Commit Graph

13604 Commits

Author SHA1 Message Date
Guo Xiang Tan
a567e6bec9 FIX: Publish notification state in after_commit hook.
`after_save` is still wrapped in a transaction and
we were getting intermittent failures with notifications
state not being published.
2017-03-20 11:38:34 +08:00
Neil Lalonde
9ae8813a53 FIX: admin user page should show count of all posts, including private messages, so admins can delete them. This bug was making it impossible to delete users. 2017-03-17 17:01:45 -04:00
Robin Ward
f5f54c1b77 Merge pull request #4764 from tgxworld/nuke_backticks
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
Neil Lalonde
0991acf103 make it easier to customize category boxes with featured topics 2017-03-17 12:33:26 -04:00
ElTipejoLoco
e234a7821d Add "Show tracked topics" to User Preferences
Does what it says on the tin. Minor clean-up.
2017-03-17 08:05:21 -05:00
Régis Hanol
e600dca268 Merge pull request #4763 from vvanpo/fork-master
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON
2017-03-17 09:19:10 +01:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Guo Xiang Tan
566f367fc3 FIX: Don't migrate custom emojis that are no longer valid.
* Warn about failed migration in logs.
2017-03-17 08:28:24 +08:00
Victor van Poppelen
9e60f9f093 JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Neil Lalonde
ad8a579c79 UX: banner enabled/disabled posts should be small posts, not full-size posts 2017-03-16 17:31:37 -04:00
Robin Ward
1957d12670 SECURITY: Don't use backticks for exporting your archive 2017-03-16 16:24:59 -04:00
Neil Lalonde
22f197c153 FEATURE: subcategory list style: boxes with featured topics 2017-03-16 11:54:45 -04:00
Sam
2c952e1981 Merge pull request #4760 from nbianca/fix_topic_title
Fixes duplicated title in header after edit
2017-03-16 11:49:45 -04:00
Bianca Nenciu
f8a31d927f Fixes duplicated topic title in header after edit. 2017-03-16 17:34:39 +02:00
Robin Ward
fd591257a8 Merge pull request #4759 from kennym/support-ports-for-ip-addresses-in-embedding
FIX: Allow ports for embed host IPs
2017-03-16 11:23:42 -04:00
Guo Xiang Tan
9f299b6842 Use after_commit since after_save runs within the transaction as well. 2017-03-16 16:02:34 +08:00
Guo Xiang Tan
299b92b4d7 Fix broken user created event trigger. 2017-03-16 15:36:27 +08:00
Guo Xiang Tan
5169ef8814 Fix broken specs. 2017-03-16 15:05:28 +08:00
Guo Xiang Tan
bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Guo Xiang Tan
bb85795934 FIX: Leave group membership button not updating.
https://meta.discourse.org/t/leave-group-button-on-groups-page-doesnt-give-any-feedback/57359/4
2017-03-16 11:33:55 +08:00
Guo Xiang Tan
65c000ad74 FEATURE: Track views on user profile card as profile views. 2017-03-16 10:59:08 +08:00
Guo Xiang Tan
0a87547cbc Fix broken tests. 2017-03-16 10:22:15 +08:00
Erick Guan
cfbfea0596 FEATURE: Allow easier customization to the web hook event serialization. 2017-03-16 10:09:05 +08:00
Guo Xiang Tan
bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
giorgia
576982484d FEATURE: Make admin user list sortable.
https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649
2017-03-16 09:24:15 +08:00
Vinoth Kannan
