Commit Graph

5615 Commits

Author SHA1 Message Date
Sam f0d5f83424 FEATURE: limit assets less that non asset paths
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
AhmadFCheema 95dd5e30c1 Fix minor typo in server.en.yml (#5649) 2018-03-05 17:27:51 -05:00
Robin Ward 0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward 31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Régis Hanol 6a78669ca3 FIX: 'reply by email addresses' site settings should allow email addresses without a 'reply_key' when 'find related post with key' is disabled 2018-03-02 17:53:18 +01:00
Guo Xiang Tan d9b4b12694 UX: Display warning message about social logins disabled when 2FA is enabled. 2018-03-02 14:22:52 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Neil Lalonde baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld 48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Arpit Jalan 4010d8d9f9 FEATURE: show "edit message" button on message footer for staff
Show "Edit Message" button on personal message footer for staff if PM tagging is enabled.
2018-02-27 14:22:03 +05:30
Guo Xiang Tan 06891ce51d FIX: Direct link to group activity page results in 400 error.
https://meta.discourse.org/t/following-a-direct-link-to-group-activity-results-in-400-error/81596
2018-02-27 13:43:22 +08:00
Guo Xiang Tan 66d620f7b1 FEATURE: Trigger topic webhook when topic status is updated. 2018-02-27 11:07:37 +08:00
Guo Xiang Tan 8c51ac448a FIX: Missing translation. 2018-02-27 09:37:12 +08:00
Neil Lalonde 3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan 3e1afbedc5 FIX: Missing translation for non-admin when editing a group.
https://meta.discourse.org/t/text-glitch-on-group-admin-page/77303
2018-02-26 10:11:18 +08:00
Sam c234a14f0d Make bootsnap MRI only for now 2018-02-26 10:29:25 +11:00
Guo Xiang Tan 4791b39773 UX: Add reset password email button when confirming password before enabling 2FA. 2018-02-23 15:37:17 +08:00
Guo Xiang Tan 66062ed6d9 Add missing default choice for `SiteSetting.google_oauth2_prompt`. 2018-02-23 11:23:08 +08:00
Guo Xiang Tan 3637f0d3bb Update copy to reflect that 2FA key should be kept a secret. 2018-02-23 10:40:25 +08:00
Guo Xiang Tan e137b7f836 UX: Improve indication of 2FA status in user's preferences. 2018-02-23 10:36:48 +08:00
Guo Xiang Tan 2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward 9b704b21b5 Don't include `client` when false 2018-02-22 21:22:09 -05:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan 24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Joffrey JAFFEUX 1c790ae6bc Revert "Add prompt and HD settings to the Google OAuth2 plugin."
This reverts commit f74d6bb605.
2018-02-22 19:17:02 +01:00
scossar 9d0807224b Don't enqueue topic webhook unless a post has a topic 2018-02-22 14:34:59 +08:00
Guo Xiang Tan ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Geoffrey Challen f74d6bb605 Add prompt and HD settings to the Google OAuth2 plugin. 2018-02-22 12:29:19 +08:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Guo Xiang Tan 1b04d881c5 UX: Display lock icon in admin user lists when user has 2FA enabled. 2018-02-22 09:00:09 +08:00
Joffrey JAFFEUX 6f5acfe783 Login with email/forget password UI refactoring
* move button into login modal with social buttons
* adds email link next to login field when filling it
* adds proper validation messages
* improves forgot password flash clearing
* more tests
2018-02-22 08:06:15 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Joshua Rosenfeld 3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld 23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Gerhard Schlager 210939de68 FEATURE: Use HTML instead of text for incoming emails by default 2018-02-21 11:14:36 +01:00
Guo Xiang Tan 8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login
Featheredtoast two factor login
2018-02-21 15:00:10 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Sam ca1a3f37e3 FEATURE: add instrumentation for all external net calls 2018-02-21 15:20:29 +11:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Jeff Atwood 6c29908ba2 very minor copyedits 2018-02-20 00:44:56 -08:00
Sam 73a492f721 minor changes to discourse bench
Ruby master is not compatible with bootsnap atm
2018-02-20 14:41:21 +11:00
Arpit Jalan c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle 5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
Guo Xiang Tan d601a6b23c FIX: Support old Service Worker source file path to avoid routing errors. 2018-02-19 08:04:45 +08:00
SidV 790c5facc9 Mailgun typo (#5593)
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Neil Lalonde 32ad98161f Update translations 2018-02-15 16:36:03 -05:00
Sam 7af9ed6674 FEATURE: add goanna rendering engine to non crawler list
Goanna the fork of Gecko which is used by Pale Moon browser is not a crawler.
2018-02-16 06:30:47 +11:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Sam 38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Joffrey JAFFEUX 548db91c76
FIX: displays an error when reaching tags limit 2018-02-14 00:30:09 +01:00
Joffrey JAFFEUX ed114177e7
Mini tag chooser tweaks 2018-02-13 19:41:03 +01:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Muhlis Cahyono cc3cf6588b FEATURE: Notification API Endpoints for Admins
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Robin Ward 4dfe659189 Rename `allow staff flags` to `allow flagging staff` 2018-02-12 15:27:26 -05:00
Robin Ward 6287631745 FEATURE: New site setting, `allow staff flags`, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
AhmadF.Cheema e48ae647f9 Fix typo in server.en.yml 2018-02-11 21:17:22 +01:00
Robin Ward 2faa4c2f5f FIX: Don't show personal messages if disabled as a composer action 2018-02-09 16:58:35 -05:00
Joffrey JAFFEUX 190d208631
FEATURE: improves composer-actions toggle menu
* only toggles
* fix a bug with presence
* more tests
* do not duplicate `continuing discussion...` text
* persist state to allow switching between toggles
2018-02-08 11:46:55 +01:00
scossar dab0ec1d66 Add translation key/value for target_user_not_found error message 2018-02-07 11:35:17 +01:00
Robin Ward 1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Kane York cd19d546a8
Update default linkify TLDs to top 15
Also kept gov, but moved it to the end because it was in the previous version.
2018-02-02 17:45:42 -08:00
Joshua Rosenfeld e262939590
Add .org to default linkified TLDs 2018-02-02 16:31:40 -05:00
Robin Ward 0bdd416d0b Small title change 2018-02-01 18:16:01 -05:00
Robin Ward 8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Joffrey JAFFEUX f7df68c9a3
FIX: makes composer-actions toggling whisper instead of replying 2018-02-01 23:07:37 +01:00
Joffrey JAFFEUX a4aeb74aba
typo 2018-02-01 19:54:48 +01:00
Joffrey JAFFEUX 9923829402
FEATURE: Menu toggle for different reply modes
Allow users to access different reply modes from the composer.

