Commit Graph

1853 Commits

Author SHA1 Message Date
Sam 5b6e49ae1d FEATURE: split out max diff to 2 settings
We trust staff + tl2 and up to perform edits in grace period.
Allow them significantly more edit room in grace period prior to storing
a revision.

editing_grace_period_max_diff_high_trust applies to users with tl2 and up.

So

tl0 / 1 : we store an extra revision if more than 100 chars change
tl2 and up : we store an extra revision if more than 400 chars change

We may tweak these numbers as we go.
2018-03-09 11:58:50 +11:00
Sam e162cd16b6 FEATURE: editing_grace_period_max_diff to force revisions in grace period
If a user performs a substantive edit of 20 chars or more during grace period
we will store a revision to track the change

This allows for better auditing of changes that happen during the grace period
2018-03-07 18:34:34 +11:00
AhmadFCheema 95dd5e30c1 Fix minor typo in server.en.yml (#5649) 2018-03-05 17:27:51 -05:00
Robin Ward 0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Neil Lalonde baf1c385eb UX: when a post is blocked due to a watched word, message includes the word being blocked 2018-02-28 11:22:18 -05:00
Joshua Rosenfeld 48aea2a9fc
backup_frequency copy edit 2018-02-27 15:41:37 -05:00
Neil Lalonde 3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan 2e2da3a6e2 Update copy for 2FA. 2018-02-23 10:36:48 +08:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan 24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Guo Xiang Tan ef1b82a226 Add missing site setting description. 2018-02-22 13:52:36 +08:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Joshua Rosenfeld 3ec8b38796
A few more 'private message' strings to update
Follow up from a08832bd08
2018-02-21 15:28:26 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Joshua Rosenfeld 23f7c3607c
Update Twitter login site setting description text 2018-02-21 13:07:33 -05:00
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Arpit Jalan c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle 5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
SidV 790c5facc9 Mailgun typo (#5593)
mailgun = Mailgun
2018-02-16 01:35:37 -05:00
Sam 38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward 4dfe659189 Rename `allow staff flags` to `allow flagging staff` 2018-02-12 15:27:26 -05:00
Robin Ward 6287631745 FEATURE: New site setting, `allow staff flags`, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
AhmadF.Cheema e48ae647f9 Fix typo in server.en.yml 2018-02-11 21:17:22 +01:00
scossar dab0ec1d66 Add translation key/value for target_user_not_found error message 2018-02-07 11:35:17 +01:00
Robin Ward 1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Robin Ward 96710754d9
Merge pull request #5540 from discourse/mixed-text-direction-support
FEATURE: Mixed text direction support
2018-02-01 07:29:15 -08:00
Joshua Rosenfeld f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Arpit Jalan a08832bd08 rename 'private messages' to 'personal messages' in locale 2018-02-01 19:25:14 +05:30
Arpit Jalan f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan 6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan 7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan 7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan 25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Sam ee0d3f15c1 FEATURE: allow better fidelity for auto linkify, disable most tlds based linkify
New site settings:

enable_markdown_linkify: which is default on, auto links https:// and http:// and mail://

markdown_linkify_tlds: which allows control of what tlds get autolinked for cases such as www.site.com, default is com|net|gov
2018-02-01 13:22:38 +11:00
Régis Hanol c6fac68ccd FIX: don't blow up on badly encoding incoming email body 2018-01-30 23:47:58 +01:00
Maja Komel 018cb7f36b add a custom user onebox (#5542)
* add custom user onebox

