0623785f69
FIX: Prevent group owners from editing admin only settings.
2018-04-06 11:44:58 +08:00
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
cd6a99a027
FEATURE: Send a different PM when a post has been hidden more than once
2018-04-05 14:03:21 +02:00
e36e9de28a
Allow admin to view logs of automatic groups.
2018-04-05 16:31:55 +08:00
8760c4d68c
Fix `GroupsController#group_params` to allow more group attributes to be updated.
2018-04-05 13:53:00 +08:00
434cbc649f
FEATURE: Webhook for tag events
2018-04-04 17:49:20 +05:30
16341219ab
Log exception if remote theme importing failed
2018-04-02 20:10:18 +05:30
142571bba0
Remove use of `rescue nil`.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
...
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
22b631510c
FIX: Silenced user wasn't being linked properly
2018-03-29 17:07:09 -04:00
73c1d3e7fe
FIX: tag notification preferences were being cleared when other preferences were changed
2018-03-29 15:08:32 -04:00
52e75eaee9
UX: Tweaks to group pages.
2018-03-29 17:04:48 +08:00
eab64710ff
FIX: Shared draft performance fix + missing avatars
2018-03-28 16:11:43 -04:00
4b5977aa6a
Revert "PERF: Don't join on shared drafts unless you have to"
...
This reverts commit efedd9745f
2018-03-28 15:35:13 -04:00
efedd9745f
PERF: Don't join on shared drafts unless you have to
2018-03-28 13:57:39 -04:00
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
70be8124a3
SECURITY: Don't expose development route in production.
2018-03-28 11:32:47 +08:00
7311023a52
Merge pull request #5700 from discourse/crawl-block
...
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
ff9d7a9bfb
FIX: authComplete query param should carry-forward to login page
2018-03-27 17:22:07 +05:30
7edab1c0b9
UX: Add `groups/custom/new` route for admins to create a new group.
2018-03-27 17:39:05 +08:00
558914b986
Fix random spec errors
2018-03-27 11:14:06 +02:00
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
2ecd234e27
UX: Consolidation group manangement into a single tab.
2018-03-27 13:34:46 +08:00
f2c060bdf2
FEATURE: option for tags in a tag group to be visible only to staff
2018-03-26 17:05:09 -04:00
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
fa0868fc3f
Explicit param permit and assignment cleanup.
2018-03-23 09:59:31 -07:00
5f19ad9507
FIX: allow destination categories to be set if not at first
2018-03-23 11:33:02 -04:00
38af67eb73
Update the destination category id when a user changes it
2018-03-23 11:12:56 -04:00
7a4b70ef58
UX cleanup changes to 2FA flow.
2018-03-23 11:05:36 +08:00
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
f3b402ffd5
UX: Allow users to filter members on group page.
...
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
d96c1058a2
FEATURE: add staff action log for 'restore topic'
2018-03-21 18:04:13 +05:30
a23509cbf3
UX: Limit the number of group names displayed on user page.
2018-03-21 16:38:33 +08:00
9f216ac182
FIX: Infinite loading more on groups page.
2018-03-21 09:25:42 +08:00
b9abd7dc9e
FEATURE: Shared Drafts
...
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.
* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.
* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.
* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.
* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
15bcfcd182
UX: Allow users to filter by different group types on groups page.
2018-03-20 17:38:11 +08:00
41b0fbe001
UX: Indicate user's group membership on groups page.
2018-03-19 18:29:30 +08:00
05ea034490
UX: Allow groups page to be searchable.
2018-03-19 17:16:51 +08:00
0522aabaab
UX: Allow user_count on groups page to be sortable.
2018-03-19 16:15:13 +08:00
c1bf707e7d
PERF: N+1 queries on badges page.
2018-03-19 14:36:09 +08:00
52b9af10a1
PERF: PG queries for the `UserEmail#email` column was not using the index.
2018-03-19 11:31:14 +08:00
f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
...
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
89f5c90ce0
FIX: show an error page on click tracking error
2018-03-17 00:33:11 +01:00
e9bc763440
FIX: show only allowed tags on PM tags page and display correct count
...
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
fe96ef6ed2
UX: Use topic list for displaying group messages on group page.
...
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
ba15273d3f
FEATURE: maintain preview theme, while previewing
...
