Commit Graph

242 Commits

Author SHA1 Message Date
Régis Hanol 2742602254 FEATURE: support for external letter avatars service 2015-09-11 02:12:40 +02:00
Robin Ward 32e2d7963a FEATURE: Show FAQ at top of the hamburger until the user reads it 2015-09-04 16:56:02 -04:00
Arpit Jalan 99edcddafb FEATURE: show pending/redeemed invite count in tabs 2015-08-25 01:12:46 +05:30
Arpit Jalan 91519fdfe7 FIX: do not persist error message 2015-08-24 00:29:58 +05:30
Kane York 2a897a8a6b SECURITY: Remove email validation check bypass
- Increase size of email column to varchar(513)
 - Give error message on signup when email is too large

Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-13 15:36:17 -07:00
Arpit Jalan e0c9054748 FEATURE: invite page tabs 2015-07-13 09:42:51 +05:30
Doug 5e615ef26e Fixed bug that caused substrings of reserved usernames to be treated as reserved. 2015-07-06 23:54:25 -07:00
Kane York df988a20eb FEATURE: Reserved usernames
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Sam b052179ae6 Merge pull request #3163 from rcfox/fix-by-external
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam Saffron c58b495e15 SECURITY: Query @usernames in bulk
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
Sam Saffron 4409a3072d FEATURE: we need admin login always 2015-06-05 18:43:59 +10:00
Régis Hanol cb025a65e0 FIX: make sure we also save the user_avatar.custom_upload_id 2015-05-29 10:21:41 +02:00
Régis Hanol b7f8680618 fix build (:fired:) 2015-05-20 17:51:33 +02:00
Régis Hanol 8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00
Ryan Fox 14d2b76354 Merge branch 'master' into fix-by-external
Conflicts:
	app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Sam 8277a586bb usage of raise corrected 2015-05-07 11:00:51 +10:00
Sam 77cc087b13 FIX: proper error message when account created is hit with no session 2015-05-07 11:00:22 +10:00
Arpit Jalan 2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30
Robin Ward 2459f52c71 Merge pull request #3375 from techAPJ/patch-2
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Sam 2a3f71a9a1 SECURITY: log off all existing sessions when resetting password 2015-04-15 08:57:43 +10:00
Sam f5d89169e2 FEATURE: initial implemenation of anonymous posting mode 2015-04-07 18:05:31 +10:00
Régis Hanol 1ec73b5ba0 FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency 2015-04-02 16:24:27 +02:00
Robin Ward e3eaa7fa75 FIX: In long topics, filtering button was not always showing in card 2015-03-24 12:33:50 -04:00
Robin Ward 6d38005a22 Allow staff to change uneditable user fields 2015-03-20 15:18:43 -04:00
Robin Ward 7ef306cd3b A bunch of tweaks to the Users directory
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Neil Lalonde 608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Sam f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam 130dbf7358 PERF: don't run stats query in user card 2015-02-24 13:31:23 +11:00
Robin Ward 8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam 17927b2e8b FIX: don't use flash cause we are not redirecting
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam 3a0cd0b760 make custom fields a bit more permissive input wise 2015-02-06 09:03:23 +11:00
Ryan Fox 1f0915bf83 Allow periods in the external_id value used in the /users/by-external route. 2015-02-02 12:55:32 -05:00
Sam ea7af7a83b Merge pull request #3135 from longhotsummer/fix-no-user-params
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Régis Hanol cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Greg Kempe d99ccf6d27 FIX: creating a user shouldn't error when optional fields aren't provided
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.

Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
riking 1ab0d6bd82 FEATURE: Log username changes by staff
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Robin Ward 987504c6ab Rename `no_js` layout to `no_ember`
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Régis Hanol e20078a9dc PERF: fix performance issue when displaying the user card for admins 2015-01-05 19:49:32 +01:00
Blake Erickson 02ade72ceb Update username should return a json response
- Have update username return json response that contains the updated
  username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Blake Erickson e9e88c9b82 Remove legacy avatar code
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson a61519eebf Have pick_avatar return json.
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Régis Hanol 07211489f0 FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page 2014-11-27 19:51:13 +01:00
Régis Hanol 7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Robin Ward c9eb809dad FIX: The text to users who signed up when approval was required was
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol 865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Robin Ward 71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their
user card
2014-10-20 16:35:38 -04:00
Robin Ward 1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Régis Hanol 10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Robin Ward 4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward f9a8f6d6ce FEATURE: Support for a `required` setting on user fields. 2014-10-08 15:10:19 -04:00
Sam 0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Robin Ward 381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Arpit Jalan 41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Robin Ward be93f224a6 Revert "add user email on account created page"
This reverts commit 164fc1108a.
2014-10-01 10:30:26 -04:00
Arpit Jalan 164fc1108a add user email on account created page 2014-10-01 13:53:50 +05:30
Robin Ward edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Régis Hanol 7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Sam a901d682fe raise not found if user is not found 2014-09-25 17:45:45 +10:00
Sam 8f8ea735ee FIX: allow retry activation of account by username or password 2014-09-25 17:42:48 +10:00
Arpit Jalan b3838c2c1c Trigger browser password manager after sigining up 2014-09-24 01:04:36 +05:30
Sam 7a4082cbad FIX: allow API to create users when invite_only is true 2014-09-23 09:06:19 +10:00
Neil Lalonde c4e285f3ec SECURITY: rate limit change email requests 2014-09-18 10:48:56 -04:00
riking 2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward 56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Robin Ward ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Arpit Jalan 4cd8abc905 FEATURE: dynamically load invites 2014-08-05 22:20:23 +05:30
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde 01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward 4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
riking 915f60b0fc Don't redirect to login when activating account... 2014-07-15 10:50:28 -07:00
Neil Lalonde 766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Sam 4a2cc269ab FIX: allow selection of no title 2014-07-14 18:07:07 +10:00
Sam 833c50c460 FEATURE: Read Faq badge 2014-07-11 17:32:29 +10:00
Sam 9a9ad9bda8 FEATURE: Badge progress
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam 5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward 9000c358d1 REFACTOR: Use common path for RESTful `DELETE` action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward 4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Andrew Bezzub 386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
riking 6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam 91b6459f2b BUGFIX: allow users to pick no avatar 2014-05-30 14:45:55 +10:00
Sam 5adc486cef BUGFIX: missing avatars in topic map
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam 504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam 6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Neil Lalonde 6e0eb89697 Don't show suspended users in autocomplete fields unless you are staff 2014-05-13 11:44:15 -04:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde f61f29439e Track the ip address where user was registered 2014-04-29 14:37:56 -04:00
Vikhyat Korrapati b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Régis Hanol 64b8f2f759 TRIVIAL: remove puts statement (cc. @eviltrout) 2014-04-21 23:00:13 +02:00
Robin Ward b9ca124756 Support for /my/preferences to automatically redirect to the logged in
user.
2014-04-21 11:52:11 -04:00
Vikhyat Korrapati 8113e8d897 Basic UI for selecting gold/silver badges as titles. 2014-04-18 09:20:51 +05:30
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward 539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Sam 619fa50d4b BUGFIX: twitter auth asking for a password 2014-03-20 14:49:25 +11:00
Neil Lalonde 9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Johan Jatko 98c479c3c4 FEATURE: Profile Backgrounds
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde 8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00