f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
39d7745dc5
UX: show staged users' email addresses to staff without requiring a button press
2017-11-24 16:11:34 -05:00
3f58b18dab
FEATURE: user card shows staff if a user is staged and lets them check the email address
2017-11-23 16:38:11 -05:00
b37e40eea9
FEATURE: show read time in last 60 days
2017-11-16 15:46:51 -05:00
813e21d0e8
FIX: current user serializer consistently returns {} for custom_fields
...
Resolves : #5210
2017-11-15 11:55:37 +11:00
2aadc42662
FEATURE: show read time on user cards
2017-11-08 15:25:56 -05:00
561fa7d0cd
FEATURE: Site Setting to hide suspension reason on the public profile
2017-09-25 12:25:14 -04:00
91d3929f52
Merge pull request #5078 from lelelelemon/master
...
change count>0 to exists
2017-08-24 09:24:42 +09:00
8124f26a6e
change count>0 to exists
2017-08-23 22:54:51 +00:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
aa1a68b979
UX: do not show "Message" button on user's own profile page/card
2017-06-29 14:27:00 +05:30
a10c939775
FIX: do not show website name on TL0 profile
2017-06-04 18:30:28 +05:30
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
e3e15182df
FEATURE: avatar flair on user cards
2016-09-15 16:15:18 -04:00
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
b2289d733f
List the "Watching First Post" tags on preferences
2016-07-22 16:16:45 -04:00
f1b1b0da14
FEATURE: show watched first post in user page
2016-07-08 14:08:10 +10:00
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
2cbd87c08c
Remove www. from website name
2016-04-11 07:13:33 -07:00
c6f6b17f71
UX: Show website path in website name for all domains
...
Query parameters are still truncated in website name
2016-04-10 18:55:01 -07:00
95076050f4
FEATURE: warn about mailing list mode if it is checked
2016-03-29 18:50:17 +11:00
1006b1ba94
Various Plugin Enhancements and Extension Points
2016-03-11 15:53:37 -05:00
f0e942f647
PERF: move 3 more option columns out of the user table
2016-02-18 16:57:22 +11:00
3829c78526
PERF: shift most user options out of the user table
...
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded
New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
a362ad9407
FIX: Emoji in Discourse onebox is wrapped in square brackets.
2016-01-13 19:00:11 +08:00
a8b5192efd
FEATURE: User page refactor
...
Re-organise user page so it is easier to find interesting info
split it into tabs
- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
c82b33600a
FIX: serialize current user fields in standard user serializer
2015-12-05 17:50:03 +11:00
92ba6125c4
FEATURE: new 'automatically_unpin_topics' user preference
2015-11-17 18:21:40 +01:00
7acc93b2a0
FEATURE: Track user profile views.
2015-09-16 14:48:31 +08:00
0c58f08207
FIX: profile picture selector
2015-09-11 15:10:56 +02:00
2742602254
FEATURE: support for external letter avatars service
2015-09-11 02:12:40 +02:00
abeabfb40f
BUG/PERF: Stop shipping PM stats when not needed
2015-09-10 17:18:43 +10:00
0b9322d16a
PERF: remove uneeded data, notification count is pointless
...
Getting notification count is expensive, no point shipping it to clients
2015-09-10 16:44:42 +10:00
bef80633b1
FEATURE: global admin override of most of the user preferences
2015-08-21 20:39:21 +02:00
267d8be1f5
UX: show complete URL path if website domain is same as instance domain
2015-08-12 01:19:20 +05:30
7c1e16da54
FEATURE: Display emojis in user stream.
2015-07-23 23:50:01 +08:00
8013b6a511
FIX: clean html before sending it to jquery for collapsing
2015-05-20 14:42:54 +10:00
5bf8c31af4
Users can see their pending posts
2015-04-21 16:44:47 -04:00
e3eaa7fa75
FIX: In long topics, filtering button was not always showing in card
2015-03-24 12:33:50 -04:00
92e371f0b3
FEATURE: civilized mute
...
Allow user to mute all notifications generated by specific users
2015-03-24 11:55:22 +11:00
1601211617
Revert "FEATURE: allow end users to opt out of getting any private messages"
...
This reverts commit 229ecc4f8a
2015-03-23 17:21:58 +11:00
229ecc4f8a
FEATURE: allow end users to opt out of getting any private messages
2015-03-23 15:50:45 +11:00
e9c5e17fbe
PERF: disable PM stats when explicitly omitting stats
2015-02-24 13:39:31 +11:00
130dbf7358
PERF: don't run stats query in user card
2015-02-24 13:31:23 +11:00
e20078a9dc
PERF: fix performance issue when displaying the user card for admins
2015-01-05 19:49:32 +01:00
8ab32396a7
Merge pull request #3009 from gdpelican/feature/new-private-message
...
New Private Message button for user topics
2014-12-03 12:17:45 +01:00
461196f089
FEATURE: 'delete user' button in the user card in the admin section
2014-12-02 18:52:56 +01:00
cc76087f59
Add new private message button on topics list
...
That'll teach me to wildly refactor things.