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
2097f5330c
FIX: Login redirect path was broken in subfolder installs
2018-03-15 11:49:35 +08:00
a35227918f
UX: Display group topics in a topic list.
2018-03-15 11:37:55 +08:00
d31dfe0e84
FIX: Silencing / Suspending a user should not send a hidden message
2018-03-14 14:39:52 -04:00
f7bd05e534
FEATURE: set 'Retry-After' header for 429 responses ( #5659 )
2018-03-13 23:12:41 +08:00
7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
...
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
24338fbbe8
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:06:58 +05:30
65ac80b014
FEATURE: Log Staff edits in Staff Action Logs
...
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.
If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
758b9a7dda
FEATURE: prototype of local theme directory watcher
...
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
aac7796124
FIX: do not show tags with 0 count on /tags page
2018-03-09 20:57:31 +05:30
7c0e6b820e
move key so it does not interfere with other errors
2018-03-09 16:42:11 +11:00
39e679d3cb
FEATURE: allow themes to live in private git repos
...
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
c29660c8f1
FEATURE: filter personal messages by tags
2018-03-08 14:42:07 +05:30
1365bab0d7
FEATURE: Live updates for user's messages page.
...
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
f0d5f83424
FEATURE: limit assets less that non asset paths
...
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
13eda41ff5
Fix lint errors
2018-03-03 14:34:19 -05:00
31e3bf6d8d
FEATURE: New "Categories and Top" homepage style
...
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
75172024ca
SECURITY: ensure users have permission when moving categories
2018-03-02 12:13:27 +11:00
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
947b6fdf46
FIX: Incorrect rate limit applied to topics invitation flow.
2018-03-01 12:50:00 +08:00
5a462b930d
REFACTOR: Prefer `exists?` over `present`.
2018-03-01 10:22:41 +08:00
c64f09b6b7
REFACTOR: Simplify and DRY `Group#invite`.
2018-02-26 11:59:07 +08:00
0559a4736a
FIX: don't double request when downloading a file
2018-02-24 12:35:57 +01:00
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
2018-02-23 17:59:00 +11:00
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
...
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
720e1965e3
FEATURE: add category suppress from latest
...
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.
New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
83d8fa2892
FIX: Allow customized usernames to work in this route
...
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
2b509eaa91
Merge branch 'master' into pm-tags
2018-02-21 23:55:59 +05:30
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
b16471edfb
FIX: Invalid token error incorrectly displayed on email login page.
2018-02-21 15:46:53 +08:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
60ec483caa
FIX: include title in local onebox when linking to a different topic
2018-02-19 22:40:14 +01:00
02093ecbdd
Extensibility: Allow plugins to munge user params
2018-02-16 19:12:02 -05:00
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
96e5a7da46
Prefer `success_Json` over custom success JSON payload.
2018-02-15 07:47:35 +08:00
a3e5a31674
FIX: Allow 404 pages to use the current theme
2018-02-14 15:29:01 -05:00
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
f028ffaf29
SECURITY: correct local onebox category checks
...
Also removes ugly "source_topic_id" from cooked posts
Patch was authored by @zogstrip
Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
f9280617d0
Remove redundant comment.
2018-02-13 15:58:13 +08:00
cc3cf6588b
FEATURE: Notification API Endpoints for Admins
...
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
b34b1b6fe3
FIX: invite to message was not allowing groups
...
Previously we were incorrectly checking mentionable instead of messageable
Also fix edge case where multiple groups sharing a name mean that exact match override is not working
Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
569e57f0a9
FIX: Delete the invalid auth cookie even if you hit the rate limit
2018-02-09 19:09:54 -05:00
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
9fa71e198e
FIX: admin reports charts should use same time of day as dashboard numbers
2018-02-01 15:59:39 -05:00
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
2d340d1122
FIX: Don't allow username update via update route
...
