Commit Graph

405 Commits

Author SHA1 Message Date
Régis Hanol 25d80aabce remove 'puts' 2018-03-02 01:50:24 +01:00
Gerhard Schlager 80e85e0d8f FIX: Sidekiq job has wrong data when post owner changes within transaction 2018-03-01 18:00:18 +01:00
Gerhard Schlager 79590e4bec FIX: Merging users shouldn't add more than 1 secondary email 2018-03-01 17:50:13 +01:00
Gerhard Schlager a7c50039de FIX: Allow changing post owner even when topic validations fail 2018-03-01 17:31:58 +01:00
Gerhard Schlager 7a2183e8ab FEATURE: rake task for merging users 2018-03-01 12:28:12 +01:00
Gerhard Schlager fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Sam 86d12bd44b FEATURE: search within title using in:title
Also

- Significantly improved search ranking, title is treated most strongly
- Adds tag names to the index
- Run search re-indexer more aggressively
- Re-index topic and all posts on category change
2018-02-20 14:41:21 +11:00
Robin Ward 7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Maja Komel 1c27d93dcf anonymous shadow users are approved on creation if must_approve_users is enabled (#5569) 2018-02-13 01:58:38 -05:00
Arpit Jalan 7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan 1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Sam 060e78e884 PERF: reduce memory usage for post alerter 2018-01-22 17:11:52 +11:00
Robin Ward a8b46df4bd More extensibility for custom silence/suspend messages 2018-01-19 11:35:19 -05:00
Neil Lalonde ec65ae76b9 FIX: don't create new like notifications for deleted topics 2018-01-17 14:36:32 -05:00
Sam eaca2cb049 bypass loud logging 2018-01-16 15:41:45 +11:00
Sam 38c018a84b FIX: invalid cache for parent category with limit_suggested_to_category 2018-01-15 16:13:29 +11:00
Sam 5bf116e719 warn if missing user option record 2018-01-12 15:43:56 +11:00
Robin Ward dd33050e10 Add discourse events for when a user is suspended/silenced 2018-01-11 12:56:45 -05:00
Sam 57a1190b07 FIX: correct issue with search omitting words with multiple dots
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
Régis Hanol 62a5b174e1 FIX: wasn't able to use the same username when taking over a staged account 2017-12-12 11:26:00 +01:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Robin Ward 0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Robin Ward 3785429948 FIX: Missing word boundaries when non-regexp 2017-11-17 14:37:31 -05:00
Robin Ward d755c9c90f FIX: Allow regular expressions to specify boundaries 2017-11-17 14:13:44 -05:00
Gerhard Schlager d47fa6653b do not notify staged users about posts withing mailinglist mirror category 2017-11-17 15:29:14 +01:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde 9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Gerhard Schlager 31e2385316 FEATURE: do not send notification emails to users who are included in the To and CC header of an incoming email 2017-11-10 17:44:20 +01:00
Neil Lalonde 16ff2a4715 FIX: topic counts after converting topic to/from public and private 2017-11-09 15:33:44 -05:00
Michael Howell 38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268)
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Guo Xiang Tan 19f3b81161 Revert "FIX: always trigger the ':user_updated' event"
This reverts commit 519b70ea46.

https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
Guo Xiang Tan e91a631978 REFACTOR: DRY up code and add better test coverage. 2017-10-23 11:16:14 +08:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Guo Xiang Tan 79de10b212 FEATURE: Allow users to disable new PMs.
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde 2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Gerhard Schlager c0bb97b5cb FIX: delete staged users when the incoming email is rejected 2017-10-11 16:17:01 +02:00
Régis Hanol 3bdd8f57c1 FIX: invited staged users would sometimes not get notified of replies 2017-10-06 16:37:28 +02:00
Neil Lalonde e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Robin Ward 41c3941c4c FEATURE: Support regular expressions for watched words 2017-09-27 15:48:57 -04:00
Robin Ward 7578d8fc44 Add a `DiscourseEvent` for when a topic is closed 2017-09-27 14:00:53 -04:00
Robin Ward 09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Guo Xiang Tan 4e5e7dc736 FIX: Fix ActiveRecord API that was removed in Rails 5.1. 2017-09-25 16:16:37 +08:00
Guo Xiang Tan 23b787e0a6 Require dependency otherwise it causes Sidekiq to lock up in development. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Gerhard Schlager 87b4246c14 FIX: notify about whispered reply 2017-09-19 15:51:10 +02:00
Robin Ward 9b3b39d8a2 FIX: Users should be able to activate their emails even if unapproved
Note in discourse `active` means "Email is active" - they still can't
login until approved
2017-09-12 15:04:39 -04:00
Guo Xiang Tan b7ac33464f Reduce number of Redis calls. 2017-09-08 20:12:53 +08:00