Robin Ward
8a8dec550b
FIX: If login is required, redirect to the `/login` route instead of root
2017-05-25 13:35:15 -04:00
Robin Ward
cdbe027c1c
Refactor `FileHelper` to use keyword arguments.
2017-05-24 13:54:26 -04:00
Sam
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
Guo Xiang Tan
238a156300
FIX: `TopicTimestampChanger` should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
Guo Xiang Tan
4382a0bb07
Rename `PostTimestampChanger` -> `TopicTimestampChanger`.
2017-05-22 15:01:33 +08:00
Robin Ward
908433a7a0
SECURITY: Validate the `entity` when downloading a CSV
2017-05-19 16:00:51 -04:00
Guo Xiang Tan
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
Arpit Jalan
1fd8e426f2
FIX: better uploads error page
2017-05-18 23:29:37 +05:30
Régis Hanol
13e489b4ca
replace the upload type whitelist with a sanitizer
2017-05-18 12:13:13 +02:00
Sam
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
Neil Lalonde
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
Sam
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
Sam
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
Neil Lalonde
55b61e9bea
rename topic_status_update to topic_timer
2017-05-11 18:27:53 -04:00
Pat David
18de62b015
Add get_embeddable_css_class to assist multi-site embed styling
...
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Pat David
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
Régis Hanol
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
Sam
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
Robin Ward
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
Arpit Jalan
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
Robin Ward
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
Robin Ward
1768c45a33
FIX: If we can't proxy to a CDN due to HTTP error, render blank
2017-05-04 12:42:46 -04:00
Robin Ward
57a2042ef6
FIX: Quiet server side errors for requesting json for account-created
2017-05-04 12:30:13 -04:00
Guo Xiang Tan
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Robin Ward
81190f5d66
FIX: Redirect away from `account-created` if you're logged in
2017-05-03 11:18:01 -04:00
Robin Ward
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
Robin Ward
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
Sam
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Arpit Jalan
77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
Erick Guan
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
Neil Lalonde
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
Guo Xiang Tan
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
Guo Xiang Tan
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
Arpit Jalan
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
Arpit Jalan
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
Arpit Jalan
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
Arpit Jalan
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
Guo Xiang Tan
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
Guo Xiang Tan
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
Sam
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
Robin Ward
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
Arpit Jalan
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
Robin Ward
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
Sam
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
Arpit Jalan
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
Sam
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
Arpit Jalan
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
Guo Xiang Tan
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
Guo Xiang Tan
57788200ec
REFACTOR: Add `User.reserved_username?`.
2017-04-13 10:44:26 +08:00
Sam
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
Guo Xiang Tan
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
Régis Hanol
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
Ryan C. Gordon
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
Aashaka Shah
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
Guo Xiang Tan
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
Ryan C. Gordon
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
Robin Ward
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
Guo Xiang Tan
406d721f11
Fix `NilClass` error in `UsersController`.
2017-04-04 14:17:45 +08:00
Guo Xiang Tan
f4758a4c4d
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:16:05 +08:00
Guo Xiang Tan
0bbad5040a
`topic-status-info` component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
Guo Xiang Tan
b6e9871b4b
Update `Topic#closed` client side when closing/opening a topic temporarily.
2017-03-31 15:05:00 +08:00
Guo Xiang Tan
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
Guo Xiang Tan
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
Arpit Jalan
f3cd5f61c5
FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site
2017-03-28 09:07:23 +05:30
Neil Lalonde
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
Sam
8e5e3b5af8
FIX: sso provider require return_sso_url
2017-03-22 09:08:38 -04:00
Robin Ward
874e8900af
Display email address in SSO error message.
2017-03-21 15:37:46 -04:00
Robin Ward
aeaf5075bf
Custom errors for when Email is invalid via SSO
2017-03-21 15:23:38 -04:00
Robin Ward
52d78294cc
Render a layout when there's an SSO error
2017-03-21 15:23:38 -04:00
Arpit Jalan
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
Sam Saffron
b94c7b4902
missing disposition
2017-03-20 17:07:32 -04:00
Sam
652b2d7199
remove redundent header setting
2017-03-20 16:08:18 -04:00
Sam
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
Guo Xiang Tan
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
Robin Ward
f5f54c1b77
Merge pull request #4764 from tgxworld/nuke_backticks
...
