Commit Graph

2439 Commits

Author SHA1 Message Date
Robin Ward 8a8dec550b FIX: If login is required, redirect to the `/login` route instead of root 2017-05-25 13:35:15 -04:00
Robin Ward cdbe027c1c Refactor `FileHelper` to use keyword arguments. 2017-05-24 13:54:26 -04:00
Sam d0f84aa14e FIX: missing to_i which breaks selector component for anon 2017-05-24 11:39:10 -04:00
Guo Xiang Tan 238a156300 FIX: `TopicTimestampChanger` should not allow timestamps in the future. 2017-05-22 16:03:49 +08:00
Guo Xiang Tan 4382a0bb07 Rename `PostTimestampChanger` -> `TopicTimestampChanger`. 2017-05-22 15:01:33 +08:00
Robin Ward 908433a7a0 SECURITY: Validate the `entity` when downloading a CSV 2017-05-19 16:00:51 -04:00
Guo Xiang Tan 8ab9f30bbd FIX: User can't remove bookmark from a deleted post. 2017-05-19 12:25:12 +08:00
Arpit Jalan 1fd8e426f2 FIX: better uploads error page 2017-05-18 23:29:37 +05:30
Régis Hanol 13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Sam 2a5a01af2e improve error on theme upload, add gif to allowed uploads 2017-05-17 16:29:09 -04:00
Neil Lalonde a0f03936ff FIX: saving invisible primary group field that you don't belong to 2017-05-17 12:46:50 -04:00
Sam e1dd543a93 FEATURE: allow users to select theme on single device 2017-05-15 12:48:16 -04:00
Sam 2d96a0785d FEATURE: theme selection is now global per-user 2017-05-12 12:41:34 -04:00
Neil Lalonde 55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Pat David 18de62b015 Add get_embeddable_css_class to assist multi-site embed styling
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Pat David 4bf8548dc5 Add embed class name setup for embeddable hosts 2017-05-11 15:16:16 -04:00
Régis Hanol 9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam 04b5516bf2 improve upload functionality 2017-05-10 15:47:11 -04:00
Sam bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron c2829dce22 FIX: base sql vanishes after badge creation 2017-05-09 09:25:57 -04:00
Robin Ward afe04b8bbb FIX: Possible 500 error if category saved incorrectly 2017-05-08 15:17:58 -04:00
Arpit Jalan e89d0a6b20 FIX: importing a theme via file was broken 2017-05-08 12:03:24 +05:30
Robin Ward 777f1f0f47 FIX: Return a 404 if the auth session is not present 2017-05-04 15:35:24 -04:00
Robin Ward 1768c45a33 FIX: If we can't proxy to a CDN due to HTTP error, render blank 2017-05-04 12:42:46 -04:00
Robin Ward 57a2042ef6 FIX: Quiet server side errors for requesting json for account-created 2017-05-04 12:30:13 -04:00
Guo Xiang Tan 3eb920e2b0 Merge pull request #4841 from fantasticfears/webhook-ping
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Robin Ward 81190f5d66 FIX: Redirect away from `account-created` if you're logged in 2017-05-03 11:18:01 -04:00
Robin Ward 12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Robin Ward b381372184 Use Ember.js for the `/u/account-created` path so we can add controls 2017-05-03 11:18:01 -04:00
Sam 946f25098f Refactor theme fields so they support custom theme defined vars
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Arpit Jalan 77a8cae094 FIX: rescue specific errors on invite failure 2017-05-02 15:13:33 +05:30
Erick Guan 9f8a917d65 add event name for ping webhooks in the header 2017-05-02 08:13:23 +02:00
Neil Lalonde 0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Guo Xiang Tan 304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Guo Xiang Tan e4b9f72f9e FIX: Force the right encoding when handling email. 2017-04-27 16:51:54 +08:00
Arpit Jalan b755279cf0 remove unneeded code 2017-04-27 08:47:47 +05:30
Arpit Jalan e3f82140d8 more readable code for filtering username/email when bulk adding to group 2017-04-27 08:43:28 +05:30
Arpit Jalan b41d96fac1 FIX: properly initialize hashes 2017-04-27 02:56:14 +05:30
Arpit Jalan 285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Guo Xiang Tan 6f7c6b0fd0 FIX: Incorrect error raised. 2017-04-25 09:59:01 +08:00
Guo Xiang Tan 423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Sam 7a9eee1b71 FEATURE: default notification level for group messages
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Robin Ward 8b8ee2ad61 Pass a context in when using a HTML builder 2017-04-18 12:35:35 -04:00
Arpit Jalan 1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Sam 86904e9cd6 FIX: better error handling for theme import 2017-04-17 16:55:53 -04:00
Arpit Jalan 0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam ed2e62f845 correct environment handling for test mode 2017-04-14 14:00:46 -04:00
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan ef093b1610 Merge pull request #4807 from techAPJ/email-token-social
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan 3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Arpit Jalan 7fb17b83c4 FIX: confirm email token for user created via social login 2017-04-13 14:15:32 +05:30
Guo Xiang Tan ee449b0dd5 Improve SSO verbose log when user record is invalid. 2017-04-13 11:39:26 +08:00
Guo Xiang Tan 57788200ec REFACTOR: Add `User.reserved_username?`. 2017-04-13 10:44:26 +08:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron 0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Guo Xiang Tan 9663a74445 FIX: Ensure `username` param is valid in `NotificationsController`. 2017-04-07 17:32:52 +08:00
Régis Hanol 93556bb950 Merge pull request #4793 from rcgordon/smtp-fast-rejection
