Commit Graph

3056 Commits

Author SHA1 Message Date
Martin Brennan
bb4e965a66
FEATURE: Optionally show local time for user in card (#9527)
This adds a site setting (default off) to optionally show a user's local time and timezone in their user card. For example, I live in Brisbane, and if at 3:30PM my time I were to open a user who lives in California's card I would see 22:30 (PST).
2020-04-28 10:13:59 +10:00
Sam Saffron
6a18c9aa0b
Revert "FEATURE: enforce_canonical_emails site setting"
This reverts commit 6f9177e2ed.

We decided on a completely different approach to the problem.

Instead we will let blocked emails be treated as canonical.
2020-04-24 13:52:06 +10:00
Robin Ward
13f2723dcb FIX: Don't log an error to logster if a topic could not be updated.
If for some reason an update did not go through (for example,
concurrently updating the same topic twice), we were logging something
like:

```
create_errors_json called with unrecognized type: #<Topic
```

This happened because we knew an error occurred but the active record
object had no errors attached.

This patch fixes the issue by attaching a proper error message in the
event that this happens.
2020-04-22 11:56:04 -04:00
Justin DiRose
6559ad0d80
FEATURE: Add copy button to codeblocks (#9451) 2020-04-21 08:02:13 -05:00
Sam Saffron
ee36382640
FEATURE: improve rendering of RSS feeds
- Eliminate superfluous "author wrote" block
- Eliminate block-quote for all posts
- Move participant count and reply count to 1 line
- Prioritize name over username if forum requests
- Use fabrication in list controller spec to speed up spec
2020-04-20 16:08:24 +10:00
Gerhard Schlager
3e3ac704e1 Remove unused translation
It isn't used anymore since a19e43fd3b
2020-04-19 16:44:14 +02:00
Vinoth Kannan
884eea7a83 FEATURE: add support for upload format in theme settings. 2020-04-15 18:34:02 +05:30
Sam Saffron
6f9177e2ed
FEATURE: enforce_canonical_emails site setting
The new `enforce_canonical_emails` site setting ensures that emails in the
canonical form are unique.

This mean that if `s.a.m+1@gmail.com` is registered `sam@gmail.com` will
not be allowed.

The commit contains a blanket "tag strip" (stripping everything after +)
it also contains special handling of a "dot strip" for googlemail and gmail.

The setting only impacts new registrations after `enforce_canonical_emails`

The setting is default false so it will not impact any existing installs.
2020-04-14 14:16:30 +10:00
Robin Ward
b6b92a562c
FEATURE: New site setting embed_unlisted (#9391)
If enabled, posts imported to discourse via embeddings will default to
unlisted until they receive a reply.
2020-04-13 15:17:02 -04:00
tshenry
617692a6c4
UX: Note "Summarize This Topic" settings behavior
We use the `periodical_updates` and `weekly` background jobs to retroactively add/remove the "Summarize This Topic" button for topics according to the `summary_posts_required` or `summary_likes_required` site settings.
2020-04-10 09:46:36 -07:00
Robin Ward
e1f8014acd
FEATURE: Support for publishing topics as pages (#9364)
If the feature is enabled, staff members can construct a URL and publish a
topic for others to browse without the regular Discourse chrome.

This is useful if you want to use Discourse like a CMS and publish
topics as articles, which can then be embedded into other systems.
2020-04-08 12:52:36 -04:00
Martin Brennan
40546af217
FIX: Remove date from bookmark reminder non-English translations (#9354)
The {{date}} interpolated value was removed from the English translations in #9329 but not from the other translations, causing breakages.

Also adds a , inbetween date and time for reminders using long_no_year for readability.
2020-04-06 13:14:46 +10:00
Kane York
cdaa60b56b FEATURE: Allow admins to disable self-service account deletion
https://meta.discourse.org/t/-/146276
2020-04-01 15:16:07 -07:00
Martin Brennan
b79ea986ac
FEATURE: High priority bookmark reminder notifications (#9290)
Introduce the concept of "high priority notifications" which include PM and bookmark reminder notifications. Now bookmark reminder notifications act in the same way as PM notifications (float to top of recent list, show in the green bubble) and most instances of unread_private_messages in the UI have been replaced with unread_high_priority_notifications.

The user email digest is changed to just have a section about unread high priority notifications, the unread PM section has been removed.

A high_priority boolean column has been added to the Notification table and relevant indices added to account for it.

unread_private_messages has been kept on the User model purely for backwards compat, but now just returns unread_high_priority_notifications count so this may cause some inconsistencies in the UI.
2020-04-01 09:09:20 +10:00
Arpit Jalan
b2a0d34bb7
FEATURE: add setting auto_approve_email_domains to auto approve users (#9323)
* FEATURE: add setting `auto_approve_email_domains` to auto approve users

This commit adds a new site setting `auto_approve_email_domains` to
auto approve users based on their email address domain.

Note that if a domain already exists in `email_domains_whitelist` then
`auto_approve_email_domains` needs to be duplicated there as well,
since users won’t be able to register with email address that is
not allowed in `email_domains_whitelist`.

* Update config/locales/server.en.yml

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2020-03-31 23:59:15 +05:30
Sam Saffron
ecbccab159
FEATURE: invite_code is case-insensitive
Previously we required exact casing for invite code, this can cause a lot
of confusion. Relax the requirement.
2020-03-26 13:44:02 +11:00
Martin Brennan
097851c135
FIX: Change secure media to encompass attachments as well (#9271)
If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”.

This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-26 07:16:02 +10:00
Dan Ungureanu
49395ec577
FIX: Fix image optimization pipeline (#9257)
* FIX: Do not use original filename to extract the original filename

Prefer extracting filename from the destination path, which is build
using extracted image information.

* UX: Show better error images
2020-03-25 12:59:16 +02:00
Bianca Nenciu
d8640fd042
DEV: Move requested_group_id custom field from post to topic (#9127)
Follow-up-to accbbded15
2020-03-24 11:12:52 +02:00
Rishabh
0c71f7bbd1 UX: Improve suspect user copy on /review 2020-03-16 16:08:58 +05:30
Sam Saffron
a1d660d951
FEATURE: optional global invite_code for account registration
On some sites when bootstrapping communities it is helpful to bootstrap
with a "light weight" invite code.

Use the site setting `invite_code` to set a global invite code.

In this case the administrator can share the code with
a community which is very easy to remember and then anyone who has
that code can easily register accounts.

People without the invite code are not allowed account registration.

Global invite codes are less secure than indevidual codes, in that they
tend to leak in the community however in some cases when starting a brand
new community the security guarantees of invites are not needed.
2020-03-15 21:17:28 +11:00
David Taylor
3723c64257
DEV: Correct references to theme flags
Followup to d1474e94
2020-03-13 16:45:55 +00:00
David Taylor
ad2ec5b65e
UX: Improve copy for suspect users feature (#9201)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-03-13 15:53:40 +00:00
Martin Brennan
2237ba8c9d
FIX: Add topic deleted check to email/sender (#9166)
It already had a deleted post check and log reason, add a topic one too to avoid errors
2020-03-13 10:04:15 +10:00
Stasiek Michalski
1b8793e7a4
FEATURE: Add support for custom gravatar-like services (#9137)
Adds 3 config values that allow to set a custom provider of Gravatar-like API accessible from gravatar_base_url. The gravatar_name is purely cosmetic, but helps with associating name with the service that actually provides the avatars. gravatar_login_url is a link relative to gravatar_base_url, which provides the user with the login to the Gravatar service
2020-03-12 11:23:55 -04:00
Martin Brennan
793f39139a
FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071)
* This PR implements the scheduling and notification system for bookmark reminders. Every 5 minutes a schedule runs to check any reminders that need to be sent before now, limited to **300** reminders at a time. Any leftover reminders will be sent in the next run. This is to avoid having to deal with fickle sidekiq and reminders in the far-flung future, which would necessitate having a background job anyway to clean up any missing `enqueue_at` reminders.

* If a reminder is sent its `reminder_at` time is cleared and the `reminder_last_sent_at` time is filled in. Notifications are only user-level notifications for now.

* All JavaScript and frontend code related to displaying the bookmark reminder notification is contained here. The reminder functionality is now re-enabled in the bookmark modal as well.

* This PR also implements the "Remind me next time I am at my desktop" bookmark reminder functionality. When the user is on a mobile device they are able to select this option. When they choose this option we set a key in Redis saying they have a pending at desktop reminder. The next time they change devices we check if the new device is desktop, and if it is we send reminders using a DistributedMutex. There is also a job to ensure consistency of these reminders in Redis (in case Redis drops the ball) and the at desktop reminders expire after 20 days.

* Also in this PR is a fix to delete all Bookmarks for a user via `UserDestroyer`
2020-03-12 10:16:00 +10:00
David Taylor
d1474e94a1
FEATURE: Allow themes to specify modifiers in their about.json file (#9097)
There are three modifiers:
- serialize_topic_excerpts (boolean)
- csp_extensions (array of strings)
- svg_icons (array of strings)

When multiple themes are active, the values will be combined. The combination method varies based on the setting. CSP/SVG arrays will be combined. serialize_topic_excerpts will use `Enumerable#any`.
2020-03-11 13:30:45 +00:00
Mark VanLandingham
3ad5cb0cbc
FIX: Error message for 403 when featuring topic on profile (#9149) 2020-03-09 11:41:07 -05:00
Mark VanLandingham
174764be25
FEATURE: Add embed_set_canonical_url setting (#9134) 2020-03-09 09:31:24 -05:00
Gerhard Schlager
edc8d58ac3 FEATURE: Add site setting to disable staged user cleanup
... and disabled the cleanup during imports, otherwise a running Sidekiq might delete users before posts are created
2020-03-09 10:26:41 +01:00
Roman Rizzi
87687c0819
Drop unnecessary readonly_during_backup setting (#9112) 2020-03-06 14:29:00 -03:00
Martin Brennan
29ccdf5d35
FIX: Show a nicer error if name/code missing for TOTP/Security Keys (#9124)
Meta: https://meta.discourse.org/t/improve-error-message-when-not-including-name-setting-up-totp/143339

* when the user creates a TOTP second factor method we want
to show them a nicer error if they forget to add a name
or the code from the app, instead of the param missing error
* also add a client-side check for this and for security key name,
no need to bother the server if we can help it
2020-03-06 14:37:40 +10:00
Joffrey JAFFEUX
11425f8adc
FEATURE: alows to add a description link to a report (#9065)
This commit adds a description link to users_per_trust_level report linking to our blog  article on the subject https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
2020-03-02 14:30:51 -05:00
Joffrey JAFFEUX
0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Sam Saffron
372f6f4f22
FEATURE: limit number of notifications per user to 10,000
Introduces a new site setting `max_notifications_per_user`.

Out-of-the-box this is set to 10,000. If a user exceeds this number of
notifications, we will delete the oldest notifications keeping only 10,000.

To disable this safeguard set the setting to 0.

Enforcement happens weekly.

This is in place to protect the system from pathological states where a
single user has enormous amounts of notifications causing various queries
to time out. In practice nobody looks back more than a few hundred notifications.
2020-02-24 11:42:50 +11:00
Sam Saffron
f93de763b7
DOC: improve documentation of image limit site settings
max_image_megapixels is a hard limit

max_image_size_kb is a soft limit and images are resized to fit
2020-02-24 09:32:07 +11:00
Roman Rizzi
c7787464cd
FEATURE: Admins can configure the reflag cooldown window and if posts flagged as spam by TL3+ users get automatically hidden (#9010) 2020-02-20 14:43:33 -03:00
Roman Rizzi
fadb2b7157
FEATURE: Users cannot reflag recently handled items using the same reason unless the post was edited, or it was reviewed more than 24 hours ago. (#8969) 2020-02-14 13:43:48 -03:00
Simon Cossar
a2bd0c6ef9
Improve default email level copy (#8897) 2020-02-07 12:16:11 -08:00
Joffrey JAFFEUX
20944e69e4
FEATURE: adds trust_level_growth report (#8878) 2020-02-06 19:44:30 +01:00
Penar Musaraj
f029e2eaf6 FEATURE: Add site setting for specific hosts using custom user agent when oneboxing
Followup to #00c406
2020-02-06 10:32:42 -05:00
Joshua Rosenfeld
3bf870cb24
Update email test email copy
Most major email providers no longer have long-term free plans.
2020-02-05 22:30:32 -05:00
Robin Ward
71312d9086 FIX: Labels were switched in the wizard for privacy options 2020-02-04 11:09:52 -05:00
Sam Saffron
9a199be279 UX: hide the allow_embedding_site_in_an_iframe setting
This setting is very high risk and can potentially break all
sorts of features.

To avoid complications and save people from themselves we are
hiding the site setting.

