Commit Graph

2119 Commits

Author SHA1 Message Date
Robin Ward f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Sam 340a3ee5cb correct spec to handle not null visibility_level 2017-07-03 16:03:26 -04:00
Sam 845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan 72c92b0f4e FIX: include canonical meta tag on category pages 2017-07-03 13:25:22 +05:30
Arpit Jalan e7b9b1312e FEATURE: remove all invites
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Guo Xiang Tan 7b35c55a1e FIX: Display Google search form when 404 page is rendered by Ember. 2017-06-29 14:37:24 +09:00
Régis Hanol a9c0df0b58 FIX: always try to convert PNG to JPG when pasting an image 2017-06-23 12:13:48 +02:00
Robin Ward ae7734707e REFACTOR: Merge different templates from rendering user stream items 2017-06-20 15:45:41 -04:00
Guo Xiang Tan b5ec241716 FIX: Validate interpolation keys used in translation overrides.
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
Guo Xiang Tan b5249fb4ca FIX: Send request membership PM to last 5 active group owner. 2017-06-15 11:37:09 +08:00
Arpit Jalan 34996b4eff FIX: show invite validation error message in response 2017-06-13 22:41:53 +05:30
Régis Hanol 5d63a7f4a6 FIX: pull hotlinked images even when they have no extension 2017-06-13 13:27:05 +02:00
Guo Xiang Tan a5d3abc9b6 FIX: Create group membership request on behalf of user. 2017-06-13 17:49:21 +09:00
Régis Hanol 54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Robin Ward 2ff850d446 FIX: If forcing a refresh, don't return a onebox preview 2017-06-12 14:05:59 -04:00
Neil Lalonde 0b41046238 don't force SiteSetting.title into meta title tag 2017-06-12 13:50:50 -04:00
Arpit Jalan b9c94aa234 FEATURE: add required user fields to invite accept form
UX: make "accept invitation" page consistent with sign up modal
2017-06-12 20:43:07 +05:30
Guo Xiang Tan 5994c85ea9 FIX: Raise the right error when email params is missing. 2017-06-12 17:48:32 +09:00
Arpit Jalan 6e37f09b19 UX: add email to '/email/unsubscribed' page 2017-06-10 09:51:12 +05:30
Régis Hanol 038454bde2 FIX: always confirm emails when SSO says so 2017-06-08 01:05:33 +02:00
Robin Ward 54bb2a6bc2 FIX: Don't redirect to wizard when resetting password 2017-06-07 12:36:52 -04:00
Guo Xiang Tan 2cad739262 FIX: Better error message when username change fails.
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Sam b4060778d9 FIX: you should always be allowed to see actions you created 2017-06-02 14:24:06 -04:00
Guo Xiang Tan 2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Sam 607998af33 FEATURE: dropdown to filter staff action logs 2017-05-30 11:25:42 -04:00
Arpit Jalan d2c2139da8 FEATURE: require name when accepting invite if 'full name required' setting is enabled 2017-05-29 21:46:43 +05:30
Robin Ward b584264d82 FIX: Don't show "resend email" option when user approval is on 2017-05-25 15:29:05 -04:00
Sam 29fac1ac18 PERF: improve performance of unread queries
Figuring out what unread topics a user has is a very expensive
operation over time.

Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)

When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.

This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.

