Commit Graph

1163 Commits

Author SHA1 Message Date
Guo Xiang Tan 56e9ff6853 Revert "DEV: Queue jobs in tests by default."
Too risky for now

This reverts commit be28154d3b.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
OsamaSayegh 23e3a68592 REFACTOR: session controller specs to requests 2018-05-31 12:31:46 +10:00
OsamaSayegh bac0482061 REFACTOR: users contollers specs => request specs 2018-05-25 05:04:25 +03:00
Blake Erickson 3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts
See [this commit][1] for more info

[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
OsamaSayegh 609804f5ef REFACTOR: merge posts controller specs into request specs 2018-05-23 08:53:46 +10:00
OsamaSayegh 450a600721 REFACTOR: about & badge controllers => requests 2018-05-22 13:45:13 +10:00
Sam 788ca1f112 FIX: stop adding email to unsubscribe url
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
2018-05-22 09:07:03 +10:00
Jeff Wong 04c7dbafa3 FIX: manifest.json better detection at mime type. Find size if uploaded 2018-05-17 14:45:24 -07:00
Jeff Wong 41ffafb65e FIX: best effort at returning correct mime types in manifest.json 2018-05-17 12:14:39 -07:00
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Blake Erickson bd352a17bf FIX: Show a json api response when deleting a user with posts
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
Arpit Jalan 83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Misaka 0x4e21 ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan 21007a4a8d Rewrite push notifications controller specs as request specs.
* Improve assertions to test for the outcome we expected instead
  of just asserting for a 200 response.

* Remove duplicated assertion.
2018-05-07 15:40:46 +08:00
Jeff Wong 91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Neil Lalonde bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Sam b26e27bdab correct specs 2018-04-26 17:24:16 +10:00
Guo Xiang Tan 9eabf7c02c Fix randomly failing specs due to SearchLog cache. 2018-04-23 10:10:10 +08:00
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Sam 71d0035a7e groups should be text to match add_group etc. 2018-04-10 13:47:07 +10:00
Guo Xiang Tan c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Sam 4111f17f64 add missing test for rel next/prev 2018-04-09 15:01:16 +10:00
Guo Xiang Tan eb755dd2a7 Fix the build. 2018-04-06 10:40:57 +08:00
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Neil Lalonde 73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Guo Xiang Tan 52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Guo Xiang Tan 5f4ff4a8c0 Fix failing spec. 2018-03-28 12:01:50 +08:00
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Régis Hanol 89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Guo Xiang Tan 2ad2ed2eb2 FIX: Couldn't move a topic into the uncategorized category. 2018-03-13 10:20:47 +08:00
Sam 39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan 0fabf80dca Migrate controller type specs to request types for omniauth. 2018-03-01 15:33:00 +08:00
Guo Xiang Tan c64f09b6b7 REFACTOR: Simplify and DRY `Group#invite`. 2018-02-26 11:59:07 +08:00
Régis Hanol 0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Gerhard Schlager 23498e54aa Fix the build 2018-02-23 13:35:15 +01:00
Guo Xiang Tan ea1733ca64 Fix failing spec. 2018-02-23 11:31:10 +08:00
Guo Xiang Tan 1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Guo Xiang Tan 964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan b6e82815bd Fix rspec description. 2018-02-21 09:02:42 +08:00
Régis Hanol 6b67192d99 fix the build 2018-02-19 22:52:54 +01:00
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Sam cda3f72ab8 SECURITY: don't onebox whispers 2018-02-16 08:57:20 +11:00
Sam 57e140dc07 FIX: oneboxing to private messages 2018-02-16 08:00:22 +11:00
Régis Hanol 8e0da35857 FIX: allow local oneboxes to public topics/posts in PM 2018-02-15 18:14:41 +01:00
Sam f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00