d3f07122c4 UX: 'Join Group' button position moved to group header 2017-03-16 08:40:27 +08:00
Kenny Meyer
ae957bca25 Allow ports for embed host IPs 2017-03-15 18:16:34 -03:00
Sam
61a7162c01 Merge pull request #4747 from gsambrotta/show-disable-delete-btn-cat
Show disable delete btn cat
2017-03-15 15:45:05 -04:00
Neil Lalonde
5c4f37a24e cdn-img will render nothing if src is null 2017-03-15 13:30:29 -04:00
Anaketa
d7dedc4649 add show/hide to tooltip 2017-03-15 17:23:52 +01:00
Anaketa
63febf391b create btn, tooltip and style it 2017-03-15 17:16:21 +01:00
Guo Xiang Tan
911d6abfad Merge pull request #4757 from nbianca/change_timestamp_bug
Change timestamp only for admin.
2017-03-15 10:44:19 +08:00
Neil Lalonde
bc31d25132 some cleanup thanks to eviltrout 2017-03-14 17:23:19 -04:00
Neil Lalonde
5c923fef58 FIX: category logo preview in settings shouldn't render it like a background image 2017-03-14 17:12:09 -04:00
Sam
7378077036 Merge pull request #4749 from cpradio/add-subcategory-class-hamburger-menu
UX: Add subcategory class to hamburger menu items that are subcategories
2017-03-14 17:08:35 -04:00
Bianca Nenciu
8354768d7c Change timestamp only for admin. 2017-03-14 23:07:36 +02:00
Neil Lalonde
889902256b FIX: encoded characters shown in category boxes 2017-03-14 14:51:11 -04:00
Sam
8ac7e6a605 Merge pull request #4753 from cpradio/plugin-outlet-user-preferences
DEV: Add plugin-outlet to allow SSO sites to put a message on the User Preferences page
2017-03-14 10:32:09 -04:00
Guo Xiang Tan
58de40154d Bump EMOJI_VERSION to clear cache. 2017-03-14 15:31:01 +08:00
Guo Xiang Tan
6a6113fcea Merge pull request #4682 from tgxworld/store_custom_emoji_as_uploads
FIX: Store custom emojis as uploads.
2017-03-14 14:14:18 +08:00
Guo Xiang Tan
324b346bb1 FIX: Restore was not redirecting to logs route. 2017-03-14 14:00:18 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Guo Xiang Tan
99943ec769 Make eslint happy. 2017-03-14 11:52:15 +08:00
Guo Xiang Tan
83d2e63771 Make eslint happy. 2017-03-14 11:47:35 +08:00
Guo Xiang Tan
8e45322b09 FIX: Only group admins can see group edit page. 2017-03-14 11:45:58 +08:00
cpradio
a5af9a834f DEV: Add plugin-outlet to allow SSO sites to put a message on the User Preferences page 2017-03-13 18:26:00 -04:00
Neil Lalonde
318f7bab4b fix padding so entire box is clickable 2017-03-13 16:49:03 -04:00
Neil Lalonde
3dab932b96 fix trying to render cdn image of undefined 2017-03-13 16:22:37 -04:00
Neil Lalonde
6d7e968e30 FEATURE: box-style rendering of sub-categories 2017-03-13 15:25:52 -04:00
Régis Hanol
30d5d61158 use 'toLocaleDateString()' 2017-03-13 16:11:49 +01:00
cpradio
15f7fff561 UX: Add subcategory class to hamburger menu items that are subcategories
UX: Add data-category-url to make targetting a category li element in the hamburger menu easier
2017-03-13 10:51:41 -04:00
Sam
64680286f4 correct logic, so revalidation is reset
correct test so it can run at any point
2017-03-13 10:47:43 -04:00
Sam
a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Sam
1a745ca16a else @user makes no sense :) 2017-03-13 10:22:23 -04:00
Sam
ef24fd54ba FEATUE: automatically validate token is stored in redis
This ensures we have some handling for redis flushall

