1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
fd7bb8e656
FIX: Scope the `cn` to the subfolder
2018-06-28 11:03:36 -04:00
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
5b2e7c8d10
fix the build
2018-05-26 03:11:10 +02:00
3db1032bfd
FIX: not found page shouldn't include the Google search form for sites with login_required enabled
2018-05-23 16:59:02 -04:00
ff90881238
DEV: fix live refresh if you have a custom theme selected in dev
2018-05-16 17:25:49 +10:00
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
ff9d7a9bfb
FIX: authComplete query param should carry-forward to login page
2018-03-27 17:22:07 +05:30
ba15273d3f
FEATURE: maintain preview theme, while previewing
...
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
2097f5330c
FIX: Login redirect path was broken in subfolder installs
2018-03-15 11:49:35 +08:00
f7bd05e534
FEATURE: set 'Retry-After' header for 429 responses ( #5659 )
2018-03-13 23:12:41 +08:00
f0d5f83424
FEATURE: limit assets less that non asset paths
...
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
2018-02-23 17:59:00 +11:00
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
a3e5a31674
FIX: Allow 404 pages to use the current theme
2018-02-14 15:29:01 -05:00
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
569e57f0a9
FIX: Delete the invalid auth cookie even if you hit the rate limit
2018-02-09 19:09:54 -05:00
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
683be5e555
FIX: Application should not crash when selected locale is missing
2018-01-25 14:57:41 +01:00
2437b0d531
FIX: regression, missing 404 page
2018-01-23 09:00:28 +11:00
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
72b592c395
PERF: add frozen string literals to app controller
2018-01-17 16:32:52 +11:00
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00
8d98752b57
Allow sites to bootstrap the error page.
...
This will display working dropdowns and such even if the page is a 404.
2017-11-21 16:13:09 -05:00
38b8d68c68
FEATURE: Allow the user to select a custom home page ( #5268 )
...
* Add user_home configuration option
* Use the new user_home preference to actually show the right home page
* Fix trailing whitespace
* Update user_option_serializer.rb
* Fix JavaScript default homepage tests
* Use an object instead of a giant switch
* Remove trailing whitespace
* Make the default `user_home` set to `null` instead of `0`
* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
2f0c9793f1
FEATURE: Allow multiple html builders to be registered via plugins
2017-11-03 11:32:32 -04:00
804b4f32f8
better error message when API authentication fails
2017-10-20 20:05:34 +05:30
989280a222
FIX: Don't rotate session in reaodnly mode.
2017-10-20 17:15:28 +08:00
6baea9948b
Revert "fix the build"
...
This reverts commit 8b74c7d325
2017-09-29 08:57:06 +08:00
8b74c7d325
fix the build
2017-09-28 15:50:01 +02:00
5d53eefcab
Fix broken test.
2017-09-28 16:09:58 +08:00
5f1c29e424
FIX: Display json response when `Discourse::InvalidAccess` is raised for
...
non json requests.
2017-09-28 15:31:16 +08:00
373fd8990e
PERF: N+1 when generating not found page.
2017-09-28 15:31:16 +08:00
4319d8a142
FIX: Missing template error when rendering `topics#show` error message.
2017-09-28 11:06:44 +08:00
2568312475
FIX: Use exact patht to ensure we always redirect with the right format.
2017-09-27 11:55:06 +08:00
460ed3c8cf
Revert "Allow `NotFound` to specify an optional `Location` for the resource"
...
This reverts commit 4ae66c9e01
2017-09-26 12:58:24 -04:00
4ae66c9e01
Allow `NotFound` to specify an optional `Location` for the resource
2017-09-26 09:10:18 -04:00
d1ebc62065
The ability to display errors on flagging actions.
2017-09-25 12:28:01 -04:00
5cf50f0034
Adjust flagged posts to use the store
2017-09-25 12:25:14 -04:00
40eba8cd93
FEATURE: View flags grouped by topic
2017-09-25 12:25:14 -04:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
4d840d10db
PERF: Reduce number of Redis hits per requests.
2017-09-07 13:34:27 +08:00
8463b676df
Revert "Activate mini-profiler when in profiling env."
...
This reverts commit d61109388c
2017-09-06 11:26:03 +08:00
d61109388c
Activate mini-profiler when in profiling env.
2017-09-06 11:19:20 +08:00
2e4b3e9b06
Don't include all html builders on client and server side
2017-08-07 11:29:35 -04:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
6eb6c25816
FIX: Keep the flash when redirecting for login_required
2017-05-25 14:10:15 -04:00
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
1db9d17756
Make removal of topic columns more resilient to deploys
2016-12-05 12:11:46 +11:00
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
d95fbd89d0
Enable miniprofiler in development automatically.
2016-11-29 10:59:10 +08:00
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
600b23c0a4
FIX: permalink redirects should work on tag paths
2016-10-04 12:01:42 -04:00
c12e533273
Feature: Adds a button to print a topic
2016-09-26 20:44:50 -03:00
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
eaf87f0770
FIX: correctly handle api key so it uses current user provider
2016-08-26 10:39:13 +10:00
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
e221414935
PERF: Remove N+1 queries on user messages page.
2016-06-29 09:30:54 +08:00
c0e25b5a9a
Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
...
improvement
2016-06-10 22:08:37 -05:00
4180e207c3
FIX: Crazy large ids should not raise exceptions
2016-03-23 12:13:47 -04:00
84d234a98a
Merge pull request #4076 from scossar/locale-from-header-setting
...
