Commit Graph

3501 Commits

Author SHA1 Message Date
Arpit Jalan 67357b84b9 FIX: only allow one user to be created per invite 2018-04-27 19:21:10 +05:30
Neil Lalonde bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Joffrey JAFFEUX 73a1be0d57
Fix spec 2018-04-26 17:19:44 +02:00
Joffrey JAFFEUX b9c7e09a4e
linting 2018-04-26 15:21:02 +02:00
Joffrey JAFFEUX 9fabf2543b
dashboard next: activity metrics and new contributors
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
Gerhard Schlager 3f6d1a583e Add helper for grouping by periods
The methods are still experimental and might change without notice!

You need to add `include DateGroupable` to your model before you can use it like this:
`User.smart_group_by_date("users.created_at", start_date, end_date)`.count
2018-04-24 23:31:26 +02:00
Robin Ward 456e40a709 FIX: Don't allow a user to become TL3 if they've ever been penalized
Previously the code would only check if they were *currently* suspended
or silenced.
2018-04-24 15:15:32 -04:00
Gerhard Schlager ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Arpit Jalan 0a442977b3 FEATURE: add staff action log for post approvals 2018-04-23 11:28:44 +05:30
Guo Xiang Tan 9eabf7c02c Fix randomly failing specs due to SearchLog cache. 2018-04-23 10:10:10 +08:00
Neil Lalonde 70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX 58a53017c9
simplify code 2018-04-19 18:26:30 +02:00
Joffrey JAFFEUX 0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Régis Hanol 45850a0cd6 FIX: don't break when posting invalid URIs 2018-04-19 12:29:35 +02:00
Joffrey JAFFEUX 01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Neil Lalonde 8fc1289172 move topic excerpt code to one method to DRY it up and for extensibility 2018-04-17 15:08:21 -04:00
Joffrey JAFFEUX 2b8307c6c3
dashboard next: minor improvements
* rename route to dashboard-next
* better scaling of charts for large data sets
* adjust trend position to avoid overlap
* makes sure silenced/suspended is made on real users
* correctly format data when only one data point
* minor refactoring
2018-04-17 11:01:06 +02:00
Joffrey JAFFEUX 06b6c805d5
dashboard next: adds report for user types 2018-04-16 13:03:43 +02:00
Arpit Jalan 9353ae4b5d Remove obsolete per topic unsubscribe page. 2018-04-16 16:11:20 +05:30
Neil Lalonde 3e9230714f UX: moved posts message links to the first post at the destination topic 2018-04-13 12:47:36 -04:00
Arpit Jalan 00f59f648d
Merge pull request #5755 from techAPJ/flag-webhook
FEATURE:  webhook for flag events
2018-04-13 07:50:21 +05:30
Arpit Jalan a16b616861 FEATURE: webhook for flag events 2018-04-13 07:47:58 +05:30
Guo Xiang Tan 6e46f81123 Add a distributed mutex around user creation via SSO.
* When two SSO requests containing the same email in the payload are
  sent at the same time, it would sometimes result in two users
  being created but one without an email record. Investigations
  points to ActiveRecord not generating the right statements but
  we have no figured out the reproduction steps yet. We should review
  this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00
Vinoth Kannan 19e8f9af13 Remove support for theme settings in raw handlebar templates 2018-04-11 18:21:04 +05:30
Arpit Jalan 9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Guo Xiang Tan 874003b7b1 FIX: Group can't be deleted if certain users are demoted. 2018-04-10 14:19:35 +08:00
Sam fe37ce165d correct issue where groups was never being blanked 2018-04-10 15:30:18 +10:00
Sam afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
osamasayegh ce1a6f2fd8 FEATURE: Theme settings in handlerbars templates 2018-04-09 16:47:28 +10:00
Neil Lalonde e33aef729f FIX: unable to save groups with mixed case names 2018-04-06 16:12:35 -04:00
Gerhard Schlager cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Gerhard Schlager f2d00e5eff FEATURE: Use Message-ID for detecting email replies to group
Ignores the site setting "find_related_post_with_key" and always tries to honor the `In-Reply-To` and `References` header for emails sent to a group.

The senders email address must be included in the `To` or `CC` header of a previous email sent to the group and the `Message-ID` of that email must be included in the current email's `In-Reply-To` or `References` header.
