Commit Graph

5508 Commits

Author SHA1 Message Date
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Neil Lalonde baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld 48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Arpit Jalan 4010d8d9f9 FEATURE: show "edit message" button on message footer for staff
Show "Edit Message" button on personal message footer for staff if PM tagging is enabled.
2018-02-27 14:22:03 +05:30
Guo Xiang Tan 06891ce51d FIX: Direct link to group activity page results in 400 error.
https://meta.discourse.org/t/following-a-direct-link-to-group-activity-results-in-400-error/81596
2018-02-27 13:43:22 +08:00
Guo Xiang Tan 66d620f7b1 FEATURE: Trigger topic webhook when topic status is updated. 2018-02-27 11:07:37 +08:00
Guo Xiang Tan 8c51ac448a FIX: Missing translation. 2018-02-27 09:37:12 +08:00
Neil Lalonde 3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan 3e1afbedc5 FIX: Missing translation for non-admin when editing a group.
https://meta.discourse.org/t/text-glitch-on-group-admin-page/77303
2018-02-26 10:11:18 +08:00
Sam c234a14f0d Make bootsnap MRI only for now 2018-02-26 10:29:25 +11:00
Guo Xiang Tan 4791b39773 UX: Add reset password email button when confirming password before enabling 2FA. 2018-02-23 15:37:17 +08:00
Guo Xiang Tan 66062ed6d9 Add missing default choice for `SiteSetting.google_oauth2_prompt`. 2018-02-23 11:23:08 +08:00
Guo Xiang Tan 3637f0d3bb Update copy to reflect that 2FA key should be kept a secret. 2018-02-23 10:40:25 +08:00
Guo Xiang Tan e137b7f836 UX: Improve indication of 2FA status in user's preferences. 2018-02-23 10:36:48 +08:00
Guo Xiang Tan 2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward 9b704b21b5 Don't include `client` when false 2018-02-22 21:22:09 -05:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan 24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Joffrey JAFFEUX 1c790ae6bc Revert "Add prompt and HD settings to the Google OAuth2 plugin."
This reverts commit f74d6bb605.
2018-02-22 19:17:02 +01:00
scossar 9d0807224b Don't enqueue topic webhook unless a post has a topic 2018-02-22 14:34:59 +08:00
Guo Xiang Tan ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Geoffrey Challen f74d6bb605 Add prompt and HD settings to the Google OAuth2 plugin. 2018-02-22 12:29:19 +08:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Guo Xiang Tan 1b04d881c5 UX: Display lock icon in admin user lists when user has 2FA enabled. 2018-02-22 09:00:09 +08:00
Joffrey JAFFEUX 6f5acfe783 Login with email/forget password UI refactoring
* move button into login modal with social buttons
* adds email link next to login field when filling it
* adds proper validation messages
* improves forgot password flash clearing
* more tests
2018-02-22 08:06:15 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Joshua Rosenfeld 3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld 23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Gerhard Schlager 210939de68 FEATURE: Use HTML instead of text for incoming emails by default 2018-02-21 11:14:36 +01:00
Guo Xiang Tan 8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Sam ca1a3f37e3 FEATURE: add instrumentation for all external net calls 2018-02-21 15:20:29 +11:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Jeff Atwood 6c29908ba2 very minor copyedits 2018-02-20 00:44:56 -08:00
Sam 73a492f721 minor changes to discourse bench
Ruby master is not compatible with bootsnap atm
2018-02-20 14:41:21 +11:00
Arpit Jalan c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle 5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
Guo Xiang Tan d601a6b23c FIX: Support old Service Worker source file path to avoid routing errors. 2018-02-19 08:04:45 +08:00
SidV 790c5facc9 Mailgun typo (#5593)
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Neil Lalonde 32ad98161f Update translations 2018-02-15 16:36:03 -05:00
Sam 7af9ed6674 FEATURE: add goanna rendering engine to non crawler list
Goanna the fork of Gecko which is used by Pale Moon browser is not a crawler.
2018-02-16 06:30:47 +11:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Sam 38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Joffrey JAFFEUX 548db91c76
FIX: displays an error when reaching tags limit 2018-02-14 00:30:09 +01:00