Robin Ward
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
Sam
340a3ee5cb
correct spec to handle not null visibility_level
2017-07-03 16:03:26 -04:00
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
72c92b0f4e
FIX: include canonical meta tag on category pages
2017-07-03 13:25:22 +05:30
Arpit Jalan
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Guo Xiang Tan
7b35c55a1e
FIX: Display Google search form when 404 page is rendered by Ember.
2017-06-29 14:37:24 +09:00
Régis Hanol
a9c0df0b58
FIX: always try to convert PNG to JPG when pasting an image
2017-06-23 12:13:48 +02:00
Robin Ward
ae7734707e
REFACTOR: Merge different templates from rendering user stream items
2017-06-20 15:45:41 -04:00
Guo Xiang Tan
b5ec241716
FIX: Validate interpolation keys used in translation overrides.
...
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
Guo Xiang Tan
b5249fb4ca
FIX: Send request membership PM to last 5 active group owner.
2017-06-15 11:37:09 +08:00
Arpit Jalan
34996b4eff
FIX: show invite validation error message in response
2017-06-13 22:41:53 +05:30
Régis Hanol
5d63a7f4a6
FIX: pull hotlinked images even when they have no extension
2017-06-13 13:27:05 +02:00
Guo Xiang Tan
a5d3abc9b6
FIX: Create group membership request on behalf of user.
2017-06-13 17:49:21 +09:00
Régis Hanol
54e8fb0d89
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 22:41:29 +02:00
Robin Ward
2ff850d446
FIX: If forcing a refresh, don't return a onebox preview
2017-06-12 14:05:59 -04:00
Neil Lalonde
0b41046238
don't force SiteSetting.title into meta title tag
2017-06-12 13:50:50 -04:00
Arpit Jalan
b9c94aa234
FEATURE: add required user fields to invite accept form
...
UX: make "accept invitation" page consistent with sign up modal
2017-06-12 20:43:07 +05:30
Guo Xiang Tan
5994c85ea9
FIX: Raise the right error when email params is missing.
2017-06-12 17:48:32 +09:00
Arpit Jalan
6e37f09b19
UX: add email to '/email/unsubscribed' page
2017-06-10 09:51:12 +05:30
Régis Hanol
038454bde2
FIX: always confirm emails when SSO says so
2017-06-08 01:05:33 +02:00
Robin Ward
54bb2a6bc2
FIX: Don't redirect to wizard when resetting password
2017-06-07 12:36:52 -04:00
Guo Xiang Tan
2cad739262
FIX: Better error message when username change fails.
...
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Sam
b4060778d9
FIX: you should always be allowed to see actions you created
2017-06-02 14:24:06 -04:00
Guo Xiang Tan
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Sam
607998af33
FEATURE: dropdown to filter staff action logs
2017-05-30 11:25:42 -04:00
Arpit Jalan
d2c2139da8
FEATURE: require name when accepting invite if 'full name required' setting is enabled
2017-05-29 21:46:43 +05:30
Robin Ward
b584264d82
FIX: Don't show "resend email" option when user approval is on
2017-05-25 15:29:05 -04:00
Sam
29fac1ac18
PERF: improve performance of unread queries
...
Figuring out what unread topics a user has is a very expensive
operation over time.
Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)
When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.
This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.
We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Robin Ward
6eb6c25816
FIX: Keep the flash when redirecting for login_required
2017-05-25 14:10:15 -04:00
Robin Ward
ca965f83c3
Revert "FIX: If login is required, redirect to the `/login` route instead of root"
...
This reverts commit 8a8dec550b
.
2017-05-25 14:04:28 -04:00
Robin Ward
8a8dec550b
FIX: If login is required, redirect to the `/login` route instead of root
2017-05-25 13:35:15 -04:00
Robin Ward
cdbe027c1c
Refactor `FileHelper` to use keyword arguments.
2017-05-24 13:54:26 -04:00
Sam
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
Guo Xiang Tan
238a156300
FIX: `TopicTimestampChanger` should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
Guo Xiang Tan
4382a0bb07
Rename `PostTimestampChanger` -> `TopicTimestampChanger`.
2017-05-22 15:01:33 +08:00
Robin Ward
908433a7a0
SECURITY: Validate the `entity` when downloading a CSV
2017-05-19 16:00:51 -04:00
Guo Xiang Tan
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
Arpit Jalan
1fd8e426f2
FIX: better uploads error page
2017-05-18 23:29:37 +05:30
Régis Hanol
13e489b4ca
replace the upload type whitelist with a sanitizer
2017-05-18 12:13:13 +02:00
Sam
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
Neil Lalonde
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
Sam
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
Sam
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
Neil Lalonde
55b61e9bea
rename topic_status_update to topic_timer
2017-05-11 18:27:53 -04:00
Pat David
18de62b015
Add get_embeddable_css_class to assist multi-site embed styling
...
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Pat David
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
Régis Hanol
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
Sam
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
Robin Ward
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
Arpit Jalan
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
Robin Ward
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
Robin Ward
1768c45a33
FIX: If we can't proxy to a CDN due to HTTP error, render blank
2017-05-04 12:42:46 -04:00
Robin Ward
57a2042ef6
FIX: Quiet server side errors for requesting json for account-created
2017-05-04 12:30:13 -04:00
Guo Xiang Tan
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Robin Ward
81190f5d66
FIX: Redirect away from `account-created` if you're logged in
2017-05-03 11:18:01 -04:00
Robin Ward
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
Robin Ward
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
Sam
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Arpit Jalan
77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
Erick Guan
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
Neil Lalonde
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
Guo Xiang Tan
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
Guo Xiang Tan
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
Arpit Jalan
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
Arpit Jalan
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
Arpit Jalan
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
Arpit Jalan
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
Guo Xiang Tan
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
Guo Xiang Tan
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
Sam
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
Robin Ward
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
Arpit Jalan
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
Robin Ward
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
Sam
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
Arpit Jalan
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
Sam
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
Arpit Jalan
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
Guo Xiang Tan
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
Guo Xiang Tan
57788200ec
REFACTOR: Add `User.reserved_username?`.
2017-04-13 10:44:26 +08:00
Sam
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
Guo Xiang Tan
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
Régis Hanol
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
Ryan C. Gordon
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
Aashaka Shah
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
Guo Xiang Tan
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
Ryan C. Gordon
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
Robin Ward
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00