Commit Graph

4240 Commits

Author SHA1 Message Date
Guo Xiang Tan d9b4b12694 UX: Display warning message about social logins disabled when 2FA is enabled. 2018-03-02 14:22:52 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Neil Lalonde baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld 48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Arpit Jalan 4010d8d9f9 FEATURE: show "edit message" button on message footer for staff
Show "Edit Message" button on personal message footer for staff if PM tagging is enabled.
2018-02-27 14:22:03 +05:30
Guo Xiang Tan 8c51ac448a FIX: Missing translation. 2018-02-27 09:37:12 +08:00
Neil Lalonde 3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan 3e1afbedc5 FIX: Missing translation for non-admin when editing a group.
https://meta.discourse.org/t/text-glitch-on-group-admin-page/77303
2018-02-26 10:11:18 +08:00
Guo Xiang Tan 4791b39773 UX: Add reset password email button when confirming password before enabling 2FA. 2018-02-23 15:37:17 +08:00
Guo Xiang Tan 3637f0d3bb Update copy to reflect that 2FA key should be kept a secret. 2018-02-23 10:40:25 +08:00
Guo Xiang Tan e137b7f836 UX: Improve indication of 2FA status in user's preferences. 2018-02-23 10:36:48 +08:00
Guo Xiang Tan 2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan 24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Guo Xiang Tan ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Guo Xiang Tan 1b04d881c5 UX: Display lock icon in admin user lists when user has 2FA enabled. 2018-02-22 09:00:09 +08:00
Joffrey JAFFEUX 6f5acfe783 Login with email/forget password UI refactoring
* move button into login modal with social buttons
* adds email link next to login field when filling it
* adds proper validation messages
* improves forgot password flash clearing
* more tests
2018-02-22 08:06:15 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Joshua Rosenfeld 3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld 23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Jeff Atwood 6c29908ba2 very minor copyedits 2018-02-20 00:44:56 -08:00
Arpit Jalan c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle 5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
SidV 790c5facc9 Mailgun typo (#5593)
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Neil Lalonde 32ad98161f Update translations 2018-02-15 16:36:03 -05:00
Sam 38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Joffrey JAFFEUX 548db91c76
FIX: displays an error when reaching tags limit 2018-02-14 00:30:09 +01:00
Joffrey JAFFEUX ed114177e7
Mini tag chooser tweaks 2018-02-13 19:41:03 +01:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward 4dfe659189 Rename `allow staff flags` to `allow flagging staff` 2018-02-12 15:27:26 -05:00
Robin Ward 6287631745 FEATURE: New site setting, `allow staff flags`, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
AhmadF.Cheema e48ae647f9 Fix typo in server.en.yml 2018-02-11 21:17:22 +01:00
Robin Ward 2faa4c2f5f FIX: Don't show personal messages if disabled as a composer action 2018-02-09 16:58:35 -05:00
Joffrey JAFFEUX 190d208631
FEATURE: improves composer-actions toggle menu
* only toggles
* fix a bug with presence
* more tests
* do not duplicate `continuing discussion...` text
* persist state to allow switching between toggles
2018-02-08 11:46:55 +01:00
scossar dab0ec1d66 Add translation key/value for target_user_not_found error message 2018-02-07 11:35:17 +01:00
Robin Ward 1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Robin Ward 0bdd416d0b Small title change 2018-02-01 18:16:01 -05:00
Robin Ward 8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Joffrey JAFFEUX f7df68c9a3
FIX: makes composer-actions toggling whisper instead of replying 2018-02-01 23:07:37 +01:00
Joffrey JAFFEUX a4aeb74aba
typo 2018-02-01 19:54:48 +01:00