of tagged uncategorized topics
2017-02-07 16:55:42 -05:00
Sam Saffron
df8f365d99
FEATURE: improve search so it searches sub categories by default
...
If you want an exact category match use `category:=howto` or `#=howto"
2017-02-07 15:53:37 -05:00
Régis Hanol
02bb7beaaf
FIX: don't put attachments on the CDN when 'prevent anons from downloading files' is enabled
2017-02-07 18:06:44 +01:00
Sam
49e7124a5e
clarify override semantics in spec
2017-02-07 10:41:27 -05:00
Sam
f34907b523
Merge pull request #4681 from vietqhoang/feature/add-user-title-to-sso-payload
...
FEATURE: Add user title to SSO payload
2017-02-07 10:25:32 -05:00
Sam
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
Régis Hanol
84af84dc52
prevent inactive & staged users from being automatically added to a group
2017-02-06 17:49:27 +01:00
Régis Hanol
ba115480ba
FIX: wasn't extracting links to quoted posts
2017-02-06 14:45:04 +01:00
Régis Hanol
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
Robin Ward
f1e7bca3c9
FEATURE: Warn a user when they're replying to the same user too much
2017-02-03 17:00:54 -05:00
Neil Lalonde
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
Robin Ward
b251d11518
FIX: If you make a new banner, clear the old dismissed values
2017-02-03 15:07:38 -05:00
Guo Xiang Tan
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
Arpit Jalan
6b8691ecea
Merge pull request #4685 from techAPJ/approve-users-invite-fix
...
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:22:18 +05:30
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Guo Xiang Tan
c392994793
Fix specs.
2017-02-03 08:38:19 +08:00
Neil Lalonde
b91cb92af0
FIX: reports for time to first reply and topics without replies were counting whispers and moderator actions
2017-02-02 17:27:41 -05:00
Guo Xiang Tan
3c28d94706
FIX: Don't configure Redis connector if Redis slave config is not set.
2017-02-02 13:48:55 +08:00
Régis Hanol
82555ca761
FIX: mail threading wasn't working properly in Mac Mail
2017-02-01 23:02:41 +01:00
Viet Hoang
40164ccd4a
Add user title to SSO payload
2017-01-31 16:42:27 -08:00
Arpit Jalan
a525563eea
Optimize spec for ProcessPost job
2017-01-31 14:10:56 +05:30
Rimian Perkins
25516874b5
FIX: Escape regexp chars in SiteSetting.censored_words
.
2017-01-31 10:14:51 +08:00
Régis Hanol
8fc7420f83
FIX: prevent huge custom emojis in emails
2017-01-30 18:06:48 +01:00
Arpit Jalan
19f7beaa2c
FIX: topic links were getting dropped when post is rebaked
2017-01-30 14:55:53 +05:30
Arpit Jalan
28e8d32d53
Suppress console output when running RSpec
2017-01-28 11:04:47 +05:30
Guo Xiang Tan
0e5d490b05
No need for special helper to reset SiteSetting state.
...
* SiteSetting in tests uses a local provider that resets it.
2017-01-28 10:55:49 +08:00
Neil Lalonde
7ead3e1f18
fix failing specs
2017-01-27 16:17:10 -05:00
Arpit Jalan
c36dda70ae
spec for posts:remap rake task
2017-01-28 00:13:08 +05:30
Leo McArdle
c76f6856ea
FEATURE: reply as new message to the same recipients
2017-01-27 12:24:31 +08:00
Robin Ward
496682c442
Merge pull request #4662 from tgxworld/fix_localized_group_name_change
...
Fix localized group name change
2017-01-26 10:50:00 -05:00
Arpit Jalan
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
Guo Xiang Tan
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
Guo Xiang Tan
ce07da1d8b
UX: Only display the words that fails censored words validations.
2017-01-24 13:11:05 +08:00
Régis Hanol
7e52d29a5b
Merge pull request #4643 from LeoMcA/fix-pull-img
...
FIX: Handle img src starting with "//" in pull_hotlinked_images job
2017-01-23 17:56:53 +01:00
Guo Xiang Tan
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
Jeff Atwood
521ced38c5
fix spec for default email title
2017-01-19 14:01:51 -08:00
Neil Lalonde
6b93b09404
FIX: when blocking a user results in hiding their posts, only hide posts made in the last 24 hours
2017-01-19 15:56:22 -05:00
Régis Hanol
07660ecedb
bump onebox
2017-01-19 00:28:37 +01:00
Guo Xiang Tan
706b4f6b9f
FEATURE: Remap group mentions when group name has been changed.
2017-01-18 13:39:34 +08:00
Guo Xiang Tan
59dfb51a35
FIX: Don't change automatic group name if localized name has been taken.
2017-01-18 12:20:23 +08:00
Guo Xiang Tan
1e1e40c75f
Dump the page's content as well on failure.
2017-01-17 18:40:46 +08:00
Régis Hanol
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Robin Ward
86c52c72f6
FIX: Deleting a user was not deleting their directory items
2017-01-16 11:46:52 -05:00
Leo McArdle
b60e9b7330
FIX: Handle img src starting with "//" in pull_hotlinked_images job
2017-01-16 10:50:07 +00:00
Guo Xiang Tan
63954c1b33
FIX: Same user record being saved twice causing validation to fail.
2017-01-16 16:41:03 +08:00
Guo Xiang Tan
e3b6f9b8ae
FIX: Do not update user stats like counts for private messages.
2017-01-16 11:07:53 +08:00
Guo Xiang Tan
ed5fa20b0c
Revert "FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level"
...
This reverts commit 9c40657ba4
.
Calling this whenever a user is initialize is hurting us bad
on performance.
2017-01-16 09:44:10 +08:00
Neil Lalonde
e8307ac24c
FIX: mailing list mode digest emails included whispers
2017-01-13 13:46:33 -05:00
Robin Ward
adb73180f7
FEATURE: Let plugins register themes easily
2017-01-13 11:50:52 -05:00
Régis Hanol
499a83270a
FIX: don't onebox to IP addresses
2017-01-12 22:35:33 +01:00
Guo Xiang Tan
38496985ef
Fix syntax error.
2017-01-12 10:03:37 +08:00
Guo Xiang Tan
23d4435af1
Oops.
2017-01-12 09:56:20 +08:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Régis Hanol
887e9af84f
FEATURE: new 'max_image_megapixels' site setting
2017-01-11 23:37:12 +01:00
Neil Lalonde
b177827841
more specs for staff action logging
2017-01-11 11:41:21 -05:00
Guo Xiang Tan
1758af9a1d
FIX: Perform emoji unescape for topic titles in quotes.
2017-01-11 17:23:13 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Régis Hanol
185dcb2ca1
handle emails with localized headers 😠
2017-01-09 22:59:30 +01:00
Guo Xiang Tan
3d21ccd4a5
FIX: Add validation to disallow censored words in topic title.
2017-01-09 16:55:41 +08:00
Régis Hanol
98c62bccb5
FIX: mark forwarded email as read by the forwarder
...
FIX: 'Re:' prefix is mostly used for replies and not forwarded emails
2017-01-06 15:33:55 +01:00
Guo Xiang Tan
58f3a2e9a9
Fix randomly failing spec.
2017-01-06 15:25:49 +08:00
Guo Xiang Tan
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
Guo Xiang Tan
d10fe51b72
Fix broken specs since all urls will be oneboxed.
