f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
89e506551a
Add body class to `account-created` route
2016-05-05 14:37:09 -04:00
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
c3507a3242
Fix: Added underscore to my_redirect regex
2016-03-20 13:00:56 +05:30
5771d2aee2
SECURITY: Support for confirm old as well as new email accounts
2016-03-08 14:52:22 -05:00
d62689fa76
Move updating a user's email to its own controller
2016-03-08 14:52:22 -05:00
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
36f82aa68c
FEATURE: enforce admin password validation when signing up via developer email
2016-03-04 00:28:47 +05:30
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
0064927077
FIX: do not allow new email to be duplicate
...
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
7303f8f309
FEATURE: first pass at user summary page
2016-01-20 15:14:25 +11:00
380764dc92
FIX: validate email when changing via user preferences page
2016-01-16 10:50:49 +05:30
c7df6783a9
FIX: only invalidate password reset links using javascript
2016-01-04 11:48:54 -05:00
a8b5192efd
FEATURE: User page refactor
...
Re-organise user page so it is easier to find interesting info
split it into tabs
- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
7917316f6f
FEATURE: display warning on top of composer for group mentions
...
If users attempt to mention a group that is "mentionable" display a warning
informing them that people will be notified.
2015-12-04 13:41:07 +11:00
9899e8d4a5
FEATURE: First class messages to groups, you can select a group as a target of a message
2015-12-02 15:49:43 +11:00
f6390c8ad6
correct bad merge
2015-11-30 17:12:51 +11:00
ad3dd161e7
FEATURE: first class group mentions built in
...
If you allow a group to be mentioned it can be mentioned with the @ symbol.
Keep in mind as a safety mechanism max_users_notified_per_group_mention is set to 100
2015-11-30 17:08:43 +11:00
16b3d26d7b
allow staff members to view staged accounts user card/profile
2015-11-27 20:02:24 +01:00
76692235ae
FIX: don't ever fetch staged accounts in unseen mentions
2015-11-27 18:16:50 +01:00
43614439e6
FEATURE: can take over a staged account
2015-11-13 19:07:28 +01:00
16f509afb9
FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side
2015-11-12 10:26:45 +01:00
bb79e6aff7
FEATURE: new hide_user_profiles_from_public site setting
2015-10-28 19:56:08 +01:00
46ca66771b
FIX: Better error message for resending activation. Don't limit staff.
2015-10-27 16:25:30 -04:00
a527c58c7d
UX: Show a nicer "Log In" screen if the user follows `/my/preferences`
2015-10-14 13:39:31 -04:00
d66a545dd2
FIX: `/my/preferences` should prompt users to log in
2015-10-14 12:40:13 -04:00
36309e50cc
Merge pull request #3767 from tgxworld/track_user_profile_views
...
Track user profile views
2015-09-23 11:38:18 +02:00
07e7b07b63
FIX: refreshing gravatar wasn't working
2015-09-17 19:42:44 +02:00
7acc93b2a0
FEATURE: Track user profile views.
2015-09-16 14:48:31 +08:00
18d7c1c75d
fix the build - take 2
2015-09-11 15:47:48 +02:00
93f9dcfcec
FIX: don't overwrite custom uploaded avatar when selecting gravatar
...
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
6437cd0341
FEATURE: add support for generic external avatar services
...
This changes it so we only ship an avatar template down to the client
it has no magic, all it knows is how to plug in size
2015-09-11 15:10:56 +02:00
2742602254
FEATURE: support for external letter avatars service
2015-09-11 02:12:40 +02:00
32e2d7963a
FEATURE: Show FAQ at top of the hamburger until the user reads it
2015-09-04 16:56:02 -04:00
99edcddafb
FEATURE: show pending/redeemed invite count in tabs
2015-08-25 01:12:46 +05:30
91519fdfe7
FIX: do not persist error message
2015-08-24 00:29:58 +05:30
2a897a8a6b
SECURITY: Remove email validation check bypass
...
- Increase size of email column to varchar(513)
- Give error message on signup when email is too large
Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-13 15:36:17 -07:00
e0c9054748
FEATURE: invite page tabs
2015-07-13 09:42:51 +05:30
5e615ef26e
Fixed bug that caused substrings of reserved usernames to be treated as reserved.
2015-07-06 23:54:25 -07:00
df988a20eb
FEATURE: Reserved usernames
...
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
c58b495e15
SECURITY: Query @usernames in bulk
...
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
4409a3072d
FEATURE: we need admin login always
2015-06-05 18:43:59 +10:00
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
b7f8680618
fix build (:fired:)
2015-05-20 17:51:33 +02:00
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
77cc087b13
FIX: proper error message when account created is hit with no session
2015-05-07 11:00:22 +10:00
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
1ec73b5ba0
FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency
2015-04-02 16:24:27 +02:00
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
7ef306cd3b
A bunch of tweaks to the Users directory
...
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
3a0cd0b760
make custom fields a bit more permissive input wise
2015-02-06 09:03:23 +11:00
1f0915bf83
Allow periods in the external_id value used in the /users/by-external route.
2015-02-02 12:55:32 -05:00
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
cd2c9edb46
FIX: 🐛 upload on IE9 wasn't working :'(
...
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
987504c6ab
Rename `no_js` layout to `no_ember`
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
f9a8f6d6ce
FEATURE: Support for a `required` setting on user fields.
2014-10-08 15:10:19 -04:00
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
be93f224a6
Revert "add user email on account created page"
...
This reverts commit 164fc1108a
2014-10-01 10:30:26 -04:00
164fc1108a
add user email on account created page
2014-10-01 13:53:50 +05:30
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
a901d682fe
raise not found if user is not found
2014-09-25 17:45:45 +10:00
8f8ea735ee
FIX: allow retry activation of account by username or password
2014-09-25 17:42:48 +10:00
b3838c2c1c
Trigger browser password manager after sigining up
2014-09-24 01:04:36 +05:30
7a4082cbad
FIX: allow API to create users when invite_only is true
2014-09-23 09:06:19 +10:00
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
4cd8abc905
FEATURE: dynamically load invites
2014-08-05 22:20:23 +05:30
Arpit Jalan
Robin Ward
Sam
Aryan Raj
Régis Hanol
scossar
Neil Lalonde
Guo Xiang Tan
Kane York
Doug
Ryan Fox
Greg Kempe
Blake Erickson