Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors ( #7626 )
...
Adds a second factor landing page that centralizes a user's second factor configuration.
This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Gerhard Schlager
bae7b75e23
FIX: Updating a user profile as admin shouldn't change the user's locale
2019-06-07 17:53:46 +02:00
Maja Komel
7da875f52a
FIX: trigger user_updated webhook when avatar changes
2019-06-04 16:46:46 +08:00
romanrizzi
e7ee556e87
Support multi-group user search
2019-05-30 08:45:20 +08:00
Daniel Waterworth
e219588142
DEV: Prefabrication (test optimization) ( #7414 )
...
* Introduced fab!, a helper that creates database state for a group
It's almost identical to let_it_be, except:
1. It creates a new object for each test by default,
2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
David Taylor
d82da69c2c
FIX: Fail gracefully if username parameter is missing when creating user
2019-05-03 17:17:06 +01:00
Guo Xiang Tan
24347ace10
FIX: Properly associate user_profiles background urls via upload id.
...
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron
4ea21fa2d0
DEV: use #frozen_string_literal: true on all spec
...
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.
Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Sam Saffron
45285f1477
DEV: remove update_attributes which is deprecated in Rails 6
...
See: https://github.com/rails/rails/pull/31998
update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Daniel Waterworth
ad44243a57
Removed unused let blocks ( #7446 )
...
The bodies of these blocks were never evaluated.
2019-04-29 15:08:56 +08:00
Robin Ward
ef1af53e05
FIX: If creating an active user via the API, create reviewables
2019-04-12 15:25:02 -04:00
Tarek Khalil
442fb2facb
FEATURE: Remove ignore feature SiteSetting and enable ignore by default ( #7349 )
2019-04-10 12:54:59 +02:00
Tarek Khalil
b1cb95fc23
FEATURE: Introduce ignore duration selection ( #7266 )
...
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-29 10:14:53 +00:00
Tarek Khalil
ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels ( #7248 )
...
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Tarek Khalil
5852e86226
FEATURE: Only allow TL2 Users to ignore other users ( #7212 )
2019-03-20 15:02:33 +01:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications ( #7143 )
...
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by
* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Tarek Khalil
986cc8a0fb
FEATURE: Introduce Ignore user ( #7072 )
2019-02-27 14:49:07 +01:00
Maja Komel
6f427589b2
FIX: make it possible to use backup code everywhere where 2FA required ( #7010 )
2019-02-27 10:37:33 +01:00
Sam
33269c4172
FEATURE: do no search for groups unless a term is specified
...
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.
Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
Vinoth Kannan
e7821a63e7
FIX: Users should able check the emails for self
2019-02-05 23:31:19 +05:30
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator ( #6739 )
...
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
David Taylor
9248ad1905
DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop ( #6717 )
2018-12-04 11:48:13 +08:00
David Taylor
a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods ( #6660 )
2018-11-23 17:41:41 +00:00
Arpit Jalan
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
David Taylor
d003ae45f9
DEV: Correct typo in users_controller_spec
2018-11-14 14:30:44 +00:00
David Taylor
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
Guo Xiang Tan
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Robin Ward
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Kyle Zhao
819f090d6a
move large blobs out of `<head>` ( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Sam
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Bianca Nenciu
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
David Taylor
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
David Taylor
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Régis Hanol
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
Leo McArdle
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
OsamaSayegh
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Maja Komel
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
Guo Xiang Tan
3a8f69c3d2
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 16:11:09 +08:00
Sam
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Guo Xiang Tan
7fc8a36529
DEV: Take 2 Queue jobs in tests by default.
...
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan
56e9ff6853
Revert "DEV: Queue jobs in tests by default."
...
Too risky for now
This reverts commit be28154d3b
.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan
be28154d3b
DEV: Queue jobs in tests by default.
2018-05-31 14:45:47 +08:00
Guo Xiang Tan
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
Guo Xiang Tan
123a22e6d8
DEV: Clean up omniauth after mocking.
2018-05-28 15:12:54 +08:00
OsamaSayegh
0347c97520
tgxworld feedback
2018-05-28 06:20:47 +03:00
OsamaSayegh
bac0482061
REFACTOR: users contollers specs => request specs
2018-05-25 05:04:25 +03:00
Guo Xiang Tan
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
Guo Xiang Tan
27bde6bc11
Fix the build.
2018-03-23 11:43:32 +08:00
Guo Xiang Tan
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
Guo Xiang Tan
14f3594f9f
Review Changes for f4f8a293e7
.
2018-02-21 14:55:49 +08:00
Erick Guan
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Sam
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Guo Xiang Tan
647cf7545d
Fix randomly failing spec.
2018-01-03 14:42:16 +08:00
Guo Xiang Tan
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
Sam
96584403cd
SECURITY: prevent staged accounts from changing email
2017-12-14 17:16:49 +11:00
Guo Xiang Tan
82222e8d18
Improve specs to test for the right response status.
2017-11-24 09:32:44 +08:00
Robin Ward
628275fc31
FIX: Some badge routes were still working even with badges disabled
2017-11-21 12:22:44 -05:00
Robin Ward
9ebb1412d3
FIX: Brittle, order dependent spec
2017-11-04 09:30:17 -04:00
Guo Xiang Tan
d320f4840d
FIX: Unable to invite groups that are not public visible into pms.
...
https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6
2017-11-03 21:40:33 +08:00
Régis Hanol
fafe7cc661
remove trailing whitespaces
2017-10-03 13:02:04 +02:00
Régis Hanol
daf1dda700
FIX: username autocomplete in assign modal wasn't working
2017-10-03 12:49:45 +02:00
Guo Xiang Tan
8140e54675
FIX: More fixes for `Group#mentionable` and `Group#messageable` feature.
2017-10-02 17:45:58 +08:00
Guo Xiang Tan
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
Guo Xiang Tan
8779490ce4
Move new controller specs to reqeusts folder.
2017-08-24 12:01:11 +09:00