7a27c93c03
FIX: URL encode username and first letter in avatar URL
...
And it adds specs as a follow-up to aadb7da7
2019-04-29 15:08:14 +02:00
26b4dbde41
PERF: use delete_all to remove notifications and topic_users
...
Previously we used destroy here which could be extremely expensive
2019-04-26 22:26:48 +10:00
c009a6ae36
PERF: speed up user deletion logic
...
Previously any user deletion would scan a very large number of tables
This avoids scans on 6 tables/indexes on delete
2019-04-26 18:11:39 +10:00
aadb7da7d3
FIX: Use first grapheme cluster for letter avatar
2019-04-24 23:20:46 +02:00
a7bc1ecbae
FEATURE: Add support for Unicode usernames and group names
...
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
14f9d40e48
FEATURE: Clarify Reviewable User Actions
...
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
111a502231
FIX: Deleting Users should work nicely with Reviewable Users
...
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.
Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
828cdf3fea
FIX: Protected method called, I'll fire myself now
2019-04-03 16:10:36 -04:00
82bddcbe51
FIX: Don't create two reviewable scores for a user
2019-04-03 16:03:32 -04:00
c1ea63bdc1
FIX: Reviewables should not be created for users until they are active
...
Conversely, if a user is deactivated the reviewable should automatically
be rejected.
Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
b58867b6e9
FEATURE: New 'Reviewable' model to make reviewable items generic
...
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.
Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
a9798f0c47
FEATURE: Add page for all group membership requests. ( #6909 )
2019-03-27 13:30:59 +02:00
7e9afdace3
FEATURE: custom colors for default letter avatars ( #7167 )
2019-03-18 16:24:21 +01:00
c5808a8a25
PERF: N+1 queries admin users pages.
2019-03-15 15:09:44 +08:00
4a00772c19
FIX: invite approval `StaffActionLogger` bug ( #7151 )
...
* FIX: invite approval `StaffActionLogger` bug
2019-03-12 13:32:25 +00:00
191e31dccf
FEATURE: Log user approvals. ( #7121 )
2019-03-12 19:16:56 +11:00
32bae48fd3
DEV: Use User#human? User#bot? ( #7140 )
2019-03-12 07:58:14 +08:00
fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator ( #7120 )
...
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
5d75bd4831
FIX: Don't try to rename group when username is taken
...
FIX: Always rename groups with the default locale instead of using the user's locale
2019-02-19 22:31:03 +01:00
c719658f9f
`human?` helper method on a user
...
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
e9ec5238fc
DEV: Remove ignored columns
2019-02-08 12:12:38 +01:00
d5ecf8e8c2
FIX: properly clean out post and user actions on destroy user
...
This corrects 2 issues:
First is a regression with d7c08e21
2019-01-17 12:40:30 +11:00
d7c08e217a
PERF: delete user and post actions vs destroy on user destroy
...
Users can have 100s of thousands of post and user actions, we do not want
to destroy each individually cause the tracking is enormous and the amount
of queries we would need is enormous.
This gives up on the `after_commit` hook on `post_actions` which ships a message
to clients to synchronize a post, so some phantom post_actions may remain
in the UX in the rare occasion we delete a user. The phantoms will be gone
on reload.
2019-01-17 11:19:37 +11:00
95f263995d
FIX: Previous annotations were broken
2019-01-11 14:30:19 -05:00
a3839495e0
Update annotations
2019-01-11 12:19:43 -05:00
98d09c90ac
Current user serializer groups ( ef7f84b follow-up)
2018-12-18 09:05:45 +01:00
ef0e84e3d9
FIX: clear the site_contact_username setting if the user's staff privileges are revoked
2018-12-14 16:52:44 -05:00
9f89aadd33
FIX: delete all posts in batches without hijack ( #6747 )
2018-12-14 11:04:18 +01:00
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator ( #6739 )
...