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde 708f65f740 FIX: web crawlers getting 404 on category pages 2017-04-06 14:52:06 -04:00
Ryan C. Gordon 888d1512ec Corrected indentation. 2017-04-06 01:49:34 -04:00
Aashaka Shah 402eaaa773 FEATURE: add og tags to metadata in individual badges page 2017-04-06 09:32:53 +05:30
Guo Xiang Tan 5943543ec3 FIX: Improve checks for non-human users. 2017-04-06 11:29:34 +08:00
Ryan C. Gordon c51af13338 smtp_should_reject API: use better approach to find user email. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon a51c191a66 Make Email::Receiver.check_address() into a class method. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon e15d11df18 Added an API to ask if an incoming email should be dropped at the SMTP level.
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 3839206317 FIX: Return JSON errors for `by-external` if JSON requested 2017-04-04 16:22:14 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan 406d721f11 Fix `NilClass` error in `UsersController`. 2017-04-04 14:17:45 +08:00
Guo Xiang Tan f4758a4c4d FEATURE: Allow admins to schedule a topic to be published in the future. 2017-04-04 11:16:05 +08:00
Guo Xiang Tan 0bbad5040a `topic-status-info` component wasn't updated when topic is closed/opened. 2017-03-31 15:58:26 +08:00
Guo Xiang Tan b6e9871b4b Update `Topic#closed` client side when closing/opening a topic temporarily. 2017-03-31 15:05:00 +08:00
Guo Xiang Tan 34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Guo Xiang Tan a818fa9831 FIX: Show stats of the last 30 days be default for admin reports.
* `1.month.ago + 1.month` uses the calendar month for calculations
  such that `1.month.ago` from the 30th of March 2017 will give
  us the 28th of February 2017. Adding one month ahead from
  28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
Arpit Jalan f3cd5f61c5 FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site 2017-03-28 09:07:23 +05:30
Neil Lalonde 11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Sam 8e5e3b5af8 FIX: sso provider require return_sso_url 2017-03-22 09:08:38 -04:00
Robin Ward 874e8900af Display email address in SSO error message. 2017-03-21 15:37:46 -04:00
Robin Ward aeaf5075bf Custom errors for when Email is invalid via SSO 2017-03-21 15:23:38 -04:00
Robin Ward 52d78294cc Render a layout when there's an SSO error 2017-03-21 15:23:38 -04:00
Arpit Jalan 82c0f5f587 Merge pull request #4767 from techAPJ/activate-account
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan 7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Sam Saffron b94c7b4902 missing disposition 2017-03-20 17:07:32 -04:00
Sam 652b2d7199 remove redundent header setting 2017-03-20 16:08:18 -04:00
Sam c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Guo Xiang Tan 1d4993a185 FIX: Sync user's notification channel before preloaded current user data.
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
Robin Ward f5f54c1b77 Merge pull request #4764 from tgxworld/nuke_backticks
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Victor van Poppelen 9e60f9f093 JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Guo Xiang Tan bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Guo Xiang Tan 1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Neil Lalonde 6d7e968e30 FEATURE: box-style rendering of sub-categories 2017-03-13 15:25:52 -04:00
Sam a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Sam 1a745ca16a else @user makes no sense :) 2017-03-13 10:22:23 -04:00
Guo Xiang Tan 9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan 7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan 848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Sam f13367cecd FIX: latest + category not respecting homepage category suppression 2017-03-10 15:17:51 -05:00
Sam bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Régis Hanol 00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Arpit Jalan 801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Arpit Jalan 090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan 689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Rafael dos Santos Silva c3477cd40d Merge pull request #4716 from discourse/bounced_emails_details
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Guo Xiang Tan 477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Sam c99f4260c0 Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde 6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Rafael dos Santos Silva aac4a4ed94 Handle invalid parameters and missing bounced emails 2017-03-02 20:37:28 -03:00
Neil Lalonde ca20cb9941 FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list 2017-03-02 15:06:56 -05:00
Guo Xiang Tan 3d347fb9c4 FIX: Don't mark user as `active` if verified email is different. 2017-03-02 14:24:30 +08:00
Sam dbfea9b5b0 correct refactor 2017-03-01 18:26:26 -05:00
Sam c79b146283 FEATURE: make list controller a bit more extensible 2017-03-01 16:41:09 -05:00
Neil Lalonde 262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Blake Erickson 80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan 877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Régis Hanol fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Sam Saffron 3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Sam f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Rafael dos Santos Silva 5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Neil Lalonde a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Régis Hanol 3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Régis Hanol f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Sam 1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam Saffron 040e10a627 reduce duplication 2017-02-15 17:27:10 -05:00
