Commit Graph

2693 Commits

Author SHA1 Message Date
Sam
e72fd7ae4e FIX: move crawler blocking into anon cache
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
Sam
7f98ed69cd FIX: move crawler blocking to app controller
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
Sam
6a54da0902 FIX: raise invalid params for bad callback
Corrects it so we raise a 400 instead of logged 500 error
2018-06-29 10:43:33 +10:00
Sam
982df3c17b FIX: return status 400 for invalid member params
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
Robin Ward
fd7bb8e656 FIX: Scope the cn to the subfolder 2018-06-28 11:03:36 -04:00
Arpit Jalan
2c971c41f6 FIX: post deletions rate limit per day was not working 2018-06-28 19:21:27 +05:30
Arpit Jalan
a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Arpit Jalan
c352f8eb15 FEATURE: rate limit post deletions to 50 per day 2018-06-28 16:38:58 +05:30
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Arpit Jalan
6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Arpit Jalan
7efdccdbc5 FIX: allow staff to remove tags from queued topics 2018-06-26 17:08:40 +05:30
Joffrey JAFFEUX
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Guo Xiang Tan
0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Rafael dos Santos Silva
51cb38783e FIX: start_url was wrong in non-subfolder 2018-06-15 14:29:33 -03:00
Rafael dos Santos Silva
8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Sam Saffron
030e322a39 FEATURE: block top level /my/ routes 2018-06-12 19:47:45 +10:00
Jeff Wong
44ee26721a FIX: add check for missing assets file in development 2018-06-11 11:18:34 -07:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Vinoth Kannan
d8e641cd98 FIX: avatar_url includes upload_path twice when local storage used 2018-06-06 18:27:30 +05:30
Guo Xiang Tan
a83ab01264 REFACTOR: Remove extra param for group mentionable and messableable route. 2018-06-06 09:42:09 +08:00
Arpit Jalan
f8d82f135f FIX: do not verify group visibility when checking for mentionable/messageable 2018-06-05 16:59:21 +05:30
Guo Xiang Tan
95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Guo Xiang Tan
21e9315416 FIX: Use user account email instead of auth email when totp is enabled.
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Guo Xiang Tan
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
OsamaSayegh
449399bef3 return 403 forbidden when local logins disabled 2018-05-26 05:18:19 +03:00
Régis Hanol
5b2e7c8d10 fix the build 2018-05-26 03:11:10 +02:00
Robin Ward
4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Guo Xiang Tan
569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache
FIX: update cache times for service workers
2018-05-25 09:28:17 +08:00
Sam
53b97b28f0 FIX: in rare conditions post timing would miss the user 2018-05-24 15:38:33 +10:00
Neil Lalonde
3db1032bfd FIX: not found page shouldn't include the Google search form for sites with login_required enabled 2018-05-23 16:59:02 -04:00
Blake Erickson
3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts
See [this commit][1] for more info

[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
Sam
3e06def856 FIX: If we have no logo defined use sketch in manifest 2018-05-22 12:10:59 +10:00
Sam
788ca1f112 FIX: stop adding email to unsubscribe url
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
2018-05-22 09:07:03 +10:00
Guo Xiang Tan
467d91347a Missing specs for Group, Tag, Category and Flag web hooks. 2018-05-21 17:29:58 +08:00
Arpit Jalan
9f422c93f6 FIX: restrict updates on confirm_old_email email templates 2018-05-19 12:19:59 +05:30
Arpit Jalan
003b7f06ad FIX: rescue specific error 2018-05-18 09:52:16 +05:30
Jeff Wong
04c7dbafa3 FIX: manifest.json better detection at mime type. Find size if uploaded 2018-05-17 14:45:24 -07:00
Jeff Wong
41ffafb65e FIX: best effort at returning correct mime types in manifest.json 2018-05-17 12:14:39 -07:00
Régis Hanol
53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan
9532d9a555 FIX: handle invalid tags 2018-05-17 19:33:12 +05:30
Régis Hanol
131b7f5da5 make 🤖 rubocop happy 2018-05-16 16:35:04 +02:00
Joe Buhlig
3cd4c82c49 Allow parameters for group and username filters on directory (#5815) 2018-05-16 16:20:17 +02:00
Régis Hanol
5e97a9bfb7 FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone 2018-05-16 09:48:19 +02:00
Sam
ff90881238 DEV: fix live refresh if you have a custom theme selected in dev 2018-05-16 17:25:49 +10:00
Sam
21e0b7c818 avoid async report pattern and replace with simpler hijack 2018-05-16 16:05:03 +10:00
Sam
193b6d5651 UX: improve new dashboard
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
Jeff Wong
e4a33cbc0a FIX: update cache times for service workers
Add a last modified time.

