Commit Graph

654 Commits

Author SHA1 Message Date
Robin Ward
a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Maja Komel
98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Neil Lalonde
ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan
7534042427 DEV: Update annotations. 2018-11-07 11:11:19 +08:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Jeff Wong
0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam
e605542c4e PERF: limit unread count to 99 in the blue circle
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Vinoth Kannan
8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Vinoth Kannan
84ab825e41
FEATURE: Webhook for user destroyed event (#6124) 2018-07-23 13:19:49 +05:30
Guo Xiang Tan
4765507585 Remove code that is no longer required. 2018-07-19 16:56:53 +08:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Guo Xiang Tan
214dac05de Update annotations. 2018-07-16 14:19:07 +08:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Arpit Jalan
db67c87916 fix purge unactivated users subquery 2018-07-13 07:58:58 +05:30
Arpit Jalan
7550e9ff95 FIX: purge unactivated users with a message from non-human users 2018-06-29 13:03:04 +05:30
Robin Ward
5d1d7e0e7d PERF: Scanning the id for this is signficantly slower in production 2018-06-28 11:04:40 -04:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Jeff Wong
bc52bdfa12 Feature: unconditionally consider TL0 users as "first day" users 2018-06-21 10:53:08 -07:00
Jeff Wong
2ff226e509 FIX: consider staged users mature (no spam checks) after 1 day 2018-06-19 09:41:10 -07:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Jeff Wong
68e4e6a575 FIX: staged users are still tl0 but do not trigger spam if 1 week old. 2018-06-18 17:20:04 -07:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Régis Hanol
f988fa31aa FIX: ensure 'notifications_state' is up to date after creating a notification 2018-05-26 02:09:48 +02:00
Gerhard Schlager
beed676b04 FIX: Check group names when checking username availability 2018-05-22 21:55:54 +02:00
Guo Xiang Tan
b3981ddc43 Shorten User.suggest_name further. 2018-05-17 16:35:03 +08:00
Guo Xiang Tan
117763493b Refactor User#suggest_name.
* Rename `email` to `string` as variable can be an email, username
  or any valid string.
2018-05-17 14:54:14 +08:00
Arpit Jalan
aee4045dd0 FIX: suggest name when username/name is provided 2018-05-17 10:36:36 +05:30
Régis Hanol
39aceed63d FIX: don't purge unactivated users with a message 2018-05-16 18:24:11 +02:00
Régis Hanol
a28c58feb1 FIX: automatic group membership when using SSO 2018-05-15 01:48:30 +02:00
Joffrey JAFFEUX
e474351ae4
inactive users report is not used anymore 2018-05-14 21:31:14 +02:00
Joffrey JAFFEUX
83255d94d9
DateGroupable is not used anymore 2018-05-14 16:26:14 +02:00
Régis Hanol
3e06598e96 FIX: only unstage staged users 2018-05-14 12:03:15 +02:00
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Sam
8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Gerhard Schlager
ee426623e4 Dashboard next: correctly group inactive member count 2018-05-04 07:48:55 +02:00
Gerhard Schlager
41cd8c169c Add specs for inactive users report 2018-05-04 07:48:55 +02:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Joffrey JAFFEUX
b9c7e09a4e
linting 2018-04-26 15:21:02 +02:00
Joffrey JAFFEUX
9fabf2543b
dashboard next: activity metrics and new contributors
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
Guo Xiang Tan
00d879ec63 Fix the build. 2018-04-03 00:44:12 +08:00
Guo Xiang Tan
2498403bc3 Revert "FIX: Username uniqueness check should not happen to current user_id"
This reverts commit f71a18facd.
2018-04-03 00:44:04 +08:00
Vinoth Kannan
f71a18facd FIX: Username uniqueness check should not happen to current user_id 2018-04-02 21:59:11 +05:30
Guo Xiang Tan
221503cd10 FIX: Add server side uniqueness validations for Group#name and User#username.
https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2018-04-02 18:19:18 +08:00
Guo Xiang Tan
35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Guo Xiang Tan
fa95699fde Fix the build. 2018-03-22 14:20:27 +08:00
Guo Xiang Tan
f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan
9e8d10f711 Fix the build. 2018-03-19 12:34:21 +08:00
Guo Xiang Tan
52b9af10a1 PERF: PG queries for the UserEmail#email column was not using the index. 2018-03-19 11:31:14 +08:00
Guo Xiang Tan
c85e1fdb50 Revert "PERF: Query for email was not using index."
