Commit Graph

39 Commits

Author SHA1 Message Date
Arpit Jalan 3a6e137e70 FIX: add context for deactivated user logs 2018-05-08 08:18:04 +05:30
Neil Lalonde a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Robin Ward 456e40a709 FIX: Don't allow a user to become TL3 if they've ever been penalized
Previously the code would only check if they were *currently* suspended
or silenced.
2018-04-24 15:15:32 -04:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Robin Ward 09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Robin Ward 677b016387 Send a suspension message via email to a user 2017-09-25 12:26:41 -04:00
Robin Ward 2a56cf8bb6 Tests + Refactoring for Suspension Modal 2017-09-25 12:26:06 -04:00
Robin Ward 6e48884274 Extract out common "cancel" link functionality from modals 2017-09-25 12:25:15 -04:00
Robin Ward d7c37d9369 Add front end service for staff controls 2017-09-25 12:25:14 -04:00
Robin Ward 1af4acbb3d Add tests to flagged topics 2017-09-25 12:25:14 -04:00
Robin Ward 5b590b9637 REFACTOR: Replace some `fa-*` uses with helpers 2017-07-27 14:55:41 -04:00
Neil Lalonde a0f03936ff FIX: saving invisible primary group field that you don't belong to 2017-05-17 12:46:50 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Régis Hanol c302ffe08f FIX: buttons in user admin page weren't working 2016-12-20 12:26:53 +01:00
safaalfulaij 291c32aa69 Fix Plural Strings 2016-08-10 20:24:28 +03:00
Robin Ward b8125b3512 REFACTOR: Remove `Discourse.Ajax` 2016-07-11 12:57:05 -04:00
Régis Hanol 8a04b78909 add a link to bounce emails list in user admin profile 2016-05-18 22:38:35 +02:00
Régis Hanol 1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Neil Lalonde 3b18a5d59d FIX: redirect url after anonymizing a user 2016-03-03 11:59:07 -05:00
Erick Guan 35142847ba FIX: Prepend the user id before username in admin user routes 2016-02-09 15:14:13 +01:00
Régis Hanol 5018a8033d FIX: add link to user profile for staged users 2016-01-19 16:41:07 +01:00
Neil Lalonde 12790d8dcc FEATURE: staff can block users, which prevents them from creating topics and replies 2016-01-14 14:42:06 -05:00
Régis Hanol 753f4d1b7b FIX: redirect to forum home page when impersonating 2015-11-23 15:44:44 +01:00
Sam 5c899c765b Revert "Revert "REFACTOR: support booting discourse with DISCOURSE_NO_CONSTANTS""
This reverts commit c21457d6a7.
2015-11-21 12:27:06 +11:00
Robin Ward c21457d6a7 Revert "REFACTOR: support booting discourse with DISCOURSE_NO_CONSTANTS"
This reverts commit c0b277d273.
2015-11-20 10:00:12 -05:00
Sam c0b277d273 REFACTOR: support booting discourse with DISCOURSE_NO_CONSTANTS
This change is discussed here: https://meta.discourse.org/t/deprecating-es6-compatibility-layer/35821

Prior to this change we were not booting correctly with DISCOURSE_NO_CONSTANTS
2015-11-21 00:14:50 +11:00
Robin Ward 46ca66771b FIX: Better error message for resending activation. Don't limit staff. 2015-10-27 16:25:30 -04:00
Rafael dos Santos Silva dfed999ec8 Remove getUrl on impersonate redirect
As said by  @riking @nlalonde and @ZogStriP
2015-10-13 16:52:35 -03:00
Rafael dos Santos Silva ccd46bf431 Fix impersonate redirect on subfolder install
Impersonate was redirecting to base site, instead of Discourse when using subfolder install.
2015-10-12 16:14:39 -03:00
Jeff Atwood 0b295150e7 UX: clearer delete user action buttons 2015-09-30 16:06:55 -07:00
Robin Ward b7e6eaa961 ES6ify some of the remaining files 2015-08-10 10:21:05 -04:00
Neil Lalonde 91588bed8b FIX: some admin actions redirect to wrong path when deployed to subdirectory 2015-05-21 15:03:00 -04:00
Robin Ward 4e0d7683ab Better error messages on admin for granting moderation
Also fixes up Ember deprecations.
2015-05-19 10:56:32 -04:00
Sam 4919ec4c44 FIX: don't hide "public invisible" groups from groups on user page 2015-04-16 10:44:55 +10:00
Régis Hanol 9cbd0f8e78 UX: separate custom from automatic groups in user admin
REFACTOR: some moar ES6 refactoring
2015-03-17 22:59:05 +01:00