Register newer service workers and claim clients more quickly.
2018-05-14 12:29:24 -07:00
Régis Hanol
e9abdaebbe UX: show an enveloppe icon when a badge is used in messages
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
Sam
6332d5040d UX: switch dashboard to be the new dashboard
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam
bc9e0d46af PERF: use cached reports for dashboard if available 2018-05-14 12:01:44 +10:00
Régis Hanol
37232fcb58 FIX: staff members should see all tags 2018-05-13 17:50:21 +02:00
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Régis Hanol
be6404d651 FIX: redirect users after signing up with a social login when using SSO provider 2018-05-13 16:03:11 +02:00
Régis Hanol
09cf35c760 FIX: redirect users after signing up using SSO provider 2018-05-12 00:41:27 +02:00
Régis Hanol
abda21a41f Revert "FIX: redirect to sso_destination_url after account activation"
This reverts commit 0402e97368.
2018-05-11 22:55:45 +02:00
Régis Hanol
0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Régis Hanol
2958e17cde remove duplicate code 2018-05-11 12:16:37 +02:00
Sam
8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Blake Erickson
bd352a17bf FIX: Show a json api response when deleting a user with posts
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
Guo Xiang Tan
bbc85258c9 Rename display_plugins -> visible_plugins. 2018-05-09 07:52:45 +08:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Guo Xiang Tan
c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Arpit Jalan
3a6e137e70 FIX: add context for deactivated user logs 2018-05-08 08:18:04 +05:30
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan
aa0d32231c FIX: Incorrect query when removing a group owner.
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Neil Lalonde
a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Gerhard Schlager
ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Sam
146a6c3592 FIX: exclude topics from latest in /categories on refresh
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam
54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Guo Xiang Tan
70d181bff8 FIX: Better error message in GroupsController#add_members.
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
Rafael dos Santos Silva
9014ca4624 FEATURE: Enable the Web Share Target API
This will allow a Discourse instance that was installed[1] to receive share events.

See https://wicg.github.io/web-share-target/ for the spec.

