df988a20eb
FEATURE: Reserved usernames
...
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
c58b495e15
SECURITY: Query @usernames in bulk
...
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
4409a3072d
FEATURE: we need admin login always
2015-06-05 18:43:59 +10:00
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
b7f8680618
fix build (:fired:)
2015-05-20 17:51:33 +02:00
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
77cc087b13
FIX: proper error message when account created is hit with no session
2015-05-07 11:00:22 +10:00
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
1ec73b5ba0
FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency
2015-04-02 16:24:27 +02:00
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
7ef306cd3b
A bunch of tweaks to the Users directory
...
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
3a0cd0b760
make custom fields a bit more permissive input wise
2015-02-06 09:03:23 +11:00
1f0915bf83
Allow periods in the external_id value used in the /users/by-external route.
2015-02-02 12:55:32 -05:00
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
cd2c9edb46
FIX: 🐛 upload on IE9 wasn't working :'(
...
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
987504c6ab
Rename `no_js` layout to `no_ember`
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
f9a8f6d6ce
FEATURE: Support for a `required` setting on user fields.
2014-10-08 15:10:19 -04:00
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
be93f224a6
Revert "add user email on account created page"
...
This reverts commit 164fc1108a
2014-10-01 10:30:26 -04:00
164fc1108a
add user email on account created page
2014-10-01 13:53:50 +05:30
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
a901d682fe
raise not found if user is not found
2014-09-25 17:45:45 +10:00
8f8ea735ee
FIX: allow retry activation of account by username or password
2014-09-25 17:42:48 +10:00
b3838c2c1c
Trigger browser password manager after sigining up
2014-09-24 01:04:36 +05:30
7a4082cbad
FIX: allow API to create users when invite_only is true
2014-09-23 09:06:19 +10:00
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
4cd8abc905
FEATURE: dynamically load invites
2014-08-05 22:20:23 +05:30
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
4f416bf6ce
Check honeypot/challenge value on activation too
2014-07-15 14:07:35 -04:00
915f60b0fc
Don't redirect to login when activating account...
2014-07-15 10:50:28 -07:00
766196af87
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations
2014-07-14 15:42:22 -04:00
cce7cf8c85
FEATURE: Require Javascript to activate an account via email link
2014-07-14 12:26:10 -04:00
4a2cc269ab
FIX: allow selection of no title
2014-07-14 18:07:07 +10:00
833c50c460
FEATURE: Read Faq badge
2014-07-11 17:32:29 +10:00
9a9ad9bda8
FEATURE: Badge progress
...
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
5a0aed2bfa
FIX: regression, forgot password broken
...
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
9000c358d1
REFACTOR: Use common path for RESTful `DELETE` action from upload image
...
component
2014-06-30 14:13:59 -04:00
4088fba4f2
REFACTOR: Convert profile background uploader to be an ember component
2014-06-30 14:13:59 -04:00
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
6e698315d6
Allow all /my URLs
...
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
91b6459f2b
BUGFIX: allow users to pick no avatar
2014-05-30 14:45:55 +10:00
5adc486cef
BUGFIX: missing avatars in topic map
...
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
504cfcff96
Fix specs for avatars
...
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
6e0eb89697
Don't show suspended users in autocomplete fields unless you are staff
2014-05-13 11:44:15 -04:00
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
f61f29439e
Track the ip address where user was registered
2014-04-29 14:37:56 -04:00
b4e037dfb2
Allow badges to be marked as "titleable".
2014-04-28 10:30:38 +05:30
64b8f2f759
TRIVIAL: remove puts statement (cc. @eviltrout)
2014-04-21 23:00:13 +02:00
b9ca124756
Support for /my/preferences to automatically redirect to the logged in
...
user.
2014-04-21 11:52:11 -04:00
8113e8d897
Basic UI for selecting gold/silver badges as titles.
2014-04-18 09:20:51 +05:30
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
be06156629
SECURITY: when enabled_local_logins is false users could log in via API
...
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
619fa50d4b
BUGFIX: twitter auth asking for a password
2014-03-20 14:49:25 +11:00
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
c13aa8852b
Whitelist :active param so that we can automatically create users that are active via API
2014-02-04 15:40:30 -05:00
da825451d0
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-21 16:56:41 -05:00
c743a985a4
Allow groups to be used as aliases for user mention
...
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
854d9c8fc6
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length.
2013-12-19 16:15:47 -05:00
05a3c8090f
Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
...
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
561961eff6
FIX: can grant titles to regular users. Guardian initializer needs current_user, not the target user.
2013-12-10 12:46:35 -05:00
51eff92170
Refactor UsersController#create
...
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Kane York
Sam
Régis Hanol
Ryan Fox
Arpit Jalan
Robin Ward
Neil Lalonde
Greg Kempe
Blake Erickson
Andrew Bezzub
Louis Rose
Vikhyat Korrapati
Johan Jatko
Leonard Teo
Benjamin Kampmann
Scott Albertson