It can still be modified using the console if absolutely needed.
2020-02-03 15:28:02 +11:00
Arpit Jalan
62c21ba649 Remove bounce_score_threshold_deactivate setting.
Removed `bounce_score_threshold_deactivate` setting as the deactivate
threshold is not getting reached.
2020-01-30 16:17:31 +05:30
Roman Rizzi
2ee6a615b7
FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
Dan Ungureanu
09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
David Taylor
a9d0d55817 FEATURE: Add message to log when admins are automatically deactivated 2020-01-28 12:16:24 +00:00
Roman Rizzi
db5373a87c
UX: Invalid CSV error message now includes information about the malformed line (#8773)
* UX: Invalid CSV error message now includes information about the malformed line

* Update config/locales/server.en.ym and use line_number instead of lineno

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:04:06 -03:00
Régis Hanol
821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
Dan Ungureanu
89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Leo McArdle
8883cca373 enqueue spam/dmarc failing emails instead of hiding (#8674)
* enqueue spam/dmarc failing emails instead of hiding

* add translations for dmarc/spam enqueued reasons

* unescape quote

* if email_in_authserv_id is blank return gray for all emails
2020-01-21 11:12:00 -05:00
Jeff Atwood
1fb81e9f56 omit needless words 2020-01-17 16:16:21 -08:00
Arpit Jalan
0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
romanrizzi
d3091edcea UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view 2020-01-13 15:53:41 -03:00
Martin Brennan
9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Robin Ward
e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
Risto
e0da8d3ce6 UX: correct validation message for category search priority
The default value is 1.2 so it can surely be set greater than 1.
2020-01-06 17:15:28 +11:00
Martin Brennan
c031434b86
FIX: Catch error when unknown COSE algorithm is supplied for Security Key (#8649)
Added a fix to gracefully error with a Webauthn::SecurityKeyError if somehow a user provides an unkown COSE algorithm when logging in with a security key.

If `COSE::Algorithm.find` returns nil we now fail gracefully and log the algorithm used along with the user ID and the security key params for debugging, as this will help us find other common algorithms to implement for webauthn
2020-01-02 10:14:22 +10:00
Arpit Jalan
2c0574010a FIX: better error message when forum is in read-only mode 2019-12-24 15:49:27 +05:30
Krzysztof Kotlarek
9e4fcb1a0a
FIX: Correct description for out of love badge (#8615)
The bug mentioned here
https://meta.discourse.org/t/badge-not-triggering/135896/8

Basically, descriptions for 3 badges: "Out of Love", "Higher Love" and
"Crazy in Love" are granted based on on "max_likes_per_day" and the
description should reflect that.
2019-12-24 08:30:34 +11:00
Martin Brennan
6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Mark VanLandingham
14cb386f1e
FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
Vinoth Kannan
f7084a4339 FEATURE: add site setting to remove X-Frame-Options header. 2019-12-06 03:15:09 +05:30
Vinoth Kannan
e6dfcda0bc DEV: handle all notification consolidations in new 'NotificationConsolidator' class.
481c8314f0
2019-12-05 14:36:06 +05:30
Neil Lalonde
875f0d8fd8
FEATURE: Tag synonyms
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.

Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
2019-12-04 13:33:51 -05:00
Martin Brennan
e7c7a05097
FIX: Mark secure media upload insecure automatically if used for theme component (#8413)
When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2019-11-28 07:32:17 +10:00
Leo McArdle
2714149fd2 FEATURE: hide posts from incoming email based on dmarc verdict (#8333) 2019-11-26 15:55:22 +01:00
Martin Brennan
afb5533581
FEATURE: Add timezone to core user_options (#8380)
* Add timezone to user_options table

* Also migrate existing timezone values from UserCustomField,
  which is where the discourse-calendar plugin is storing them

* Allow user to change their core timezone from Profile

* Auto guess & set timezone on login & invite accept & signup

* Serialize user_options.timezone for group members. this is so discourse-group-timezones can access the core user timezone, as it is being removed in discourse-calendar.

* Annotate user_option with timezone

* Validate timezone values
2019-11-25 10:49:27 +10:00
Sam Saffron
b57e108e84 FEATURE: improve email change workflow
- Show old and new email address during the process
- Ensure correct user is logged on when attempting to make email changes
- Support reloading a page during the email reset process without resubmit
of form
- Improve tests
- Fixed issue where redirect back to site was not linking correctly in
subfolder setups

Internal refactor of single action into 4 distinct actions that are simpler
to reason about.

This also removes the step that logs on an account after you confirm an
email change, since it is no longer needed which leaves us with safer
internals.

This left me no choice but to amend translations cause the old route was
removed.
2019-11-21 16:28:35 +11:00
Kris
09579bffbe UX: More obvious alt auth link 2019-11-20 23:44:10 -05:00
Martin Brennan
02cb01406e
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373)
The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent.

Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-20 07:46:44 +10:00
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Blake Erickson
eb4d8a43e3 DEV: Improve mail-receiver update instructions 2019-11-15 13:57:43 -07:00
Martin Brennan
5c59247c3a Block enabling force 2FA if local logins disabled & vice-versa (#8355) 2019-11-15 17:05:10 +11:00
tshenry
9caec39aef
UX: Add CSP documentation link to content_security_policy_script_src setting 2019-11-12 14:57:47 -08:00
David Taylor
5f927ceeb3
DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
Blake Erickson
15f6f57cdc DEV: Add update message for an outdated mail-receiver
Previous versions of the mail-receiver used query based api credentials,
if we detect this we will show a message in the admin panel to update
the mail receiver.
2019-11-08 17:32:22 -07:00
Vinoth Kannan
ba5b78a348
FEATURE: support to mute all categories by default. (#8295)
Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages.
2019-11-08 08:28:11 +05:30
Blake Erickson
2db2003187 DEV: Add deprecation warning of non-header based API auth
This change adds a message to the admin panel if it detects an api
requests that doesn't use the new header based authentication method.

The message is to warn people to switch to header based auth and links
to the api documention topic on meta for more info.
2019-11-07 17:06:13 -07:00
Vinoth Kannan
5d42f052bc Minor copy edit
671f303b53
2019-11-07 11:39:17 +05:30
David Taylor
52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Vinoth Kannan
671f303b53
FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
Arpit Jalan
b7327d2c34 UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
Mark VanLandingham
66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Vinoth Kannan
72aa26c8c5
FEATURE: New site settings for default tags in user preferences. (#8283) 2019-11-01 12:40:13 +05:30
Neil Lalonde
d777844ed6 FEATURE: categories can require topics have a tag from a tag group
In a category's settings, the Tags tab has two new fields to
specify the number of tags that must be added to a topic
from a tag group. When creating a new topic, an error will be
shown to the user if the requirement isn't met.
2019-10-31 16:10:19 -04:00
Sam Saffron
c5e67726fd FIX: under some conditions draft would say it was saving when not
This is a major change to draft internals. Previously there were quite a
few cases where the draft system would say "draft saved", when in fact
we just skipped saving.

This commit ensures the draft system deals with draft ownership handover in
a predictable way.

For example:

- Window 1 editing draft
- Window 2 editing same draft at the same time

Previously we would allow window 1 and 2 to just fight on the same draft
each window overwriting the same draft over an over.

This commit introduces an ownership concept where either window 1 or 2 win
and user is prompted on the loser window to reload screen to correct the issue

This also corrects edge cases where a user could have multiple browser windows
open and posts in 1 window, later to post in the second window. Previously
drafts would break in the second window, this corrects it.
2019-10-31 17:15:58 +11:00
Penar Musaraj
580a4a827b Exclude audio/video URLs from search result blurbs
Displays translatable "[audio]" or "[video]" placeholders instead of ugly (and often long) URLs.
2019-10-30 13:07:16 -04:00
Penar Musaraj
965662d215 Prettify server.en.yml 2019-10-30 12:56:25 -04:00
Krzysztof Kotlarek
c32bd8ae48 FEATURE: Remove attachments and truncate raw field for incoming emails (#8253)
Adds the settings: 

raw_email_max_length, raw_rejected_email_max_length, delete_rejected_email_after_days. 

These settings control retention of the "raw" emails logs.

raw_email_max_length ensures that if we get incoming email that is huge we will truncate it removing uploads from the raw log.

raw_rejected_email_max_length introduces an even more aggressive truncation for rejected incoming mail. 

delete_rejected_email_after_days controls how many days we will keep rejected emails for (default 90)
2019-10-30 16:54:35 +11:00
Jeff Atwood
6d381b33a4 copyedits on moderator welcome PM 2019-10-28 17:19:42 -07:00
Mark VanLandingham
4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Mark VanLandingham
437edfc415
FEATURE: Welcome moderator message - add copy! (#8246) 2019-10-28 08:58:45 -05:00
tshenry
5d1b34e1b9
Minor Copy Change
Context: https://meta.discourse.org/t/email-with-correct-incoming-email-address-in-bcc-is-being-rejected/131003/2
2019-10-24 11:16:31 -07:00
tshenry
95114f87ae
Improve spam_hosts copy (#8203)
- Increase size of the reviewable's conversation excerpt to prevent truncation of the new copy
- Remove the `domain` parameter from the `flag_linked_posts_as_spam` method in the user model since it is no longer needed
- Remove the `domain` interpolation variable from all translation files
- Add "All posts from this user that include links should be reviewed." to server.en.yml for added clarity on why the posts entered the queue
2019-10-18 09:31:15 -07:00
Sam Saffron
f5d1aff8dd FEATURE: experimental hidden setting for draft backups
Under exceptional situations the automatic draft feature can fail.

This new **hidden, default off** site setting
`backup_drafts_to_pm_length` will automatically backup any draft that is
saved by the system to a dedicated PM (originating from self)

The body of that PM will contain the text of the reply.

We can enable this feature strategically on sites exhibiting issues to
diagnose issues with the draft system and offer a recourse to users who
appear to lose drafts. We automatically checkpoint these drafts every 5
minutes forcing a new revision each 5 minutes so you can revert to old
content.

Longer term we are considering automatically enabling this kind of feature
for extremely long drafts where the risk is really high one could lose
days of writing.
2019-10-17 16:58:21 +11:00
Arpit Jalan
600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Jeff Atwood
16d8e3f872 minor copyedit 2019-10-12 20:05:34 -07:00
Dan Ungureanu
fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
Roman Rizzi
10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Konrad Borowski
90a8852b63 List dots as a valid character in usernames (#8108) 2019-10-02 11:42:18 +10:00
tshenry
cad83bf071
Copy: Update Dashboard Advice PM
If dashboard advice has already been acted on, an admin may want to find out what the advice was, who acted on it, and when. Linking to the staff action logs should help in tracking down this information.
2019-09-18 11:54:12 -07:00
Joshua Rosenfeld
5c897b6d0c
Copy: Update Dashboard Advice PM
All admins receive the Dashboard Advice PM. If one admin takes action on the advice, future admins who follow the link in the PM will see no advice on the dashboard. This has caused some confusion, so we've updated the text to make this clearer.
2019-09-17 13:39:26 -04:00
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
AhmadFCheema
af9b08bed3 Fix typo in client.en.yml and server.en.yml (#8067) 2019-09-03 17:09:50 +10:00
Arpit Jalan
111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Roman Rizzi
e515324afa
Feature/Fix: Flagged posts user notifications (#8041)
* FIX: User should get notified when a post is deleted

* FEATURE: Notify posters when restoring flagged posts

* Fix typo

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Improve tests
2019-08-30 10:27:52 -03:00
David Taylor
be96c4478e
FEATURE: Login with Discord (#8053)
This migrates the functionality of discourse-plugin-discord-auth into core. 

The plugin will automatically disable itself when core is updated: fd0867844d

For setup instructions, visit https://meta.discourse.org/t/configuring-discord-login-for-discourse/127129
2019-08-30 10:54:19 +01:00
Penar Musaraj
8a5eb0bdb5 DEV: Use base_path in setting description relative link 2019-08-27 14:23:34 -04:00
Penar Musaraj
5c02bfb000 FEATURE: Site settings for linking with iOS/Android native apps
- Adds support for iOS Universal Links via an `apple-app-site-association` endpoint

 Adds support for Google Digital Asset Links at the `.well-known/assetlinks.json` endpoint
2019-08-27 14:05:37 -04:00
Gerhard Schlager
ce75520d3c FIX: Remove duplicate %-sign from error messages 2019-08-26 14:31:18 +02:00
Penar Musaraj
14cdb01254 FIX: Allow topic edits when using a hidden tag
Previously, a regular user could not edit the title or category
of a topic if a hidden tag had already been applied.