2017-01-06 10:05:51 +08:00
Guo Xiang Tan
f473a119ff
Remove unnecessary stub.
2017-01-06 08:53:30 +08:00
Arpit Jalan
7a1ff59822
FIX: PM email to suspended member was broken
2017-01-05 13:58:14 +05:30
Guo Xiang Tan
a89f60b85b
Merge pull request #4631 from tgxworld/prevent_users_from_changing_permissions_of_non_real_users
...
FIX: Do not allow admins to meddle with admin and moderation access o…
2017-01-04 09:10:27 +08:00
Robin Ward
cf7774bdd9
FEATURE: Block muted users from sending you PMs
2017-01-03 14:51:53 -05:00
Guo Xiang Tan
c68bcfeb72
Improve spec.
2017-01-03 15:36:36 +08:00
Guo Xiang Tan
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
Arpit Jalan
495a511862
simplify quote markup in emails
2017-01-02 21:37:01 +05:30
Guo Xiang Tan
f1beef43a8
Merge pull request #4618 from tgxworld/fix_invalid_emails
...
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Neil Lalonde
9c40657ba4
FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level
2016-12-28 17:36:04 -05:00
Sam
d28d8a1f85
FIX: order by op_likes leads to broken browsing
2016-12-27 19:08:54 +11:00
Arpit Jalan
d72cbcb2a4
FEATURE: new setting to validate user website
2016-12-26 21:29:27 +05:30
Guo Xiang Tan
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
Guo Xiang Tan
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
Sam
c531f4ded5
remove rails-observers
...
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.
For example: if we want to upgrade to rails 5 there is no published gem
Internally the usage of observers had quite a few problem.
The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam
019f1a1d06
UserEmailObserver is now removed
...
no big surprises here was pretty straightforward
after_commit semantics sure are weird though
2016-12-22 16:46:53 +11:00
Sam
2f6a4cc6de
remove UserActionObserver, replace with after_save and service
...
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan
28befcb5d4
Fix specs.
2016-12-21 21:21:39 +08:00
Guo Xiang Tan
076a08d8e1
FIX: Unactivated users should not be automatically added into groups as well.
2016-12-21 18:15:01 +08:00
Guo Xiang Tan
7228081820
FIX: Automatic group membership should not add staged or unactivated users.
2016-12-21 18:04:26 +08:00
Guo Xiang Tan
13c6191e89
FIX: Don't allow invalid email to be saved.
2016-12-21 17:47:11 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Neil Lalonde
c75bebdea2
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
Guo Xiang Tan
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c
FIX: Can't update Groups#allow_membership_requests
in admin.
2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
74956694e5
If summary email finds no topics, show topics more than 1 day old from new users
2016-12-19 14:54:08 -05:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Arpit Jalan
a2096a01fb
add test case for handling uploads without extension
2016-12-20 00:46:47 +05:30
Robin Ward
e03d5e2140
Reapply Ember 2.10 for good this time!
...
This reverts commit ddd299f4aa
.
2016-12-19 11:19:10 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Arpit Jalan
ab6843dcde
FIX: username route was broken
2016-12-16 23:56:22 +05:30
Guo Xiang Tan
d8541c589a
FIX: Incorrect route for updating username.
2016-12-17 00:23:12 +08:00
Robin Ward
ddd299f4aa
Revert "Revert "Revert Ember 2.10+ for a short while""
...
This reverts commit 76bbc481cb
.
2016-12-16 10:29:30 -05:00
Robin Ward
76bbc481cb
Revert "Revert Ember 2.10+ for a short while"
...
This reverts commit 21682fd60b
.
2016-12-16 09:52:29 -05:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol
197517d55e
FIX: locally uploaded audio & video files should onebox even when the extension is uppercase
2016-12-15 23:21:44 +01:00
Robin Ward
21682fd60b
Revert Ember 2.10+ for a short while
2016-12-15 16:43:38 -05:00
Robin Ward
ba8c6fd840
FIX: PhantomJS was crashing
2016-12-15 12:30:20 -05:00
Sam
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
13c344245d
Merge pull request #4603 from tgxworld/group_index_page
...
FEATURE: Add groups page.
2016-12-14 23:26:05 +08:00
Guo Xiang Tan
20f9aad539
Merge pull request #4599 from tgxworld/remove_rspec_given
...
Remove RSpec given.
2016-12-14 17:42:30 +08:00
Guo Xiang Tan
4b940dc8bd
FEATURE: Add groups page.
2016-12-14 17:27:47 +08:00
Guo Xiang Tan
18f400e652
Remove RSpec given.
2016-12-14 10:29:22 +08:00
Neil Lalonde
2d61d7d644
update embed_controller_spec
2016-12-13 16:29:51 -05:00
Guo Xiang Tan
2686ee5ab2
FIX: Admin can't add/remove public group users.
2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e
FEATURE: Add Group#full_name
.
2016-12-13 16:16:26 +08:00
Guo Xiang Tan
69330f8bc2
Add user_updated event to webhooks.
2016-12-13 11:26:26 +08:00
Guo Xiang Tan
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
Régis Hanol
664feca199
FIX: don't send emails from muted users in mailing list mode
2016-12-12 15:28:26 +01:00
Guo Xiang Tan
9a800107cb
FIX: Associate category logo and background to uploads record.
2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Guo Xiang Tan
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
Neil Lalonde
24d2973108
enable featured links by default
2016-12-09 16:08:17 -05:00
Neil Lalonde
fb2633366a
FIX: featured link topics shouldn't require the same min post length
2016-12-09 15:46:26 -05:00
Neil Lalonde
a4c4f13901
Remove the topic_featured_link_onebox setting. We will always try to onebox a link and add it to the body if topic_featured_link_enabled is enabled.
2016-12-09 13:28:12 -05:00
Sam
846597f563
FIX: staff tags are stripped by non-staff
2016-12-09 17:24:26 +11:00
Guo Xiang Tan
b9b4b0c175
FIX: Members should be ordered by username.
2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
Guo Xiang Tan
545dfa7191
FEATURE: Allow group owners to edit title.
2016-12-07 10:26:28 +08:00
Sam
1135e00c83
FIX: regression unable to dismiss unread
2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Régis Hanol
06469ef0ce
FIX: don't extract links from .elided parts
2016-12-05 15:19:15 +01:00
Guo Xiang Tan
37b256e7f2
Fix specs.
2016-12-05 17:13:58 +08:00
Arpit Jalan
431aa79bb3
Merge pull request #4587 from techAPJ/invite-upload
...
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan
adb7fcb6b3
FEATURE: Add bio to group page.
2016-12-05 16:58:04 +08:00
Arpit Jalan
ce974da9e5
FIX: simplify CSV file upload
2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
Guo Xiang Tan
b45fd21ed9
FIX: Clean up specs.
2016-12-05 13:37:33 +08:00
Sam
dc66f6681a
add spec for brotli controller, ensure cached correctly
2016-12-05 16:08:36 +11:00
Guo Xiang Tan
22059d4df9
Add Rake task to clean up unused multisite Redis keys.
2016-12-05 11:46:34 +08:00
Sam
39a524aac8
FEATURE: brotli cdn bypass for assets
...