1: https://developers.google.com/web/fundamentals/app-install-banners/
2018-04-19 17:00:05 -03:00
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX
0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX
01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Robin Ward
3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Arpit Jalan
9353ae4b5d Remove obsolete per topic unsubscribe page. 2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX
0e15a575f4
EXPERIMENTAL: new dashboard UI
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Arpit Jalan
a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Arpit Jalan
a8a12eb2d9 SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users 2018-04-15 18:01:58 +05:30
Arpit Jalan
18f50ca01a FIX: parameterize tag_id 2018-04-14 16:42:53 +05:30
Sam
3632b8d8d6 FEATURE: provide extra signal about content age to crawlers
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Régis Hanol
df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Arpit Jalan
9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Arpit Jalan
3a86a2588c FIX: bulk append/replace tags was not working 2018-04-10 13:01:03 +05:30
Sam
5925a581db array is not supported here, use a simple comma delimited list 2018-04-10 14:37:10 +10:00
Guo Xiang Tan
d9d86577ff FIX: Staff users are not affected by enable_group_directory site setting. 2018-04-10 09:22:01 +08:00
Guo Xiang Tan
c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Arpit Jalan
185d6ac747 FIX: use safe navigation operator when checking for totp_enabled 2018-04-09 12:33:41 +05:30
Guo Xiang Tan
0623785f69 FIX: Prevent group owners from editing admin only settings. 2018-04-06 11:44:58 +08:00
Sam
3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Gerhard Schlager
cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Guo Xiang Tan
e36e9de28a Allow admin to view logs of automatic groups. 2018-04-05 16:31:55 +08:00
Guo Xiang Tan
8760c4d68c Fix GroupsController#group_params to allow more group attributes to be updated. 2018-04-05 13:53:00 +08:00
Vinoth Kannan
434cbc649f FEATURE: Webhook for tag events 2018-04-04 17:49:20 +05:30
Vinoth Kannan
16341219ab Log exception if remote theme importing failed 2018-04-02 20:10:18 +05:30
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Vinoth Kannan
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Guo Xiang Tan
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
Robin Ward
22b631510c FIX: Silenced user wasn't being linked properly 2018-03-29 17:07:09 -04:00
Neil Lalonde
73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Guo Xiang Tan
52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Robin Ward
eab64710ff FIX: Shared draft performance fix + missing avatars 2018-03-28 16:11:43 -04:00
Robin Ward
4b5977aa6a Revert "PERF: Don't join on shared drafts unless you have to"
This reverts commit efedd9745f.
2018-03-28 15:35:13 -04:00
Robin Ward
efedd9745f PERF: Don't join on shared drafts unless you have to 2018-03-28 13:57:39 -04:00
Guo Xiang Tan
21ae49ab92 Simplify log in for request specs. 2018-03-28 11:32:47 +08:00
Guo Xiang Tan
70be8124a3 SECURITY: Don't expose development route in production. 2018-03-28 11:32:47 +08:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Vinoth Kannan
ff9d7a9bfb FIX: authComplete query param should carry-forward to login page 2018-03-27 17:22:07 +05:30
Guo Xiang Tan
7edab1c0b9 UX: Add groups/custom/new route for admins to create a new group. 2018-03-27 17:39:05 +08:00
Gerhard Schlager
558914b986 Fix random spec errors 2018-03-27 11:14:06 +02:00
Vinoth Kannan
e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Guo Xiang Tan
2ecd234e27 UX: Consolidation group manangement into a single tab. 2018-03-27 13:34:46 +08:00
Neil Lalonde
f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Guo Xiang Tan
dcd1d422d1 UX: Allow admins to set users as owners while adding users.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Guo Xiang Tan
35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Kevin Elliott
