ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
4cd8abc905
FEATURE: dynamically load invites
2014-08-05 22:20:23 +05:30
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
4f416bf6ce
Check honeypot/challenge value on activation too
2014-07-15 14:07:35 -04:00
915f60b0fc
Don't redirect to login when activating account...
2014-07-15 10:50:28 -07:00
766196af87
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations
2014-07-14 15:42:22 -04:00
cce7cf8c85
FEATURE: Require Javascript to activate an account via email link
2014-07-14 12:26:10 -04:00
4a2cc269ab
FIX: allow selection of no title
2014-07-14 18:07:07 +10:00
833c50c460
FEATURE: Read Faq badge
2014-07-11 17:32:29 +10:00
9a9ad9bda8
FEATURE: Badge progress
...
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
5a0aed2bfa
FIX: regression, forgot password broken
...
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
9000c358d1
REFACTOR: Use common path for RESTful `DELETE` action from upload image
...
component
2014-06-30 14:13:59 -04:00
4088fba4f2
REFACTOR: Convert profile background uploader to be an ember component
2014-06-30 14:13:59 -04:00
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
6e698315d6
Allow all /my URLs
...
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
91b6459f2b
BUGFIX: allow users to pick no avatar
2014-05-30 14:45:55 +10:00
5adc486cef
BUGFIX: missing avatars in topic map
...
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
504cfcff96
Fix specs for avatars
...
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
6e0eb89697
Don't show suspended users in autocomplete fields unless you are staff
2014-05-13 11:44:15 -04:00
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
f61f29439e
Track the ip address where user was registered
2014-04-29 14:37:56 -04:00
b4e037dfb2
Allow badges to be marked as "titleable".
2014-04-28 10:30:38 +05:30
64b8f2f759
TRIVIAL: remove puts statement (cc. @eviltrout)
2014-04-21 23:00:13 +02:00
b9ca124756
Support for /my/preferences to automatically redirect to the logged in
...
user.
2014-04-21 11:52:11 -04:00
8113e8d897
Basic UI for selecting gold/silver badges as titles.
2014-04-18 09:20:51 +05:30
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
be06156629
SECURITY: when enabled_local_logins is false users could log in via API
...
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
619fa50d4b
BUGFIX: twitter auth asking for a password
2014-03-20 14:49:25 +11:00
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
c13aa8852b
Whitelist :active param so that we can automatically create users that are active via API
2014-02-04 15:40:30 -05:00
da825451d0
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-21 16:56:41 -05:00
c743a985a4
Allow groups to be used as aliases for user mention
...
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
854d9c8fc6
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length.
2013-12-19 16:15:47 -05:00
05a3c8090f
Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
...
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
561961eff6
FIX: can grant titles to regular users. Guardian initializer needs current_user, not the target user.
2013-12-10 12:46:35 -05:00
51eff92170
Refactor UsersController#create
...
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
981d8f6aea
Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing...
2013-11-19 14:15:28 -05:00
32a3da86da
Merge pull request #1640 from salbertson/sa-refactor-users-controller-invites
...
Refactor UsersController#invited
2013-11-12 08:18:52 -08:00
77b59b54ce
Refactor UsersController#invited
...
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
58f78e9001
Refactor Users#upload_avatar method
...
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```
Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
3473734af0
FIX: bust broken password
2013-11-11 22:28:26 +11:00
af67284995
User ctrl refactor - breaks up large methods, moves some logic into model
...
Includes missing methods from backup for travis to pass
fix missing code, failing specs
keep params handling in the controller.
2013-11-09 18:44:13 +05:30
72bfa4471f
Move logic for updating a user into a service class
2013-11-07 08:39:39 -08:00
25ef66c60b
User invites page now has search, displays first `invites_shown` records
2013-11-05 17:53:26 -05:00
3d6d7c8abe
SiteSetting to hide regular names from users
2013-10-30 15:45:34 -04:00
9b2f821012
Merge pull request #1512 from ScotterC/avatar-from-url
...
