Commit Graph

228 Commits

Author SHA1 Message Date
Robin Ward 429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Sam 4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Sam 1411eedad3 FEATURE: offer to unwatch categories when unwatching category 2016-06-28 18:34:20 +10:00
Régis Hanol 5bfc9cf69e Allow API to create staged users 2016-06-23 12:27:05 +02:00
Arpit Jalan f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Robin Ward 89e506551a
Add body class to `account-created` route 2016-05-05 14:37:09 -04:00
Sam a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Aryan Raj c3507a3242 Fix: Added underscore to my_redirect regex 2016-03-20 13:00:56 +05:30
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol 1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Arpit Jalan 36f82aa68c FEATURE: enforce admin password validation when signing up via developer email 2016-03-04 00:28:47 +05:30
scossar 0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Arpit Jalan 0064927077 FIX: do not allow new email to be duplicate
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
Sam Saffron 7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Arpit Jalan 380764dc92 FIX: validate email when changing via user preferences page 2016-01-16 10:50:49 +05:30
Neil Lalonde c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Sam a8b5192efd FEATURE: User page refactor
Re-organise user page so it is easier to find interesting info
split it into tabs

- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
Sam 7917316f6f FEATURE: display warning on top of composer for group mentions
If users attempt to mention a group that is "mentionable" display a warning
informing them that people will be notified.
2015-12-04 13:41:07 +11:00
Sam 9899e8d4a5 FEATURE: First class messages to groups, you can select a group as a target of a message 2015-12-02 15:49:43 +11:00
Sam f6390c8ad6 correct bad merge 2015-11-30 17:12:51 +11:00
Sam ad3dd161e7 FEATURE: first class group mentions built in
If you allow a group to be mentioned it can be mentioned with the @ symbol.

Keep in mind as a safety mechanism max_users_notified_per_group_mention is set to 100
2015-11-30 17:08:43 +11:00
Régis Hanol 16b3d26d7b allow staff members to view staged accounts user card/profile 2015-11-27 20:02:24 +01:00
Régis Hanol 76692235ae FIX: don't ever fetch staged accounts in unseen mentions 2015-11-27 18:16:50 +01:00
Régis Hanol 43614439e6 FEATURE: can take over a staged account 2015-11-13 19:07:28 +01:00
Régis Hanol 16f509afb9 FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side 2015-11-12 10:26:45 +01:00
Régis Hanol bb79e6aff7 FEATURE: new hide_user_profiles_from_public site setting 2015-10-28 19:56:08 +01:00
Robin Ward 46ca66771b FIX: Better error message for resending activation. Don't limit staff. 2015-10-27 16:25:30 -04:00
Robin Ward a527c58c7d UX: Show a nicer "Log In" screen if the user follows `/my/preferences` 2015-10-14 13:39:31 -04:00
Robin Ward d66a545dd2 FIX: `/my/preferences` should prompt users to log in 2015-10-14 12:40:13 -04:00
Régis Hanol 36309e50cc Merge pull request #3767 from tgxworld/track_user_profile_views
Track user profile views
2015-09-23 11:38:18 +02:00
Régis Hanol 07e7b07b63 FIX: refreshing gravatar wasn't working 2015-09-17 19:42:44 +02:00
Guo Xiang Tan 7acc93b2a0 FEATURE: Track user profile views. 2015-09-16 14:48:31 +08:00
Régis Hanol 18d7c1c75d fix the build - take 2 2015-09-11 15:47:48 +02:00
Régis Hanol 93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Sam 6437cd0341 FEATURE: add support for generic external avatar services
This changes it so we only ship an avatar template down to the client
it has no magic, all it knows is how to plug in size
2015-09-11 15:10:56 +02:00
Régis Hanol 2742602254 FEATURE: support for external letter avatars service 2015-09-11 02:12:40 +02:00
Robin Ward 32e2d7963a FEATURE: Show FAQ at top of the hamburger until the user reads it 2015-09-04 16:56:02 -04:00
Arpit Jalan 99edcddafb FEATURE: show pending/redeemed invite count in tabs 2015-08-25 01:12:46 +05:30
Arpit Jalan 91519fdfe7 FIX: do not persist error message 2015-08-24 00:29:58 +05:30
Kane York 2a897a8a6b SECURITY: Remove email validation check bypass
- Increase size of email column to varchar(513)
 - Give error message on signup when email is too large

Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-13 15:36:17 -07:00
Arpit Jalan e0c9054748 FEATURE: invite page tabs 2015-07-13 09:42:51 +05:30
Doug 5e615ef26e Fixed bug that caused substrings of reserved usernames to be treated as reserved. 2015-07-06 23:54:25 -07:00
Kane York df988a20eb FEATURE: Reserved usernames
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Sam b052179ae6 Merge pull request #3163 from rcfox/fix-by-external
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam Saffron c58b495e15 SECURITY: Query @usernames in bulk
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
Sam Saffron 4409a3072d FEATURE: we need admin login always 2015-06-05 18:43:59 +10:00
Régis Hanol cb025a65e0 FIX: make sure we also save the user_avatar.custom_upload_id 2015-05-29 10:21:41 +02:00
Régis Hanol b7f8680618 fix build (:fired:) 2015-05-20 17:51:33 +02:00
Régis Hanol 8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00