Commit Graph

575 Commits

Author SHA1 Message Date
Sam 99f4d5082b FIX: Improve token rotation and increase logging
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Neil Lalonde 6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Guo Xiang Tan 66a0a89591 PERF: Add index to speed up `DirectoryItem.refresh_period!` query. 2017-03-03 16:25:06 +08:00
Neil Lalonde 262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Sam Saffron 3532957ce1 index should have always been unique 2017-02-22 12:37:11 -05:00
Neil Lalonde a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Sam 2c59ffeb2c FIX: token rotation not accounting for overlapping tokens correctly
also... freeze_time has no block form, correct all usages and specs
2017-02-15 10:58:18 -05:00
Sam 0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Sam 4d57c95e9b delay the removal of auth token column from user table 2017-02-07 09:39:41 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam 2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig 87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan 43ee9f884e FEATURE: Add `Group#full_name`. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan 303282670f FIX: Skip callbacks when migrating. 2016-12-13 08:57:07 +08:00
Guo Xiang Tan 98fd77fb6c FIX: Don't drop the columns immediately. 2016-12-13 08:07:12 +08:00
Guo Xiang Tan da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan 9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan 3e19b738d7 Add 'Group#public'. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan adb7fcb6b3 FEATURE: Add bio to group page. 2016-12-05 16:58:04 +08:00
Sam 1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Guo Xiang Tan 1867442fbc PERF: Add score indexes for top topics. 2016-11-24 10:11:52 +08:00
Guo Xiang Tan f03d9cad06 PERF: `NOT IN` query is really inefficient for large tables. 2016-11-02 13:09:18 +08:00
Neil Lalonde 9ef1688a76 FEATURE: per-category default topic list sort order 2016-11-01 12:18:41 -04:00
Arpit Jalan 382803cb05 FEATURE: include post image in OpenGraph image tag 2016-10-31 15:11:33 +05:30
Neil Lalonde 6d68aac6eb FIX: add_directory_items_indexes causes migration to timeout on large databases, so create indexes concurrently 2016-10-25 15:30:21 -04:00
Régis Hanol 52b338db62 FIX: category logo & background URLs should not use the CDN 2016-10-25 10:43:57 +02:00
Guo Xiang Tan 18d032ad91 PERF: Remove ordering by username.
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam eacfdf92cd FIX: increase external_avatar_url to 1000 limit 2016-10-11 10:12:11 +11:00
cpradio 6f1c31d777 Add notification level user preference when replying to a topic 2016-09-30 14:58:07 -04:00
Robin Ward b0ee7930e8 Server side support for inviting as a moderator via the wizard 2016-09-22 09:52:19 -04:00
Robin Ward c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward 3f6e3b9aff Wizard - Color Scheme Step 2016-09-22 09:52:19 -04:00
Sam 8dc4329094 FEATURE: optionally get extra profile info from facebook
This feature requires the application be approved by facebook, so it is
default off
2016-09-19 16:14:11 +10:00
Sam 5b3cd3fac9 FEATURE: Import facebook avatars when logging in via facebook
FIX: warning about popup dimensions when using facebook login

Rules are:

- On account creation we always import
- If you already have an avatar uploaded, nothing is changed
- If you have no avatar uploaded, we upload from facebook on login
- If you have no avatar uploaded, we select facebook unless gravatar already selected

This also fixes SSO issues where on account creation accounts had missing avatar uploads
2016-09-19 15:10:23 +10:00
Erick Guan 9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Neil Lalonde 2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Robin Ward 4f68fd970d FIX: Forgot to include a file in the previous commit :) 2016-08-23 15:09:09 -04:00
Neil Lalonde d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam 416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
Sam ab68e0c9db FEATURE: allow "developer" account flagging via developers table
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Arpit Jalan a9207dafa7 FEATURE: configure session time via site setting for all the users (#4343) 2016-07-23 02:57:30 +05:30
Sam a5d0e0f277 PERF: index for deleted posts in a topic to speed up has_deleted detection 2016-07-19 10:29:22 +10:00
Sam Saffron 46b34e3c62 FEATURE: remove user option for edit history public
Users can no longer opt-in for "public" edit history
if site owner disables it.

This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Robin Ward e5293f2c9a FIX: Force HTML to recompile 2016-07-11 12:57:05 -04:00