We attempt to recover our in-memory session token once every 30 seconds

Code is careful to only set the token if it is nil, to allow for manual
cycling to remain safe if needed
2017-03-13 10:19:02 -04:00
Guo Xiang Tan
9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Régis Hanol
dd60cb82c3 UX: add client-side rate limit on click counters 2017-03-13 11:31:37 +01:00
Arpit Jalan
848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Guo Xiang Tan
4d4a1a1552 Add scope for human users. 2017-03-11 14:25:09 +08:00
Sam
16593ae8bf FEATURE: log reason staff auto blocks a user 2017-03-10 15:45:48 -05:00
Sam
f13367cecd FIX: latest + category not respecting homepage category suppression 2017-03-10 15:17:51 -05:00
Sam
19ad1e2c2e less opacity for quote button 2017-03-10 14:57:58 -05:00
Neil Lalonde
402ddb810c FIX: email customizations now apply to both html and text parts 2017-03-10 14:08:03 -05:00
Neil Lalonde
15adbdcdd5 FEATURE: new template parameters for notification emails that can be used in links: topic_title_url_encoded and site_title_url_encoded 2017-03-10 14:08:03 -05:00
Sam
bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Guo Xiang Tan
0e41b1181a UX: Display button to add a group when no group has been selected.
https://meta.discourse.org/t/new-button-on-groups/44546
2017-03-10 17:15:49 +08:00
Guo Xiang Tan
eb6ef0311e Hide special users from about pages. 2017-03-10 15:33:31 +08:00
Guo Xiang Tan
a43ec88f46 Merge pull request #4743 from tgxworld/fix_autocomplete_being_rerendered
FIX: Category autocomplete breaks when search menu widget rerenders.
2017-03-10 09:42:18 +08:00
Sam
3032aa7db9 PERF: avoid looking globals from providers after first call 2017-03-09 18:00:55 -05:00
Guo Xiang Tan
b419a5765e FEATURE: Add seen/unseen filters to advanced search UI.
https://meta.discourse.org/t/advanced-search-posts-that-i-have-seen/57966
2017-03-09 10:46:06 +08:00
Régis Hanol
00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Arpit Jalan
dfd5b06c82 FIX: custom CSS/HTML files were not getting downloaded on Chrome 2017-03-09 01:09:26 +05:30
Régis Hanol
23b06d2895 FIX: should not try to send digest to users who reached the bounce threshold 2017-03-08 19:19:11 +01:00
Guo Xiang Tan
6a7773b681 FIX: Category autocomplete breaks when search menu widget rerenders.
https://github.com/discourse/discourse/pull/4717#issuecomment-284914585
2017-03-08 20:13:48 +08:00
Guo Xiang Tan
3c41cb6b7d FIX: Reply to topic keyboard shortcut raises an error on non-topic routes. 2017-03-08 19:55:35 +08:00
Arpit Jalan
801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Régis Hanol
cf8bc4483f FIX: always send critical emails even when bounce score threshold has been reached 2017-03-08 10:06:16 +01:00
Arpit Jalan
090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Sam
0c03ccb01e FEATURE: allow plugins to transform, the transformed post
This allows plugins to amend posts prior to rendering.
2017-03-07 17:12:31 -05:00
Sam
99f4d5082b FIX: Improve token rotation and increase logging
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Sam
9f8cfee450 remove dupe code, correct logging logic 2017-03-07 13:27:43 -05:00
Robin Ward
42fd4f987e When viewing yourself, default to activity, not summary. 2017-03-07 12:03:05 -05:00
Neil Lalonde
d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Robin Ward
dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Guo Xiang Tan
d1e587c10a Merge pull request #4737 from oblakeerickson/approve_invited_user
FIX: approve invited user
2017-03-07 21:14:34 +08:00
Guo Xiang Tan
60b7453f3f FIX: Do not trigger fullpage search when selecting autocomplete term with enter. 2017-03-07 11:56:40 +08:00
Guo Xiang Tan
f3a7e398ca Merge pull request #4717 from cpradio/autocomplete-search
FEATURE: Autocomplete support on search
2017-03-07 06:40:45 +08:00
Sam
443bce6466 add a descriptive comment 2017-03-06 15:15:07 -05:00
Sam
3227d79430 FIX: extra-nav-item outlet no longer adds a DIV to UL
This amends the extensibility on navigation bar so extra nav items are not
added to a DIV nested into the UL, instead the LIs are rendered as usual
2017-03-06 15:00:13 -05:00
Robin Ward
3905778fc0 FIX: Put back the back button fix again. 2017-03-06 12:24:27 -05:00
Rafael dos Santos Silva
c3477cd40d Merge pull request #4716 from discourse/bounced_emails_details
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Régis Hanol
0abe433495 Merge pull request #4736 from techAPJ/group-bulk-add
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
Guo Xiang Tan
1e8573ac75 Merge pull request #4738 from rimian/patch-4
less restrictive to allow plugin outlets
2017-03-06 17:25:18 +08:00
Guo Xiang Tan
7d82a53dfe FIX: Group#name is case insensitive. 2017-03-06 17:24:03 +08:00
Arpit Jalan
d5bcc70e9c FIX: grant trust level when bulk adding users to group 2017-03-06 14:39:53 +05:30
Guo Xiang Tan
66b5f97743 Merge pull request #4739 from tgxworld/fix_cant_recover_a_topic_that_belongs_to_a_deleted_user
Fix cant recover a topic that belongs to a deleted user
2017-03-06 15:12:54 +08:00
Guo Xiang Tan
8aea3caf00 FIX: Ensure that we only move posts that belong to the original topic. 2017-03-06 15:04:10 +08:00
Guo Xiang Tan
477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Rimian Perkins
95f7b60212 less restrictive to allow plugin outlets
for extra-nav-items
2017-03-06 14:38:57 +11:00
Blake Erickson
dbb3ddc7a6 FIX: approve invited user
This commit fixes the case where invited users who typed in a password
would not be approved by default. Because we moved the user create logic
for an invited user there was a clash with the `save` in the user model
and the `save` in the invite_redeemer class.

