Sam
14ab9c45b6
Merge pull request #3470 from ahuling13/expired-nonce-return-status
...
In the case of an expired nonce, return a 400 status code instead of 500
2015-05-20 12:08:17 +10:00
Sam
d1d703718a
Merge pull request #3476 from paulkaplan/sso-distrust-email
...
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
riking
d112f39031
Change extension back to .dcstyle.json
2015-05-19 18:35:16 -07:00
Andrew Huling
e44ddff9bb
Change the expired nonce return status code from 400 to 419.
2015-05-19 13:13:14 -04:00
Régis Hanol
9ded21e4c6
FIX: consistent and future-proof upload storage pattern
2015-05-19 12:31:12 +02:00
riking
fbc06d044f
Use .dcstylejson instead of .dcstyle.json
2015-05-16 20:41:35 -07:00
riking
1e53c179a3
FEATURE: Export customizations as JSON files
2015-05-16 20:24:13 -07:00
Ryan Fox
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Paul Kaplan
b8a43e153c
Use session controller to prevent inactive SSO users
2015-05-15 12:15:06 -05:00
Régis Hanol
93273cd17a
Merge pull request #3451 from ossobv/sso_login_unapproved_account
...
Stop sso login processing after rendering error
2015-05-15 14:33:19 +02:00
Antonin Hildebrand
11852056a8
Add missing events for discourse-hipchat-plugin
...
https://github.com/binaryage/discourse-hipchat-plugin
2015-05-15 15:52:12 +08:00
Andrew Huling
e1d2ecef10
In the case of an expired nonce, return a 400 status code instead of a 500.
...
500 status codes are for unexpected server-side error scenarios. When an expired nonce is used by the client, a 4XX-level error is more appropriate because the client has submitted a bad request (by using an expired nonce). A 500 also causes Internet Explorer to show its default 500 page which does not show the error message and leads to a bad end user experience. I am choosing 400 for the new status rather than 401 or 403 because 401 requires a WWW-Authenticate header which would be difficult to generate in an SSO scenario and a 403 implies that no re-authentication will address the failure.
2015-05-14 16:03:02 -04:00
Robin Ward
0b65c88003
Upgrade Notifications to fix deprecations and use store
2015-05-11 11:20:45 -04:00
Harm Geerts
d9a3e82516
Stop sso login processing after rendering error
...
This prevents a DoubleRenderError triggered on the redirect_to.
2015-05-11 14:17:32 +02:00
Arpit Jalan
fc30b771cf
FIX: reply count is off by one
2015-05-11 13:58:53 +05:30
Sam
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
Sam
77cc087b13
FIX: proper error message when account created is hit with no session
2015-05-07 11:00:22 +10:00
Sam
376b28b0ed
FIX: raise a 404 if click tracker gets no url
2015-05-06 11:27:41 +10:00
Sam
0f53fc8328
correct emergency regeneration in the controller
2015-05-06 07:33:32 +10:00
Sam
ea670118c1
Add better error handling, correct the location on disk of stylesheet
2015-05-05 23:28:40 +10:00
Sam
f58d85edea
FEATURE: move stylesheet cache out of the uploads directory
2015-05-05 15:50:13 +10:00
Sam
803feefd54
MessageBus handles readonly redis now, no need to wrap it
2015-05-04 12:21:00 +10:00
Arpit Jalan
23fd16850a
FIX: include youtube link in embedded comments
2015-05-01 18:34:45 +05:30
Robin Ward
16408cee06
Allow Postgres to trigger readonly mode for the site.
2015-04-29 11:49:58 -04:00
Sam
729aaa826b
Merge pull request #3404 from techAPJ/patch-1
...