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
3c9c95ac83
Update Rubocop to 0.60
2018-12-04 10:48:16 +01:00
208005f9c9
REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
...
Changes to functionality
- Removed syncing of user metadata including gender, location etc.
These are no longer available to standard Facebook applications.
- Removed the remote 'revoke' functionality. No other providers have
it, and it does not appear to be standard practice in other apps.
- The 'facebook_no_email' event is no longer logged. The system can
cope fine with a missing email address.
Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
24e5be3f0c
FIX: Relative links in translations should work with subfolder
2018-11-08 23:31:05 +00:00
7534042427
DEV: Update annotations.
2018-11-07 11:11:19 +08:00
2070edf889
FIX: Clarify User.group_locked_trust_level.
...
* Rename User.group_locked_trust_level to User.group_granted_trust_level.
* Remove the column from users table.
2018-11-07 10:27:44 +08:00
0ead513fb0
PERF: remove total unread notifications from message bus ( #6529 )
2018-10-25 12:14:34 +11:00
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
2018-10-24 12:10:27 +11:00
e605542c4e
PERF: limit unread count to 99 in the blue circle
...
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display ( #6499 )
...
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
12f132736b
FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value
2018-10-11 15:11:48 -04:00
8430ea927e
FIX: Generate webhook payloads before destroy events ( #6325 )
2018-10-05 16:53:59 +08:00
e402394375
FEATURE: auto grant an available title when removing old title
...
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
6659417807
FEATURE: match user title when primary group changes
...
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
931cffcebe
FEATURE: Let users see their user auth tokens. ( #6313 )
2018-08-31 10:18:06 +02:00
e1975e293f
FIX: when uploads are destroyed clear up avatar refs in user table
...
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
84ab825e41
FEATURE: Webhook for user destroyed event ( #6124 )
2018-07-23 13:19:49 +05:30
4765507585
Remove code that is no longer required.
2018-07-19 16:56:53 +08:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
214dac05de
Update annotations.
2018-07-16 14:19:07 +08:00
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
db67c87916
fix purge unactivated users subquery
2018-07-13 07:58:58 +05:30
7550e9ff95
FIX: purge unactivated users with a message from non-human users
2018-06-29 13:03:04 +05:30
5d1d7e0e7d
PERF: Scanning the `id` for this is signficantly slower in production
2018-06-28 11:04:40 -04:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
41f76a74f8
FEATURE: send message when a user reaches tl1
2018-06-22 13:20:00 -07:00
bc52bdfa12
Feature: unconditionally consider TL0 users as "first day" users
2018-06-21 10:53:08 -07:00
2ff226e509
FIX: consider staged users mature (no spam checks) after 1 day
2018-06-19 09:41:10 -07:00
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
68e4e6a575
FIX: staged users are still tl0 but do not trigger spam if 1 week old.
2018-06-18 17:20:04 -07:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
f988fa31aa
FIX: ensure 'notifications_state' is up to date after creating a notification
2018-05-26 02:09:48 +02:00
beed676b04
FIX: Check group names when checking username availability
2018-05-22 21:55:54 +02:00
b3981ddc43
Shorten `User.suggest_name` further.
2018-05-17 16:35:03 +08:00
117763493b
Refactor `User#suggest_name`.
...
* Rename `email` to `string` as variable can be an email, username
or any valid string.
2018-05-17 14:54:14 +08:00
aee4045dd0
FIX: suggest name when username/name is provided
2018-05-17 10:36:36 +05:30
39aceed63d
FIX: don't purge unactivated users with a message
2018-05-16 18:24:11 +02:00
a28c58feb1
FIX: automatic group membership when using SSO
2018-05-15 01:48:30 +02:00
e474351ae4
inactive users report is not used anymore
2018-05-14 21:31:14 +02:00
83255d94d9
DateGroupable is not used anymore
2018-05-14 16:26:14 +02:00
3e06598e96
FIX: only unstage staged users
2018-05-14 12:03:15 +02:00
2cf6fb7359
FIX: always unstage users when they log in
2018-05-13 17:00:02 +02:00
8a783412b7
UX: improvements to new dashboard
...
