Commit Graph

780 Commits

Author SHA1 Message Date
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Gerhard Schlager 7a27c93c03 FIX: URL encode username and first letter in avatar URL
And it adds specs as a follow-up to aadb7da7
2019-04-29 15:08:14 +02:00
Sam Saffron 26b4dbde41 PERF: use delete_all to remove notifications and topic_users
Previously we used destroy here which could be extremely expensive
2019-04-26 22:26:48 +10:00
Sam Saffron c009a6ae36 PERF: speed up user deletion logic
Previously any user deletion would scan a very large number of tables

This avoids scans on 6 tables/indexes on delete
2019-04-26 18:11:39 +10:00
Gerhard Schlager aadb7da7d3 FIX: Use first grapheme cluster for letter avatar 2019-04-24 23:20:46 +02:00
Gerhard Schlager a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Robin Ward 111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward 828cdf3fea FIX: Protected method called, I'll fire myself now 2019-04-03 16:10:36 -04:00
Robin Ward 82bddcbe51 FIX: Don't create two reviewable scores for a user 2019-04-03 16:03:32 -04:00
Robin Ward c1ea63bdc1 FIX: Reviewables should not be created for users until they are active
Conversely, if a user is deactivated the reviewable should automatically
be rejected.

Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Bianca Nenciu a9798f0c47
FEATURE: Add page for all group membership requests. (#6909) 2019-03-27 13:30:59 +02:00
Maja Komel 7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Guo Xiang Tan c5808a8a25 PERF: N+1 queries admin users pages. 2019-03-15 15:09:44 +08:00
Tarek Khalil 4a00772c19
FIX: invite approval `StaffActionLogger` bug (#7151)
* FIX: invite approval `StaffActionLogger` bug
2019-03-12 13:32:25 +00:00
Bianca Nenciu 191e31dccf FEATURE: Log user approvals. (#7121) 2019-03-12 19:16:56 +11:00
Dan Ungureanu 32bae48fd3 DEV: Use User#human? User#bot? (#7140) 2019-03-12 07:58:14 +08:00
David Taylor fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator (#7120)
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Gerhard Schlager 5d75bd4831 FIX: Don't try to rename group when username is taken
FIX: Always rename groups with the default locale instead of using the user's locale
2019-02-19 22:31:03 +01:00
Robin Ward c719658f9f `human?` helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Gerhard Schlager e9ec5238fc DEV: Remove ignored columns 2019-02-08 12:12:38 +01:00
Sam d5ecf8e8c2 FIX: properly clean out post and user actions on destroy user
This corrects 2 issues:

First is a regression with d7c08e21 for some reason dependent :delete_all
respects default scopes where-as dependent :destroy bypasses it.

Secondly, we were keeping orphan user actions around on user destroy, this
ensures we remove all the user actions not only ones that originated by
the user.

So for example: if I like a post of user A we create a user action saying I
did that, but once user A is deleted we were not removing the action leading
to an orphan action in the database.
2019-01-17 12:40:30 +11:00
Sam d7c08e217a PERF: delete user and post actions vs destroy on user destroy
Users can have 100s of thousands of post and user actions, we do not want
to destroy each individually cause the tracking is enormous and the amount
of queries we would need is enormous.