* add specs
2018-01-30 11:03:08 +01:00
Arpit Jalan 1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
scossar caa38aaaad Add support for mixed text directions 2018-01-28 18:33:55 -08:00
Robin Ward 44e2038b53 Setting to automatically lock posts when edited by staff 2018-01-26 14:01:30 -05:00
Arpit Jalan 7b4e6d508b improve reviving_old_topic education message 2018-01-26 00:06:53 +05:30
Gerhard Schlager ba6cd83e3a ISO 639-1 codes aren't used in the UI anymore 2018-01-25 14:57:41 +01:00
Sam 3492a91056 FEATURE: allow site operators to disable emoji shortcuts 2018-01-24 12:21:44 +11:00
Robin Ward 782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Régis Hanol f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Matt Palmer 133acfc805 UX: Improve description of s3_use_iam_profile
https://meta.discourse.org/t/s3-uploads-iam-user-backups-questions/78484
2018-01-20 20:19:59 +11:00
Joshua Rosenfeld 8a3c9ee3c5
FIX: notify_about_queued_posts_after copyedit
notify_about_queued_posts_after does not email contact_email anymore, notification is instead a group message to the moderators group.
2018-01-19 17:45:02 -05:00
Marcus Baw 604c189440 remove superfluous 'the' from translation file (#5508)
Original text 'Use the HTML instead of the text for incoming email.' sounds odd for native English speakers. 
I propose the slight modification 'Use HTML instead of text for incoming email.'
2018-01-17 16:52:41 +11:00
Neil Lalonde 4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Jeff Atwood dcbaf2f213 copyedit: personal, not private, message throughout 2018-01-11 16:04:14 -08:00
Robin Ward ee76636b76 FIX: Typo 2018-01-11 15:48:54 -05:00
Vinoth Kannan b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Guo Xiang Tan e90187cbf7
Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned
FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
2018-01-09 13:35:08 +08:00
Arpit Jalan fc68e3d223 📅 2018! 2018-01-05 10:09:52 +05:30
Guo Xiang Tan 8a3bbcb19a FIX: Add guard to prevent a primary `UserEmail` from being reassigned. 2018-01-04 19:40:50 +08:00
Arpit Jalan 222fab1435 Update default ToS 2018-01-02 11:26:22 +05:30
Régis Hanol f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Arpit Jalan 0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Jeff Atwood 3bc53f2946 very minor copyedit 2017-12-21 18:37:14 -08:00
Jeff Atwood 2a8da9a9cb minor copyedit on google id conflict message 2017-12-21 18:36:02 -08:00
Jeff Atwood cedfd6b68c
Merge pull request #5449 from Supermathie/google_fix
FIX: google oauth flow should automatically update the google account used for login when appropriate
2017-12-21 17:46:43 -08:00
Robin Ward 69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Joshua Rosenfeld 5a9c1c13ee
minor copyedit to username_change_period 2017-12-20 18:20:22 -05:00
Michael Brown 105cf61ed9 Implements https://meta.discourse.org/t/issue-user-changed-google-account-and-cant-connect-thru-his-profile/35028/18?u=supermathie 2017-12-20 17:59:36 -05:00
Arpit Jalan eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Sam f5b3652d97 HTML paste is experimental 2017-12-15 12:29:39 +11:00
Arpit Jalan f15270a0df FIX: do not onebox flagged post link 2017-12-14 22:36:32 +05:30
Vinoth Kannan 98d19616dd FIX: translation for site setting enable_rich_text_paste 2017-12-12 14:45:19 +05:30
Arpit Jalan 6acf0693a5 make crawler_user_agents a hidden setting 2017-12-11 11:10:15 +05:30
Sam 68d3c2c74f FEATURE: add global rate limiter for admin api 60 per minute
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
2017-12-11 11:07:22 +11:00
Vinoth Kannan fdef4e58f0 Skip markdown table conversion from rich text feature flag setting 2017-12-08 18:30:38 +05:30
Vinoth Kannan b9c0488687 New site setting to enable or disable rich text pasting 2017-12-08 14:09:39 +05:30
Joffrey JAFFEUX fd99e1ef56 FEATURE: site setting enable_mentions to turn on/off mentions 2017-12-07 16:27:58 -05:00
Arpit Jalan 5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Gerhard Schlager eda30c4cf2 FIX: spam posts get blocked, not silenced 2017-12-07 11:16:43 +01:00
Arpit Jalan 0e0794dff9 FIX: correct use of invitee vs inviter in email templates 2017-12-04 14:09:48 +05:30
Jeff Atwood cf2ff76d09 FEATURE: link to meta release notes tag in version release email text 2017-12-01 12:55:03 -08:00
Régis Hanol bf1a1764ce
FIX: translation for "destroy_reasons.same_ip_address"
Take 2
2017-12-01 18:46:12 +01:00
Régis Hanol 2366cdaefe
FIX: translation for "destroy_reasons.same_ip_address" 2017-12-01 17:38:33 +01:00
Guo Xiang Tan 1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Guo Xiang Tan 1d8b834301
Merge pull request #5369 from vinothkannans/queued
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Vinoth Kannan 31aa21b5a4 FIX: Error if queued post not found while updating 2017-11-27 19:25:51 +05:30
Guo Xiang Tan 5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Robin Ward e0dc4ea4fc FIX: Missing i18n key 2017-11-23 13:28:06 -05:00
Régis Hanol 4addc5e329 Add missing contexts when destroying users 2017-11-22 15:43:54 +01:00
Neil Lalonde 66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Vinoth Kannan 7b494a65c9 NEW: large image placeholder added in cooked html (#5291) 2017-11-15 11:30:47 +01:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Joshua Rosenfeld 4dc29e5f9e
Missed a spot renaming block to silence 2017-11-13 15:35:52 -05:00
Sam dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan 6090994cdf FEATURE: Retain the latest 30 days of WebHookEvent records by default. 2017-11-08 14:11:01 +08:00
Sam 56412adad5 FEATURE: custom setting for large square site icon
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Neil Lalonde 7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Rafael dos Santos Silva 32b3847d52 FIX: Update mobile logo resolution
This makes Discourse compliant with latest Google PWA requirements,
so we get the App Install banner back.