FEATURE: magic login route for admin when SSO is enabled
2015-04-28 07:47:50 +10:00
Robin Ward
ecafbb0a63
Can delete users via the moderation queue
2015-04-27 15:06:20 -04:00
Robin Ward
3cb4554bbb
Can refresh queued posts via button
2015-04-27 13:52:54 -04:00
Neil Lalonde
cce8693354
FIX: canonical link tag when using relative_url_root
2015-04-27 13:34:22 -04:00
Arpit Jalan
2932284293
FEATURE: magic login route for admin when SSO is enabled
2015-04-27 22:54:48 +05:30
Robin Ward
3a6efa25f0
Allow ReadOnly to propogate up to the Ember app via Response Header
2015-04-24 14:37:16 -04:00
Robin Ward
5b3f99aa50
Don't blow up if Redis switches to READONLY
2015-04-24 14:37:16 -04:00
Neil Lalonde
ae028a5bb1
FIX: support for redirects to external url in permalinks table was broken
2015-04-23 16:45:28 -04:00
Régis Hanol
a737090442
- FEATURE: revamped poll plugin
...
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Robin Ward
53ca51654d
FIX: Avoid cookie overflows by truncating the referer we store in flash
2015-04-22 12:41:49 -04:00
Robin Ward
5bf8c31af4
Users can see their pending posts
2015-04-21 16:44:47 -04:00
Robin Ward
2cdd967188
Adds support for invisible approval queues, which we'll need for Akismet
2015-04-20 17:19:05 -04:00
Neil Lalonde
a3b6e3cb97
FIX: permalinks redirects with relative_url_root
2015-04-19 23:36:09 -04:00
Sam Saffron
6d2e651862
Revert "FIX: Missing letter avatars"
...
This reverts commit 03943554c6
.
2015-04-20 06:41:08 +10:00
Sam
72ab1b9714
Merge pull request #3385 from tancnle/each-key-refactor
...
Replace Hash#keys.each with Hash#each_key for some perf boost
2015-04-20 06:17:27 +10:00
Robin Ward
03943554c6
FIX: Missing letter avatars
...
cc @zogstrip
It seems that the version string was ammended to return the ImageMagick
version. This caused the guard in the user avatars method to fail as the
versions weren't the same.
I changed it so it is comparing the right version, but I wonder if this
is bad as the controller is no longer using the ImageMagick version. Can
you please review?
2015-04-19 10:48:53 -04:00
Tan Le
9fbc763902
Replace Hash#keys.each with Hash#each_key for some perf boost
2015-04-18 21:53:53 +10:00
Robin Ward
2459f52c71
Merge pull request #3375 from techAPJ/patch-2
...
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan
866d1cd8e3
FIX: handle error for duplicate email_in address
2015-04-16 16:23:22 +05:30
Robin Ward
08b4b7b7ff
Moderators can edit posts that are queued before they approve/reject
2015-04-15 17:20:34 -04:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Robin Ward
0c233e4e25
Interface is wired up for Approving/Rejecting posts
2015-04-15 14:54:37 -04:00
Robin Ward
96d2c5069b
Interface for reviewing queued posts
2015-04-15 14:54:37 -04:00
Robin Ward
22ffcba8e6
Convert `Discourse.Post` to ES6 and use Store model
...
- Includes acceptance tests for composer (post, edit)
- Supports acceptance testing of bootbox
2015-04-15 14:54:36 -04:00
Robin Ward
19a9a8b408
`NewPostManager` determines whether to queue a post or not
2015-04-15 14:54:36 -04:00
Arpit Jalan
499bed69e2
FIX: show error message if user already exist in group
2015-04-15 14:15:58 +05:30
Sam
2a3f71a9a1
SECURITY: log off all existing sessions when resetting password
2015-04-15 08:57:43 +10:00
Robin Ward
db4c04d606
FIX: Moderators shouldn't be able to see secure deleted posts
2015-04-13 11:48:31 -04:00
Sam
75890aed26
FEATURE: allow admins to choose a group as a primary group
...
FEATURE: allow admins to set a default title for a group
2015-04-10 12:17:28 +10:00
Régis Hanol
babbbc06d1
FIX: add support for .tgz and .gz backup files
2015-04-07 15:26:47 +02:00
Sam
f5d89169e2
FEATURE: initial implemenation of anonymous posting mode
2015-04-07 18:05:31 +10:00
Sam
5d31290dbc
FIX: cleanup old letter avatars if needed
...
FEATURE: use image magick version as a key for letter avatars
2015-04-07 13:03:43 +10:00
Régis Hanol
33879e1311
Merge pull request #3199 from fantasticfears/seo
...
