Commit Graph

179 Commits

Author SHA1 Message Date
Guo Xiang Tan 5994c85ea9 FIX: Raise the right error when email params is missing. 2017-06-12 17:48:32 +09:00
Robin Ward 54bb2a6bc2 FIX: Don't redirect to wizard when resetting password 2017-06-07 12:36:52 -04:00
Guo Xiang Tan 2cad739262 FIX: Better error message when username change fails.
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Guo Xiang Tan 2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Robin Ward b584264d82 FIX: Don't show "resend email" option when user approval is on 2017-05-25 15:29:05 -04:00
Sam 2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Robin Ward 81190f5d66 FIX: Redirect away from `account-created` if you're logged in 2017-05-03 11:18:01 -04:00
Robin Ward 12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Neil Lalonde 0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Arpit Jalan ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward 6b976433c9 Support for both `/users/` and `/u/` paths 2017-03-30 10:23:24 -04:00
Arpit Jalan 7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Guo Xiang Tan ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Sam a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Guo Xiang Tan 9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan 7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Guo Xiang Tan 76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Régis Hanol cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Sam 8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Sam 7652901b75 reduce mocking and stubbing in controller spec 2017-02-13 14:31:15 -05:00
Neil Lalonde 94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde 1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Sam eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam 0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
cpradio 824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Robin Ward c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Robin Ward f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Sam afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward 429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Arpit Jalan f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Sam a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol 1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Régis Hanol 8d4bac7da2 fix build & add migration to clear common passwords cache 2016-03-03 19:39:22 +01:00
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
scossar 0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Arpit Jalan 6df5b38b54 better user update spec 2016-02-24 16:10:08 +05:30
Arpit Jalan d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Arpit Jalan 0064927077 FIX: do not allow new email to be duplicate
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30