We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Robin Ward 6eb6c25816 FIX: Keep the flash when redirecting for login_required 2017-05-25 14:10:15 -04:00
Robin Ward ca965f83c3 Revert "FIX: If login is required, redirect to the `/login` route instead of root"
This reverts commit 8a8dec550b.
2017-05-25 14:04:28 -04:00
Robin Ward 8a8dec550b FIX: If login is required, redirect to the `/login` route instead of root 2017-05-25 13:35:15 -04:00
Robin Ward cdbe027c1c Refactor `FileHelper` to use keyword arguments. 2017-05-24 13:54:26 -04:00
Sam d0f84aa14e FIX: missing to_i which breaks selector component for anon 2017-05-24 11:39:10 -04:00
Guo Xiang Tan 238a156300 FIX: `TopicTimestampChanger` should not allow timestamps in the future. 2017-05-22 16:03:49 +08:00
Guo Xiang Tan 4382a0bb07 Rename `PostTimestampChanger` -> `TopicTimestampChanger`. 2017-05-22 15:01:33 +08:00
Robin Ward 908433a7a0 SECURITY: Validate the `entity` when downloading a CSV 2017-05-19 16:00:51 -04:00
Guo Xiang Tan 8ab9f30bbd FIX: User can't remove bookmark from a deleted post. 2017-05-19 12:25:12 +08:00
Arpit Jalan 1fd8e426f2 FIX: better uploads error page 2017-05-18 23:29:37 +05:30
Régis Hanol 13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Sam 2a5a01af2e improve error on theme upload, add gif to allowed uploads 2017-05-17 16:29:09 -04:00
Neil Lalonde a0f03936ff FIX: saving invisible primary group field that you don't belong to 2017-05-17 12:46:50 -04:00
Sam e1dd543a93 FEATURE: allow users to select theme on single device 2017-05-15 12:48:16 -04:00
Sam 2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Neil Lalonde 55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Pat David 18de62b015 Add get_embeddable_css_class to assist multi-site embed styling
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Pat David 4bf8548dc5 Add embed class name setup for embeddable hosts 2017-05-11 15:16:16 -04:00
Régis Hanol 9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam 04b5516bf2 improve upload functionality 2017-05-10 15:47:11 -04:00
Sam bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron c2829dce22 FIX: base sql vanishes after badge creation 2017-05-09 09:25:57 -04:00
Robin Ward afe04b8bbb FIX: Possible 500 error if category saved incorrectly 2017-05-08 15:17:58 -04:00
Arpit Jalan e89d0a6b20 FIX: importing a theme via file was broken 2017-05-08 12:03:24 +05:30
Robin Ward 777f1f0f47 FIX: Return a 404 if the auth session is not present 2017-05-04 15:35:24 -04:00
Robin Ward 1768c45a33 FIX: If we can't proxy to a CDN due to HTTP error, render blank 2017-05-04 12:42:46 -04:00
Robin Ward 57a2042ef6 FIX: Quiet server side errors for requesting json for account-created 2017-05-04 12:30:13 -04:00
Guo Xiang Tan 3eb920e2b0 Merge pull request #4841 from fantasticfears/webhook-ping
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Robin Ward 81190f5d66 FIX: Redirect away from `account-created` if you're logged in 2017-05-03 11:18:01 -04:00
Robin Ward 12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Robin Ward b381372184 Use Ember.js for the `/u/account-created` path so we can add controls 2017-05-03 11:18:01 -04:00
Sam 946f25098f Refactor theme fields so they support custom theme defined vars
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Arpit Jalan 77a8cae094 FIX: rescue specific errors on invite failure 2017-05-02 15:13:33 +05:30
Erick Guan 9f8a917d65 add event name for ping webhooks in the header 2017-05-02 08:13:23 +02:00
Neil Lalonde 0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Guo Xiang Tan 304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Guo Xiang Tan e4b9f72f9e FIX: Force the right encoding when handling email. 2017-04-27 16:51:54 +08:00
Arpit Jalan b755279cf0 remove unneeded code 2017-04-27 08:47:47 +05:30
Arpit Jalan e3f82140d8 more readable code for filtering username/email when bulk adding to group 2017-04-27 08:43:28 +05:30
Arpit Jalan b41d96fac1 FIX: properly initialize hashes 2017-04-27 02:56:14 +05:30
Arpit Jalan 285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Guo Xiang Tan 6f7c6b0fd0 FIX: Incorrect error raised. 2017-04-25 09:59:01 +08:00
Guo Xiang Tan 423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Sam 7a9eee1b71 FEATURE: default notification level for group messages
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Robin Ward 8b8ee2ad61 Pass a context in when using a HTML builder 2017-04-18 12:35:35 -04:00
Arpit Jalan 1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Sam 86904e9cd6 FIX: better error handling for theme import 2017-04-17 16:55:53 -04:00
Arpit Jalan 0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam ed2e62f845 correct environment handling for test mode 2017-04-14 14:00:46 -04:00
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan ef093b1610 Merge pull request #4807 from techAPJ/email-token-social
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan 3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Arpit Jalan 7fb17b83c4 FIX: confirm email token for user created via social login 2017-04-13 14:15:32 +05:30
Guo Xiang Tan ee449b0dd5 Improve SSO verbose log when user record is invalid. 2017-04-13 11:39:26 +08:00
Guo Xiang Tan 57788200ec REFACTOR: Add `User.reserved_username?`. 2017-04-13 10:44:26 +08:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron 0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Guo Xiang Tan 9663a74445 FIX: Ensure `username` param is valid in `NotificationsController`. 2017-04-07 17:32:52 +08:00
Régis Hanol 93556bb950 Merge pull request #4793 from rcgordon/smtp-fast-rejection
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde 708f65f740 FIX: web crawlers getting 404 on category pages 2017-04-06 14:52:06 -04:00
Ryan C. Gordon 888d1512ec Corrected indentation. 2017-04-06 01:49:34 -04:00
Aashaka Shah 402eaaa773 FEATURE: add og tags to metadata in individual badges page 2017-04-06 09:32:53 +05:30
Guo Xiang Tan 5943543ec3 FIX: Improve checks for non-human users. 2017-04-06 11:29:34 +08:00
Ryan C. Gordon c51af13338 smtp_should_reject API: use better approach to find user email. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon a51c191a66 Make Email::Receiver.check_address() into a class method. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon e15d11df18 Added an API to ask if an incoming email should be dropped at the SMTP level.
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 3839206317 FIX: Return JSON errors for `by-external` if JSON requested 2017-04-04 16:22:14 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00