Commit Graph

134 Commits

Author SHA1 Message Date
Arpit Jalan
ff44515a18
FIX: better error message if invite is expired (#10783)
https://meta.discourse.org/t/invite-token-is-invalid/165270/5?u=techapj
2020-09-30 20:32:33 +05:30
Dan Ungureanu
ef68e11137
FIX: Check if invite has expired before showing it (#10581) 2020-09-02 13:24:49 +03:00
Arpit Jalan
7532f24668 UX: better error message if moderator is not allowed to invite to group
UX: do not show invite to group option if mod is not owner of any group
2020-07-13 18:09:36 +05:30
Guo Xiang Tan
31a527a293
FIX: Return 400 when invalid topic_id is provided when creating invite. 2020-06-10 09:29:28 +08:00
Guo Xiang Tan
45fd668dc5
DEV: Render a proper response that can be handled on the client side. 2020-06-10 09:25:58 +08:00
Arpit Jalan
3094459cd9
FEATURE: multiple use invite links (#9813) 2020-06-09 20:49:32 +05:30
Guo Xiang Tan
81de592804
PERF: Use more efficient query when checking for existence. 2020-05-29 15:47:05 +08:00
Martin Brennan
afb5533581
FEATURE: Add timezone to core user_options (#8380)
* Add timezone to user_options table

* Also migrate existing timezone values from UserCustomField,
  which is where the discourse-calendar plugin is storing them

* Allow user to change their core timezone from Profile

* Auto guess & set timezone on login & invite accept & signup

* Serialize user_options.timezone for group members. this is so discourse-group-timezones can access the core user timezone, as it is being removed in discourse-calendar.

