Commit Graph

126 Commits

Author SHA1 Message Date
Maja Komel
cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan
00c6b078e3 Trim WebHookUserSerializer. 2018-05-21 17:29:58 +08:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Simon Cossar
88fdc926d1 Move external_id from UserSerializer to CurrentUserSerializer (#5658) 2018-03-07 22:54:31 -05:00
scossar
51544047dc Add external_id to User Serializer 2018-02-28 10:13:27 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Neil Lalonde
39d7745dc5 UX: show staged users' email addresses to staff without requiring a button press 2017-11-24 16:11:34 -05:00
Neil Lalonde
3f58b18dab FEATURE: user card shows staff if a user is staged and lets them check the email address 2017-11-23 16:38:11 -05:00
Neil Lalonde
b37e40eea9 FEATURE: show read time in last 60 days 2017-11-16 15:46:51 -05:00
Sam
813e21d0e8 FIX: current user serializer consistently returns {} for custom_fields
Resolves: #5210
2017-11-15 11:55:37 +11:00
Neil Lalonde
2aadc42662 FEATURE: show read time on user cards 2017-11-08 15:25:56 -05:00
Robin Ward
561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Guo Xiang Tan
91d3929f52 Merge pull request #5078 from lelelelemon/master
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang
8124f26a6e change count>0 to exists 2017-08-23 22:54:51 +00:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam
845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
aa1a68b979 UX: do not show "Message" button on user's own profile page/card 2017-06-29 14:27:00 +05:30
Arpit Jalan
a10c939775 FIX: do not show website name on TL0 profile 2017-06-04 18:30:28 +05:30
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
e3e15182df FEATURE: avatar flair on user cards 2016-09-15 16:15:18 -04:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Robin Ward
b2289d733f List the "Watching First Post" tags on preferences 2016-07-22 16:16:45 -04:00
Sam
f1b1b0da14 FEATURE: show watched first post in user page 2016-07-08 14:08:10 +10:00
Sam
4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
David McClure
2cbd87c08c Remove www. from website name 2016-04-11 07:13:33 -07:00
David McClure
c6f6b17f71 UX: Show website path in website name for all domains
Query parameters are still truncated in website name
2016-04-10 18:55:01 -07:00
Sam
95076050f4 FEATURE: warn about mailing list mode if it is checked 2016-03-29 18:50:17 +11:00
Robin Ward
1006b1ba94 Various Plugin Enhancements and Extension Points 2016-03-11 15:53:37 -05:00
Sam
f0e942f647 PERF: move 3 more option columns out of the user table 2016-02-18 16:57:22 +11:00
Sam
3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Guo Xiang Tan
a362ad9407 FIX: Emoji in Discourse onebox is wrapped in square brackets. 2016-01-13 19:00:11 +08:00
Sam
a8b5192efd FEATURE: User page refactor
Re-organise user page so it is easier to find interesting info
split it into tabs

- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
Sam
c82b33600a FIX: serialize current user fields in standard user serializer 2015-12-05 17:50:03 +11:00
Régis Hanol
92ba6125c4 FEATURE: new 'automatically_unpin_topics' user preference 2015-11-17 18:21:40 +01:00
Guo Xiang Tan
7acc93b2a0 FEATURE: Track user profile views. 2015-09-16 14:48:31 +08:00
Régis Hanol
0c58f08207 FIX: profile picture selector 2015-09-11 15:10:56 +02:00
Régis Hanol
2742602254 FEATURE: support for external letter avatars service 2015-09-11 02:12:40 +02:00
Sam
abeabfb40f BUG/PERF: Stop shipping PM stats when not needed 2015-09-10 17:18:43 +10:00
Sam
0b9322d16a PERF: remove uneeded data, notification count is pointless
Getting notification count is expensive, no point shipping it to clients
2015-09-10 16:44:42 +10:00
Régis Hanol
bef80633b1 FEATURE: global admin override of most of the user preferences 2015-08-21 20:39:21 +02:00
Arpit Jalan
267d8be1f5 UX: show complete URL path if website domain is same as instance domain 2015-08-12 01:19:20 +05:30
Guo Xiang Tan
7c1e16da54 FEATURE: Display emojis in user stream. 2015-07-23 23:50:01 +08:00
Sam
8013b6a511 FIX: clean html before sending it to jquery for collapsing 2015-05-20 14:42:54 +10:00
Robin Ward
5bf8c31af4 Users can see their pending posts 2015-04-21 16:44:47 -04:00
Robin Ward
e3eaa7fa75 FIX: In long topics, filtering button was not always showing in card 2015-03-24 12:33:50 -04:00