f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
931cffcebe
FEATURE: Let users see their user auth tokens. ( #6313 )
2018-08-31 10:18:06 +02:00
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
9bf4333491
FIX: redirect to wrong URL after account creation on subfolder install
2018-08-24 10:34:44 -04:00
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
2711f173dc
FIX: don't allow inviting more than `max_allowed_message_recipients`
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
5a6d1ee257
FIX: defer actions in a static method
...
This avoids capturing a huge closure and passing to defer
2018-08-22 14:36:56 +10:00
17dc8f2490
UX: Wizard resends activation email when user exists
2018-08-21 19:13:41 +02:00
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
dc5fddbfe6
FIX: Do not show an empty modal when an IP address is allowed or blocked. ( #6265 )
2018-08-20 17:37:30 +02:00
b4f92a05b3
FIX: Load more on groups page does not account for params.
...
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
37d4f27c44
FIX: quality/bugfix dashboard/reports pass ( #6283 )
2018-08-17 16:19:25 +02:00
9628c3cf97
FEATURE: automatically correct extension for bad uploads
...
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
baa72d18f8
FIX: simplify so we ban all auth paths
...
previously plugins that have auth paths were not disallowed and robots
tend to call them
2018-08-16 19:16:47 +10:00
796164b58c
FIX: automatically correct bad avatars on access
...
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
c8b5e6baae
FEATURE: Use `display: browser` in webmanifest for iOS devices
...
Since iOS doesn't have a back button and can have issues on log in.
See https://twitter.com/firt/status/1021477243909033984
2018-08-15 23:36:08 -03:00
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
12bab65167
FIX: going from /categories to /latest on mobile might break infinite scrolling
2018-08-15 01:22:03 +02:00
de92913bf4
FIX: store the topic links using the cooked upload url
2018-08-14 12:23:32 +02:00
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
6f6b4ff988
regression: don't return from a block
...
also clean up some warnings (shadowed var, unused var)
2018-08-10 14:53:55 +10:00
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
0d45826d22
fix theme previewing ( #6245 )
2018-08-08 10:58:45 +03:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
67ec81babf
FIX: fixes last backup/last_update dates ( #6242 )
2018-08-07 08:19:52 -04:00
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
7f2f3b8b22
FIX: improves reports resilience ( #6239 )
...
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
535732bdc1
FIX: ensure the 'email_revoked' PM template is customizable
2018-08-03 17:10:20 +02:00
4a872823e7
Improvements to user drafts ( #6226 )
...
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels
* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
c12a9279f6
post deleted notification regression because controller was agreeing with all flags too early
2018-07-30 16:45:46 -04:00
87537b679c
Drop `reply_key`, `skipped` and `skipped_reason` from `email_logs`.
2018-07-30 11:39:28 +08:00
1708ff1808
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:38:08 -04:00
330cf78c83
FIX: don’t break browser history on dashboard visit ( #6186 )
2018-07-26 14:59:28 -04:00
0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
9989c8179d
FIX: Translation for default (light) color scheme was missing
2018-07-25 11:28:14 +02:00
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
fad9c2b971
PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table.
2018-07-24 13:51:53 +08:00
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
caa669cf29
FIX: if exclude_category_ids is specified pass it through
...
This allows us to optionally show all topics on latest even if stuff is
suppressed via a plugin
2018-07-23 17:23:00 +10:00
37b726982d
Fix silence and unsilenced response bodies
...
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
1d5096eb46
FIX: lazy load more reports in dashboard
2018-07-20 23:35:53 -04:00
1a78e12f4e
FEATURE: part 2 of dashboard improvements
...
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
a2281fbb19
FEATURE: allows to jump to a date in a topic
2018-07-19 16:00:13 +02:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
f3868fd646
FIX: Create empty user_avatar row if not exist
2018-07-16 14:06:49 +05:30
ac0053f491
FEATURE: navigate to first post and auto bump category settings
...
### navigate_to_first_post_after_read setting for categories
When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)
### num_auto_bump_daily
Set a number of topics that will automatically bump daily on a category.
- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day
Also some minor organisation on category settings
Froze strings on category.rb
2018-07-16 18:10:35 +10:00
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
06deffc9da
FIX: returns provider_not_enabled error even if enabled
2018-07-13 22:49:30 +05:30
9647a0a4bc
Remove unnecessary complex method.
2018-07-13 15:34:28 +08:00
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
18f5f646b1
FEATURE: allow selecting a tag when moving posts to a new topic ( #6072 )
2018-07-06 18:21:32 +02:00
b9835cc392
FIX: do not use scheduler for uploading csv file for invite
...
Since the bulk invite process already happens in a dedicated Sidekiq job
2018-07-04 13:28:11 +05:30
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
6a54da0902
FIX: raise invalid params for bad callback
...
Corrects it so we raise a 400 instead of logged 500 error
2018-06-29 10:43:33 +10:00
982df3c17b
FIX: return status 400 for invalid member params
...
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
fd7bb8e656
FIX: Scope the `cn` to the subfolder
2018-06-28 11:03:36 -04:00
2c971c41f6
FIX: post deletions rate limit per day was not working
2018-06-28 19:21:27 +05:30
a6d50d1ff7
FEATURE: new settings to control posts deletions rate limit
2018-06-28 17:03:37 +05:30
c352f8eb15
FEATURE: rate limit post deletions to 50 per day
2018-06-28 16:38:58 +05:30
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
7efdccdbc5
FIX: allow staff to remove tags from queued topics
2018-06-26 17:08:40 +05:30
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled
2018-06-20 22:26:37 +02:00
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports
2018-06-18 12:31:56 +02:00
51cb38783e
FIX: start_url was wrong in non-subfolder
2018-06-15 14:29:33 -03:00
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
030e322a39
FEATURE: block top level /my/ routes
2018-06-12 19:47:45 +10:00
44ee26721a
FIX: add check for missing assets file in development
2018-06-11 11:18:34 -07:00
f9ab3848ed
FEATURE: support disabling emails for non-staff users
2018-06-07 18:31:08 +05:30
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
d8e641cd98
FIX: avatar_url includes upload_path twice when local storage used
2018-06-06 18:27:30 +05:30
a83ab01264
REFACTOR: Remove extra param for group mentionable and messableable route.
2018-06-06 09:42:09 +08:00
f8d82f135f
FIX: do not verify group visibility when checking for mentionable/messageable
2018-06-05 16:59:21 +05:30
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
21e9315416
FIX: Use user account email instead of auth email when totp is enabled.
...
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
...
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
449399bef3
return 403 forbidden when local logins disabled
2018-05-26 05:18:19 +03:00
5b2e7c8d10
fix the build
2018-05-26 03:11:10 +02:00
4195c7c9ea
FEATURE: Ability to clear a user's penalty history
...
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache
...
FIX: update cache times for service workers
2018-05-25 09:28:17 +08:00
53b97b28f0
FIX: in rare conditions post timing would miss the user
2018-05-24 15:38:33 +10:00
3db1032bfd
FIX: not found page shouldn't include the Google search form for sites with login_required enabled
2018-05-23 16:59:02 -04:00
3edca8b104
Return a 403 instead of 200 when trying to delete a user with posts
...
See [this commit][1] for more info
[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
3e06def856
FIX: If we have no logo defined use sketch in manifest
2018-05-22 12:10:59 +10:00
788ca1f112
FIX: stop adding email to unsubscribe url
...
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis
Also move controller to request specs
2018-05-22 09:07:03 +10:00
467d91347a
Missing specs for `Group`, `Tag`, `Category` and `Flag` web hooks.
