Sam
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
Sam
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
Régis Hanol
1ec73b5ba0
FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency
2015-04-02 16:24:27 +02:00
Robin Ward
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
Robin Ward
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
Robin Ward
7ef306cd3b
A bunch of tweaks to the Users directory
...
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Neil Lalonde
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
Sam
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
Robin Ward
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
Sam
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam
3a0cd0b760
make custom fields a bit more permissive input wise
2015-02-06 09:03:23 +11:00
Ryan Fox
1f0915bf83
Allow periods in the external_id value used in the /users/by-external route.
2015-02-02 12:55:32 -05:00
Sam
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Régis Hanol
cd2c9edb46
FIX: 🐛 upload on IE9 wasn't working :'(
...
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Greg Kempe
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
riking
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Robin Ward
987504c6ab
Rename `no_js` layout to `no_ember`
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Régis Hanol
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
Blake Erickson
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Blake Erickson
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Régis Hanol
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
Régis Hanol
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
Robin Ward
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Régis Hanol
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
Robin Ward
f9a8f6d6ce
FEATURE: Support for a `required` setting on user fields.
2014-10-08 15:10:19 -04:00
Sam
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
Robin Ward
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
Arpit Jalan
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
Robin Ward
be93f224a6
Revert "add user email on account created page"
...
This reverts commit 164fc1108a
.
2014-10-01 10:30:26 -04:00
Arpit Jalan
164fc1108a
add user email on account created page
2014-10-01 13:53:50 +05:30
Robin Ward
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
Régis Hanol
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
Sam
a901d682fe
raise not found if user is not found
2014-09-25 17:45:45 +10:00
Sam
8f8ea735ee
FIX: allow retry activation of account by username or password
2014-09-25 17:42:48 +10:00
Arpit Jalan
b3838c2c1c
Trigger browser password manager after sigining up
2014-09-24 01:04:36 +05:30
Sam
7a4082cbad
FIX: allow API to create users when invite_only is true
2014-09-23 09:06:19 +10:00
Neil Lalonde
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
riking
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
Robin Ward
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
Robin Ward
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
Arpit Jalan
4cd8abc905
FEATURE: dynamically load invites
2014-08-05 22:20:23 +05:30
Neil Lalonde
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce
Check honeypot/challenge value on activation too
2014-07-15 14:07:35 -04:00
riking
915f60b0fc
Don't redirect to login when activating account...
2014-07-15 10:50:28 -07:00
Neil Lalonde
766196af87
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations
2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85
FEATURE: Require Javascript to activate an account via email link
2014-07-14 12:26:10 -04:00
Sam
4a2cc269ab
FIX: allow selection of no title
2014-07-14 18:07:07 +10:00
Sam
833c50c460
FEATURE: Read Faq badge
2014-07-11 17:32:29 +10:00
Sam
9a9ad9bda8
FEATURE: Badge progress
...
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam
5a0aed2bfa
FIX: regression, forgot password broken
...
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward
9000c358d1
REFACTOR: Use common path for RESTful `DELETE` action from upload image
...
component
2014-06-30 14:13:59 -04:00
Robin Ward
4088fba4f2
REFACTOR: Convert profile background uploader to be an ember component
2014-06-30 14:13:59 -04:00
Andrew Bezzub
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
riking
6e698315d6
Allow all /my URLs
...
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam
91b6459f2b
BUGFIX: allow users to pick no avatar
2014-05-30 14:45:55 +10:00
Sam
5adc486cef
BUGFIX: missing avatars in topic map
...
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam
504cfcff96
Fix specs for avatars
...
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
Neil Lalonde
6e0eb89697
Don't show suspended users in autocomplete fields unless you are staff
2014-05-13 11:44:15 -04:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
f61f29439e
Track the ip address where user was registered
2014-04-29 14:37:56 -04:00
Vikhyat Korrapati
b4e037dfb2
Allow badges to be marked as "titleable".
2014-04-28 10:30:38 +05:30
Régis Hanol
64b8f2f759
TRIVIAL: remove puts statement (cc. @eviltrout)
2014-04-21 23:00:13 +02:00
Robin Ward
b9ca124756
Support for /my/preferences to automatically redirect to the logged in
...
user.
2014-04-21 11:52:11 -04:00
Vikhyat Korrapati
8113e8d897
Basic UI for selecting gold/silver badges as titles.
2014-04-18 09:20:51 +05:30
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
Sam
be06156629
SECURITY: when enabled_local_logins is false users could log in via API
...
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Sam
619fa50d4b
BUGFIX: twitter auth asking for a password
2014-03-20 14:49:25 +11:00
Neil Lalonde
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
Johan Jatko
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Leonard Teo
c13aa8852b
Whitelist :active param so that we can automatically create users that are active via API
2014-02-04 15:40:30 -05:00
Neil Lalonde
da825451d0
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-21 16:56:41 -05:00
Benjamin Kampmann
c743a985a4
Allow groups to be used as aliases for user mention
...
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
Neil Lalonde
854d9c8fc6
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length.
2013-12-19 16:15:47 -05:00
Sam
05a3c8090f
Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
...
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
Neil Lalonde
561961eff6
FIX: can grant titles to regular users. Guardian initializer needs current_user, not the target user.
2013-12-10 12:46:35 -05:00
Scott Albertson
51eff92170
Refactor UsersController#create
...
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde
981d8f6aea
Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing...
2013-11-19 14:15:28 -05:00
Robin Ward
32a3da86da
Merge pull request #1640 from salbertson/sa-refactor-users-controller-invites
...
Refactor UsersController#invited
2013-11-12 08:18:52 -08:00
Scott Albertson
77b59b54ce
Refactor UsersController#invited
...
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
railsaholic
58f78e9001
Refactor Users#upload_avatar method
...
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```
Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
Sam
3473734af0
FIX: bust broken password
2013-11-11 22:28:26 +11:00
sirMackk
af67284995
User ctrl refactor - breaks up large methods, moves some logic into model
...
Includes missing methods from backup for travis to pass
fix missing code, failing specs
keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Scott Albertson
72bfa4471f
Move logic for updating a user into a service class
2013-11-07 08:39:39 -08:00
Robin Ward
25ef66c60b
User invites page now has search, displays first `invites_shown` records
2013-11-05 17:53:26 -05:00
Robin Ward
3d6d7c8abe
SiteSetting to hide regular names from users
2013-10-30 15:45:34 -04:00
Régis Hanol
9b2f821012
Merge pull request #1512 from ScotterC/avatar-from-url
...
Build out a URI Adapter to allow uploading an avatar via a url
2013-10-21 13:17:37 -07:00
Robin Ward
2308784713
Merge pull request #1543 from railsaholic/small_users_controller_refactoring
...
refactor UsersController to reduce complexity
2013-10-21 12:21:03 -07:00
Scott Carleton
cbef844a57
Build out a URI Adapter to allow uploading an avatar via a url
...
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
Neil Lalonde
648b11a0eb
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address.
2013-10-21 14:50:18 -04:00