Should bump our Lighthouse PWA Audit score to 11/11.
2017-11-01 01:51:51 -02:00
Neil Lalonde ca8922e6f8 UX: Autobiographer badge description should link to profile preferences 2017-10-31 16:02:32 -04:00
Neil Lalonde d753adab84 FIX: badge description links broken on subfolder 2017-10-31 15:18:52 -04:00
Penar Musaraj bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Neil Lalonde a5afc08363 FIX: html links in text part of summary email 2017-10-30 15:43:01 -04:00
Guo Xiang Tan 0abc5f90cd FIX: Broken link in new user of the month post. 2017-10-30 13:11:29 +08:00
Guo Xiang Tan ddd07773da FIX: Don't hardcode the path into translations. 2017-10-30 12:47:34 +08:00
Arpit Jalan 33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Joshua Rosenfeld 128ca0d1a9 Missed a spot changing defer to ignore (#5267) 2017-10-26 15:22:45 +11:00
Robin Ward 320341ab46 Hex values should have 6 digits 2017-10-20 14:50:55 -04:00
Robin Ward e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Arpit Jalan 804b4f32f8 better error message when API authentication fails 2017-10-20 20:05:34 +05:30
Joshua Rosenfeld 52b33b448d Use simpler language 2017-10-15 14:36:50 -04:00
Joshua Rosenfeld 512a723936 Update username rule description 2017-10-13 21:47:04 -04:00
Neil Lalonde c29334cf23 FEATURE: the hide_email_address_taken setting works with the change email address form in user preferences 2017-10-04 11:41:25 -04:00
Neil Lalonde 1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Gerhard Schlager 7f50380221 FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 16:36:08 +02:00
Gerhard Schlager 76706f9144 FIX: don't create staged users when incoming email is rejected
FIX: don't send subscription mail to new users
2017-10-03 16:36:08 +02:00
Sam f6fdc1ebe8 FEATURE: flexible crawler detection
You can use the crawler user agents site setting to amend what user agents
are considered crawlers based on a string match in the user agent

Also improves performance of crawler detection slightly
2017-09-29 12:31:50 +10:00
Robin Ward 41c3941c4c FEATURE: Support regular expressions for watched words 2017-09-27 15:48:57 -04:00
Gerhard Schlager 1a37812625 FIX: show error message when keys are missing in email template
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
Robin Ward faa37c3070 FIX: Missing "no activity" message. 2017-09-26 09:37:53 -04:00
Robin Ward 677b016387 Send a suspension message via email to a user 2017-09-25 12:26:41 -04:00
Robin Ward 561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Gerhard Schlager d51eee4dbc FIX: don't try to send a rejection message when the sender was not detected 2017-09-15 17:30:02 +02:00
Neil Lalonde 16fe7aa307 FEATURE: automatically handle flags and posts that have been waiting in a queue for a long time. Flags will be deferred. Posts waiting for approval will be rejected. Control how old the records need to be with the auto_handle_queued_age site setting. 2017-09-14 12:01:06 -04:00
Jeff Atwood 9dc5bf1d97 minor copyedits 2017-09-13 17:39:15 -07:00
Vinoth Kannan 6e9671c2c3 UX: Placeholder images color changed & tootip added 2017-09-13 15:16:38 +05:30
Neil Lalonde beea5cac48 FIX: send the queued posts reminder as a message to moderators instead of an email to the contact_email 2017-09-12 18:00:51 -04:00
Jeff Atwood 5aba30ede6 description wasn't checked in. ???? 2017-09-06 18:46:40 -07:00
Jeff Atwood 27e4baf357 minor copyedits on visit days badges 2017-09-06 15:01:04 -07:00
Régis Hanol 8a935a4b5f FEATURE: new badges when visiting the forum for 10, 100 and 365 consecutive days 2017-09-06 22:35:08 +02:00
Joshua Rosenfeld 532b698c2f Merge pull request #5132 from tophee/master
Update "email in" help text
2017-09-04 15:19:43 -04:00
tophee bb098af38e Update "email in" help text
https://meta.discourse.org/t/straightforward-direct-delivery-incoming-mail/49487/98?u=tophee
2017-09-04 15:32:04 +02:00
Sam Saffron e283e6aea0 FEATURE: allowed_iframes site setting for allowing iframes
This allows you to whitelist custom iframes if needed in posts
2017-09-01 10:15:44 -04:00
Bianca Nenciu bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Neil Lalonde 398604ac71 FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users 2017-08-25 15:20:06 -04:00
minusfive c01dc26ea6 Add no-content message for user/activity/replies, fix no-content display 2017-08-24 09:51:39 -07:00
Jeff Atwood ab017c90c8 improved email bad destination error copy 2017-08-23 20:04:31 -07:00
john muhl 76e134c700 fix misuse of TLD 2017-08-22 16:45:29 -05:00
Jeff Atwood 8f795b35bb missed a spot on email invite h4 to bold conversion 2017-08-16 16:43:14 -07:00
Erick Guan 77d00ea7f9 Remove hidden settings' translation (#5043) 2017-08-14 12:12:40 +02:00
Jeff Atwood b900f1b9d5 minor improvements to setup wizard copy 2017-08-10 16:32:56 -07:00
Jeff Atwood 112133736b soften the auto-hiding PM message a bit 2017-08-10 15:34:32 -07:00