github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-28 13:53:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
26,726 Commits 214 Branches 500 Tags 960 MiB
e19ae6c55e
Commit Graph

212 Commits

Author SHA1 Message Date
Guo Xiang Tan
7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session. 
* Improve error when an active user tries to request for an activation email.
 2017-03-13 19:35:29 +08:00
Guo Xiang Tan
76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""" 
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
 2017-03-01 10:16:59 +08:00
Guo Xiang Tan
e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."" 
This reverts commit 0e3def7d2b.
 2017-02-28 11:27:14 +08:00
Robin Ward
0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email." 
This reverts commit 1060239e2d.
 2017-02-27 13:19:26 -05:00
Guo Xiang Tan
1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a Revert "SECURITY: Ensure that user has been authenticated." 
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
 2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Sam
8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Sam
7652901b75 reduce mocking and stubbing in controller spec 2017-02-13 14:31:15 -05:00
Neil Lalonde
94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens 
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
 2017-02-07 09:22:16 -05:00
Neil Lalonde
c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Sam
0a78ae739d Remove SearchObserver, aim is to remove all observers 
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
 2016-12-22 13:13:14 +11:00
Sam
eb2db23b40 FEATURE: remove email_token_grace_period_hours 
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
 2016-12-19 17:15:20 +11:00
Sam
0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
cpradio
824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in 
FIX: Group Mention Notifications
 2016-11-14 22:03:16 -05:00
Robin Ward
c03d25f170 FEATURE: Configure Admin Account 
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
 2016-10-19 11:27:56 -04:00
Robin Ward
f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Sam
afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Arpit Jalan
f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Sam
a130cb8305 FEATURE: move more urgent emails notifications to critical queue 
Move signup, admin login and password change email notifications
to critical queue
 2016-04-07 14:39:01 +10:00
Robin Ward
5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward
d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol
1135d2094a Merge pull request #4006 from scossar/set-locale-from-header 
Feature: (WIP) Set locale from Accept-Language header
 2016-03-04 09:12:30 +01:00
Régis Hanol
8d4bac7da2 fix build & add migration to clear common passwords cache 2016-03-03 19:39:22 +01:00
Arpit Jalan
50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
scossar
0a396583ed set locale for anonymous from header 
set locale on signup

update spec

add locale option
 2016-02-26 13:45:00 -08:00
Arpit Jalan
6df5b38b54 better user update spec 2016-02-24 16:10:08 +05:30
Arpit Jalan
d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Arpit Jalan
0064927077 FIX: do not allow new email to be duplicate 
FIX: return proper error message when email already exists
 2016-01-23 13:42:53 +05:30
Sam Saffron
7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Arpit Jalan
380764dc92 FIX: validate email when changing via user preferences page 2016-01-16 10:50:49 +05:30
Neil Lalonde
c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Andy Waite
3e50313fdc Prepare for separation of RSpec helper files 
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
 2015-12-01 20:39:42 +00:00
Régis Hanol
76692235ae FIX: don't ever fetch staged accounts in unseen mentions 2015-11-27 18:16:50 +01:00
Régis Hanol
43614439e6 FEATURE: can take over a staged account 2015-11-13 19:07:28 +01:00
Régis Hanol
16f509afb9 FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side 2015-11-12 10:26:45 +01:00
Régis Hanol
bb79e6aff7 FEATURE: new hide_user_profiles_from_public site setting 2015-10-28 19:56:08 +01:00
Robin Ward
a527c58c7d UX: Show a nicer "Log In" screen if the user follows /my/preferences 2015-10-14 13:39:31 -04:00
Régis Hanol
36309e50cc Merge pull request #3767 from tgxworld/track_user_profile_views 
Track user profile views
 2015-09-23 11:38:18 +02:00
Régis Hanol
07e7b07b63 FIX: refreshing gravatar wasn't working 2015-09-17 19:42:44 +02:00
Guo Xiang Tan
7acc93b2a0 FEATURE: Track user profile views. 2015-09-16 14:48:31 +08:00
Régis Hanol
18d7c1c75d fix the build - take 2 2015-09-11 15:47:48 +02:00
Arpit Jalan
e0c9054748 FEATURE: invite page tabs 2015-07-13 09:42:51 +05:30
Kane York
df988a20eb FEATURE: Reserved usernames 
A list of usernames that will be blocked from being used to sign up.
 2015-07-01 13:50:55 -07:00
Sam Saffron
73646184aa correct specs 2015-06-05 18:58:20 +10:00
Régis Hanol
cb025a65e0 FIX: make sure we also save the user_avatar.custom_upload_id 2015-05-29 10:21:41 +02:00
Régis Hanol
8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00
Sam
6a338afbdd Merge pull request #3403 from zzakcanncode/rspec_up 
Rspec 3
 2015-04-28 07:50:30 +10:00
Arpit Jalan
2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30
Arthur Neves
b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec 
This conversion is done by Transpec 3.1.0 with the following command:
    transpec