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
Guo Xiang Tan
e7c972ac89
FIX: Don't use backticks that take in inputs.
2017-03-17 15:33:51 +08:00
Victor van Poppelen
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Guo Xiang Tan
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
Guo Xiang Tan
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
Neil Lalonde
6d7e968e30
FEATURE: box-style rendering of sub-categories
2017-03-13 15:25:52 -04:00
Sam
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
Sam
1a745ca16a
else @user makes no sense :)
2017-03-13 10:22:23 -04:00
Guo Xiang Tan
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
Sam
f13367cecd
FIX: latest + category not respecting homepage category suppression
2017-03-10 15:17:51 -05:00
Sam
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
Régis Hanol
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
Arpit Jalan
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
Arpit Jalan
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
Rafael dos Santos Silva
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Guo Xiang Tan
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Sam
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
Rafael dos Santos Silva
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
Neil Lalonde
ca20cb9941
FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list
2017-03-02 15:06:56 -05:00
Guo Xiang Tan
3d347fb9c4
FIX: Don't mark user as `active` if verified email is different.
2017-03-02 14:24:30 +08:00
Sam
dbfea9b5b0
correct refactor
2017-03-01 18:26:26 -05:00
Sam
c79b146283
FEATURE: make list controller a bit more extensible
2017-03-01 16:41:09 -05:00
Neil Lalonde
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
Blake Erickson
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
Régis Hanol
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
Régis Hanol
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Sam Saffron
3754b038e8
fix brotli origin
2017-02-23 18:26:40 -05:00
Sam
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
Rafael dos Santos Silva
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
Neil Lalonde
a702330ccd
FEATURE: make show_subcategory_list a per-category setting
2017-02-22 11:42:36 -05:00
Régis Hanol
3ce3abef8f
FIX: add Content-Disposition and Content-Type headers when downloading attachments
2017-02-20 15:59:01 +01:00
Régis Hanol
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
Sam
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam Saffron
040e10a627
reduce duplication
2017-02-15 17:27:10 -05:00
Neil Lalonde
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
Sam
3818c196e0
remove disallowed params
2017-02-15 16:47:14 -05:00
Sam
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
Nicolas
1deec95ccb
Use `natural` orientation for web app manifest.
...
The `any` orientation forces the rotation even when the device's screen
rotation is disabled. Using `natural` respects that and restores the
expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
Sam
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
Régis Hanol
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
Neil Lalonde
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
Arpit Jalan
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
Arpit Jalan
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
Guo Xiang Tan
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
Guo Xiang Tan
18007ed34b
FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`.
2017-02-01 14:51:56 +08:00
Guo Xiang Tan
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
Guo Xiang Tan
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
Arpit Jalan
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
Guo Xiang Tan
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
Guo Xiang Tan
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
Guo Xiang Tan
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
Régis Hanol
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Arpit Jalan
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78
Use `any` orientation for web app manifest.
2017-01-11 17:32:24 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
Guo Xiang Tan
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
Neil Lalonde
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
Guo Xiang Tan
43671b1fda
UX: Display group fullname in mention autocomplete.
2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva
d3fb724578
Merge pull request #4632 from xfalcox/native-app-banner
...
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva
d7c8c2d5e3
FEATURE: Opt-in native Discourse app install banner on Android/iOS
2017-01-03 15:50:45 -02:00
Guo Xiang Tan
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9
UX: Sort groups by name.
2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf
PERF: N+1 query on groups page.
2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd
FEATURE: Add groups page.
2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9
Better error messages when embedding fails
2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2
FIX: Admin can't add/remove public group users.
2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e
FEATURE: Add `Group#full_name`.
2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b
UX: Move editing group from into an individual tab.
2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb
FIX: Associate category logo and background to uploads record.
2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3
FIX: Permit missing params.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175
FIX: Members should be ordered by username.
2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58
FIX: Show an error page if `finish-installation` can't run
2016-12-07 11:10:08 -05:00
Guo Xiang Tan
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
Guo Xiang Tan
545dfa7191
FEATURE: Allow group owners to edit title.
2016-12-07 10:26:28 +08:00
Sam
1135e00c83
FIX: regression unable to dismiss unread
2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Arpit Jalan
431aa79bb3
Merge pull request #4587 from techAPJ/invite-upload
...