- added approve logic into invite_redeemer class.
- added tests to verify that the user is approved
- added a check to see if must_approve_users is on
- added a check to see if the inviter is staff
- go ahead and approve the user if must_approve_users is off
- keep existing User.approve workflow if user exists
- improve if/else logic to remove duplicate code
- use `Time.zone.now`
2017-03-05 06:58:23 -07:00
Guo Xiang Tan
08ffbf6c61 Use Time.zone.now instead. 2017-03-05 11:10:40 +08:00
Neil Lalonde
9c7a02192a FIX: flag action buttons are missing when visiting flags from the hamburger menu 2017-03-04 11:36:58 -05:00
cpradio
3eb51f0d77 FIX: Make it a tad bit harder to accidentally redirect to full page search while autocomplete is open 2017-03-03 22:48:28 -05:00
Sam
3e3fdfc717 FEATURE: plugin can now extend list of classes for topic-post 2017-03-03 16:57:25 -05:00
Sam
31a81d4eee FEATURE: allow for for empty description in list 2017-03-03 16:13:05 -05:00
Sam
c99f4260c0 Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Guo Xiang Tan
bcf634ca85 Merge pull request #4728 from nbianca/username-regex
Add support for username regex.
2017-03-03 22:59:23 +08:00
Rafael dos Santos Silva
aac4a4ed94 Handle invalid parameters and missing bounced emails 2017-03-02 20:37:28 -03:00
Sam
abc4dff0fe FEATURE: add bumped_before query param for topic list 2017-03-02 15:11:50 -05:00
Neil Lalonde
ca20cb9941 FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list 2017-03-02 15:06:56 -05:00
Sam
4dac4c69a6 FEATURE: add before topic list filter 2017-03-02 14:54:33 -05:00
Neil Lalonde
7496f373cd add headline itemprop to DiscussionForumPosting for crawlers 2017-03-02 12:35:50 -05:00
Neil Lalonde
797313a28d FIX: subcategories need the num featured topics setting too 2017-03-02 11:31:28 -05:00
Sam
7431c30c1f Correct test and remove uneeded outlet 2017-03-02 09:17:14 -05:00
Bianca Nenciu
30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Guo Xiang Tan
442bef2df9 Merge pull request #4706 from gsambrotta/add-name-search-dropbox
FEATURE: Add user name in search results
2017-03-02 15:22:15 +08:00
Guo Xiang Tan
3d347fb9c4 FIX: Don't mark user as active if verified email is different. 2017-03-02 14:24:30 +08:00
Sam
dbfea9b5b0 correct refactor 2017-03-01 18:26:26 -05:00
Guo Xiang Tan
f5bf6256a9 Merge pull request #4732 from nbianca/typo
Fixed typo.
2017-03-02 06:02:43 +08:00
Sam
c79b146283 FEATURE: make list controller a bit more extensible 2017-03-01 16:41:09 -05:00
Sam
f0b79cf54b FEATURE: Add outlet for messages nave extension 2017-03-01 16:41:09 -05:00
Bianca Nenciu
2c22a7f78b Fixed typo. 2017-03-01 23:02:29 +02:00
Neil Lalonde
d848916357 FEATURE: Greek language support, thanks to Vasilis Vlachokyriakos 2017-03-01 15:52:55 -05:00
Sam
7895b71817 move to use let, missed a spot 2017-03-01 15:15:36 -05:00
Neil Lalonde
262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Sam
ca951f2cf2 FIX: render custom tag extensions even when tags disabled 2017-03-01 13:38:44 -05:00
Sam
89bd538742 add callback priority to tags html 2017-03-01 12:56:45 -05:00
Blake Erickson
0b81a93020 Merge pull request #4718 from oblakeerickson/email_discourse_backups
FEATURE: further restrict downloading of backups
2017-03-01 08:57:44 -07:00
Sam
8c8de1c2d4 FEATURE: addUserMenuGlyph extensibility point 2017-03-01 10:32:01 -05:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
cpradio
4c7a21c76e FEATURE: Autocomplete support on advanced search
PERF: Extract autocomplete initialization to a function
PERF: Create a REGEXP_TAGS_REPLACE regex to remove a chained .replace call

FIX: autocomplete positioning

FIX: Collapsing/Expanding Advanced Search doesn't wipe out Advanced Search Terms from search query.