FEATURE: add microdata prop and more links for crawler
2015-04-06 11:18:34 +02:00
Robin Ward
82124b3222
UX: Login to decide when to show you near the top of the directory
...
Don't show yourself there if you are close to the top already.
2015-04-02 14:51:49 -04:00
Régis Hanol
1ec73b5ba0
FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency
2015-04-02 16:24:27 +02:00
Robin Ward
28864e74bc
FIX: Don't show the filter title on the default route
2015-03-30 11:40:44 -04:00
Sam
586cca352d
move memory diagnostics into lib, so it can be reused elsewhere
2015-03-30 10:14:42 +11:00
Robin Ward
2cc5858163
Add site setting to disable User Directory, include restricted info
2015-03-26 11:26:19 -04:00
Robin Ward
33e35930b0
FIX: Server error when no results on user directory while logged in
2015-03-25 11:18:46 -04:00
Robin Ward
8fd339b994
Include the current user at the top AND in the user directory
2015-03-24 16:19:15 -04:00
Robin Ward
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
Sam
bb20f64cb2
use standard error so its easier to catch
2015-03-23 12:20:50 +11:00
Robin Ward
6d38005a22
Allow staff to change uneditable user fields
2015-03-20 15:18:43 -04:00
Robin Ward
051a2a3d14
FEATURE: Can search the user directory by name
2015-03-19 18:07:48 -04:00
Robin Ward
1931850151
UX: Always show the current user at the top of the directory
2015-03-19 15:32:23 -04:00
Robin Ward
ae695d6438
UX: Show two lines per user on directory
2015-03-19 14:53:52 -04:00
Robin Ward
7ef306cd3b
A bunch of tweaks to the Users directory
...
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Régis Hanol
df3b1f6968
FIX: editing a post wasn't showing error messages from the server
2015-03-19 12:25:15 +01:00
Robin Ward
3d2d224312
FEATURE: User Directory, with sorting and time period filter
2015-03-18 15:20:34 -04:00
Erick Guan
c955907f60
FEATURE: add microdata prop and more links for crawler
...
- add microdata based on schema.org
- add breadcrumb on the top of topic
- add navigations link on the bottom of every pages
- add category description on the category list
2015-03-16 22:52:10 +08:00
Régis Hanol
424a3b042a
FEATURE: unified UI for pinning/banner topics
...
REFACTOR: ES6ified all the modals
2015-03-14 01:18:05 +01:00
Sam
a82530012a
FEATURE: Allow selection of highlight js languages
...
PERF: stop loading highlight js on load
To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Régis Hanol
6cd4330335
FIX: show all deleted posts
2015-03-11 18:07:47 +01:00
Neil Lalonde
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
Robin Ward
3ad12d44f3
Use a mixin for the `path` function to DRY it up
2015-03-09 15:24:16 -04:00
Régis Hanol
fc962eb378
FEATURE: automatic daily roll-up for screened IP addresses
2015-03-09 18:55:17 +01:00
Sam
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
riking
cab92f947c
FEATURE: All preload data available under /site/
...
This will be essential for entirely local Discourse clients.
2015-03-04 20:49:03 -08:00
Robin Ward
84b84a9d7c
Support for `url_list` site setting.
2015-03-03 16:19:29 -05:00
Neil Lalonde
7c14db44cc
UX: improve message when admin login is blocked because of admin ip address whitelisting
2015-03-02 12:13:22 -05:00
Neil Lalonde
1bf4f34049
FIX: topic and post counts are not updated when ownership of a post is changed
2015-03-02 12:13:21 -05:00
Sam
f555bbb416
FEATURE: long descriptions for badges to help teach people
2015-02-27 17:19:18 +11:00
Sam
71d6266f98
REGRESSION: exceptions are handled natively by logster
2015-02-27 13:05:51 +11:00
Robin Ward
3e2ba5b30b
FIX: If an IP is blocked, don't allow people to login using it
2015-02-25 16:02:40 -05:00
Robin Ward
005b8bf7c3
FIX: When creating a SSO user via sync, do not user the IP address.
