Commit Graph

150 Commits

Author SHA1 Message Date
Martin Brennan
64b4a7ba45
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316)
* If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added.
* The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 15:11:53 +10:00
Mark VanLandingham
4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
David Taylor
f2331ef07f
DEV: Stop serializing user_auth_token_logs (#8043)
These are no longer used in the user interface
2019-08-27 13:07:03 +01:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Guo Xiang Tan
55fd3acea0 Revert "FIX: Undefined method when serializing a user"
This reverts commit 1fbe078ae0.

`UserProfile` is created in a callback after the user has been created.
As such, it should be impossible for a user to not have a blank
`UserProfile`. This was also improved in
4f5c9bb8d3.
2019-06-04 09:30:30 +08:00
Blake Erickson
1fbe078ae0 FIX: Undefined method when serializing a user
Apparently is is possible to have a user without a user_profile. This
fix will return nil for any user_profile fields during serialization
(like the after delete web hook) instead of blowing up.
2019-05-23 19:44:55 -06:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam Saffron
cac80cdc3b DEV: more send -> public_send changes
This is a work in progress commit for more send to public_send conversions

Also adds some comments for cases where we need to keep send
2019-05-07 11:58:06 +10:00
Guo Xiang Tan
24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Tarek Khalil
ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels (#7248)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Tarek Khalil
1dd0fa0c4e
REFACTOR: Move redundant ignored user check into guardian (#7219)
* REFACTOR: Move redundant ignored user check into guardian
2019-03-20 19:55:46 +00:00
Tarek Khalil
5852e86226 FEATURE: Only allow TL2 Users to ignore other users (#7212) 2019-03-20 15:02:33 +01:00
Tarek Khalil
3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users (#7202) 2019-03-20 11:18:46 +01:00
Tarek Khalil
190b19f3c2
FEATURE: Add ignored user list to the User's preference page (#7107)
* FEATURE: Add ignored user list to the User's preference page

## Why?

Part of: https://meta.discourse.org/t/ability-to-ignore-a-user/110254

We want to add list of Ignored users under or along with the muted users preferences section.
This way Users can find and update their list of ignored users.

## UI


![gif](https://user-images.githubusercontent.com/45508821/53746179-8e9b3c00-3e98-11e9-9e90-94b8520896a6.gif)

## Open questions

Two of many options to represent a list of ignored users is that we can:

1. We can represent the ignored user list as a table with the ability to `un-ignore` but NOT to add new ignored users.
2. We can keep it functioning as the `muted user list` where you can `un-ignore` or `ignore` users.
2019-03-05 14:47:51 +00:00
Tarek Khalil
986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
David Taylor
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 10:57:28 +00:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Guo Xiang Tan
7256b3bf68 REFACTOR: Use UserAuthTokenLogSerializer instead of conditionals. 2018-09-03 10:44:22 +08:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Gerhard Schlager
96d1ea03e7 Sorting is hard. This should really fix user profiles. 2018-08-20 18:56:21 +02:00
Gerhard Schlager
209ed105f9 FIX: User profiles didn't work when API keys exist 2018-08-20 18:21:40 +02:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Maja Komel
cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan
00c6b078e3 Trim WebHookUserSerializer. 2018-05-21 17:29:58 +08:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Simon Cossar
88fdc926d1 Move external_id from UserSerializer to CurrentUserSerializer (#5658) 2018-03-07 22:54:31 -05:00
scossar
51544047dc Add external_id to User Serializer 2018-02-28 10:13:27 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Neil Lalonde
39d7745dc5 UX: show staged users' email addresses to staff without requiring a button press 2017-11-24 16:11:34 -05:00
Neil Lalonde
3f58b18dab FEATURE: user card shows staff if a user is staged and lets them check the email address 2017-11-23 16:38:11 -05:00
Neil Lalonde
b37e40eea9 FEATURE: show read time in last 60 days 2017-11-16 15:46:51 -05:00
Sam
813e21d0e8 FIX: current user serializer consistently returns {} for custom_fields
Resolves: #5210
2017-11-15 11:55:37 +11:00
Neil Lalonde
2aadc42662 FEATURE: show read time on user cards 2017-11-08 15:25:56 -05:00
Robin Ward
561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Guo Xiang Tan
91d3929f52 Merge pull request #5078 from lelelelemon/master
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang
8124f26a6e change count>0 to exists 2017-08-23 22:54:51 +00:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam
845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
aa1a68b979 UX: do not show "Message" button on user's own profile page/card 2017-06-29 14:27:00 +05:30
Arpit Jalan
a10c939775 FIX: do not show website name on TL0 profile 2017-06-04 18:30:28 +05:30
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
e3e15182df FEATURE: avatar flair on user cards 2016-09-15 16:15:18 -04:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00