Robin Ward
a139e469a7
SECURITY: Avoid mass assignment on user create
2016-08-05 12:43:50 -04:00
Neil Lalonde
01d0aeb5a9
merge master
2016-03-31 17:40:54 -04:00
Régis Hanol
07e7b07b63
FIX: refreshing gravatar wasn't working
2015-09-17 19:42:44 +02:00
Régis Hanol
18d7c1c75d
fix the build - take 2
2015-09-11 15:47:48 +02:00
Arpit Jalan
e0c9054748
FEATURE: invite page tabs
2015-07-13 09:42:51 +05:30
Kane York
df988a20eb
FEATURE: Reserved usernames
...
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Sam Saffron
73646184aa
correct specs
2015-06-05 18:58:20 +10:00
Régis Hanol
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
Régis Hanol
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
Sam
6a338afbdd
Merge pull request #3403 from zzakcanncode/rspec_up
...
Rspec 3
2015-04-28 07:50:30 +10:00
Arpit Jalan
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
Arthur Neves
b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec
...
This conversion is done by Transpec 3.1.0 with the following command:
transpec
* 424 conversions
from: obj.should
to: expect(obj).to
* 325 conversions
from: == expected
to: eq(expected)
* 38 conversions
from: obj.should_not
to: expect(obj).not_to
* 15 conversions
from: =~ /pattern/
to: match(/pattern/)
* 9 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 5 conversions
from: lambda { }.should_not
to: expect { }.not_to
* 4 conversions
from: lambda { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should_not
to: expect { }.not_to
* 1 conversion
from: === expected
to: be === expected
* 1 conversion
from: =~ [1, 2]
to: match_array([1, 2])
For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
Robin Ward
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Sam
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
Sam
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
Sam
92e371f0b3
FEATURE: civilized mute
...
Allow user to mute all notifications generated by specific users
2015-03-24 11:55:22 +11:00
Robin Ward
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
Régis Hanol
7d8dd9d93b
fix some rspec deprecations
2015-02-26 13:05:20 +01:00
Robin Ward
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
Sam
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Greg Kempe
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
riking
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Luciano Sousa
bc73238c8f
controllers with rspec3 syntax
2015-01-09 14:04:02 -03:00
Blake Erickson
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Blake Erickson
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
David McClure
efc4109902
update specs to remove deprecation warnings
2014-11-07 06:05:44 -08:00
Robin Ward
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
Robin Ward
f9a8f6d6ce
FEATURE: Support for a required
setting on user fields.
2014-10-08 15:10:19 -04:00
Sam
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
Arpit Jalan
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
Robin Ward
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
Régis Hanol
a7a1dcadcc
use the right HTTP verb
2014-09-29 22:41:54 +02:00
Régis Hanol
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
Régis Hanol
de76b512c1
fix most deprecations in the specs (still some left)
2014-09-25 17:44:48 +02:00
Sam
dd5872eecb
remove warnings
2014-09-25 17:46:51 +10:00
riking
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
Robin Ward
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
Robin Ward
9a1580244a
FIX: Don't show profile pages for inactive users and don't show them in
...
search results.
2014-08-13 13:30:25 -04:00
Neil Lalonde
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce
Check honeypot/challenge value on activation too
2014-07-15 14:07:35 -04:00
Neil Lalonde
766196af87
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations
2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85
FEATURE: Require Javascript to activate an account via email link
2014-07-14 12:26:10 -04:00