This also stops hidden tag names from leaking in the error message.
2019-08-21 16:33:01 -04:00
Rishabh
f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
David Taylor
572e928cba FIX: Correct query for post_edits dashboard report
- Use query builder to improve readability
- Remove subquery, so that all `where` filters happen alongside the limit
- Add 'edited at' column to the report
2019-08-13 16:11:17 +01:00
Sam Saffron
6374dc7d51 UX: add link to robots.txt editor in site setting description
This surfaces our robots.txt editor and provides enough warning to scare
people from actually changing it.
2019-08-13 16:53:43 +10:00
Robin Ward
5981678abd FIX: Trusted users might cause content to be hidden with one flag
The text has been updated to be less specific about "Multiple community
members" to address this case.
2019-08-12 16:00:16 -04:00
David Taylor
750802bf56
UX: Improve error handling for common OmniAuth exceptions (#7991)
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 10:55:02 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Leo McArdle
6296ae3d31 FEATURE: add setting to show content of forwarded emails in topics (#7935) 2019-08-07 12:32:19 +02:00
Neil Lalonde
4b9d35cd0e FEATURE: add option to always send excerpts in emails
Enable the new setting "post excerpts in emails" to send excerpts
instead of complete posts in notification emails. Control the length of
excerpts with the "post excerpt maxlength" setting.
2019-08-06 12:45:28 -04:00
David Taylor
39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Robin Ward
6f367dde26
UX: Rename "Keep Post" to "Keep Post Hidden" when hidden (#7767)
* UX: Rename "Keep Post" to "Keep Post Hidden" when hidden

This is based on this feedback:
https://meta.discourse.org/t/category-group-review-moderation/116478/19

When a post is hidden this makes the operation much more clear.

* REFACTOR: Better support for aliases for actions

Allow calls on alias actions and delegate to the original one.
This is less code but also simplifies tests where the action might
be "agree_and_keep" or "agree_and_keep_hidden" which are the same.
2019-08-01 11:23:23 -04:00
Arpit Jalan
1481ea640c FIX: better error message on username update from Admin user page. 2019-08-01 10:23:42 +05:30
Rishabh
dcb47d902b
REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications (#7958)
* REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications

- The older name could cause some confusion because the setting does not disable all edit notifications, only system ones.

* FIX: Add frozen_string_literal: true in the migration

* DEV: Deprecate 'disable_edit_notifications'
2019-07-31 20:20:41 +05:30
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Osama Sayegh
525920a979
FIX: Better error when SSO fails due to blank secret (#7946)
* FIX: Better error when SSO fails due to blank secret

* Update spec/requests/session_controller_spec.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-26 17:37:23 +03:00
Robin Ward
a727968112 FIX: Provide an error message if no valid tags were selected 2019-07-25 12:46:16 -04:00
Gerhard Schlager
7e0eeed292 FEATURE: Add attachments to outgoing emails
This feature is off by default and can can be configured with the `email_total_attachment_size_limit_kb` site setting.

Co-authored-by: Maja Komel <maja.komel@gmail.com>
2019-07-25 15:57:45 +02:00
Osama Sayegh
f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Arpit Jalan
1f1b3e99d1 UX: update invite 'not found' message 2019-07-19 16:39:44 +05:30
Roman Rizzi
f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Gerhard Schlager
9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
Robin Ward
1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Jeff Atwood
a49aa895d6 copyedit to shorten customize pills 2019-07-10 13:22:32 -07:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Arpit Jalan
324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Arpit Jalan
b6605749a0 DEV: clarify purpose of topic_page_title_includes_category site setting 2019-07-05 15:36:56 +05:30
AhmadF.Cheema
bfbd97d3b5 Remove extra whitespaces from locale files
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2019-07-04 13:48:17 +02:00
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
Sam Saffron
4dcc5f16f1 FEATURE: when under extreme load disable search
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
2019-07-02 11:22:01 +10:00
Gerhard Schlager
d513c28e3b FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
David Taylor
847f2943e8 UX: Update ignored_user_summary copy (#7748) 2019-06-28 16:49:06 +10:00
Robin Ward
817661aed9 UX: Require a confirmation if approving a post in a closed topic 2019-06-26 12:21:49 -04:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Robin Ward
89e0d8c521 FIX: There is new behavior on a live site, staff are granted access. 2019-06-17 08:17:39 -04:00
AhmadF.Cheema
c5dec04970 Fix minor typos in server.en.yml 2019-06-12 09:14:22 -04:00
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Guo Xiang Tan
9d0fba64c0 FIX: Use attachment format in user export system post take 2. 2019-06-11 12:15:11 +08:00
Guo Xiang Tan
658c6e0caf FIX: Use attachment format in user export system post. 2019-06-11 11:33:01 +08:00
Arpit Jalan
9acd851b9a FIX: correct link to list of watched words 2019-06-06 20:21:54 +05:30
Kris
cdd2c8ef4a TYPO: Don't say code twice 2019-06-05 12:12:09 -04:00
Régis Hanol
32f878db69
COPY: remove unnecessary "title" in links to topics on meta
Follow-up to 969d6af88e
2019-06-05 11:29:41 +02:00
Arpit Jalan
e7fe7010b8
FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
Neil Lalonde
ecc9c76692
FEATURE: dynamically update the topic heat settings monthly (#7670)
The site settings beginning with "topic views heat" and "topic post like
heat" are set to defaults when installing Discourse, but there has not
been a process or guidance for updating these values based on
community activity.

This feature will update them once a month. The low, medium, and
high settings will be based on the minimums of the 45th, 25th, and
10th percentile topics respectively, so that 45% of topics will have
some "heat".

Disable automatic changes with the automatic_topic_heat_values setting.
2019-06-04 10:34:07 -04:00
Joffrey JAFFEUX
4fe885dedf
FIX: corrects description as it's not unique (#7688) 2019-06-04 15:39:09 +02:00
Maja Komel
87d3b86484 FIX: better error message when user without permissions replies via email 2019-06-04 16:39:41 +08:00
Jeff Atwood
969d6af88e copyedit on theme wizard step 2019-06-03 09:42:04 -07:00
Penar Musaraj
16982d2a69
Update UI for wizard themes further reading step (#7669) 2019-06-03 10:47:17 -04:00
David Taylor
5e61893cb2 FIX: Display generic descriptor for associated account with no info 2019-06-03 12:14:02 +01:00
David Taylor
7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Dan Ungureanu
c1e7a1b292 UX: Merge settings related to muted tags. (#7656) 2019-06-03 12:23:23 +10:00
Sam Saffron
ee1e21b401 DEV: continue granting discourse.org pagerank by default
We can discuss on meta if it makes sense to strip this
2019-06-03 12:05:41 +10:00
Kris
98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Arpit Jalan
b893e9fcbb Fix the build. 2019-06-02 15:20:53 +05:30
Jeff Atwood
b4c1a367ed minor copyedit on watched word review 2019-06-02 01:48:48 -07:00
Sam Saffron
3b8819f0ab FEATURE: add support for defer topic functionality
This feature allows end users to "defer" topics by marking them unread

The functionality is default disabled. This also introduces the new site
setting default_other_enable_defer: to enable this by default on new user
accounts.
2019-05-31 15:44:35 +10:00
Bianca Nenciu
8196af165d FIX: Add Chromebook detection. 2019-05-30 16:29:51 +03:00
Dan Ungureanu
8728850452 FEATURE: Mute topics tagged with both muted and unmuted tags. 2019-05-30 07:58:17 +08:00
Penar Musaraj
a93aa5bbce Add "further reading for themes" step to wizard 2019-05-29 08:28:03 +08:00
Régis Hanol
9568f25882
TYPO: punctiation -> punctuation
Thanks to @yarons.
2019-05-27 22:57:23 +02:00
Robin Ward
912f1d83ac UX: Adjust text a little more 2019-05-27 09:06:46 -04:00
Robin Ward
0725b614c9 UX: Better language about sensitivity 2019-05-24 16:02:00 -04:00
Robin Ward
89b84651c3 Migrate score settings to use sensitivities
We hide scores so these settings no longer made sense.
2019-05-24 15:44:24 -04:00
Robin Ward
e74cd54fc6 REFACTOR: Replace score bonuses with low/med/high priorities
We removed score from the UX so it makes more sense to have sites set
priorities instead of score bonuses.
2019-05-23 11:54:45 -04:00
Gerhard Schlager
98a17edc90 Remove unused translations
The migration for the ToS signup field happend in 2014. Everyone who hasn't updated yet needs to live with the English text "Terms of Service". There's no need to keep these unused translations forever.
2019-05-22 16:15:22 +02:00
Gerhard Schlager
58f72cd439 Remove duplicate translations 2019-05-22 16:15:22 +02:00
Gerhard Schlager
4fce79d4d5 Add missing interpolation key to ToS 2019-05-22 14:40:15 +02:00
Gerhard Schlager
f74565f23b Remove unused translations 2019-05-22 13:35:18 +02:00
Gerhard Schlager
0afcad148a DEV: Always use %{count} in pluralized strings 2019-05-20 23:26:22 +02:00
Gerhard Schlager
b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Jeff Atwood
ba84e33b63 copyedits 2019-05-16 17:40:15 -07:00
Neil Lalonde
314a16bd37 Remove unused translation
7eea55d5
2019-05-16 14:41:11 -04:00
Régis Hanol
d51a495dad
COPY: improve 'private_email' site setting description 2019-05-16 11:35:33 +02:00
Régis Hanol
64e81f0549
FIX: ensure get_a_room link starts with 'base_path translation 2019-05-15 12:41:38 +02:00
Régis Hanol
a0df676194
COPY: improve 'dominating_topic' and 'get_a_room' warnings
cf. https://meta.discourse.org/t/how-to-suppress-the-warning-that-a-user-is-contributing-too-much-to-a-topic/63249/9
2019-05-15 12:21:44 +02:00
Neil Lalonde
6f747c6b71 FIX: don't allow username to be changed to same as password
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
2019-05-13 16:43:40 -04:00
Robin Ward
01bd82139f FIX: Invalid URL for queued posts review 2019-05-10 10:00:52 -04:00
Robin Ward
b3873b95d0 FIX: Pluralization error for tag error message 2019-05-10 09:54:54 -04:00
Robin Ward
b380ed5282 FEATURE: Claim Reviewables by Topic
This is a feature that used to be present in discourse-assign but is
much easier to implement in core. It also allows a topic to be assigned
without it claiming for review and vice versa and allows it to work with
category group reviewers.
2019-05-09 13:40:36 -04:00
Robin Ward
b409dab77f Rename flags_default_topics to reviewable_default_topics
This functionality regressed with the reviewable update. I took the
opporunity to rename it when fixing it for clarity.
2019-05-08 10:07:10 -04:00
Jeff Atwood
24346e4612 strengthen warning around crawler whitelist 2019-05-08 04:10:02 -07:00
Robin Ward
5af7c90bab FEATURE: Hide Reviewable scores, change score filter to Priority
We found score hard to understand. It is still there behind the scenes
for sorting purposes, but it is no longer shown.

You can now filter by minimum priority (low, med, high) instead of
score.
2019-05-07 14:05:23 -04:00
Blake Erickson
5b5b5a5931 FIX: return an error if a user tries to whisper
This commit fixes a bug where a user creates a whisper post via the api
but is posted as a regular message because they don't have access to
whisper. Now a 403 unauthorized will be returned instead of the whisper
param just being ignored for regular users. Staff users should not be
affected by this change.

https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 11:42:26 -06:00
Jeff Atwood
7799d29b12 copyedits on approval descriptions 2019-05-04 20:25:46 -07:00
Jeff Atwood
c37d959106 copyedit 2019-05-02 22:52:14 -07:00
Robin Ward
da0e37512a FIX: Add test to confirm updating category works.
Also replaces a missing translation key that 99.9% of users would never
see.
2019-05-01 11:37:28 -04:00
David Taylor
0e303c7f5d
FEATURE: Automatically generate optimized site metadata icons (#7372)
This change automatically resizes icons for various purposes. Admins can now upload `logo` and `logo_small`, and everything else will be auto-generated. Specific icons can still be uploaded separately if required.

## Core

- Adds an SiteIconManager module which manages automatic resizing and fallback

- Icons are looked up in the OptimizedImage table at runtime, and then cached in Redis. If the resized version is missing for some reason, then most icons will fall back to the original files. Some icons (e.g. PWA Manifest) will return `nil` (because an incorrectly sized icon is worse than a missing icon). 

- `SiteSetting.site_large_icon_url` will return the optimized version, including any fallback. `SiteSetting.large_icon` continues to return the upload object. This means that (almost) no changes are required in core/plugins to support this new system.

- Icons are resized whenever a relevant site setting is changed, and during post-deploy migrations

## Wizard

- Allows `requiresRefresh` wizard steps to reload data via AJAX instead of a full page reload

- Add placeholders to the **icons** step of the wizard, which automatically update from the "Square Logo"

- Various copy updates to support the changes

- Remove the "upload-time" resizing for `large_icon`. This is no longer required.

## Site Settings UX

- Move logo/icon settings under a new "Branding" tab

- Various copy changes to support the changes

- Adds placeholder support to the `image-uploader` component

- Automatically reloads site settings after saving. This allows setting placeholders to change based on changes to other settings

- Upload site settings will be assigned a placeholder if SiteIconManager `responds_to?` an icon of the same name

## Dashboard Warnings

- Remove PWA icon and PWA title warnings. Both are now handled automatically.