Neil Lalonde d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam 3818c196e0 remove disallowed params 2017-02-15 16:47:14 -05:00
Sam 74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Nicolas 1deec95ccb Use `natural` orientation for web app manifest.
The `any` orientation forces the rotation even when the device's screen
 rotation is disabled. Using `natural` respects that and restores the
 expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood 3ee7a9266c Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron 4332f0dde1 FEATURE: allow user search API to restrict to group 2017-02-09 18:45:39 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam 2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol 27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Arpit Jalan 5523d0dbf9 fix the build 2017-02-03 15:35:33 +05:30
Arpit Jalan 26ccf61ab1 FIX: sane error message when inviting an existing user 2017-02-03 14:27:27 +05:30
Guo Xiang Tan 61111a3f9b FIX: Show groups that user is owner of on groups page. 2017-02-03 16:51:32 +08:00
Guo Xiang Tan 18007ed34b FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`. 2017-02-01 14:51:56 +08:00
Guo Xiang Tan f6d9745c5f Bye bye byebug. 2017-02-01 14:50:14 +08:00
Guo Xiang Tan 6c8c91dca4 UX: Change default filename for images that have been pasted. 2017-02-01 14:44:41 +08:00
Arpit Jalan 9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Guo Xiang Tan 781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan 0a25df67bc Revert "FIX: Incorrect parameter being passed to component."
This reverts commit d354a6f7a4.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan d354a6f7a4 FIX: Incorrect parameter being passed to component. 2017-01-25 13:09:08 +08:00
Guo Xiang Tan 32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Arpit Jalan e793caf3e3 FIX: only allow CSV file to be uploaded for bulk invite 2017-01-11 16:26:01 +05:30
Guo Xiang Tan d6bf5b0e78 Use `any` orientation for web app manifest. 2017-01-11 17:32:24 +08:00
Guo Xiang Tan cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Guo Xiang Tan 68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Neil Lalonde 685e6bdbab FIX: tags canonical url can raise error or be wrong 2017-01-05 15:17:23 -05:00
Claas Augner bec10ada2a
Remove unused email templates from controller 2017-01-05 15:31:14 +01:00
Guo Xiang Tan 5098baee2f FIX: Undefined variable. 2017-01-04 17:37:23 +08:00
Guo Xiang Tan 43671b1fda UX: Display group fullname in mention autocomplete. 2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva d3fb724578 Merge pull request #4632 from xfalcox/native-app-banner
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva d7c8c2d5e3 FEATURE: Opt-in native Discourse app install banner on Android/iOS 2017-01-03 15:50:45 -02:00
Guo Xiang Tan ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan 5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan 5605700fa9 UX: Sort groups by name. 2016-12-22 14:46:20 +08:00
Guo Xiang Tan 8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan 5e75d5c1bf PERF: N+1 query on groups page. 2016-12-21 20:59:09 +08:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan 9db5d5b6a7 FIX: Incorrect serializer for groups page. 2016-12-20 15:44:22 +08:00
Guo Xiang Tan 7c7c233c1c FIX: Can't update `Groups#allow_membership_requests` in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan 502e114c60 FIX: Incorrect count when loading more groups. 2016-12-20 14:39:44 +08:00
Guo Xiang Tan 193f8301a4 FIX: Do not show automatic groups to normal users. 2016-12-20 14:26:49 +08:00
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam 2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig 87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan 18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Sam e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam 15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam 61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam 6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam 98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan 4b940dc8bd FEATURE: Add groups page. 2016-12-14 17:27:47 +08:00
Robin Ward 03bc6f70f9 Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
Guo Xiang Tan 2686ee5ab2 FIX: Admin can't add/remove public group users. 2016-12-13 16:39:44 +08:00
Guo Xiang Tan 43ee9f884e FEATURE: Add `Group#full_name`. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan 7bfabb029b UX: Move editing group from into an individual tab. 2016-12-13 15:15:20 +08:00
Guo Xiang Tan da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan 9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan 790f1ef9f3 FIX: Permit missing params. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan b9b4b0c175 FIX: Members should be ordered by username. 2016-12-08 14:27:38 +08:00
Guo Xiang Tan a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Robin Ward d379f57c58 FIX: Show an error page if `finish-installation` can't run 2016-12-07 11:10:08 -05:00
Guo Xiang Tan 81d333289e FIX: Return 503 when in readonly mode. 2016-12-07 14:04:42 +08:00
