Commit Graph

36 Commits

Author SHA1 Message Date
Chris Hunt 41b0692543 Show 'waiting approval' and don't send email
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Robin Ward bac03a3369 Merge pull request #975 from jd-erreape/username_refactor
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
Juan de Dios Herrero 96d23ddd8d Refactored user_name suggestion methods into a module to reduce the complexity of User model 2013-06-06 16:40:10 +02:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Sam 913a607528 need to punch through account creation stuff 2013-06-05 14:01:24 +10:00
Sam 2dfba8d6de we need to be able to do username checks for registration to work 2013-06-05 12:50:42 +10:00
Robin Ward 0f296cd42b Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now. 2013-05-22 12:06:37 -04:00
Sam 42494b5bb1 we can't trust CSRF for anon the way it is designed.
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
Jonathan Roes 057b4768e6 strip whitespace when changing e-mail addresses
Fixes #778.
2013-04-27 23:03:06 -04:00
Régis Hanol b24c1a1ad9 better consistency around email case sensitivity 2013-04-15 02:20:33 +02:00
Philipp Weissensteiner 3dcb1905e3 Refactor user controller, create action, mostly.
The gist of the commit are a few improvements in the
create action, where:

* long boolean statemenst have been wrapped in smaller more readable
  methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
  visual clutter)
* specs have been added where I came across untested methods/branches

Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Sam 0f362c5474 this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save 2013-04-12 10:07:58 +10:00
Robin Ward 738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra 5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Sarah Vessels 54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Sam 38f185355d added options to disable quoting and open links in new tabs
fixed a some regressions
removed some dead code
fixed messages about constants being re-defined
2013-03-12 20:06:58 -07:00
Robin Ward d1d4530efd User Profile enhancements:
- Added PreloadStore support to avoid duplicate requests
- preliminary SEO
- Support for opengraph/twitter cards
2013-03-08 15:04:37 -05:00
Neil Lalonde 2ebe0336ae On signup, handle duplicate key errors on email and username better 2013-03-07 14:56:55 -05:00
Régis Hanol 239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich d2f3c829db refactor User and TrustLevel a bit
* rename `User#password_required` to `User#password_required!`
* emails with "i" @ something are a special case as well
* get rid of `self.` and returns where possible
* prefer "unless a" instead of "if !a"
* `unread_notifications` without manually iterating
* introduce `User#moderator?`
* introduce `TrustLevel#valid_key?`, `TrustLevel#compare`, and
  `TrustLevel#level_key`
2013-02-28 19:15:54 +03:00
nverba b45f872c04 Added Github authentication option, disabled by default with enable options in settings. 2013-02-26 05:00:21 +00:00
Neil Lalonde ff3e012034 Add a link that allows you to send activation email again 2013-02-22 11:49:58 -05:00
Neil Lalonde 39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Sam Saffron 87d83802b9 added option that allows users to decide when they consider topics new (default 2 days old or newer)
added site_setting to control the default new_topic_duration_minutes
added 10 minutes option for auto_track_topics_after_msecs, default bumped up to 5 mins
2013-02-14 17:36:14 +11:00
Neil Lalonde 4e9d9138d6 Fix broken signup with Twitter 2013-02-12 20:50:31 -05:00
Neil Lalonde 824b09389f Don't allow signups without a password 2013-02-12 15:42:16 -05:00
Neil Lalonde ce7088f081 check_username api now returns correct error message for invalid lengths etc 2013-02-08 14:12:48 -05:00
Cyril Mougel 84191802df Extract the validation of Username format in own class to avoid
complexity in user model object
2013-02-08 12:54:47 -05:00
Neil Lalonde 79dfccf717 Username validation in signup and username change forms 2013-02-07 18:23:52 -05:00
Mike Moore e41b6537f9 Remove expectation of term case 2013-02-07 09:35:38 -07:00
Mike Moore 5b01ac9288 Return User objects instead of hashes 2013-02-07 09:35:38 -07:00
Mike Moore 972b9d735c Extract search logic to UserSearch model 2013-02-07 09:35:38 -07:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Neil Lalonde 471c61fd69 Add honeypot and challenge to signup form 2013-02-06 19:25:36 -05:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00