* Annotate user_option with timezone

* Validate timezone values
2019-11-25 10:49:27 +10:00
Sam Saffron
34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Arpit Jalan
1f1b3e99d1 UX: update invite 'not found' message 2019-07-19 16:39:44 +05:30
Arpit Jalan
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Arpit Jalan
e7fe7010b8
FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
Bianca Nenciu
07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Arpit Jalan
95ada3f190 FIX: save registration IP address for invited users 2019-04-13 13:04:25 +05:30
Arpit Jalan
2c8e1d3578 FEATURE: remove all expired invitations by default 2019-03-07 15:28:39 +05:30
Arpit Jalan
381793243e FIX: include error message if the "accept invite" process fails 2019-02-06 19:20:25 +05:30
Arpit Jalan
e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
Arpit Jalan
bea7a8a4d1 FIX: show accurate error message based on invite token validity 2019-01-03 07:46:05 +05:30
Guo Xiang Tan
86926f4aee DEV: Let create! handle the check for persistence.
This is unlikely to fail but we want to know when it does.
2018-12-12 08:36:13 +08:00
Gerhard Schlager
688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
Gerhard Schlager
7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
Arpit Jalan
b9835cc392 FIX: do not use scheduler for uploading csv file for invite
Since the bulk invite process already happens in a dedicated Sidekiq job
2018-07-04 13:28:11 +05:30
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Sam
41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Arpit Jalan
a2183c3f1d SECURITY: verify that inviter can invite new user to a topic 2017-10-09 15:59:41 +05:30
Guo Xiang Tan
6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan
190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Régis Hanol
4771b0a99f FIX: user fields in invite signups were broken 2017-10-04 23:04:24 +02:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Arpit Jalan
e7b9b1312e FEATURE: remove all invites
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Arpit Jalan
34996b4eff FIX: show invite validation error message in response 2017-06-13 22:41:53 +05:30
Arpit Jalan
b9c94aa234 FEATURE: add required user fields to invite accept form
UX: make "accept invitation" page consistent with sign up modal
2017-06-12 20:43:07 +05:30
Arpit Jalan
d2c2139da8 FEATURE: require name when accepting invite if 'full name required' setting is enabled 2017-05-29 21:46:43 +05:30
Arpit Jalan
77a8cae094 FIX: rescue specific errors on invite failure 2017-05-02 15:13:33 +05:30
Arpit Jalan
1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Arpit Jalan
0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Neil Lalonde
d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Arpit Jalan
5523d0dbf9 fix the build 2017-02-03 15:35:33 +05:30
Arpit Jalan
26ccf61ab1 FIX: sane error message when inviting an existing user 2017-02-03 14:27:27 +05:30
Arpit Jalan
9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Arpit Jalan
e793caf3e3 FIX: only allow CSV file to be uploaded for bulk invite 2017-01-11 16:26:01 +05:30
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Arpit Jalan
b1a94049e0 FIX: only staff can access 'resend all invites' feature 2016-06-07 10:57:08 +05:30
Arpit Jalan
a9c6df198c FEATURE: rate limit resend invites 2016-06-07 10:24:20 +05:30
Arpit Jalan
7b205ebba4 FEATURE: customize invite email message 2016-06-06 20:15:30 +05:30
Arpit Jalan
c4e1ad0953 FEATURE: Resend all pending invitations 2016-06-03 12:23:13 +05:30
Arpit Jalan
1253afdf95 FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 19:49:58 +05:30
Arpit Jalan
4c86758f74 FIX: show proper message on invite error 2015-12-20 22:13:37 +05:30
Arpit Jalan
f2c1dbaa68 FIX: return 422 if the invite is already redeemed 2015-09-16 17:30:00 +05:30
Arpit Jalan
eb96016043 FEATURE: copy invite link for topic invites 2015-08-31 21:15:15 +05:30
Arpit Jalan
4ad07b8c09 FEATURE: generate invite token 2015-08-28 18:29:31 +05:30
Sam
e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Sam
f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Robin Ward
987504c6ab Rename no_js layout to no_ember
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Arpit Jalan
78fd99fc40 Feature: resend invites 2014-10-07 01:43:17 +05:30
Arpit Jalan
b3926efebc convert space to plus for invite email parameter 2014-08-06 14:02:00 +05:30
Arpit Jalan
f571abfaaf FEATURE: allow staff to send multiple invites to same email 2014-07-30 00:13:11 +05:30
Arpit Jalan
8862a881f8 FEATURE: topic support in disposable invites 2014-07-15 23:11:06 +05:30
Neil Lalonde
766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Arpit Jalan
575b5e3d13 FEATURE: disposable invite tokens 2014-07-14 21:30:46 +05:30
Arpit Jalan
85ba55dc26 FEATURE: support txt file to be uploaded for bulk invite 2014-07-02 19:21:15 +05:30
Arpit Jalan
727184641e FEATURE: Bulk Invite 2014-06-09 01:43:39 +05:30
Sam
084ec87850 FEATURE: admins can invite users to groups via the web UI 2014-05-09 18:22:36 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Robin Ward
de30af9302 Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:50 -05:00
Robin Ward
b7327942af Add deleted_by to Trashable tables 2013-07-09 15:46:36 -04:00
Stephan Kaag
e39cc464b1 Refactor routes in order to be compatible with Rails 4 2013-07-01 20:00:06 +02:00
Neil Lalonde
a86b35c873 Remove the access_password site setting 2013-06-25 15:05:25 -04:00
Sam
2ca734c118 Merge pull request #964 from chrishunt/exclusive-club
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
Chris Hunt
a523fa56ac Don't require authentication for invites 2013-06-05 11:12:37 -07:00
Ian Christian Myers
3b245031a4 Implemented strong_parameters for Invite/InvitesController.
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
Sam
e9fc272db7 remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Wojciech Kocjan
e6ccc300dc Support for running discourse with a prefix (i.e. as http://servername/discourse) 2013-03-16 00:01:21 +01:00
Robin Ward
d2596c3c4c Remove unusued site_settings, show checkbox in UI for boolean values, remove restrict_access
boolean to avoid locking yourself out by setting access_password to empty string. Minor
UI tweaks.
2013-03-01 14:27:41 -05:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00