Guo Xiang Tan 545dfa7191 FEATURE: Allow group owners to edit title. 2016-12-07 10:26:28 +08:00
Sam 1135e00c83 FIX: regression unable to dismiss unread 2016-12-06 08:49:40 +11:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Arpit Jalan 431aa79bb3 Merge pull request #4587 from techAPJ/invite-upload
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan adb7fcb6b3 FEATURE: Add bio to group page. 2016-12-05 16:58:04 +08:00
Arpit Jalan ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Guo Xiang Tan 31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Sam dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Sam 8a98d617df correct headers and add better caching 2016-12-05 15:11:07 +11:00
Sam 39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam 1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam 33d0a23d84 Merge branch 'fix_whisper' 2016-12-05 10:01:03 +11:00
Neil Lalonde dafd1453d6 FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
Guo Xiang Tan bc0a8142fe PERF: Only show members count on group page. 2016-12-02 16:28:54 +08:00
Sam c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Sam b8dc58be90 got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
Sam 266322ce2e FEATURE: add help text for no bookmarks in user page 2016-11-29 17:56:00 +11:00
Guo Xiang Tan d95fbd89d0 Enable miniprofiler in development automatically. 2016-11-29 10:59:10 +08:00
Joe Buhlig 0390deba40 FIX: Add tags to list options from params 2016-11-26 08:24:52 -06:00
Guo Xiang Tan 559918c6c6 PERF: Add endpoint to check if a group can be mentioned by user. 2016-11-26 02:20:46 +08:00
Guo Xiang Tan 5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Guo Xiang Tan 712ff01f38 PERF: Remove eager load. 2016-11-25 11:21:08 +08:00
Guo Xiang Tan 63a88ee6e7 Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam 88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Neil Lalonde f885e5b5e6 fix success response handling of sending digest preview email 2016-11-24 15:05:33 -05:00
Guo Xiang Tan 84914c5e1f PERF: Fix N+1 query. 2016-11-24 17:47:14 +08:00
Guo Xiang Tan b889bfefbb PERF: Don't calculate the same query twice. 2016-11-24 14:05:26 +08:00
Neil Lalonde 47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Sam e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Guo Xiang Tan f824afb4d3 FEATURE: Allow date_of_field column to be updated. 2016-11-17 15:16:58 +08:00
cpradio c3d4c949f1 Add comments to relevant sections denoting "create new topic" scenario is not supported for cannot-see-mention (per @coding-horror instruction) 2016-11-16 06:26:36 -05:00
Robin Ward 32a8d5ed1f Merge pull request #4550 from cpradio/cannot-see-mention
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam 63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
cpradio 824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Kiffin Gish 3aa22715af A new guard for changing post timestamps called can_change_post_timestamps? 2016-11-06 20:14:09 +01:00
Neil Lalonde 764a572070 FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory 2016-11-02 15:29:33 -04:00
Neil Lalonde 29edbafac7 FIX: post short link on subfolder installs 2016-11-01 15:20:04 -04:00
Neil Lalonde 9ef1688a76 FEATURE: per-category default topic list sort order 2016-11-01 12:18:41 -04:00
Neil Lalonde 8c9d390cac FIX: Tags used only on deleted topics could not be used again 2016-10-28 15:11:50 -04:00
Régis Hanol 71f940d478 FIX: use metadata to hold the message_id with sparkpost 2016-10-27 19:35:50 +02:00
Dmitry Demenchuk fb25485bb1 Delete useless home_redirect method from ForumsController. 2016-10-27 15:45:22 +01:00
Régis Hanol 41f19641d1 FIX: don't error out when we receive a bounce associated to a deleted user 2016-10-26 10:13:05 +02:00
Régis Hanol 81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Guo Xiang Tan ee9946388c Merge pull request #4507 from ming-relax/feat-delete-by-email
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Sam 9a94d1b212 FIX: everyone is not a visible group 2016-10-24 13:03:22 +11:00
Robin Ward 19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Sam bfa33f2518 Merge pull request #4500 from tgxworld/performance_on_users_page
PERF: Remove ordering by username.
2016-10-21 10:40:58 +11:00
Robin Ward c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU dffd8baa91 Remove user from a group by user email 2016-10-18 17:10:47 +08:00
Régis Hanol 3949c24f80 FIX: sparkpost webhooks support 2016-10-17 11:26:49 +02:00
Guo Xiang Tan 18d032ad91 PERF: Remove ordering by username.
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde 0328141e05 FIX: prevent creation of tags with invalid characters 2016-10-12 15:44:36 -04:00
Régis Hanol ddcc084d22 Revert "FEATURE: Use the top period default for users who have been inactive or are new" 2016-10-11 17:56:46 +02:00
cpradio 2de50a616d FEATURE: Use the top period default for users who have been inactive or are new 2016-10-11 09:55:15 -04:00
Sam 6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam f6ac914376 Merge pull request #4467 from cpradio/advanced-search-ui
FEATURE: Advanced Search UI
2016-10-11 10:02:35 +11:00
Sam 3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Neil Lalonde 600b23c0a4 FIX: permalink redirects should work on tag paths 2016-10-04 12:01:42 -04:00
cpradio 4b71fd253b Advanced Search UI
Properly support Categories so it updates the search box correctly