This reverts commit 65eb046e69.
2018-03-16 15:31:39 +08:00
Guo Xiang Tan
65eb046e69 PERF: Query for email was not using index. 2018-03-16 15:19:35 +08:00
Neil Lalonde
5ce8177662 FIX: unable to delete user belonging to a group that grants a trust level 2018-03-14 15:12:11 -04:00
Guo Xiang Tan
0e1b896821 Explicitly assign primary_email record when creating a user
* This looks like we're doing the same thing but
  we're debugging a race condition where a user
  can be created without an email record. Therefore,
  we prefer the more obvious method of assigning an
  association.
2018-03-09 15:59:46 +08:00
Guo Xiang Tan
642c60c310 Rename variable so that it is clearer which variable is being referred. 2018-03-02 16:41:02 +08:00
Gerhard Schlager
fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan
226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Arpit Jalan
f07b1a5c05 FIX: activate user even if email token is already confirmed 2018-02-14 20:44:48 +05:30
Joshua Rosenfeld
f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Gerhard Schlager
b784c1eda4 FIX: Remove all notifications of staged user during sign-up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
d9515c37b3 FIX: Show message from discobot when staged user signs up 2018-01-25 14:58:43 +01:00
Gerhard Schlager
dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Philipp Daniels
6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Régis Hanol
af3c153687 make robocop 🤖 happy 2017-12-12 11:33:35 +01:00
Régis Hanol
62a5b174e1 FIX: wasn't able to use the same username when taking over a staged account 2017-12-12 11:26:00 +01:00
Robin Ward
4ae1bbaeba FIX: Only show the full suspension reason on the admin side 2017-12-07 13:27:02 -05:00
Arpit Jalan
daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Vinoth Kannan
7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Vinoth Kannan
1ee48966ca REVERT: FIX: Password required flag should be cleared whenever clearing the raw password 2017-11-30 16:17:14 +05:30
Vinoth Kannan
1776649b4d FIX: Password required flag should be cleared whenever clearing the raw password 2017-11-30 13:40:18 +05:30
Robin Ward
23ee3047bf FIX: Future date input selector was not respecting timezone 2017-11-28 13:44:24 -05:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Neil Lalonde
b37e40eea9 FEATURE: show read time in last 60 days 2017-11-16 15:46:51 -05:00
Vinoth Kanan
9ed16343fc Remove email column from schema information 2017-11-15 15:45:19 +05:30
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan
b3237d37f0 Drop unused email column from users table. 2017-11-07 10:12:33 +08:00
Guo Xiang Tan
defea6245c REFACTOR: Always validate email by default. 2017-10-25 13:48:34 +08:00
Guo Xiang Tan
19f3b81161 Revert "FIX: always trigger the ':user_updated' event"
This reverts commit 519b70ea46.

