Commit Graph

1152 Commits

Author SHA1 Message Date
Sam 946f25098f Refactor theme fields so they support custom theme defined vars
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Erick Guan 9f8a917d65 add event name for ping webhooks in the header 2017-05-02 08:13:23 +02:00
Neil Lalonde 0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Guo Xiang Tan 304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Arpit Jalan 285c167fae FEATURE: provide more details when performing a bulk add to group 2017-04-27 01:37:51 +05:30
Guo Xiang Tan 6f7c6b0fd0 FIX: Incorrect error raised. 2017-04-25 09:59:01 +08:00
Guo Xiang Tan 423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Sam d4111c8676 correct spec 2017-04-20 17:24:21 -04:00
Arpit Jalan ea26c56631 FIX: redirect to login page for anonymous user when profiles are hidden 2017-04-20 13:00:45 +05:30
Sam 2bc3aa7ed4 remove no digest refs
the digestless special dev behavior is no longer needed
2017-04-18 17:05:33 -04:00
Arpit Jalan f968b4e662 Fix the build 2017-04-18 16:34:58 +05:30
Arpit Jalan 1c23aedccf FIX: always send password reset email when accepting invite if password is not set 2017-04-18 14:37:06 +05:30
Arpit Jalan 0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam 809fbb25ce FIX: blanking theme field was not properly removing it 2017-04-13 17:24:15 -04:00
Guo Xiang Tan 3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Guo Xiang Tan 9663a74445 FIX: Ensure `username` param is valid in `NotificationsController`. 2017-04-07 17:32:52 +08:00
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan 0bbad5040a `topic-status-info` component wasn't updated when topic is closed/opened. 2017-03-31 15:58:26 +08:00
Guo Xiang Tan 34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward 6b976433c9 Support for both `/users/` and `/u/` paths 2017-03-30 10:23:24 -04:00
Guo Xiang Tan 3ef82bb32c SECURITY: CSRF vulnerabilities in `Admin::BackupsController`. 2017-03-23 10:29:35 +08:00
Neil Lalonde 11ce73b8ed FEATURE: category setting for default top period 2017-03-22 16:54:18 -04:00
Arpit Jalan 82c0f5f587 Merge pull request #4767 from techAPJ/activate-account
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan 7c3ae50dcd FIX: send activation email if user have unconfirmed email 2017-03-21 09:41:50 +05:30
Sam c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Guo Xiang Tan a1d04a7a9a Fix rspec tests. 2017-03-20 12:35:08 +08:00
Guo Xiang Tan bbc85e1e29 Merge pull request #4750 from discourse/group_login_registration_flow
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan ca965bb455 FEATURE: Redirect to groups page after login/registration flow. 2017-03-16 09:48:51 +08:00
Guo Xiang Tan 1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Sam a690121805 SECURITY: always allow staff to resend activation mails 2017-03-13 10:32:24 -04:00
Guo Xiang Tan 9364d8ce71 FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan 7ebfa3c901 SECURITY: Only allow users to resend activation email with a valid session.
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan 848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Sam bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Arpit Jalan 801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Arpit Jalan 090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Guo Xiang Tan 689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde d95e4102c1 FIX: tags created in secured categories should not be forbidden outside those categories 2017-03-07 11:46:46 -05:00
Régis Hanol 0abe433495 Merge pull request #4736 from techAPJ/group-bulk-add
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
Arpit Jalan d5bcc70e9c FIX: grant trust level when bulk adding users to group 2017-03-06 14:39:53 +05:30
Guo Xiang Tan 477eb0591e FIX: Posts in a deleted topic couldn't be moved.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Neil Lalonde 6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Blake Erickson 80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Guo Xiang Tan 107d6783a9 Remove use of stubs in tests. 2017-03-01 10:53:03 +08:00
Guo Xiang Tan 76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Arpit Jalan 877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Régis Hanol a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Régis Hanol f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Neil Lalonde d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam 8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Sam 7652901b75 reduce mocking and stubbing in controller spec 2017-02-13 14:31:15 -05:00