2015-02-25 14:41:23 -05:00
Régis Hanol
cf00e73ed8
Merge pull request #3234 from fullfatthings/add_remove_group_members_by_id_or_name
...
Allow adding and removing members of groups by username or id
2015-02-25 17:30:25 +01:00
Arpit Jalan
a8b927da91
FEATURE: add canonical tag to category latest page
2015-02-25 20:46:45 +05:30
Dan Singerman
1c545d4c1e
Allow adding and removing members of groups by username or id
...
As discussed here: https://meta.discourse.org/t/discourse-gem-group-add/25668/2 .
2015-02-25 14:52:13 +00:00
Sam
fe578f9944
FEATURE: Allow manual assignment of related post to badge
...
PERF: clean up performance of user badges admin when large number of badges exist
2015-02-25 12:53:01 +11:00
Sam
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
Sigurður Guðbrandsson
96e6fd3449
Cleaned up the sso codefix, thanks @SamSaffron
...
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.
Thanks sam ;)
2015-02-23 22:10:44 +00:00
Sigurður Guðbrandsson
334a357363
FIX: Forward to SSO login automatically
...
Forward to SSO login URL automatically if SSO is enabled and login is required.
Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
Robin Ward
ca5730018a
FIX: SSO code should respect IP address filters
2015-02-23 16:01:46 -05:00
Robin Ward
8186d86f38
FIX: Enforce max length for custom user fields
2015-02-23 13:02:30 -05:00
Sam
5266ad4539
Merge pull request #3183 from riking/json-errors-2
...
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
riking
ecb911285d
Fix the render_json_error api
2015-02-22 21:28:50 -08:00
Sam
6960639c58
Merge pull request #3190 from riking/thrown_logging
...
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
Régis Hanol
20c9a312c7
FIX: clicks counter on attachments wasn't always working
2015-02-22 20:47:18 +01:00
Sam
17927b2e8b
FIX: don't use flash cause we are not redirecting
...
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam
67f404d281
FIX: remove notifications on deleted topics from the stream
2015-02-19 12:40:00 +11:00
Sam
59a28bf5c1
regression: bookmarked may be missing, do not fail
2015-02-19 11:42:01 +11:00
Sam
b041b3f67f
FIX: bookmark topic was not working intuitively
...
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
Loïc Guitaut
395654bf24
Fix regression on editing private messages
...
v1.2.0beta9 has introduced a regression in edit of a private topic
(first post). Previously a check for no change in TopicsController was
made but it has been changed without considering that the topic could
be private.
By simply forcing a conversion of `topic.category_id` to integer, the case
where its value is nil is handled correctly as it was previously.
2015-02-18 00:41:16 +01:00
Sam
6c09b6739d
BUG: minor, do not send access origin if not set
2015-02-17 09:58:43 +11:00
Régis Hanol
0b45054e2b
FIX: couldn't uncategorize a topic
2015-02-16 10:31:36 +01:00
Robin Ward
3ce2077aa8
Migrate unsubscribe keys to the database.
...
This should reduce a lot of the keys in redis.
2015-02-13 14:24:15 -05:00
Sam
ca915e8ad7
correct issue under 2.0.0
2015-02-11 17:41:24 +11:00
Sam
9a59caf800
add regexp to reporting
2015-02-11 17:23:54 +11:00
Sam
e427d54191
FEATURE: show large objects in admin/memory_stats
2015-02-11 17:18:47 +11:00
Régis Hanol
c4e427cf73
FEATURE: filter screened IP addresses
2015-02-10 19:38:59 +01:00
Robin Ward
8d46de4819
Add a spec for the new plugins controller
2015-02-10 12:35:53 -05:00
Sam
39e828dee4
improve formatting
2015-02-10 15:59:08 +11:00
Sam
d5405eebde
Add basic snapshot comparison for tracking memory leaks
2015-02-10 15:54:16 +11:00
Sam
1d99f5c9c0
FEATURE: add process stats to memory report
2015-02-10 12:34:01 +11:00
Sam
3aea00473b
FEATURE: improve memory reporting of /admin/memory_stats
2015-02-10 11:48:30 +11:00
riking
68ccd2d664
FEATURE: All 500 errors now show up in Logster
...
