Commit Graph

71 Commits

Author SHA1 Message Date
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
David Taylor 208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Saurabh Patel d984323e23 FEATURE: Show change name of user in staff logs (#6647)
https://meta.discourse.org/t/admins-changing-users-name-not-username-should-be-logged/99511
2018-11-22 10:13:02 +08:00
David Taylor 17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Gerhard Schlager 150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00
Arpit Jalan 89eca87f16 FEATURE: add staff action log for post rejections 2018-06-01 21:48:27 +05:30
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan 0a442977b3 FEATURE: add staff action log for post approvals 2018-04-23 11:28:44 +05:30
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Arpit Jalan 1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Arpit Jalan b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward f1e7bca3c9 FEATURE: Warn a user when they're replying to the same user too much 2017-02-03 17:00:54 -05:00
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Neil Lalonde fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Régis Hanol b0f7e4ba00 FEATURE: deactive users after too many bounces 2016-07-25 18:57:06 +02:00
Régis Hanol ca1a532cf5 show 'revoke_email' in staff action logs 2016-06-06 22:58:09 +02:00
Régis Hanol 8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Robin Ward 1fba835d4f FIX: Use a logging table for daily likes given. Use it for badges. 2016-03-18 11:18:54 -04:00
Robin Ward 06591022fe FEATURE: Generous badge 2016-03-15 16:08:29 -04:00
Arpit Jalan 8f62a0caa8 FEATURE: log backup operation 2016-02-27 23:33:18 +05:30
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Arpit Jalan 74f22f95da FEATURE: log admin/moderator grant/revoke action 2016-01-27 15:39:04 +05:30
Neil Lalonde b8299a2710 log when staff blocks/unblocks someone 2016-01-14 15:05:11 -05:00
Arpit Jalan 97e4f7f6d3 Enums that are used in tables need to be stable 2016-01-08 20:43:11 +05:30
Sam 3b45cd0fcb FIX: missing suspension reasons (and many other messages) 2016-01-08 14:57:05 +11:00
Arpit Jalan 4c967d11b4 FEATURE: log site text changes 2015-12-18 19:42:06 +05:30
Guo Xiang Tan f39b9124b6 FEATURE: Log staff actions for Category changes. 2015-09-18 10:53:08 +08:00
Sam c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward d2ed64751e UX: Show category badge on enqueued posts 2015-04-15 15:29:37 -04:00
Neil Lalonde 608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Robin Ward 4e64d16a47 FEATURE: Allow plugins to log staff actions 2015-02-05 15:26:34 -05:00
riking 1ab0d6bd82 FEATURE: Log username changes by staff
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Régis Hanol c57a1b393f clean up 'checked_for_custom_avatars' user history entries 2015-01-02 12:37:17 +01:00
Régis Hanol 7b0ae702e7 FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 19:48:54 +01:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Régis Hanol bb2d538194 FEATURE: log impersonations 2014-11-06 10:58:47 +01:00