Régis Hanol
8e0da35857
FIX: allow local oneboxes to public topics/posts in PM
2018-02-15 18:14:41 +01:00
Sam
f028ffaf29
SECURITY: correct local onebox category checks
...
Also removes ugly "source_topic_id" from cooked posts
Patch was authored by @zogstrip
Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
Erick Guan
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Muhlis Cahyono
cc3cf6588b
FEATURE: Notification API Endpoints for Admins
...
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Gerhard Schlager
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
Robin Ward
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
Sam
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Régis Hanol
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
Sam
906f189914
have to clear debounce cache for tests
2018-01-15 15:29:54 +11:00
Sam
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Arpit Jalan
672888f526
FIX: handle invalid password reset token
2018-01-09 23:48:17 +05:30
Sam
8ff5f5f2ef
FIX: cache admin locale file for 24 hours
2018-01-09 10:23:49 +11:00
Joffrey JAFFEUX
642645ba9a
FIX: broken select badge as user title ( #5474 )
...
* FIX: broken select badge as user title
* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan
ef4c6c67ba
fix the build
2017-12-23 14:42:40 +05:30
Régis Hanol
7f69362d9d
FIX: external links in whisper ended up in a white page
...
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
Philipp Daniels
6a2bce1931
FIX: Data loss on update of single user_field.
...
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Guo Xiang Tan
97ceebb570
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam
96584403cd
SECURITY: prevent staged accounts from changing email
2017-12-14 17:16:49 +11:00
Sam
a393d3bcbb
FIX: ensure staged accounts are always inactive
...
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
Arpit Jalan
1d43d7f136
optimize spec
2017-12-12 13:00:53 +05:30
Arpit Jalan
d21db0f186
add a test case to verify presence of registration_ip_address for staged users
2017-12-11 21:33:00 +05:30
Robin Ward
74b9828731
FIX: Remove mentions filters from user and groups
...
Additionally return no data if disabled
2017-12-07 16:29:02 -05:00
Arpit Jalan
5003f07b2c
FEATURE: new site setting show_inactive_accounts
2017-12-07 19:22:41 +05:30
Sam
dd70ef3abf
Revert "Revert "PERF: improve speed of rate limiter""
...
This reverts commit 2373d85239
.
2017-12-04 21:23:11 +11:00
Sam
2373d85239
Revert "PERF: improve speed of rate limiter"
...
This reverts commit a9bcdd7f27
.
2017-12-04 21:19:28 +11:00
Sam
a9bcdd7f27
PERF: improve speed of rate limiter
...
Also
- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
2017-12-04 18:17:30 +11:00
Arpit Jalan
496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements
...
FEATURE: support search click through tracking for user, category and tags
2017-12-01 12:08:38 +05:30
Arpit Jalan
e3925278e2
FEATURE: support search click through tracking for user, category and tags
...
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj
This commit adds following features:
- support for tracking click through to user, tag and category
- new filter for search type (header, full page)
This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
Vinoth Kannan
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
Guo Xiang Tan
1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
...
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Guo Xiang Tan
1d8b834301
Merge pull request #5369 from vinothkannans/queued
...
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
Robin Ward
77f90876d3
REFACTOR: Track manual locked user levels separately from groups
2017-11-27 11:23:44 -05:00
Vinoth Kannan
31aa21b5a4
FIX: Error if queued post not found while updating
2017-11-27 19:25:51 +05:30
Guo Xiang Tan
5805979e88
FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
...
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Sam
eb428ef54d
FEATURE: uploads are processed a faster
...
Also cleans up API to always return 422 on upload error. (previously returned 200)
Uploads are processed using new hijack pattern
2017-11-27 12:43:35 +11:00
Sam
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00
Guo Xiang Tan
82222e8d18
Improve specs to test for the right response status.
2017-11-24 09:32:44 +08:00
Sam
e61629ed84
remove spec containing mock
2017-11-23 17:54:27 +11:00
Robin Ward
628275fc31
FIX: Some badge routes were still working even with badges disabled
2017-11-21 12:22:44 -05:00
Robin Ward
0a9daba627
FIX: Support for long suspension emails
2017-11-20 12:45:46 -05:00
Gerhard Schlager
92a831bae6
FEATURE: user directory returns staged users during search
2017-11-19 01:17:31 +01:00
OsamaSayegh
4c4410225e
UX: cap likes 2 ( #5237 )
2017-11-15 11:28:54 +11:00
Robin Ward
971e302ff2
FEATURE: Support an end date for user silencing
2017-11-14 13:20:19 -05:00
Sam
47e4c9bb46
FIX: import/export theme should work with uploads
2017-11-14 16:30:23 +11:00
Robin Ward
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
Neil Lalonde
9dc9ca4ac0
FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all
2017-11-10 12:18:25 -05:00
Neil Lalonde
d7880af0bb
FIX: change password form validation should instruct admins to use min password length for admin accounts
2017-11-07 16:14:56 -05:00
Sam
56412adad5
FEATURE: custom setting for large square site icon
...