Use category id, as it is more consistent with search results than using the slugs, especially for parent/subcategory

Added Status

Improve AutoComplete so it can receive updates
Added the ability for AutoComplete to receive updates to badge-selector and group-selector

Respect null, which is set via web-hooks

Support both # and category: for category detection.

Only update the searchedTerms if they differ from its current value (this helps the Category Selector receive updates)

Opt in receive updates (#3)

* Make the selectors opt-in for receiving updates

* Opt-in to receive updates

* Fix category detection for search-advanced-options

Fix eslint error

Update user-selector so it can receive updates live too
Make the canReceiveUpdates check validate against 'true'

Converted to use template literals

Refactor the regex involved with this feature
Split apart the init to make it a bit more manageable/testable

Switch the category selector to category-chooser, so it is a dropdown of categories instead of auto-complete

Reduce RegEx to make this happier with unicode languages and reduce some of the complexity
2016-10-04 11:18:01 -04:00
Robin Ward f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Guo Xiang Tan 1c3992e575 FIX: Ensure that translations bundle exists before merging plugin bundle. 2016-09-30 14:29:30 +08:00
Vibol Hou c3d60d5d1d Merge remote-tracking branch 'upstream/master' 2016-09-29 02:12:05 -07:00
Guo Xiang Tan 72ccb4e11d FIX: Plugin "admin_js" translations bundle was not fetched. 2016-09-29 04:42:26 +08:00
Vibol Hou 34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva 0229df4c73 Second review fixes 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva 2a5a0bebb3 Adjusts from review 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva acc70cc3de SiteSetting, admin passtrough, CSS, hide on mobile 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva 6faedfa716 Rate limit printing 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Guo Xiang Tan 4e663998af PERF: N+1 query on user summary page. 2016-09-23 12:44:08 +08:00
Robin Ward 7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward 35b767f6af Company Name Step which updates the TOS 2016-09-22 09:52:19 -04:00
Robin Ward 28b6c300a0 Clean up wizard updater API for better plugin use 2016-09-22 09:52:19 -04:00
Robin Ward af83c8dc14 Upload Logos Step 2016-09-22 09:52:19 -04:00
Robin Ward c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward 9f12b571ef Wizard: Server Side Validation + Finished Step 2016-09-22 09:52:19 -04:00
Robin Ward 3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward 0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward 6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan 9374e5d42d Revert "FIX: don't overwrite category's logo & background URLs"
This reverts commit 641b95f655.
2016-09-22 11:30:19 +08:00
Régis Hanol 641b95f655 FIX: don't overwrite category's logo & background URLs 2016-09-21 22:11:31 +02:00
Guo Xiang Tan 547750e9dd Unify API keys and web hooks into a single admin nav header. 2016-09-20 05:22:03 +08:00
Robin Ward 2766b2edc3 FIX: Allow redirection for slugs that start with digits 2016-09-19 13:31:19 -04:00
Erick Guan 00d5facf36 FEATURE: prompts new webhook events 2016-09-19 12:07:17 +08:00
cpradio 2eddeab66b Escape the hyphen 2016-09-16 19:07:46 -04:00
cpradio 0d2d8797b6 FIX: Backup validation wasn't escaping hyphens 2016-09-16 15:20:42 -04:00
Sam 75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Guo Xiang Tan 512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Sam e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam 25a82e7d22 PERF: only publish notification state if we changed it
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Guo Xiang Tan b0752b1f91 FIX: Don't bypass validations. 2016-09-15 10:15:17 +08:00
Sam 2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Arpit Jalan 19ddf95efa FIX: add custom invite email templates 2016-09-08 00:54:48 +05:30
Erick Guan 9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Guo Xiang Tan aabb7a8592 FIX: DiscourseEvent should not be triggered from within the controller. 2016-09-05 15:58:04 +08:00
Sam 1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Régis Hanol e064e6f7a3 FEATURE: new 'categories_and_latest' endpoint 2016-08-29 22:47:44 +02:00
Sam 0303080586 we do not define auth providers for builtins 2016-08-29 11:12:24 +10:00
Sam 22b8c0d44e FIX: fullscreen login set from client needs to be respected 2016-08-29 10:13:51 +10:00
Neil Lalonde 2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Sam ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam 2b15919aee missing spot where old api was used 2016-08-26 10:58:34 +10:00