2018-05-21 17:29:58 +08:00
9f422c93f6
FIX: restrict updates on `confirm_old_email` email templates
2018-05-19 12:19:59 +05:30
003b7f06ad
FIX: rescue specific error
2018-05-18 09:52:16 +05:30
04c7dbafa3
FIX: manifest.json better detection at mime type. Find size if uploaded
2018-05-17 14:45:24 -07:00
41ffafb65e
FIX: best effort at returning correct mime types in manifest.json
2018-05-17 12:14:39 -07:00
53f8f6095d
FEATURE: staff action logs when creating/updating/deleting badges
2018-05-17 18:09:27 +02:00
9532d9a555
FIX: handle invalid tags
2018-05-17 19:33:12 +05:30
131b7f5da5
make 🤖 rubocop happy
2018-05-16 16:35:04 +02:00
3cd4c82c49
Allow parameters for group and username filters on directory ( #5815 )
2018-05-16 16:20:17 +02:00
5e97a9bfb7
FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone
2018-05-16 09:48:19 +02:00
ff90881238
DEV: fix live refresh if you have a custom theme selected in dev
2018-05-16 17:25:49 +10:00
21e0b7c818
avoid async report pattern and replace with simpler hijack
2018-05-16 16:05:03 +10:00
193b6d5651
UX: improve new dashboard
...
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
e4a33cbc0a
FIX: update cache times for service workers
...
Add a last modified time.
Register newer service workers and claim clients more quickly.
2018-05-14 12:29:24 -07:00
e9abdaebbe
UX: show an enveloppe icon when a badge is used in messages
...
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
6332d5040d
UX: switch dashboard to be the new dashboard
...
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
bc9e0d46af
PERF: use cached reports for dashboard if available
2018-05-14 12:01:44 +10:00
37232fcb58
FIX: staff members should see all tags
2018-05-13 17:50:21 +02:00
2cf6fb7359
FIX: always unstage users when they log in
2018-05-13 17:00:02 +02:00
be6404d651
FIX: redirect users after signing up with a social login when using SSO provider
2018-05-13 16:03:11 +02:00
09cf35c760
FIX: redirect users after signing up using SSO provider
2018-05-12 00:41:27 +02:00
abda21a41f
Revert "FIX: redirect to sso_destination_url after account activation"
...
This reverts commit 0402e97368
2018-05-11 22:55:45 +02:00
0402e97368
FIX: redirect to sso_destination_url after account activation
2018-05-11 19:57:04 +02:00
2958e17cde
remove duplicate code
2018-05-11 12:16:37 +02:00
8a783412b7
UX: improvements to new dashboard
...
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
bd352a17bf
FIX: Show a json api response when deleting a user with posts
...
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
bbc85258c9
Rename `display_plugins` -> `visible_plugins`.
2018-05-09 07:52:45 +08:00
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
c6f45fcfdb
Expose an API for plugins to be hidden on the admin plugin page.
2018-05-08 13:24:58 +08:00
3a6e137e70
FIX: add context for deactivated user logs
2018-05-08 08:18:04 +05:30
ff6be3c2e3
FEATURE: add profile_background fields into SSO ( #5701 )
...
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
aa0d32231c
FIX: Incorrect query when removing a group owner.
...
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
91b31860a1
Feature: Push notifications for Android ( #5792 )
...
* Feature: Push notifications for Android
Notification config for desktop and mobile are merged.
Desktop notifications stay as they are for desktop views.
If mobile mode, push notifications are enabled.
Added push notification subscriptions in their own table, rather than through
custom fields.
Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
a0447b47e0
UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out.
2018-05-03 16:18:19 -04:00
980972182f
dashboard next: caching, mobile support and new charts
2018-05-03 15:41:41 +02:00
bd77795d7a
REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges
2018-04-26 13:25:24 -04:00
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
ed4c0c4a63
FEATURE: Add option to delete all replies of flagged post
2018-04-24 11:08:05 -04:00
146a6c3592
FIX: exclude topics from latest in /categories on refresh
...
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
54d153068a
DEV: remove qunit rails fork and add a couple of async tests
2018-04-23 16:42:40 +10:00
70d181bff8
FIX: Better error message in `GroupsController#add_members`.
...
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
9014ca4624
FEATURE: Enable the Web Share Target API
...
This will allow a Discourse instance that was installed[1] to receive share events.
See https://wicg.github.io/web-share-target/ for the spec.
1: https://developers.google.com/web/fundamentals/app-install-banners/
2018-04-19 17:00:05 -03:00
91bf10bd12
FIX: create upload record for exported csv files
2018-04-20 00:27:49 +05:30
0e414d0890
dashboard next: trending search report
...