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan
adb7fcb6b3
FEATURE: Add bio to group page.
2016-12-05 16:58:04 +08:00
Arpit Jalan
ce974da9e5
FIX: simplify CSV file upload
2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
Sam
dc66f6681a
add spec for brotli controller, ensure cached correctly
2016-12-05 16:08:36 +11:00
Sam
8a98d617df
correct headers and add better caching
2016-12-05 15:11:07 +11:00
Sam
39a524aac8
FEATURE: brotli cdn bypass for assets
...
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
1db9d17756
Make removal of topic columns more resilient to deploys
2016-12-05 12:11:46 +11:00
Sam
33d0a23d84
Merge branch 'fix_whisper'
2016-12-05 10:01:03 +11:00
Neil Lalonde
dafd1453d6
FIX: topic list filters for bookmarked, posted, and read now work with tag filter
2016-12-02 15:58:14 -05:00
Guo Xiang Tan
bc0a8142fe
PERF: Only show members count on group page.
2016-12-02 16:28:54 +08:00
Sam
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Sam
b8dc58be90
got to be careful with integrity specs
2016-11-29 18:01:09 +11:00
Sam
266322ce2e
FEATURE: add help text for no bookmarks in user page
2016-11-29 17:56:00 +11:00
Guo Xiang Tan
d95fbd89d0
Enable miniprofiler in development automatically.
2016-11-29 10:59:10 +08:00
Joe Buhlig
0390deba40
FIX: Add tags to list options from params
2016-11-26 08:24:52 -06:00
Guo Xiang Tan
559918c6c6
PERF: Add endpoint to check if a group can be mentioned by user.
2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
Guo Xiang Tan
712ff01f38
PERF: Remove eager load.
2016-11-25 11:21:08 +08:00
Guo Xiang Tan
63a88ee6e7
Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
...
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam
88a46be051
FEATURE: display text excerpts when scrolling on mobile
2016-11-25 11:35:29 +11:00
Neil Lalonde
f885e5b5e6
fix success response handling of sending digest preview email
2016-11-24 15:05:33 -05:00
Guo Xiang Tan
84914c5e1f
PERF: Fix N+1 query.
2016-11-24 17:47:14 +08:00
Guo Xiang Tan
b889bfefbb
PERF: Don't calculate the same query twice.
2016-11-24 14:05:26 +08:00
Neil Lalonde
47aa3d94aa
FEATURE: send digest preview to an email address
2016-11-23 17:51:57 -05:00
Sam
e2c87da42a
FEATURE: Add basic support for Safe Mode
...
In Safe Mode all JS extensions and site customizations are disabled.
To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Guo Xiang Tan
f824afb4d3
FEATURE: Allow date_of_field column to be updated.
2016-11-17 15:16:58 +08:00
cpradio
c3d4c949f1
Add comments to relevant sections denoting "create new topic" scenario is not supported for cannot-see-mention (per @coding-horror instruction)
2016-11-16 06:26:36 -05:00
Robin Ward
32a8d5ed1f
Merge pull request #4550 from cpradio/cannot-see-mention
...
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
cpradio
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Kiffin Gish
3aa22715af
A new guard for changing post timestamps called can_change_post_timestamps?
2016-11-06 20:14:09 +01:00
Neil Lalonde
764a572070
FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory
2016-11-02 15:29:33 -04:00
Neil Lalonde
29edbafac7
FIX: post short link on subfolder installs
2016-11-01 15:20:04 -04:00
Neil Lalonde
9ef1688a76
FEATURE: per-category default topic list sort order
2016-11-01 12:18:41 -04:00
Neil Lalonde
8c9d390cac
FIX: Tags used only on deleted topics could not be used again
2016-10-28 15:11:50 -04:00
Régis Hanol
71f940d478
FIX: use metadata to hold the message_id with sparkpost
2016-10-27 19:35:50 +02:00
Dmitry Demenchuk
fb25485bb1
Delete useless home_redirect method from ForumsController.
2016-10-27 15:45:22 +01:00
Régis Hanol
41f19641d1
FIX: don't error out when we receive a bounce associated to a deleted user
2016-10-26 10:13:05 +02:00
Régis Hanol
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
Guo Xiang Tan
ee9946388c
Merge pull request #4507 from ming-relax/feat-delete-by-email
...