Neil Lalonde 94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde 1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam 2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol 27fb9c8804 FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Arpit Jalan 9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Guo Xiang Tan 781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan 32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Guo Xiang Tan 68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam 2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan 7c7c233c1c FIX: Can't update `Groups#allow_membership_requests` in admin. 2016-12-20 15:14:35 +08:00
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Arpit Jalan a2096a01fb add test case for handling uploads without extension 2016-12-20 00:46:47 +05:30
Sam eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam 0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
Sam 15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam 61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam 98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Neil Lalonde 2d61d7d644 update embed_controller_spec 2016-12-13 16:29:51 -05:00
Guo Xiang Tan 43ee9f884e FEATURE: Add `Group#full_name`. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Sam 1135e00c83 FIX: regression unable to dismiss unread 2016-12-06 08:49:40 +11:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Guo Xiang Tan 37b256e7f2 Fix specs. 2016-12-05 17:13:58 +08:00
Arpit Jalan 431aa79bb3 Merge pull request #4587 from techAPJ/invite-upload
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Arpit Jalan ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Guo Xiang Tan 31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Guo Xiang Tan b45fd21ed9 FIX: Clean up specs. 2016-12-05 13:37:33 +08:00
Sam dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Neil Lalonde dafd1453d6 FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
Guo Xiang Tan bc0a8142fe PERF: Only show members count on group page. 2016-12-02 16:28:54 +08:00
Sam b8dc58be90 got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
Sam 266322ce2e FEATURE: add help text for no bookmarks in user page 2016-11-29 17:56:00 +11:00
Guo Xiang Tan 5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam 88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Sam bfd0418f07 added a test for safe mode 2016-11-23 13:31:05 +11:00
Robin Ward 32a8d5ed1f Merge pull request #4550 from cpradio/cannot-see-mention
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam 63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
cpradio 824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Neil Lalonde 764a572070 FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory 2016-11-02 15:29:33 -04:00
Régis Hanol 71f940d478 FIX: use metadata to hold the message_id with sparkpost 2016-10-27 19:35:50 +02:00
Régis Hanol 81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Guo Xiang Tan ee9946388c Merge pull request #4507 from ming-relax/feat-delete-by-email
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Ming HU 7803a06e50 Use expect change for groups_controller_spec.rb 2016-10-24 10:32:21 +08:00
Robin Ward 19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Robin Ward c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU dffd8baa91 Remove user from a group by user email 2016-10-18 17:10:47 +08:00
Régis Hanol 3949c24f80 FIX: sparkpost webhooks support 2016-10-17 11:26:49 +02:00
Sam f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Régis Hanol ddcc084d22 Revert "FEATURE: Use the top period default for users who have been inactive or are new" 2016-10-11 17:56:46 +02:00
cpradio 2de50a616d FEATURE: Use the top period default for users who have been inactive or are new 2016-10-11 09:55:15 -04:00
Sam 6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam 3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Guo Xiang Tan 1302db2683 Skip randomly failing test first. 2016-10-01 05:14:35 +08:00
Robin Ward f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Guo Xiang Tan cde18834f8 Fix randomly failing spec. 2016-09-30 05:18:54 +08:00
Vibol Hou c3d60d5d1d Merge remote-tracking branch 'upstream/master' 2016-09-29 02:12:05 -07:00
Guo Xiang Tan 72ccb4e11d FIX: Plugin "admin_js" translations bundle was not fetched. 2016-09-29 04:42:26 +08:00
Vibol Hou 34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva 0229df4c73 Second review fixes 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva f96fffeb34 Add tests 2016-09-26 20:46:55 -03:00
Robin Ward 7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward ef84981e38 Invite Users step 2016-09-22 09:52:19 -04:00
Robin Ward 9f12b571ef Wizard: Server Side Validation + Finished Step 2016-09-22 09:52:19 -04:00
Robin Ward 3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward 0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward 6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan 9374e5d42d Revert "FIX: don't overwrite category's logo & background URLs"