This gives up on the `after_commit` hook on `post_actions` which ships a message
to clients to synchronize a post, so some phantom post_actions may remain
in the UX in the rare occasion we delete a user. The phantoms will be gone
on reload.
2019-01-17 11:19:37 +11:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Maja Komel 98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Neil Lalonde ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
David Taylor 160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
David Taylor 208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Gerhard Schlager 24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan 7534042427 DEV: Update annotations. 2018-11-07 11:11:19 +08:00
Bianca Nenciu 2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Jeff Wong 0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Sam 5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam e605542c4e PERF: limit unread count to 99 in the blue circle
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Neil Lalonde 12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Vinoth Kannan 8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Kyle Zhao e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Kyle Zhao 6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Gerhard Schlager 797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Bianca Nenciu 931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Guo Xiang Tan 919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Vinoth Kannan 84ab825e41
FEATURE: Webhook for user destroyed event (#6124) 2018-07-23 13:19:49 +05:30
Guo Xiang Tan 4765507585 Remove code that is no longer required. 2018-07-19 16:56:53 +08:00
Régis Hanol 6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Guo Xiang Tan 214dac05de Update annotations. 2018-07-16 14:19:07 +08:00
Leo McArdle 21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Arpit Jalan db67c87916 fix purge unactivated users subquery 2018-07-13 07:58:58 +05:30
Arpit Jalan 7550e9ff95 FIX: purge unactivated users with a message from non-human users 2018-06-29 13:03:04 +05:30
Robin Ward 5d1d7e0e7d PERF: Scanning the `id` for this is signficantly slower in production 2018-06-28 11:04:40 -04:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Jeff Wong 41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Jeff Wong bc52bdfa12 Feature: unconditionally consider TL0 users as "first day" users 2018-06-21 10:53:08 -07:00
Jeff Wong 2ff226e509 FIX: consider staged users mature (no spam checks) after 1 day 2018-06-19 09:41:10 -07:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Jeff Wong 68e4e6a575 FIX: staged users are still tl0 but do not trigger spam if 1 week old. 2018-06-18 17:20:04 -07:00
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Régis Hanol f988fa31aa FIX: ensure 'notifications_state' is up to date after creating a notification 2018-05-26 02:09:48 +02:00
Gerhard Schlager beed676b04 FIX: Check group names when checking username availability 2018-05-22 21:55:54 +02:00
Guo Xiang Tan b3981ddc43 Shorten `User.suggest_name` further. 2018-05-17 16:35:03 +08:00
Guo Xiang Tan 117763493b Refactor `User#suggest_name`.
* Rename `email` to `string` as variable can be an email, username
  or any valid string.
2018-05-17 14:54:14 +08:00
Arpit Jalan aee4045dd0 FIX: suggest name when username/name is provided 2018-05-17 10:36:36 +05:30
Régis Hanol 39aceed63d FIX: don't purge unactivated users with a message 2018-05-16 18:24:11 +02:00
Régis Hanol a28c58feb1 FIX: automatic group membership when using SSO 2018-05-15 01:48:30 +02:00
Joffrey JAFFEUX e474351ae4
inactive users report is not used anymore 2018-05-14 21:31:14 +02:00
Joffrey JAFFEUX 83255d94d9
DateGroupable is not used anymore 2018-05-14 16:26:14 +02:00
Régis Hanol 3e06598e96 FIX: only unstage staged users 2018-05-14 12:03:15 +02:00
Régis Hanol 2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Sam 8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Jeff Wong 91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Gerhard Schlager ee426623e4 Dashboard next: correctly group inactive member count 2018-05-04 07:48:55 +02:00