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
33d0a23d84
Merge branch 'fix_whisper'
2016-12-05 10:01:03 +11:00
Neil Lalonde
dafd1453d6
FIX: topic list filters for bookmarked, posted, and read now work with tag filter
2016-12-02 15:58:14 -05:00
Guo Xiang Tan
3971f96aa6
Merge pull request #4536 from fantasticfears/webhooks-edit
...
FIX: missing post and topic edited webhooks
2016-12-02 10:16:19 +01:00
Guo Xiang Tan
bc0a8142fe
PERF: Only show members count on group page.
2016-12-02 16:28:54 +08:00
Sam
9b885c039a
Merge branch 'master' into fix_whisper
2016-12-02 17:44:05 +11:00
Sam
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Régis Hanol
eb453d0f82
the note in a FWed email should be a whisper only in PM and when the author is member of the group
2016-12-01 18:43:56 +01:00
Régis Hanol
62763f025c
FIX: wasn't able to parse FROM email in the embedded email
2016-12-01 18:34:47 +01:00
Neil Lalonde
985daf5c72
FIX: summary should not include certain post types
2016-12-01 12:01:32 -05:00
Erick Guan
8c8549b27b
FIX: missing post and topic edited webhooks
2016-11-30 20:49:45 +01:00
Régis Hanol
dec8a861f0
FIX: don't raise exception when a quote was already extracted
2016-11-30 17:18:34 +01:00
Guo Xiang Tan
b8441fba27
Merge pull request #4546 from tgxworld/fix_postgresql_failover
...
Fix postgresql failover
2016-11-30 09:36:52 +01:00
Sam
b8dc58be90
got to be careful with integrity specs
2016-11-29 18:01:09 +11:00
Sam
266322ce2e
FEATURE: add help text for no bookmarks in user page
2016-11-29 17:56:00 +11:00
Sam
0631a84ca0
Merge pull request #4576 from cpradio/min-posts-search
...
FEATURE: Add min_post_count search filter
2016-11-29 10:19:33 +11:00
cpradio
66ca6d622e
FEATURE: Add min_post_count search filter
2016-11-28 11:43:12 -05:00
Régis Hanol
6edd3c347c
FIX: automatically disable digests when enabling mailing list mode
2016-11-28 15:52:35 +01:00
Régis Hanol
a03287f2ee
FIX: 'In-Reply-To' header should default to topic_message_id
2016-11-28 14:18:02 +01:00
Régis Hanol
74b6fe8739
FIX: respect RFCs when setting 'In-Reply-To' and 'References' email headers
2016-11-25 23:25:39 +01:00
Guo Xiang Tan
559918c6c6
PERF: Add endpoint to check if a group can be mentioned by user.
2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
Guo Xiang Tan
63a88ee6e7
Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
...
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam
88a46be051
FEATURE: display text excerpts when scrolling on mobile
2016-11-25 11:35:29 +11:00
Guo Xiang Tan
b889bfefbb
PERF: Don't calculate the same query twice.
2016-11-24 14:05:26 +08:00
Neil Lalonde
79dc0518c9
FIX: popular posts in digest need to use same restrictions as topics
2016-11-23 11:24:18 -05:00
Guo Xiang Tan
02025207d5
FIX: Make sure Redis fallback don't fall into a permanent readonly state.
2016-11-23 11:31:20 +08:00
Sam
bfd0418f07
added a test for safe mode
2016-11-23 13:31:05 +11:00
Neil Lalonde
86deec3528
FIX: exclude popular posts from deleted topics
2016-11-22 13:23:21 -05:00
Guo Xiang Tan
3909f342f6
FEATURE: Allow options to be set when adding model callbacks.
2016-11-21 10:20:31 +08:00
Arpit Jalan
2d0c99636a
do not add rel noreferrer
2016-11-20 18:19:14 +05:30
Arpit Jalan
7cb76f7333
FIX: add rel noopener and noreferrer in addition to nofollow
2016-11-20 17:07:27 +05:30
Guo Xiang Tan
f824afb4d3
FEATURE: Allow date_of_field column to be updated.
2016-11-17 15:16:58 +08:00
Guo Xiang Tan
e8a3043129
Spawn a single thread that checks for PostgreSQL fallback.
2016-11-17 13:52:08 +08:00
Guo Xiang Tan
8c6d8c85db
Stop showing first notification prompt once user sees the notification.
2016-11-17 09:44:00 +08:00
Guo Xiang Tan
98c1e0832c
FIX: Track first notification read using Redis.
2016-11-16 16:20:38 +08:00
Guo Xiang Tan
16fdcdfc00
FIX: Add conditions on when to show first pm notification.
2016-11-16 14:17:47 +08:00
Guo Xiang Tan
b5dc68cd52
Merge pull request #4552 from tgxworld/extract_test_logic
...
Ensure we don't run `$redis.keys` in production.
2016-11-16 10:05:02 +08:00
Robin Ward
32a8d5ed1f
Merge pull request #4550 from cpradio/cannot-see-mention
...
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Guo Xiang Tan
95c6e97587
Ensure we don't run $redis.keys
in production.
2016-11-15 23:23:41 +08:00
Sam
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
cpradio
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Sam
f4c754b389
FEATURE: split JavaScript application bundle, so plugins live in own file
...
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Leo McArdle
784366f1a0
FIX: display only 1 trust level badge on user card
...
refactoring graciously provided by @xfalcox
2016-11-14 20:53:24 +00:00
Sam
115c454002
FIX: if prioritizing names in ux choose name over username in email
2016-11-14 11:09:24 +11:00
Sam
3d76ce1421
FEATURE: SSO support for adding and removing a user to groups
...
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)
Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Arpit Jalan
9e69798285
FEATURE: watch first post default site setting
2016-11-10 00:09:52 +05:30
Guo Xiang Tan
2d2998f5e0
Fix specs.
2016-11-09 11:31:53 +08:00
Neil Lalonde
86522a52b7
FEATURE: add censored_pattern setting to censor posts using regex
2016-11-08 16:39:26 -05:00
Guo Xiang Tan
b18439a1e2
Fix build.
2016-11-08 17:00:44 +08:00
Guo Xiang Tan
a8b7599d4a
FEATURE: Add a radial ping when user's first notification has not been read.
2016-11-08 16:23:12 +08:00
Sam
ac2c035856
FIX: stop raising exceptions when a post goes missing
2016-11-08 14:51:56 +11:00
Sam
a1a7094604
Merge pull request #4539 from tgxworld/use_a_time_task_for_redis_failover
...
PERF: Spawn a seperate timer task to check if Redis master is up.
2016-11-08 11:18:54 +11:00
Régis Hanol
9ef724a065
FIX: self-onebox in read protected categories
2016-11-07 18:14:28 +01:00
Guo Xiang Tan
fbbcde1230
FIX: Don't treat master as up if it is still loading data.
2016-11-07 15:28:10 +08:00
Guo Xiang Tan
9375dcb6fe
PERF: Spawn a seperate timer task to check if Redis master is up.
2016-11-07 15:04:28 +08:00
Sam
2ddabc3928
FIX: protect against future regressions of google omniauth
2016-11-07 12:48:00 +11:00
Guo Xiang Tan
9fd317306c
FIX: Do not show educational message for PMs.
2016-11-04 17:06:53 +08:00
Régis Hanol
a655e4b092
ensure we allow self oneboxing of login required sites
2016-11-03 22:48:32 +01:00
Neil Lalonde
764a572070
FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory
2016-11-02 15:29:33 -04:00
Guo Xiang Tan
f03d9cad06
PERF: NOT IN
query is really inefficient for large tables.