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
e2d82b882e
FIX: redirect to original URL after social login
2018-01-26 18:52:27 +01:00
683be5e555
FIX: Application should not crash when selected locale is missing
2018-01-25 14:57:41 +01:00
2437b0d531
FIX: regression, missing 404 page
2018-01-23 09:00:28 +11:00
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
dde0fcc658
FEATURE: Allow sending invites to staged users
2018-01-22 15:37:18 +01:00
f74ac826c5
slightly more meaningful error message
2018-01-22 12:20:53 +01:00
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
b2009d6e32
PERF: bypass theme handling on static routes
2018-01-17 16:33:17 +11:00
72b592c395
PERF: add frozen string literals to app controller
2018-01-17 16:32:52 +11:00
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
6177fb80eb
UX: switch to quartlerly period view for search log term graphs
2018-01-16 07:53:22 +05:30
e3a616764e
PERF: add frozen strings
2018-01-15 12:44:54 +11:00
6d68275ef9
don't show tag groups if they're restricted to categories you can't access
2018-01-12 14:25:42 -05:00
2493648f9c
PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster
2018-01-12 11:03:03 -05:00
4d50feb6bd
FEATURE: add setting to display tags by tag groups
2018-01-12 11:03:02 -05:00
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
dd33050e10
Add discourse events for when a user is suspended/silenced
2018-01-11 12:56:45 -05:00
e904d92b98
FIX: Suspension / Silence reasons were incorrect on save
2018-01-11 10:54:47 -05:00
b96ae14261
FEATURE: Display force_https warning in admin problems dashboard
2018-01-11 12:16:10 +05:30
daad2291ba
simplify production switch and serve extra locales from actual site
2018-01-10 08:19:51 +11:00
61384c8026
Skip CDN for admin locales since it is login required
2018-01-10 01:24:03 +05:30
672888f526
FIX: handle invalid password reset token
2018-01-09 23:48:17 +05:30
c9f42506b7
If login is required skip CDN
2018-01-09 17:51:53 +11:00
6b8320fea6
PERF: use cdn for extra locales
2018-01-09 17:00:42 +11:00
ea63abf0f7
bypass mini profiler for locales
...
bypass cdn for now
2018-01-09 11:30:59 +11:00
b0a7ee1aec
FIX: source admin locale from cdn
2018-01-09 10:27:33 +11:00
8ff5f5f2ef
FIX: cache admin locale file for 24 hours
2018-01-09 10:23:49 +11:00
642645ba9a
FIX: broken select badge as user title ( #5474 )
...
* FIX: broken select badge as user title
* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
ed4b845930
FIX: render error message when backup download fails
2018-01-05 19:46:43 +05:30
5ad1709dba
PERF: cache service worker for 1 hour
2017-12-28 08:31:01 +11:00
f5e170c6b5
FIX: catch all server-side error when uploading a file
...
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
3937ff0425
FIX: don't preload json on static routes
2017-12-27 14:33:36 +11:00
69a90f31fb
FEATURE: Allow Forums to disable the Backups feature
2017-12-21 15:22:04 -05:00
62a27f9d57
FEATURE: warn if attempting to mention a group with too many members
2017-12-21 16:13:57 +11:00
7f69362d9d
FIX: external links in whisper ended up in a white page
...
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
6a2bce1931
FIX: Data loss on update of single user_field.
...
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
eab66065d1
FEATURE: search log term details page ( #5445 )
2017-12-20 13:41:31 +11:00
97ceebb570
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:25:22 +08:00
433ef4513b
FEATURE: upload images and fonts in themes via hijack
2017-12-18 10:40:10 +11:00
5e90abfaea
FIX: use hijack for emoji uploads
2017-12-18 10:31:19 +11:00
001abfc4cb
Revert "FIX: not permitted theme params when importing theme"
...
This reverts commit 813df1a3fb
2017-12-14 11:40:14 +01:00
041deac67a
Revert "FIX: constant lookup error when exporting theme"
...
This reverts commit 1eda8c50f0
2017-12-14 11:40:08 +01:00
813df1a3fb
FIX: not permitted theme params when importing theme
2017-12-14 11:25:58 +01:00
Guo Xiang Tan
Sam
Gerhard Schlager
Vinoth Kannan
Guo Xiang Tan
Robin Ward
Neil Lalonde
Kevin Elliott
Arpit Jalan
Régis Hanol
Rafael dos Santos Silva
Kyle Zhao
OsamaSayegh
Maja Komel
Jeff Wong
Erick Guan
Muhlis Cahyono
Joffrey JAFFEUX
Philipp Daniels