Sam
75172024ca
SECURITY: ensure users have permission when moving categories
2018-03-02 12:13:27 +11:00
Guo Xiang Tan
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
Neil Lalonde
baf1c385eb
UX: when a post is blocked due to a watched word, message includes the word being blocked
2018-02-28 11:22:18 -05:00
Joshua Rosenfeld
48aea2a9fc
backup_frequency copy edit
2018-02-27 15:41:37 -05:00
Arpit Jalan
4010d8d9f9
FEATURE: show "edit message" button on message footer for staff
...
Show "Edit Message" button on personal message footer for staff if PM tagging is enabled.
2018-02-27 14:22:03 +05:30
Guo Xiang Tan
06891ce51d
FIX: Direct link to group activity page results in 400 error.
...
https://meta.discourse.org/t/following-a-direct-link-to-group-activity-results-in-400-error/81596
2018-02-27 13:43:22 +08:00
Guo Xiang Tan
66d620f7b1
FEATURE: Trigger topic webhook when topic status is updated.
2018-02-27 11:07:37 +08:00
Guo Xiang Tan
8c51ac448a
FIX: Missing translation.
2018-02-27 09:37:12 +08:00
Neil Lalonde
3313072957
Remove censored_pattern site setting, which is replaced by watched words
2018-02-26 16:29:27 -05:00
Guo Xiang Tan
3e1afbedc5
FIX: Missing translation for non-admin when editing a group.
...
https://meta.discourse.org/t/text-glitch-on-group-admin-page/77303
2018-02-26 10:11:18 +08:00
Sam
c234a14f0d
Make bootsnap MRI only for now
2018-02-26 10:29:25 +11:00
Guo Xiang Tan
4791b39773
UX: Add reset password email button when confirming password before enabling 2FA.
2018-02-23 15:37:17 +08:00
Guo Xiang Tan
66062ed6d9
Add missing default choice for `SiteSetting.google_oauth2_prompt`.
2018-02-23 11:23:08 +08:00
Guo Xiang Tan
3637f0d3bb
Update copy to reflect that 2FA key should be kept a secret.
2018-02-23 10:40:25 +08:00
Guo Xiang Tan
e137b7f836
UX: Improve indication of 2FA status in user's preferences.
2018-02-23 10:36:48 +08:00
Guo Xiang Tan
2e2da3a6e2
Update copy for 2FA.
2018-02-23 10:36:48 +08:00
Robin Ward
9b704b21b5
Don't include `client` when false
2018-02-22 21:22:09 -05:00
Robin Ward
69af881f7f
New site setting `trusted_users_can_edit_others`
...
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan
24d0a7a4c7
Take 2 on f74d6bb605
.
...
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
...
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Joffrey JAFFEUX
1c790ae6bc
Revert "Add prompt and HD settings to the Google OAuth2 plugin."
...
This reverts commit f74d6bb605
.
2018-02-22 19:17:02 +01:00
scossar
9d0807224b
Don't enqueue topic webhook unless a post has a topic
2018-02-22 14:34:59 +08:00
Guo Xiang Tan
ef1b82a226
Add missing site setting description.
2018-02-22 13:52:36 +08:00
Geoffrey Challen
f74d6bb605
Add prompt and HD settings to the Google OAuth2 plugin.
2018-02-22 12:29:19 +08:00
Vinoth Kannan
84867c1c07
Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm
2018-02-22 06:48:34 +05:30
Guo Xiang Tan
1b04d881c5
UX: Display lock icon in admin user lists when user has 2FA enabled.
2018-02-22 09:00:09 +08:00
Joffrey JAFFEUX
6f5acfe783
Login with email/forget password UI refactoring
...
* move button into login modal with social buttons
* adds email link next to login field when filling it
* adds proper validation messages
* improves forgot password flash clearing
* more tests
2018-02-22 08:06:15 +08:00
Sam
720e1965e3
FEATURE: add category suppress from latest
...
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.
New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Joshua Rosenfeld
3ec8b38796
A few more 'private message' strings to update
...
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags
2018-02-21 23:55:59 +05:30
Joshua Rosenfeld
23f7c3607c
Update Twitter login site setting description text
2018-02-21 13:07:33 -05:00
Vinoth Kannan
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
Gerhard Schlager
210939de68
FEATURE: Use HTML instead of text for incoming emails by default
2018-02-21 11:14:36 +01:00
Guo Xiang Tan
8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
...
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan
14f3594f9f
Review Changes for f4f8a293e7
.
2018-02-21 14:55:49 +08:00
Sam
ca1a3f37e3
FEATURE: add instrumentation for all external net calls
2018-02-21 15:20:29 +11:00
Jeff Wong
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward
3ea272f4f1
New setting: minimum trust level to embed images in a post
2018-02-20 20:00:06 -05:00
Jeff Atwood
6c29908ba2
very minor copyedits
2018-02-20 00:44:56 -08:00
Sam
73a492f721
minor changes to discourse bench
...
Ruby master is not compatible with bootsnap atm
2018-02-20 14:41:21 +11:00
Arpit Jalan
c419c26f56
FEATURE: new site setting 'max_emojis_in_title'
2018-02-19 18:15:26 +05:30
OsamaSayegh
f3815cd785
FEATURE: New site setting for additional allowed filetypes for staff ( #5364 )
...
* FEATURE: New site setting for additional allowed filetypes for staff
* Problematic variable name
* feedback
* small issues
* fix indentation
* failing tests
* Remove message bus and fix minor issues
* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle
5d9d0fcb4f
FEATURE: add setting which adds group name to PM email subject ( #5475 )
2018-02-19 10:20:17 +01:00
Guo Xiang Tan
d601a6b23c
FIX: Support old Service Worker source file path to avoid routing errors.
2018-02-19 08:04:45 +08:00
SidV
790c5facc9
Mailgun typo ( #5593 )
...
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Neil Lalonde
32ad98161f
Update translations
2018-02-15 16:36:03 -05:00
Sam
7af9ed6674
FEATURE: add goanna rendering engine to non crawler list
...
Goanna the fork of Gecko which is used by Pale Moon browser is not a crawler.
2018-02-16 06:30:47 +11:00
Guo Xiang Tan
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
Sam
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Joffrey JAFFEUX
548db91c76
FIX: displays an error when reaching tags limit
2018-02-14 00:30:09 +01:00