This reverts commit 641b95f655.
2016-09-22 11:30:19 +08:00
Régis Hanol 641b95f655 FIX: don't overwrite category's logo & background URLs 2016-09-21 22:11:31 +02:00
Robin Ward 2766b2edc3 FIX: Allow redirection for slugs that start with digits 2016-09-19 13:31:19 -04:00
Erick Guan c463cf63d4 FEATURE: Webhook for user creation and approval 2016-09-19 10:12:55 +08:00
cpradio 0d2d8797b6 FIX: Backup validation wasn't escaping hyphens 2016-09-16 15:20:42 -04:00
Guo Xiang Tan a04dadf9b4 FIX: Randomly failing specs try 2. 2016-09-16 15:10:37 +08:00
Guo Xiang Tan 903d1dd326 FIX: Randomly failing specs. 2016-09-16 14:56:59 +08:00
Sam 75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Guo Xiang Tan 512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Robin Ward 2c9a47dda5 FIX: Validate the raw content of posts before enqueuing them 2016-09-12 12:26:49 -04:00
Sam 2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Robin Ward e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Sam 1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Erick Guan 0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Neil Lalonde 2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Sam ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam fcdf13f52d add some more testing 2016-08-26 13:18:20 +10:00
Sam a37db9448f correctly return access rights in auth redirect 2016-08-26 13:12:38 +10:00
Neil Lalonde d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam a25a8115e8 FEATURE: support HEAD request to /user-api-key/new
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam 416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Neil Lalonde 3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel 037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel 7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam 7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward 429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Neil Lalonde 5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Régis Hanol 681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Neil Lalonde 82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Robin Ward 2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Sam c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Arpit Jalan c626558d36 UX: group pages should not show Messages tab to unauthorised users (#4318) 2016-07-09 00:50:04 +05:30
Robin Ward 1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Robin Ward ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Sam 8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam 852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol 49f8a2baa7 FEATURE: support for mandrill webhooks 2016-06-13 12:32:14 +02:00
Sam 3015030fe2 FIX: unlisted topics do not get "slug auto correct" logic 2016-06-10 10:53:26 +10:00
Régis Hanol 214e25f1b5 use proper 'Message-Id' field 2016-06-09 00:33:13 +02:00
Régis Hanol 3e3538d603 loosen security a bit on mailgun's webhook 2016-06-08 22:38:38 +02:00
Robin Ward 431179dd25 FEATURE: Prompt users when they are entering duplicate links 2016-06-07 14:47:22 -04:00
Robin Ward 6aaa484baa REFACTOR: Move composer messages to store 2016-06-07 14:47:22 -04:00
Jeff Atwood cc66bff730 we forgot to update the mailgun tests 2016-06-06 16:55:24 -07:00
Régis Hanol fe595f1653 FEATURE: mailjet webhook 2016-06-06 19:47:45 +02:00
Régis Hanol 9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Régis Hanol 116efffdaa FEATURE: webhooks support for mailgun 2016-05-30 17:11:17 +02:00
Guo Xiang Tan cb5be1fe8f
Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
Arpit Jalan f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Robin Ward 49a6d0b789
FIX: Don't bother with negative offsets 2016-05-09 16:33:55 -04:00
Arpit Jalan 82daf93eb3 Merge pull request #4206 from techAPJ/convert-topic
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward b061ba5c52
FIX: Broken spec. Stupid mocking. 2016-05-03 15:30:48 -04:00
Arpit Jalan acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Arpit Jalan 74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam 9e50f36c50 Merge pull request #4137 from cpradio/add-warning-to-flag
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Régis Hanol 379bfac36d Merge pull request #4010 from riking/patch-sitelinks
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Sam 22b2f5285c FIX: extract links in post processor
when oneboxes are not cached or are refreshed they can introduce new
links, these links must be extracted otherwise you can not follow them
2016-04-12 12:28:18 +10:00
cpradio a5cd557906 Simplify setting the top_page_default_timeframe SiteSetting (#4149) 2016-04-07 18:06:54 +02:00
Sam a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Sam 8ec7fd84fd FEATURE: prioritize sidekiq jobs
This commit introduces 3 queues for sidekiq