2018-04-05 11:00:38 +02:00
Sam f8637ed616 FIX: if a message is *partially* archived consider it not archived 2018-04-05 17:17:47 +10:00
Vinoth Kannan 434cbc649f FEATURE: Webhook for tag events 2018-04-04 17:49:20 +05:30
Arpit Jalan c36e201eb3 FIX: update categories topic_count when converting topic to a PM and vice versa 2018-04-04 12:01:56 +05:30
Guo Xiang Tan 00d879ec63 Fix the build. 2018-04-03 00:44:12 +08:00
Guo Xiang Tan 2498403bc3 Revert "FIX: Username uniqueness check should not happen to current user_id"
This reverts commit f71a18facd.
2018-04-03 00:44:04 +08:00
Vinoth Kannan f71a18facd FIX: Username uniqueness check should not happen to current user_id 2018-04-02 21:59:11 +05:30
Guo Xiang Tan 221503cd10 FIX: Add server side uniqueness validations for `Group#name` and `User#username`.
https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2018-04-02 18:19:18 +08:00
Guo Xiang Tan d2a8f40fb0
Merge pull request #5711 from Supermathie/learn_cdn_url_hostname
FIX: CDN_URL hostname should be in GlobalSetting.hostnames
2018-04-02 16:39:24 +08:00
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Vinoth Kannan efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Robin Ward eab64710ff FIX: Shared draft performance fix + missing avatars 2018-03-28 16:11:43 -04:00
Robin Ward 4b5977aa6a Revert "PERF: Don't join on shared drafts unless you have to"
This reverts commit efedd9745f.
2018-03-28 15:35:13 -04:00
Robin Ward efedd9745f PERF: Don't join on shared drafts unless you have to 2018-03-28 13:57:39 -04:00
Robin Ward 31d0998506 FIX: Don't allow links with no href 2018-03-28 12:32:16 -04:00
Michael Brown 976d6b290c FIX: CDN_URL hostname should be in GlobalSetting.hostnames 2018-03-27 15:20:22 -04:00
Neil Lalonde eb714d8ae3 FIX: application request count keys not expiring in redis 2018-03-27 15:12:39 -04:00
Neil Lalonde 2bd44bbf13 WebCrawlerRequest.clear_cache needs to clear user agent list too 2018-03-27 15:11:48 -04:00
Neil Lalonde 7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Neil Lalonde 4d12ff2e8a when writing cache, remove elements from the user agents list. also return a message and content type when blocking a crawler. 2018-03-27 13:44:14 -04:00
Arpit Jalan 518f7ba91b FIX: show private message topic count on admin dashboard reports 2018-03-27 17:10:33 +05:30
Vinoth Kannan e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Neil Lalonde f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Guo Xiang Tan 35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Guo Xiang Tan 3d18cd1d9d Raise error when timestamp is invalid when creating topic timers.
https://meta.discourse.org/t/topic-timer-doesnt-work-for-fa-ir-locale/83702
2018-03-26 11:33:52 +08:00
Neil Lalonde ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Guo Xiang Tan fa95699fde Fix the build. 2018-03-22 14:20:27 +08:00
Guo Xiang Tan f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan bfe38b2118 FIX: `limit` wasn't correctly applied to `Upload.migrate_to_new_scheme`. 2018-03-22 10:56:06 +08:00
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Robin Ward b39fbf7187 A staff member can hide another staff's member's post by flagging 2018-03-20 09:38:23 -04:00
Guo Xiang Tan d0e7898fa0 Build `primary_email` association directly in `DiscourseSingleSignOn`. 2018-03-20 19:36:35 +08:00
Guo Xiang Tan 15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Guo Xiang Tan 69a53210d3 Improve `UserEmail#email` validation to use the index. 2018-03-20 10:22:06 +08:00
Neil Lalonde 4d44024c82 FIX: error when trying to block an IP address. Return a message when IP address matches an existing screened IP address, including ranges. 2018-03-19 14:34:43 -04:00
Guo Xiang Tan 0522aabaab UX: Allow user_count on groups page to be sortable. 2018-03-19 16:15:13 +08:00
Guo Xiang Tan 9e8d10f711 Fix the build. 2018-03-19 12:34:21 +08:00
Guo Xiang Tan 52b9af10a1 PERF: PG queries for the `UserEmail#email` column was not using the index. 2018-03-19 11:31:14 +08:00
Arpit Jalan f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
Gerhard Schlager 864bdbd9b6 Fix the build 2018-03-16 22:55:42 +01:00
Gerhard Schlager 6c736a1fa4 FIX: Translation overrides for flag types didn't expire cache 2018-03-16 22:10:19 +01:00
Arpit Jalan e9bc763440 FIX: show only allowed tags on PM tags page and display correct count
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
Guo Xiang Tan c85e1fdb50 Revert "PERF: Query for email was not using index."
