Jeff Wong
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Neil Lalonde
39d7745dc5
UX: show staged users' email addresses to staff without requiring a button press
2017-11-24 16:11:34 -05:00
Neil Lalonde
3f58b18dab
FEATURE: user card shows staff if a user is staged and lets them check the email address
2017-11-23 16:38:11 -05:00
Neil Lalonde
b37e40eea9
FEATURE: show read time in last 60 days
2017-11-16 15:46:51 -05:00
Sam
813e21d0e8
FIX: current user serializer consistently returns {} for custom_fields
...
Resolves : #5210
2017-11-15 11:55:37 +11:00
Neil Lalonde
2aadc42662
FEATURE: show read time on user cards
2017-11-08 15:25:56 -05:00
Robin Ward
561fa7d0cd
FEATURE: Site Setting to hide suspension reason on the public profile
2017-09-25 12:25:14 -04:00
Guo Xiang Tan
91d3929f52
Merge pull request #5078 from lelelelemon/master
...
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang
8124f26a6e
change count>0 to exists
2017-08-23 22:54:51 +00:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
aa1a68b979
UX: do not show "Message" button on user's own profile page/card
2017-06-29 14:27:00 +05:30
Arpit Jalan
a10c939775
FIX: do not show website name on TL0 profile
2017-06-04 18:30:28 +05:30
Guo Xiang Tan
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
e3e15182df
FEATURE: avatar flair on user cards
2016-09-15 16:15:18 -04:00
Sam
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
Sam
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Robin Ward
b2289d733f
List the "Watching First Post" tags on preferences
2016-07-22 16:16:45 -04:00
Sam
f1b1b0da14
FEATURE: show watched first post in user page
2016-07-08 14:08:10 +10:00
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
David McClure
2cbd87c08c
Remove www. from website name
2016-04-11 07:13:33 -07:00
David McClure
c6f6b17f71
UX: Show website path in website name for all domains
...
Query parameters are still truncated in website name
2016-04-10 18:55:01 -07:00
Sam
95076050f4
FEATURE: warn about mailing list mode if it is checked
2016-03-29 18:50:17 +11:00
Robin Ward
1006b1ba94
Various Plugin Enhancements and Extension Points
2016-03-11 15:53:37 -05:00
Sam
f0e942f647
PERF: move 3 more option columns out of the user table
2016-02-18 16:57:22 +11:00
Sam
3829c78526
PERF: shift most user options out of the user table
...
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded
New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Guo Xiang Tan
a362ad9407
FIX: Emoji in Discourse onebox is wrapped in square brackets.
2016-01-13 19:00:11 +08:00
Sam
a8b5192efd
FEATURE: User page refactor
...
Re-organise user page so it is easier to find interesting info
split it into tabs
- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
Sam
c82b33600a
FIX: serialize current user fields in standard user serializer
2015-12-05 17:50:03 +11:00
Régis Hanol
92ba6125c4
FEATURE: new 'automatically_unpin_topics' user preference
2015-11-17 18:21:40 +01:00
Guo Xiang Tan
7acc93b2a0
FEATURE: Track user profile views.
2015-09-16 14:48:31 +08:00
Régis Hanol
0c58f08207
FIX: profile picture selector
2015-09-11 15:10:56 +02:00
Régis Hanol
2742602254
FEATURE: support for external letter avatars service
2015-09-11 02:12:40 +02:00
Sam
abeabfb40f
BUG/PERF: Stop shipping PM stats when not needed
2015-09-10 17:18:43 +10:00
Sam
0b9322d16a
PERF: remove uneeded data, notification count is pointless
...
Getting notification count is expensive, no point shipping it to clients
2015-09-10 16:44:42 +10:00
Régis Hanol
bef80633b1
FEATURE: global admin override of most of the user preferences
2015-08-21 20:39:21 +02:00
Arpit Jalan
267d8be1f5
UX: show complete URL path if website domain is same as instance domain
2015-08-12 01:19:20 +05:30
Guo Xiang Tan
7c1e16da54
FEATURE: Display emojis in user stream.
2015-07-23 23:50:01 +08:00
Sam
8013b6a511
FIX: clean html before sending it to jquery for collapsing
2015-05-20 14:42:54 +10:00
Robin Ward
5bf8c31af4
Users can see their pending posts
2015-04-21 16:44:47 -04:00
Robin Ward
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
Sam
92e371f0b3
FEATURE: civilized mute
...
Allow user to mute all notifications generated by specific users
2015-03-24 11:55:22 +11:00
Sam
1601211617
Revert "FEATURE: allow end users to opt out of getting any private messages"
...
This reverts commit 229ecc4f8a
.
2015-03-23 17:21:58 +11:00
Sam
229ecc4f8a
FEATURE: allow end users to opt out of getting any private messages
2015-03-23 15:50:45 +11:00
Sam
e9c5e17fbe
PERF: disable PM stats when explicitly omitting stats
2015-02-24 13:39:31 +11:00
Sam
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
Régis Hanol
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
Régis Hanol
8ab32396a7
Merge pull request #3009 from gdpelican/feature/new-private-message
...
New Private Message button for user topics
2014-12-03 12:17:45 +01:00
Régis Hanol
461196f089
FEATURE: 'delete user' button in the user card in the admin section
2014-12-02 18:52:56 +01:00
James Kiesel
cc76087f59
Add new private message button on topics list
...
That'll teach me to wildly refactor things.