Sam eaf87f0770 FIX: correctly handle api key so it uses current user provider 2016-08-26 10:39:13 +10:00
Arpit Jalan bfefda06f6 FIX: handle embed count when topic not found 2016-08-25 07:12:20 +05:30
Neil Lalonde 50a8eb1810 Merge pull request #4405 from gdpelican/fix/intersection-pagination
FIX: Don't join on tags unnecessarily when matching all tags
2016-08-24 14:45:15 -04:00
Robin Ward c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Sam 691f739f11 better error handling
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
Régis Hanol 2690ef7050 prefix setting with 'desktop_' since it's only used for desktop 2016-08-22 23:43:42 +02:00
Régis Hanol d06e2793aa fix logic for when to include topics in category list 2016-08-22 23:11:08 +02:00
Régis Hanol 4d6028ea2d UX: new 'category_page_style' site setting 2016-08-22 23:01:43 +02:00
James Kiesel 386b8b8498 Don't join on tags unnecessarily when matching all tags 2016-08-19 10:37:32 -05:00
Régis Hanol eb953c0904 FIX: /categories page on mobile 2016-08-19 01:47:00 +02:00
Neil Lalonde a644602612 FIX: infinite scrolling of topic list when filtered to one tag 2016-08-18 16:36:30 -04:00
Régis Hanol 6d1d7b7c8f UX: new /categories layout 2016-08-17 23:23:16 +02:00
Neil Lalonde d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam 79c1d3459b line was there twice 2016-08-17 17:03:48 +10:00
Sam 91b72936c4 Normalize away a requested push if for some reason we can not push there 2016-08-17 16:44:38 +10:00
Sam b4dfb84f37 PERF: stop doing work for HEAD requests on topics 2016-08-17 10:04:23 +10:00
Sam a25a8115e8 FEATURE: support HEAD request to /user-api-key/new
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam 416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Sam 0b334cdf74 FIX: stop removing query params from destination url in sso 2016-08-16 17:06:52 +10:00
Neil Lalonde 3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel 037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel 7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam 7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward 429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Neil Lalonde 5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Guo Xiang Tan bf683178a8 FIX: Remove tag plugin code from tag hashtag check. 2016-08-02 10:59:12 +08:00
Régis Hanol 681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Neil Lalonde 1f12e41029 FIX: query for tag with no sub-categories 2016-07-28 16:59:00 -04:00
Neil Lalonde 82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Neil Lalonde 77847f0d46 FIX: meta description tags for tags 2016-07-28 11:49:23 -04:00
Robin Ward 2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Guo Xiang Tan 36ddb1787e FEATURE: Add toggle topic visibility button in popup menu. 2016-07-28 16:57:04 +08:00
Sam c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Régis Hanol 6dac9075dc new 'convert_pasted_images_quality' site setting 2016-07-27 19:59:44 +02:00
Régis Hanol be099bb637 only convert pasted images to HQ jpg when it's at least 5% smaller 2016-07-27 19:55:13 +02:00
Andre Pereira 8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Neil Lalonde 3c0df3510a FIX: tags index should show all tags belonging to a category even if they have never been used 2016-07-26 16:04:11 -04:00
Régis Hanol 749b981759 FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting 2016-07-25 23:01:28 +02:00
Neil Lalonde ece4fa82c9 FIX: add canonical link to tags topic lists 2016-07-25 16:16:19 -04:00
Neil Lalonde 11b3b5e30a FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter 2016-07-25 16:16:18 -04:00
Régis Hanol d2e22ab215 extract bounce scores into site settings 2016-07-25 17:27:28 +02:00
Sam df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Neil Lalonde 7c092b0fe0 FEATURE: add filter to show topics that have not been tagged 2016-07-20 16:21:51 -04:00
Neil Lalonde a74606c87c PERF: tag groups index query 2016-07-15 17:16:26 -04:00
Régis Hanol 7b6d946613 FIX: searching received emails for TO was broken 2016-07-13 22:43:25 +02:00
Guo Xiang Tan 5fed886c8f FIX: Update post replies when we move posts. (#4324) 2016-07-13 17:34:21 +02:00
Sam 4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward 1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Régis Hanol c104e4c022 allow avatars up to 1000px 2016-07-05 18:49:33 +02:00
Guo Xiang Tan f256e3afb6 Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan 22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Sam 0c6d8e155c Merge pull request #4300 from NuckChorris/patch-2
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00
Guo Xiang Tan 904d9735ab
Refactor desktop notifications to be more modular. 2016-07-01 00:11:32 +08:00