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking
5657006aca
Rename handle_exception to handle_job_exception
2015-02-09 12:47:46 -08:00
riking
8d39480831
use symbols for error types (squash me)
2015-02-09 10:20:00 -08:00
Régis Hanol
1e6f886886
FIX: use distributed mutex to prevent errors when uploading emojis in batches
2015-02-09 18:54:57 +01:00
Lincoln Lee
02f3f8c1b3
Fix customize HTML/CSS only show desktop code
...
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`
It output the desktop version of the custom_top, custom_footer even
user in mobile_view.
This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
Sam
e8323fa534
FIX: removing a group from a user was not removing primary group
2015-02-09 16:03:09 +11:00
riking
a16aa9fde8
HACK: Keep old behavior for topics#show
2015-02-08 13:56:56 -08:00
riking
8cf21f2363
FEATURE: Refactor error returns in application_controller
2015-02-08 13:40:38 -08:00
Robin Ward
3d7b534564
FEATURE: New "Plugins" admin section with extensibility support
2015-02-06 17:33:24 -05:00
Régis Hanol
8e2d84ee27
Merge pull request #3174 from riking/patch-poll
...
FIX: Allow closing polls in multi-locale sites
2015-02-06 09:44:44 +01:00
Sam
95f8b3ed4c
FIX: status route should be served as text not html
2015-02-06 15:56:21 +11:00
riking
06f02ce9fc
FIX: 🈂️ Allow closing polls in multi-locale sites
2015-02-05 19:55:03 -08:00
Sam
3a0cd0b760
make custom fields a bit more permissive input wise
2015-02-06 09:03:23 +11:00
Robin Ward
4e64d16a47
FEATURE: Allow plugins to log staff actions
2015-02-05 15:26:34 -05:00
Régis Hanol
f1403206ca
Merge pull request #3169 from riking/patch-3
...
SECURITY: Don't leak topic title in the redirect
2015-02-05 12:47:58 +01:00
Arpit Jalan
026df5185e
FIX: subcategory url was incorrect in rss
2015-02-05 13:22:28 +05:30
Robin Ward
25daca8f23
Helpers for plugins to support enabling/disabling
2015-02-04 16:23:56 -05:00
riking
4c8850108a
SECURITY: Don't leak topic title in the redirect
2015-02-04 11:55:39 -08:00
Sam
67eccee990
FEATURE: basic disk space usage stats
2015-02-04 18:05:17 +11:00
Arpit Jalan
68377ba4ab
add class for container div on 404 page
2015-02-04 00:40:21 +05:30
Régis Hanol
0e5c9b2590
small upload code refactor
2015-02-03 18:44:18 +01:00
Ryan Fox
c3f21dcdfc
Remove the .json part from the external_id value when using it to lookup a user.
2015-02-02 12:58:02 -05:00
Ryan Fox
1f0915bf83
Allow periods in the external_id value used in the /users/by-external route.
2015-02-02 12:55:32 -05:00
Sam
b1f81c0dca
Merge pull request #3080 from riking/misc
...
Miscellaneous fixes from PR#3000
2015-01-30 10:23:17 +11:00
Sam
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Neil Lalonde
67b262b93e
Merge branch 'master' of github.com:discourse/discourse
2015-01-29 17:39:52 -05:00
Neil Lalonde
644c7a4675
FEATURE: Add an option to show custom user fields on profiles. Default is to not show them.
2015-01-29 17:38:39 -05:00
riking
85a7b925c7
Miscellaneous fixes from PR#3000
...
FIX: Don't require login to view post raw
FIX: Don't submit read-guidelines for anonymous users (causes
unnecessary 403 errors from ensure_logged_in)
FIX: Don't pass nil to an array serializer
2015-01-29 13:56:32 -08:00
Sam
a6ce188f35
Merge pull request #3126 from riking/latest-posts
...
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward
f028b51620
Add post parameters so plugins like akismet can use it for spam
...
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward
1f40807001
Add extensibility point for whenever a post is created
2015-01-29 12:46:29 -05:00