Commit Graph

2346 Commits

Author SHA1 Message Date
OsamaSayegh 4e21a031df Remove trailing whitespace 2018-05-31 12:31:46 +10:00
OsamaSayegh 23e3a68592 REFACTOR: session controller specs to requests 2018-05-31 12:31:46 +10:00
Guo Xiang Tan 21e9315416 FIX: Use user account email instead of auth email when totp is enabled.
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Guo Xiang Tan 123a22e6d8 DEV: Clean up omniauth after mocking. 2018-05-28 15:12:54 +08:00
Guo Xiang Tan a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
OsamaSayegh 0347c97520 tgxworld feedback 2018-05-28 06:20:47 +03:00
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
OsamaSayegh bac0482061 REFACTOR: users contollers specs => request specs 2018-05-25 05:04:25 +03:00
Neil Lalonde 3db1032bfd FIX: not found page shouldn't include the Google search form for sites with login_required enabled 2018-05-23 16:59:02 -04:00
OsamaSayegh 609804f5ef REFACTOR: merge posts controller specs into request specs 2018-05-23 08:53:46 +10:00
OsamaSayegh 450a600721 REFACTOR: about & badge controllers => requests 2018-05-22 13:45:13 +10:00
Sam 788ca1f112 FIX: stop adding email to unsubscribe url
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
2018-05-22 09:07:03 +10:00
Guo Xiang Tan b7b08b4173 Fix regression introduced in 2ceb107074. 2018-05-21 13:26:23 +08:00
Guo Xiang Tan 2ceb107074 Refactor tests to use the json extension instead of headers. 2018-05-21 09:49:46 +08:00
Arpit Jalan 9f422c93f6 FIX: restrict updates on `confirm_old_email` email templates 2018-05-19 12:19:59 +05:30
Arpit Jalan 9532d9a555 FIX: handle invalid tags 2018-05-17 19:33:12 +05:30
Régis Hanol 131b7f5da5 make 🤖 rubocop happy 2018-05-16 16:35:04 +02:00
Joe Buhlig 3cd4c82c49 Allow parameters for group and username filters on directory (#5815) 2018-05-16 16:20:17 +02:00
Régis Hanol 37232fcb58 FIX: staff members should see all tags 2018-05-13 17:50:21 +02:00
Guo Xiang Tan 2eb2f273a8 Refactor of `PushSubscriptionPusher`. 2018-05-09 08:14:14 +08:00
Jeff Wong 7f1f697e97 FIX: de-duplicate push subscriptions - ensure unique user/key 2018-05-08 15:20:39 -07:00
Gerhard Schlager 52db0b31c1 FIX: Automatically add user to groups after updating email address 2018-05-08 21:27:22 +02:00
Arpit Jalan 83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Guo Xiang Tan 21007a4a8d Rewrite push notifications controller specs as request specs.
* Improve assertions to test for the outcome we expected instead
  of just asserting for a 200 response.

* Remove duplicated assertion.
2018-05-07 15:40:46 +08:00
Guo Xiang Tan aa0d32231c FIX: Incorrect query when removing a group owner.
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Robin Ward a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Sam 146a6c3592 FIX: exclude topics from latest in /categories on refresh
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
Robin Ward fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Guo Xiang Tan 9eabf7c02c Fix randomly failing specs due to SearchLog cache. 2018-04-23 10:10:10 +08:00
Guo Xiang Tan 70d181bff8 FIX: Better error message in `GroupsController#add_members`.