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Sam
1bd9e64a36
FIX: offline controller regression
2017-10-31 15:44:50 +11:00
Erick Guan
7c3123a2dd
Downcase encoded slug by default and more specs
2017-10-26 16:50:29 +08:00
Rafael dos Santos Silva
5d5268a82b
Feature: Group handling
2017-10-25 22:49:17 -02:00
Arpit Jalan
9586f0bdc9
fix the build - take 2
2017-10-20 21:34:56 +05:30
Arpit Jalan
13b2bf52c9
fix the build
2017-10-20 20:31:49 +05:30
Neil Lalonde
2db66072d7
SECURITY: signup without verified email using Google auth
2017-10-16 13:51:41 -04:00
Robin Ward
f73a3cc0d4
Don't include suspended_at or suspended_till unless suspended
2017-10-13 12:17:54 -04:00
Arpit Jalan
a2183c3f1d
SECURITY: verify that inviter can invite new user to a topic
2017-10-09 15:59:41 +05:30
Neil Lalonde
1faae3c765
rename forgot_password_strict to hide_email_address_taken
2017-10-03 15:28:31 -04:00
Neil Lalonde
e47f5cedd2
FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup
2017-10-03 15:28:30 -04:00
Guo Xiang Tan
85c5bb4ea4
Fix randomly failing spec.
2017-10-03 11:59:26 +08:00
Guo Xiang Tan
8140e54675
FIX: More fixes for Group#mentionable
and Group#messageable
feature.
2017-10-02 17:45:58 +08:00
Guo Xiang Tan
c872225762
Improve MessageBus.track_publish
to allow filter by channel.
2017-10-02 11:34:57 +08:00
Guo Xiang Tan
b295a39977
Fix randomly failing spec.
2017-10-02 11:24:48 +08:00
Guo Xiang Tan
049d925213
Remove controller spec that is rewritten as request spec.
2017-10-02 10:47:22 +08:00
Eleanor Demis
ac04f5e0cc
update response error when deleting tags ( #5213 )
2017-09-30 16:31:32 +02:00
Guo Xiang Tan
6baea9948b
Revert "fix the build"
...
This reverts commit 8b74c7d325
.
2017-09-29 08:57:06 +08:00
Régis Hanol
8b74c7d325
fix the build
2017-09-28 15:50:01 +02:00
Guo Xiang Tan
5f1c29e424
FIX: Display json response when Discourse::InvalidAccess
is raised for
...
non json requests.
2017-09-28 15:31:16 +08:00
Régis Hanol
6a7920ad75
FIX: wasn't able to change default theme
2017-09-27 20:05:31 +02:00
Régis Hanol
af01e62b14
FIX: wasn't allowed to set a user's title anymore
2017-09-26 20:13:24 +02:00
Régis Hanol
28c54b42c5
FIX: wasn't able to update user options anymore
2017-09-26 20:00:10 +02:00
Robin Ward
383d771265
Fix broken tests
2017-09-25 12:52:45 -04:00
Robin Ward
09ed2ed749
Add Suspend User to flags page
2017-09-25 12:28:00 -04:00
Robin Ward
6bce3004d9
UX: Nicer selection of suspend duration
2017-09-25 12:28:00 -04:00
Robin Ward
677b016387
Send a suspension message via email to a user
2017-09-25 12:26:41 -04:00
Guo Xiang Tan
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
Guo Xiang Tan
bfda6884b1
Fix randomly failing spec.
2017-09-20 13:30:15 +08:00
Régis Hanol
8ed318c4fe
display 'similar to' earlier when composing a post
2017-09-16 01:03:29 +02:00
Régis Hanol
797936d2c5
FIX: don't leak whisper count in user card
2017-09-14 20:08:16 +02:00
Robin Ward
9b3b39d8a2
FIX: Users should be able to activate their emails even if unapproved
...