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
01c061d20d
dashboard next: perf and UI tweaks
...
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
9353ae4b5d
Remove obsolete per topic unsubscribe page.
2018-04-16 16:11:20 +05:30
0e15a575f4
EXPERIMENTAL: new dashboard UI
...
This is the first iteration of an effort towards making a very good dashboard.
Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
a8a12eb2d9
SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users
2018-04-15 18:01:58 +05:30
18f50ca01a
FIX: parameterize tag_id
2018-04-14 16:42:53 +05:30
3632b8d8d6
FEATURE: provide extra signal about content age to crawlers
...
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
9ca6ebe8fe
FEATURE: enforce tagging on categories
2018-04-11 07:15:24 +05:30
3a86a2588c
FIX: bulk append/replace tags was not working
2018-04-10 13:01:03 +05:30
5925a581db
array is not supported here, use a simple comma delimited list
2018-04-10 14:37:10 +10:00
d9d86577ff
FIX: Staff users are not affected by `enable_group_directory` site setting.
2018-04-10 09:22:01 +08:00
c82b2dcc24
Remove admin group management pages.
2018-04-09 15:14:50 +08:00
185d6ac747
FIX: use safe navigation operator when checking for totp_enabled
2018-04-09 12:33:41 +05:30
0623785f69
FIX: Prevent group owners from editing admin only settings.
2018-04-06 11:44:58 +08:00
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
cd6a99a027
FEATURE: Send a different PM when a post has been hidden more than once
2018-04-05 14:03:21 +02:00
e36e9de28a
Allow admin to view logs of automatic groups.
2018-04-05 16:31:55 +08:00
8760c4d68c
Fix `GroupsController#group_params` to allow more group attributes to be updated.
2018-04-05 13:53:00 +08:00
434cbc649f
FEATURE: Webhook for tag events
2018-04-04 17:49:20 +05:30
16341219ab
Log exception if remote theme importing failed
2018-04-02 20:10:18 +05:30
142571bba0
Remove use of `rescue nil`.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
...
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
22b631510c
FIX: Silenced user wasn't being linked properly
2018-03-29 17:07:09 -04:00
73c1d3e7fe
FIX: tag notification preferences were being cleared when other preferences were changed
2018-03-29 15:08:32 -04:00
52e75eaee9
UX: Tweaks to group pages.
2018-03-29 17:04:48 +08:00
eab64710ff
FIX: Shared draft performance fix + missing avatars
2018-03-28 16:11:43 -04:00
4b5977aa6a
Revert "PERF: Don't join on shared drafts unless you have to"
...
This reverts commit efedd9745f
2018-03-28 15:35:13 -04:00
efedd9745f
PERF: Don't join on shared drafts unless you have to
2018-03-28 13:57:39 -04:00
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
70be8124a3
SECURITY: Don't expose development route in production.
2018-03-28 11:32:47 +08:00
7311023a52
Merge pull request #5700 from discourse/crawl-block
...
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
ff9d7a9bfb
FIX: authComplete query param should carry-forward to login page
2018-03-27 17:22:07 +05:30
7edab1c0b9
UX: Add `groups/custom/new` route for admins to create a new group.
2018-03-27 17:39:05 +08:00
558914b986
Fix random spec errors
2018-03-27 11:14:06 +02:00
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
2ecd234e27
UX: Consolidation group manangement into a single tab.
2018-03-27 13:34:46 +08:00
f2c060bdf2
FEATURE: option for tags in a tag group to be visible only to staff
2018-03-26 17:05:09 -04:00
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
fa0868fc3f
Explicit param permit and assignment cleanup.
2018-03-23 09:59:31 -07:00
5f19ad9507
FIX: allow destination categories to be set if not at first
2018-03-23 11:33:02 -04:00
38af67eb73
Update the destination category id when a user changes it
2018-03-23 11:12:56 -04:00
7a4b70ef58
UX cleanup changes to 2FA flow.
2018-03-23 11:05:36 +08:00
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
f3b402ffd5
UX: Allow users to filter members on group page.