https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
Robin Ward
838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward
f73a3cc0d4 Don't include suspended_at or suspended_till unless suspended 2017-10-13 12:17:54 -04:00
Guo Xiang Tan
d67f0b39ae Update annotations. 2017-10-06 11:13:01 +08:00
Guo Xiang Tan
e542884b00 FIX: Incorrect notification state being published. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan
23b787e0a6 Require dependency otherwise it causes Sidekiq to lock up in development. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Guo Xiang Tan
26c6447161 Fix bugs in profiling scripts leading to incorrect results. 2017-09-13 15:33:59 +08:00
Leo McArdle
104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Neil Lalonde
d7d9923b8e FIX: display email validation error messages 2017-09-11 13:22:14 -04:00
Guo Xiang Tan
672b7cb9a5 Require missing dependency. 2017-09-05 09:39:56 +08:00
Guo Xiang Tan
7786c6c6f2 Remove duplicated scope. 2017-09-05 09:15:06 +08:00
Sam
c705159d22 Remove email column from user table 2017-08-29 11:50:56 -04:00
Neil Lalonde
398604ac71 FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users 2017-08-25 15:20:06 -04:00
Erick Guan
1146772deb Fix: unlinked topic search model (#5044) 2017-08-15 11:46:57 -04:00
Guo Xiang Tan
0bc690ed11 FIX: Staged users are still missing primary email. 2017-08-09 12:03:49 +09:00
Régis Hanol
519b70ea46 FIX: always trigger the ':user_updated' event
We don't always use the UserUpdated class to update a user's record
2017-08-04 18:12:10 +02:00
Guo Xiang Tan
24e0e000b9 FIX: Always validate presence of user's primary_email. 2017-07-31 11:47:29 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol
d67fe4c674 FIX: block all emails associated to a user when destroying their record 2017-07-25 17:44:46 +02:00
Leo McArdle
d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Neil Lalonde
69b2d64334 FIX: letter avatars in quotes on subfolders installs are broken 2017-06-23 17:12:13 -04:00
Régis Hanol
d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Régis Hanol
038454bde2 FIX: always confirm emails when SSO says so 2017-06-08 01:05:33 +02:00
Guo Xiang Tan
2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Arpit Jalan
0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Guo Xiang Tan
3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Guo Xiang Tan
72c16967e6 FIX: Check for reserved usernames before hitting DB. 2017-04-13 11:32:20 +08:00
Guo Xiang Tan
57788200ec REFACTOR: Add User.reserved_username?. 2017-04-13 10:44:26 +08:00
Guo Xiang Tan
0d67b507dc Merge pull request #4788 from davidtaylorhq/user_seen_event
Add a user_seen DiscourseEvent for plugins to hook into
2017-04-06 12:32:16 +08:00
Guo Xiang Tan
5943543ec3 FIX: Improve checks for non-human users. 2017-04-06 11:29:34 +08:00
David Taylor
03373a0e84 Add a user_seen DiscourseEvent for plugins to hook into 2017-03-31 23:30:59 +01:00
Arpit Jalan
4812417192 FIX: do not add user to group based on email domain unless email is confirmed 2017-03-28 15:02:40 +05:30
Guo Xiang Tan
e8fc8f0bb6 Update annotations. 2017-03-22 14:26:53 +08:00
Guo Xiang Tan
9f299b6842 Use after_commit since after_save runs within the transaction as well. 2017-03-16 16:02:34 +08:00
Guo Xiang Tan
299b92b4d7 Fix broken user created event trigger. 2017-03-16 15:36:27 +08:00
Guo Xiang Tan
5169ef8814 Fix broken specs. 2017-03-16 15:05:28 +08:00
Guo Xiang Tan
bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Guo Xiang Tan
4d4a1a1552 Add scope for human users. 2017-03-11 14:25:09 +08:00
Guo Xiang Tan
08ffbf6c61 Use Time.zone.now instead. 2017-03-05 11:10:40 +08:00
Bianca Nenciu
30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Neil Lalonde
3fb50d587d FIX: invited users and new TL1 users will see their first notification highlighted 2017-02-17 10:30:29 -05:00
Robin Ward
0e58e393a1 FIX: === and a better constant, thanks @ZogStriP 2017-02-13 13:14:19 -05:00
Robin Ward
e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol
84af84dc52 prevent inactive & staged users from being automatically added to a group 2017-02-06 17:49:27 +01:00
Guo Xiang Tan
ec73224b5e PERF: Remove N+1 query when saving a user. 2017-02-03 15:03:33 +08:00
Guo Xiang Tan
c01cee4aa6 PERF: N+1 query when saving a user. 2017-01-27 10:53:42 +08:00
Robin Ward
86c52c72f6 FIX: Deleting a user was not deleting their directory items 2017-01-16 11:46:52 -05:00
Guo Xiang Tan
63954c1b33 FIX: Same user record being saved twice causing validation to fail. 2017-01-16 16:41:03 +08:00