Peter Lejeck e265b7b090 Log RecordInvalid when verbose_sso_logging enabled 2016-06-29 22:12:25 -07:00
Neil Lalonde 99e88ce39f FIX: n+1 query when fetching tag groups 2016-06-29 18:41:22 -04:00
Guo Xiang Tan 64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Guo Xiang Tan 20359788dc
Rename `SiteSetting#use_https` to `force_https`. 2016-06-29 15:02:43 +08:00
Guo Xiang Tan e221414935
PERF: Remove N+1 queries on user messages page. 2016-06-29 09:30:54 +08:00
Sam 1411eedad3 FEATURE: offer to unwatch categories when unwatching category 2016-06-28 18:34:20 +10:00
Robin Ward ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Arpit Jalan 3232ce8265 FIX: better error message when trying to approve post for closed/deleted topic 2016-06-24 15:11:45 +05:30
Régis Hanol 5bfc9cf69e Allow API to create staged users 2016-06-23 12:27:05 +02:00
Régis Hanol 2ecd0da59f REFACTOR: use same code path for handling emails via API and POP 2016-06-22 15:50:49 +02:00
Sam 2d425892c4 FIX: update list of invited users after inviting 2016-06-21 16:01:29 +10:00
Régis Hanol 7fca6f502f fix and improve image downsizing algorithm 2016-06-20 12:35:07 +02:00
Sam 8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam 7edf7b590f SECURITY: restrict constantize classes in search controller 2016-06-17 13:47:34 +10:00
Sam dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam 852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol 49f8a2baa7 FEATURE: support for mandrill webhooks 2016-06-13 12:32:14 +02:00
Guo Xiang Tan 95a013784f Merge pull request #4260 from jamescook/james/replace-certain-gsub-with-tr
Replace certain uses of 'gsub' with 'tr' / 'chomp' for a speed improvement
2016-06-13 18:25:38 +08:00
Sam e66c51fd85 correct regression where clicking on unlisted topics does not work 2016-06-12 16:36:38 +10:00
James Cook c0e25b5a9a Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
improvement
2016-06-10 22:08:37 -05:00
Sam 3015030fe2 FIX: unlisted topics do not get "slug auto correct" logic 2016-06-10 10:53:26 +10:00
Neil Lalonde a6090339a7 FEATURE: tag group options: limit usage of one tag per group, tags in a group can't be used unless a prerequisite tag is used 2016-06-09 16:01:19 -04:00
Régis Hanol 214e25f1b5 use proper 'Message-Id' field 2016-06-09 00:33:13 +02:00
Robin Ward 9a81115c1c FIX: Duplicate link shouldn't happen on edit 2016-06-08 17:22:23 -04:00
Régis Hanol 3e3538d603 loosen security a bit on mailgun's webhook 2016-06-08 22:38:38 +02:00
Neil Lalonde a49ace0ffb FEATURE: ability to restrict tags to categories using groups 2016-06-07 15:36:20 -04:00
Robin Ward 431179dd25 FEATURE: Prompt users when they are entering duplicate links 2016-06-07 14:47:22 -04:00
Robin Ward 6aaa484baa REFACTOR: Move composer messages to store 2016-06-07 14:47:22 -04:00
Arpit Jalan 4253141700 FEATURE: custom email message for topic invites 2016-06-07 23:43:15 +05:30
Arpit Jalan b1a94049e0 FIX: only staff can access 'resend all invites' feature 2016-06-07 10:57:08 +05:30
Arpit Jalan a9c6df198c FEATURE: rate limit resend invites 2016-06-07 10:24:20 +05:30
Jeff Atwood 5c3e36aec2 Merge pull request #4252 from techAPJ/invite-email-improvements
FEATURE: customize invite email message
2016-06-06 14:24:39 -07:00
Neil Lalonde f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Régis Hanol fe595f1653 FEATURE: mailjet webhook 2016-06-06 19:47:45 +02:00
Arpit Jalan 7b205ebba4 FEATURE: customize invite email message 2016-06-06 20:15:30 +05:30
Arpit Jalan c4e1ad0953 FEATURE: Resend all pending invitations 2016-06-03 12:23:13 +05:30
Régis Hanol 9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Neil Lalonde deb93044b4 FEATURE: new tags can be created from the "edit category" modal when defining the set of permitted tags 2016-05-31 17:27:22 -04:00
Neil Lalonde 2c78bea5a0 FIX: could not remove tags from a category 2016-05-31 17:27:22 -04:00
Neil Lalonde a6aab00663 FEATURE: show category-to-tag relationships on tags index page 2016-05-31 17:27:22 -04:00
Neil Lalonde 6796b15857 FEATURE: restrict tags to be used in a category 2016-05-30 16:56:33 -04:00
Régis Hanol 116efffdaa FEATURE: webhooks support for mailgun 2016-05-30 17:11:17 +02:00
Neil Lalonde 3d5716a2c8 FIX: tag input doesn't show staff-only tags to non-staff 2016-05-26 18:03:50 -04:00
Neil Lalonde f13470b96b Use db schema for tags instead of plugin store and custom fields 2016-05-26 14:29:48 -04:00
Neil Lalonde 2293fca012 FEATURE: after category name is changed, URLs with old category slug and tag filter will redirect to new category slug 2016-05-24 16:16:32 -04:00
Arpit Jalan f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Steve Kemp 8f8ad3fe4a Allow an (optional) post-creation time to be submitted. (#4205)
* Allow an (optional) post-creation time to be submitted.