2014-12-02 00:53:49 +13:00
Régis Hanol
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
Régis Hanol
27d78332c4
FEATURE: restrict some user fields for TL0 users when viewed by anonymous users
2014-11-26 19:20:03 +01:00
Neil Lalonde
ebcf21585c
FEATURE: add a button for staff to delete a user on their profile page
2014-11-14 15:25:33 -05:00
Sam
cc9b040502
Revert "FEATURE: display github profile links on user card and profile"
...
This reverts commit 95c518329a
.
2014-11-05 07:45:35 +11:00
Sam
95c518329a
FEATURE: display github profile links on user card and profile
...
Can be disabled by unchecking "public_github_screen_name"
2014-11-04 13:33:58 +11:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
Régis Hanol
7e8c4b63f4
FIX: only show agreed abd deferred flags on user's profile
2014-10-09 16:10:16 +02:00
Robin Ward
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
Régis Hanol
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
riking
637371e60a
Switch to count of all notifications
2014-09-09 20:13:36 -07:00
riking
69bc552054
FEATURE: Actually show more notifications
...
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.
Notification history is loaded in blocks of 60 at a time.
Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
Robin Ward
334e21a03a
Revert "Revert "FEATURE: Can create warnings for users via PM""
...
This reverts commit 1c7559380c
.
2014-09-08 11:11:56 -04:00
Robin Ward
1c7559380c
Revert "FEATURE: Can create warnings for users via PM"
...
This reverts commit b0bfc1f93f
.
2014-09-08 10:38:59 -04:00
Robin Ward
b0bfc1f93f
FEATURE: Can create warnings for users via PM
2014-09-08 10:27:06 -04:00
Neil Lalonde
2672857aee
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 11:05:44 -04:00
Ben Lubar
ac8c2e1e07
discourse#2591
2014-07-27 12:12:36 -05:00
Ben Lubar
44dc4b4a17
add profile option for edit history, visible only when edit history is disabled globally.
2014-07-26 23:04:46 -05:00
Sam
8fcc019ff8
FIX: only allow badge title selection if it exists
2014-07-09 15:31:49 +10:00
Régis Hanol
9abef57312
BUGFIX: staff counters weren't taking into acount deleted posts/actions
2014-07-02 22:33:18 +02:00
Régis Hanol
15120bb583
FEATURE: add staff counters on user profile
2014-06-30 22:46:47 +02:00
Andrew Bezzub
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
Andrew Bezzub
9ffd173873
move bio to UserProfile from User
2014-06-13 14:55:32 -04:00
Sam
03087679f0
FEATURE: Support custom preferences for users, injected by plugins
2014-06-11 15:50:37 +10:00
Andrew Bezzub
0a42901c40
do not use try in UserSerializer for fields coming from UserProfile
2014-06-07 13:30:35 -07:00
Andrew Bezzub
7db31adf35
move website from User to UserProfile
2014-06-06 21:54:32 -07:00
Sam
5e526c033d
BUGFIX: missing avatar on user pages
2014-06-02 12:59:54 +10:00
Sam
69ffce72a0
Remove dead code
2014-05-30 14:50:03 +10:00
Robin Ward
7c22d738b6
FEATURE: Add a location field to a user's profile
2014-05-27 13:54:04 -04:00
Sam
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
Robin Ward
5284fb7cbc
New Setting: Don't jump to new posts when replying
2014-05-26 16:39:03 -04:00
Régis Hanol
4642218662
FEATURE: add private messages counters in user activity feed
2014-05-02 22:53:58 +02:00
Robin Ward
cdd2101e4f
FIX: Don't hotlink links for new users
2014-04-24 18:36:02 -04:00
Vikhyat Korrapati
4c0f85650e
Display badge count in the user admin page.
2014-04-16 18:08:10 +05:30
Vikhyat Korrapati
e0a4959dc9
Sort featured badges by badge type first, followed by grant count.
2014-04-16 18:08:10 +05:30
Vikhyat Korrapati
89b9f9e2cb
Fix badge serialization issue.
2014-04-11 07:33:17 +05:30
Vikhyat Korrapati
3f4c5ed451
Show badges in the poster expansion card.
2014-04-11 06:59:11 +05:30
Forest Carlisle
e904b2faad
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
* Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 13:26:40 -07:00
Johan Jatko
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Jonathan Allard
c513725f26
Allow users to toggle interface language in their preferences
2014-02-18 14:53:59 -05:00
Robin Ward
e511e8a80b
Link to groups from user profile
2014-02-07 10:44:51 -05:00
Sam
227873df78
FEATURE: proper mailing list mode
...
once enable_mailing_list_mode is enabled any user can elect
to get every post via email unless they opt out of category or topic
2014-02-07 11:07:52 +11:00
Sam
f91163e146
FEATURE: added UI for tracking categories
2014-01-06 11:57:27 +11:00
Sam
2da5d2311b
FEATURE: Added UI for adding and removing watched and muted categories
2014-01-02 17:59:08 +11:00
Sam
db1d01d1a2
Discourse as a Mailing List improvements
...
FEATURE: context is not emailed if we previously emailed you the post
FEATURE: site setting to enable_watch_new_topics , false by default.
When enables users can elect to watch everything by default
FIX: Custom email subjects (x quoted you in [title], x replied to [title])
was removed, this broke email grouping. TBD, include info in footer somehow
FIX: topic user specs were messy, reduce side effects
2013-12-30 13:02:12 +11:00
Vikhyat Korrapati
621b2b5972
enable_names site setting implementation.
2013-12-08 19:31:25 +05:30
Neil Lalonde
915861a646
FIX: suspended users still appear suspended after their suspension expires
2013-12-03 15:53:30 -05:00
Neil Lalonde
dbd2332b74
Public user profile page shows if the user is suspended and why.
2013-11-07 16:34:31 -05:00