Gerhard Schlager 41cd8c169c Add specs for inactive users report 2018-05-04 07:48:55 +02:00
Joffrey JAFFEUX 980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Joffrey JAFFEUX b9c7e09a4e
linting 2018-04-26 15:21:02 +02:00
Joffrey JAFFEUX 9fabf2543b
dashboard next: activity metrics and new contributors
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
Guo Xiang Tan 00d879ec63 Fix the build. 2018-04-03 00:44:12 +08:00
Guo Xiang Tan 2498403bc3 Revert "FIX: Username uniqueness check should not happen to current user_id"
This reverts commit f71a18facd.
2018-04-03 00:44:04 +08:00
Vinoth Kannan f71a18facd FIX: Username uniqueness check should not happen to current user_id 2018-04-02 21:59:11 +05:30
Guo Xiang Tan 221503cd10 FIX: Add server side uniqueness validations for `Group#name` and `User#username`.
https://meta.discourse.org/t/groups-can-be-given-same-name-as-existing-username/74010
2018-04-02 18:19:18 +08:00
Guo Xiang Tan 35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Guo Xiang Tan fa95699fde Fix the build. 2018-03-22 14:20:27 +08:00
Guo Xiang Tan f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Guo Xiang Tan 9e8d10f711 Fix the build. 2018-03-19 12:34:21 +08:00
Guo Xiang Tan 52b9af10a1 PERF: PG queries for the `UserEmail#email` column was not using the index. 2018-03-19 11:31:14 +08:00
Guo Xiang Tan c85e1fdb50 Revert "PERF: Query for email was not using index."
This reverts commit 65eb046e69.
2018-03-16 15:31:39 +08:00
Guo Xiang Tan 65eb046e69 PERF: Query for email was not using index. 2018-03-16 15:19:35 +08:00
Neil Lalonde 5ce8177662 FIX: unable to delete user belonging to a group that grants a trust level 2018-03-14 15:12:11 -04:00
Guo Xiang Tan 0e1b896821 Explicitly assign primary_email record when creating a user
* This looks like we're doing the same thing but
  we're debugging a race condition where a user
  can be created without an email record. Therefore,
  we prefer the more obvious method of assigning an
  association.
2018-03-09 15:59:46 +08:00
Guo Xiang Tan 642c60c310 Rename variable so that it is clearer which variable is being referred. 2018-03-02 16:41:02 +08:00
Gerhard Schlager fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Arpit Jalan f07b1a5c05 FIX: activate user even if email token is already confirmed 2018-02-14 20:44:48 +05:30
Joshua Rosenfeld f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Gerhard Schlager b784c1eda4 FIX: Remove all notifications of staged user during sign-up 2018-01-25 14:58:43 +01:00
Gerhard Schlager d9515c37b3 FIX: Show message from discobot when staged user signs up 2018-01-25 14:58:43 +01:00
Gerhard Schlager dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Philipp Daniels 6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Régis Hanol af3c153687 make robocop 🤖 happy 2017-12-12 11:33:35 +01:00
Régis Hanol 62a5b174e1 FIX: wasn't able to use the same username when taking over a staged account 2017-12-12 11:26:00 +01:00
Robin Ward 4ae1bbaeba FIX: Only show the full suspension reason on the admin side 2017-12-07 13:27:02 -05:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Vinoth Kannan 7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Vinoth Kannan 1ee48966ca REVERT: FIX: Password required flag should be cleared whenever clearing the raw password 2017-11-30 16:17:14 +05:30
Vinoth Kannan 1776649b4d FIX: Password required flag should be cleared whenever clearing the raw password 2017-11-30 13:40:18 +05:30
Robin Ward 23ee3047bf FIX: Future date input selector was not respecting timezone 2017-11-28 13:44:24 -05:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Neil Lalonde b37e40eea9 FEATURE: show read time in last 60 days 2017-11-16 15:46:51 -05:00
Vinoth Kanan 9ed16343fc Remove email column from schema information 2017-11-15 15:45:19 +05:30
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan b3237d37f0 Drop unused email column from users table. 2017-11-07 10:12:33 +08:00
Guo Xiang Tan defea6245c REFACTOR: Always validate email by default. 2017-10-25 13:48:34 +08:00
Guo Xiang Tan 19f3b81161 Revert "FIX: always trigger the ':user_updated' event"
This reverts commit 519b70ea46.