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
91b31860a1
Feature: Push notifications for Android ( #5792 )
...
* Feature: Push notifications for Android
Notification config for desktop and mobile are merged.
Desktop notifications stay as they are for desktop views.
If mobile mode, push notifications are enabled.
Added push notification subscriptions in their own table, rather than through
custom fields.
Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
ee426623e4
Dashboard next: correctly group inactive member count
2018-05-04 07:48:55 +02:00
41cd8c169c
Add specs for inactive users report
2018-05-04 07:48:55 +02:00
980972182f
dashboard next: caching, mobile support and new charts
2018-05-03 15:41:41 +02:00
b9c7e09a4e
linting
2018-04-26 15:21:02 +02:00
9fabf2543b
dashboard next: activity metrics and new contributors
...
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
00d879ec63
Fix the build.
2018-04-03 00:44:12 +08:00
2498403bc3
Revert "FIX: Username uniqueness check should not happen to current user_id"
...
This reverts commit f71a18facd
2018-04-03 00:44:04 +08:00
f71a18facd
FIX: Username uniqueness check should not happen to current user_id
2018-04-02 21:59:11 +05:30
221503cd10
FIX: Add server side uniqueness validations for `Group#name` and `User#username`.
...
https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2018-04-02 18:19:18 +08:00
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
fa95699fde
Fix the build.
2018-03-22 14:20:27 +08:00
f3b402ffd5
UX: Allow users to filter members on group page.
...
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
9e8d10f711
Fix the build.
2018-03-19 12:34:21 +08:00
52b9af10a1
PERF: PG queries for the `UserEmail#email` column was not using the index.
2018-03-19 11:31:14 +08:00
c85e1fdb50
Revert "PERF: Query for email was not using index."
...
This reverts commit 65eb046e69
2018-03-16 15:31:39 +08:00
65eb046e69
PERF: Query for email was not using index.
2018-03-16 15:19:35 +08:00
5ce8177662
FIX: unable to delete user belonging to a group that grants a trust level
2018-03-14 15:12:11 -04:00
0e1b896821
Explicitly assign primary_email record when creating a user
...
* This looks like we're doing the same thing but
we're debugging a race condition where a user
can be created without an email record. Therefore,
we prefer the more obvious method of assigning an
association.
2018-03-09 15:59:46 +08:00
642c60c310
Rename variable so that it is clearer which variable is being referred.
2018-03-02 16:41:02 +08:00
fffd1a6602
FIX: Associated Instagram account was missing at some places
2018-03-01 12:26:40 +01:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
226ace1643
Update annotations.
2018-02-20 14:28:58 +08:00
f07b1a5c05
FIX: activate user even if email token is already confirmed
2018-02-14 20:44:48 +05:30
f85055d653
FIX: Remove activation link from account approved email ( #5548 )
2018-02-01 14:59:37 +01:00
b784c1eda4
FIX: Remove all notifications of staged user during sign-up
2018-01-25 14:58:43 +01:00
d9515c37b3
FIX: Show message from discobot when staged user signs up
2018-01-25 14:58:43 +01:00
dde0fcc658
FEATURE: Allow sending invites to staged users
2018-01-22 15:37:18 +01:00
6a2bce1931
FIX: Data loss on update of single user_field.
...
