77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
57788200ec
REFACTOR: Add `User.reserved_username?`.
2017-04-13 10:44:26 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
406d721f11
Fix `NilClass` error in `UsersController`.
2017-04-04 14:17:45 +08:00
f4758a4c4d
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:16:05 +08:00
0bbad5040a
`topic-status-info` component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
b6e9871b4b
Update `Topic#closed` client side when closing/opening a topic temporarily.
2017-03-31 15:05:00 +08:00
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
f3cd5f61c5
FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site
2017-03-28 09:07:23 +05:30
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
8e5e3b5af8
FIX: sso provider require return_sso_url
2017-03-22 09:08:38 -04:00
874e8900af
Display email address in SSO error message.
2017-03-21 15:37:46 -04:00
aeaf5075bf
Custom errors for when Email is invalid via SSO
2017-03-21 15:23:38 -04:00
52d78294cc
Render a layout when there's an SSO error
2017-03-21 15:23:38 -04:00
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
b94c7b4902
missing disposition
2017-03-20 17:07:32 -04:00
652b2d7199
remove redundent header setting
2017-03-20 16:08:18 -04:00
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
f5f54c1b77
Merge pull request #4764 from tgxworld/nuke_backticks
...
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
e7c972ac89
FIX: Don't use backticks that take in inputs.
2017-03-17 15:33:51 +08:00
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
6d7e968e30
FEATURE: box-style rendering of sub-categories
2017-03-13 15:25:52 -04:00
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
1a745ca16a
else @user makes no sense :)
2017-03-13 10:22:23 -04:00
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
f13367cecd
FIX: latest + category not respecting homepage category suppression
2017-03-10 15:17:51 -05:00
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
ca20cb9941
FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list
2017-03-02 15:06:56 -05:00
3d347fb9c4
FIX: Don't mark user as `active` if verified email is different.
2017-03-02 14:24:30 +08:00
dbfea9b5b0
correct refactor
2017-03-01 18:26:26 -05:00
c79b146283
FEATURE: make list controller a bit more extensible
2017-03-01 16:41:09 -05:00
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
3754b038e8
fix brotli origin
2017-02-23 18:26:40 -05:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
a702330ccd
FEATURE: make show_subcategory_list a per-category setting
2017-02-22 11:42:36 -05:00
3ce3abef8f
FIX: add Content-Disposition and Content-Type headers when downloading attachments
2017-02-20 15:59:01 +01:00
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
040e10a627
reduce duplication
2017-02-15 17:27:10 -05:00
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
3818c196e0
remove disallowed params
2017-02-15 16:47:14 -05:00
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
1deec95ccb
Use `natural` orientation for web app manifest.
...
The `any` orientation forces the rotation even when the device's screen
rotation is disabled. Using `natural` respects that and restores the
expected behaviour.
2017-02-12 18:04:06 +00:00
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
18007ed34b
FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`.
2017-02-01 14:51:56 +08:00
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
2017-01-25 13:12:24 +08:00
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
d6bf5b0e78
Use `any` orientation for web app manifest.
2017-01-11 17:32:24 +08:00
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
43671b1fda
UX: Display group fullname in mention autocomplete.
2017-01-04 11:40:14 +08:00
d3fb724578
Merge pull request #4632 from xfalcox/native-app-banner
...
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
d7c8c2d5e3
FEATURE: Opt-in native Discourse app install banner on Android/iOS
2017-01-03 15:50:45 -02:00
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
5605700fa9
UX: Sort groups by name.
2016-12-22 14:46:20 +08:00
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
5e75d5c1bf
PERF: N+1 query on groups page.
2016-12-21 20:59:09 +08:00
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Arpit Jalan
Erick Guan
Neil Lalonde
Guo Xiang Tan
Sam
Robin Ward
Régis Hanol
Ryan C. Gordon
Aashaka Shah
Victor van Poppelen
Rafael dos Santos Silva
Blake Erickson
Nicolas
Jeff Atwood
Claas Augner