This reverts commit 65eb046e69.
2018-03-16 15:31:39 +08:00
Guo Xiang Tan 65eb046e69 PERF: Query for email was not using index. 2018-03-16 15:19:35 +08:00
Guo Xiang Tan fe96ef6ed2 UX: Use topic list for displaying group messages on group page.
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
Guo Xiang Tan 937372df02
Merge pull request #5677 from jjaffeux/fix-ruby-warning-keyword
FIX: prevents ruby warning with circular reference
2018-03-16 09:31:54 +08:00
Sam 5474635361 add more safety 2018-03-16 11:19:06 +11:00
Joffrey JAFFEUX c0a986c181 FIX: prevents ruby warning with circular reference 2018-03-15 15:48:40 +01:00
Sam c589564f6a FIX: color schemes not updating when remote saves 2018-03-15 18:26:54 +11:00
Neil Lalonde 5ce8177662 FIX: unable to delete user belonging to a group that grants a trust level 2018-03-14 15:12:11 -04:00
Michael Brown 1b5549df58 FIX: my sso_overrides_username assumed username was passed 2018-03-13 18:29:11 -04:00
Arpit Jalan 7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
Arpit Jalan 24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Guo Xiang Tan d5c828213f FIX: Circular references warning in `TopicTrackingState`. 2018-03-13 08:35:15 +08:00
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Arpit Jalan 82143a421c FIX: `max topic invitations per day` should apply on PM invites as well
FIX: do not apply `max topic invitations per day` on email invites
2018-03-12 23:17:58 +05:30
Sam 758b9a7dda FEATURE: prototype of local theme directory watcher
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
Arpit Jalan 12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Michael Brown 3c3d205180 FIX: sso_overrides_username may inappropriately change the username if the case changed 2018-03-09 16:06:55 -05:00
Guo Xiang Tan 0e1b896821 Explicitly assign primary_email record when creating a user
* This looks like we're doing the same thing but
  we're debugging a race condition where a user
  can be created without an email record. Therefore,
  we prefer the more obvious method of assigning an
  association.
2018-03-09 15:59:46 +08:00
Sam 39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Guo Xiang Tan a89f3160a5 Add new config to ensure backup/restore connects to PG directly.
* In `pg_dump` 10.3+ and 9.5.12+, in
  it does a `SELECT pg_catalog.set_config('search_path', '', false)`
  which changes the state of the current connection. This is known
  to be problematic with Pgbouncer which reuses connections. As such,
  we'll always try to connect directly to PG directly during
  the backup/restore process.
2018-03-09 10:28:03 +08:00
Arpit Jalan 4b23634092 FIX: converting topic to message for a second time was broken 2018-03-08 17:59:04 +05:30
Arpit Jalan 0c2be8b775
Merge pull request #5655 from techAPJ/pm-tags-dropdown
FEATURE: filter personal messages by tags
2018-03-08 16:30:38 +05:30
Arpit Jalan a8149f8969 FIX: user should not be able to invite to PM if trust level requirment not met
FIX: when personal messages are disabled let user invite to a public topic
2018-03-08 14:59:04 +05:30
Arpit Jalan c29660c8f1 FEATURE: filter personal messages by tags 2018-03-08 14:42:07 +05:30
Neil Lalonde 1093dacc03 FIX: bulk importers need to create category description topics 2018-03-07 12:10:22 -05:00
Guo Xiang Tan 3045c589f6 FIX: Publish live messages to both team inbox and archive on update. 2018-03-07 14:01:20 +08:00
Guo Xiang Tan 5169be6080 FIX: User archiving message should also publish to sent section. 2018-03-07 11:39:23 +08:00
Guo Xiang Tan bef35f7be5 FIX: User archive messages should only publish to the user. 2018-03-07 11:28:29 +08:00
Robin Ward c74d10cf34 FIX: Consider live links in `<code>` as links when counting 2018-03-06 11:46:12 -05:00
Guo Xiang Tan 1365bab0d7 FEATURE: Live updates for user's messages page.
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
Guo Xiang Tan 13764b31ec Remove unnecessary attribute in topic tracking payload. 2018-03-06 17:37:53 +08:00
Guo Xiang Tan d576056cff REFACTOR: Add basic tests for `TopicTrackingState#publish_*`.
* Ensure we don't publish events for PMs.