FIX: Populate Category when query/search term is updated

FIX: Using enter to complete autocomplete doesn't automatically send you to full page search
2017-03-01 10:25:49 -05:00
giorgia
d308638a18 create searchResultUserSerializer, display name next to username in search results 2017-03-01 13:11:01 +01:00
Régis Hanol
b20b568039 FIX: allow for empty translated strings 2017-03-01 11:30:44 +01:00
Arpit Jalan
e27b1b98d1 FIX: handle new user when logging name change 2017-03-01 13:43:57 +05:30
Guo Xiang Tan
112ca20c96 Merge pull request #4675 from tgxworld/fix_polls_forever_broken_if_approval_required
FIX: Polls permanently broken if post requires approval.
2017-03-01 12:56:03 +08:00
Guo Xiang Tan
76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Sam
f918951d42 FEATURE: clean up tags extensibility
centralizes all logic for topic tag rendering and provides API for extension
2017-02-28 17:08:43 -05:00
Robin Ward
e863d66e33 FIX: Back button was broken after clicking flags in hamburger 2017-02-28 13:53:48 -05:00
Sam
122fb8025d FIX: last seen date erroneously updated when browser in background
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde
292dd8623c Merge pull request #4622 from dmacjam/master
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Sam
3ac4709903 FIX: on initial token issue stop unmarking token as unseen
prev and current are the same so we need special logic to bypass
2017-02-28 10:38:22 -05:00
Sam
ffd8fa7481 FEATURE: move_to_inbox and archive_message events 2017-02-28 09:56:41 -05:00
Régis Hanol
5738253998 FIX: locale fallback with pluralized strings 2017-02-28 10:02:29 +01:00
Guo Xiang Tan
54577db8a4 Don't assign variable when not required to do so. 2017-02-28 14:14:57 +08:00
Guo Xiang Tan
e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Sam
1e980ad4e6 Merge pull request #4721 from oblakeerickson/sort_admin_users_api
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Robin Ward
b2b7f4d905 FIX: Query parameters were not being cleared when changing filtering. 2017-02-27 15:49:14 -05:00
Neil Lalonde
cfedbad0e9 FIX: hamburger shouldn't show subcategories if show_subcategory_list is enabled on the parent 2017-02-27 15:34:07 -05:00
Arpit Jalan
6661cebff8 FIX: do not log duplicate username changes 2017-02-28 01:32:00 +05:30
Arpit Jalan
b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward
0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Robin Ward
bf9626d031 FIX: Embedding was broken with non-english URLs and ports 2017-02-27 12:17:52 -05:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Guo Xiang Tan
0e8c849572 UX: "See more" on not found page should redirect to /top. 2017-02-27 13:33:19 +08:00
Guo Xiang Tan
ac37bd3dbc FIX: Search menu results does not refresh when search context is changed. 2017-02-27 12:23:41 +08:00
Guo Xiang Tan
758e3e52f7 FIX: Mobile topic timeline broken on Chrome 56.
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention.
  From Chrome 56 onwards, `touchstart` event listeners are treated as passive
  by default which does not call `preventDefault` resulting in the page
  scrolling when topic timeline handle is being dragged.
2017-02-27 11:39:57 +08:00
Sam Saffron
7e8f0dc967 FIX: attempt to handle ios edge case where token is seen but unsaved
This relaxes our security in the following way

- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)

- new auth token is marked unseen if we are presented with an old token
after we already saw new one