## Bonus

- Updated the sketch logos to use @awesomerobot's new high-res designs
2019-05-01 14:44:45 +01:00
Robin Ward
404b35bd04 FEATURE: Category Reviewable by Group
Allow a group to review content in a particular category.
2019-04-30 15:23:06 -04:00
Sam Saffron
5d96c5cb84 FIX: set upper limit on clean up invalid users (10 years)
Note... this setting is quite new so I am not adding a migration here to
clean up history. Instead next time users save the setting it will complain.

Also explicitly call out that the value 0 is special and used to disable
the job.
2019-04-29 14:51:15 +10:00
Robin Ward
6f56fba016 UX: Update post actions to "Approve Post" and "Reject Post"
This should be more clear.
2019-04-23 12:19:11 -04:00
Gerhard Schlager
a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Jeff Atwood
46f628aa7c minor copyedit 2019-04-22 20:45:29 -07:00
Rishabh
5ab62874e7 UX: Add link to e-mail troubleshooting guide on the finish-installation/confirm-email dialog 2019-04-23 09:02:12 +05:30
Bianca Nenciu
9050b1bf5a FIX: Add unique index on group_requests(group_id, user_id). (#7399) 2019-04-23 12:51:30 +10:00
Jeff Atwood
e0e12c63e8 minor copyedit 2019-04-22 16:51:56 -07:00
Arpit Jalan
a63ef4cfc8
FEATURE: better wizard privacy controls (#7391) 2019-04-22 19:47:29 +05:30
Dan Ungureanu
57d1dea8a2
FEATURE: Let staff add custom post notices. (#7377) 2019-04-19 17:53:58 +03:00
Tarek Khalil
6e46197bc8
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
2019-04-18 12:36:37 +01:00
Penar Musaraj
7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Robin Ward
14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Roman Rizzi
12a5c69abd
FEATURE: Allow users to tone down digest emails (#7353)
* FEATURE: Allow user to tone down email digest insteand of only unsubscribing

* Reordered options and select the next slowest frequency by default
2019-04-17 12:14:40 -03:00
Penar Musaraj
cec0b580e6 UX: detect DiscourseHub user agent in recently used devices 2019-04-16 13:50:47 -04:00
Gerhard Schlager
72a7f9af87 FIX: Add the last missing translation for push notifications
and sync the message for "custom" with the message of regular notifications
2019-04-16 18:04:46 +02:00
Sam Saffron
0c35b8b420 FEATURE: add suggested_topics_unread_max_days_old
This new site setting determines the maximum age of unread topics in
suggested. By default if you have any unread topics older than 90 days
they will be omitted from suggested.

This change was added for 2 reasons:

1. A performance safeguard, some users tend to collect a huge amount of
read state so it becomes super expensive to find unread

2. People who collect a large amount of unread are much more interested in
recent unread topics vs ancient unread topics, this makes suggested more
relevant

Also, this is a minor speed up for tests cause 3 expensive tests became 1.
2019-04-16 17:52:10 +10:00
Penar Musaraj
24fd710f04 Revert "FIX: strip spoilers in notification excerpts"
This reverts commit 55942224ed.
2019-04-15 10:15:17 -04:00
Dan Ungureanu
e92cd5318b FEATURE: Add setting to strip whitespaces from incoming emails. (#7375)
Some email clients add leading whitespaces which get are transformed in
code blocks when processed.
2019-04-15 16:26:00 +10:00
Penar Musaraj
55942224ed FIX: strip spoilers in notification excerpts 2019-04-12 12:00:49 -04:00
Jeff Atwood
ef621f4c6e minor copyedt 2019-04-11 17:22:20 -07:00
David Taylor
24ef4f7b2b Remove support for disable_jump_reply user setting (#7359) 2019-04-12 09:03:06 +10:00
David Taylor
dc703adad7 FEATURE: Add user preference for title counter mode (#7364) 2019-04-12 09:02:18 +10:00
Robin Ward
331a809738 FEATURE: Display the reason for many reviewable items
Queued Posts and Users will now display a reason why they are in the
review queue.
2019-04-11 12:04:45 -04:00
Arpit Jalan
7143572e0c
FIX: correctly retrieve 'login required' setting value on wizard (#7355)
* FIX: correctly retrieve 'login required' setting value on wizard

FEATURE: extract 'invite only' setting in a separate checkbox control

* Update invite_only checkbox locale on wizard.

Co-Authored-By: techAPJ <arpit@techapj.com>
2019-04-11 20:25:08 +05:30
Bianca Nenciu
3d545d66df FEATURE: Send user activation reminders. (#7280) 2019-04-10 16:53:52 +02:00
Tarek Khalil
442fb2facb FEATURE: Remove ignore feature SiteSetting and enable ignore by default (#7349) 2019-04-10 12:54:59 +02:00
Robin Ward
103918af0f FIX: Pending users email went to the wrong place 2019-04-09 15:35:16 -04:00
Tarek Khalil
307499e48b FIX: Keep highlighted text for quoted replies by ignored users (#7345) 2019-04-09 17:33:12 +02:00
David Taylor
f524f8f811
Remove Yahoo login support from core and deprecate OpenID2.0 (#7310)
- Plugin developers using OpenID2.0 should migrate to OAuth2 or OIDC. OpenID2.0 APIs will be removed in v2.4.0

- For sites requiring Yahoo login, it can be implemented using the OpenID Connect plugin: https://meta.discourse.org/t/103632

For more information, see https://meta.discourse.org/t/113249
2019-04-08 10:38:25 +01:00
David Taylor
6a05f190c6
PERF: Do not create staged users for most rejected incoming emails (#7301)
Previously we would create users, then destroy them at the end of the job if the post was rejected. Now we do not create users unless required.
2019-04-08 10:36:39 +01:00
Kris
10314cbb86 UX: Add "consecutive" to visit badge short descriptions 2019-04-05 16:25:08 -04:00
Robin Ward
2055804e95 FIX: The option to delete replies was missing from the new review queue 2019-04-04 15:51:36 -04:00
Saurabh Patel
da2f659635 UX: Improve posts layout for crawler (#7286) 2019-04-03 11:58:00 +02:00
venarius
c185109380 FIX: Restricted site text better error 2019-04-02 11:16:27 -04:00
Robin Ward
6ebadaed2c FIX: Do not allow invite_only and enable_sso at the same time
This functionality was never supported but before the new review queue
it didn't have any errors. Now the combination of settings is prevented
and existing sites with sso enabled will be migrated to remove invite
only.
2019-04-02 10:26:27 -04:00
Robin Ward
76669bb5a6 FIX: Don't refer to pending review items as flags
They could be queued posts or users, and the notice should reflect that
properly.
2019-04-01 14:46:56 -04:00
Penar Musaraj
fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Sam Saffron
3c5258758b minor copyedit
followup on 88128f1c
2019-04-01 15:37:27 +11:00
Maja Komel
88128f1ced UX: show which groups are missing permissions for parent category (#7252) 2019-04-01 15:34:52 +11:00
Maja Komel
4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Bianca Nenciu
a9798f0c47
FEATURE: Add page for all group membership requests. (#6909) 2019-03-27 13:30:59 +02:00
Guo Xiang Tan
ac661e856a
FEATURE: Allow categories to be prioritized/deprioritized in search. (#7209) 2019-03-25 10:59:55 +08:00
Rafael dos Santos Silva
4c23083c57 FIX: Set text for titles in custom push notifications
This will fix a broken translation on the push notification
you receive when someone assigns you a topic.
2019-03-22 15:19:04 -03:00
David Taylor
a9d5ffbe3d FIX: Prevent critical emails bypassing disable, and improve email test logic
- The test_email job is removed, because it was always being run synchronously (not in sidekiq)
- 34b29f62 added a bypass for critical emails, to match the spec. This removes the bypass, and removes the spec.
- This adapts the specs for 72ffabf6, so that they check for emails being sent
- This reimplements c2797921, allowing test emails to be sent even when emails are disabled
2019-03-22 17:28:43 +08:00
David Taylor
3f9e7eb326 FIX: Respect the disable_emails=non-staff site setting correctly
This reverts commit c279792130.

This commit inadvertently removed all of the non-staff email logic, rather than just for the 'test email' button. 

https://meta.discourse.org/t/112231/5
2019-03-21 21:44:14 +00:00
Maja Komel
34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil
605530a77f FEATURE: Include muted users count within the ignored users report (#7230) 2019-03-21 14:31:45 +01:00
Gerhard Schlager
41c7423985 UX: Use a less technical term ("replace") for reseeding (#7223) 2019-03-21 16:22:07 +11:00
Rishabh
ad6ad3f679 DEV: Remove SiteSetting.s3_force_path_style (#7210)
- s3_force_path_style was added as a Minio specific url scheme but it has never been well supported in our code base.
- Our new migrate_to_s3 rake task does not work reliably with path style urls too
- Minio has also added support for virtual style requests i.e the same scheme as AWS S3/DO Spaces so we can rely on that instead of using path style requests.
- Add migration to drop s3_force_path_style from the site_settings table
2019-03-20 14:58:20 +01:00
Gerhard Schlager
3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Dan Ungureanu
976ea160e9
FEATURE: Post notices become old after 14 days. (#7197) 2019-03-18 18:20:49 +02:00
Bianca Nenciu
2347661a74 FEATURE: Clean up inactive users. (#7172) 2019-03-18 16:25:15 +01:00
Maja Komel
7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Jeff Atwood
20a99ceb8f minor copyedits 2019-03-16 02:03:50 -07:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Bianca Nenciu
d352baa1a2
FEATURE: Enforce two-factor authentication. (#6348) 2019-03-15 13:09:37 +02:00
Tarek Khalil
08f626d351
REFACTOR: copy change for ignore users moderator message (#7174) 2019-03-15 00:02:15 +00:00
Tarek Khalil
bd6d31c9ec
FEATURE: Add IgnoredUsersSummary daily job (#7144)
* FEATURE: Add `IgnoredUsersSummary` daily job

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8).

We want to:

1. Send an automatic group PM that goes out to moderators
2. When {x} users have Ignored the same user, threshold defined by a site setting, default of 5
3. Only send this message every X days which is defined by another site setting
2019-03-14 22:51:43 +00:00
Gerhard Schlager
c34a6ba674 REFACTOR: Rename site settings to make them less confusing 2019-03-14 13:40:14 +01:00
David Taylor
420c6f8102
FEATURE: Skip sending emails to domains on the .invalid TLD (#7162)
This is a reserved TLD which we use when importing users without an email address. https://tools.ietf.org/html/rfc2606
2019-03-13 16:17:59 +00:00
Bianca Nenciu
76a14c47ac FEATURE: Add site contact group. (#7152) 2019-03-13 11:34:47 +01:00
Dan Ungureanu
7310ee3ef1 FEATURE: Add more control over post notices. (#7148) 2019-03-13 08:06:28 +11:00
Simon Cossar
e5e2fa4064 FEATURE: unhide the embed_whitelist_selector setting (#7137)
* Unhide embed_whitelist_selector Site Setting and move it to Posting section
* Add i18n key for the embed_whitelist_selector setting
2019-03-12 18:08:56 +01:00
Tarek Khalil
28384ba62c
FEATURE: Add Top Ignored Users report (#7153)
* FEATURE: Add `Top Ignored Users` report

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8), and also part of [this PR](https://github.com/discourse/discourse/pull/7144).