Build out a URI Adapter to allow uploading an avatar via a url
2013-10-21 13:17:37 -07:00
2308784713
Merge pull request #1543 from railsaholic/small_users_controller_refactoring
...
refactor UsersController to reduce complexity
2013-10-21 12:21:03 -07:00
cbef844a57
Build out a URI Adapter to allow uploading an avatar via a url
...
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
648b11a0eb
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address.
2013-10-21 14:50:18 -04:00
868e4ffe6d
refactor UsersController to reduce complexity
...
Refactored: UsersController#create
2013-10-19 15:18:11 +05:30
9106596a9a
add image authorization on upload_avatar
2013-10-12 14:11:44 +02:00
23bf4436f5
FIX: avatar was attached to the user who uploaded it...
2013-10-12 10:55:41 +02:00
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
f0a122a66c
move job files so they live underneath app/ and not in lib/
...
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
724b3aadcf
Extracted nickname registration out of the UsersController and into its
...
own service.
2013-09-09 09:26:50 +00:00
9085cec232
Move json hash from users controller to NicknameUnavailable
2013-08-26 15:00:11 +00:00
afd1a3ac7b
yeah ... we should be installing the gem :)
2013-08-26 13:52:15 +10:00
b52aba15e0
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-26 12:59:17 +10:00
90dddb4395
store honeypot challenge in redis for extra security
2013-08-26 12:55:13 +10:00
c4a2e62a95
Merge pull request #1378 from justin808/justin808_cc
...
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
0d22a77c63
Added test case for nickname registration failure
...
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
b32e87c929
Merge pull request #1377 from ZogStriP/avatar-work
...
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
464595df5c
Lower Complexity of UsersController
...
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
3b9e62e6b9
improved specs for avatar
2013-08-24 22:45:05 +02:00
84987cd835
Extracted nickname registration into a private controller method
2013-08-23 09:46:33 +00:00
916a3f33f2
Refactored user activation business logic out of UsersController and
...
into a UserActivator class.
2013-08-21 09:22:34 +00:00
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
ea6e73076b
change your avatar in a modal
2013-08-17 00:35:29 +02:00
aec929b184
Screw it, don't choose columns.
2013-08-14 12:26:31 -04:00
a05ffafd4c
FIX: Direct link to Avatar
2013-08-14 12:22:44 -04:00
4866f4d8f5
FIX: N+1 query for avatars
2013-08-14 15:25:05 +02:00
3524b90d6a
FIX: avatars in quotes/oneboxes
...
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
c867b67a0b
custom avatar support
2013-08-13 22:08:29 +02:00
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
16cd3e2a53
Fix to allow admins to change the case of a someone's username
2013-07-30 16:48:45 -04:00
5f8a130277
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
2013-07-29 15:29:43 -04:00
0e504aac9b
FIX: You can reset your password even if logins are required.
2013-07-15 12:12:54 -04:00
a352b70bfc
Permit changing my own username's case without an error saying it is already taken
2013-06-28 16:21:46 -04:00
4b56aa8183
Merge pull request #1089 from budnik/minor_refactorings
...
Some refactorings
2013-06-25 17:29:51 -07:00
b2d300fe0b
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
2722029d38
stylistic refactorings
...
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
1884dc8d3f
`fake_success_reponse` => `fake_success_response`
2013-06-21 01:17:35 +05:30
09d3800701
Move 'dynamic favicon' from Server to User pref
2013-06-14 23:58:24 -07:00
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
bac03a3369
Merge pull request #975 from jd-erreape/username_refactor
...
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
96d23ddd8d
Refactored user_name suggestion methods into a module to reduce the complexity of User model
2013-06-06 16:40:10 +02:00
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
913a607528
need to punch through account creation stuff
2013-06-05 14:01:24 +10:00
2dfba8d6de
we need to be able to do username checks for registration to work
2013-06-05 12:50:42 +10:00
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
42494b5bb1
we can't trust CSRF for anon the way it is designed.
...
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
057b4768e6
strip whitespace when changing e-mail addresses
...