"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs


"critical jobs"

Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick


"low priority jobs"

Notify mailing list
Pull hotlinked images
Update gravatar

"default"

All the rest

Note: for people running sidekiq from command line use

bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
Régis Hanol 2b9e8e5a7d Merge pull request #4147 from cpradio/default_top_timeframe
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
cpradio c5bb1d1cfe Return default top setting as part of best_periods_for to see if it can be used 2016-04-05 14:27:18 -04:00
Régis Hanol d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
cpradio 95fa340601 Added spec tests 2016-04-03 19:44:14 -04:00
Arpit Jalan 41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Kane York f2ddd44712 FEATURE: Add /search discovery
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00
Guo Xiang Tan 9a5ded48cf FIX: Return a proper error message when sync sso fails. 2016-03-26 13:30:15 +08:00
Robin Ward 4180e207c3 FIX: Crazy large ids should not raise exceptions 2016-03-23 12:13:47 -04:00
Arpit Jalan 34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Arpit Jalan bd83cf7f4c FEATURE: add group posts and mentions RSS 2016-03-18 22:29:10 +05:30
Robin Ward 1fba835d4f FIX: Use a logging table for daily likes given. Use it for badges. 2016-03-18 11:18:54 -04:00
Neil Lalonde 213950e4cf FEATURE: add option to include topics from trust level 0 users in digest emails 2016-03-17 17:35:23 -04:00
Sam 0ea20f2d77 mock was causing spec to fail 2016-03-17 15:46:16 +11:00
Sam 84d234a98a Merge pull request #4076 from scossar/locale-from-header-setting
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
Robin Ward 06591022fe FEATURE: Generous badge 2016-03-15 16:08:29 -04:00
scossar 0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Arpit Jalan 89248580dc FEATURE: revert post to a specific revision 2016-03-11 02:46:55 +05:30
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol 1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Régis Hanol 8d4bac7da2 fix build & add migration to clear common passwords cache 2016-03-03 19:39:22 +01:00
Arpit Jalan bfaa4cdb37 FEATURE: compose a new pre-filled private message to a group via URL 2016-03-03 00:19:06 +05:30
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
scossar 0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Sam Davies b2f4659792 Pass discourse username to TopicRetriever from embed controller
When you specify `discourse_username` param on the embed URL, it should
translate to creating the post with that username.

This commit ensures that this is now the case.
2016-02-25 13:02:25 +00:00
Guo Xiang Tan e8de80de98 FIX: Default to first page when page params is an array. 2016-02-25 11:32:58 +08:00
Arpit Jalan 6df5b38b54 better user update spec 2016-02-24 16:10:08 +05:30
Arpit Jalan d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Arpit Jalan 1253afdf95 FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 19:49:58 +05:30
Sam 3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Sam dd6ebde824 FIX: Always ensure notifications are treated as read once clicked
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries

- Add feature "SetTransientHeader" that allows shipping info to server
   in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Erick Guan 35142847ba FIX: Prepend the user id before username in admin user routes 2016-02-09 15:14:13 +01:00
Sam b75353c26f correct specs 2016-01-27 23:40:45 +11:00
Arpit Jalan 0064927077 FIX: do not allow new email to be duplicate
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
Régis Hanol 74b5d063f9 FIX: enabling suppress_from_homepage should only remove the category from the homepage 2016-01-20 17:55:58 +01:00
Régis Hanol f61537bc16 Merge pull request #3952 from gdpelican/unsubscribe-via-email
Unsubscribe via email
2016-01-20 14:38:14 +01:00
James Kiesel c7283751a3 Unsubscribe via email 2016-01-20 22:25:25 +13:00
Sam Saffron 7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Sam ca3e2b4da3 FEATURE: you can not drill down and see why you have badges
Clicking on badges filters down the list to a particular user.
2016-01-18 17:59:20 +11:00
Guo Xiang Tan a055c37939 Merge pull request #3956 from tgxworld/fix_clashing_slug
FIX: Clashing category slug.
2016-01-18 10:15:13 +08:00
Arpit Jalan 380764dc92 FIX: validate email when changing via user preferences page 2016-01-16 10:50:49 +05:30
Guo Xiang Tan c60e360c90 FIX: Clashing category slug. 2016-01-13 15:32:29 +08:00
Arpit Jalan e676974f16 Merge pull request #3953 from techAPJ/wiki
FEATURE: allow users to wikify their own posts based on trust level
2016-01-13 09:53:33 +05:30
Régis Hanol 8049dfdfda CLEANUP: remove 'contains_messages' leftover 💩 2016-01-12 11:29:26 +01:00
Arpit Jalan 06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Neil Lalonde c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00