We want to send a System Message daily when a specific count threshold for an ignored is reached. To make this system message informative, we want to link to a report for the Top Ignored Users too.
2019-03-12 16:01:58 +00:00
Simon Cossar
41f09ee29c
Update copy for category permission_conflict 2019-03-08 15:49:27 -08:00
Tarek Khalil
9fa2ba6f99 FIX: Add translation to ignore_user_enabled SiteSetting (#7134) 2019-03-08 17:50:04 +01:00
Dan Ungureanu
35942f7c7c
FEATURE: Special call-out for new / returning posters. (#7115) 2019-03-08 10:48:35 +02:00
Gerhard Schlager
1121514799 UX: Localize date format in "new user of the month" message 2019-03-06 21:58:25 +01:00
Tarek Khalil
b58eea1fcb
FEATURE: Hide ignored user's Original Post content (#7113)
* FEATURE: Hide ignored user's Original Post content
2019-03-06 09:20:45 +00:00
Gerhard Schlager
ccb48bef75 UX: Make Uncategorized category less confusing
* Adds warnings to the "Edit Category" dialog
* Doesn't hide the "Security" tab on the "Edit Category" dialog anymore. Instead, it shows an explanation why permissions can't be changed.
* Makes the category name translatable
* Hides the category name from the edit dialog (it can be customized by overriding the translation)
* Creates a translation override if the category has been renamed in the past
2019-03-05 14:42:41 +01:00
Davide Porrovecchio
75aaae5d5c FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting (#6779) 2019-02-26 17:03:20 +01:00
Joffrey JAFFEUX
7ccb0b882f
FIX: ensures topic’s category allows topics tags (#7060) 2019-02-26 11:21:55 +01:00
Gerhard Schlager
964e7edcaf UX: Make "Category" in topic validation errors translatable 2019-02-20 16:52:45 +01:00
Gerhard Schlager
66901f67f6 UX: Moderator post wasn't completely translatable 2019-02-20 16:37:47 +01:00
Joshua Rosenfeld
f0414487f0
Update private_email site setting description
The `private_email` site setting also disables digest emails, as such emails are not useful without content.
2019-02-19 20:43:39 -05:00
Gerhard Schlager
08ae73f868 Fix typo 2019-02-18 16:51:57 +01:00
Maja Komel
39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Gerhard Schlager
b087719340 FEATURE: Setting for excluding optimized images from backups 2019-02-13 11:10:51 +01:00
Gerhard Schlager
9eb7dea0f1 FEATURE: Setting for compression level of upload in backups 2019-02-12 15:50:31 +01:00
David Taylor
0c14f0d0a0 UX: Rename color scheme to color palette in UI
The word 'scheme' was very easy to get confused with 'theme', this provides a better distinction.
2019-02-07 11:04:49 +00:00
Arpit Jalan
381793243e FIX: include error message if the "accept invite" process fails 2019-02-06 19:20:25 +05:30
Gerhard Schlager
ba724d7f25 FIX: S3 endpoint broke bucket creation in non-default region 2019-02-05 18:17:02 +01:00
Maja Komel
d42139dfaa fix typo 2019-02-05 12:59:20 +01:00
Vinoth Kannan
b4f713ca52
FEATURE: Use amazon s3 inventory to manage upload stats (#6867) 2019-02-01 10:10:48 +05:30
David Taylor
77d26b9df6 FIX: Support application/gzip theme imports, and improve error message 2019-01-28 11:51:14 +00:00
Simon Cossar
47dbf54960 Update descriptions of public and staff user custom field Site Settings (#6954) 2019-01-25 14:47:36 -08:00
Joffrey JAFFEUX
85002cf02b
UX: improves copy of various reports (#6950) 2019-01-25 16:58:18 +01:00
David Taylor
a48731e359
FEATURE: Support additional metadata in theme about.json (#6944)
New `about.json` fields (all optional):
 - `authors`: An arbitrary string describing the theme authors
 - `theme_version`: An arbitrary string describing the theme version
 - `minimum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.
 - `maximum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.

A localized description for a theme can be provided in the language files under the `theme_metadata.description` key

The admin UI has been re-arranged to display this new information, and give more prominence to the remote theme options.
2019-01-25 14:19:01 +00:00
Joffrey JAFFEUX
f461a9971f
FIX: makes staff_logins show only admins (#6948) 2019-01-25 11:28:52 +01:00
Joshua Rosenfeld
1bf3e46537
UX: Improve global notice description
Add "non-dismissible" to the site setting description for global notice per https://meta.discourse.org/t/global-notice-whats-the-use-case/107355/5
2019-01-24 10:34:31 -05:00
David Taylor
afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
Bhanu
035c330457 Update Twitter App links
Twitter changed their Developer page link again, apps.twitter.com is now in sunset phase.
2019-01-22 09:10:22 -05:00
Joffrey JAFFEUX
3e1e9fce7e
FIX: better legend labels for stacked-charts (#6914) 2019-01-21 17:10:10 +01:00
Joffrey JAFFEUX
b95165b838
FEATURE: adds a new chart report to track pageviews (#6913) 2019-01-21 15:17:04 +01:00
Jeff Atwood
444bc466b0 for docs, normalize on space after code fence when specifying lang 2019-01-21 01:19:28 -08:00
Guo Xiang Tan
27c421775e Fix broken spec. 2019-01-21 16:15:39 +08:00
Jeff Atwood
9b7cbe444c copyedits 2019-01-20 23:35:45 -08:00
Vinoth Kannan
9cf4013073 Add raw post content in "flagged post removed by staff" PM 2019-01-21 12:27:23 +05:30
Claas Augner
78362448bc I18n: fix typo (#6903)
In site_settings.likes_notification_consolidation_window_mins
2019-01-18 10:01:41 -05:00
Rishabh
a827e2afe3 UX: correct innacurate descriptions for short_title, pwa_config_title_warning
follow-up on 1a39f6fd
2019-01-18 11:29:16 +05:30
Gerhard Schlager
1d0ee6fa8d UX: Remove unused translations (#6885)
These messages aren't needed any more since bb93a345eb
2019-01-18 12:09:20 +08:00
Jeff Atwood
b2a12de8a1 remove out of date copy on category desc 2019-01-17 16:54:52 -08:00
Penar Musaraj
3501533a2b DEV: unpin Prettier version, apply to YAML files
We had Prettier pinned because of https://github.com/prettier/prettier/issues/5529. Since that bug is fixed, unpinning.

Prettier now supports YAML, so this applies Prettier to all .yml except for translations, which should not be edited directly anyway.
2019-01-17 13:05:39 -05:00
David Taylor
880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Rishabh
1a39f6fd5d UX: Improve short_title SiteSetting description 2019-01-17 13:15:47 +05:30
Rishabh
88546bfe00
UX: Improve logo setting texts to hint that dimensions are a requirement (#6892)
* UX: Improve logo setting texts to hint that dimensions are a requirement
follow-up on 67a7670b
Use 512 × 512 instead of 512 x 512 or 512 by 512

* UX: Normalize all SiteSetting text dimensions to use the '512 × 512' format
2019-01-17 12:49:43 +05:30
Jeff Atwood
67a7670bab copyedits 2019-01-16 19:43:28 -08:00
Jeff Atwood
2fad75306d minor copyedit 2019-01-16 19:13:41 -08:00
Jeff Atwood
9f179d4986 UX: soften dashboard warning PM 2019-01-16 15:11:06 -08:00
Guo Xiang Tan
e7b49c42c4 FIX: Allow liked notifications consolidation to be disabled. 2019-01-16 16:17:04 +08:00
Guo Xiang Tan
ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Penar Musaraj
1c1fd2051f
FEATURE: enable CSP by default on new sites (#6873)
- adds migration to enable CSP for new sites
- removes "EXPERIMENTAL" labels from setting names
- sets CSP violation report to default off
- adds CSP-related note to GTM setting
2019-01-15 08:58:46 -05:00
David Taylor
1ebd3dbbd0
FEATURE: Allow the base font size to be changed on a per-user basis (#6859) 2019-01-14 13:21:46 +00:00
Arpit Jalan
93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor
a8fc677677 FIX: Correct copy for flag_sockpuppets site setting 2019-01-11 17:31:41 +00:00
Vinoth Kannan
2684ecaecf minor copyedit
Topics will be in closed status until the community flags are handled
2019-01-09 14:49:28 +05:30
Rafael dos Santos Silva
f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Arpit Jalan
e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
Gerhard Schlager
c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
cfitz
19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Joshua Rosenfeld
e74dd273b9
UX: Update site setting description to match current function 2019-01-03 19:08:25 -05:00
Vinoth Kannan
385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Joe
2914431729
Improves admin and wizard logo copy
History:

https://meta.discourse.org/t/logo-recommended-resolution-tips/105053/6
2019-01-02 14:12:40 +08:00
Arpit Jalan
70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Joffrey JAFFEUX
f1269fa807
FEATURE: Add Top Uploads report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Joe
eaabbe5943
UX: improves help text for admin and wizard logo settings 2018-12-28 17:48:33 +08:00
Joffrey JAFFEUX
0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Jeff Atwood
29c455bb7f minor copyedit on embedding referer error 2018-12-21 17:27:56 -08:00
Joffrey JAFFEUX
e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Rishabh
c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Gerhard Schlager
01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
David Taylor
430083019d UX: Improve dashboard report title copy
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Neil Lalonde
a1db15fead FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-12 15:32:38 -05:00
Bianca Nenciu
7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel
dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Bianca Nenciu
41e184280d FEATURE: Remove full quotes of direct replies. (#6729) 2018-12-07 13:07:11 +01:00
Gerhard Schlager
43cfdb1cb9 FIX: Wizard tries harder to find existing Welcome Topic
The wizard searches for:

* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic

It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Bianca Nenciu
e9bbdef156 FEATURE: Add support for inline emoji translation. 2018-12-05 21:58:55 +01:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Jeff Atwood
1d8266a623 very minor copyedit 2018-12-05 03:18:11 -08:00
Jeff Atwood
ba762ea87f minor copyedit 2018-12-04 16:36:47 -08:00
Maja Komel
1073634271 FIX: show generic title when quoting off-topic secure category posts 2018-12-03 09:42:32 +11:00
Saurabh Patel
55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Penar Musaraj
654b80e472 FIX: add FA Discourse icon, update setting instructions 2018-11-28 09:53:06 -05:00
Gerhard Schlager
e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Jeff Atwood
54c599c7a3 copyedit on max consecutive replies help 2018-11-27 03:35:27 -08:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Vinoth Kannan
cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply (#6648) 2018-11-27 00:29:37 +05:30
Guo Xiang Tan
1def6c08ec Fix copy due to 050dd57494. 2018-11-21 08:00:15 +08:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Jeff Atwood
050dd57494 update wizard intro copy step 2018-11-20 13:43:18 -08:00
Erick Guan
a2042c8e7d strip unused string from an deleted site setting 2018-11-20 14:28:42 +01:00
Bianca Nenciu
a0022a1771 FIX: Use count variable for pluralized string. 2018-11-20 14:17:31 +02:00
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Guo Xiang Tan
44d7249a17
Stop seeding assets for site design topic. (#6609) 2018-11-16 12:57:04 +08:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Bianca Nenciu
b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
Penar Musaraj
f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Robin Ward
0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Gerhard Schlager
5c845c5877 Remove unused copy 2018-11-08 23:31:05 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Claas Augner
31ee618b50 Fix typo in server.en.yml 2018-11-06 22:47:52 +00:00
Daniel Hollas
30501b6660 Fix link to GitHub oauth registration page (#6567)
* Fix link to GitHub oauth registration page

The old link lead only to the list of authorised apps for a particular user.

* Whoops, fix href tag.

Co-Authored-By: danielhollas <danekhollas@gmail.com>
2018-11-06 15:22:16 +00:00
Joffrey JAFFEUX
75b1865d15
UX: adds new categories layouts to the wizard (#6569) 2018-11-06 15:52:13 +01:00
Bianca Nenciu
bd3e8d1a54 UX: Minor copyedit. 2018-11-05 13:58:20 +02:00
Jeff Atwood
48501b0d45 minor wizard copyedit 2018-11-03 15:36:29 -07:00
scossar
939d5ede91 Fix sso overrides avatar description 2018-11-02 11:52:49 -07:00
Robin Ward
5194313133 Revert "Add base_url to config locales (#6510)"
This reverts commit 8a443e051b.
2018-11-02 10:58:28 -04:00
Joffrey JAFFEUX
4e0f033fae
FEATURE: adds ignored flags to most_disagreed_flags report (#6554) 2018-11-02 11:08:00 +01:00
Régis Hanol
0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Daniel Kessler
8a443e051b Add base_url to config locales (#6510) 2018-10-31 08:19:37 +00:00
Bianca Nenciu
e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu
087b12b40c FIX: Fix 'New Login Alert' message. (#6539) 2018-10-30 19:13:25 +00:00
Maja Komel
5485248fbe FIX: sso provider copyedit 2018-10-30 10:02:22 +01:00
Jeff Atwood
8e12846b9c more copyedits on staff unusual login email 2018-10-27 18:30:45 -07:00
Jeff Atwood
a453643a5b copyedits on staff unusual login alert 2018-10-27 18:17:40 -07:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Jeff Atwood
54e025225d minor copyedit 2018-10-24 16:22:29 -07:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Rafael dos Santos Silva
db26fe1527 FIX: Proper naming for the GNU/Linux OS 2018-10-22 13:34:01 -03:00
Bianca Nenciu
99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
Arpit Jalan
ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu
b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Joshua Rosenfeld
fd48ba10b8
Add quotes to site setting HTML links 2018-10-10 16:53:02 -04:00
Joshua Rosenfeld
51029e3884
Revert sendgrid URL change
per 2ded524b5a
2018-10-10 09:00:39 -04:00
Joshua Rosenfeld
18e99ddfa9 Link to social login instructions in site settings 2018-10-10 08:46:48 -04:00
Joshua Rosenfeld
cd2b8d40f1 Properly link to URLs in site settings 2018-10-10 08:46:03 -04:00
Joshua Rosenfeld
d35bce96ab Use https:// when possible 2018-10-10 07:11:58 -04:00
Joshua Rosenfeld
3d8b063c83
Update test_mailer to minimize URL redirects 2018-10-10 06:16:33 -04:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Maja Komel
361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Sam
0e10b47618 UX: make responsive_post_image_sizes a visible site setting
This is useful for sites that want to cut bandwidth by decreasing
fidelity of thumbnails.
2018-10-03 15:06:37 +10:00
Bianca Nenciu
e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
David Taylor
2a8ce0cb04
UX: Improve shared_drafts_category description 2018-09-27 22:39:10 +01:00
David Taylor
0b2b617483 FIX: Corrected copy on post_edit_time_limit site setting 2018-09-26 18:49:10 +01:00
Neil Lalonde
f8a77cd041 FIX: links in TL1 promotion system message for subfolder installs 2018-09-21 12:20:59 -04:00
Régis Hanol
4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Rishabh
4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
OsamaSayegh
c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
Bianca Nenciu
aca195e4a7 Remove unused site setting. (#6398) 2018-09-14 07:49:32 +00:00
pmusaraj
aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
Sam
d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Jeff Atwood
5baecffb0d improved opengraph site setting copy 2018-09-05 19:54:45 -07:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Bianca Nenciu
72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Gerhard Schlager
3d176d9984 Add missing copy 2018-08-23 09:44:15 +02:00
Guo Xiang Tan
f28a53db48 Copy changes for old destination email template.. 2018-08-23 14:43:38 +08:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Guo Xiang Tan
36a7028f19 FEATURE: Clean up PostReplyKey records.
* Default retention of 90 days.
2018-08-23 10:40:02 +08:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Gerhard Schlager
14af90df5b UX: Stop putting usernames in edit reason when changing post owner 2018-08-20 12:28:04 +02:00
Misaka 0x4e21
d4fd19d49a UX: Replace Google search with Discourse search on not found page
* UX: Replace Google search with Discourse search on not found page.

* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Gerhard Schlager
aaf50ad187 FIX: System messages not sent via email don't have a prefix 2018-08-06 15:43:29 +02:00
Jeff Atwood
294b849d05 minor copyedit 2018-08-05 14:30:11 -07:00
Jeff Atwood
3868151770 add optional copy to some goog settings 2018-08-03 20:41:33 -07:00
Jeff Atwood
e1c7fe7dba copyedit on email revoked PM 2018-08-03 17:25:52 -07:00
Régis Hanol
ac2513b0f2 FEATURE: automatic PM when a user's email is revoked 2018-08-03 16:39:22 +02:00
Osama Sayegh
880462a41c FEATURE: display out of date themes on admin dashboard
* FEATURE: disaply out of date themes on admin dashboard

* Update copy
2018-08-03 09:53:48 +10:00
Jeff Atwood
c81bad3232
Merge pull request #6232 from OsamaSayegh/message-email-short-reply
UX: better rejection message when reply via email is too short
2018-08-02 14:25:04 -07:00
OsamaSayegh
a157dfd418 UX: better rejection message when reply via email is too short 2018-08-02 22:43:53 +03:00
Joffrey JAFFEUX
9073e11943
FIX: improves number/percent support in reports 2018-08-01 18:40:59 -04:00
Penar Musaraj
4a872823e7 Improvements to user drafts (#6226)
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Penar Musaraj
1f45215537 FEATURE: Drafts view in user profile
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Joffrey JAFFEUX
849f0d00f6
FEATURE: adds revision_count to moderators_activity (#6218)
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-31 23:40:45 -04:00
Jeff Atwood
7d8286e7ad minor copyedits on 2fa backup codes 2018-07-31 17:32:05 -07:00
Vinoth Kannan
ece3cb73df Rename humburger_menu_categories_count site setting to header_dropdown_category_count 2018-07-31 09:12:30 +05:30
Neil Lalonde
fd29ecb91a UX: include a flag reason in the post-deleted-by-staff-because-of-flags message 2018-07-30 16:45:46 -04:00
Vinoth Kannan
78d91b1daf
UX: Changes in top categories of hamburger menu (#6200) 2018-07-30 14:13:00 +05:30
Arpit Jalan
fc3b904e1f remove "track external right clicks" feature 2018-07-29 15:01:33 +05:30
Jeff Atwood
269baf90cb copyedit on flagged post removal 2018-07-25 10:45:57 -07:00
Dan Ungureanu
f540020d1d Add different trigger for the emoji popup of French users. (#6140) 2018-07-25 16:39:06 +10:00
Neil Lalonde
fe39cdc90a FEATURE: when a post is deleted because a moderator agreed with flags, send a message to the post author 2018-07-24 17:17:56 -04:00
Joffrey JAFFEUX
7a3c541077
UX: Preview multiple color schemes in wizard (#6151)
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.

Theme preview windows are shrinked.

Imported default color schemes.

Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
2018-07-24 09:00:20 -04:00
Guo Xiang Tan
ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Jeff Atwood
ab5d40c319
Merge pull request #6135 from udan11/fix_dead_link
Fix dead link present in admin account registration instructions.
2018-07-22 21:05:43 -07:00
Vinoth Kannan
f8e9190617 FEATURE: Retry web hook when it is failed 2018-07-23 10:12:04 +08:00
Dan Ungureanu
159266ae66 FIX: Fix dead link present in admin account registration instructions. 2018-07-22 18:16:32 +02:00
Joffrey JAFFEUX
a0793387cf
FEATURE: differentiates pms in moderators activity report (#6117)
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 19:29:42 -04:00
Joffrey JAFFEUX
1a78e12f4e
FEATURE: part 2 of dashboard improvements
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Rishabh
a6c589d882 FEATURE: Add custom S3 Endpoint and DigitalOcean Spaces/Minio support for Backups (#6045)
- Add custom S3 Endpoints and DigitalOcean Spaces support
- Add Minio support using 'force_path_style' option and fix uploads to custom endpoint
2018-07-16 14:44:55 +10:00
Keith David Winkler
fa1c676c05 FIX: grammar/spelling error in server.en.yml (#6089) 2018-07-16 10:29:15 +10:00
Jeff Atwood
21de8411c9 some badge copy grooming 2018-07-12 15:50:34 -07:00
Arpit Jalan
bd760e98af FIX: display error message when upload fails in wizard 2018-07-12 12:08:09 +05:30
Guo Xiang Tan
96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
David Taylor
9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
Patrick Gansterer
28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Arpit Jalan
a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Jeff Atwood
67a986f30d centralize trust level doc to blog 2018-06-25 17:34:47 -07:00
Neil Lalonde
b3073175a7 FIX: missing translations for mobile flag modal 2018-06-25 10:59:44 -04:00
Ernesto Serrano
d1297b7296 Update server.en.yml 2018-06-25 16:18:07 +10:00
Ernesto Serrano
64941e7f91 Update server.en.yml 2018-06-25 16:18:07 +10:00
Jeff Atwood
549a47e801 copyedit on TL1 welcome (again) 2018-06-23 22:29:13 -07:00
Jeff Atwood
d634486870 copyedit on TL1 congrats PM 2018-06-23 14:30:04 -07:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Sam
591512fcb8 adjust defaults for search log retention 2018-06-20 10:46:07 +10:00
riking
38a8e52ca4 FIX: Add time retention limit to search logs
3 years is a very conservative limit that allows for a very wide buffer
for year-over-year analysis. The max is set to 5 years because that is
the policy listed for logging in hosted Discourse.
2018-06-20 10:44:11 +10:00
Arpit Jalan
aedc61a3b4 FEATURE: allow large icon to be uploaded in wizard 2018-06-19 21:08:02 +05:30
Michael Brown
ae5d255f83 FIX: Reference example.com instead of somesite.com in examples
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
Neil Lalonde
320cd9a19e UX: rate limiter message will say to wait "a few seconds" instead of 0 to 3 seconds 2018-06-18 14:14:47 -04:00
Joffrey JAFFEUX
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Arpit Jalan
f1d1207725 FIX: improve context when user deletes self 2018-06-18 11:36:22 +05:30
Arpit Jalan
c7ee70941e FEATURE: show category page options on wizard 'homepage' step 2018-06-15 19:11:41 +05:30
Robin Ward
fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Jeff Wong
4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Gerhard Schlager
150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Régis Hanol
dc61eaad37 FEATURE: new 'min ratio to crop' site setting 2018-06-05 17:13:00 +02:00
Arpit Jalan
36f9af4fa4 minor optimizations for post rejected logs 2018-06-02 09:44:55 +05:30
Ryan Mulligan
fac4bf2f85 ignore emails that are from the reply by email addresses (#5843) 2018-05-23 10:04:45 +02:00
Jeff Atwood
4329b484e8 minor copyedit on dashboard chart title 2018-05-18 16:04:33 -07:00
Sam
0db04956d7 update description of graph 2018-05-17 12:24:13 +10:00
Sam
6796d72e9d Shorten copy 2018-05-17 10:26:30 +10:00
Jeff Atwood
7195bdf025 very minor copyedit 2018-05-16 16:08:14 -07:00
Sam
4461de6281 improve tooltip 2018-05-15 10:32:41 +10:00
Joffrey JAFFEUX
e474351ae4
inactive users report is not used anymore 2018-05-14 21:31:14 +02:00
Sam
6332d5040d UX: switch dashboard to be the new dashboard
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam
8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Joshua Rosenfeld
52d6b0f948
Minor copyedit 2018-05-10 15:24:27 -04:00
Régis Hanol
86eb3528ec FEATURE: clearer error message when receiving a reply to an old notification 2018-05-09 18:51:01 +02:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Robin Ward
8262fc5d15
Merge pull request #5807 from discourse/min-flags-by-topic
FEATURE: New site setting `min_flags_staff_visibility`
2018-05-08 09:17:29 -04:00
Robin Ward
ac60a84329 FEATURE: New site setting min_flags_staff_visibility
When set higher than 1, flags won't show up for staff in the admin
section unless the minimum threshold of flags on a post is reached.
2018-05-07 16:05:13 -04:00
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Jeff Wong
62a8904729
Feature: Include participants at the bottom of PM emails (#5797)
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Michael Brown
beef046259 Clarify user-to-user message report titles 2018-05-01 16:43:07 -04:00
Jeff Atwood
f0bdca87d8 improve help copy on enable local logins 2018-04-28 23:27:16 -07:00
Joffrey JAFFEUX
9fabf2543b
dashboard next: activity metrics and new contributors
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
Sam
88f5251415 FIX: disallow invalid top_menu and post_menu and share_links
In the past any text could be entered there causing big potential issues
2018-04-26 17:00:56 +10:00
Sam
c7a0ced656 FIX: remove facebook_request_extra_profile_details
Since this no longer works
2018-04-26 14:14:35 +10:00
Jeff Atwood
0cad5b2125 missed a file somehow 2018-04-25 12:47:09 -07:00
Jeff Atwood
6fae1cee34 better help for typographer setting 2018-04-25 12:46:45 -07:00
Arpit Jalan
4f55fbfefa FEATURE: include report title in PM subject and filename 2018-04-24 22:25:54 +05:30
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Neil Lalonde
70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Joffrey JAFFEUX
0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX
01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Joffrey JAFFEUX
06b6c805d5
dashboard next: adds report for user types 2018-04-16 13:03:43 +02:00
Arpit Jalan
a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Jeff Atwood
3d5a55b55b update copy for post hidden twice 2018-04-11 18:28:19 -07:00
Arpit Jalan
9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Sam
afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Sam
6995382323 update copy 2018-04-10 09:51:29 +10:00
Sam
c081130601 remove uneeded words 2018-04-09 17:28:25 +10:00
Guo Xiang Tan
c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
jose-hms
b87205831b FEATURE: Staged user moderation (#5721) 2018-04-06 11:41:25 +02:00
Sam
3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Gerhard Schlager
cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Jeff Atwood
e591f08495 remove "for today" text from rate limit copy 2018-03-29 15:00:42 -07:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Arpit Jalan
518f7ba91b FIX: show private message topic count on admin dashboard reports 2018-03-27 17:10:33 +05:30
Guo Xiang Tan
35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Jeff Atwood
90af1659ff very minor copyedits on 2fa 2018-03-22 17:17:47 -07:00
Jeff Atwood
1d3a142f35 minor copyedits 2018-03-22 15:27:07 -07:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Jeff Atwood
448f4afa68 copyedits on login via email link 2018-03-22 04:19:34 -07:00
Jeff Atwood
096c3a0bf8 copyedits on 2 factor auth 2018-03-22 03:39:06 -07:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Neil Lalonde
4d44024c82 FIX: error when trying to block an IP address. Return a message when IP address matches an existing screened IP address, including ranges. 2018-03-19 14:34:43 -04:00
Régis Hanol
9de134caa0
Better copy for redirect_warning' 2018-03-19 16:02:07 +01:00
Régis Hanol
89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
AhmadFCheema
d75eb23231 Fix typos in server.en.yml (#5668)
* Fix typos in server.en.yml

* Minor typo correction

Emoji = Emojis
2018-03-12 20:21:04 +08:00
Arpit Jalan
12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Sam
7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Sam
5b6e49ae1d FEATURE: split out max diff to 2 settings
We trust staff + tl2 and up to perform edits in grace period.
Allow them significantly more edit room in grace period prior to storing
a revision.

editing_grace_period_max_diff_high_trust applies to users with tl2 and up.