...
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
d96c1058a2
FEATURE: add staff action log for 'restore topic'
2018-03-21 18:04:13 +05:30
a23509cbf3
UX: Limit the number of group names displayed on user page.
2018-03-21 16:38:33 +08:00
9f216ac182
FIX: Infinite loading more on groups page.
2018-03-21 09:25:42 +08:00
b9abd7dc9e
FEATURE: Shared Drafts
...
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.
* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.
* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.
* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.
* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
15bcfcd182
UX: Allow users to filter by different group types on groups page.
2018-03-20 17:38:11 +08:00
41b0fbe001
UX: Indicate user's group membership on groups page.
2018-03-19 18:29:30 +08:00
05ea034490
UX: Allow groups page to be searchable.
2018-03-19 17:16:51 +08:00
0522aabaab
UX: Allow user_count on groups page to be sortable.
2018-03-19 16:15:13 +08:00
c1bf707e7d
PERF: N+1 queries on badges page.
2018-03-19 14:36:09 +08:00
52b9af10a1
PERF: PG queries for the `UserEmail#email` column was not using the index.
2018-03-19 11:31:14 +08:00
f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
...
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
89f5c90ce0
FIX: show an error page on click tracking error
2018-03-17 00:33:11 +01:00
e9bc763440
FIX: show only allowed tags on PM tags page and display correct count
...
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
fe96ef6ed2
UX: Use topic list for displaying group messages on group page.
...
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
ba15273d3f
FEATURE: maintain preview theme, while previewing
...
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
2097f5330c
FIX: Login redirect path was broken in subfolder installs
2018-03-15 11:49:35 +08:00
a35227918f
UX: Display group topics in a topic list.
2018-03-15 11:37:55 +08:00
d31dfe0e84
FIX: Silencing / Suspending a user should not send a hidden message
2018-03-14 14:39:52 -04:00
f7bd05e534
FEATURE: set 'Retry-After' header for 429 responses ( #5659 )
2018-03-13 23:12:41 +08:00
7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
...
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
24338fbbe8
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:06:58 +05:30
65ac80b014
FEATURE: Log Staff edits in Staff Action Logs
...
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.
If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
758b9a7dda
FEATURE: prototype of local theme directory watcher
...
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
aac7796124
FIX: do not show tags with 0 count on /tags page
2018-03-09 20:57:31 +05:30
7c0e6b820e
move key so it does not interfere with other errors
2018-03-09 16:42:11 +11:00
39e679d3cb
FEATURE: allow themes to live in private git repos
...
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
c29660c8f1
FEATURE: filter personal messages by tags
2018-03-08 14:42:07 +05:30
1365bab0d7
FEATURE: Live updates for user's messages page.
...
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
f0d5f83424
FEATURE: limit assets less that non asset paths
...
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
13eda41ff5
Fix lint errors
2018-03-03 14:34:19 -05:00
31e3bf6d8d
FEATURE: New "Categories and Top" homepage style
...
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
75172024ca
SECURITY: ensure users have permission when moving categories
2018-03-02 12:13:27 +11:00
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
947b6fdf46
FIX: Incorrect rate limit applied to topics invitation flow.
2018-03-01 12:50:00 +08:00
5a462b930d
REFACTOR: Prefer `exists?` over `present`.
2018-03-01 10:22:41 +08:00
c64f09b6b7
REFACTOR: Simplify and DRY `Group#invite`.
2018-02-26 11:59:07 +08:00
0559a4736a
FIX: don't double request when downloading a file
2018-02-24 12:35:57 +01:00
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
2018-02-23 17:59:00 +11:00
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
...
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
720e1965e3
FEATURE: add category suppress from latest
...
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.
New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
83d8fa2892
FIX: Allow customized usernames to work in this route
...
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
2b509eaa91
Merge branch 'master' into pm-tags
2018-02-21 23:55:59 +05:30
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
b16471edfb
FIX: Invalid token error incorrectly displayed on email login page.