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Sam
9a94d1b212
FIX: everyone is not a visible group
2016-10-24 13:03:22 +11:00
Robin Ward
19e2eec219
Allow step 0 to resend the confirmation email
2016-10-21 11:34:19 -04:00
Sam
bfa33f2518
Merge pull request #4500 from tgxworld/performance_on_users_page
...
PERF: Remove ordering by username.
2016-10-21 10:40:58 +11:00
Robin Ward
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU
dffd8baa91
Remove user from a group by user email
2016-10-18 17:10:47 +08:00
Régis Hanol
3949c24f80
FIX: sparkpost webhooks support
2016-10-17 11:26:49 +02:00
Guo Xiang Tan
18d032ad91
PERF: Remove ordering by username.
...
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
0328141e05
FIX: prevent creation of tags with invalid characters
2016-10-12 15:44:36 -04:00
Régis Hanol
ddcc084d22
Revert "FEATURE: Use the top period default for users who have been inactive or are new"
2016-10-11 17:56:46 +02:00
cpradio
2de50a616d
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 09:55:15 -04:00
Sam
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
Sam
f6ac914376
Merge pull request #4467 from cpradio/advanced-search-ui
...
FEATURE: Advanced Search UI
2016-10-11 10:02:35 +11:00
Sam
3e513f5c05
Merge pull request #4459 from vibol/master
...
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Neil Lalonde
600b23c0a4
FIX: permalink redirects should work on tag paths
2016-10-04 12:01:42 -04:00
cpradio
4b71fd253b
Advanced Search UI
...
Properly support Categories so it updates the search box correctly
Use category id, as it is more consistent with search results than using the slugs, especially for parent/subcategory
Added Status
Improve AutoComplete so it can receive updates
Added the ability for AutoComplete to receive updates to badge-selector and group-selector
Respect null, which is set via web-hooks
Support both # and category: for category detection.
Only update the searchedTerms if they differ from its current value (this helps the Category Selector receive updates)
Opt in receive updates (#3 )
* Make the selectors opt-in for receiving updates
* Opt-in to receive updates
* Fix category detection for search-advanced-options
Fix eslint error
Update user-selector so it can receive updates live too
Make the canReceiveUpdates check validate against 'true'
Converted to use template literals
Refactor the regex involved with this feature
Split apart the init to make it a bit more manageable/testable
Switch the category selector to category-chooser, so it is a dropdown of categories instead of auto-complete
Reduce RegEx to make this happier with unicode languages and reduce some of the complexity
2016-10-04 11:18:01 -04:00
Robin Ward
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00
Guo Xiang Tan
1c3992e575
FIX: Ensure that translations bundle exists before merging plugin bundle.
2016-09-30 14:29:30 +08:00
Vibol Hou
c3d60d5d1d
Merge remote-tracking branch 'upstream/master'
2016-09-29 02:12:05 -07:00
Guo Xiang Tan
72ccb4e11d
FIX: Plugin "admin_js" translations bundle was not fetched.
2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb
FEATURE: sparkpost webhook
2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73
Second review fixes
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
2a5a0bebb3
Adjusts from review
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
acc70cc3de
SiteSetting, admin passtrough, CSS, hide on mobile
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
6faedfa716
Rate limit printing
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
c12e533273
Feature: Adds a button to print a topic
2016-09-26 20:44:50 -03:00
Guo Xiang Tan
4e663998af
PERF: N+1 query on user summary page.
2016-09-23 12:44:08 +08:00
Robin Ward
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af
Company Name Step which updates the TOS
2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0
Clean up wizard updater API for better plugin use
2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14
Upload Logos Step
2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96
Add locale step
2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef
Wizard: Server Side Validation + Finished Step
2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205
Wizard: Step 1
2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c
Scaffold for new Wizard - Rails / Ember / Tests
2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa
Support for other i18n bundles
2016-09-22 09:48:58 -04:00
Guo Xiang Tan
9374e5d42d
Revert "FIX: don't overwrite category's logo & background URLs"
...
This reverts commit 641b95f655
.
2016-09-22 11:30:19 +08:00
Régis Hanol
641b95f655
FIX: don't overwrite category's logo & background URLs
2016-09-21 22:11:31 +02:00
Guo Xiang Tan
547750e9dd
Unify API keys and web hooks into a single admin nav header.