2016-11-02 13:09:18 +08:00
Neil Lalonde
9ef1688a76
FEATURE: per-category default topic list sort order
2016-11-01 12:18:41 -04:00
Arpit Jalan
382803cb05
FEATURE: include post image in OpenGraph image tag
2016-10-31 15:11:33 +05:30
Régis Hanol
f8caae0be7
FIX: don't overwrite custom email headers when using mandrill/sparkpost
2016-10-30 11:38:55 +01:00
Neil Lalonde
092ad7810d
add the spec for unused tag count
2016-10-28 16:14:20 -04:00
Neil Lalonde
8c9d390cac
FIX: Tags used only on deleted topics could not be used again
2016-10-28 15:11:50 -04:00
Régis Hanol
71f940d478
FIX: use metadata to hold the message_id with sparkpost
2016-10-27 19:35:50 +02:00
Guo Xiang Tan
49c27d9a88
FEATURE: Add interface in Plugin::Instance
to register a seedfu fixture.
2016-10-25 14:57:31 +08:00
Régis Hanol
01001b167e
fix the build
2016-10-25 01:55:47 +02:00
Régis Hanol
750338954c
FIX: download SSO avatars in a background job to prevent hangs when avatars are huge
2016-10-24 19:55:30 +02:00
Régis Hanol
3841cd9a7f
FEATURE: onebox everything by default
...
FEATURE: new 'max_oneboxes_per_post' site setting
FEATURE: change onebox whitelist to a blacklist
PERF: debounce the loading of oneboxes
PERF: improve perf of mention links in preview
FIX: sort loading of custom oneboxer
2016-10-24 12:46:22 +02:00
Régis Hanol
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
Guo Xiang Tan
efea296c7a
FIX: Do not cook post if Post#raw
has not been changed.
2016-10-24 12:02:38 +08:00
Guo Xiang Tan
ee9946388c
Merge pull request #4507 from ming-relax/feat-delete-by-email
...
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Ming HU
7803a06e50
Use expect change for groups_controller_spec.rb
2016-10-24 10:32:21 +08:00
Sam
9a94d1b212
FIX: everyone is not a visible group
2016-10-24 13:03:22 +11:00
Régis Hanol
3c8e0a8348
Merge pull request #4508 from kstaikov/mailing_list_exclude_own_replies
...
FEATURE:'No Echo' option for mailing list mode.
2016-10-22 10:45:14 +02:00
Robin Ward
19e2eec219
Allow step 0 to resend the confirmation email
2016-10-21 11:34:19 -04:00
Régis Hanol
2a61cc8c88
FIX: email styling with blacklisted iframes
2016-10-21 12:37:03 +02:00
Jeff Atwood
febbd27ba6
remove gmail/live SMTP warning
2016-10-20 14:49:06 -07:00
Régis Hanol
8d48779b5c
FIX: don't 💥 with an invalid URI
2016-10-20 12:34:42 +02:00
Kiril Staikov
aee943486a
FEATURE:'No Echo' option for mailing list mode.
...
Mailing list mode now includes the 'no echo' option: to only receive emails of posts not created
by you. If you reply to an email thread in mailing list mode, your reply will not then be echoed
back to you in a duplicate email by the system.
2016-10-19 13:14:36 -04:00
Robin Ward
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Sam
674264726d
FIX: should not be allowed to see users list of people who started a PM
2016-10-19 17:36:35 +11:00
Ming HU
dffd8baa91
Remove user from a group by user email
2016-10-18 17:10:47 +08:00
Guo Xiang Tan
7db33cc512
FIX: Videos and audio files were not associated to the post.
2016-10-18 16:13:39 +08:00
Guo Xiang Tan
2a9331d061
Remove stubs from tests.
2016-10-18 13:39:16 +08:00
Régis Hanol
3949c24f80
FIX: sparkpost webhooks support
2016-10-17 11:26:49 +02:00
Sam
aaf947356b
correct regression where notifications scope is not pushing to push server
2016-10-14 22:52:39 +11:00
Régis Hanol
bd1328c189
FIX: show the wizard to developers too
2016-10-14 11:09:55 +02:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Régis Hanol
2826d4eb88
Merge pull request #4487 from cpradio/use-top-default-for-new-users
...
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-13 10:47:18 +02:00
cpradio
489e1bf643
Stub the TopTopic.topics_per_period so the logic is fully tested
2016-10-12 19:28:54 -04:00
Neil Lalonde
0328141e05
FIX: prevent creation of tags with invalid characters
2016-10-12 15:44:36 -04:00
Sam
3ad8616f44
Merge pull request #4476 from xfalcox/localize-badge-notifications
...
FIX: Properly localize badge notification on batch grant
2016-10-12 15:16:35 +11:00
Rafael dos Santos Silva
48fa1f141f
Add specs for localized notifications on backfilled badges
2016-10-11 19:15:36 -03:00
cpradio
9cbf7d036a
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 13:22:43 -04:00
Régis Hanol
ddcc084d22
Revert "FEATURE: Use the top period default for users who have been inactive or are new"
2016-10-11 17:56:46 +02:00
cpradio
2de50a616d
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 09:55:15 -04:00
Sam
89daa43754
FEATURE: remap emojis back for push notifications and desktop alerts
2016-10-11 13:03:48 +11:00
Sam
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
Sam
0f0b657182
Merge pull request #4447 from pmusaraj/approve_new_topics_setting
...
FEATURE: add "Approve new topics unless user level" setting
2016-10-11 10:14:28 +11:00
Sam
ea1f0683c8
Merge pull request #4477 from cpradio/watching-state-on-reply
...
FEATURE: Add notification level user preference when replying to a topic
2016-10-11 10:05:37 +11:00
Régis Hanol
8f68a95e56
FIX: trim leading & trailing whitespaces in admin user search
2016-10-10 16:18:57 +02:00
Sam
3e513f5c05
Merge pull request #4459 from vibol/master
...
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Sam Saffron
647ee46edf
FIX: don't stem the search term
...
Search for "canned" not working correctly and "butted", "ands" and many more :)
2016-10-07 12:40:57 +11:00
Neil Lalonde
c70f52c4dd
remove some problem reports from the admin dashboard since they're covered by the setup wizard now
2016-10-05 12:14:56 -04:00
Guo Xiang Tan
1302db2683
Skip randomly failing test first.
2016-10-01 05:14:35 +08:00
cpradio
6f1c31d777
Add notification level user preference when replying to a topic
2016-09-30 14:58:07 -04:00
Robin Ward
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00
Sam Saffron
4d8d5613e4
FEATURE: add min_trust_level_to_edit_post
...
add minimum trust level to edit post (default 0)
2016-10-01 02:12:27 +10:00
Guo Xiang Tan
cde18834f8
Fix randomly failing spec.
2016-09-30 05:18:54 +08:00
Vibol Hou
c3d60d5d1d
Merge remote-tracking branch 'upstream/master'
2016-09-29 02:12:05 -07:00
Guo Xiang Tan
40b83ebb47
Reset I18n.locale
in tests.
2016-09-29 13:42:56 +08:00
Guo Xiang Tan
72ccb4e11d
FIX: Plugin "admin_js" translations bundle was not fetched.
