Commit Graph

2204 Commits

Author SHA1 Message Date
Arpit Jalan
b755279cf0 remove unneeded code 2017-04-27 08:47:47 +05:30
Arpit Jalan
e3f82140d8 more readable code for filtering username/email when bulk adding to group 2017-04-27 08:43:28 +05:30
Arpit Jalan
b41d96fac1 FIX: properly initialize hashes 2017-04-27 02:56:14 +05:30
Arpit Jalan
285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Guo Xiang Tan
6f7c6b0fd0 FIX: Incorrect error raised. 2017-04-25 09:59:01 +08:00
Guo Xiang Tan
423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Sam
7a9eee1b71 FEATURE: default notification level for group messages
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan
ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Robin Ward
8b8ee2ad61 Pass a context in when using a HTML builder 2017-04-18 12:35:35 -04:00
Arpit Jalan
1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Robin Ward
1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Sam
86904e9cd6 FIX: better error handling for theme import 2017-04-17 16:55:53 -04:00
Arpit Jalan
0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam
ed2e62f845 correct environment handling for test mode 2017-04-14 14:00:46 -04:00
Sam
def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
ef093b1610 Merge pull request #4807 from techAPJ/email-token-social
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan
3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Arpit Jalan
7fb17b83c4 FIX: confirm email token for user created via social login 2017-04-13 14:15:32 +05:30
Guo Xiang Tan
ee449b0dd5 Improve SSO verbose log when user record is invalid. 2017-04-13 11:39:26 +08:00
Guo Xiang Tan
57788200ec REFACTOR: Add User.reserved_username?. 2017-04-13 10:44:26 +08:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron
0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Guo Xiang Tan
9663a74445 FIX: Ensure username param is valid in NotificationsController. 2017-04-07 17:32:52 +08:00
Régis Hanol
93556bb950 Merge pull request #4793 from rcgordon/smtp-fast-rejection
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde
708f65f740 FIX: web crawlers getting 404 on category pages 2017-04-06 14:52:06 -04:00
Ryan C. Gordon
888d1512ec Corrected indentation. 2017-04-06 01:49:34 -04:00
Aashaka Shah
402eaaa773 FEATURE: add og tags to metadata in individual badges page 2017-04-06 09:32:53 +05:30
Guo Xiang Tan
5943543ec3 FIX: Improve checks for non-human users. 2017-04-06 11:29:34 +08:00
Ryan C. Gordon
c51af13338 smtp_should_reject API: use better approach to find user email. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon
a51c191a66 Make Email::Receiver.check_address() into a class method. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon
e15d11df18 Added an API to ask if an incoming email should be dropped at the SMTP level.
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward
40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
3839206317 FIX: Return JSON errors for by-external if JSON requested 2017-04-04 16:22:14 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan
406d721f11 Fix NilClass error in UsersController. 2017-04-04 14:17:45 +08:00
Guo Xiang Tan
f4758a4c4d FEATURE: Allow admins to schedule a topic to be published in the future. 2017-04-04 11:16:05 +08:00
Guo Xiang Tan
0bbad5040a topic-status-info component wasn't updated when topic is closed/opened. 2017-03-31 15:58:26 +08:00
Guo Xiang Tan
b6e9871b4b Update Topic#closed client side when closing/opening a topic temporarily. 2017-03-31 15:05:00 +08:00
Guo Xiang Tan
34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
14410b71fb Convert server side paths to use /u/ 2017-03-30 10:23:24 -04:00
Guo Xiang Tan
a818fa9831 FIX: Show stats of the last 30 days be default for admin reports.
* `1.month.ago + 1.month` uses the calendar month for calculations
  such that `1.month.ago` from the 30th of March 2017 will give
  us the 28th of February 2017. Adding one month ahead from
  28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
Arpit Jalan
f3cd5f61c5 FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site 2017-03-28 09:07:23 +05:30
Neil Lalonde
11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Sam
8e5e3b5af8 FIX: sso provider require return_sso_url 2017-03-22 09:08:38 -04:00
Robin Ward
874e8900af Display email address in SSO error message. 2017-03-21 15:37:46 -04:00
Robin Ward
aeaf5075bf Custom errors for when Email is invalid via SSO 2017-03-21 15:23:38 -04:00
Robin Ward
52d78294cc Render a layout when there's an SSO error 2017-03-21 15:23:38 -04:00
Arpit Jalan
82c0f5f587 Merge pull request #4767 from techAPJ/activate-account
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan
7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Sam Saffron
b94c7b4902 missing disposition 2017-03-20 17:07:32 -04:00
Sam
652b2d7199 remove redundent header setting 2017-03-20 16:08:18 -04:00
Sam
c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Guo Xiang Tan
1d4993a185 FIX: Sync user's notification channel before preloaded current user data.
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
Robin Ward
f5f54c1b77 Merge pull request #4764 from tgxworld/nuke_backticks
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Victor van Poppelen
9e60f9f093 JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Guo Xiang Tan
bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Neil Lalonde
6d7e968e30 FEATURE: box-style rendering of sub-categories 2017-03-13 15:25:52 -04:00
Sam
a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Sam
1a745ca16a else @user makes no sense :) 2017-03-13 10:22:23 -04:00
Guo Xiang Tan
9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan
848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Sam
f13367cecd FIX: latest + category not respecting homepage category suppression 2017-03-10 15:17:51 -05:00
Sam
bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Régis Hanol
00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Arpit Jalan
801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Arpit Jalan
090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde
d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Rafael dos Santos Silva
c3477cd40d Merge pull request #4716 from discourse/bounced_emails_details
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Guo Xiang Tan
477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Sam
c99f4260c0 Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Rafael dos Santos Silva
aac4a4ed94 Handle invalid parameters and missing bounced emails 2017-03-02 20:37:28 -03:00
Neil Lalonde
ca20cb9941 FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list 2017-03-02 15:06:56 -05:00
Guo Xiang Tan
3d347fb9c4 FIX: Don't mark user as active if verified email is different. 2017-03-02 14:24:30 +08:00
Sam
dbfea9b5b0 correct refactor 2017-03-01 18:26:26 -05:00
Sam
c79b146283 FEATURE: make list controller a bit more extensible 2017-03-01 16:41:09 -05:00
Neil Lalonde
262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Régis Hanol
fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Sam Saffron
3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Rafael dos Santos Silva
5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Neil Lalonde
a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Régis Hanol
3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Régis Hanol
f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Sam
1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam Saffron
040e10a627 reduce duplication 2017-02-15 17:27:10 -05:00
Neil Lalonde
d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam
3818c196e0 remove disallowed params 2017-02-15 16:47:14 -05:00
Sam
74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Nicolas
1deec95ccb Use natural orientation for web app manifest.
The `any` orientation forces the rotation even when the device's screen
 rotation is disabled. Using `natural` respects that and restores the
 expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood
3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron
4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol
27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Neil Lalonde
c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Arpit Jalan
5523d0dbf9 fix the build 2017-02-03 15:35:33 +05:30
Arpit Jalan
26ccf61ab1 FIX: sane error message when inviting an existing user 2017-02-03 14:27:27 +05:30
Guo Xiang Tan
61111a3f9b FIX: Show groups that user is owner of on groups page. 2017-02-03 16:51:32 +08:00
Guo Xiang Tan
18007ed34b FIX: Can't use an internal name here if SiteSetting.convert_pasted_images_to_hq_jpg is false. 2017-02-01 14:51:56 +08:00
Guo Xiang Tan
f6d9745c5f Bye bye byebug. 2017-02-01 14:50:14 +08:00
Guo Xiang Tan
6c8c91dca4 UX: Change default filename for images that have been pasted. 2017-02-01 14:44:41 +08:00
Arpit Jalan
9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Guo Xiang Tan
781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan
0a25df67bc Revert "FIX: Incorrect parameter being passed to component."
This reverts commit d354a6f7a4.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan
d354a6f7a4 FIX: Incorrect parameter being passed to component. 2017-01-25 13:09:08 +08:00
Guo Xiang Tan
32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Régis Hanol
fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Arpit Jalan
e793caf3e3 FIX: only allow CSV file to be uploaded for bulk invite 2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78 Use any orientation for web app manifest. 2017-01-11 17:32:24 +08:00
Guo Xiang Tan
cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Guo Xiang Tan
68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Neil Lalonde
685e6bdbab FIX: tags canonical url can raise error or be wrong 2017-01-05 15:17:23 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller 2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f FIX: Undefined variable. 2017-01-04 17:37:23 +08:00
Guo Xiang Tan
43671b1fda UX: Display group fullname in mention autocomplete. 2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva
d3fb724578 Merge pull request #4632 from xfalcox/native-app-banner
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva
d7c8c2d5e3 FEATURE: Opt-in native Discourse app install banner on Android/iOS 2017-01-03 15:50:45 -02:00
Guo Xiang Tan
ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9 UX: Sort groups by name. 2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf PERF: N+1 query on groups page. 2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7 FIX: Incorrect serializer for groups page. 2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c FIX: Can't update Groups#allow_membership_requests in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60 FIX: Incorrect count when loading more groups. 2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4 FIX: Do not show automatic groups to normal users. 2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam
dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd FEATURE: Add groups page. 2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9 Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2 FIX: Admin can't add/remove public group users. 2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e FEATURE: Add Group#full_name. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b UX: Move editing group from into an individual tab. 2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3 FIX: Permit missing params. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175 FIX: Members should be ordered by username. 2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58 FIX: Show an error page if finish-installation can't run 2016-12-07 11:10:08 -05:00
Guo Xiang Tan
81d333289e FIX: Return 503 when in readonly mode. 2016-12-07 14:04:42 +08:00
Guo Xiang Tan
545dfa7191 FEATURE: Allow group owners to edit title. 2016-12-07 10:26:28 +08:00
Sam
1135e00c83 FIX: regression unable to dismiss unread 2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Arpit Jalan
431aa79bb3 Merge pull request #4587 from techAPJ/invite-upload
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan
adb7fcb6b3 FEATURE: Add bio to group page. 2016-12-05 16:58:04 +08:00
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Sam
dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Sam
8a98d617df correct headers and add better caching 2016-12-05 15:11:07 +11:00
Sam
39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam
33d0a23d84 Merge branch 'fix_whisper' 2016-12-05 10:01:03 +11:00
Neil Lalonde
dafd1453d6 FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
Guo Xiang Tan
bc0a8142fe PERF: Only show members count on group page. 2016-12-02 16:28:54 +08:00
Sam
c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Sam
b8dc58be90 got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
Sam
266322ce2e FEATURE: add help text for no bookmarks in user page 2016-11-29 17:56:00 +11:00
Guo Xiang Tan
d95fbd89d0 Enable miniprofiler in development automatically. 2016-11-29 10:59:10 +08:00
Joe Buhlig
0390deba40 FIX: Add tags to list options from params 2016-11-26 08:24:52 -06:00
Guo Xiang Tan
559918c6c6 PERF: Add endpoint to check if a group can be mentioned by user. 2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Guo Xiang Tan
712ff01f38 PERF: Remove eager load. 2016-11-25 11:21:08 +08:00
Guo Xiang Tan
63a88ee6e7 Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam
88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Neil Lalonde
f885e5b5e6 fix success response handling of sending digest preview email 2016-11-24 15:05:33 -05:00
Guo Xiang Tan
84914c5e1f PERF: Fix N+1 query. 2016-11-24 17:47:14 +08:00
Guo Xiang Tan
b889bfefbb PERF: Don't calculate the same query twice. 2016-11-24 14:05:26 +08:00
Neil Lalonde
47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Sam
e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Guo Xiang Tan
f824afb4d3 FEATURE: Allow date_of_field column to be updated. 2016-11-17 15:16:58 +08:00
cpradio
c3d4c949f1 Add comments to relevant sections denoting "create new topic" scenario is not supported for cannot-see-mention (per @coding-horror instruction) 2016-11-16 06:26:36 -05:00
Robin Ward
32a8d5ed1f Merge pull request #4550 from cpradio/cannot-see-mention
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam
63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
cpradio
824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Kiffin Gish
3aa22715af A new guard for changing post timestamps called can_change_post_timestamps? 2016-11-06 20:14:09 +01:00
Neil Lalonde
764a572070 FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory 2016-11-02 15:29:33 -04:00
Neil Lalonde
29edbafac7 FIX: post short link on subfolder installs 2016-11-01 15:20:04 -04:00
Neil Lalonde
9ef1688a76 FEATURE: per-category default topic list sort order 2016-11-01 12:18:41 -04:00
Neil Lalonde
8c9d390cac FIX: Tags used only on deleted topics could not be used again 2016-10-28 15:11:50 -04:00
Régis Hanol
71f940d478 FIX: use metadata to hold the message_id with sparkpost 2016-10-27 19:35:50 +02:00
Dmitry Demenchuk
fb25485bb1 Delete useless home_redirect method from ForumsController. 2016-10-27 15:45:22 +01:00
Régis Hanol
41f19641d1 FIX: don't error out when we receive a bounce associated to a deleted user 2016-10-26 10:13:05 +02:00
Régis Hanol
81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Guo Xiang Tan
ee9946388c Merge pull request #4507 from ming-relax/feat-delete-by-email
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Sam
9a94d1b212 FIX: everyone is not a visible group 2016-10-24 13:03:22 +11:00
Robin Ward
19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Sam
bfa33f2518 Merge pull request #4500 from tgxworld/performance_on_users_page
PERF: Remove ordering by username.
2016-10-21 10:40:58 +11:00
Robin Ward
c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU
dffd8baa91 Remove user from a group by user email 2016-10-18 17:10:47 +08:00
Régis Hanol
3949c24f80 FIX: sparkpost webhooks support 2016-10-17 11:26:49 +02:00
Guo Xiang Tan
18d032ad91 PERF: Remove ordering by username.
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
0328141e05 FIX: prevent creation of tags with invalid characters 2016-10-12 15:44:36 -04:00
Régis Hanol
ddcc084d22 Revert "FEATURE: Use the top period default for users who have been inactive or are new" 2016-10-11 17:56:46 +02:00
cpradio
2de50a616d FEATURE: Use the top period default for users who have been inactive or are new 2016-10-11 09:55:15 -04:00
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam
f6ac914376 Merge pull request #4467 from cpradio/advanced-search-ui
FEATURE: Advanced Search UI
2016-10-11 10:02:35 +11:00
Sam
3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Neil Lalonde
600b23c0a4 FIX: permalink redirects should work on tag paths 2016-10-04 12:01:42 -04:00
cpradio
4b71fd253b Advanced Search UI
Properly support Categories so it updates the search box correctly

