Commit Graph

1165 Commits

Author SHA1 Message Date
Guo Xiang Tan
439fe8ba24 Revert "FEATURE: Site settings defaults per locale"
This reverts commit 468a8fcd20.
2017-08-07 10:31:50 +09:00
Leo McArdle
a7b7fe335f FIX: allow an admin to click on blank errors (#5027)
* FIX: allow an admin to click on blank errors

* i18nlize strings

* what would a rails master do?
2017-08-04 20:04:26 +02:00
Régis Hanol
3c0de22bf0 FIX: wasn't able to remove a user's primary group 2017-08-04 18:13:20 +02:00
Erick Guan
468a8fcd20 FEATURE: Site settings defaults per locale
This change-set allows setting different defaults for different locales. 

It also:

- Adds extensive testing around site setting validation

- raises deprecation error if site setting has the default property based on env

- relocated site settings for dev and tests in the initializer

- deprecated client_setting in the site setting's loading process

- ensure it raises when a enum site setting being set

- default_locale is promoted to `required` category.

- fixes incorrect default setting and validation

- fixes ensure type check for site settings

- creates a benchmark for site setting

- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Arpit Jalan
6c997b65d9 optimize enqueuing activation email code 2017-07-31 22:57:39 +05:30
Arpit Jalan
0b01d0e95d FIX: staff cannot manually activate accounts after 48 hours has elapsed
https://meta.discourse.org/t/staff-cannot-manually-activate-invited-accounts-after-48-hours-has-elapsed/66292/14?u=techapj
2017-07-31 22:24:09 +05:30
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2442bba131 UX: Better group creation workflow.
* Owners and users can now be added to a group during creation.

https://meta.discourse.org/t/you-cannot-allow-membership-requests-without-any-owners/64760/3
2017-07-27 16:12:42 +09:00
Guo Xiang Tan
e3ac6585bd FIX: Search by topic_id should not be restricted by SiteSetting.min_search_term_length. 2017-07-26 09:52:39 +09:00
Sam
658c2f52c0 add diagnostics for flaky test 2017-07-25 17:09:13 -04:00
Guo Xiang Tan
54b508dda3 Add back test to ensure user can't edit name after SiteSetting.username_change_period. 2017-07-24 20:47:34 +09:00
Guo Xiang Tan
2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
3882722195 FEATURE: Inline (Mini) Oneboxing
see:
https://meta.discourse.org/t/mini-inline-onebox-support-rfc/66400?source_topic_id=66066
2017-07-20 15:38:04 -04:00
Leo McArdle
d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Robin Ward
cdb3706025 Track clicks on topics in search results 2017-07-17 15:42:32 -04:00
Robin Ward
21e02d6969 Include the search_log_id in search results 2017-07-17 12:10:32 -04:00
Robin Ward
d7f783ffed Replace search mock tests with integration test 2017-07-14 14:30:58 -04:00
Robin Ward
97e211f837 FEATURE: Log Search Queries 2017-07-14 14:30:58 -04:00
Guo Xiang Tan
a338a7a53e Fix the build. 2017-07-10 11:12:21 +09:00
Robin Ward
f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Neil Lalonde
a509146ea5 FIX: support non-english tags in tag input field 2017-07-07 14:48:08 -04:00
Guo Xiang Tan
13f3de4bf6 Nuke all SiteSetting.stubs from our codebase. 2017-07-07 15:09:14 +09:00
Sam
340a3ee5cb correct spec to handle not null visibility_level 2017-07-03 16:03:26 -04:00
Sam
845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
72c92b0f4e FIX: include canonical meta tag on category pages 2017-07-03 13:25:22 +05:30
Régis Hanol
a9c0df0b58 FIX: always try to convert PNG to JPG when pasting an image 2017-06-23 12:13:48 +02:00
Guo Xiang Tan
80e348d226 PERF: Speed up slow tests in our test suite.
Before

```
Finished in 7 minutes 23 seconds (files took 4.15 seconds to load)
7145 examples, 0 failures, 10 pending
```

