Commit Graph

57 Commits

Author SHA1 Message Date
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Maja Komel 6f427589b2 FIX: make it possible to use backup code everywhere where 2FA required (#7010) 2019-02-27 10:37:33 +01:00
Sam 33269c4172 FEATURE: do no search for groups unless a term is specified
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.

Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
Vinoth Kannan e7821a63e7 FIX: Users should able check the emails for self 2019-02-05 23:31:19 +05:30
David Taylor 160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
David Taylor 9248ad1905 DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
David Taylor a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods (#6660) 2018-11-23 17:41:41 +00:00
Arpit Jalan 10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
David Taylor d003ae45f9 DEV: Correct typo in users_controller_spec 2018-11-14 14:30:44 +00:00
David Taylor 17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Guo Xiang Tan aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Sam a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu 048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Kyle Zhao 819f090d6a move large blobs out of `<head>` (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Vinoth Kannan d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Bianca Nenciu f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
David Taylor 103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Osama Sayegh 0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Régis Hanol 6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Leo McArdle 21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
OsamaSayegh decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan 3a8f69c3d2 DEV: Assert for 200 response code to avoid changing magic helper in the future. 2018-06-07 16:11:09 +08:00
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Guo Xiang Tan 7fc8a36529 DEV: Take 2 Queue jobs in tests by default.
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan 56e9ff6853 Revert "DEV: Queue jobs in tests by default."
Too risky for now

This reverts commit be28154d3b.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
Guo Xiang Tan 95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Guo Xiang Tan 123a22e6d8 DEV: Clean up omniauth after mocking. 2018-05-28 15:12:54 +08:00
OsamaSayegh 0347c97520 tgxworld feedback 2018-05-28 06:20:47 +03:00
OsamaSayegh bac0482061 REFACTOR: users contollers specs => request specs 2018-05-25 05:04:25 +03:00
Guo Xiang Tan 21ae49ab92 Simplify log in for request specs. 2018-03-28 11:32:47 +08:00
Guo Xiang Tan 27bde6bc11 Fix the build. 2018-03-23 11:43:32 +08:00
Guo Xiang Tan 939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Guo Xiang Tan 647cf7545d Fix randomly failing spec. 2018-01-03 14:42:16 +08:00
Guo Xiang Tan f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam 96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Guo Xiang Tan 82222e8d18 Improve specs to test for the right response status. 2017-11-24 09:32:44 +08:00
Robin Ward 628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00