https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward f73a3cc0d4 Don't include suspended_at or suspended_till unless suspended 2017-10-13 12:17:54 -04:00
Guo Xiang Tan d67f0b39ae Update annotations. 2017-10-06 11:13:01 +08:00
Guo Xiang Tan e542884b00 FIX: Incorrect notification state being published. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan 23b787e0a6 Require dependency otherwise it causes Sidekiq to lock up in development. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Guo Xiang Tan 26c6447161 Fix bugs in profiling scripts leading to incorrect results. 2017-09-13 15:33:59 +08:00
Leo McArdle 104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Neil Lalonde d7d9923b8e FIX: display email validation error messages 2017-09-11 13:22:14 -04:00
Guo Xiang Tan 672b7cb9a5 Require missing dependency. 2017-09-05 09:39:56 +08:00
Guo Xiang Tan 7786c6c6f2 Remove duplicated scope. 2017-09-05 09:15:06 +08:00
Sam c705159d22 Remove email column from user table 2017-08-29 11:50:56 -04:00
Neil Lalonde 398604ac71 FEATURE: set purge_unactivated_users_grace_period_days to 0 to disable purging unactivated users 2017-08-25 15:20:06 -04:00
Erick Guan 1146772deb Fix: unlinked topic search model (#5044) 2017-08-15 11:46:57 -04:00
Guo Xiang Tan 0bc690ed11 FIX: Staged users are still missing primary email. 2017-08-09 12:03:49 +09:00
Régis Hanol 519b70ea46 FIX: always trigger the ':user_updated' event
We don't always use the UserUpdated class to update a user's record
2017-08-04 18:12:10 +02:00
Guo Xiang Tan 24e0e000b9 FIX: Always validate presence of user's primary_email. 2017-07-31 11:47:29 +09:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol d67fe4c674 FIX: block all emails associated to a user when destroying their record 2017-07-25 17:44:46 +02:00
Leo McArdle d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Neil Lalonde 69b2d64334 FIX: letter avatars in quotes on subfolders installs are broken 2017-06-23 17:12:13 -04:00
Régis Hanol d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Régis Hanol 038454bde2 FIX: always confirm emails when SSO says so 2017-06-08 01:05:33 +02:00
Guo Xiang Tan 2ee144c27f FEATURE: Add DiscourseEvent trigger when a user logs in.
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Arpit Jalan 0954367bf4 FIX: send activation email when accepting invite if password is set 2017-04-15 14:59:50 +05:30
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Guo Xiang Tan 3d76fb9c2c FIX: Don't show category options for reports that can't be scoped to a category. 2017-04-13 17:10:55 +08:00
Guo Xiang Tan 72c16967e6 FIX: Check for reserved usernames before hitting DB. 2017-04-13 11:32:20 +08:00
Guo Xiang Tan 57788200ec REFACTOR: Add `User.reserved_username?`. 2017-04-13 10:44:26 +08:00
Guo Xiang Tan 0d67b507dc Merge pull request #4788 from davidtaylorhq/user_seen_event
Add a user_seen DiscourseEvent for plugins to hook into
2017-04-06 12:32:16 +08:00
Guo Xiang Tan 5943543ec3 FIX: Improve checks for non-human users. 2017-04-06 11:29:34 +08:00
David Taylor 03373a0e84 Add a user_seen DiscourseEvent for plugins to hook into 2017-03-31 23:30:59 +01:00
Arpit Jalan 4812417192 FIX: do not add user to group based on email domain unless email is confirmed 2017-03-28 15:02:40 +05:30
Guo Xiang Tan e8fc8f0bb6 Update annotations. 2017-03-22 14:26:53 +08:00
Guo Xiang Tan 9f299b6842 Use `after_commit` since `after_save` runs within the transaction as well. 2017-03-16 16:02:34 +08:00
Guo Xiang Tan 299b92b4d7 Fix broken user created event trigger. 2017-03-16 15:36:27 +08:00
Guo Xiang Tan 5169ef8814 Fix broken specs. 2017-03-16 15:05:28 +08:00
Guo Xiang Tan bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Guo Xiang Tan 4d4a1a1552 Add scope for human users. 2017-03-11 14:25:09 +08:00
Guo Xiang Tan 08ffbf6c61 Use `Time.zone.now` instead. 2017-03-05 11:10:40 +08:00
Bianca Nenciu 30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Régis Hanol cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Neil Lalonde 3fb50d587d FIX: invited users and new TL1 users will see their first notification highlighted 2017-02-17 10:30:29 -05:00
Robin Ward 0e58e393a1 FIX: === and a better constant, thanks @ZogStriP 2017-02-13 13:14:19 -05:00
Robin Ward e1d358ffbf FIX: Don't clear the login hint when the system user is saved 2017-02-13 10:54:20 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol 84af84dc52 prevent inactive & staged users from being automatically added to a group 2017-02-06 17:49:27 +01:00
Guo Xiang Tan ec73224b5e PERF: Remove N+1 query when saving a user. 2017-02-03 15:03:33 +08:00
Guo Xiang Tan c01cee4aa6 PERF: N+1 query when saving a user. 2017-01-27 10:53:42 +08:00
Robin Ward 86c52c72f6 FIX: Deleting a user was not deleting their directory items 2017-01-16 11:46:52 -05:00
Guo Xiang Tan 63954c1b33 FIX: Same user record being saved twice causing validation to fail. 2017-01-16 16:41:03 +08:00
Guo Xiang Tan ed5fa20b0c Revert "FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level"
This reverts commit 9c40657ba4.

