Commit Graph

3727 Commits

Author SHA1 Message Date
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Robin Ward
d27575176a Enforce a minimum amount of posters in a topic for get_a_room 2017-02-28 16:47:16 -05:00
Sam
122fb8025d FIX: last seen date erroneously updated when browser in background
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde
352f98d084 use named param in tag_topic_by_names 2017-02-28 12:08:06 -05:00
Neil Lalonde
292dd8623c Merge pull request #4622 from dmacjam/master
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Sam
49a0f16ce4 Merge pull request #4723 from mcwumbly/fix-import-scripts
FIX: Import scripts were failing to load onebox sanitize config
2017-02-27 16:18:29 -05:00
Sam
1e980ad4e6 Merge pull request #4721 from oblakeerickson/sort_admin_users_api
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Neil Lalonde
e634b37f9a FIX: from field of emails should be including email_site_title or site title settings 2017-02-27 14:23:07 -05:00
Blake Erickson
0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
David McClure
b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Blake Erickson
e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson
0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol
ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Rimian Perkins
db9840b672 fix malformed qunit url
this removes the space between the query string and the URL

```
$MODULE='Acceptance: Search' rake qunit:test\[20000\]
....
Running: {"module":"Acceptance: Search"}
... http://localhost:60099/qunit?module=Acceptance%3A%20Search 20000
```

The timeout value seems to work fine.
2017-02-24 10:19:34 +11:00
Rafael dos Santos Silva
f68540b022 Increase QUnit timeouts to allow on slower envs 2017-02-23 19:21:06 -03:00
Sam
ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam
ad435da377 fix typo 2017-02-23 10:58:53 -05:00
Sam Saffron
b7d2edc7dc FIX: allow some auth token misses prior to clearing cookie
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Arpit Jalan
213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0 FIX: allow staff members to send PMs when enable_private_messages is disabled 2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Neil Lalonde
476ae57af3 FEATURE: primary group class on avatars in topic list 2017-02-20 15:55:10 -05:00
Jakub Macina
4a2f13348a ADD: Append tags bulk action for topics 2017-02-20 18:14:32 +01:00
Régis Hanol
3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Guo Xiang Tan
9baf89a901 Remove database vacuum task from Discourse. 2017-02-20 09:02:38 +08:00
Robin Ward
cfc0cc936f FIX: Get a room wasn't enforcing sequential properly 2017-02-19 16:00:28 -05:00
Sam
1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam
7a85469c4c SECURITY: inactive/suspended accounts should be banned from api
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:03:09 -05:00
Sam Saffron
040e10a627 reduce duplication 2017-02-15 17:27:10 -05:00
Sam
74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Neil Lalonde
c085e8f85f Version bump to v1.8.0.beta6 2017-02-14 17:40:44 -05:00
Rafael dos Santos Silva
6a271a7695 Increase Qunit tests timeout on Docker tests 2017-02-14 16:09:14 -02:00
Sam
dacfdd4dc8 use chars as opposed to split 2017-02-14 09:40:15 -05:00
Sam
8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Régis Hanol
d88562e72b Revert "use RFC-complient signature separator dash-dash-space" 2017-02-14 14:58:08 +01:00
Neil Lalonde
53d8d126a4 Version bump to v1.8.0.beta5 2017-02-13 16:46:08 -05:00
Sam
0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Neil Lalonde
94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Robert Riemann
bcd4513963 use RFC-complient signature separator dash-dash-space
currently, Discourse uses '---' in its notifications to
separate the signature with unsubscribe links etc. from
the body of the message.

The RFC standard defines '-- '.
https://www.ietf.org/rfc/rfc3676.txt (4.3)

The problem has been discussed in:

https://meta.discourse.org/t/previous-replies-separator-is-not-rfc-compliant/39410

And an incomplete fix has been added a year ago:
86819f08c3

The separator is important, because some mail clients strip off the
signature automatically in replies if the signature is recognised as such.
2017-02-10 11:46:02 +01:00
Neil Lalonde
1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Régis Hanol
91d09ebc08 post ids are always an integer 2017-02-08 23:46:11 +01:00
Régis Hanol
e9e88a010f FIX: find replied-to post even when incoming email doesn't have a reply key 2017-02-08 21:38:52 +01:00
Robin Ward
5a4c393231 UX: Include the username and link of the user for get_a_room 2017-02-08 15:27:07 -05:00
Neil Lalonde
5a8bbe663a FEATURE: include most popular tag in page title for webcrawlers of tagged uncategorized topics 2017-02-07 16:55:42 -05:00
Sam Saffron
df8f365d99 FEATURE: improve search so it searches sub categories by default
If you want an exact category match use `category:=howto` or `#=howto"
2017-02-07 15:53:37 -05:00
Régis Hanol
02bb7beaaf FIX: don't put attachments on the CDN when 'prevent anons from downloading files' is enabled 2017-02-07 18:06:44 +01:00
Sam
f34907b523 Merge pull request #4681 from vietqhoang/feature/add-user-title-to-sso-payload
FEATURE: Add user title to SSO payload
2017-02-07 10:25:32 -05:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol
ba115480ba FIX: wasn't extracting links to quoted posts 2017-02-06 14:45:04 +01:00