2014-12-02 00:53:49 +13:00
07211489f0
FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page
2014-11-27 19:51:13 +01:00
27d78332c4
FEATURE: restrict some user fields for TL0 users when viewed by anonymous users
2014-11-26 19:20:03 +01:00
ebcf21585c
FEATURE: add a button for staff to delete a user on their profile page
2014-11-14 15:25:33 -05:00
cc9b040502
Revert "FEATURE: display github profile links on user card and profile"
...
This reverts commit 95c518329a
2014-11-05 07:45:35 +11:00
95c518329a
FEATURE: display github profile links on user card and profile
...
Can be disabled by unchecking "public_github_screen_name"
2014-11-04 13:33:58 +11:00
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
7e8c4b63f4
FIX: only show agreed abd deferred flags on user's profile
2014-10-09 16:10:16 +02:00
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
637371e60a
Switch to count of all notifications
2014-09-09 20:13:36 -07:00
69bc552054
FEATURE: Actually show more notifications
...
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.
Notification history is loaded in blocks of 60 at a time.
Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
334e21a03a
Revert "Revert "FEATURE: Can create warnings for users via PM""
...
This reverts commit 1c7559380c
2014-09-08 11:11:56 -04:00
1c7559380c
Revert "FEATURE: Can create warnings for users via PM"
...
This reverts commit b0bfc1f93f
2014-09-08 10:38:59 -04:00
b0bfc1f93f
FEATURE: Can create warnings for users via PM
2014-09-08 10:27:06 -04:00
2672857aee
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 11:05:44 -04:00
ac8c2e1e07
discourse#2591
2014-07-27 12:12:36 -05:00
44dc4b4a17
add profile option for edit history, visible only when edit history is disabled globally.
2014-07-26 23:04:46 -05:00
8fcc019ff8
FIX: only allow badge title selection if it exists
2014-07-09 15:31:49 +10:00
9abef57312
BUGFIX: staff counters weren't taking into acount deleted posts/actions
2014-07-02 22:33:18 +02:00
15120bb583
FEATURE: add staff counters on user profile
2014-06-30 22:46:47 +02:00
386d1e231a
move profile_background from User to UserProfile
2014-06-26 12:30:07 -04:00
9ffd173873
move bio to UserProfile from User
2014-06-13 14:55:32 -04:00
03087679f0
FEATURE: Support custom preferences for users, injected by plugins
2014-06-11 15:50:37 +10:00
0a42901c40
do not use try in UserSerializer for fields coming from UserProfile
2014-06-07 13:30:35 -07:00
7db31adf35
move website from User to UserProfile
2014-06-06 21:54:32 -07:00
5e526c033d
BUGFIX: missing avatar on user pages
2014-06-02 12:59:54 +10:00
69ffce72a0
Remove dead code
2014-05-30 14:50:03 +10:00
7c22d738b6
FEATURE: Add a location field to a user's profile
2014-05-27 13:54:04 -04:00
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
5284fb7cbc
New Setting: Don't jump to new posts when replying
2014-05-26 16:39:03 -04:00
4642218662
FEATURE: add private messages counters in user activity feed
2014-05-02 22:53:58 +02:00
cdd2101e4f
FIX: Don't hotlink links for new users
2014-04-24 18:36:02 -04:00
4c0f85650e
Display badge count in the user admin page.
2014-04-16 18:08:10 +05:30
e0a4959dc9
Sort featured badges by badge type first, followed by grant count.
2014-04-16 18:08:10 +05:30
89b9f9e2cb
Fix badge serialization issue.
2014-04-11 07:33:17 +05:30
3f4c5ed451
Show badges in the poster expansion card.
2014-04-11 06:59:11 +05:30
e904b2faad
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
* Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 13:26:40 -07:00
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
c513725f26
Allow users to toggle interface language in their preferences
2014-02-18 14:53:59 -05:00
e511e8a80b
Link to groups from user profile
2014-02-07 10:44:51 -05:00
227873df78
FEATURE: proper mailing list mode
...
once enable_mailing_list_mode is enabled any user can elect
to get every post via email unless they opt out of category or topic
2014-02-07 11:07:52 +11:00
f91163e146
FEATURE: added UI for tracking categories
2014-01-06 11:57:27 +11:00
2da5d2311b
FEATURE: Added UI for adding and removing watched and muted categories
2014-01-02 17:59:08 +11:00
db1d01d1a2
Discourse as a Mailing List improvements
...
FEATURE: context is not emailed if we previously emailed you the post
FEATURE: site setting to enable_watch_new_topics , false by default.
When enables users can elect to watch everything by default
FIX: Custom email subjects (x quoted you in [title], x replied to [title])
was removed, this broke email grouping. TBD, include info in footer somehow
FIX: topic user specs were messy, reduce side effects
2013-12-30 13:02:12 +11:00
621b2b5972
enable_names site setting implementation.
2013-12-08 19:31:25 +05:30
915861a646
FIX: suspended users still appear suspended after their suspension expires
2013-12-03 15:53:30 -05:00
dbd2332b74
Public user profile page shows if the user is suspended and why.
2013-11-07 16:34:31 -05:00
Jeff Wong
Neil Lalonde
Sam
Robin Ward
Guo Xiang Tan
junwen yang
Arpit Jalan
Guo Xiang Tan
David McClure
Régis Hanol
James Kiesel
riking
Ben Lubar
Andrew Bezzub
Vikhyat Korrapati
Forest Carlisle
Johan Jatko
Jonathan Allard