This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..

* Only allow `created_at` to be submitted via the API.

This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Régis Hanol 6137bb46d3 FIX: a User is *not* a Topic 2016-05-14 10:06:29 +02:00
Régis Hanol 1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Robin Ward 89e506551a
Add body class to `account-created` route 2016-05-05 14:37:09 -04:00
Neil Lalonde c1aded8b64 FIX: crawler view of tags index page 2016-05-03 16:10:12 -04:00
Arpit Jalan 82daf93eb3 Merge pull request #4206 from techAPJ/convert-topic
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward 664f1913c8
FIX: Don't include hidden posts in embedded comments 2016-05-03 15:01:20 -04:00
Régis Hanol 8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Arpit Jalan acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Neil Lalonde e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Arpit Jalan 74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam 0b6d12f95d FIX: when no notification state exists on topic, mute on unsubscribe 2016-04-25 11:24:52 +10:00
Sam 7ee11b0508 more logging, add referer 2016-04-25 10:48:36 +10:00
Rafael dos Santos Silva bbe642070e App Banner Support for Android Chrome (#4103)
* App Banner Support for Android Chrome

* Oops, forgot semicolon;
2016-04-20 10:54:01 -04:00
Régis Hanol 7d9f2265b9 FIX: improve support for handling emails coming from screened email addresses 2016-04-18 23:01:54 +02:00
Sam 9e50f36c50 Merge pull request #4137 from cpradio/add-warning-to-flag
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Régis Hanol 379bfac36d Merge pull request #4010 from riking/patch-sitelinks
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Robin Ward 5518141ad5
Option for verbose logging when API calls to create posts fail 2016-04-12 12:10:48 -04:00
Guo Xiang Tan 983d64fd56 PERF: N+1 query on badges index. 2016-04-12 17:45:02 +08:00
Régis Hanol 7783ba46fc remove /error endpoint 2016-04-11 20:43:24 +02:00
Robin Ward cc25716e47 FIX: Allow message format translations to be overridden 2016-04-08 14:49:50 -04:00
Thorben Egberts cf8b3fbd56 FEATURE: add user custom fields to user card
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam 19ca08857f FEATURE: verbose SSO logging
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Guo Xiang Tan 4e7e4cee7d PERF: Rendering crawler's template is expensive. 2016-04-07 16:28:31 +02:00
Sam a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Sam 8ec7fd84fd FEATURE: prioritize sidekiq jobs
This commit introduces 3 queues for sidekiq

"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs


"critical jobs"

Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick


"low priority jobs"

Notify mailing list
Pull hotlinked images
Update gravatar

"default"

All the rest

Note: for people running sidekiq from command line use

bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
Régis Hanol a5d8dfb07e FIX: don't hardcode maximum file size 2016-04-06 22:51:28 +02:00
Régis Hanol 2b9e8e5a7d Merge pull request #4147 from cpradio/default_top_timeframe
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
Neil Lalonde 56e47c8d7e FEATURE: report on admin dashboard when favicon is failing to load 2016-04-05 14:42:32 -04:00
cpradio c5bb1d1cfe Return default top setting as part of best_periods_for to see if it can be used 2016-04-05 14:27:18 -04:00
Régis Hanol d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
Régis Hanol 841f36b058 FIX: automatically unstage user when signing in using OAuth 2016-04-04 19:04:10 +02:00
Régis Hanol 79639e2dec FIX: ensure group's users counters are kept in sync 2016-04-04 17:03:18 +02:00
cpradio 95fa340601 Added spec tests 2016-04-03 19:44:14 -04:00
cpradio b4f4cf794b Add warning input to flag dialog
Added isWarning property
pass is_warning along to post_action
Added is_warning to possible arguments to receive from post_actions route
Only show warning checkbox for staff
Only permit the is_warning argument if the user is staff
2016-04-03 18:48:39 -04:00
Arpit Jalan 13fa0f8cf8 FIX: only show regular posts in RSS feed 2016-03-31 21:34:53 +05:30
Arpit Jalan 41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Régis Hanol 0bf001ccd7 FIX: badge grant count wasn't filtered to the current user in the user summary 2016-03-30 23:11:00 +02:00
Sam ed750cac39 FIX: if badges are disabled badge pages should 404 2016-03-29 17:21:32 +11:00
Kane York f2ddd44712 FEATURE: Add /search discovery
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00