Commit Graph

1903 Commits

Author SHA1 Message Date
Nicolas 1deec95ccb Use `natural` orientation for web app manifest.
The `any` orientation forces the rotation even when the device's screen
 rotation is disabled. Using `natural` respects that and restores the
 expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood 3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron 4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam 2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol 27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Arpit Jalan 5523d0dbf9 fix the build 2017-02-03 15:35:33 +05:30
Arpit Jalan 26ccf61ab1 FIX: sane error message when inviting an existing user 2017-02-03 14:27:27 +05:30
Guo Xiang Tan 61111a3f9b FIX: Show groups that user is owner of on groups page. 2017-02-03 16:51:32 +08:00
Guo Xiang Tan 18007ed34b FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`. 2017-02-01 14:51:56 +08:00
Guo Xiang Tan f6d9745c5f Bye bye byebug. 2017-02-01 14:50:14 +08:00
Guo Xiang Tan 6c8c91dca4 UX: Change default filename for images that have been pasted. 2017-02-01 14:44:41 +08:00
Arpit Jalan 9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Guo Xiang Tan 781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan 0a25df67bc Revert "FIX: Incorrect parameter being passed to component."
This reverts commit d354a6f7a4.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan d354a6f7a4 FIX: Incorrect parameter being passed to component. 2017-01-25 13:09:08 +08:00
Guo Xiang Tan 32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Arpit Jalan e793caf3e3 FIX: only allow CSV file to be uploaded for bulk invite 2017-01-11 16:26:01 +05:30
Guo Xiang Tan d6bf5b0e78 Use `any` orientation for web app manifest. 2017-01-11 17:32:24 +08:00
Guo Xiang Tan cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Guo Xiang Tan 68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Neil Lalonde 685e6bdbab FIX: tags canonical url can raise error or be wrong 2017-01-05 15:17:23 -05:00
Claas Augner bec10ada2a
Remove unused email templates from controller 2017-01-05 15:31:14 +01:00
Guo Xiang Tan 5098baee2f FIX: Undefined variable. 2017-01-04 17:37:23 +08:00
Guo Xiang Tan 43671b1fda UX: Display group fullname in mention autocomplete. 2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva d3fb724578 Merge pull request #4632 from xfalcox/native-app-banner
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva d7c8c2d5e3 FEATURE: Opt-in native Discourse app install banner on Android/iOS 2017-01-03 15:50:45 -02:00
Guo Xiang Tan ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan 5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan 5605700fa9 UX: Sort groups by name. 2016-12-22 14:46:20 +08:00
Guo Xiang Tan 8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan 5e75d5c1bf PERF: N+1 query on groups page. 2016-12-21 20:59:09 +08:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan 9db5d5b6a7 FIX: Incorrect serializer for groups page. 2016-12-20 15:44:22 +08:00
Guo Xiang Tan 7c7c233c1c FIX: Can't update `Groups#allow_membership_requests` in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan 502e114c60 FIX: Incorrect count when loading more groups. 2016-12-20 14:39:44 +08:00
Guo Xiang Tan 193f8301a4 FIX: Do not show automatic groups to normal users. 2016-12-20 14:26:49 +08:00
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam 2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig 87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan 18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Sam e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam 15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam 61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00