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
af3c153687
make robocop 🤖 happy
2017-12-12 11:33:35 +01:00
62a5b174e1
FIX: wasn't able to use the same username when taking over a staged account
2017-12-12 11:26:00 +01:00
4ae1bbaeba
FIX: Only show the full suspension reason on the admin side
2017-12-07 13:27:02 -05:00
daeb7694bc
update annotations
2017-12-05 21:03:20 +05:30
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
1ee48966ca
REVERT: FIX: Password required flag should be cleared whenever clearing the raw password
2017-11-30 16:17:14 +05:30
1776649b4d
FIX: Password required flag should be cleared whenever clearing the raw password
2017-11-30 13:40:18 +05:30
23ee3047bf
FIX: Future date input selector was not respecting timezone
2017-11-28 13:44:24 -05:00
77f90876d3
REFACTOR: Track manual locked user levels separately from groups
2017-11-27 11:23:44 -05:00
b37e40eea9
FEATURE: show read time in last 60 days
2017-11-16 15:46:51 -05:00
9ed16343fc
Remove email column from schema information
2017-11-15 15:45:19 +05:30
971e302ff2
FEATURE: Support an end date for user silencing
2017-11-14 13:20:19 -05:00
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
b3237d37f0
Drop unused email column from users table.
2017-11-07 10:12:33 +08:00
defea6245c
REFACTOR: Always validate email by default.
2017-10-25 13:48:34 +08:00
19f3b81161
Revert "FIX: always trigger the ':user_updated' event"
...
This reverts commit 519b70ea46https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
838568cbc3
Refactor flag types for more customization
2017-10-19 13:55:23 -04:00
f73a3cc0d4
Don't include suspended_at or suspended_till unless suspended
2017-10-13 12:17:54 -04:00
d67f0b39ae
Update annotations.
2017-10-06 11:13:01 +08:00
e542884b00
FIX: Incorrect notification state being published.
2017-09-25 13:48:59 +08:00
23b787e0a6
Require dependency otherwise it causes Sidekiq to lock up in development.
2017-09-25 13:48:59 +08:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
26c6447161
Fix bugs in profiling scripts leading to incorrect results.
2017-09-13 15:33:59 +08:00
104d97695d
FIX: don't activate un-confirmed email on omniauth authentication ( #5176 )
2017-09-12 17:36:17 +02:00
d7d9923b8e
FIX: display email validation error messages
2017-09-11 13:22:14 -04:00
672b7cb9a5
Require missing dependency.
2017-09-05 09:39:56 +08:00
7786c6c6f2
Remove duplicated scope.
2017-09-05 09:15:06 +08:00
c705159d22
Remove email column from user table
2017-08-29 11:50:56 -04:00
398604ac71
FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users
2017-08-25 15:20:06 -04:00
1146772deb
Fix: unlinked topic search model ( #5044 )
2017-08-15 11:46:57 -04:00
0bc690ed11
FIX: Staged users are still missing primary email.
2017-08-09 12:03:49 +09:00
519b70ea46
FIX: always trigger the ':user_updated' event
...
We don't always use the UserUpdated class to update a user's record
2017-08-04 18:12:10 +02:00
24e0e000b9
FIX: Always validate presence of user's primary_email.
2017-07-31 11:47:29 +09:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
d67fe4c674
FIX: block all emails associated to a user when destroying their record
2017-07-25 17:44:46 +02:00
d0b027d88d
FEATURE: phase 1 of supporting multiple email addresses
2017-07-20 11:22:27 +09:00
69b2d64334
FIX: letter avatars in quotes on subfolders installs are broken
2017-06-23 17:12:13 -04:00
d6c63cc5b2
FIX: user's default group should only be set once
...
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
038454bde2
FIX: always confirm emails when SSO says so
2017-06-08 01:05:33 +02:00
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
Gerhard Schlager
Sam Saffron
Robin Ward
Bianca Nenciu
Maja Komel
Guo Xiang Tan
Tarek Khalil
Dan Ungureanu
David Taylor
Neil Lalonde
Régis Hanol
Bianca Nenciu
Jeff Wong
Vinoth Kannan
Kyle Zhao
Leo McArdle
Arpit Jalan
Joffrey JAFFEUX
Joshua Rosenfeld
Philipp Daniels
Vinoth Kannan
Erick Guan
Guo Xiang Tan