Commit Graph

585 Commits

Author SHA1 Message Date
Guo Xiang Tan 4f5c9bb8d3 DEV: Prefer `create!` over `create`.
We want to know when stuff fails.
2019-05-24 12:07:22 +08:00
Neil Lalonde 6f747c6b71 FIX: don't allow username to be changed to same as password
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
2019-05-13 16:43:40 -04:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Sam Saffron 9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Gerhard Schlager 7a27c93c03 FIX: URL encode username and first letter in avatar URL
And it adds specs as a follow-up to aadb7da7
2019-04-29 15:08:14 +02:00
Sam Saffron 26b4dbde41 PERF: use delete_all to remove notifications and topic_users
Previously we used destroy here which could be extremely expensive
2019-04-26 22:26:48 +10:00
Sam Saffron c009a6ae36 PERF: speed up user deletion logic
Previously any user deletion would scan a very large number of tables

This avoids scans on 6 tables/indexes on delete
2019-04-26 18:11:39 +10:00
Gerhard Schlager aadb7da7d3 FIX: Use first grapheme cluster for letter avatar 2019-04-24 23:20:46 +02:00
Gerhard Schlager a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Robin Ward 111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward 828cdf3fea FIX: Protected method called, I'll fire myself now 2019-04-03 16:10:36 -04:00
Robin Ward 82bddcbe51 FIX: Don't create two reviewable scores for a user 2019-04-03 16:03:32 -04:00
Robin Ward c1ea63bdc1 FIX: Reviewables should not be created for users until they are active
Conversely, if a user is deactivated the reviewable should automatically
be rejected.

Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Bianca Nenciu a9798f0c47
FEATURE: Add page for all group membership requests. (#6909) 2019-03-27 13:30:59 +02:00
Maja Komel 7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Guo Xiang Tan c5808a8a25 PERF: N+1 queries admin users pages. 2019-03-15 15:09:44 +08:00
Tarek Khalil 4a00772c19
FIX: invite approval `StaffActionLogger` bug (#7151)
* FIX: invite approval `StaffActionLogger` bug
2019-03-12 13:32:25 +00:00
Bianca Nenciu 191e31dccf FEATURE: Log user approvals. (#7121) 2019-03-12 19:16:56 +11:00
Dan Ungureanu 32bae48fd3 DEV: Use User#human? User#bot? (#7140) 2019-03-12 07:58:14 +08:00
David Taylor fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator (#7120)
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Gerhard Schlager 5d75bd4831 FIX: Don't try to rename group when username is taken
FIX: Always rename groups with the default locale instead of using the user's locale
2019-02-19 22:31:03 +01:00
Robin Ward c719658f9f `human?` helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Gerhard Schlager e9ec5238fc DEV: Remove ignored columns 2019-02-08 12:12:38 +01:00
Sam d5ecf8e8c2 FIX: properly clean out post and user actions on destroy user
This corrects 2 issues:

First is a regression with d7c08e21 for some reason dependent :delete_all
respects default scopes where-as dependent :destroy bypasses it.

Secondly, we were keeping orphan user actions around on user destroy, this
ensures we remove all the user actions not only ones that originated by
the user.

So for example: if I like a post of user A we create a user action saying I
did that, but once user A is deleted we were not removing the action leading
to an orphan action in the database.
2019-01-17 12:40:30 +11:00
Sam d7c08e217a PERF: delete user and post actions vs destroy on user destroy
Users can have 100s of thousands of post and user actions, we do not want
to destroy each individually cause the tracking is enormous and the amount
of queries we would need is enormous.

This gives up on the `after_commit` hook on `post_actions` which ships a message
to clients to synchronize a post, so some phantom post_actions may remain
in the UX in the rare occasion we delete a user. The phantoms will be gone
on reload.
2019-01-17 11:19:37 +11:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Maja Komel 98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Neil Lalonde ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
David Taylor 160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
David Taylor 208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Gerhard Schlager 24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan 7534042427 DEV: Update annotations. 2018-11-07 11:11:19 +08:00
Bianca Nenciu 2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Jeff Wong 0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Sam 5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam e605542c4e PERF: limit unread count to 99 in the blue circle
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Neil Lalonde 12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Vinoth Kannan 8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Kyle Zhao e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Kyle Zhao 6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00