Use category id, as it is more consistent with search results than using the slugs, especially for parent/subcategory

Added Status

Improve AutoComplete so it can receive updates
Added the ability for AutoComplete to receive updates to badge-selector and group-selector

Respect null, which is set via web-hooks

Support both # and category: for category detection.

Only update the searchedTerms if they differ from its current value (this helps the Category Selector receive updates)

Opt in receive updates (#3)

* Make the selectors opt-in for receiving updates

* Opt-in to receive updates

* Fix category detection for search-advanced-options

Fix eslint error

Update user-selector so it can receive updates live too
Make the canReceiveUpdates check validate against 'true'

Converted to use template literals

Refactor the regex involved with this feature
Split apart the init to make it a bit more manageable/testable

Switch the category selector to category-chooser, so it is a dropdown of categories instead of auto-complete

Reduce RegEx to make this happier with unicode languages and reduce some of the complexity
2016-10-04 11:18:01 -04:00
Robin Ward
f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Guo Xiang Tan
1c3992e575 FIX: Ensure that translations bundle exists before merging plugin bundle. 2016-09-30 14:29:30 +08:00
Vibol Hou
c3d60d5d1d Merge remote-tracking branch 'upstream/master' 2016-09-29 02:12:05 -07:00
Guo Xiang Tan
72ccb4e11d FIX: Plugin "admin_js" translations bundle was not fetched. 2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73 Second review fixes 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
2a5a0bebb3 Adjusts from review 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
acc70cc3de SiteSetting, admin passtrough, CSS, hide on mobile 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
6faedfa716 Rate limit printing 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Guo Xiang Tan
4e663998af PERF: N+1 query on user summary page. 2016-09-23 12:44:08 +08:00
Robin Ward
7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af Company Name Step which updates the TOS 2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0 Clean up wizard updater API for better plugin use 2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14 Upload Logos Step 2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef Wizard: Server Side Validation + Finished Step 2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan
9374e5d42d Revert "FIX: don't overwrite category's logo & background URLs"
This reverts commit 641b95f655.
2016-09-22 11:30:19 +08:00
Régis Hanol
641b95f655 FIX: don't overwrite category's logo & background URLs 2016-09-21 22:11:31 +02:00