Commit Graph

37 Commits

Author SHA1 Message Date
Vinoth Kannan
e5c44f6dcf UX: display 'merge' button in all non-staff user profiles. 2020-04-22 17:42:09 +05:30
Martin Brennan
64b4a7ba45
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316)
* If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added.
* The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 15:11:53 +10:00
David Taylor
52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward
4ae1bbaeba FIX: Only show the full suspension reason on the admin side 2017-12-07 13:27:02 -05:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward
6bce3004d9 UX: Nicer selection of suspend duration 2017-09-25 12:28:00 -04:00
Neil Lalonde
9ae8813a53 FIX: admin user page should show count of all posts, including private messages, so admins can delete them. This bug was making it impossible to delete users. 2017-03-17 17:01:45 -04:00
Arpit Jalan
046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Régis Hanol
1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Régis Hanol
5018a8033d FIX: add link to user profile for staged users 2016-01-19 16:41:07 +01:00
Robin Ward
e8424bd54e SECURITY: Moderators should not see API keys 2015-10-14 15:40:23 -04:00
Neil Lalonde
608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Robin Ward
edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
riking
bff95a6a97 Rename 'leader' -> 'tl3' 2014-09-30 13:16:34 +10:00
Robin Ward
334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward
1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward
b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Neil Lalonde
00c28f2391 Show total likes given. Put likes given/received and flags given/received together. 2014-08-22 15:23:19 -04:00
Neil Lalonde
dafc63e3a0 Show how many likes users received in the last 100 days on their admin profile page 2014-08-22 14:37:07 -04:00
Benjamin Kampmann
ac3f1ba3d6 Improved Group Member Management on User Administration
Allows for a quick and easy group membership management on the
user-administration page. Uses the select2 UI component to
autosuggest other groups, remove existing ones and lock in automatic
groups.
2014-07-13 20:11:38 +02:00
Vikhyat Korrapati
4c0f85650e Display badge count in the user admin page. 2014-04-16 18:08:10 +05:30
Robin Ward
b61df08d1b FEATURE: Admin selector to choose a primary group for a user, display it
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Neil Lalonde
90e195b2e7 More work on trust level 3 requirements page 2014-01-24 11:56:46 -05:00
Neil Lalonde
ae3b53bb76 Add a page in admin to view trust level 3 requirements for a user. Only shows for users who are currently at trust level 2. 2014-01-22 18:17:45 -05:00
Neil Lalonde
0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Neil Lalonde
92a0729937 When banning a user, a reason can be provided. The user will see this reason when trying to log in. Also log bans and unbans in the staff action logs. 2013-11-01 10:47:26 -04:00
Robin Ward
348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00
Neil Lalonde
4fd5087f91 Add button to delete a spammer in the flag modal
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Sam
62c60540be pull moderator into own column, rename trust levels 2013-03-19 21:06:11 -07:00
Ismael Abreu
80bec6efc9 Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-14 01:12:23 +00:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Sam Saffron
85973ce6b0 added delete all posts button
wired up the ability to enable all themes
2013-02-07 18:11:56 +11:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00