2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb
FEATURE: sparkpost webhook
2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73
Second review fixes
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
f96fffeb34
Add tests
2016-09-26 20:46:55 -03:00
Sam
df751ed6ec
Merge pull request #4457 from JaredReisinger/github-auth-with-email-whitelist
...
Add support for email whitelist/blacklist to GitHub auth
2016-09-23 09:49:14 +10:00
Robin Ward
3c12dd6549
FIX: Consider lazyYT divs as links when extracting
2016-09-22 16:50:24 -04:00
Neil Lalonde
e0be2f482e
FEATURE: tag filter dropdown menu is scoped to user and category
2016-09-22 15:23:37 -04:00
pmusaraj
0344388924
added tests and enabled queue when new setting is > 0
2016-09-22 14:51:36 -04:00
Jared Reisinger
2ae7c47a3c
Add support for email whitelist/blacklist to GitHub auth
...
If a site is configured for GitHub logins, _**and**_ has an email domain
whitelist, it's possible to get in a state where a new user is locked to
a non-whitelist email (their GitHub primary) even though they have an
alternate email that's on the whitelist. In all cases, the GitHub
primary email is attempted first so that previously existing behavior
will be the default.
- Add whitelist/blacklist support to GithubAuthenticator (via
EmailValidator)
- Add multiple email support GithubAuthenticator
- Add test specs for GithubAuthenticator
- Add authenticator-agnostic "none of your email addresses are allowed"
error message.
2016-09-22 11:31:10 -07:00
Robin Ward
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
Robin Ward
14bee641aa
Can choose categories or latest as homepage style
2016-09-22 09:52:19 -04:00
Robin Ward
2a0443445b
New step to choose emoji set
2016-09-22 09:52:19 -04:00
Robin Ward
2545c2ffa6
Add new welcome message step
2016-09-22 09:52:19 -04:00
Robin Ward
b0ee7930e8
Server side support for inviting as a moderator via the wizard
2016-09-22 09:52:19 -04:00
Robin Ward
28cd49f02b
Split Logos and Icons into separate steps
2016-09-22 09:52:19 -04:00
Robin Ward
4f9a7aa769
FIX: Prompt for the wizard for the first admin who logs in
2016-09-22 09:52:19 -04:00
Robin Ward
644bcbc253
Make the site contact a drop down of admin users
2016-09-22 09:52:19 -04:00
Robin Ward
74ed2e82ac
UX: Wiggle invalid form elements. Don't allow a site title of Discourse
2016-09-22 09:52:19 -04:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Robin Ward
ef84981e38
Invite Users step
2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af
Company Name Step which updates the TOS
2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0
Clean up wizard updater API for better plugin use
2016-09-22 09:52:19 -04:00
Robin Ward
e3640ee5f6
Privacy Step
2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14
Upload Logos Step
2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96
Add locale step
2016-09-22 09:52:19 -04:00
Robin Ward
3f6e3b9aff
Wizard - Color Scheme Step
2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef
Wizard: Server Side Validation + Finished Step
2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205
Wizard: Step 1
2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c
Scaffold for new Wizard - Rails / Ember / Tests
2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa
Support for other i18n bundles
2016-09-22 09:48:58 -04:00
Guo Xiang Tan
73fdf443fd
This should have been removed.
2016-09-22 17:17:11 +08:00
Guo Xiang Tan
9374e5d42d
Revert "FIX: don't overwrite category's logo & background URLs"
...
This reverts commit 641b95f655
.
2016-09-22 11:30:19 +08:00
Guo Xiang Tan
d312c82474
Revert "FIX: wasn't able to update category's settings"
...
This reverts commit 282f9948cb
.
2016-09-22 11:29:44 +08:00
Régis Hanol
641b95f655
FIX: don't overwrite category's logo & background URLs
2016-09-21 22:11:31 +02:00
Robin Ward
2766b2edc3
FIX: Allow redirection for slugs that start with digits
2016-09-19 13:31:19 -04:00
Sam
8dc4329094
FEATURE: optionally get extra profile info from facebook
...
This feature requires the application be approved by facebook, so it is
default off
2016-09-19 16:14:11 +10:00
Sam
5b3cd3fac9
FEATURE: Import facebook avatars when logging in via facebook
...
FIX: warning about popup dimensions when using facebook login
Rules are:
- On account creation we always import
- If you already have an avatar uploaded, nothing is changed
- If you have no avatar uploaded, we upload from facebook on login
- If you have no avatar uploaded, we select facebook unless gravatar already selected
This also fixes SSO issues where on account creation accounts had missing avatar uploads
2016-09-19 15:10:23 +10:00
Erick Guan
c463cf63d4
FEATURE: Webhook for user creation and approval
2016-09-19 10:12:55 +08:00
cpradio
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
Guo Xiang Tan
a04dadf9b4
FIX: Randomly failing specs try 2.
2016-09-16 15:10:37 +08:00
Guo Xiang Tan
903d1dd326
FIX: Randomly failing specs.
2016-09-16 14:56:59 +08:00
Sam
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
Guo Xiang Tan
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
Sam
33578a2c17
FIX: always import avatars during SSO if they are missing
2016-09-16 09:45:00 +10:00
Arpit Jalan
e46204d195
FIX: allow long words if they contain periods
2016-09-13 09:15:05 +05:30
Robin Ward
2c9a47dda5
FIX: Validate the raw content of posts before enqueuing them
2016-09-12 12:26:49 -04:00
Neil Lalonde
06eb256d0a
FIX: blocking users should never hide all posts if they are trust level 1 or higher
2016-09-12 11:58:10 -04:00
Sam
2d859ba0ed
FIX: user api should always be available to staff
2016-09-12 15:42:06 +10:00
Robin Ward
e78b7a243e
FIX: Don't enqueue posts if the user can't create them (ex: closed)
2016-09-09 12:15:56 -04:00
Robin Ward
9609a47016
Ability to skip email validation via a plugin
2016-09-07 14:05:46 -04:00
Guo Xiang Tan
35bc0c943f
More randomly failing specs fixes.
2016-09-05 19:33:03 +08:00
Erick Guan
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00
Guo Xiang Tan
1f70fc9e11
Make sure we reset global in specs.
2016-09-05 18:18:14 +08:00
Guo Xiang Tan
31d900f7e7
Fix build.
2016-09-05 17:03:41 +08:00
Guo Xiang Tan
aa1f306894
Properly clean up plugin event in specs..
2016-09-05 16:10:03 +08:00
Guo Xiang Tan
aabb7a8592
FIX: DiscourseEvent should not be triggered from within the controller.
2016-09-05 15:58:04 +08:00
Guo Xiang Tan
ec90655c41
FIX: Clean up specs properly.
2016-09-05 15:48:59 +08:00
Guo Xiang Tan
aa9decf6fd
Remove DiscourseEvent.clear
.
2016-09-05 15:17:49 +08:00
Sam
e0a2346b92
no more protocol-less CDN urls
2016-09-05 16:05:48 +10:00
Sam
59640bae3b
FIX: absolute URL for CDN should always be rooted with a protocol
2016-09-05 15:57:46 +10:00
Guo Xiang Tan
e4b75f604c
FIX: Make clean up upload script a safer task to run.
