Commit Graph

1156 Commits

Author SHA1 Message Date
Sam 9c51e3e8e7 amend preloader api to supply topic list 2017-02-15 12:04:02 -05:00
Sam 2c59ffeb2c FIX: token rotation not accounting for overlapping tokens correctly
also... freeze_time has no block form, correct all usages and specs
2017-02-15 10:58:18 -05:00
Sam f2099c3811 adjust API 2017-02-14 16:32:33 -05:00
Sam 89d5e8ab4b FEATURE: allow plugins to preload data in topic list 2017-02-14 16:29:06 -05:00
Sam 0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Robin Ward e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Jeff Atwood 3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron 4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Sam 49e7124a5e clarify override semantics in spec 2017-02-07 10:41:27 -05:00
Sam f34907b523 Merge pull request #4681 from vietqhoang/feature/add-user-title-to-sso-payload
FEATURE: Add user title to SSO payload
2017-02-07 10:25:32 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol 84af84dc52 prevent inactive & staged users from being automatically added to a group 2017-02-06 17:49:27 +01:00
Robin Ward b251d11518 FIX: If you make a new banner, clear the old dismissed values 2017-02-03 15:07:38 -05:00
Guo Xiang Tan 61111a3f9b FIX: Show groups that user is owner of on groups page. 2017-02-03 16:51:32 +08:00
Arpit Jalan 6b8691ecea Merge pull request #4685 from techAPJ/approve-users-invite-fix
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:22:18 +05:30
Arpit Jalan dc2171960b FIX: allow existing users to be invited to topic/message when must_approve_users is enabled 2017-02-03 13:01:23 +05:30
Guo Xiang Tan c392994793 Fix specs. 2017-02-03 08:38:19 +08:00
Neil Lalonde b91cb92af0 FIX: reports for time to first reply and topics without replies were counting whispers and moderator actions 2017-02-02 17:27:41 -05:00
Guo Xiang Tan 3c28d94706 FIX: Don't configure Redis connector if Redis slave config is not set. 2017-02-02 13:48:55 +08:00
Viet Hoang 40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Rimian Perkins 25516874b5 FIX: Escape regexp chars in `SiteSetting.censored_words`. 2017-01-31 10:14:51 +08:00
Guo Xiang Tan 0e5d490b05 No need for special helper to reset SiteSetting state.
* SiteSetting in tests uses a local provider that resets it.
2017-01-28 10:55:49 +08:00
Neil Lalonde 7ead3e1f18 fix failing specs 2017-01-27 16:17:10 -05:00
Robin Ward 496682c442 Merge pull request #4662 from tgxworld/fix_localized_group_name_change
Fix localized group name change
2017-01-26 10:50:00 -05:00
Guo Xiang Tan ce07da1d8b UX: Only display the words that fails censored words validations. 2017-01-24 13:11:05 +08:00
Guo Xiang Tan 59dfb51a35 FIX: Don't change automatic group name if localized name has been taken. 2017-01-18 12:20:23 +08:00
Guo Xiang Tan 63954c1b33 FIX: Same user record being saved twice causing validation to fail. 2017-01-16 16:41:03 +08:00
Guo Xiang Tan e3b6f9b8ae FIX: Do not update user stats like counts for private messages. 2017-01-16 11:07:53 +08:00
Guo Xiang Tan ed5fa20b0c Revert "FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level"
This reverts commit 9c40657ba4.

Calling this whenever a user is initialize is hurting us bad
on performance.
2017-01-16 09:44:10 +08:00
Régis Hanol 887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Guo Xiang Tan 3d21ccd4a5 FIX: Add validation to disallow censored words in topic title. 2017-01-09 16:55:41 +08:00
Guo Xiang Tan f1beef43a8 Merge pull request #4618 from tgxworld/fix_invalid_emails
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Neil Lalonde 9c40657ba4 FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level 2016-12-28 17:36:04 -05:00
Arpit Jalan d72cbcb2a4 FEATURE: new setting to validate user website 2016-12-26 21:29:27 +05:30
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam 019f1a1d06 UserEmailObserver is now removed
no big surprises here was pretty straightforward

after_commit semantics sure are weird though
2016-12-22 16:46:53 +11:00
Sam 2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan 13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Neil Lalonde 74956694e5 If summary email finds no topics, show topics more than 1 day old from new users 2016-12-19 14:54:08 -05:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Sam eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam 15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Guo Xiang Tan 69330f8bc2 Add user_updated event to webhooks. 2016-12-13 11:26:26 +08:00
Guo Xiang Tan 9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Neil Lalonde 24d2973108 enable featured links by default 2016-12-09 16:08:17 -05:00
Sam 846597f563 FIX: staff tags are stripped by non-staff 2016-12-09 17:24:26 +11:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00