986cc8a0fb
FEATURE: Introduce Ignore user ( #7072 )
2019-02-27 14:49:07 +01:00
6f427589b2
FIX: make it possible to use backup code everywhere where 2FA required ( #7010 )
2019-02-27 10:37:33 +01:00
33269c4172
FEATURE: do no search for groups unless a term is specified
...
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.
Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
e7821a63e7
FIX: Users should able check the emails for self
2019-02-05 23:31:19 +05:30
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator ( #6739 )
...
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
9248ad1905
DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop ( #6717 )
2018-12-04 11:48:13 +08:00
a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods ( #6660 )
2018-11-23 17:41:41 +00:00
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
d003ae45f9
DEV: Correct typo in users_controller_spec
2018-11-14 14:30:44 +00:00
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
819f090d6a
move large blobs out of `<head>` ( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
3a8f69c3d2
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 16:11:09 +08:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
7fc8a36529
DEV: Take 2 Queue jobs in tests by default.
...
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
56e9ff6853
Revert "DEV: Queue jobs in tests by default."
...
Too risky for now
This reverts commit be28154d3b
2018-05-31 15:34:46 +08:00
be28154d3b
DEV: Queue jobs in tests by default.
2018-05-31 14:45:47 +08:00
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
123a22e6d8
DEV: Clean up omniauth after mocking.
2018-05-28 15:12:54 +08:00
0347c97520
tgxworld feedback
2018-05-28 06:20:47 +03:00
bac0482061
REFACTOR: users contollers specs => request specs
2018-05-25 05:04:25 +03:00
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
27bde6bc11
Fix the build.
2018-03-23 11:43:32 +08:00
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
647cf7545d
Fix randomly failing spec.
2018-01-03 14:42:16 +08:00
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
96584403cd
SECURITY: prevent staged accounts from changing email
2017-12-14 17:16:49 +11:00
82222e8d18
Improve specs to test for the right response status.
2017-11-24 09:32:44 +08:00
628275fc31
FIX: Some badge routes were still working even with badges disabled
2017-11-21 12:22:44 -05:00
Tarek Khalil
Maja Komel
Sam
Vinoth Kannan
David Taylor
Arpit Jalan
Régis Hanol
Guo Xiang Tan
Bianca Nenciu
Robin Ward
Kyle Zhao
Osama Sayegh
Leo McArdle
Erick Guan