2016-09-20 05:22:03 +08:00
Robin Ward
2766b2edc3
FIX: Allow redirection for slugs that start with digits
2016-09-19 13:31:19 -04:00
Erick Guan
00d5facf36
FEATURE: prompts new webhook events
2016-09-19 12:07:17 +08:00
cpradio
2eddeab66b
Escape the hyphen
2016-09-16 19:07:46 -04:00
cpradio
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
Sam
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
Guo Xiang Tan
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
Sam
e6fcaadd45
FIX: redirects back to origin for SSO and omniauth login
2016-09-16 13:48:50 +10:00
Sam
25a82e7d22
PERF: only publish notification state if we changed it
...
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Guo Xiang Tan
b0752b1f91
FIX: Don't bypass validations.
2016-09-15 10:15:17 +08:00
Sam
2d859ba0ed
FIX: user api should always be available to staff
2016-09-12 15:42:06 +10:00
Arpit Jalan
19ddf95efa
FIX: add custom invite email templates
2016-09-08 00:54:48 +05:30
Erick Guan
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00
Guo Xiang Tan
aabb7a8592
FIX: DiscourseEvent should not be triggered from within the controller.
2016-09-05 15:58:04 +08:00
Sam
1d281e02c7
id is optional if already specified in header
2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc
FEATURE: allow user api key revocation for read only keys
2016-09-02 17:04:00 +10:00
Régis Hanol
e064e6f7a3
FEATURE: new 'categories_and_latest' endpoint
2016-08-29 22:47:44 +02:00
Sam
0303080586
we do not define auth providers for builtins
2016-08-29 11:12:24 +10:00
Sam
22b8c0d44e
FIX: fullscreen login set from client needs to be respected
2016-08-29 10:13:51 +10:00
Neil Lalonde
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
Sam
ca79c4b276
stop eating up push_urls
2016-08-26 13:23:06 +10:00
Sam
2b15919aee
missing spot where old api was used
2016-08-26 10:58:34 +10:00
Sam
eaf87f0770
FIX: correctly handle api key so it uses current user provider
2016-08-26 10:39:13 +10:00
Arpit Jalan
bfefda06f6
FIX: handle embed count when topic not found
2016-08-25 07:12:20 +05:30
Neil Lalonde
50a8eb1810
Merge pull request #4405 from gdpelican/fix/intersection-pagination
...
FIX: Don't join on tags unnecessarily when matching all tags
2016-08-24 14:45:15 -04:00
Robin Ward
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
Sam
691f739f11
better error handling
...
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
Régis Hanol
2690ef7050
prefix setting with 'desktop_' since it's only used for desktop
2016-08-22 23:43:42 +02:00
Régis Hanol
d06e2793aa
fix logic for when to include topics in category list
2016-08-22 23:11:08 +02:00
Régis Hanol
4d6028ea2d
UX: new 'category_page_style' site setting
2016-08-22 23:01:43 +02:00
James Kiesel
386b8b8498
Don't join on tags unnecessarily when matching all tags
2016-08-19 10:37:32 -05:00
Régis Hanol
eb953c0904
FIX: /categories page on mobile
2016-08-19 01:47:00 +02:00
Neil Lalonde
a644602612
FIX: infinite scrolling of topic list when filtered to one tag
2016-08-18 16:36:30 -04:00
Régis Hanol
6d1d7b7c8f
UX: new /categories layout
2016-08-17 23:23:16 +02:00
Neil Lalonde
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
Sam
79c1d3459b
line was there twice
2016-08-17 17:03:48 +10:00
Sam
91b72936c4
Normalize away a requested push if for some reason we can not push there
2016-08-17 16:44:38 +10:00
Sam
b4dfb84f37
PERF: stop doing work for HEAD requests on topics
2016-08-17 10:04:23 +10:00
Sam
a25a8115e8
FEATURE: support HEAD request to /user-api-key/new
...
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
Sam
b7cea24d76
FEATURE: more user API flow, support key creation
2016-08-16 17:06:52 +10:00
Sam
0b334cdf74
FIX: stop removing query params from destination url in sso
2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2
Merge pull request #4387 from gdpelican/feature/tags-intersection
...