2018-03-06 17:37:53 +08:00
Gerhard Schlager 8e48b339fa Drop unused tables (#5630) 2018-03-05 17:27:30 -05:00
Guo Xiang Tan 2f65393706 REFACTOR: Use `Topic#private_message?` to reduce duplication. 2018-03-05 15:39:22 +08:00
Guo Xiang Tan 07f1d90b88 FIX: Inviting a group that I am part of creates a notification.
https://meta.discourse.org/t/inviting-a-group-to-a-message-does-not-trigger-a-notification-mail/50509/10?u=tgxworld
2018-03-05 13:51:32 +08:00
Guo Xiang Tan 42e0aaed61 FIX: Set first visit PM notification level to group default notification level.
https://meta.discourse.org/t/notifications-not-received-for-private-messages-im-invited-to/71577/21?u=tgxworld
2018-03-05 13:39:00 +08:00
Sam 9331b4849d FEATURE: we need access to settings in theme js 2018-03-05 15:35:41 +11:00
Sam 2c25b9ae12 annotate 2018-03-05 11:06:45 +11:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward 31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Robin Ward 730201d423 New interface to upsert custom fields 2018-03-02 12:45:52 -05:00
Arpit Jalan 334ed74346
Merge pull request #5635 from techAPJ/invite-muted
FIX: do not allow invite notifications from muted user/topic
2018-03-02 18:10:17 +04:00
Guo Xiang Tan 6b59a2827d Add more information to SSO user creation logging. 2018-03-02 18:27:15 +08:00
Guo Xiang Tan 642c60c310 Rename variable so that it is clearer which variable is being referred. 2018-03-02 16:41:02 +08:00
Arpit Jalan 2e202495a3 FIX: do not allow invite notifications from muted user/topic 2018-03-02 12:24:51 +05:30
Guo Xiang Tan 939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Gerhard Schlager fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Guo Xiang Tan 947b6fdf46 FIX: Incorrect rate limit applied to topics invitation flow. 2018-03-01 12:50:00 +08:00
Robin Ward b283bb2ba7 FIX: Don't include unlisted topic in groups/posts 2018-02-28 14:40:18 -05:00
Guo Xiang Tan e7a7356986 Remove ancient votes code that is no longer used. 2018-02-28 14:37:22 +08:00
Guo Xiang Tan 902c5d11cf FIX: Don't allow other flag actions after `notify_moderator` has happened.
https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
2018-02-28 11:27:56 +08:00
Gerhard Schlager c22e56499a FIX: Allow changing post owner even when validations fail 2018-02-27 15:46:20 +01:00
Guo Xiang Tan 66d620f7b1 FEATURE: Trigger topic webhook when topic status is updated. 2018-02-27 11:07:37 +08:00
Robin Ward c7a37f391a New event when a flag is handled 2018-02-26 18:51:51 -05:00
Gerhard Schlager 5ca5817902 FIX: Only likes should change the given daily likes 2018-02-26 22:27:18 +01:00
Guo Xiang Tan c1f53e1ece UX: Invited users should watch PM topic once topic has been visited.
https://meta.discourse.org/t/notifications-not-received-for-private-messages-im-invited-to/71577/11
2018-02-26 17:58:58 +08:00
Guo Xiang Tan 982e5bae3a Update annotations. 2018-02-26 15:32:04 +08:00
Guo Xiang Tan 6a88f7db61 Notification created for wrong user after invite.
Introduced in c64f09b6b7
2018-02-26 13:21:19 +08:00
Guo Xiang Tan 31242335a6 Revert "Fix the build."
This reverts commit 07f928e05e.
2018-02-26 13:08:10 +08:00
Guo Xiang Tan 07f928e05e Fix the build. 2018-02-26 12:42:55 +08:00
Guo Xiang Tan c64f09b6b7 REFACTOR: Simplify and DRY `Group#invite`. 2018-02-26 11:59:07 +08:00
Arpit Jalan 709f201bd4 FIX: update group user count when bulk adding users 2018-02-23 14:29:56 +05:30
Sam 6f076963f2 FIX: incorrect caching of theme keys 2018-02-23 17:58:13 +11:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Vinoth Kannan 7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Guo Xiang Tan bbb30bedf3 Improve output of SSO verbose logging. 2018-02-22 11:26:13 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Neil Lalonde 81e873138f FIX: error when deleting a tag associated with a deleted topic 2018-02-21 12:35:53 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan 8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Robin Ward 5c40ae9e63 FIX: Links in quotes should be counted for rate limits 2018-02-20 20:42:01 -05:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00