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
Robin Ward 3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Arpit Jalan a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Sam 3632b8d8d6 FEATURE: provide extra signal about content age to crawlers
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Régis Hanol df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Guo Xiang Tan d9d86577ff FIX: Staff users are not affected by `enable_group_directory` site setting. 2018-04-10 09:22:01 +08:00
Guo Xiang Tan c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Sam 4111f17f64 add missing test for rel next/prev 2018-04-09 15:01:16 +10:00
Guo Xiang Tan 0623785f69 FIX: Prevent group owners from editing admin only settings. 2018-04-06 11:44:58 +08:00
Sam 3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Guo Xiang Tan e36e9de28a Allow admin to view logs of automatic groups. 2018-04-05 16:31:55 +08:00
Guo Xiang Tan 8760c4d68c Fix `GroupsController#group_params` to allow more group attributes to be updated. 2018-04-05 13:53:00 +08:00
Vinoth Kannan 434cbc649f FEATURE: Webhook for tag events 2018-04-04 17:49:20 +05:30
Vinoth Kannan efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Guo Xiang Tan 52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Guo Xiang Tan 21ae49ab92 Simplify log in for request specs. 2018-03-28 11:32:47 +08:00
Neil Lalonde 7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Vinoth Kannan 62edf3c401 Add spec test for authComplete param carry-forward 2018-03-27 18:04:40 +05:30
Guo Xiang Tan 7edab1c0b9 UX: Add `groups/custom/new` route for admins to create a new group. 2018-03-27 17:39:05 +08:00
Gerhard Schlager 558914b986 Fix random spec errors 2018-03-27 11:14:06 +02:00
Vinoth Kannan e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Guo Xiang Tan 2ecd234e27 UX: Consolidation group manangement into a single tab. 2018-03-27 13:34:46 +08:00
Guo Xiang Tan dcd1d422d1 UX: Allow admins to set users as owners while adding users.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Guo Xiang Tan 35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Robin Ward 5f19ad9507 FIX: allow destination categories to be set if not at first 2018-03-23 11:33:02 -04:00
Robin Ward 38af67eb73 Update the destination category id when a user changes it 2018-03-23 11:12:56 -04:00
Guo Xiang Tan 27bde6bc11 Fix the build. 2018-03-23 11:43:32 +08:00
Neil Lalonde ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Guo Xiang Tan f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan a23509cbf3 UX: Limit the number of group names displayed on user page. 2018-03-21 16:38:33 +08:00
Guo Xiang Tan 9f216ac182 FIX: Infinite loading more on groups page. 2018-03-21 09:25:42 +08:00
Guo Xiang Tan 2baff71518 Improve specs. 2018-03-21 08:33:06 +08:00
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Guo Xiang Tan 15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Guo Xiang Tan 41b0fbe001 UX: Indicate user's group membership on groups page. 2018-03-19 18:29:30 +08:00
Guo Xiang Tan 05ea034490 UX: Allow groups page to be searchable. 2018-03-19 17:16:51 +08:00
Guo Xiang Tan 0522aabaab UX: Allow user_count on groups page to be sortable. 2018-03-19 16:15:13 +08:00
Arpit Jalan e9bc763440 FIX: show only allowed tags on PM tags page and display correct count
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
Guo Xiang Tan fe96ef6ed2 UX: Use topic list for displaying group messages on group page.
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
Guo Xiang Tan a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Arpit Jalan 7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
Arpit Jalan 24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Guo Xiang Tan 2ad2ed2eb2 FIX: Couldn't move a topic into the uncategorized category. 2018-03-13 10:20:47 +08:00
Arpit Jalan aac7796124 FIX: do not show tags with 0 count on /tags page 2018-03-09 20:57:31 +05:30
Arpit Jalan c29660c8f1 FEATURE: filter personal messages by tags 2018-03-08 14:42:07 +05:30
Sam 0134e41286 FEATURE: detect when client thinks user is logged on but is not
This cleans up an error condition where UI thinks a user is logged on
but the user is not. If this happens user will be prompted to refresh.
2018-03-06 16:49:31 +11:00
Robin Ward 31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Guo Xiang Tan 939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Guo Xiang Tan 5c93d07d2a Remove duplication of params in tests. 2018-03-02 09:25:46 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan 0fabf80dca Migrate controller type specs to request types for omniauth. 2018-03-01 15:33:00 +08:00
Guo Xiang Tan 06891ce51d FIX: Direct link to group activity page results in 400 error.