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
037e9bb7b8
Support any number of tag intersections
2016-08-15 15:30:17 -04:00
Sam
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel
7e73b933c7
First pass
2016-08-12 15:28:46 -04:00
Sam
7e4503dd99
FEATURE: basic info route for all sites, even ones that require login
...
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
Guo Xiang Tan
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Neil Lalonde
1f12e41029
FIX: query for tag with no sub-categories
2016-07-28 16:59:00 -04:00
Neil Lalonde
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
Neil Lalonde
77847f0d46
FIX: meta description tags for tags
2016-07-28 11:49:23 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Guo Xiang Tan
36ddb1787e
FEATURE: Add toggle topic visibility button in popup menu.
2016-07-28 16:57:04 +08:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Régis Hanol
6dac9075dc
new 'convert_pasted_images_quality' site setting
2016-07-27 19:59:44 +02:00
Régis Hanol
be099bb637
only convert pasted images to HQ jpg when it's at least 5% smaller
2016-07-27 19:55:13 +02:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Neil Lalonde
3c0df3510a
FIX: tags index should show all tags belonging to a category even if they have never been used
2016-07-26 16:04:11 -04:00
Régis Hanol
749b981759
FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting
2016-07-25 23:01:28 +02:00
Neil Lalonde
ece4fa82c9
FIX: add canonical link to tags topic lists
2016-07-25 16:16:19 -04:00
Neil Lalonde
11b3b5e30a
FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter
2016-07-25 16:16:18 -04:00
Régis Hanol
d2e22ab215
extract bounce scores into site settings
2016-07-25 17:27:28 +02:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Neil Lalonde
a74606c87c
PERF: tag groups index query
2016-07-15 17:16:26 -04:00
Régis Hanol
7b6d946613
FIX: searching received emails for TO was broken
2016-07-13 22:43:25 +02:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Régis Hanol
c104e4c022
allow avatars up to 1000px
2016-07-05 18:49:33 +02:00
Guo Xiang Tan
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
Sam
0c6d8e155c
Merge pull request #4300 from NuckChorris/patch-2
...
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00
Guo Xiang Tan
904d9735ab
Refactor desktop notifications to be more modular.
2016-07-01 00:11:32 +08:00
Peter Lejeck
e265b7b090
Log RecordInvalid when verbose_sso_logging enabled
2016-06-29 22:12:25 -07:00
Neil Lalonde
99e88ce39f
FIX: n+1 query when fetching tag groups
2016-06-29 18:41:22 -04:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:02:43 +08:00
Guo Xiang Tan
e221414935
PERF: Remove N+1 queries on user messages page.
2016-06-29 09:30:54 +08:00
Sam
1411eedad3
FEATURE: offer to unwatch categories when unwatching category
2016-06-28 18:34:20 +10:00
Robin Ward
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Arpit Jalan
3232ce8265
FIX: better error message when trying to approve post for closed/deleted topic
2016-06-24 15:11:45 +05:30
Régis Hanol
5bfc9cf69e
Allow API to create staged users
2016-06-23 12:27:05 +02:00
Régis Hanol
2ecd0da59f
REFACTOR: use same code path for handling emails via API and POP
2016-06-22 15:50:49 +02:00
Sam
2d425892c4
FIX: update list of invited users after inviting
2016-06-21 16:01:29 +10:00
Régis Hanol
7fca6f502f
fix and improve image downsizing algorithm
2016-06-20 12:35:07 +02:00
Sam
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
Sam
7edf7b590f
SECURITY: restrict constantize classes in search controller
2016-06-17 13:47:34 +10:00
Sam
dd1a184955
Correct mailing list mode unsubscribe
2016-06-17 11:57:23 +10:00
Sam
852860de66
FEATURE: simpler and friendlier unsubscribe workflow
...
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol
49f8a2baa7
FEATURE: support for mandrill webhooks
2016-06-13 12:32:14 +02:00
Guo Xiang Tan
95a013784f
Merge pull request #4260 from jamescook/james/replace-certain-gsub-with-tr
...