Actions introduced:

- reply_as_new_topic
- reply_as_private_message
- reply_to_topic
- reply_as_whisper/not
2018-02-01 16:42:56 +01:00
Robin Ward 96710754d9
Merge pull request #5540 from discourse/mixed-text-direction-support
FEATURE: Mixed text direction support
2018-02-01 07:29:15 -08:00
Joshua Rosenfeld f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Arpit Jalan a08832bd08 rename 'private messages' to 'personal messages' in locale 2018-02-01 19:25:14 +05:30
Arpit Jalan 8bc17af9cc rename private to personal in locale files 2018-02-01 13:25:29 +05:30
Arpit Jalan f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan 6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan 7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan 7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan 25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Sam ee0d3f15c1 FEATURE: allow better fidelity for auto linkify, disable most tlds based linkify
New site settings:

enable_markdown_linkify: which is default on, auto links https:// and http:// and mail://

markdown_linkify_tlds: which allows control of what tlds get autolinked for cases such as www.site.com, default is com|net|gov
2018-02-01 13:22:38 +11:00
Neil Lalonde 5a372bccd1 Undo translations client.ur.yml and server.ur.yml because they break the build 2018-01-31 12:00:24 -05:00
Neil Lalonde f7042ecc85 Update translations 2018-01-31 11:19:21 -05:00
Régis Hanol d233ecbe34 push updates to backups list to client 2018-01-31 12:05:06 +01:00
Arpit Jalan 38b6c1d67f UX: generic 'no invites to show' message 2018-01-31 10:31:09 +05:30
Régis Hanol c6fac68ccd FIX: don't blow up on badly encoding incoming email body 2018-01-30 23:47:58 +01:00
Maja Komel 018cb7f36b add a custom user onebox (#5542)
* add custom user onebox

* add specs
2018-01-30 11:03:08 +01:00
Robin Ward 73fae6513f FIX: Missing translation 2018-01-29 13:16:58 -05:00
Arpit Jalan 1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
scossar caa38aaaad Add support for mixed text directions 2018-01-28 18:33:55 -08:00
Robin Ward 44e2038b53 Setting to automatically lock posts when edited by staff 2018-01-26 14:01:30 -05:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Joffrey JAFFEUX 3d595a52ca
FIX: improves UI state when no extensions are allowed for upload 2018-01-26 18:12:23 +01:00
Arpit Jalan 7b4e6d508b improve reviving_old_topic education message 2018-01-26 00:06:53 +05:30
Gerhard Schlager eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Gerhard Schlager ba6cd83e3a ISO 639-1 codes aren't used in the UI anymore 2018-01-25 14:57:41 +01:00
Gerhard Schlager ce060e2b86 FIX: Server didn't use default_locale as fallback locale 2018-01-25 14:57:41 +01:00
Joffrey JAFFEUX 1fd3b5cc4f
FIX: improvements to category-drop when used with a subcategory 2018-01-24 17:41:26 +01:00
Sam 95ac1655bc revert settings 2018-01-24 13:21:23 +11:00
Sam 3492a91056 FEATURE: allow site operators to disable emoji shortcuts 2018-01-24 12:21:44 +11:00
Sam 7ba06de0d6 FEATURE: disable service worker for all browsers except for android
Service worker is still quite experimental, only enable on android
where it provides many benefits
2018-01-24 12:03:08 +11:00
Robin Ward 782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Régis Hanol f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Kyle Zhao 83c549bd31 FEATURE: grant badges in post admin wrench (#5498)
* FEATURE: grant badges in post admin wrench

