dbarbera
9106596a9a
add image authorization on upload_avatar
2013-10-12 14:11:44 +02:00
Régis Hanol
23bf4436f5
FIX: avatar was attached to the user who uploaded it...
2013-10-12 10:55:41 +02:00
Sam
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam
f0a122a66c
move job files so they live underneath app/ and not in lib/
...
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
Matthieu Guillemot
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
Einar Jonsson
724b3aadcf
Extracted nickname registration out of the UsersController and into its
...
own service.
2013-09-09 09:26:50 +00:00
Einar Jonsson
9085cec232
Move json hash from users controller to NicknameUnavailable
2013-08-26 15:00:11 +00:00
Sam
afd1a3ac7b
yeah ... we should be installing the gem :)
2013-08-26 13:52:15 +10:00
Sam
b52aba15e0
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-26 12:59:17 +10:00
Sam
90dddb4395
store honeypot challenge in redis for extra security
2013-08-26 12:55:13 +10:00
Sam
c4a2e62a95
Merge pull request #1378 from justin808/justin808_cc
...
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
Einar Jonsson
0d22a77c63
Added test case for nickname registration failure
...
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Robin Ward
b32e87c929
Merge pull request #1377 from ZogStriP/avatar-work
...
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
Justin Gordon
464595df5c
Lower Complexity of UsersController
...
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
Régis Hanol
3b9e62e6b9
improved specs for avatar
2013-08-24 22:45:05 +02:00
Einar Jonsson
84987cd835
Extracted nickname registration into a private controller method
2013-08-23 09:46:33 +00:00
Einar Jonsson
916a3f33f2
Refactored user activation business logic out of UsersController and
...
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Michael Kirk
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol
ea6e73076b
change your avatar in a modal
2013-08-17 00:35:29 +02:00
Robin Ward
aec929b184
Screw it, don't choose columns.
2013-08-14 12:26:31 -04:00
Robin Ward
a05ffafd4c
FIX: Direct link to Avatar
2013-08-14 12:22:44 -04:00
Régis Hanol
4866f4d8f5
FIX: N+1 query for avatars
2013-08-14 15:25:05 +02:00
Régis Hanol
3524b90d6a
FIX: avatars in quotes/oneboxes
...
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol
c867b67a0b
custom avatar support
2013-08-13 22:08:29 +02:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
16cd3e2a53
Fix to allow admins to change the case of a someone's username
2013-07-30 16:48:45 -04:00
Neil Lalonde
5f8a130277
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
2013-07-29 15:29:43 -04:00
Robin Ward
0e504aac9b
FIX: You can reset your password even if logins are required.
2013-07-15 12:12:54 -04:00
Neil Lalonde
a352b70bfc
Permit changing my own username's case without an error saying it is already taken
2013-06-28 16:21:46 -04:00
Sam
4b56aa8183
Merge pull request #1089 from budnik/minor_refactorings
...
Some refactorings
2013-06-25 17:29:51 -07:00
Neil Lalonde
b2d300fe0b
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
Neil Lalonde
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
Dmitriy Budnik
2722029d38
stylistic refactorings
...
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
Vipul A M
1884dc8d3f
fake_success_reponse
=> fake_success_response
2013-06-21 01:17:35 +05:30
Chris Hunt
09d3800701
Move 'dynamic favicon' from Server to User pref
2013-06-14 23:58:24 -07:00
Chris Hunt
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Robin Ward
bac03a3369
Merge pull request #975 from jd-erreape/username_refactor
...
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
Juan de Dios Herrero
96d23ddd8d
Refactored user_name suggestion methods into a module to reduce the complexity of User model
2013-06-06 16:40:10 +02:00
Ian Christian Myers
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Sam
913a607528
need to punch through account creation stuff
2013-06-05 14:01:24 +10:00
Sam
2dfba8d6de
we need to be able to do username checks for registration to work
2013-06-05 12:50:42 +10:00
Robin Ward
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
Sam
42494b5bb1
we can't trust CSRF for anon the way it is designed.
...
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
Jonathan Roes
057b4768e6
strip whitespace when changing e-mail addresses
...
Fixes #778 .
2013-04-27 23:03:06 -04:00
Régis Hanol
b24c1a1ad9
better consistency around email case sensitivity
2013-04-15 02:20:33 +02:00
Philipp Weissensteiner
3dcb1905e3
Refactor user controller, create action, mostly.
...
The gist of the commit are a few improvements in the
create action, where:
* long boolean statemenst have been wrapped in smaller more readable
methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
visual clutter)
* specs have been added where I came across untested methods/branches
Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Sam
0f362c5474
this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save
2013-04-12 10:07:58 +10:00
Robin Ward
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30