Replace certain uses of 'gsub' with 'tr' / 'chomp' for a speed improvement
2016-06-13 18:25:38 +08:00
Sam
e66c51fd85
correct regression where clicking on unlisted topics does not work
2016-06-12 16:36:38 +10:00
James Cook
c0e25b5a9a
Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
...
improvement
2016-06-10 22:08:37 -05:00
Sam
3015030fe2
FIX: unlisted topics do not get "slug auto correct" logic
2016-06-10 10:53:26 +10:00
Neil Lalonde
a6090339a7
FEATURE: tag group options: limit usage of one tag per group, tags in a group can't be used unless a prerequisite tag is used
2016-06-09 16:01:19 -04:00
Régis Hanol
214e25f1b5
use proper 'Message-Id' field
2016-06-09 00:33:13 +02:00
Robin Ward
9a81115c1c
FIX: Duplicate link shouldn't happen on edit
2016-06-08 17:22:23 -04:00
Régis Hanol
3e3538d603
loosen security a bit on mailgun's webhook
2016-06-08 22:38:38 +02:00
Neil Lalonde
a49ace0ffb
FEATURE: ability to restrict tags to categories using groups
2016-06-07 15:36:20 -04:00
Robin Ward
431179dd25
FEATURE: Prompt users when they are entering duplicate links
2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa
REFACTOR: Move composer messages to store
2016-06-07 14:47:22 -04:00
Arpit Jalan
4253141700
FEATURE: custom email message for topic invites
2016-06-07 23:43:15 +05:30
Arpit Jalan
b1a94049e0
FIX: only staff can access 'resend all invites' feature
2016-06-07 10:57:08 +05:30
Arpit Jalan
a9c6df198c
FEATURE: rate limit resend invites
2016-06-07 10:24:20 +05:30
Jeff Atwood
5c3e36aec2
Merge pull request #4252 from techAPJ/invite-email-improvements
...
FEATURE: customize invite email message
2016-06-06 14:24:39 -07:00
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Régis Hanol
fe595f1653
FEATURE: mailjet webhook
2016-06-06 19:47:45 +02:00
Arpit Jalan
7b205ebba4
FEATURE: customize invite email message
2016-06-06 20:15:30 +05:30
Arpit Jalan
c4e1ad0953
FEATURE: Resend all pending invitations
2016-06-03 12:23:13 +05:30
Régis Hanol
9704603fab
FEATURE: sendgrid webhooks
2016-06-01 21:48:06 +02:00
Neil Lalonde
deb93044b4
FEATURE: new tags can be created from the "edit category" modal when defining the set of permitted tags
2016-05-31 17:27:22 -04:00
Neil Lalonde
2c78bea5a0
FIX: could not remove tags from a category
2016-05-31 17:27:22 -04:00
Neil Lalonde
a6aab00663
FEATURE: show category-to-tag relationships on tags index page
2016-05-31 17:27:22 -04:00
Neil Lalonde
6796b15857
FEATURE: restrict tags to be used in a category
2016-05-30 16:56:33 -04:00
Régis Hanol
116efffdaa
FEATURE: webhooks support for mailgun
2016-05-30 17:11:17 +02:00
Neil Lalonde
3d5716a2c8
FIX: tag input doesn't show staff-only tags to non-staff
2016-05-26 18:03:50 -04:00
Neil Lalonde
f13470b96b
Use db schema for tags instead of plugin store and custom fields
2016-05-26 14:29:48 -04:00
Neil Lalonde
2293fca012
FEATURE: after category name is changed, URLs with old category slug and tag filter will redirect to new category slug
2016-05-24 16:16:32 -04:00
Arpit Jalan
f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
Steve Kemp
8f8ad3fe4a
Allow an (optional) post-creation time to be submitted. ( #4205 )
...
* Allow an (optional) post-creation time to be submitted.
This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..
* Only allow `created_at` to be submitted via the API.
This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Régis Hanol
6137bb46d3
FIX: a User is *not* a Topic
2016-05-14 10:06:29 +02:00
Régis Hanol
1e57bbf5c8
Lots bounce emails related fixes
...
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Robin Ward
89e506551a
Add body class to `account-created` route
2016-05-05 14:37:09 -04:00
Neil Lalonde
c1aded8b64
FIX: crawler view of tags index page
2016-05-03 16:10:12 -04:00
Arpit Jalan
82daf93eb3
Merge pull request #4206 from techAPJ/convert-topic
...
