ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
43ee9f884e
FEATURE: Add `Group#full_name`.
2016-12-13 16:16:26 +08:00
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
790f1ef9f3
FIX: Permit missing params.
2016-12-12 17:00:30 +08:00
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
712ff01f38
PERF: Remove eager load.
2016-11-25 11:21:08 +08:00
f885e5b5e6
fix success response handling of sending digest preview email
2016-11-24 15:05:33 -05:00
84914c5e1f
PERF: Fix N+1 query.
2016-11-24 17:47:14 +08:00
47aa3d94aa
FEATURE: send digest preview to an email address
2016-11-23 17:51:57 -05:00
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
9a94d1b212
FIX: everyone is not a visible group
2016-10-24 13:03:22 +11:00
547750e9dd
Unify API keys and web hooks into a single admin nav header.
2016-09-20 05:22:03 +08:00
00d5facf36
FEATURE: prompts new webhook events
2016-09-19 12:07:17 +08:00
2eddeab66b
Escape the hyphen
2016-09-16 19:07:46 -04:00
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
19ddf95efa
FIX: add custom invite email templates
2016-09-08 00:54:48 +05:30
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
7b6d946613
FIX: searching received emails for TO was broken
2016-07-13 22:43:25 +02:00
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
2ecd0da59f
REFACTOR: use same code path for handling emails via API and POP
2016-06-22 15:50:49 +02:00
1e57bbf5c8
Lots bounce emails related fixes
...
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
8e611ec7a1
FEATURE: handle bounced emails
2016-05-02 23:15:32 +02:00
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
7d9f2265b9
FIX: improve support for handling emails coming from screened email addresses
2016-04-18 23:01:54 +02:00
983d64fd56
PERF: N+1 query on badges index.
2016-04-12 17:45:02 +08:00
cc25716e47
FIX: Allow message format translations to be overridden
2016-04-08 14:49:50 -04:00
cf8b3fbd56
FEATURE: add user custom fields to user card
...
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
79639e2dec
FIX: ensure group's users counters are kept in sync
2016-04-04 17:03:18 +02:00
9a5ded48cf
FIX: Return a proper error message when sync sso fails.
2016-03-26 13:30:15 +08:00
39863953cd
new 'enable_staged_users' site setting
2016-03-23 18:56:03 +01:00
5fcd5002c4
FIX: Saving a user field as `required` didn't work the first time
2016-03-09 15:34:48 -05:00
Sam
Régis Hanol
Guo Xiang Tan
Neil Lalonde
Claas Augner
Erick Guan
cpradio
Arpit Jalan
Robin Ward
Thorben Egberts