fa0868fc3f Explicit param permit and assignment cleanup. 2018-03-23 09:59:31 -07:00
Robin Ward
5f19ad9507 FIX: allow destination categories to be set if not at first 2018-03-23 11:33:02 -04:00
Robin Ward
38af67eb73 Update the destination category id when a user changes it 2018-03-23 11:12:56 -04:00
Guo Xiang Tan
7a4b70ef58 UX cleanup changes to 2FA flow. 2018-03-23 11:05:36 +08:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Guo Xiang Tan
f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Arpit Jalan
d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Guo Xiang Tan
a23509cbf3 UX: Limit the number of group names displayed on user page. 2018-03-21 16:38:33 +08:00
Guo Xiang Tan
9f216ac182 FIX: Infinite loading more on groups page. 2018-03-21 09:25:42 +08:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Guo Xiang Tan
15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Guo Xiang Tan
41b0fbe001 UX: Indicate user's group membership on groups page. 2018-03-19 18:29:30 +08:00
Guo Xiang Tan
05ea034490 UX: Allow groups page to be searchable. 2018-03-19 17:16:51 +08:00
Guo Xiang Tan
0522aabaab UX: Allow user_count on groups page to be sortable. 2018-03-19 16:15:13 +08:00
Guo Xiang Tan
c1bf707e7d PERF: N+1 queries on badges page. 2018-03-19 14:36:09 +08:00
Guo Xiang Tan
52b9af10a1 PERF: PG queries for the UserEmail#email column was not using the index. 2018-03-19 11:31:14 +08:00
Arpit Jalan
f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
Régis Hanol
89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Arpit Jalan
e9bc763440 FIX: show only allowed tags on PM tags page and display correct count
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
Guo Xiang Tan
fe96ef6ed2 UX: Use topic list for displaying group messages on group page.
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
Sam
ba15273d3f FEATURE: maintain preview theme, while previewing
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
Rafael dos Santos Silva
2097f5330c FIX: Login redirect path was broken in subfolder installs 2018-03-15 11:49:35 +08:00
Guo Xiang Tan
a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Robin Ward
d31dfe0e84 FIX: Silencing / Suspending a user should not send a hidden message 2018-03-14 14:39:52 -04:00
Kyle Zhao
f7bd05e534 FEATURE: set 'Retry-After' header for 429 responses (#5659) 2018-03-13 23:12:41 +08:00
Arpit Jalan
7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
Arpit Jalan
24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Robin Ward
65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Sam
758b9a7dda FEATURE: prototype of local theme directory watcher
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
Arpit Jalan
aac7796124 FIX: do not show tags with 0 count on /tags page 2018-03-09 20:57:31 +05:30
Sam
7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Arpit Jalan
c29660c8f1 FEATURE: filter personal messages by tags 2018-03-08 14:42:07 +05:30
Guo Xiang Tan
1365bab0d7 FEATURE: Live updates for user's messages page.
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
Sam
f0d5f83424 FEATURE: limit assets less that non asset paths
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward
13eda41ff5 Fix lint errors 2018-03-03 14:34:19 -05:00
Robin Ward
31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Guo Xiang Tan
939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
947b6fdf46 FIX: Incorrect rate limit applied to topics invitation flow. 2018-03-01 12:50:00 +08:00
Guo Xiang Tan
5a462b930d REFACTOR: Prefer exists? over present. 2018-03-01 10:22:41 +08:00
Guo Xiang Tan
c64f09b6b7 REFACTOR: Simplify and DRY Group#invite. 2018-02-26 11:59:07 +08:00
Régis Hanol
0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Sam
a94dc0c731 Revert "FIX: preview theme not working consistently"
This reverts commit 845cec3ba0.
was not a needed change, but was elsewhere
2018-02-23 17:59:00 +11:00
Sam
845cec3ba0 FIX: preview theme not working consistently
Avoid flash, this makes debugging much simpler as well.

Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Maja Komel
76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan
964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Sam
720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Robin Ward
83d8fa2892 FIX: Allow customized usernames to work in this route
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan
b16471edfb FIX: Invalid token error incorrectly displayed on email login page. 2018-02-21 15:46:53 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Régis Hanol
60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Robin Ward
02093ecbdd Extensibility: Allow plugins to munge user params 2018-02-16 19:12:02 -05:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Guo Xiang Tan
96e5a7da46 Prefer success_Json over custom success JSON payload. 2018-02-15 07:47:35 +08:00
Robin Ward
a3e5a31674 FIX: Allow 404 pages to use the current theme 2018-02-14 15:29:01 -05:00
Sam
38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward
7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Guo Xiang Tan
f9280617d0 Remove redundant comment. 2018-02-13 15:58:13 +08:00
Muhlis Cahyono
cc3cf6588b FEATURE: Notification API Endpoints for Admins
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Sam
b34b1b6fe3 FIX: invite to message was not allowing groups
Previously we were incorrectly checking mentionable instead of messageable

Also fix edge case where multiple groups sharing a name mean that exact match override is not working

Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
Robin Ward
569e57f0a9 FIX: Delete the invalid auth cookie even if you hit the rate limit 2018-02-09 19:09:54 -05:00
Gerhard Schlager
8765279c90 FIX: Customizing site texts ignored current locale for _MF keys 2018-02-07 16:57:08 +01:00
Robin Ward
8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Neil Lalonde
9fa71e198e FIX: admin reports charts should use same time of day as dashboard numbers 2018-02-01 15:59:39 -05:00
Sam
41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
2d340d1122 FIX: Don't allow username update via update route
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol
e2d82b882e FIX: redirect to original URL after social login 2018-01-26 18:52:27 +01:00
Gerhard Schlager
683be5e555 FIX: Application should not crash when selected locale is missing 2018-01-25 14:57:41 +01:00
Sam
2437b0d531 FIX: regression, missing 404 page 2018-01-23 09:00:28 +11:00
Régis Hanol
5c1eaeca9e FIX: prevent users from moving whispers to new topic 2018-01-22 17:23:19 +01:00
Gerhard Schlager
dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Régis Hanol
f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Sam
12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Robin Ward
34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Arpit Jalan
e04fb9a877 fix the build 2018-01-17 12:57:33 +05:30
Arpit Jalan
79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam
b2009d6e32 PERF: bypass theme handling on static routes 2018-01-17 16:33:17 +11:00
Sam
72b592c395 PERF: add frozen string literals to app controller 2018-01-17 16:32:52 +11:00
Sam
d7657d8e47 correct specs, ensure crawler layout only applies to html 2018-01-16 16:28:11 +11:00
Arpit Jalan
6177fb80eb UX: switch to quartlerly period view for search log term graphs 2018-01-16 07:53:22 +05:30
Sam
e3a616764e PERF: add frozen strings 2018-01-15 12:44:54 +11:00
Neil Lalonde
6d68275ef9 don't show tag groups if they're restricted to categories you can't access 2018-01-12 14:25:42 -05:00
Neil Lalonde
2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Neil Lalonde
4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Sam
49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Robin Ward
dd33050e10 Add discourse events for when a user is suspended/silenced 2018-01-11 12:56:45 -05:00
Robin Ward
e904d92b98 FIX: Suspension / Silence reasons were incorrect on save 2018-01-11 10:54:47 -05:00
Vinoth Kannan
b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Sam
daad2291ba simplify production switch and serve extra locales from actual site 2018-01-10 08:19:51 +11:00
Vinoth Kannan
61384c8026 Skip CDN for admin locales since it is login required 2018-01-10 01:24:03 +05:30
Arpit Jalan
672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Sam
c9f42506b7 If login is required skip CDN 2018-01-09 17:51:53 +11:00
Sam
6b8320fea6 PERF: use cdn for extra locales 2018-01-09 17:00:42 +11:00
Sam
ea63abf0f7 bypass mini profiler for locales
bypass cdn for now
2018-01-09 11:30:59 +11:00
Sam
b0a7ee1aec FIX: source admin locale from cdn 2018-01-09 10:27:33 +11:00
Sam
8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Joffrey JAFFEUX
642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan
ed4b845930 FIX: render error message when backup download fails 2018-01-05 19:46:43 +05:30
Sam
5ad1709dba PERF: cache service worker for 1 hour 2017-12-28 08:31:01 +11:00
Régis Hanol
f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Sam
3937ff0425 FIX: don't preload json on static routes 2017-12-27 14:33:36 +11:00
Robin Ward
69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Sam
62a27f9d57 FEATURE: warn if attempting to mention a group with too many members 2017-12-21 16:13:57 +11:00
Régis Hanol
7f69362d9d FIX: external links in whisper ended up in a white page
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
Philipp Daniels
6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Arpit Jalan
eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Guo Xiang Tan
97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam
433ef4513b FEATURE: upload images and fonts in themes via hijack 2017-12-18 10:40:10 +11:00
Sam
5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Joffrey JAFFEUX
001abfc4cb Revert "FIX: not permitted theme params when importing theme"
This reverts commit 813df1a3fb.
2017-12-14 11:40:14 +01:00
Joffrey JAFFEUX
041deac67a Revert "FIX: constant lookup error when exporting theme"
This reverts commit 1eda8c50f0.
2017-12-14 11:40:08 +01:00
Joffrey JAFFEUX
813df1a3fb
FIX: not permitted theme params when importing theme 2017-12-14 11:25:58 +01:00
Joffrey JAFFEUX
1eda8c50f0
FIX: constant lookup error when exporting theme 2017-12-14 11:25:11 +01:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam
14cfce2827 Merge branch 'master' of github.com:discourse/discourse 2017-12-14 17:17:02 +11:00