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward
664f1913c8
FIX: Don't include hidden posts in embedded comments
2016-05-03 15:01:20 -04:00
Régis Hanol
8e611ec7a1
FEATURE: handle bounced emails
2016-05-02 23:15:32 +02:00
Arpit Jalan
acfb540952
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-02 21:34:05 +05:30
Neil Lalonde
e5918c7d00
FEATURE: Merge tagging plugin into core
2016-04-27 11:58:53 -04:00
Arpit Jalan
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam
0b6d12f95d
FIX: when no notification state exists on topic, mute on unsubscribe
2016-04-25 11:24:52 +10:00
Sam
7ee11b0508
more logging, add referer
2016-04-25 10:48:36 +10:00
Rafael dos Santos Silva
bbe642070e
App Banner Support for Android Chrome ( #4103 )
...
* App Banner Support for Android Chrome
* Oops, forgot semicolon;
2016-04-20 10:54:01 -04:00
Régis Hanol
7d9f2265b9
FIX: improve support for handling emails coming from screened email addresses
2016-04-18 23:01:54 +02:00
Sam
9e50f36c50
Merge pull request #4137 from cpradio/add-warning-to-flag
...
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Régis Hanol
379bfac36d
Merge pull request #4010 from riking/patch-sitelinks
...
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Robin Ward
5518141ad5
Option for verbose logging when API calls to create posts fail
2016-04-12 12:10:48 -04:00
Guo Xiang Tan
983d64fd56
PERF: N+1 query on badges index.
2016-04-12 17:45:02 +08:00
Régis Hanol
7783ba46fc
remove /error endpoint
2016-04-11 20:43:24 +02:00
Robin Ward
cc25716e47
FIX: Allow message format translations to be overridden
2016-04-08 14:49:50 -04:00
Thorben Egberts
cf8b3fbd56
FEATURE: add user custom fields to user card
...
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam
19ca08857f
FEATURE: verbose SSO logging
...
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Guo Xiang Tan
4e7e4cee7d
PERF: Rendering crawler's template is expensive.
2016-04-07 16:28:31 +02:00
Sam
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Sam
8ec7fd84fd
FEATURE: prioritize sidekiq jobs
...
This commit introduces 3 queues for sidekiq
"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs
"critical jobs"
Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick
"low priority jobs"
Notify mailing list
Pull hotlinked images
Update gravatar
"default"
All the rest
Note: for people running sidekiq from command line use
bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
Régis Hanol
a5d8dfb07e
FIX: don't hardcode maximum file size
2016-04-06 22:51:28 +02:00
Régis Hanol
2b9e8e5a7d
Merge pull request #4147 from cpradio/default_top_timeframe
...
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
Neil Lalonde
56e47c8d7e
FEATURE: report on admin dashboard when favicon is failing to load
2016-04-05 14:42:32 -04:00
cpradio
c5bb1d1cfe
Return default top setting as part of best_periods_for to see if it can be used
2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781
FIX: hitting '/t/:id/posts.json' should return the first page of posts
2016-04-05 19:12:14 +02:00
Régis Hanol
841f36b058
FIX: automatically unstage user when signing in using OAuth
2016-04-04 19:04:10 +02:00
Régis Hanol
79639e2dec
FIX: ensure group's users counters are kept in sync
2016-04-04 17:03:18 +02:00
cpradio
95fa340601
Added spec tests
2016-04-03 19:44:14 -04:00
cpradio
b4f4cf794b
Add warning input to flag dialog
...
Added isWarning property
pass is_warning along to post_action
Added is_warning to possible arguments to receive from post_actions route
Only show warning checkbox for staff
Only permit the is_warning argument if the user is staff
2016-04-03 18:48:39 -04:00
Arpit Jalan
13fa0f8cf8
FIX: only show regular posts in RSS feed
2016-03-31 21:34:53 +05:30
Arpit Jalan
41208b99a1
FEATURE: RSS feed for user posts and topics
2016-03-31 20:24:05 +05:30
Régis Hanol
0bf001ccd7
FIX: badge grant count wasn't filtered to the current user in the user summary
2016-03-30 23:11:00 +02:00
Sam
ed750cac39
FIX: if badges are disabled badge pages should 404
2016-03-29 17:21:32 +11:00
Kane York
f2ddd44712
FEATURE: Add /search discovery
...
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00