Commit Graph

4718 Commits

Author SHA1 Message Date
Robin Ward
b3883f5c32 FIX: Don't lock a post on edit unless the raw changes 2018-03-01 20:40:19 -05:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Régis Hanol
482c615ef8 FEATURE: extract signatures from most popular email services/software 2018-03-02 01:51:15 +01:00
Will Jordan
a41446a502 single quote password in restore command
> Followup to #3283. Quotes passwords passed to shell for backup restore.
2018-03-01 12:08:35 -08:00
Gerhard Schlager
7a2183e8ab FEATURE: rake task for merging users 2018-03-01 12:28:12 +01:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
81ca3677f7 Add guard for nil in our RateLimiter. 2018-03-01 13:20:42 +08:00
Guo Xiang Tan
5d9f9c2614 FIX: RateLimiter max of zero or less should raise rate limit exceeded. 2018-03-01 13:14:46 +08:00
Neil Lalonde
baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Guo Xiang Tan
e7a7356986 Remove ancient votes code that is no longer used. 2018-02-28 14:37:22 +08:00
Guo Xiang Tan
902c5d11cf FIX: Don't allow other flag actions after notify_moderator has happened.
https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
2018-02-28 11:27:56 +08:00
Sam
f295a18e94 FIX: stop double counting net calls in logs 2018-02-28 10:45:11 +11:00
Sam
2a7b7add59 oops 2018-02-28 09:35:46 +11:00
Sam
182aaffbd5 Keep second semantics for method 2018-02-28 09:21:38 +11:00
Robin Ward
33340071e7 FIX: Use 60 minutes, not 60 seconds for column dropper 2018-02-27 16:45:20 -05:00
Régis Hanol
3c430a3949 FEATURE: begone gmail signatures! 2018-02-27 15:19:34 +01:00
Régis Hanol
73ee62f55f FEATURE: automatically elide forwarded emails and signature from outlook 2018-02-27 15:00:50 +01:00
Gerhard Schlager
4a54c09e46 FIX: Retry with GET request when HEAD fails with error 400 2018-02-27 12:07:16 +01:00
Guo Xiang Tan
cb0c443343
Merge pull request #5615 from jjaffeux/puke
Adds :puke: as alias to :face_vomiting:
2018-02-27 10:20:54 +08:00
Régis Hanol
fd33090646 FEATURE: automatically elides gmail quotes 2018-02-26 23:54:02 +01:00
Régis Hanol
26d5ae61dd FIX: handle <pre> inside <blockquote> in html_to_markdown 2018-02-26 23:28:02 +01:00
Neil Lalonde
3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Régis Hanol
3be0294465 FIX: local post onebox was always pointing to 1st post 2018-02-26 16:05:35 +01:00
Régis Hanol
7d7f6faf40 FIX: properly render emojis in local oneboxes 2018-02-26 11:16:53 +01:00
Sam
b301c9f6c1 more prep work for jRuby 2018-02-26 10:25:58 +11:00
Arpit Jalan
b9a669ba32 FIX: do not log personal message view if user can't see the message 2018-02-25 22:39:25 +05:30
Joffrey JAFFEUX
aa990604c5 Adds :puke: as alias to :face_vomiting: 2018-02-24 17:11:04 +01:00
Régis Hanol
0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Arpit Jalan
a1ea477604 rescue error when cleaning avatars 2018-02-23 18:15:55 +05:30
Robin Ward
69af881f7f New site setting trusted_users_can_edit_others
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan
24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Joffrey JAFFEUX
1c790ae6bc Revert "Add prompt and HD settings to the Google OAuth2 plugin."
This reverts commit f74d6bb605.
2018-02-22 19:17:02 +01:00
Régis Hanol
ca1fd774a1 Revert "WIP"
This reverts commit 2cf5479678.
2018-02-22 18:15:42 +01:00
Régis Hanol
2cf5479678 WIP 2018-02-22 17:56:56 +01:00
Vinoth Kannan
7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Felix Wolfsteller
c302c28a7d Switch ids in References-Header field of mails. (#5567)
This change allows email-clients to show threaded views of mails as
expected.  Apparently most algorithms expect the message ids of mails
in the Reference-header-field to be sorted such that they build a
traversal through the thread, so the oldest (original) message being
first, then its child, grandchild and so on until it arrives at the
message id that the "new" mail (that is to be sent) is the reply to.

MSGA [1]
+- Re: MSGA [1-1]
|  +- Re: Re: MSGA [1-2-1]
|  +- Re: Re: MSGA [1-2-2]
+- Re: MSGA [1-1]

If the stuff in brackets would be the message ID, the References-Header
field of a message that is a reply to [1-2-1] should look like:

References: 1, 1-1, 1-2-1

Discussion took place in:
https://meta.discourse.org/t/e-mail-threading-in-ml-mode-does-not-work-in-thunderbird

Main information taken from:
https://www.jwz.org/doc/threading.html
2018-02-22 10:48:23 +01:00
Geoffrey Challen
f74d6bb605 Add prompt and HD settings to the Google OAuth2 plugin. 2018-02-22 12:29:19 +08:00
Vinoth Kannan
84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Guo Xiang Tan
1b04d881c5 UX: Display lock icon in admin user lists when user has 2FA enabled. 2018-02-22 09:00:09 +08:00
Sam
720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan
776ab73a8d FIX: can_tag method called without guardian variable 2018-02-21 21:22:56 +05:30
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan
8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Sam
26450f7587 allow for no lograge
(fixes tests)
2018-02-21 15:40:37 +11:00
Sam
ca1a3f37e3 FEATURE: add instrumentation for all external net calls 2018-02-21 15:20:29 +11:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward
3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Régis Hanol
0799831dbe FIX: use the avatar of the post rather than the topic in local oneboxes 2018-02-20 19:49:39 +01:00