After

```
Finished in 6 minutes 12 seconds (files took 4.41 seconds to load)
7145 examples, 0 failures, 10 pending
```
2017-06-22 11:23:31 +09:00
Guo Xiang Tan
b5ec241716 FIX: Validate interpolation keys used in translation overrides.
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
Arpit Jalan
34996b4eff FIX: show invite validation error message in response 2017-06-13 22:41:53 +05:30
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Guo Xiang Tan
5994c85ea9 FIX: Raise the right error when email params is missing. 2017-06-12 17:48:32 +09:00
Robin Ward
54bb2a6bc2 FIX: Don't redirect to wizard when resetting password 2017-06-07 12:36:52 -04:00
Guo Xiang Tan
2cad739262 FIX: Better error message when username change fails.
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Guo Xiang Tan
ac6c1acbed FIX: Groups that do not have any owners should not allow membership requests. 2017-06-05 10:02:37 +09:00
Sam
b4060778d9 FIX: you should always be allowed to see actions you created 2017-06-02 14:24:06 -04:00
Guo Xiang Tan
2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Guo Xiang Tan
bd486100c0 Remove stubs on DiscourseEvent in tests. 2017-06-01 16:21:00 +09:00
Sam
607998af33 FEATURE: dropdown to filter staff action logs 2017-05-30 11:25:42 -04:00
Guo Xiang Tan
4d9481bf47 Fix build. 2017-05-26 16:04:59 +08:00
Guo Xiang Tan
56f98de7b2 Use webmock to stub external web requests. 2017-05-26 15:19:09 +08:00
Robin Ward
b584264d82 FIX: Don't show "resend email" option when user approval is on 2017-05-25 15:29:05 -04:00
Robin Ward
d2121ca272 FIX: Missing HTTP stub 2017-05-23 15:08:19 -04:00
Robin Ward
36e477750c FIX: Use same code path for downloading images 2017-05-23 14:51:30 -04:00
Robin Ward
908433a7a0 SECURITY: Validate the entity when downloading a CSV 2017-05-19 16:00:51 -04:00
Guo Xiang Tan
8ab9f30bbd FIX: User can't remove bookmark from a deleted post. 2017-05-19 12:25:12 +08:00
Régis Hanol
13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Neil Lalonde
a0f03936ff FIX: saving invisible primary group field that you don't belong to 2017-05-17 12:46:50 -04:00
Sam
4b449914b8 FIX: admins could never remove self from messages 2017-05-16 16:06:24 -04:00
Sam
e1dd543a93 FEATURE: allow users to select theme on single device 2017-05-15 12:48:16 -04:00
Sam
2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Neil Lalonde
55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Pat David
10f2db67ba Add test for class_name in EmbedController 2017-05-11 15:16:16 -04:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
7d9b5514ba FIX: correctly invalidate theme css cache on scheme change 2017-05-10 15:47:11 -04:00
Sam
04b5516bf2 improve upload functionality 2017-05-10 15:47:11 -04:00
Sam
bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron
c2829dce22 FIX: base sql vanishes after badge creation 2017-05-09 09:25:57 -04:00
Robin Ward
afe04b8bbb FIX: Possible 500 error if category saved incorrectly 2017-05-08 15:17:58 -04:00
Arpit Jalan
e89d0a6b20 FIX: importing a theme via file was broken 2017-05-08 12:03:24 +05:30
Guo Xiang Tan
3eb920e2b0 Merge pull request #4841 from fantasticfears/webhook-ping
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Sam
342ef5f81a FEATURE: out-of-the-box dark/light user selectable themes 2017-05-03 11:31:33 -04:00
Robin Ward
81190f5d66 FIX: Redirect away from account-created if you're logged in 2017-05-03 11:18:01 -04:00
Robin Ward
12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Sam
946f25098f Refactor theme fields so they support custom theme defined vars
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Erick Guan
9f8a917d65 add event name for ping webhooks in the header 2017-05-02 08:13:23 +02:00
Neil Lalonde
0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Guo Xiang Tan
304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Arpit Jalan
285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Guo Xiang Tan
6f7c6b0fd0 FIX: Incorrect error raised. 2017-04-25 09:59:01 +08:00
Guo Xiang Tan
423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Sam
d4111c8676 correct spec 2017-04-20 17:24:21 -04:00
Arpit Jalan
ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Sam
2bc3aa7ed4 remove no digest refs
the digestless special dev behavior is no longer needed
2017-04-18 17:05:33 -04:00
Arpit Jalan
f968b4e662 Fix the build 2017-04-18 16:34:58 +05:30
Arpit Jalan
1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Arpit Jalan
0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam
809fbb25ce FIX: blanking theme field was not properly removing it 2017-04-13 17:24:15 -04:00
Guo Xiang Tan
3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Guo Xiang Tan
9663a74445 FIX: Ensure username param is valid in NotificationsController. 2017-04-07 17:32:52 +08:00
Robin Ward
40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan
0bbad5040a topic-status-info component wasn't updated when topic is closed/opened. 2017-03-31 15:58:26 +08:00
Guo Xiang Tan
34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
6b976433c9 Support for both /users/ and /u/ paths 2017-03-30 10:23:24 -04:00
Guo Xiang Tan
3ef82bb32c SECURITY: CSRF vulnerabilities in Admin::BackupsController. 2017-03-23 10:29:35 +08:00
Neil Lalonde
11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Arpit Jalan
82c0f5f587 Merge pull request #4767 from techAPJ/activate-account
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan
7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Sam
c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Guo Xiang Tan
a1d04a7a9a Fix rspec tests. 2017-03-20 12:35:08 +08:00
Guo Xiang Tan
bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Sam
a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Guo Xiang Tan
9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan
848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Sam
bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Arpit Jalan
801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Arpit Jalan
090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde
d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Régis Hanol
0abe433495 Merge pull request #4736 from techAPJ/group-bulk-add
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
Arpit Jalan
d5bcc70e9c FIX: grant trust level when bulk adding users to group 2017-03-06 14:39:53 +05:30
Guo Xiang Tan
477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Neil Lalonde
6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Guo Xiang Tan
107d6783a9 Remove use of stubs in tests. 2017-03-01 10:53:03 +08:00
Guo Xiang Tan
76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan
e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Robin Ward
0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Régis Hanol
f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Neil Lalonde
d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam
8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Sam
7652901b75 reduce mocking and stubbing in controller spec 2017-02-13 14:31:15 -05:00
Neil Lalonde
94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol
27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Neil Lalonde
c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Arpit Jalan
9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Guo Xiang Tan
781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan
32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Régis Hanol
fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Guo Xiang Tan
68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Sam
c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam
2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam
0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan
5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan
7c7c233c1c FIX: Can't update Groups#allow_membership_requests in admin. 2016-12-20 15:14:35 +08:00
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Arpit Jalan
a2096a01fb add test case for handling uploads without extension 2016-12-20 00:46:47 +05:30
Sam
eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Neil Lalonde
2d61d7d644 update embed_controller_spec 2016-12-13 16:29:51 -05:00
Guo Xiang Tan
43ee9f884e FEATURE: Add Group#full_name. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan
da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Sam
1135e00c83 FIX: regression unable to dismiss unread 2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Guo Xiang Tan
37b256e7f2 Fix specs. 2016-12-05 17:13:58 +08:00
Arpit Jalan
431aa79bb3 Merge pull request #4587 from techAPJ/invite-upload
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Guo Xiang Tan
b45fd21ed9 FIX: Clean up specs. 2016-12-05 13:37:33 +08:00
Sam
dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Neil Lalonde
dafd1453d6 FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
Guo Xiang Tan
bc0a8142fe PERF: Only show members count on group page. 2016-12-02 16:28:54 +08:00
Sam
b8dc58be90 got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
Sam
266322ce2e FEATURE: add help text for no bookmarks in user page 2016-11-29 17:56:00 +11:00
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam
88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Sam
bfd0418f07 added a test for safe mode 2016-11-23 13:31:05 +11:00
Robin Ward
32a8d5ed1f Merge pull request #4550 from cpradio/cannot-see-mention
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam
63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
cpradio
824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Neil Lalonde
764a572070 FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory 2016-11-02 15:29:33 -04:00
Régis Hanol
71f940d478 FIX: use metadata to hold the message_id with sparkpost 2016-10-27 19:35:50 +02:00
Régis Hanol
81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Guo Xiang Tan
ee9946388c Merge pull request #4507 from ming-relax/feat-delete-by-email
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Ming HU
7803a06e50 Use expect change for groups_controller_spec.rb 2016-10-24 10:32:21 +08:00
Robin Ward
19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Robin Ward
c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU
dffd8baa91 Remove user from a group by user email 2016-10-18 17:10:47 +08:00
Régis Hanol
3949c24f80 FIX: sparkpost webhooks support 2016-10-17 11:26:49 +02:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Régis Hanol
ddcc084d22 Revert "FEATURE: Use the top period default for users who have been inactive or are new" 2016-10-11 17:56:46 +02:00
cpradio
2de50a616d FEATURE: Use the top period default for users who have been inactive or are new 2016-10-11 09:55:15 -04:00
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam
3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Guo Xiang Tan
1302db2683 Skip randomly failing test first. 2016-10-01 05:14:35 +08:00
Robin Ward
f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Guo Xiang Tan
cde18834f8 Fix randomly failing spec. 2016-09-30 05:18:54 +08:00
Vibol Hou
c3d60d5d1d Merge remote-tracking branch 'upstream/master' 2016-09-29 02:12:05 -07:00
Guo Xiang Tan
72ccb4e11d FIX: Plugin "admin_js" translations bundle was not fetched. 2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73 Second review fixes 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
f96fffeb34 Add tests 2016-09-26 20:46:55 -03:00
Robin Ward
7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward
ef84981e38 Invite Users step 2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef Wizard: Server Side Validation + Finished Step 2016-09-22 09:52:19 -04:00