This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
Blake Erickson
0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol
fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam Saffron
3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Jeff Atwood
ad6cb3c638 force all iOS editors to minimum height for compat 2017-02-22 16:56:19 -08:00
Jeff Atwood
22fc761cc3 tweak iOS composer heights a bit 2017-02-22 15:48:39 -08:00
Neil Lalonde
c00ffabac3 search scope checkbox is default checked for your messages too 2017-02-22 17:45:12 -05:00
Neil Lalonde
0551b3f5ee FEATURE: replace emoji with unicode in title and description meta tags 2017-02-22 16:24:13 -05:00
Sam Saffron
0fc2b64f65 attempt 2 at adjusting class definition so its more easily extensible 2017-02-22 14:18:43 -05:00
Sam Saffron
08d56952df revert change, it is required 2017-02-22 14:10:55 -05:00
Sam Saffron
d0d60ffa89 make is slightly easier to extend 2017-02-22 14:06:18 -05:00
Neil Lalonde
57784ddf2b remove unused setting import 2017-02-22 13:05:57 -05:00
Rafael dos Santos Silva
5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Neil Lalonde
00700da6b8 remove null class 2017-02-22 12:23:45 -05:00
Neil Lalonde
53ec4c44f4 FIX: N+1 in topic_list 2017-02-22 12:20:50 -05:00
Neil Lalonde
a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Arpit Jalan
2f657b0e32 FIX: do not refresh staff action logs every time the page is loaded 2017-02-22 17:25:39 +05:30
Arpit Jalan
213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Jeff Atwood
c191e2e84c more conservative editor heights on iOS 2017-02-21 16:25:46 -08:00
Neil Lalonde
c94fdcea38 FIX: admin dashboard posts count should not include system posts and whispers 2017-02-21 14:45:41 -05:00
Arpit Jalan
c216f59eaa fix the build 2017-02-22 00:43:37 +05:30
Sam Saffron
ce7c3bfc14 FIX: refresh header if message bus updates topic 2017-02-21 11:43:44 -05:00
Arpit Jalan
046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Neil Lalonde
b19dfba497 FIX: tag link in breadcrumbs on subfolder installs 2017-02-21 10:41:08 -05:00
Arpit Jalan
068ce19ae2 FEATURE: linked topics should be rendered under posts for crawlers 2017-02-21 12:43:24 +05:30
Neil Lalonde
1dda998a4e FEATURE: search should default scope to current category or user 2017-02-20 17:02:02 -05:00
Neil Lalonde
476ae57af3 FEATURE: primary group class on avatars in topic list 2017-02-20 15:55:10 -05:00
Jakub Macina
4a2f13348a ADD: Append tags bulk action for topics 2017-02-20 18:14:32 +01:00
Neil Lalonde
aa2c527c60 Remove "From" from every post in Popular Posts section of summary emails 2017-02-20 11:04:12 -05:00
Régis Hanol
3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Régis Hanol
fd62909819 UX: prevent post submission when uploading 2017-02-20 15:12:33 +01:00
Régis Hanol
97116c9276 Merge pull request #4714 from gdpelican/expose-safari-ua
Allow access to safari hack applicable function
2017-02-20 14:58:33 +01:00
James Kiesel
7dc0e11360 Rename exported function 2017-02-21 02:53:16 +13:00
Régis Hanol
f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
James Kiesel
ffe41c9ae8 Allow access to safari hack applicable function 2017-02-21 02:32:01 +13:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Victor van Poppelen
b501c3c6c6 desktop/topic.scss: fix responsive width
#topic-closing-info max-width fix for responsive issues below 757px
2017-02-19 18:30:19 -08:00
Neil Lalonde
a6ebe495bf FEATURE: links that can't have no onebox can be used as featured topic links 2017-02-17 18:35:19 -05:00
Robin Ward
bebc55eebd FIX: Users page wasn't loading more on mobile 2017-02-17 16:36:45 -05:00
Robin Ward
41db9e0d94 FIX: Silence CSS errors in Safari 2017-02-17 16:21:35 -05:00
Sam
1b6a801d35 forgot import 2017-02-17 16:17:44 -05:00
Sam
7d8a11f636 Add header-topic-info:after-tags extension point 2017-02-17 15:59:52 -05:00
Robin Ward
e62c0a42fa FIX: Support multiple embeddable host records with the same host 2017-02-17 12:41:34 -05:00
Sam
1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Neil Lalonde
3fb50d587d FIX: invited users and new TL1 users will see their first notification highlighted 2017-02-17 10:30:29 -05:00
Jeff Atwood
a6dd1a2cd4 onebox last para needs less bottom margin 2017-02-16 15:39:46 -08:00
Neil Lalonde
868c489d5e FIX: plugin outlets in navigation bar need to be li elements instead of div and span 2017-02-16 15:08:13 -05:00
Neil Lalonde
6bb9c5ceee remove old code for global username registry 2017-02-16 13:06:37 -05:00
Régis Hanol
269f6e8c30 UX: top referrers headings are not numbers 2017-02-16 15:58:45 +01:00
Jeff Atwood
1444025e9c remove CSS table layout from user prefs page 2017-02-16 02:01:20 -08:00
Jeff Atwood
e6c6a9e2d3 minor user card spacing tweak 2017-02-16 01:49:29 -08:00
Jeff Atwood
34223dca4e minor CSS fix for custom user fields on user cards 2017-02-16 01:45:20 -08:00
Jeff Atwood
311b983c59 minor copyedit 2017-02-16 01:31:21 -08:00
Neil Lalonde
3e4dd513c9 show that password is optional on label 2017-02-15 19:59:16 -05:00
Jeff Atwood
f831e92c42 copyedit to improved invite page 2017-02-15 16:11:34 -08:00
Sam Saffron
040e10a627 reduce duplication 2017-02-15 17:27:10 -05:00
Neil Lalonde
4b28bfaa15 Merge pull request #4710 from ento/fix-s3-config-check
FIX: admin dashboard shouldn't complain when using IAM profile for S3 access
2017-02-15 17:02:07 -05:00
Neil Lalonde
d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam
3818c196e0 remove disallowed params 2017-02-15 16:47:14 -05:00
Sam
023bd0e9e7 FEATURE: allow client side of topic list to accept custom params
- Also normalize API version to use a version comparison function instead of float
2017-02-15 16:14:43 -05:00
Sam
74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Sam
9c51e3e8e7 amend preloader api to supply topic list 2017-02-15 12:04:02 -05:00
Sam
2c59ffeb2c FIX: token rotation not accounting for overlapping tokens correctly
also... freeze_time has no block form, correct all usages and specs
2017-02-15 10:58:18 -05:00
Marica Odagaki
a9a585f66a Use && and || consistently so that there's less chance of copy paste errors in the future 2017-02-15 00:25:49 -08:00
Marica Odagaki
3bb1b98b0e FIX: admin dashboard shouldn't complain when using iam profile for s3 access
Previous code wasn't working as intended because it was parsed as