Fixes #778 .
2013-04-27 23:03:06 -04:00
b24c1a1ad9
better consistency around email case sensitivity
2013-04-15 02:20:33 +02:00
3dcb1905e3
Refactor user controller, create action, mostly.
...
The gist of the commit are a few improvements in the
create action, where:
* long boolean statemenst have been wrapped in smaller more readable
methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
visual clutter)
* specs have been added where I came across untested methods/branches
Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
0f362c5474
this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save
2013-04-12 10:07:58 +10:00
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
54c7b1ab63
Use consistent new-style hashes in render calls *twitch*
2013-03-22 14:08:11 -04:00
38f185355d
added options to disable quoting and open links in new tabs
...
fixed a some regressions
removed some dead code
fixed messages about constants being re-defined
2013-03-12 20:06:58 -07:00
d1d4530efd
User Profile enhancements:
...
- Added PreloadStore support to avoid duplicate requests
- preliminary SEO
- Support for opengraph/twitter cards
2013-03-08 15:04:37 -05:00
2ebe0336ae
On signup, handle duplicate key errors on email and username better
2013-03-07 14:56:55 -05:00
239cbd2d58
enforce coding convention
...
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
d2f3c829db
refactor User and TrustLevel a bit
...
* rename `User#password_required` to `User#password_required!`
* emails with "i" @ something are a special case as well
* get rid of `self.` and returns where possible
* prefer "unless a" instead of "if !a"
* `unread_notifications` without manually iterating
* introduce `User#moderator?`
* introduce `TrustLevel#valid_key?`, `TrustLevel#compare`, and
`TrustLevel#level_key`
2013-02-28 19:15:54 +03:00
b45f872c04
Added Github authentication option, disabled by default with enable options in settings.
2013-02-26 05:00:21 +00:00
ff3e012034
Add a link that allows you to send activation email again
2013-02-22 11:49:58 -05:00
39eab7c425
Replace mentions of mothership with discourse_hub
2013-02-14 12:57:26 -05:00
87d83802b9
added option that allows users to decide when they consider topics new (default 2 days old or newer)
...
added site_setting to control the default new_topic_duration_minutes
added 10 minutes option for auto_track_topics_after_msecs, default bumped up to 5 mins
2013-02-14 17:36:14 +11:00
4e9d9138d6
Fix broken signup with Twitter
2013-02-12 20:50:31 -05:00
824b09389f
Don't allow signups without a password
2013-02-12 15:42:16 -05:00
ce7088f081
check_username api now returns correct error message for invalid lengths etc
2013-02-08 14:12:48 -05:00
84191802df
Extract the validation of Username format in own class to avoid
...
complexity in user model object
2013-02-08 12:54:47 -05:00
79dfccf717
Username validation in signup and username change forms
2013-02-07 18:23:52 -05:00
e41b6537f9
Remove expectation of term case
2013-02-07 09:35:38 -07:00
5b01ac9288
Return User objects instead of hashes
2013-02-07 09:35:38 -07:00
972b9d735c
Extract search logic to UserSearch model
2013-02-07 09:35:38 -07:00
61654ab8f0
Fix all the trailing whitespace
2013-02-07 16:45:24 +01:00
471c61fd69
Add honeypot and challenge to signup form
2013-02-06 19:25:36 -05:00
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00
Robin Ward
Arpit Jalan
Neil Lalonde
riking
Sam
Andrew Bezzub
Louis Rose
Vikhyat Korrapati
Régis Hanol
Johan Jatko
Leonard Teo
Benjamin Kampmann
Scott Albertson
railsaholic
sirMackk
Scott Carleton
dbarbera
Matthieu Guillemot
Einar Jonsson
Justin Gordon
Michael Kirk
Dmitriy Budnik
Vipul A M
Chris Hunt
Juan de Dios Herrero
Ian Christian Myers
Jonathan Roes
Philipp Weissensteiner
Karan Misra
Sarah Vessels
Gosha Arinich
nverba
Cyril Mougel
Mike Moore
Jakub Arnold