ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
18007ed34b
FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`.
2017-02-01 14:51:56 +08:00
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
2017-01-25 13:12:24 +08:00
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
d6bf5b0e78
Use `any` orientation for web app manifest.
2017-01-11 17:32:24 +08:00
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
43671b1fda
UX: Display group fullname in mention autocomplete.
2017-01-04 11:40:14 +08:00
d3fb724578
Merge pull request #4632 from xfalcox/native-app-banner
...
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
d7c8c2d5e3
FEATURE: Opt-in native Discourse app install banner on Android/iOS
2017-01-03 15:50:45 -02:00
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
5605700fa9
UX: Sort groups by name.
2016-12-22 14:46:20 +08:00
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
5e75d5c1bf
PERF: N+1 query on groups page.
2016-12-21 20:59:09 +08:00
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
4b940dc8bd
FEATURE: Add groups page.
2016-12-14 17:27:47 +08:00
03bc6f70f9
Better error messages when embedding fails
2016-12-13 14:38:05 -05:00
Sam
Régis Hanol
Neil Lalonde
Arpit Jalan
Guo Xiang Tan
Claas Augner
Rafael dos Santos Silva
Joe Buhlig
Robin Ward