Commit Graph

151 Commits

Author SHA1 Message Date
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam
be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Johan Jatko
98c479c3c4 FEATURE: Profile Backgrounds
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde
8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Scott Albertson
51eff92170 Refactor UsersController#create
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde
981d8f6aea Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing... 2013-11-19 14:15:28 -05:00
Scott Albertson
77b59b54ce Refactor UsersController#invited
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
railsaholic
58f78e9001 Refactor Users#upload_avatar method
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```

Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
sirMackk
af67284995 User ctrl refactor - breaks up large methods, moves some logic into model
Includes missing methods from backup for travis to pass

fix missing code, failing specs

keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Scott Albertson
72bfa4471f Move logic for updating a user into a service class 2013-11-07 08:39:39 -08:00
Scott Albertson
c0cffca1e6 Test title updating 2013-11-01 13:43:31 -07:00
Scott Albertson
3cc17ad4cd Add test coverage for #update 2013-11-01 13:43:31 -07:00
Scott Albertson
58f96bdfb5 Remove duplication in test setup 2013-11-01 13:43:31 -07:00
Scott Albertson
2e7696630b Make #update specs consistent
* Use expect syntax
* Avoid lets
* Stub Guardian method used in the controller
2013-11-01 13:43:31 -07:00
Robin Ward
3d6d7c8abe SiteSetting to hide regular names from users 2013-10-30 15:45:34 -04:00
Scott Carleton
cbef844a57 Build out a URI Adapter to allow uploading an avatar via a url
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
dbarbera
9106596a9a add image authorization on upload_avatar 2013-10-12 14:11:44 +02:00
Régis Hanol
23bf4436f5 FIX: avatar was attached to the user who uploaded it... 2013-10-12 10:55:41 +02:00
Matthieu Guillemot
3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Emili Parreno
4a0f3b3ac2 fix user_controller_spec when testing too long usernames 2013-09-05 17:36:53 +02:00
Régis Hanol
e15982a476 FIX: convert error in test 2013-08-28 22:06:09 +02:00
Einar Jonsson
9085cec232 Move json hash from users controller to NicknameUnavailable 2013-08-26 15:00:11 +00:00
Sam
213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Einar Jonsson
0d22a77c63 Added test case for nickname registration failure
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Régis Hanol
3b9e62e6b9 improved specs for avatar 2013-08-24 22:45:05 +02:00
Neil Lalonde
b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde
16cd3e2a53 Fix to allow admins to change the case of a someone's username 2013-07-30 16:48:45 -04:00
Robin Ward
0e504aac9b FIX: You can reset your password even if logins are required. 2013-07-15 12:12:54 -04:00
Neil Lalonde
84ce04dfa5 Use POST for send_activation_email action 2013-07-05 12:26:46 -04:00
Neil Lalonde
a352b70bfc Permit changing my own username's case without an error saying it is already taken 2013-06-28 16:21:46 -04:00
Neil Lalonde
b37b6ce664 Minor spec clean-up 2013-06-28 14:43:35 -04:00
Chris Hunt
41b0692543 Show 'waiting approval' and don't send email
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Chris Hunt
e7b38fb188 Move duplicated request to helper method 2013-06-06 18:36:16 -07:00
Chris Hunt
4a182f8bba Fix spec doc; sends welcome email for active users 2013-06-06 18:36:16 -07:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Jonathan Roes
057b4768e6 strip whitespace when changing e-mail addresses
Fixes #778.
2013-04-27 23:03:06 -04:00
Philipp Weissensteiner
3dcb1905e3 Refactor user controller, create action, mostly.
The gist of the commit are a few improvements in the
create action, where:

* long boolean statemenst have been wrapped in smaller more readable
  methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
  visual clutter)
* specs have been added where I came across untested methods/branches

Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Robin Ward
738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Neil Lalonde
2ebe0336ae On signup, handle duplicate key errors on email and username better 2013-03-07 14:56:55 -05:00
Neil Lalonde
ff3e012034 Add a link that allows you to send activation email again 2013-02-22 11:49:58 -05:00
Neil Lalonde
39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Neil Lalonde
824b09389f Don't allow signups without a password 2013-02-12 15:42:16 -05:00
Neil Lalonde
ce7088f081 check_username api now returns correct error message for invalid lengths etc 2013-02-08 14:12:48 -05:00
Neil Lalonde
79dfccf717 Username validation in signup and username change forms 2013-02-07 18:23:52 -05:00
Mike Moore
d72c26ff92 Refactor UserSearch tests 2013-02-07 09:35:38 -07:00
Neil Lalonde
471c61fd69 Add honeypot and challenge to signup form 2013-02-06 19:25:36 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00