Guo Xiang Tan
8c5e13afd6
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 20:57:17 +08:00
Robin Ward
2c9a43e4fd
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:37:08 -05:00
Guo Xiang Tan
5cd680b0be
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit d1091f7f57
.
2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57
SECURITY: Ensure that user has been authenticated.
2017-02-24 11:46:59 +08:00
Sam
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Sam
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
cpradio
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Robin Ward
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Robin Ward
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00
Sam
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Arpit Jalan
f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
Sam
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Robin Ward
5771d2aee2
SECURITY: Support for confirm old as well as new email accounts
2016-03-08 14:52:22 -05:00
Robin Ward
d62689fa76
Move updating a user's email to its own controller
2016-03-08 14:52:22 -05:00
Régis Hanol
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Régis Hanol
8d4bac7da2
fix build & add migration to clear common passwords cache
2016-03-03 19:39:22 +01:00
Arpit Jalan
50e65634d7
FEATURE: new setting min_admin_password_length and better default
2016-03-02 14:43:26 +05:30
scossar
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
Arpit Jalan
6df5b38b54
better user update spec
2016-02-24 16:10:08 +05:30
Arpit Jalan
d77511319e
show monthly top topics on 404 page
2016-02-24 13:46:55 +05:30
Arpit Jalan
0064927077
FIX: do not allow new email to be duplicate
...
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
Sam Saffron
7303f8f309
FEATURE: first pass at user summary page
2016-01-20 15:14:25 +11:00
Arpit Jalan
380764dc92
FIX: validate email when changing via user preferences page
2016-01-16 10:50:49 +05:30
Neil Lalonde
c7df6783a9
FIX: only invalidate password reset links using javascript
2016-01-04 11:48:54 -05:00
Andy Waite
3e50313fdc
Prepare for separation of RSpec helper files
...
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`
`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).
For more information:
https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files
In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.
This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.
At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Régis Hanol
76692235ae
FIX: don't ever fetch staged accounts in unseen mentions
2015-11-27 18:16:50 +01:00
Régis Hanol
43614439e6
FEATURE: can take over a staged account
2015-11-13 19:07:28 +01:00
Régis Hanol
16f509afb9
FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side
2015-11-12 10:26:45 +01:00
Régis Hanol
bb79e6aff7
FEATURE: new hide_user_profiles_from_public site setting
2015-10-28 19:56:08 +01:00
Robin Ward
a527c58c7d
UX: Show a nicer "Log In" screen if the user follows /my/preferences
2015-10-14 13:39:31 -04:00
Régis Hanol
36309e50cc
Merge pull request #3767 from tgxworld/track_user_profile_views
...
Track user profile views
2015-09-23 11:38:18 +02:00
Régis Hanol
07e7b07b63
FIX: refreshing gravatar wasn't working
2015-09-17 19:42:44 +02:00
Guo Xiang Tan
7acc93b2a0
FEATURE: Track user profile views.
2015-09-16 14:48:31 +08:00
Régis Hanol
18d7c1c75d
fix the build - take 2
2015-09-11 15:47:48 +02:00
Arpit Jalan
e0c9054748
FEATURE: invite page tabs
2015-07-13 09:42:51 +05:30
Kane York
df988a20eb
FEATURE: Reserved usernames
...
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Sam Saffron
73646184aa
correct specs
2015-06-05 18:58:20 +10:00
Régis Hanol
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
Régis Hanol
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
Sam
6a338afbdd
Merge pull request #3403 from zzakcanncode/rspec_up
...
Rspec 3
2015-04-28 07:50:30 +10:00
Arpit Jalan
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
Arthur Neves
b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec
...
This conversion is done by Transpec 3.1.0 with the following command:
transpec
* 424 conversions
from: obj.should
to: expect(obj).to
* 325 conversions
from: == expected
to: eq(expected)
* 38 conversions
from: obj.should_not
to: expect(obj).not_to
* 15 conversions
from: =~ /pattern/
to: match(/pattern/)
* 9 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 5 conversions
from: lambda { }.should_not
to: expect { }.not_to
* 4 conversions
from: lambda { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should_not
to: expect { }.not_to
* 1 conversion
from: === expected
to: be === expected
* 1 conversion
from: =~ [1, 2]
to: match_array([1, 2])
For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
Robin Ward
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Sam
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
Sam
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
Sam
92e371f0b3
FEATURE: civilized mute
...
Allow user to mute all notifications generated by specific users
2015-03-24 11:55:22 +11:00