Guo Xiang Tan
8140e54675
FIX: More fixes for Group#mentionable
and Group#messageable
feature.
2017-10-02 17:45:58 +08:00
Régis Hanol
af01e62b14
FIX: wasn't allowed to set a user's title anymore
2017-09-26 20:13:24 +02:00
Régis Hanol
28c54b42c5
FIX: wasn't able to update user options anymore
2017-09-26 20:00:10 +02:00
Guo Xiang Tan
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
Régis Hanol
797936d2c5
FIX: don't leak whisper count in user card
2017-09-14 20:08:16 +02:00
Robin Ward
9b3b39d8a2
FIX: Users should be able to activate their emails even if unapproved
...
Note in discourse `active` means "Email is active" - they still can't
login until approved
2017-09-12 15:04:39 -04:00
Robin Ward
171d9e5aed
SECURITY: Prevent users from updating to blacklisted email domains
2017-09-12 10:11:08 -04:00
Sam
9f0f086b3e
FEATURE: allow API to mark accounts as approved on creation
2017-08-28 15:36:46 -04:00
Guo Xiang Tan
0bc690ed11
FIX: Staged users are still missing primary email.
2017-08-09 12:03:49 +09:00
Arpit Jalan
6c997b65d9
optimize enqueuing activation email code
2017-07-31 22:57:39 +05:30
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Guo Xiang Tan
54b508dda3
Add back test to ensure user can't edit name after SiteSetting.username_change_period
.
2017-07-24 20:47:34 +09:00
Leo McArdle
d0b027d88d
FEATURE: phase 1 of supporting multiple email addresses
2017-07-20 11:22:27 +09:00
Guo Xiang Tan
5994c85ea9
FIX: Raise the right error when email params is missing.
2017-06-12 17:48:32 +09:00
Robin Ward
54bb2a6bc2
FIX: Don't redirect to wizard when resetting password
2017-06-07 12:36:52 -04:00
Guo Xiang Tan
2cad739262
FIX: Better error message when username change fails.
...
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Guo Xiang Tan
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Robin Ward
b584264d82
FIX: Don't show "resend email" option when user approval is on
2017-05-25 15:29:05 -04:00
Sam
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
Robin Ward
81190f5d66
FIX: Redirect away from account-created
if you're logged in
2017-05-03 11:18:01 -04:00
Robin Ward
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
Neil Lalonde
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
Arpit Jalan
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
Robin Ward
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
Robin Ward
6b976433c9
Support for both /users/
and /u/
paths
2017-03-30 10:23:24 -04:00
Arpit Jalan
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
Guo Xiang Tan
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
Sam
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
Guo Xiang Tan
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Guo Xiang Tan
76dd6933d2
Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
...
This reverts commit e6d75f6844
.
This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan
e6d75f6844
Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
...
This reverts commit 0e3def7d2b
.
2017-02-28 11:27:14 +08:00
Robin Ward
0e3def7d2b
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:19:26 -05:00
Guo Xiang Tan
1060239e2d
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit fbe51d68a7
.
Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7
SECURITY: Ensure that user has been authenticated.
2017-02-24 10:47:48 +08:00
Régis Hanol
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
Sam
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
Sam
7652901b75
reduce mocking and stubbing in controller spec
2017-02-13 14:31:15 -05:00
Neil Lalonde
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
Sam
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Neil Lalonde
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
Sam
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Sam
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
cpradio
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Robin Ward
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Robin Ward
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00