2016-09-05 10:06:02 +08:00
Sam
340874d345
FIX: post notifications in JSON so we properly support arrays and so on
2016-09-04 15:51:16 +10:00
Sam
1d281e02c7
id is optional if already specified in header
2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc
FEATURE: allow user api key revocation for read only keys
2016-09-02 17:04:00 +10:00
Sam
0a39ba43ed
FIX: always respect avatar_force_update
2016-09-02 12:04:22 +10:00
Sam
211c374df6
Merge pull request #4213 from fantasticfears/sso
...
FIX: Importing user avatar when new user login by SSO
2016-09-01 18:05:18 -07:00
Guo Xiang Tan
90a0327fd2
FIX: Check against reserved usernames should be case insensitive.
2016-08-31 21:53:41 +08:00
Robin Ward
7da44e3bf0
FEATURE: Support author meta tags for embedding
2016-08-30 12:01:04 -04:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO
2016-08-29 20:47:19 +08:00
Neil Lalonde
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
Robin Ward
20241a01e9
FIX: Run the regular expression against query parameters
2016-08-26 12:47:47 -04:00
Sam
ca79c4b276
stop eating up push_urls
2016-08-26 13:23:06 +10:00
Sam
fcdf13f52d
add some more testing
2016-08-26 13:18:20 +10:00
Sam
a37db9448f
correctly return access rights in auth redirect
2016-08-26 13:12:38 +10:00
Sam
4fe52c8cbe
FEATURE: backend support for pushing notifications to clients
2016-08-26 12:47:10 +10:00
Guo Xiang Tan
2f39293867
FIX: User enabled readonly mode was not working.
2016-08-25 23:31:59 +08:00
Neil Lalonde
7a81669c18
SECURITY: don't allow re-using the current password during password reset
2016-08-24 12:27:21 -04:00
Régis Hanol
038eb6f645
FIX: translations with a symbol as key should also be overridable
2016-08-24 11:53:03 +02:00
Robin Ward
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
Robin Ward
1468616465
FIX: Support links with google analytics tracking and hashes
2016-08-23 12:13:31 -04:00
Guo Xiang Tan
17f0727b04
FIX: Don't track user profile view when viewed by system user.
2016-08-23 16:25:31 +08:00
Robin Ward
884bdf7240
FEATURE: Ability to scrub titles when importing embeddable content
2016-08-22 12:43:02 -04:00
Arpit Jalan
4a2f0e772c
add specs for post ownership change without revision
2016-08-20 01:27:48 +05:30
Robin Ward
4061725a95
FIX: Don't ever grant badges when they're disabled
2016-08-19 15:16:37 -04:00
Guo Xiang Tan
3141c179f7
REFACTOR: Get bucket name from S3Helper.
2016-08-19 14:08:37 +08:00
Régis Hanol
eb953c0904
FIX: /categories page on mobile
2016-08-19 01:47:00 +02:00
Neil Lalonde
7195a103ab
FEATURE: digests choose topics you're watching or tracking first
2016-08-18 17:16:52 -04:00
Guo Xiang Tan
9a6f54de6c
Allow other directories to be specified when accessing fixtures.
2016-08-18 16:34:43 +08:00
Sam
3ea68f8f6c
tweak headers so they can be consumed
2016-08-18 14:38:33 +10:00
Régis Hanol
45b1f9c0d3
fix smoke test
2016-08-17 23:59:18 +02:00
Régis Hanol
6d1d7b7c8f
UX: new /categories layout
2016-08-17 23:23:16 +02:00
Neil Lalonde
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
Sam
a25a8115e8
FEATURE: support HEAD request to /user-api-key/new
...
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Guo Xiang Tan
7ff1f6cb9d
Allow custom bucket name for FileStore::S3Store
.
2016-08-16 15:25:42 +08:00
Sam
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2
Merge pull request #4387 from gdpelican/feature/tags-intersection
...
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
Neil Lalonde
5849c345cc
FEATURE: digest emails will try to choose topics from your tracked and watched categories first
2016-08-15 16:16:04 -04:00
James Kiesel
554d15fdd4
Add extra spec for topic_query
2016-08-15 15:42:06 -04:00
James Kiesel
037e9bb7b8
Support any number of tag intersections
2016-08-15 15:30:17 -04:00
Guo Xiang Tan
0433163866
FEATURE: Support subfolders in SiteSetting.s3_backup_bucket
.
2016-08-15 16:14:51 +08:00
Sam
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
Guo Xiang Tan
aa5de3c40a
FEATURE: Support subfolders in S3 bucket name.
...
This commit also fixes a bug where s3 uploads are not
moved to a tombstone folder when removed.
2016-08-15 13:07:41 +08:00
Guo Xiang Tan
3378ee223f
FIX: Incorrect path being passed to S3Store#remove_file
.
2016-08-15 11:35:30 +08:00
Robin Ward
aef954784a
FIX: nofollow
was being added during post processing when it shouldn't
2016-08-12 15:35:13 -04:00
James Kiesel
7e73b933c7
First pass
2016-08-12 15:28:46 -04:00
Régis Hanol
7db2083d45
FIX: 'cancel_scheduled_job' was deleting all jobs in multisite
2016-08-12 13:10:52 +02:00
Sam
7e4503dd99
FEATURE: basic info route for all sites, even ones that require login
...
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
Robin Ward
7e165d031b
FIX: Short terms will be searched for if at least one is long enough
2016-08-11 11:53:14 -04:00
Guo Xiang Tan
6075debc90
Add specs to hidding settings when shadowed by a global.
2016-08-11 16:04:45 +08:00
Guo Xiang Tan
11afb20772
SECURITY: Escape HTML in filename.
2016-08-11 11:27:12 +08:00
Guo Xiang Tan
6288d4c995
FIX: Revised post not updated correctly when merging posts.
2016-08-11 09:01:54 +08:00
Robin Ward
fc311dbe3b
FEATURE: An option to search more recent posts for very large sites.
...
On very large forums searching posts can be slow, so this commit
introduces the ability to try and search only the most recent posts
first, and then going for a larger breadth search if there aren't
enough results.
Enable `search_prefer_recent_posts` and you can customize how many
recent posts to filter with `search_recent_posts_size`
2016-08-10 15:43:42 -04:00
Régis Hanol
e55e2aff94
FIX: FirstReplyByEmail badge wasn't granted
...
DEPRECATED: PostProcess badge trigger
2016-08-10 19:24:01 +02:00
Robin Ward
cc366d5a60
FIX: Search in non-english should have a smaller minimum
2016-08-09 15:20:28 -04:00
Robin Ward
28436a604a
FIX: Prevent tricking the search from ignoring minimum lengths
2016-08-09 14:49:46 -04:00
Régis Hanol
282f9948cb
FIX: wasn't able to update category's settings
2016-08-09 20:14:49 +02:00
Sam
5cc8bb535b
SECURITY: do cookie auth rate limiting earlier
2016-08-09 10:02:18 +10:00
Régis Hanol
51322a46b3
FEATURE: retry processing incoming emails on rate limit
2016-08-08 22:28:27 +02:00
Neil Lalonde
17b51bb465
FIX: topics tagged with muted tags should not be included in digest emails
2016-08-08 15:14:25 -04:00
Robin Ward
fb1b119462
Merge pull request #4342 from acshi/embeddedhost-localhost
...
Allow localhost as an embeddable host
2016-08-08 14:31:58 -04:00
Robin Ward
8b252f19d7
Merge pull request #4365 from gdpelican/fix/daily-mlm-notifications
...