Note in discourse `active` means "Email is active" - they still can't
login until approved
2017-09-12 15:04:39 -04:00
Robin Ward
171d9e5aed
SECURITY: Prevent users from updating to blacklisted email domains
2017-09-12 10:11:08 -04:00
Neil Lalonde
d7d9923b8e
FIX: display email validation error messages
2017-09-11 13:22:14 -04:00
Guo Xiang Tan
5d4221fbe1
PERF: Avoid calling expensive PostGuardian#can_see_post?
multiple times.
...
Before
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 19
75: 19
90: 21
99: 27
topic:
50: 56
75: 62
90: 64
99: 99
timings:
load_rails: 1262
ruby-version: 2.4.1-p111
rss_kb: 198432
pss_kb: 136612
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_9877: 327892
pss_kb_9877: 263671
rss_kb_9946: 325468
pss_kb_9946: 261671
rss_kb_10153: 326456
pss_kb_10153: 262657
```
After
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 18
75: 18
90: 20
99: 28
topic:
50: 41
75: 42
90: 46
99: 49
timings:
load_rails: 1201
ruby-version: 2.4.1-p111
rss_kb: 187936
pss_kb: 123596
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_26478: 342360
pss_kb_26478: 276696
rss_kb_26547: 340368
pss_kb_26547: 275930
rss_kb_26747: 338964
pss_kb_26747: 274466
```
2017-09-08 14:07:24 +08:00
Sam
9f0f086b3e
FEATURE: allow API to mark accounts as approved on creation
2017-08-28 15:36:46 -04:00
Bianca Nenciu
6bc74ceb50
Split alias levels in mentionable and messageable levels. ( #5065 )
...
* Split alias levels in mentionable and messageable levels.
* Fixed some tests.
* Set messageable level to everyone by default.
* By defaults, groups are not mentionable or messageable.
* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Guo Xiang Tan
4b4169c8fd
Merge pull request #5053 from fantasticfears/session-controller
...
Spec for local auth check
2017-08-24 09:42:54 +09:00
Sam
8dfb1be4d1
FEATURE: unlisted *only* means not listed in topic lists
...
Remove security by obscurity feature that tries for exact slug match
If you need to hide a topic from users either move to a secure category
or convert to a PM
2017-08-22 17:53:54 -04:00
Sam
d7a2584c6e
FEATURE: image uploads now have short urls
...
Shorten all image uploads to use short urls, this is the client
side implementation.
2017-08-22 16:40:08 -04:00
Sam
117ce24ac3
Correct a flaky spec
2017-08-22 13:56:38 -04:00
Guo Xiang Tan
bc3e43b496
FIX: Topic timers being incorrectly trashed!
.
...
https://meta.discourse.org/t/temporary-timed-closure-of-topic-not-re-opening-topic/67877
2017-08-22 15:23:09 +09:00
Sam
505939eab7
correct spec
2017-08-21 14:40:44 -04:00
Sam Saffron
aea9db56d4
fix formatting
2017-08-17 08:10:57 -04:00
Mudasir Raza
84c83afd35
Allow optional import_mode param for posts in api ( #4952 )
2017-08-17 07:53:04 -04:00
Erick Guan
c7a101476e
Spec for local auth check
2017-08-16 11:01:00 +02:00
Kyle Zhao
c3249f6e93
FEATURE: add full editing access to queued posts ( #5047 )
...
For pending new topics: the body of the post, title, categories
and the tags are editable.
For pending new replies: only the body is applicable and thus
editable
DISCUSSION: https://meta.discourse.org/t/66754
2017-08-15 12:44:05 -04:00
Guo Xiang Tan
b404a4b97c
Merge pull request #5034 from tgxworld/fix_staged_primary_email
...
FIX: Staged users are still missing primary email.
2017-08-10 10:30:51 +09:00
Guo Xiang Tan
90d7dd1f05
FIX: Ensure that post action moderation post uses the site's default locale.
...
https://meta.discourse.org/t/a-post-in-looking-for-someone-to-customize-discourse-to-create-a-forum-site-requires-staff-attention/67468/5?u=tgxworld
2017-08-09 18:20:20 +09:00
Arpit Jalan
bf2c35aa99
FEATURE: add RSS feed for badge pages
2017-08-09 13:43:49 +05:30
Guo Xiang Tan
0bc690ed11
FIX: Staged users are still missing primary email.
2017-08-09 12:03:49 +09:00
Guo Xiang Tan
3f24ed2b3e
Can't revert due to incompatibility of new site setting types.
...
Revert "Revert "FEATURE: Site settings defaults per locale""
This reverts commit 439fe8ba24
.
2017-08-07 10:43:09 +09:00