So

tl0 / 1 : we store an extra revision if more than 100 chars change
tl2 and up : we store an extra revision if more than 400 chars change

We may tweak these numbers as we go.
2018-03-09 11:58:50 +11:00
Sam
e162cd16b6 FEATURE: editing_grace_period_max_diff to force revisions in grace period
If a user performs a substantive edit of 20 chars or more during grace period
we will store a revision to track the change

This allows for better auditing of changes that happen during the grace period
2018-03-07 18:34:34 +11:00
AhmadFCheema
95dd5e30c1 Fix minor typo in server.en.yml (#5649) 2018-03-05 17:27:51 -05:00
Robin Ward
0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Neil Lalonde
baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld
48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Neil Lalonde
3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan
2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward
69af881f7f New site setting trusted_users_can_edit_others
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan
24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Guo Xiang Tan
ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Vinoth Kannan
84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Joshua Rosenfeld
3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld
23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward
3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Arpit Jalan
c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh
f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle
5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
SidV
790c5facc9 Mailgun typo (#5593)
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Sam
38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward
4dfe659189 Rename allow staff flags to allow flagging staff 2018-02-12 15:27:26 -05:00
Robin Ward
6287631745 FEATURE: New site setting, allow staff flags, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
AhmadF.Cheema
e48ae647f9 Fix typo in server.en.yml 2018-02-11 21:17:22 +01:00
scossar
dab0ec1d66 Add translation key/value for target_user_not_found error message 2018-02-07 11:35:17 +01:00
Robin Ward
1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward
b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Robin Ward
96710754d9
Merge pull request #5540 from discourse/mixed-text-direction-support
FEATURE: Mixed text direction support
2018-02-01 07:29:15 -08:00
Joshua Rosenfeld
f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Arpit Jalan
a08832bd08 rename 'private messages' to 'personal messages' in locale 2018-02-01 19:25:14 +05:30
Arpit Jalan
f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Sam
ee0d3f15c1 FEATURE: allow better fidelity for auto linkify, disable most tlds based linkify
New site settings:

enable_markdown_linkify: which is default on, auto links https:// and http:// and mail://

markdown_linkify_tlds: which allows control of what tlds get autolinked for cases such as www.site.com, default is com|net|gov
2018-02-01 13:22:38 +11:00
Régis Hanol
c6fac68ccd FIX: don't blow up on badly encoding incoming email body 2018-01-30 23:47:58 +01:00
Maja Komel
018cb7f36b add a custom user onebox (#5542)
* add custom user onebox

* add specs
2018-01-30 11:03:08 +01:00
Arpit Jalan
1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
scossar
caa38aaaad Add support for mixed text directions 2018-01-28 18:33:55 -08:00
Robin Ward
44e2038b53 Setting to automatically lock posts when edited by staff 2018-01-26 14:01:30 -05:00
Arpit Jalan
7b4e6d508b improve reviving_old_topic education message 2018-01-26 00:06:53 +05:30
Gerhard Schlager
ba6cd83e3a ISO 639-1 codes aren't used in the UI anymore 2018-01-25 14:57:41 +01:00
Sam
3492a91056 FEATURE: allow site operators to disable emoji shortcuts 2018-01-24 12:21:44 +11:00
Robin Ward
782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Régis Hanol
f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Matt Palmer
133acfc805 UX: Improve description of s3_use_iam_profile
https://meta.discourse.org/t/s3-uploads-iam-user-backups-questions/78484
2018-01-20 20:19:59 +11:00
Joshua Rosenfeld
8a3c9ee3c5
FIX: notify_about_queued_posts_after copyedit
notify_about_queued_posts_after does not email contact_email anymore, notification is instead a group message to the moderators group.
2018-01-19 17:45:02 -05:00
Marcus Baw
604c189440 remove superfluous 'the' from translation file (#5508)
Original text 'Use the HTML instead of the text for incoming email.' sounds odd for native English speakers. 
I propose the slight modification 'Use HTML instead of text for incoming email.'
2018-01-17 16:52:41 +11:00
Neil Lalonde
4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Sam
49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Jeff Atwood
dcbaf2f213 copyedit: personal, not private, message throughout 2018-01-11 16:04:14 -08:00
Robin Ward
ee76636b76 FIX: Typo 2018-01-11 15:48:54 -05:00
Vinoth Kannan
b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Guo Xiang Tan
e90187cbf7
Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned
FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
2018-01-09 13:35:08 +08:00
Arpit Jalan
fc68e3d223 📅 2018! 2018-01-05 10:09:52 +05:30
Guo Xiang Tan
8a3bbcb19a FIX: Add guard to prevent a primary UserEmail from being reassigned. 2018-01-04 19:40:50 +08:00
Arpit Jalan
222fab1435 Update default ToS 2018-01-02 11:26:22 +05:30
Régis Hanol
f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Arpit Jalan
0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Jeff Atwood
3bc53f2946 very minor copyedit 2017-12-21 18:37:14 -08:00
Jeff Atwood
2a8da9a9cb minor copyedit on google id conflict message 2017-12-21 18:36:02 -08:00
Jeff Atwood
cedfd6b68c
Merge pull request #5449 from Supermathie/google_fix
FIX: google oauth flow should automatically update the google account used for login when appropriate
2017-12-21 17:46:43 -08:00
Robin Ward
69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Joshua Rosenfeld
5a9c1c13ee
minor copyedit to username_change_period 2017-12-20 18:20:22 -05:00
Michael Brown
105cf61ed9 Implements https://meta.discourse.org/t/issue-user-changed-google-account-and-cant-connect-thru-his-profile/35028/18?u=supermathie 2017-12-20 17:59:36 -05:00
Arpit Jalan
eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Sam
f5b3652d97 HTML paste is experimental 2017-12-15 12:29:39 +11:00
Arpit Jalan
f15270a0df FIX: do not onebox flagged post link 2017-12-14 22:36:32 +05:30
Vinoth Kannan
98d19616dd FIX: translation for site setting enable_rich_text_paste 2017-12-12 14:45:19 +05:30
Arpit Jalan
6acf0693a5 make crawler_user_agents a hidden setting 2017-12-11 11:10:15 +05:30
Sam
68d3c2c74f FEATURE: add global rate limiter for admin api 60 per minute
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
2017-12-11 11:07:22 +11:00
Vinoth Kannan
fdef4e58f0 Skip markdown table conversion from rich text feature flag setting 2017-12-08 18:30:38 +05:30
Vinoth Kannan
b9c0488687 New site setting to enable or disable rich text pasting 2017-12-08 14:09:39 +05:30
Joffrey JAFFEUX
fd99e1ef56 FEATURE: site setting enable_mentions to turn on/off mentions 2017-12-07 16:27:58 -05:00
Arpit Jalan
5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Gerhard Schlager
eda30c4cf2 FIX: spam posts get blocked, not silenced 2017-12-07 11:16:43 +01:00
Arpit Jalan
0e0794dff9 FIX: correct use of invitee vs inviter in email templates 2017-12-04 14:09:48 +05:30
Jeff Atwood
cf2ff76d09 FEATURE: link to meta release notes tag in version release email text 2017-12-01 12:55:03 -08:00
Régis Hanol
bf1a1764ce
FIX: translation for "destroy_reasons.same_ip_address"
Take 2
2017-12-01 18:46:12 +01:00
Régis Hanol
2366cdaefe
FIX: translation for "destroy_reasons.same_ip_address" 2017-12-01 17:38:33 +01:00
Guo Xiang Tan
1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Guo Xiang Tan
1d8b834301
Merge pull request #5369 from vinothkannans/queued
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Vinoth Kannan
31aa21b5a4 FIX: Error if queued post not found while updating 2017-11-27 19:25:51 +05:30
Guo Xiang Tan
5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Robin Ward
e0dc4ea4fc FIX: Missing i18n key 2017-11-23 13:28:06 -05:00
Régis Hanol
4addc5e329 Add missing contexts when destroying users 2017-11-22 15:43:54 +01:00
Neil Lalonde
66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Vinoth Kannan
7b494a65c9 NEW: large image placeholder added in cooked html (#5291) 2017-11-15 11:30:47 +01:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Joshua Rosenfeld
4dc29e5f9e
Missed a spot renaming block to silence 2017-11-13 15:35:52 -05:00
Sam
dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan
6090994cdf FEATURE: Retain the latest 30 days of WebHookEvent records by default. 2017-11-08 14:11:01 +08:00
Sam
56412adad5 FEATURE: custom setting for large square site icon
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Rafael dos Santos Silva
32b3847d52 FIX: Update mobile logo resolution
This makes Discourse compliant with latest Google PWA requirements,
so we get the App Install banner back.

Should bump our Lighthouse PWA Audit score to 11/11.
2017-11-01 01:51:51 -02:00
Neil Lalonde
ca8922e6f8 UX: Autobiographer badge description should link to profile preferences 2017-10-31 16:02:32 -04:00
Neil Lalonde
d753adab84 FIX: badge description links broken on subfolder 2017-10-31 15:18:52 -04:00
Penar Musaraj
bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Neil Lalonde
a5afc08363 FIX: html links in text part of summary email 2017-10-30 15:43:01 -04:00
Guo Xiang Tan
0abc5f90cd FIX: Broken link in new user of the month post. 2017-10-30 13:11:29 +08:00
Guo Xiang Tan
ddd07773da FIX: Don't hardcode the path into translations. 2017-10-30 12:47:34 +08:00
Arpit Jalan
33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Joshua Rosenfeld
128ca0d1a9 Missed a spot changing defer to ignore (#5267) 2017-10-26 15:22:45 +11:00
Robin Ward
320341ab46 Hex values should have 6 digits 2017-10-20 14:50:55 -04:00
Robin Ward
e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Arpit Jalan
804b4f32f8 better error message when API authentication fails 2017-10-20 20:05:34 +05:30
Joshua Rosenfeld
52b33b448d Use simpler language 2017-10-15 14:36:50 -04:00
Joshua Rosenfeld
512a723936 Update username rule description 2017-10-13 21:47:04 -04:00
Neil Lalonde
c29334cf23 FEATURE: the hide_email_address_taken setting works with the change email address form in user preferences 2017-10-04 11:41:25 -04:00
Neil Lalonde
1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde
e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Gerhard Schlager
7f50380221 FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 16:36:08 +02:00
Gerhard Schlager
76706f9144 FIX: don't create staged users when incoming email is rejected
FIX: don't send subscription mail to new users
2017-10-03 16:36:08 +02:00
Sam
f6fdc1ebe8 FEATURE: flexible crawler detection
You can use the crawler user agents site setting to amend what user agents
are considered crawlers based on a string match in the user agent