2018-02-21 15:46:53 +08:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
60ec483caa
FIX: include title in local onebox when linking to a different topic
2018-02-19 22:40:14 +01:00
02093ecbdd
Extensibility: Allow plugins to munge user params
2018-02-16 19:12:02 -05:00
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
96e5a7da46
Prefer `success_Json` over custom success JSON payload.
2018-02-15 07:47:35 +08:00
a3e5a31674
FIX: Allow 404 pages to use the current theme
2018-02-14 15:29:01 -05:00
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
f028ffaf29
SECURITY: correct local onebox category checks
...
Also removes ugly "source_topic_id" from cooked posts
Patch was authored by @zogstrip
Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
f9280617d0
Remove redundant comment.
2018-02-13 15:58:13 +08:00
cc3cf6588b
FEATURE: Notification API Endpoints for Admins
...
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
b34b1b6fe3
FIX: invite to message was not allowing groups
...
Previously we were incorrectly checking mentionable instead of messageable
Also fix edge case where multiple groups sharing a name mean that exact match override is not working
Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
569e57f0a9
FIX: Delete the invalid auth cookie even if you hit the rate limit
2018-02-09 19:09:54 -05:00
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
9fa71e198e
FIX: admin reports charts should use same time of day as dashboard numbers
2018-02-01 15:59:39 -05:00
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
2d340d1122
FIX: Don't allow username update via update route
...
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
e2d82b882e
FIX: redirect to original URL after social login
2018-01-26 18:52:27 +01:00
683be5e555
FIX: Application should not crash when selected locale is missing
2018-01-25 14:57:41 +01:00
2437b0d531
FIX: regression, missing 404 page
2018-01-23 09:00:28 +11:00
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
dde0fcc658
FEATURE: Allow sending invites to staged users
2018-01-22 15:37:18 +01:00
f74ac826c5
slightly more meaningful error message
2018-01-22 12:20:53 +01:00
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
b2009d6e32
PERF: bypass theme handling on static routes
2018-01-17 16:33:17 +11:00
72b592c395
PERF: add frozen string literals to app controller
2018-01-17 16:32:52 +11:00
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
6177fb80eb
UX: switch to quartlerly period view for search log term graphs
2018-01-16 07:53:22 +05:30
e3a616764e
PERF: add frozen strings
2018-01-15 12:44:54 +11:00
6d68275ef9
don't show tag groups if they're restricted to categories you can't access
2018-01-12 14:25:42 -05:00
2493648f9c
PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster
2018-01-12 11:03:03 -05:00
4d50feb6bd
FEATURE: add setting to display tags by tag groups
2018-01-12 11:03:02 -05:00
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
dd33050e10
Add discourse events for when a user is suspended/silenced
2018-01-11 12:56:45 -05:00
e904d92b98
FIX: Suspension / Silence reasons were incorrect on save
2018-01-11 10:54:47 -05:00
b96ae14261
FEATURE: Display force_https warning in admin problems dashboard
2018-01-11 12:16:10 +05:30
daad2291ba
simplify production switch and serve extra locales from actual site
2018-01-10 08:19:51 +11:00
61384c8026
Skip CDN for admin locales since it is login required
2018-01-10 01:24:03 +05:30
672888f526
FIX: handle invalid password reset token
2018-01-09 23:48:17 +05:30
c9f42506b7
If login is required skip CDN
2018-01-09 17:51:53 +11:00
6b8320fea6
PERF: use cdn for extra locales
2018-01-09 17:00:42 +11:00
ea63abf0f7
bypass mini profiler for locales
...
bypass cdn for now
2018-01-09 11:30:59 +11:00
Bianca Nenciu
Sam
Blake Erickson
David Taylor
Neil Lalonde
Joffrey JAFFEUX
Osama Sayegh
James Kiesel
Gerhard Schlager
Guo Xiang Tan
Rafael dos Santos Silva
Misaka 0x4e21
Régis Hanol
Penar Musaraj
Vinoth Kannan
Leo McArdle
Kyle Zhao
Maja Komel
Arpit Jalan
Robin Ward
Jeff Wong
Guo Xiang Tan
Joe Buhlig
Kevin Elliott
OsamaSayegh
Erick Guan
Muhlis Cahyono