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
06591022fe
FEATURE: Generous badge
2016-03-15 16:08:29 -04:00
0cbeda8414
add site setting for setting locale from header
2016-03-14 16:18:19 -07:00
7598037080
Only pull in gem if it is being used, remove middleware
2016-03-04 23:17:14 +11:00
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
610954ecce
Merge pull request #4035 from tgxworld/dont_return_500_when_plugin_is_disabled
...
Return 404 instead 500 when plugin is disabled.
2016-02-27 16:55:50 +11:00
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
a3fa80847e
Return 404 instead 500 when plugin is disabled.
2016-02-24 17:09:30 +08:00
d77511319e
show monthly top topics on 404 page
2016-02-24 13:46:55 +05:30
4c0a40f2b0
FIX: publish notification state when notifications are read
...
(this clears green and blue bubbles)
2016-02-22 12:24:51 +11:00
dd6ebde824
FIX: Always ensure notifications are treated as read once clicked
...
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries
- Add feature "SetTransientHeader" that allows shipping info to server
in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
825a01cec3
fix the build
2016-01-15 12:34:28 +01:00
c9c6b09f36
FIX: allow staff members to edit staged users preferences
2016-01-15 12:16:00 +01:00
f2480aa81f
FIX: When 410 is received, display proper error message instead of generic.
2015-12-30 17:18:32 +05:00
d1ebb9d0b5
FIX: I18n Fallbacks were not applying correctly
2015-12-23 12:09:18 -05:00
de88be2fbc
Support for "Only show overridden" in site text customization
2015-11-30 15:25:08 -05:00
16b3d26d7b
allow staff members to view staged accounts user card/profile
2015-11-27 20:02:24 +01:00
1506eba28d
Support for overriding client side translation keys
2015-11-20 17:14:01 -05:00
3720783c1b
Refactor to our own Discourse I18n backend
...
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
106cb9874a
FIX: show 404 page when user is logged out and navigates to private message
2015-10-30 17:41:55 +05:30
db5379508e
FIX: Don't show an anonymous cache if there is a flash
2015-10-28 15:12:05 -04:00
6f43b575a8
FEATURE: no need to cap new and unread together anymore
...
- leave unread alone
- cap new at 500 per site, with a site setting
2015-10-01 17:17:15 +10:00
3620c8c85e
Move descriptions for rate limiting errors into the exception
2015-09-24 13:52:46 -04:00
335be272ff
FEATURE: implement capping of new/unread
...
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread
This dynamic capping is applied under 2 conditions:
1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items
2. Unread capping is applied if a user hits max_tracked_new_unread,
meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread
This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
8055d065f2
Refactor ApplicationController#redirect_to_login_if_required to use session for SSO
2015-08-11 16:48:55 +01:00
9911e92e24
Merge pull request #3609 from riking/patch-7
...
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
d6069e8c90
UX: fix container layout
2015-07-28 13:58:30 +05:30
4491813d22
Revert "Revert "PERF: optimise query that gathers topic tracking state""
...
This reverts commit 909be09f1a
2015-07-21 21:48:07 +10:00
909be09f1a
Revert "PERF: optimise query that gathers topic tracking state"
...
This reverts commit 343e417a55
2015-07-21 17:35:50 +10:00
343e417a55
PERF: optimise query that gathers topic tracking state
...
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
ecfa17b5a7
FEATURE: Localization fallbacks (server-side)
...
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.
The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
f26eee8431
FEATURE: add username to NGINX logs
2015-06-16 17:43:53 +10:00
690f4a4c37
add X so it shows up at the end of chrome
2015-06-16 10:27:42 +10:00
9b8b1d0034
FEATURE: add special header that names the action for the request
2015-06-16 09:54:44 +10:00
5da5269652
FIX: Bad page title for categories view by google crawler
2015-06-08 12:07:35 -04:00
fe46d1dd3b
PERF: avoid cookies for all static, public, cached forever assets
2015-05-22 16:15:46 +10:00
0ed1c8011c
FIX: About page error when `login_required`
2015-05-21 14:37:49 -04:00
e5888cf090
PERF: avoid preloading json in cases where it is not needed
...
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
16408cee06
Allow Postgres to trigger readonly mode for the site.
2015-04-29 11:49:58 -04:00
3cb4554bbb
Can refresh queued posts via button
2015-04-27 13:52:54 -04:00
3a6efa25f0
Allow ReadOnly to propogate up to the Ember app via Response Header
2015-04-24 14:37:16 -04:00
0c233e4e25
Interface is wired up for Approving/Rejecting posts
2015-04-15 14:54:37 -04:00
96d2c5069b
Interface for reviewing queued posts
2015-04-15 14:54:37 -04:00
19a9a8b408
`NewPostManager` determines whether to queue a post or not
2015-04-15 14:54:36 -04:00
bb20f64cb2
use standard error so its easier to catch
2015-03-23 12:20:50 +11:00
df3b1f6968
FIX: editing a post wasn't showing error messages from the server
2015-03-19 12:25:15 +01:00
3ad12d44f3
Use a mixin for the `path` function to DRY it up
2015-03-09 15:24:16 -04:00
Bianca Nenciu
Sam
Misaka 0x4e21
Neil Lalonde
Osama Sayegh
Robin Ward
Guo Xiang Tan
Régis Hanol
Vinoth Kannan
Rafael dos Santos Silva
Kyle Zhao
OsamaSayegh
Gerhard Schlager
Michael Howell
Arpit Jalan
Guo Xiang Tan
Victor van Poppelen
James Cook
scossar
Faisal Abbas
Dan Singerman
Kane York
Ryan Fox