Also improves performance of crawler detection slightly
2017-09-29 12:31:50 +10:00
Robin Ward
41c3941c4c FEATURE: Support regular expressions for watched words 2017-09-27 15:48:57 -04:00
Gerhard Schlager
1a37812625 FIX: show error message when keys are missing in email template
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
Robin Ward
faa37c3070 FIX: Missing "no activity" message. 2017-09-26 09:37:53 -04:00
Robin Ward
677b016387 Send a suspension message via email to a user 2017-09-25 12:26:41 -04:00
Robin Ward
561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Gerhard Schlager
d51eee4dbc FIX: don't try to send a rejection message when the sender was not detected 2017-09-15 17:30:02 +02:00
Neil Lalonde
16fe7aa307 FEATURE: automatically handle flags and posts that have been waiting in a queue for a long time. Flags will be deferred. Posts waiting for approval will be rejected. Control how old the records need to be with the auto_handle_queued_age site setting. 2017-09-14 12:01:06 -04:00
Jeff Atwood
9dc5bf1d97 minor copyedits 2017-09-13 17:39:15 -07:00
Vinoth Kannan
6e9671c2c3 UX: Placeholder images color changed & tootip added 2017-09-13 15:16:38 +05:30
Neil Lalonde
beea5cac48 FIX: send the queued posts reminder as a message to moderators instead of an email to the contact_email 2017-09-12 18:00:51 -04:00
Jeff Atwood
5aba30ede6 description wasn't checked in. ???? 2017-09-06 18:46:40 -07:00
Jeff Atwood
27e4baf357 minor copyedits on visit days badges 2017-09-06 15:01:04 -07:00
Régis Hanol
8a935a4b5f FEATURE: new badges when visiting the forum for 10, 100 and 365 consecutive days 2017-09-06 22:35:08 +02:00
Joshua Rosenfeld
532b698c2f Merge pull request #5132 from tophee/master
Update "email in" help text
2017-09-04 15:19:43 -04:00
tophee
bb098af38e Update "email in" help text
https://meta.discourse.org/t/straightforward-direct-delivery-incoming-mail/49487/98?u=tophee
2017-09-04 15:32:04 +02:00
Sam Saffron
e283e6aea0 FEATURE: allowed_iframes site setting for allowing iframes
This allows you to whitelist custom iframes if needed in posts
2017-09-01 10:15:44 -04:00
Bianca Nenciu
bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Neil Lalonde
398604ac71 FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users 2017-08-25 15:20:06 -04:00
minusfive
c01dc26ea6 Add no-content message for user/activity/replies, fix no-content display 2017-08-24 09:51:39 -07:00
Jeff Atwood
ab017c90c8 improved email bad destination error copy 2017-08-23 20:04:31 -07:00
john muhl
76e134c700 fix misuse of TLD 2017-08-22 16:45:29 -05:00
Jeff Atwood
8f795b35bb missed a spot on email invite h4 to bold conversion 2017-08-16 16:43:14 -07:00
Erick Guan
77d00ea7f9 Remove hidden settings' translation (#5043) 2017-08-14 12:12:40 +02:00
Jeff Atwood
b900f1b9d5 minor improvements to setup wizard copy 2017-08-10 16:32:56 -07:00
Jeff Atwood
112133736b soften the auto-hiding PM message a bit 2017-08-10 15:34:32 -07:00
Arpit Jalan
bf2c35aa99 FEATURE: add RSS feed for badge pages 2017-08-09 13:43:49 +05:30
Guo Xiang Tan
a9613163b5 FEATURE: Force user to enter reason when requesting for group membership. 2017-08-09 15:45:28 +09:00
Leo McArdle
a7b7fe335f FIX: allow an admin to click on blank errors (#5027)
* FIX: allow an admin to click on blank errors

* i18nlize strings

* what would a rails master do?
2017-08-04 20:04:26 +02:00
Sam
f6bc572fb8 FEATURE: option to enable inline oneboxes for all domains
Also, change to prefer title over open graph which is often way too sparse
2017-08-02 14:27:31 -04:00
Jeff Atwood
13bb69baca switch from h4 to bold for invite headers 2017-08-01 16:39:59 -07:00
Régis Hanol
88ba052446 secure default for the 'find_related_post_with_key' site setting 2017-08-01 00:03:04 +02:00
Neil Lalonde
d336d9a515 Remove mention of unhandled flags in description of the contact_email setting 2017-07-31 10:08:54 -04:00
Neil Lalonde
24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Guo Xiang Tan
b59dfb86f4 UX: Include group name in email when group is invited to a PM.
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
Guo Xiang Tan
96267f0845 Merge pull request #4960 from discourse/category-description-error
FIX: Explicit error when category description post is bad
2017-07-26 08:54:22 +09:00
Leo McArdle
e4fa6a4c92 add link to /about page in email rejection messages 2017-07-25 11:26:29 +01:00
Régis Hanol
c7c93e7159 FEATURE: new 'strip image metadata' site setting 2017-07-25 11:48:39 +02:00
Jeff Atwood
9e0381396f adjust markdown for account required message 2017-07-23 12:49:39 -07:00
Robin Ward
2f8f2aa1dd FEATURE: Whitelists for inline oneboxing 2017-07-21 15:41:47 -04:00
Rafael dos Santos Silva
89ef5d36a9 FIX: Explicit error when category description post is bad 2017-07-21 16:07:29 -03:00
Leo McArdle
407a23663d FEATURE: send rejection email for unrecognized errors 2017-07-21 18:26:52 +01:00
Sam Saffron
d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Robin Ward
6b6ad9391b Clean up job for search logs 2017-07-14 14:30:58 -04:00
Robin Ward
97e211f837 FEATURE: Log Search Queries 2017-07-14 14:30:58 -04:00
Neil Lalonde
3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam
79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron
ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Jeff Atwood
f585f2cca5 switch to H4 for invite body title copy 2017-07-11 15:05:07 -07:00
Jeff Atwood
9e91d137e3 switch to h4 for invite body title copy 2017-07-11 15:04:04 -07:00
Guo Xiang Tan
f529cb1674 Remove validation for invalid interpolation keys.
* Our codebase currently supports custom interpolations keys that are
  not present in the original translation. The proper fix should
  be to make `TranslateOverride` aware of such keys.
2017-07-11 11:12:11 +09:00
Guo Xiang Tan
2255724637 UX: Add validator for SiteSetting#sso_overrides_email. 2017-07-10 10:08:55 +09:00
Arpit Jalan
7cffbc8ba8 FEATURE: new site setting to limit message recipients
New site setting `max_allowed_message_recipients` to limit message
recipients

https://meta.discourse.org/t/one-of-my-users-just-group-messaged-100-other-user-with-a-spam-offer/65612/7?u=techapj
2017-07-06 22:52:49 +05:30
Sam
fbb5600c8e expose enable_experimental_markdown_it
expose the site setting that enables the CommonMark engine
2017-06-28 16:51:49 -04:00
Sam
4c5109ff5b FEATURE: site setting for Markdown typographer
It ships anyway with markdown.it so we might as well expose it
2017-06-27 16:50:13 -04:00
Neil Lalonde
eee00b5bb5 UX: include a link to change email preferences at the bottom of summary emails as an alternative to unsubscribing 2017-06-26 12:27:22 -04:00
Leo McArdle
5e0efb3410 FEATURE: setting to only use the key when finding the related post of an email reply
this fixes email-in threading problems when using a SMTP server which modifies the message_id
header, like Amazon SES
2017-06-19 12:22:44 +01:00
Guo Xiang Tan
b5ec241716 FIX: Validate interpolation keys used in translation overrides.
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
Robin Ward
009f0921dc FEATURE: Whitelist hosts for internal crawling 2017-06-13 12:59:54 -04:00
Guo Xiang Tan
a5d3abc9b6 FIX: Create group membership request on behalf of user. 2017-06-13 17:49:21 +09:00
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Arpit Jalan
6e37f09b19 UX: add email to '/email/unsubscribed' page 2017-06-10 09:51:12 +05:30
Jeff Atwood
5ff986129a copyedit to unsubscribe email 2017-06-09 00:27:24 -07:00
Arpit Jalan
1c0bbcd580 UX: show user email when unsubscribing 2017-06-09 09:20:24 +05:30
Robin Ward
17a3eddb9f FIX: Invalid path for new user of the month badge with subfolders 2017-06-07 12:54:30 -04:00
Guo Xiang Tan
ac6c1acbed FIX: Groups that do not have any owners should not allow membership requests. 2017-06-05 10:02:37 +09:00
Arpit Jalan
a1ebd67237 Revert "FEATURE: new setting to prioritize open topics in search" 2017-06-03 01:54:35 +05:30
Arpit Jalan
b8a87a0996 FEATURE: new setting to prioritize open topics in search 2017-06-03 00:33:53 +05:30
Jeff Atwood
9fd35e6d6a minor copyedit on site assets topic 2017-06-01 15:57:44 -07:00
Arpit Jalan
796a2967af hide invites_per_page site setting 2017-05-24 11:30:43 +05:30
Robin Ward
93a5fc62bf FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:56:06 -04:00
Jeff Atwood
6a746c931a add vandalism cue to spam flag 2017-05-20 11:31:20 -07:00
Neil Lalonde
0a8e16d049 UX: show short flag descriptions in the flag modal on mobile 2017-05-19 15:35:10 -04:00
Jeff Atwood
5b73da9c87 add Seth Godin's text for daily email limits 2017-05-17 01:26:15 -07:00
Jeff Atwood
be722543c1 less scary warning for email daily limit reached 2017-05-16 20:02:21 -07:00
Jeff Atwood
83d3938df9 remove welcome invitation to reply
.. not needed in a post-discobot world of 1.8 release
2017-05-16 15:29:11 -07:00
Neil Lalonde
55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Neil Lalonde
1019bbda46 FEATURE: set a timer to delete a topic 2017-05-11 12:52:29 -04:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Robin Ward
4db76796b9 FEATURE: Setting to poll feeds more frequently 2017-05-10 14:30:12 -04:00
Jeff Atwood
b14ea0e751 forgot markdown text marker for log PM 2017-05-08 22:47:52 -07:00
Guo Xiang Tan
71a266b673 Remove daily mailing mode option as it doesn't scale.
https://meta.discourse.org/t/daily-updates-option-for-mailing-list-mode/45029/14?u=tgxworld
2017-05-05 12:21:50 +08:00
Jeff Atwood
9d7917f79d minor copyedit 2017-05-03 14:00:20 -07:00
Sam
342ef5f81a FEATURE: out-of-the-box dark/light user selectable themes 2017-05-03 11:31:33 -04:00
Robin Ward
12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Jeff Atwood
3460b506d8 copyedit on new user of the month PM 2017-05-01 17:38:20 -07:00
Jeff Atwood
0b24cc8541 fix invite description 2017-05-01 16:41:19 -07:00
Jeff Atwood
ee3d4f2a27 add link to flags nag copy 2017-05-01 12:14:17 -07:00
Neil Lalonde
0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Robin Ward
2efe0442bf FIX: Messed up i18n key 2017-04-27 11:45:59 -04:00
Régis Hanol
0ec15af970 restore the 'incoming_email_prefer_html' site setting 2017-04-27 14:31:11 +02:00
Arpit Jalan
9b0ecdaf7e Merge pull request #4839 from techAPJ/bulk-add-group
FEATURE: provide more details when performing a bulk add to group
2017-04-27 02:39:57 +05:30
Arpit Jalan
285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Robin Ward
bf9c4a7828 FEATURE: secure_email site setting to prevent data going out in email 2017-04-26 13:05:56 -04:00
Régis Hanol
b76674f640 FEATURE: convert incoming emails in HTML to markdown
- remove incoming_email_prefer_html site setting
- remove HtmlCleaner class
2017-04-26 16:49:06 +02:00
Neil Lalonde
3835e16cf7 FIX: New implementation of the "notify about flag after" setting. Only notify about new flags since the last notification. Send a private message to staff. Mention the 3 most active moderators in the message so they get notification emails. 2017-04-19 16:17:45 -04:00
Sam
86904e9cd6 FIX: better error handling for theme import 2017-04-17 16:55:53 -04:00
Régis Hanol
c155b05595 Merge pull request #4815 from jomaxro/jomaxro-patch-1
Use HTTPS for links to *.discourse.org
2017-04-15 08:55:15 +02:00
jomaxro
afe586329f Use HTTPS for links to *.discourse.org 2017-04-15 02:52:20 -04:00
Sam
def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Risto
231fea1bdb Typo fix
A weird period/full stop in the middle of a word.
2017-04-07 23:29:08 +03:00
Arpit Jalan
96a070d73d FIX: incorrect title for custom_invite_forum_mailer 2017-04-07 13:30:33 +05:30
Arpit Jalan
f960505359 FIX: translate badge metadata title 2017-04-06 09:57:52 +05:30
Robin Ward
40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Jeff Atwood
549aa9204c typo fix 2017-03-31 23:37:48 -07:00
Jeff Atwood
c58f9d37ae copyedits on New User of the Month 2017-03-31 16:28:29 -07:00
Robin Ward
fc7fa4c0ad Rename "Rookie of the Month" to "New User of the Month" 2017-03-31 16:30:30 -04:00
Robin Ward
e6f6bd34d8 Send the user a notice when they've received rookie of the month 2017-03-31 15:06:31 -04:00
Robin Ward
893e93dfbe New badge, Rookie of the Month, for two new high quality users. 2017-03-31 15:06:31 -04:00
Guo Xiang Tan
ed577fbff8 FEATURE: Pause a topic instead of permanently closing when flag threshold is reached. 2017-03-31 14:35:05 +08:00
Guo Xiang Tan
34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
14410b71fb Convert server side paths to use /u/ 2017-03-30 10:23:24 -04:00
Erick Guan
e3e3a04cd2 enable_noscript_support is not used anymore 2017-03-27 11:09:50 +02:00
Arpit Jalan
786fd6bbd2 Merge pull request #4774 from techAPJ/email-prefix
FIX: use email prefix only in subject
2017-03-22 14:18:50 +05:30
Arpit Jalan
295cf8839e FIX: better error message when invited user already exists 2017-03-22 13:55:28 +05:30
Robin Ward
874e8900af Display email address in SSO error message. 2017-03-21 15:37:46 -04:00
Robin Ward
aeaf5075bf Custom errors for when Email is invalid via SSO 2017-03-21 15:23:38 -04:00
Arpit Jalan
1853a4852c FIX: use email prefix only in subject 2017-03-21 20:29:57 +05:30
Jeff Atwood
63c8b23690 minor copyedits in guidelines 2017-03-16 13:36:27 -07:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00