    (bad_keys = (access_key or secret_key)) and !use_iam_profile

because of Ruby's operator precedence: `=` binds more eagerly than `and`.

http://ruby-doc.org/core-2.3.1/doc/syntax/precedence_rdoc.html

See also: https://github.com/bbatsov/ruby-style-guide#no-and-or-or
2017-02-15 00:22:14 -08:00
Sam
8409f42352 Add outlet for injecting custom tags 2017-02-14 17:40:13 -05:00
Sam
f2099c3811 adjust API 2017-02-14 16:32:33 -05:00
Sam
89d5e8ab4b FEATURE: allow plugins to preload data in topic list 2017-02-14 16:29:06 -05:00
Sam
5346cd3514 correct the test 2017-02-14 09:34:39 -05:00
Sam
c52784f9d2 FIX: race condition when marking tokens as seen
- in rare conditions can lead to users being logged off
2017-02-14 09:34:09 -05:00
Sam
0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Robin Ward
0e58e393a1 FIX: === and a better constant, thanks @ZogStriP 2017-02-13 13:14:19 -05:00
Robin Ward
9d4405d602 Don't add an empty class to the list elements in the hamburger 2017-02-13 11:28:10 -05:00
Sam
07b9c351a4 Merge pull request #4705 from vinothkannans/dev
new: server plugin outlet for indexable robots.txt
2017-02-13 11:18:51 -05:00
Robin Ward
e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Vinoth Kannan
08c14dd689 new: server plugin outlet for indexable robots.txt 2017-02-13 17:31:10 +05:30
Nicolas
1deec95ccb Use natural orientation for web app manifest.
The `any` orientation forces the rotation even when the device's screen
 rotation is disabled. Using `natural` respects that and restores the
 expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood
22c83b0a20 Merge pull request #4700 from gsambrotta/replay-btn-position
fix replay btn position on mobile and desktop
2017-02-11 22:21:11 -08:00
Jeff Atwood
3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Vinoth Kannan
1b43c209eb 'Article' to 'DiscussionForumPosting' schema type
topic => https://meta.discourse.org/t/invalid-article-schema/57037
Replacing '[Article](https://schema.org/Article)' schema type with '[DiscussionForumPosting](https://schema.org/DiscussionForumPosting)'
2017-02-11 18:44:40 +05:30
Sam
675cb1c715 FEATURE: allow registrations of custom small action icons via plugins 2017-02-10 12:55:21 -05:00
giorgia
8c6d0ecd64 fix replay btn position on mobile and desktop 2017-02-10 17:11:10 +01:00
Sam Saffron
4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Neil Lalonde
d68dd5b967 Revert "UX: Observe changes to plugin to hide/show plugin admin link without refresh." 2017-02-09 12:11:53 -05:00
Jeff Atwood
77033f4855 simpler twitter onebox CSS that works everywhere 2017-02-08 17:18:53 -08:00
Jeff Atwood
933af0b40e align onebox twitter date 2017-02-08 17:14:11 -08:00
Jeff Atwood
485c36141c onebox right padding should not be asymmetric 2017-02-08 17:11:19 -08:00
Jeff Atwood
fe32c64dd9 FIX: twitter onebox styling was poor on mobile 2017-02-08 17:08:40 -08:00
Jeff Atwood
3b4248b454 add primary class to password reset button 2017-02-08 16:11:24 -08:00
Neil Lalonde
e077b3f141 FIX: composer should only feature links to external sites 2017-02-08 15:34:54 -05:00
Neil Lalonde
581d477ff3 add a comment because I can never find the mailing list summary email 2017-02-08 12:13:29 -05:00
Régis Hanol
f07b4b310a should not have renamed this setting in 460665895c 2017-02-08 18:11:34 +01:00
Sam
53ea8942e8 action to be reserved for assigned plugin 2017-02-08 12:10:16 -05:00
Arpit Jalan
75f154b177 bump onebox 2017-02-08 12:08:41 +05:30
Jeff Atwood
7c9f8cb245 attempt to manually revert PR https://github.com/discourse/discourse/pull/4600
I hate that PR with the fire of a thousand suns
2017-02-07 17:15:12 -08:00
Neil Lalonde
a5dfcddc6c FIX: crawler view of paginated content should have link elements in head for next and previous pages 2017-02-07 16:11:12 -05:00
Sam
f34907b523 Merge pull request #4681 from vietqhoang/feature/add-user-title-to-sso-payload
FEATURE: Add user title to SSO payload
2017-02-07 10:25:32 -05:00
Sam