* only grant manually grantable badges

* extract GrantBadgeController mixin
2018-01-22 14:10:53 +11:00
Sam f26ff290c3 FEATURE: Shorten setting name to max_reqs
So it is consistent with other settings
2018-01-22 13:18:30 +11:00
Matt Palmer 133acfc805 UX: Improve description of s3_use_iam_profile
https://meta.discourse.org/t/s3-uploads-iam-user-backups-questions/78484
2018-01-20 20:19:59 +11:00
Joshua Rosenfeld 8a3c9ee3c5
FIX: notify_about_queued_posts_after copyedit
notify_about_queued_posts_after does not email contact_email anymore, notification is instead a group message to the moderators group.
2018-01-19 17:45:02 -05:00
Arpit Jalan 73dea4e7eb Merge branch 'embedded-posts' 2018-01-19 12:54:34 +05:30
Guo Xiang Tan 54dc191a91 Update `rails_multisite` to 2.0.1. 2018-01-19 10:19:16 +08:00
Michael Brown bec3f124dd nginx sample config: also add A-C-A-O header to font files in uploads or plugins path 2018-01-18 16:41:16 -05:00
Sam 12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Robin Ward 34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Arpit Jalan 79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam 3c0296c625 should be lower case 2018-01-17 17:16:33 +11:00
Kane York ff91c43087 FEATURE: Keyboard shortcut to refocus composer (#5506)
It was very annoying to get back to the composer after losing it!

Added to the keyboard shortcuts help dialog, and reshuffled it a bit.
Translation keys were intentionally kept so our translators don't have
to copy paste to update.

This commit also fixes an incidental listener leak.
2018-01-17 17:15:03 +11:00
Marcus Baw 604c189440 remove superfluous 'the' from translation file (#5508)
Original text 'Use the HTML instead of the text for incoming email.' sounds odd for native English speakers. 
I propose the slight modification 'Use HTML instead of text for incoming email.'
2018-01-17 16:52:41 +11:00
Arpit Jalan 1208254961 FIX: validate presence of 'top menu' setting 2018-01-17 01:43:53 +05:30
Robin Ward d74f609921 Rename key for defer flag -> ignore flag 2018-01-16 14:33:39 -05:00
Sam 7b562d2f46 FEATURE: much improved and simplified crawler detection
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
    yes- well it is possibly a browser

- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
    probably a crawler then

Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
2018-01-16 15:41:45 +11:00
Neil Lalonde 5b356e446a FIX: subfolder support was broken 2018-01-15 15:42:31 -05:00
Arpit Jalan 6fff16a999 FEATURE: add collapse button 2018-01-16 01:07:48 +05:30
Sam 442a17bfb2 PERF: bypass omniauth unless in an auth path 2018-01-15 12:44:54 +11:00
Sam 2113266e51 Simplify complex conditional, add frozen strings 2018-01-15 12:44:54 +11:00
Neil Lalonde 4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Jeff Atwood dcbaf2f213 copyedit: personal, not private, message throughout 2018-01-11 16:04:14 -08:00
Robin Ward ee76636b76 FIX: Typo 2018-01-11 15:48:54 -05:00
Vinoth Kannan b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Neil Lalonde edb3a7f646 FIX: support for watched_words_regular_expressions when censoring words 2018-01-10 14:11:23 -05:00
Guo Xiang Tan e90187cbf7
Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned
FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
2018-01-09 13:35:08 +08:00
Sam 18a929d801 PERF: enable gzip on proxied requests 2018-01-09 13:28:05 +11:00
Sam 6e70065291 PERF: add some minimal caching to javascripts folder 2018-01-09 12:38:15 +11:00
Sam ea63abf0f7 bypass mini profiler for locales
bypass cdn for now
2018-01-09 11:30:59 +11:00
Sam cecd7d0d07 FEATURE: global rate limiter can bypass local IPs 2018-01-08 08:39:17 +11:00
Régis Hanol e3f8182125 FIX: Google Calendar oneboxes weren't working 2018-01-07 19:15:11 +01:00
Joffrey JAFFEUX 642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan fc68e3d223 📅 2018! 2018-01-05 10:09:52 +05:30
Guo Xiang Tan 8a3bbcb19a FIX: Add guard to prevent a primary `UserEmail` from being reassigned. 2018-01-04 19:40:50 +08:00
Neil Lalonde e3965b4492 Update translations 2018-01-03 12:21:03 -05:00
Arpit Jalan 222fab1435 Update default ToS 2018-01-02 11:26:22 +05:30
Arpit Jalan 6ce422feab FIX: respect 'topic page title includes category' client side 2017-12-30 09:06:02 +05:30
Neil Lalonde 0567d523ee Update translations 2017-12-29 14:51:53 -05:00
Régis Hanol f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Arpit Jalan b205910faa FIX: allow upto three url redirects in onebox (#5457) 2017-12-27 10:30:06 +11:00
Arpit Jalan 89d1107f81 UX: show '{count}+' when not sure about exact search count 2017-12-26 19:50:03 +05:30