Commit Graph

5615 Commits

Author SHA1 Message Date
Jeff Atwood 3b71abb0e2 very minor copyedits 2018-03-25 00:53:32 -07:00
Robin Ward 38af67eb73 Update the destination category id when a user changes it 2018-03-23 11:12:56 -04:00
Guo Xiang Tan a8036189cc Minor 2fa copy edit. 2018-03-23 11:43:59 +08:00
Guo Xiang Tan 7a4b70ef58 UX cleanup changes to 2FA flow. 2018-03-23 11:05:36 +08:00
Jeff Atwood 90af1659ff very minor copyedits on 2fa 2018-03-22 17:17:47 -07:00
Jeff Atwood 1d3a142f35 minor copyedits 2018-03-22 15:27:07 -07:00
Neil Lalonde ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Jeff Atwood 448f4afa68 copyedits on login via email link 2018-03-22 04:19:34 -07:00
Jeff Atwood 096c3a0bf8 copyedits on 2 factor auth 2018-03-22 03:39:06 -07:00
Jeff Atwood 337a301a57 missing file in commit 2018-03-22 02:22:25 -07:00
Jeff Atwood d7c2d2edb8 remove extraneous "click to show" copy 2018-03-22 02:19:57 -07:00
Guo Xiang Tan f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan 1cc0961566 FEATURE: Allow admin to manage group owners on group page. 2018-03-22 12:33:42 +08:00
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Guo Xiang Tan 6381bc6ce1 Improve description for removing a group member. 2018-03-21 18:37:13 +08:00
Guo Xiang Tan be866dbe6e UX: Allow group owners to manage members from group members page. 2018-03-21 18:22:55 +08:00
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Guo Xiang Tan 28baf97a00 Fix duplicated translations. 2018-03-20 19:08:32 +08:00
Guo Xiang Tan 15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Neil Lalonde 4d44024c82 FIX: error when trying to block an IP address. Return a message when IP address matches an existing screened IP address, including ranges. 2018-03-19 14:34:43 -04:00
Régis Hanol 9de134caa0
Better copy for redirect_warning' 2018-03-19 16:02:07 +01:00
Guo Xiang Tan 19a93b0e95 UX: Improve groups page on mobile. 2018-03-19 18:48:12 +08:00
Guo Xiang Tan 41b0fbe001 UX: Indicate user's group membership on groups page. 2018-03-19 18:29:30 +08:00
Guo Xiang Tan 05ea034490 UX: Allow groups page to be searchable. 2018-03-19 17:16:51 +08:00
Arpit Jalan f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
Régis Hanol 89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Arpit Jalan e9bc763440 FIX: show only allowed tags on PM tags page and display correct count
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
Guo Xiang Tan fe96ef6ed2 UX: Use topic list for displaying group messages on group page.
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
Guo Xiang Tan a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Kyle Zhao f7bd05e534 FEATURE: set 'Retry-After' header for 429 responses (#5659) 2018-03-13 23:12:41 +08:00
Arpit Jalan 7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
Arpit Jalan 24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
AhmadFCheema d75eb23231 Fix typos in server.en.yml (#5668)
* Fix typos in server.en.yml

* Minor typo correction

Emoji = Emojis
2018-03-12 20:21:04 +08:00
Arpit Jalan 12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Michael Brown 5316b6c6bc FIX: typo whipser → whisper 2018-03-10 16:53:24 -05:00
Sam 800760e353 also watch CSS in unicorn on dev 2018-03-09 17:47:57 +11:00
Sam 7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam 39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Guo Xiang Tan a89f3160a5 Add new config to ensure backup/restore connects to PG directly.
* In `pg_dump` 10.3+ and 9.5.12+, in
  it does a `SELECT pg_catalog.set_config('search_path', '', false)`
  which changes the state of the current connection. This is known
  to be problematic with Pgbouncer which reuses connections. As such,
  we'll always try to connect directly to PG directly during
  the backup/restore process.
2018-03-09 10:28:03 +08:00
Sam 5b6e49ae1d FEATURE: split out max diff to 2 settings
We trust staff + tl2 and up to perform edits in grace period.
Allow them significantly more edit room in grace period prior to storing
a revision.

editing_grace_period_max_diff_high_trust applies to users with tl2 and up.

