Commit Graph

195 Commits

Author SHA1 Message Date
Robin Ward 1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Régis Hanol 10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Robin Ward 4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward f9a8f6d6ce FEATURE: Support for a `required` setting on user fields. 2014-10-08 15:10:19 -04:00
Sam 0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Robin Ward 381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Arpit Jalan 41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Robin Ward be93f224a6 Revert "add user email on account created page"
This reverts commit 164fc1108a.
2014-10-01 10:30:26 -04:00
Arpit Jalan 164fc1108a add user email on account created page 2014-10-01 13:53:50 +05:30
Robin Ward edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Régis Hanol 7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Sam a901d682fe raise not found if user is not found 2014-09-25 17:45:45 +10:00
Sam 8f8ea735ee FIX: allow retry activation of account by username or password 2014-09-25 17:42:48 +10:00
Arpit Jalan b3838c2c1c Trigger browser password manager after sigining up 2014-09-24 01:04:36 +05:30
Sam 7a4082cbad FIX: allow API to create users when invite_only is true 2014-09-23 09:06:19 +10:00
Neil Lalonde c4e285f3ec SECURITY: rate limit change email requests 2014-09-18 10:48:56 -04:00
riking 2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward 56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Robin Ward ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Arpit Jalan 4cd8abc905 FEATURE: dynamically load invites 2014-08-05 22:20:23 +05:30
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde 01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward 4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
riking 915f60b0fc Don't redirect to login when activating account... 2014-07-15 10:50:28 -07:00
Neil Lalonde 766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Sam 4a2cc269ab FIX: allow selection of no title 2014-07-14 18:07:07 +10:00
Sam 833c50c460 FEATURE: Read Faq badge 2014-07-11 17:32:29 +10:00
Sam 9a9ad9bda8 FEATURE: Badge progress
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam 5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward 9000c358d1 REFACTOR: Use common path for RESTful `DELETE` action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward 4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Andrew Bezzub 386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
riking 6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam 91b6459f2b BUGFIX: allow users to pick no avatar 2014-05-30 14:45:55 +10:00
Sam 5adc486cef BUGFIX: missing avatars in topic map
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam 504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam 6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Neil Lalonde 6e0eb89697 Don't show suspended users in autocomplete fields unless you are staff 2014-05-13 11:44:15 -04:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde f61f29439e Track the ip address where user was registered 2014-04-29 14:37:56 -04:00
Vikhyat Korrapati b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Régis Hanol 64b8f2f759 TRIVIAL: remove puts statement (cc. @eviltrout) 2014-04-21 23:00:13 +02:00
Robin Ward b9ca124756 Support for /my/preferences to automatically redirect to the logged in
user.
2014-04-21 11:52:11 -04:00
Vikhyat Korrapati 8113e8d897 Basic UI for selecting gold/silver badges as titles. 2014-04-18 09:20:51 +05:30
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward 539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Sam 619fa50d4b BUGFIX: twitter auth asking for a password 2014-03-20 14:49:25 +11:00
Neil Lalonde 9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Johan Jatko 98c479c3c4 FEATURE: Profile Backgrounds
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde 8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Leonard Teo c13aa8852b Whitelist :active param so that we can automatically create users that are active via API 2014-02-04 15:40:30 -05:00
Neil Lalonde da825451d0 Invite link can't be used to log in after you set a password or sign in with 3rd party 2014-01-21 16:56:41 -05:00
Benjamin Kampmann c743a985a4 Allow groups to be used as aliases for user mention
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
Neil Lalonde 854d9c8fc6 Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:47 -05:00
Sam 05a3c8090f Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
Neil Lalonde 561961eff6 FIX: can grant titles to regular users. Guardian initializer needs current_user, not the target user. 2013-12-10 12:46:35 -05:00
Scott Albertson 51eff92170 Refactor UsersController#create
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde 981d8f6aea Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing... 2013-11-19 14:15:28 -05:00
Robin Ward 32a3da86da Merge pull request #1640 from salbertson/sa-refactor-users-controller-invites
Refactor UsersController#invited
2013-11-12 08:18:52 -08:00
Scott Albertson 77b59b54ce Refactor UsersController#invited
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
railsaholic 58f78e9001 Refactor Users#upload_avatar method
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```

Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
Sam 3473734af0 FIX: bust broken password 2013-11-11 22:28:26 +11:00
sirMackk af67284995 User ctrl refactor - breaks up large methods, moves some logic into model
Includes missing methods from backup for travis to pass

fix missing code, failing specs

keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Scott Albertson 72bfa4471f Move logic for updating a user into a service class 2013-11-07 08:39:39 -08:00
Robin Ward 25ef66c60b User invites page now has search, displays first `invites_shown` records 2013-11-05 17:53:26 -05:00
Robin Ward 3d6d7c8abe SiteSetting to hide regular names from users 2013-10-30 15:45:34 -04:00
Régis Hanol 9b2f821012 Merge pull request #1512 from ScotterC/avatar-from-url
Build out a URI Adapter to allow uploading an avatar via a url
2013-10-21 13:17:37 -07:00
Robin Ward 2308784713 Merge pull request #1543 from railsaholic/small_users_controller_refactoring
refactor UsersController to reduce complexity
2013-10-21 12:21:03 -07:00
Scott Carleton cbef844a57 Build out a URI Adapter to allow uploading an avatar via a url
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
Neil Lalonde 648b11a0eb Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:50:18 -04:00
Manoj 868e4ffe6d refactor UsersController to reduce complexity
Refactored: UsersController#create
2013-10-19 15:18:11 +05:30
dbarbera 9106596a9a add image authorization on upload_avatar 2013-10-12 14:11:44 +02:00
Régis Hanol 23bf4436f5 FIX: avatar was attached to the user who uploaded it... 2013-10-12 10:55:41 +02:00
Sam 7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam f0a122a66c move job files so they live underneath app/ and not in lib/
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
Matthieu Guillemot 3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Einar Jonsson 724b3aadcf Extracted nickname registration out of the UsersController and into its
own service.
2013-09-09 09:26:50 +00:00
Einar Jonsson 9085cec232 Move json hash from users controller to NicknameUnavailable 2013-08-26 15:00:11 +00:00
Sam afd1a3ac7b yeah ... we should be installing the gem :) 2013-08-26 13:52:15 +10:00
Sam b52aba15e0 major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-26 12:59:17 +10:00
Sam 90dddb4395 store honeypot challenge in redis for extra security 2013-08-26 12:55:13 +10:00
Sam c4a2e62a95 Merge pull request #1378 from justin808/justin808_cc
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
Einar Jonsson 0d22a77c63 Added test case for nickname registration failure
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Robin Ward b32e87c929 Merge pull request #1377 from ZogStriP/avatar-work
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
Justin Gordon 464595df5c Lower Complexity of UsersController
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
Régis Hanol 3b9e62e6b9 improved specs for avatar 2013-08-24 22:45:05 +02:00
Einar Jonsson 84987cd835 Extracted nickname registration into a private controller method 2013-08-23 09:46:33 +00:00
Einar Jonsson 916a3f33f2 Refactored user activation business logic out of UsersController and
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Michael Kirk 4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol ea6e73076b change your avatar in a modal 2013-08-17 00:35:29 +02:00
Robin Ward aec929b184 Screw it, don't choose columns. 2013-08-14 12:26:31 -04:00
Robin Ward a05ffafd4c FIX: Direct link to Avatar 2013-08-14 12:22:44 -04:00
Régis Hanol 4866f4d8f5 FIX: N+1 query for avatars 2013-08-14 15:25:05 +02:00
Régis Hanol 3524b90d6a FIX: avatars in quotes/oneboxes
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Neil Lalonde b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde 16cd3e2a53 Fix to allow admins to change the case of a someone's username 2013-07-30 16:48:45 -04:00