Commit Graph

206 Commits

Author SHA1 Message Date
Arpit Jalan 672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Joffrey JAFFEUX 642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Philipp Daniels 6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Sam 96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Sam a393d3bcbb FIX: ensure staged accounts are always inactive
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
Arpit Jalan 1d43d7f136 optimize spec 2017-12-12 13:00:53 +05:30
Arpit Jalan d21db0f186 add a test case to verify presence of registration_ip_address for staged users 2017-12-11 21:33:00 +05:30
Arpit Jalan 5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Neil Lalonde 9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Neil Lalonde d7880af0bb FIX: change password form validation should instruct admins to use min password length for admin accounts 2017-11-07 16:14:56 -05:00
Neil Lalonde 2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Neil Lalonde 1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Guo Xiang Tan 8140e54675 FIX: More fixes for `Group#mentionable` and `Group#messageable` feature. 2017-10-02 17:45:58 +08:00
Régis Hanol af01e62b14 FIX: wasn't allowed to set a user's title anymore 2017-09-26 20:13:24 +02:00
Régis Hanol 28c54b42c5 FIX: wasn't able to update user options anymore 2017-09-26 20:00:10 +02:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Régis Hanol 797936d2c5 FIX: don't leak whisper count in user card 2017-09-14 20:08:16 +02:00
Robin Ward 9b3b39d8a2 FIX: Users should be able to activate their emails even if unapproved
Note in discourse `active` means "Email is active" - they still can't
login until approved
2017-09-12 15:04:39 -04:00
Robin Ward 171d9e5aed SECURITY: Prevent users from updating to blacklisted email domains 2017-09-12 10:11:08 -04:00
Sam 9f0f086b3e FEATURE: allow API to mark accounts as approved on creation 2017-08-28 15:36:46 -04:00
Guo Xiang Tan 0bc690ed11 FIX: Staged users are still missing primary email. 2017-08-09 12:03:49 +09:00
Arpit Jalan 6c997b65d9 optimize enqueuing activation email code 2017-07-31 22:57:39 +05:30
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan 54b508dda3 Add back test to ensure user can't edit name after `SiteSetting.username_change_period`. 2017-07-24 20:47:34 +09:00
Leo McArdle d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Guo Xiang Tan 5994c85ea9 FIX: Raise the right error when email params is missing. 2017-06-12 17:48:32 +09:00
Robin Ward 54bb2a6bc2 FIX: Don't redirect to wizard when resetting password 2017-06-07 12:36:52 -04:00
Guo Xiang Tan 2cad739262 FIX: Better error message when username change fails.
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Guo Xiang Tan 2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Robin Ward b584264d82 FIX: Don't show "resend email" option when user approval is on 2017-05-25 15:29:05 -04:00
Sam 2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Robin Ward 81190f5d66 FIX: Redirect away from `account-created` if you're logged in 2017-05-03 11:18:01 -04:00
Robin Ward 12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Neil Lalonde 0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Arpit Jalan ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward 6b976433c9 Support for both `/users/` and `/u/` paths 2017-03-30 10:23:24 -04:00
Arpit Jalan 7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Guo Xiang Tan ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Sam a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Guo Xiang Tan 9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan 7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Guo Xiang Tan 76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00