Don't halt notification emails for those on daily mailing list mode
2016-08-08 14:30:56 -04:00
Robin Ward
3d62e5dd98
SECURITY: XSS issue on Admin users list
2016-08-05 12:01:16 -04:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Régis Hanol
d0962d6e5a
FIX: serve category images from the CDN
2016-08-05 13:03:49 +02:00
Robin Ward
e5b529f8e1
FIX: Couldn't move posts with deleted replies
2016-08-04 11:56:01 -04:00
Neil Lalonde
f10c4682cd
FIX: muted tags showing in latest topic list
2016-08-04 11:54:48 -04:00
Neil Lalonde
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
James Kiesel
c2819e99f4
Don't halt notification emails for those on daily mailing list mode
2016-08-03 12:29:38 -04:00
Régis Hanol
b08ab829b8
added 'X-Auto-Response-Suppress' email header (props to elijah)
2016-08-03 11:02:07 +02:00
Robin Ward
f4c8070d09
FIX: Couldn't update category notification level
2016-08-02 11:22:02 -04:00
Guo Xiang Tan
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Régis Hanol
829143bf88
FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled
2016-08-01 20:19:00 +02:00
Régis Hanol
c591429868
FIX: don't destroy uploads in queued posts and drafts
2016-08-01 18:35:57 +02:00
Sam
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Neil Lalonde
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
Robin Ward
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
Robin Ward
cf5b756b1a
SECURITY: Cross-Site Scripting in Category and Group Settings
2016-07-28 11:57:59 -04:00
Robin Ward
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c
Add YandexBot
to our list of crawlers
2016-07-26 13:21:37 -04:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
Sam
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Acshi Haggenmiller
afa88f68ce
added spec for localhost embeddable host validation
2016-07-22 17:12:57 -04:00
Sam
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00
Robin Ward
c279889191
FIX: Watching First Post in groups was working incorrectly
2016-07-21 15:05:10 -04:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Robin Ward
09be741820
FIX: Don't alert on new posts in a topic unless it's a new record
2016-07-19 15:57:05 -04:00
Robin Ward
12cfc8cedd
FIX: Email cooker should support links within blockquotes
2016-07-18 14:38:40 -04:00
Robin Ward
6db50b820d
FIX: Email cooker should link links that don't begin a line
2016-07-18 13:46:13 -04:00
Vinoth Kannan
e99a73e16d
New AWS S3 Storage Mumbai region added ( #4335 )
...
* ap-south-1 region added
* Update client.en.yml
* ap-south-1 region added
2016-07-18 09:03:26 +02:00
cpradio
64bdededd3
Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. ( #4333 )
2016-07-18 09:02:41 +02:00
Guo Xiang Tan
d55da4fe1b
Revert "Revert "Update rails.""
...
This reverts commit 4d27d7e1d3
.
2016-07-18 11:00:23 +08:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Robin Ward
4d27d7e1d3
Revert "Update rails."
...
This reverts commit 898ec43989
.
2016-07-15 16:35:57 -04:00
Régis Hanol
caa1aea995
FIX: ensure emojis have absolute URLs and uses CDN
2016-07-15 18:37:51 +02:00
Régis Hanol
7848a84e0e
FIX: ensure summary emails have the 'List-Unsubscribe' header set
2016-07-15 11:39:29 +02:00
Guo Xiang Tan
9353013b40
Merge pull request #4332 from tgxworld/bunch_of_fixes_for_backup
...
Bunch of fixes for backup
2016-07-15 17:26:30 +08:00
Guo Xiang Tan
898ec43989
Update rails.
2016-07-15 13:18:30 +08:00
Guo Xiang Tan
5fe4837e28
Add PostCreator#create!
.
2016-07-15 11:36:06 +08:00
Hu Ming
f8a12d4940
Add support for AWS cn ( #4327 )
2016-07-14 16:56:09 +02:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Guo Xiang Tan
41cbdb5dfa
Fix the build.
2016-07-13 19:14:40 +08:00
Guo Xiang Tan
973a7c9d3a
FIX: Redeeming an invitation fails if inviter has been destroyed.
2016-07-13 11:58:31 +08:00
Robin Ward
bb90129731
Improvements to email cook text rendering
2016-07-12 13:49:03 -04:00
Robin Ward
0c3b049176
FIX: Autolinking in email formatter was broken
2016-07-12 13:33:13 -04:00
Rafael dos Santos Silva
5915929166
FIX: Unicode aware text sentinel ( #4301 )
...
* FIX: Handle unicode text on Text Sentinel
Uses active_support to properly handle unicode text
* Adds test cases to unicode Text Sentinel
2016-07-12 11:08:55 -04:00
Robin Ward
c1d4ca4031
FIX: Raw templates in customizations were broken
2016-07-11 12:57:05 -04:00
Robin Ward
7ff5b228cd
REFACTOR: Raw Handlebars ported to ES6
2016-07-11 12:57:05 -04:00
Robin Ward
a546395397
REFACTOR: Migrate markdown functionality in ES6
2016-07-11 12:57:05 -04:00
Neil Lalonde
304f7040a3
FIX: tag filter dropdown was gone if some tags were restricted to a category.
2016-07-08 17:13:40 -04:00
Arpit Jalan
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Guo Xiang Tan
423dc37f6c
Merge pull request #4315 from tgxworld/fix_tags_not_in_category_showing
...
Tags which are not allowed in a category showing in drop down.
2016-07-08 10:28:10 +08:00
Guo Xiang Tan
8fd0414cdf
WIP: Tags which are not allowed in a category showing in drop down.
2016-07-08 10:27:56 +08:00
Robin Ward
5f91919663
Email support for watching first post
2016-07-07 12:23:19 -04:00
Robin Ward
2005565c9c
Server side code for Watching First Post Only
2016-07-07 11:21:50 -04:00
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Arpit Jalan
2facb6190f
FEATURE: new site setting download_remote_images_max_days_old
2016-07-06 19:33:51 +05:30
Robin Ward
3fe4903e63
FIX: Support unicode replacements with multiple codepoints
2016-07-05 13:55:41 -04:00
James Kiesel
3588780ac3
Don't reject likes by email for closed topics ( #4311 )
2016-07-05 17:33:08 +02:00
Guo Xiang Tan
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
e4a82cdd85
Merge pull request #4306 from tgxworld/add_discourse_event_trigger_when_user_logs_out
...
FEATURE: Add event trigger when a user is logged out.
2016-07-05 19:50:46 +08:00
Régis Hanol
17890f95a1
FIX: don't send emails to mailing_list users when bounce threshold is reached
2016-07-05 12:20:07 +02:00
Régis Hanol
59680af329
disable email white/blacklisting for staged users
2016-07-04 16:05:01 +02:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
Guo Xiang Tan
bd07658a37
PERF: Split queries when cleaning uploads.
...
This reduces the number of scans that the db has to do in the query
to fetch orphan uploads. Futheremore, we were not batching our
records which bloats memory.
2016-07-04 16:34:32 +08:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Sam
92daf44daf
correct random suggested topic selection
2016-07-04 10:34:54 +10:00
Sam
e858def372
remove invalid specs
2016-07-04 10:34:26 +10:00
Arpit Jalan
2f3ee3b658
FEATURE: new site setting suggested_topics_max_days_old
2016-07-03 15:07:56 +05:30
Sam
813fcebdd1
FIX: email_always was not respected correctly
...