https://meta.discourse.org/t/following-a-direct-link-to-group-activity-results-in-400-error/81596
2018-02-27 13:43:22 +08:00
Guo Xiang Tan c64f09b6b7 REFACTOR: Simplify and DRY `Group#invite`. 2018-02-26 11:59:07 +08:00
Régis Hanol 0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Vinoth Kannan 7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Maja Komel 76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Guo Xiang Tan b16471edfb FIX: Invalid token error incorrectly displayed on email login page. 2018-02-21 15:46:53 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Sam f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Arpit Jalan 79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam d9788a5fb3 missed a spec 2018-01-15 14:51:04 +11:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Arpit Jalan 9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Guo Xiang Tan 647cf7545d Fix randomly failing spec. 2018-01-03 14:42:16 +08:00
Robin Ward 69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Arpit Jalan eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Guo Xiang Tan 97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam 5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Guo Xiang Tan f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam 96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Arpit Jalan 492af81e67 FIX: save registration_ip_address for staged users logging in via social auth 2017-12-12 17:41:16 +05:30
Robin Ward 410994b7f5 FEATURE: Show a button to Staff for "Moderation History" on posts/topics
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
Vinoth Kannan 6e054b2572 FEATURE: Convert HTML to Markdown while pasting in composer 2017-12-05 12:23:39 -05:00
Vinoth Kannan 7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Guo Xiang Tan 1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Sam d5e7691ae9 favicon proxy now uses hijack 2017-11-27 14:51:14 +11:00
Guo Xiang Tan 5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Guo Xiang Tan 82222e8d18 Improve specs to test for the right response status. 2017-11-24 09:32:44 +08:00
Robin Ward 628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Régis Hanol 2d48caffdf FIX: be more lenient when deleting a custom emoji 2017-11-20 23:50:23 +01:00
Gerhard Schlager 41673c322c dear Rubocop, don't be so pedantic ;-) 2017-11-19 12:45:33 +01:00
Gerhard Schlager 92a831bae6 FEATURE: user directory returns staged users during search 2017-11-19 01:17:31 +01:00
Arpit Jalan 3831663fea FEATURE: search logs page (#5313) 2017-11-15 11:13:50 +11:00
Robin Ward 9ebb1412d3 FIX: Brittle, order dependent spec 2017-11-04 09:30:17 -04:00
Guo Xiang Tan d320f4840d FIX: Unable to invite groups that are not public visible into pms.
https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6
2017-11-03 21:40:33 +08:00
Guo Xiang Tan ab2a5cef38 FIX: Can't edit membership request template on group page. 2017-11-02 08:51:43 +08:00
Arpit Jalan 9586f0bdc9 fix the build - take 2 2017-10-20 21:34:56 +05:30
Guo Xiang Tan a6f2533d38 SECURITY: Fix XSS on unsubscribed page. 2017-10-09 09:04:46 +08:00
Guo Xiang Tan 6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan 190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Guo Xiang Tan 3efde2618d UX: Do not display non-human users on group page.
https://meta.discourse.org/t/members-of-groups-staff/71437
2017-10-06 10:35:40 +08:00
Neil Lalonde beca02c046 FIX: moderators couldn't see flagged topics list 2017-10-05 14:12:07 -04:00
Neil Lalonde c29334cf23 FEATURE: the hide_email_address_taken setting works with the change email address form in user preferences 2017-10-04 11:41:25 -04:00
Régis Hanol fafe7cc661 remove trailing whitespaces 2017-10-03 13:02:04 +02:00
Régis Hanol daf1dda700 FIX: username autocomplete in assign modal wasn't working 2017-10-03 12:49:45 +02:00
Gerhard Schlager 5bb326a452 Add specs for EmailTemplatesController 2017-10-02 14:53:27 +02:00
Guo Xiang Tan 8140e54675 FIX: More fixes for `Group#mentionable` and `Group#messageable` feature. 2017-10-02 17:45:58 +08:00
Guo Xiang Tan c872225762 Improve `MessageBus.track_publish` to allow filter by channel. 2017-10-02 11:34:57 +08:00
Guo Xiang Tan 4e07bbfbbf FIX: Only allow intergers for page params. 2017-10-02 10:45:54 +08:00
Guo Xiang Tan 4319d8a142 FIX: Missing template error when rendering `topics#show` error message. 2017-09-28 11:06:44 +08:00
Robin Ward d7c37d9369 Add front end service for staff controls 2017-09-25 12:25:14 -04:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Leo McArdle 104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Guo Xiang Tan 5c1143cd55 Add missing test case for `PostController#timings`. 2017-09-04 16:36:02 +08:00
Bianca Nenciu 6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Guo Xiang Tan 41ca527d7a Fix Rubocop error. 2017-08-24 15:28:18 +09:00
Guo Xiang Tan 8779490ce4 Move new controller specs to reqeusts folder. 2017-08-24 12:01:11 +09:00
Sam a9c5d843f7 remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-11 10:50:48 +11:00
Sam 2843f1cf4b collapse some slow tests 2013-04-22 11:06:10 +10:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00