So

tl0 / 1 : we store an extra revision if more than 100 chars change
tl2 and up : we store an extra revision if more than 400 chars change

We may tweak these numbers as we go.
2018-03-09 11:58:50 +11:00
Arpit Jalan 55fd18e195 add locale for Tags title 2018-03-08 19:12:03 +05:30
Jeff Atwood fb77a6eb49 minor copyedit 2018-03-07 14:51:26 -08:00
Régis Hanol b5b5b68972 Add proper error message when SCSS variable name is invalid when uploading a theme file 2018-03-07 21:37:22 +01:00
Neil Lalonde 0c8df32903 Update translations, except ur because of errors 2018-03-07 14:11:56 -05:00
Jeff Atwood 4132c37add increase grace period max diff to 100 chars 2018-03-07 01:45:48 -08:00
Sam e162cd16b6 FEATURE: editing_grace_period_max_diff to force revisions in grace period
If a user performs a substantive edit of 20 chars or more during grace period
we will store a revision to track the change

This allows for better auditing of changes that happen during the grace period
2018-03-07 18:34:34 +11:00
Neil Lalonde 2e5c18d130
Merge pull request #5652 from majakomel/add-slovenian-locale
Add Slovenian locale files
2018-03-06 15:59:01 -05:00
Maja Komel e2a441ade9 Add Slovenian translations 2018-03-06 20:51:41 +01:00
Sam 0134e41286 FEATURE: detect when client thinks user is logged on but is not
This cleans up an error condition where UI thinks a user is logged on
but the user is not. If this happens user will be prompted to refresh.
2018-03-06 16:49:31 +11:00
Sam f0d5f83424 FEATURE: limit assets less that non asset paths
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
AhmadFCheema 95dd5e30c1 Fix minor typo in server.en.yml (#5649) 2018-03-05 17:27:51 -05:00
Robin Ward 0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward 31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Régis Hanol 6a78669ca3 FIX: 'reply by email addresses' site settings should allow email addresses without a 'reply_key' when 'find related post with key' is disabled 2018-03-02 17:53:18 +01:00
Guo Xiang Tan d9b4b12694 UX: Display warning message about social logins disabled when 2FA is enabled. 2018-03-02 14:22:52 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Neil Lalonde baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld 48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Arpit Jalan 4010d8d9f9 FEATURE: show "edit message" button on message footer for staff
Show "Edit Message" button on personal message footer for staff if PM tagging is enabled.
2018-02-27 14:22:03 +05:30
Guo Xiang Tan 06891ce51d FIX: Direct link to group activity page results in 400 error.
https://meta.discourse.org/t/following-a-direct-link-to-group-activity-results-in-400-error/81596
2018-02-27 13:43:22 +08:00
Guo Xiang Tan 66d620f7b1 FEATURE: Trigger topic webhook when topic status is updated. 2018-02-27 11:07:37 +08:00
Guo Xiang Tan 8c51ac448a FIX: Missing translation. 2018-02-27 09:37:12 +08:00
Neil Lalonde 3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan 3e1afbedc5 FIX: Missing translation for non-admin when editing a group.
https://meta.discourse.org/t/text-glitch-on-group-admin-page/77303
2018-02-26 10:11:18 +08:00
Sam c234a14f0d Make bootsnap MRI only for now 2018-02-26 10:29:25 +11:00
Guo Xiang Tan 4791b39773 UX: Add reset password email button when confirming password before enabling 2FA. 2018-02-23 15:37:17 +08:00
Guo Xiang Tan 66062ed6d9 Add missing default choice for `SiteSetting.google_oauth2_prompt`. 2018-02-23 11:23:08 +08:00
Guo Xiang Tan 3637f0d3bb Update copy to reflect that 2FA key should be kept a secret. 2018-02-23 10:40:25 +08:00
Guo Xiang Tan e137b7f836 UX: Improve indication of 2FA status in user's preferences. 2018-02-23 10:36:48 +08:00
Guo Xiang Tan 2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward 9b704b21b5 Don't include `client` when false 2018-02-22 21:22:09 -05:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan 24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Joffrey JAFFEUX 1c790ae6bc Revert "Add prompt and HD settings to the Google OAuth2 plugin."
This reverts commit f74d6bb605.
2018-02-22 19:17:02 +01:00
scossar 9d0807224b Don't enqueue topic webhook unless a post has a topic 2018-02-22 14:34:59 +08:00
Guo Xiang Tan ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Geoffrey Challen f74d6bb605 Add prompt and HD settings to the Google OAuth2 plugin. 2018-02-22 12:29:19 +08:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Guo Xiang Tan 1b04d881c5 UX: Display lock icon in admin user lists when user has 2FA enabled. 2018-02-22 09:00:09 +08:00
Joffrey JAFFEUX 6f5acfe783 Login with email/forget password UI refactoring
* move button into login modal with social buttons
* adds email link next to login field when filling it
* adds proper validation messages
* improves forgot password flash clearing
* more tests
2018-02-22 08:06:15 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Joshua Rosenfeld 3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld 23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Gerhard Schlager 210939de68 FEATURE: Use HTML instead of text for incoming emails by default 2018-02-21 11:14:36 +01:00
Guo Xiang Tan 8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Sam ca1a3f37e3 FEATURE: add instrumentation for all external net calls 2018-02-21 15:20:29 +11:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Jeff Atwood 6c29908ba2 very minor copyedits 2018-02-20 00:44:56 -08:00
Sam 73a492f721 minor changes to discourse bench
Ruby master is not compatible with bootsnap atm
2018-02-20 14:41:21 +11:00
Arpit Jalan c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle 5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00