In the past email always meant, email me even if active UNLESS I read post
Now emails always means, always, even if I read the post
2016-07-01 11:22:07 +10:00
Matt Palmer
7a1e99dacb
Add some clarifying specs around new-topic-creating emails work
...
Strangers get to create new topics (if the appropriate tickbox is ticked)
but low-TL existing users don't. That might seem a bit backwards, but
the tickbox says 'strangers', not 'everyone'.
2016-06-30 22:24:25 +10:00
Sam
b15f6bd211
FIX: s3 cdn urls not remapped correctly
2016-06-30 18:58:38 +10:00
Guo Xiang Tan
8db3ab5f2a
Merge pull request #4292 from tgxworld/rename_use_https_to_force_https
...
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:17:57 +08:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https
to force_https
.
2016-06-29 15:02:43 +08:00
Guo Xiang Tan
7619c2fa2f
FIX: Make sure we add a TTL when we enable readonly mode.
2016-06-29 13:55:17 +08:00
Sam
ef93e75f80
correct #4293 no need to muck with site settings, messes up repeat runs
2016-06-29 12:01:37 +10:00
Robin Ward
61ce5c210c
FIX: S3Cdn link clicks weren't working
2016-06-28 15:52:38 -04:00
Régis Hanol
214f5bff5c
don't send more than 1 reply per day to auto-generated emails
2016-06-28 16:42:05 +02:00
Sam
1411eedad3
FEATURE: offer to unwatch categories when unwatching category
2016-06-28 18:34:20 +10:00
Régis Hanol
800081f606
FIX: staged users weren't able to reply in restricted categories
2016-06-26 19:25:45 +02:00
Robin Ward
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Robin Ward
94a4af6af7
FIX: If posts are deleted they should be updated in consistency jobs
2016-06-21 13:05:56 -04:00
James Kiesel
7a6bc3f1d7
Apply notification styles to mailing list email manually ( #4283 )
...
* Apply notification styles to mailing list email manually
* Fix failing spec
2016-06-21 20:42:30 +05:30
Régis Hanol
874c18cbc1
FIX: unstage users when using SSO
2016-06-21 11:28:58 +02:00
Neil Lalonde
487c20959c
FEATURE: max topics/replies per day for new users now starts counting from the first post, not signup date
2016-06-20 16:55:11 -04:00
Régis Hanol
e9a293beeb
FIX: clean up uploads job
2016-06-20 22:05:41 +02:00
Guo Xiang Tan
b3a8f7d369
Merge pull request #4277 from tgxworld/fix_bug_when_post_creator_returns_nil
...
Fix bug when post creator returns nil
2016-06-20 18:15:52 +08:00
Guo Xiang Tan
9a0797204a
FIX: Add check to ensure post has been created.
2016-06-20 15:51:26 +08:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Sam
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
Robin Ward
83e46cc302
FIX: Restrict changing ownership to one topic
2016-06-17 14:20:14 -04:00
Sam
dd1a184955
Correct mailing list mode unsubscribe
2016-06-17 11:57:23 +10:00
Sam
852860de66
FEATURE: simpler and friendlier unsubscribe workflow
...
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Robin Ward
84f0e5ad4d
SECURITY: Unapproved, active users should not receive emails
2016-06-16 12:55:47 -04:00
Neil Lalonde
d62f2b4d67
UX: rename setting num_flags_to_block_new_user to num_spam_flags_to_block_new_user
2016-06-15 13:19:06 -04:00
Guo Xiang Tan
169d17edc3
Include cdn path in the stylesheet digest.
2016-06-16 00:19:38 +08:00
Neil Lalonde
1c9519636c
FEATURE: new users can be blocked from posting if enough TL3 users flag their posts
2016-06-15 10:51:34 -04:00
Guo Xiang Tan
bf64280661
FIX: Incorrect scope when checking for existing topic link.
2016-06-15 14:13:30 +08:00
Régis Hanol
470da6205c
FIX: staged users should not watch/track/mute categories by default
2016-06-14 16:45:47 +02:00
Régis Hanol
49f8a2baa7
FEATURE: support for mandrill webhooks
2016-06-13 12:32:14 +02:00
Guo Xiang Tan
95efdce74f
Improve spec.
2016-06-13 13:16:24 +08:00
Guo Xiang Tan
1fe499e893
FIX: Don't include reflections when checking for duplication topic links.
2016-06-13 13:14:35 +08:00
Guo Xiang Tan
0c8dd28395
FIX: Post count wasn't recovered when a post is recovered.
2016-06-13 11:25:06 +08:00
Robin Ward
3b9b492ea6
FIX: Weird spec
2016-06-10 11:32:32 -04:00
Régis Hanol
dffe50a2e6
new alternative reply by email addresses
2016-06-10 16:14:42 +02:00
Sam
65f466cf8c
FIX: topic link reflections deleted on second save
2016-06-10 17:25:59 +10:00
Sam
3015030fe2
FIX: unlisted topics do not get "slug auto correct" logic
2016-06-10 10:53:26 +10:00
Neil Lalonde
a6090339a7
FEATURE: tag group options: limit usage of one tag per group, tags in a group can't be used unless a prerequisite tag is used
2016-06-09 16:01:19 -04:00
Robin Ward
c3ad0f447a
FIX: Broken spec
2016-06-09 14:31:32 -04:00
Neil Lalonde
5047979f96
FIX: cannot remove tags from a topic
2016-06-09 12:04:34 -04:00
Guo Xiang Tan
ff577405ae
FIX: Randomly failing TopicList specs.
2016-06-09 22:03:13 +08:00
Régis Hanol
214e25f1b5
use proper 'Message-Id' field
2016-06-09 00:33:13 +02:00
Régis Hanol
3e3538d603
loosen security a bit on mailgun's webhook
2016-06-08 22:38:38 +02:00
Robin Ward
e38f17524b
FIX: Reflected links weren't being cleaned up properly
2016-06-08 16:09:01 -04:00
Robin Ward
b9df18360d
If you search a category by id, also include its children
2016-06-08 13:50:52 -04:00
Robin Ward
2169b1ecbc
FIX: Duplicate link message should link to the post
2016-06-08 12:35:11 -04:00
Arpit Jalan
40e9e1be66
FEATURE: user-friendly custom message
2016-06-08 18:23:22 +05:30
Neil Lalonde
a49ace0ffb
FEATURE: ability to restrict tags to categories using groups
2016-06-07 15:36:20 -04:00
Robin Ward
431179dd25
FEATURE: Prompt users when they are entering duplicate links
2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa
REFACTOR: Move composer messages to store
2016-06-07 14:47:22 -04:00
Arpit Jalan
4253141700
FEATURE: custom email message for topic invites
2016-06-07 23:43:15 +05:30
Jeff Atwood
cc66bff730
we forgot to update the mailgun tests
2016-06-06 16:55:24 -07:00
Jeff Atwood
5c3e36aec2
Merge pull request #4252 from techAPJ/invite-email-improvements
...
FEATURE: customize invite email message
2016-06-06 14:24:39 -07:00
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Régis Hanol
fe595f1653
FEATURE: mailjet webhook
2016-06-06 19:47:45 +02:00
Arpit Jalan
7b205ebba4
FEATURE: customize invite email message
2016-06-06 20:15:30 +05:30
Guo Xiang Tan
ecb2a0b9c7
Skip tests for now.
2016-06-06 18:18:12 +08:00