* 424 conversions
    from: obj.should
      to: expect(obj).to

* 325 conversions
    from: == expected
      to: eq(expected)

* 38 conversions
    from: obj.should_not
      to: expect(obj).not_to

* 15 conversions
    from: =~ /pattern/
      to: match(/pattern/)

* 9 conversions
    from: it { should ... }
      to: it { is_expected.to ... }

* 5 conversions
    from: lambda { }.should_not
      to: expect { }.not_to

* 4 conversions
    from: lambda { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should_not
      to: expect { }.not_to

* 1 conversion
    from: === expected
      to: be === expected

* 1 conversion
    from: =~ [1, 2]
      to: match_array([1, 2])

For more details: https://github.com/yujinakayama/transpec#supported-conversions
 2015-04-25 11:18:35 -04:00
Robin Ward
2459f52c71 Merge pull request #3375 from techAPJ/patch-2 
FEATURE: invite existing users to private topic
 2015-04-16 11:13:42 -04:00
Arpit Jalan
d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Sam
2a3f71a9a1 SECURITY: log off all existing sessions when resetting password 2015-04-15 08:57:43 +10:00
Sam
f5d89169e2 FEATURE: initial implemenation of anonymous posting mode 2015-04-07 18:05:31 +10:00
Sam
92e371f0b3 FEATURE: civilized mute 
Allow user to mute all notifications generated by specific users
 2015-03-24 11:55:22 +11:00
Robin Ward
6d38005a22 Allow staff to change uneditable user fields 2015-03-20 15:18:43 -04:00
Régis Hanol
7d8dd9d93b fix some rspec deprecations 2015-02-26 13:05:20 +01:00
Robin Ward
8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam
17927b2e8b FIX: don't use flash cause we are not redirecting 
(we should probably change that though)
 2015-02-20 10:28:58 +11:00
Greg Kempe
d99ccf6d27 FIX: creating a user shouldn't error when optional fields aren't provided 
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.

Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
 2015-01-27 11:48:27 +02:00
riking
1ab0d6bd82 FEATURE: Log username changes by staff 
Also fix the tests for changing username
 2015-01-17 02:26:12 -08:00
Luciano Sousa
bc73238c8f controllers with rspec3 syntax 2015-01-09 14:04:02 -03:00
Blake Erickson
02ade72ceb Update username should return a json response 
- Have update username return json response that contains the updated
  username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
 2014-12-10 09:43:16 -07:00
Blake Erickson
e9e88c9b82 Remove legacy avatar code 
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
 2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf Have pick_avatar return json. 
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
 2014-12-06 09:26:32 -07:00
David McClure
efc4109902 update specs to remove deprecation warnings 2014-11-07 06:05:44 -08:00
Robin Ward
c9eb809dad FIX: The text to users who signed up when approval was required was 
misleading.
 2014-11-04 15:48:03 -05:00
Régis Hanol
865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Robin Ward
71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their 
user card
 2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Robin Ward
4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward
f9a8f6d6ce FEATURE: Support for a required setting on user fields. 2014-10-08 15:10:19 -04:00
Sam
0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Arpit Jalan
41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Robin Ward
edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Régis Hanol
a7a1dcadcc use the right HTTP verb 2014-09-29 22:41:54 +02:00
Régis Hanol
7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Régis Hanol
de76b512c1 fix most deprecations in the specs (still some left) 2014-09-25 17:44:48 +02:00
Sam
dd5872eecb remove warnings 2014-09-25 17:46:51 +10:00
riking
2c6d03f87f SECURITY: Limit passwords to 200 characters 
Prevents layer 8 attack.
 2014-09-12 12:07:11 -04:00
Robin Ward
c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Robin Ward
ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Robin Ward
9a1580244a FIX: Don't show profile pages for inactive users and don't show them in 
search results.
 2014-08-13 13:30:25 -04:00
Neil Lalonde
939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
Neil Lalonde
766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Régis Hanol
b5c57fa947 FIX: don't mess with fixtures when running the specs 2014-07-14 17:34:23 +02:00
Sam
8fcc019ff8 FIX: only allow badge title selection if it exists 2014-07-09 15:31:49 +10:00
Sam
7909ca2a17 fix spec 2014-07-05 09:13:53 +10:00
Sam
5a0aed2bfa FIX: regression, forgot password broken 
also... mocks were invented by the devil
 2014-07-02 13:06:55 +10:00
Robin Ward
e22688a204 FEATURE: Can upload images to categories 2014-06-30 14:14:00 -04:00
Robin Ward
9000c358d1 REFACTOR: Use common path for RESTful DELETE action from upload image 
component
 2014-06-30 14:13:59 -04:00
Robin Ward
4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Andrew Bezzub
386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00