634755113a Merge branch 'new_user_auth' 2017-02-07 09:23:02 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Neil Lalonde
ece979efd1 add tags to webcrawler view of a topic in an ItemList 2017-02-06 18:12:48 -05:00
Neil Lalonde
9ec000407f FIX: tags shouldn't be listed as breadcrumbs in web crawler view 2017-02-06 17:35:54 -05:00
Sam
2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Neil Lalonde
8643620172 automatically redirect when password reset completes successfully 2017-02-06 15:04:58 -05:00
Arpit Jalan
68653801bc Merge pull request #4690 from techAPJ/pdf-onebox
UX: CSS for pdf onebox
2017-02-07 00:05:57 +05:30
Arpit Jalan
0c0da86e0c UX: CSS for pdf onebox 2017-02-07 00:04:01 +05:30
Neil Lalonde
e82240fbd9 autofocus password field on password reset page, and remove static password length message 2017-02-06 12:46:02 -05:00
Régis Hanol
84af84dc52 prevent inactive & staged users from being automatically added to a group 2017-02-06 17:49:27 +01:00
Régis Hanol
27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Robin Ward
f1e7bca3c9 FEATURE: Warn a user when they're replying to the same user too much 2017-02-03 17:00:54 -05:00
Neil Lalonde
c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Robin Ward
b251d11518 FIX: If you make a new banner, clear the old dismissed values 2017-02-03 15:07:38 -05:00
Neil Lalonde
ae671355da FIX: add /tags routes to robots.txt 2017-02-03 11:57:00 -05:00
Arpit Jalan
5523d0dbf9 fix the build 2017-02-03 15:35:33 +05:30
Arpit Jalan
26ccf61ab1 FIX: sane error message when inviting an existing user 2017-02-03 14:27:27 +05:30
Guo Xiang Tan
61111a3f9b FIX: Show groups that user is owner of on groups page. 2017-02-03 16:51:32 +08:00
Arpit Jalan
67669c00c5 FIX: incorrect instructions when inviting user to forum 2017-02-03 13:49:07 +05:30
Arpit Jalan
6b8691ecea Merge pull request #4685 from techAPJ/approve-users-invite-fix
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:22:18 +05:30
Guo Xiang Tan
f9255631e3 FIX: Group owners don't see group owner functions when navigating from user page. 2017-02-03 15:31:47 +08:00
Arpit Jalan
dc2171960b FIX: allow existing users to be invited to topic/message when must_approve_users is enabled 2017-02-03 13:01:23 +05:30
Guo Xiang Tan
ec73224b5e PERF: Remove N+1 query when saving a user. 2017-02-03 15:03:33 +08:00
Guo Xiang Tan
7a243e859e FIX: Search menu widget breaks when context type is null. 2017-02-03 09:38:51 +08:00
Neil Lalonde
b91cb92af0 FIX: reports for time to first reply and topics without replies were counting whispers and moderator actions 2017-02-02 17:27:41 -05:00
Sam
06570f8e5a UX: less restrictive selector to allow for plugin outlets
Currently plugin outlets in LIs will generate a wrapping SPAN,
this makes an allowence in core for nave extenstions (like solved does)
2017-02-02 12:18:03 -05:00
Robin Ward
44f913b9b8 FIX: Incorrect title on admin reports 2017-02-02 10:56:12 -05:00
Guo Xiang Tan
3c28d94706 FIX: Don't configure Redis connector if Redis slave config is not set. 2017-02-02 13:48:55 +08:00
Rafael dos Santos Silva
c34520d384 FIX: eslint was broken 2017-02-02 01:12:49 -02:00
Robin Ward
cef8a0af34 Merge pull request #4657 from gdpelican/reopen-widget
Add reopenWidget method
2017-02-01 13:18:55 -05:00
Robin Ward
0f3dabb54c FIX: Hover text was showing incorrect number 2017-02-01 13:16:32 -05:00
Guo Xiang Tan
18007ed34b FIX: Can't use an internal name here if SiteSetting.convert_pasted_images_to_hq_jpg is false. 2017-02-01 14:51:56 +08:00
Guo Xiang Tan
f6d9745c5f Bye bye byebug. 2017-02-01 14:50:14 +08:00
Guo Xiang Tan
6c8c91dca4 UX: Change default filename for images that have been pasted. 2017-02-01 14:44:41 +08:00
Guo Xiang Tan
d449f782a3 Revert "FIX: Don't skip callbacks when rebaking posts."
This reverts commit 06c651f8c9.

If site settings are changed, there is a chance that the post
will fail PostValidator's validations.
2017-02-01 10:52:15 +08:00
Viet Hoang
40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00