Calling this whenever a user is initialize is hurting us bad
on performance.
2017-01-16 09:44:10 +08:00
Guo Xiang Tan 980cea7081 FIX: Add length validation for `User#name`. 2017-01-03 13:42:33 +08:00
Guo Xiang Tan f1beef43a8 Merge pull request #4618 from tgxworld/fix_invalid_emails
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Neil Lalonde 9c40657ba4 FIX: error during signup saying "Password is the same as your current password" due to automatic group membership granting a trust level 2016-12-28 17:36:04 -05:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan 13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Neil Lalonde 239d06b218 add Likes Recieved to possible stats in summary email 2016-12-12 14:20:25 -05:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan f812415c52 Update annotations. 2016-11-24 10:13:03 +08:00
Guo Xiang Tan 8c6d8c85db Stop showing first notification prompt once user sees the notification. 2016-11-17 09:44:00 +08:00
Guo Xiang Tan 98c1e0832c FIX: Track first notification read using Redis. 2016-11-16 16:20:38 +08:00
Guo Xiang Tan 16fdcdfc00 FIX: Add conditions on when to show first pm notification. 2016-11-16 14:17:47 +08:00
Leo McArdle 784366f1a0 FIX: display only 1 trust level badge on user card
refactoring graciously provided by @xfalcox
2016-11-14 20:53:24 +00:00
Arpit Jalan 9e69798285 FEATURE: watch first post default site setting 2016-11-10 00:09:52 +05:30
Guo Xiang Tan b18439a1e2 Fix build. 2016-11-08 17:00:44 +08:00
Guo Xiang Tan a8b7599d4a FEATURE: Add a radial ping when user's first notification has not been read. 2016-11-08 16:23:12 +08:00
Erick Guan c463cf63d4 FEATURE: Webhook for user creation and approval 2016-09-19 10:12:55 +08:00
Sam 25a82e7d22 PERF: only publish notification state if we changed it
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Robin Ward 9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
Guo Xiang Tan 90a0327fd2 FIX: Check against reserved usernames should be case insensitive. 2016-08-31 21:53:41 +08:00
Sam 416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Jeff Atwood f8144f07fd purge 2x the unactivated old users 2016-07-27 03:29:00 -07:00
Sam df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Arpit Jalan a9207dafa7 FEATURE: configure session time via site setting for all the users (#4343) 2016-07-23 02:57:30 +05:30
cpradio 64bdededd3 Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. (#4333) 2016-07-18 09:02:41 +02:00
Guo Xiang Tan e4a82cdd85 Merge pull request #4306 from tgxworld/add_discourse_event_trigger_when_user_logs_out
FEATURE: Add event trigger when a user is logged out.
2016-07-05 19:50:46 +08:00
Régis Hanol 59680af329 disable email white/blacklisting for staged users 2016-07-04 16:05:01 +02:00
Guo Xiang Tan 22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Neil Lalonde 487c20959c FEATURE: max topics/replies per day for new users now starts counting from the first post, not signup date 2016-06-20 16:55:11 -04:00
Régis Hanol 470da6205c FIX: staged users should not watch/track/mute categories by default 2016-06-14 16:45:47 +02:00
Guo Xiang Tan cb5be1fe8f
Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
Sam 089b1d164c annotate models
(reminder run RAILS_ENV=test bin/annotate once in a while)
2016-05-30 10:45:32 +10:00
Neil Lalonde f13470b96b Use db schema for tags instead of plugin store and custom fields 2016-05-26 14:29:48 -04:00
James Kiesel feffe23cc5 FEATURE: More granular mailing list mode (#4068)
* Rearrange frontend to account for mailing list mode

* Allow update of user preference for mailing list frequency

* Add mailing list frequency estimate

* Simplify frequency estimate; disable activity summary for mailing list mode

* Remove combined updates

* Add specs for enqueue mailing list mode job

* Write mailing list method for mailer

* Fix linting error

* Account for stale topics

* Add translations for default mailing list setting

* One query for mailing list topics

* Fix failing spec

* WIP

* Flesh out html template

* First pass at text-based mailing list summary

* Add user avatar

* Properly format posts for mailing list

* Move make_all_links_absolute into Email::Styles

* Apply first_seen_at to user

* Send mailing list email summary hourly based on first_seen_at

* Branch and test cleanup

* Use existing mailing list mode estimate

* Fix failing specs
2016-05-21 15:17:54 +02:00
Arpit Jalan 74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Régis Hanol 2194ccec6e slightly better automatic flag reason messages 2016-04-25 23:03:17 +02:00
Régis Hanol 7d9f2265b9 FIX: improve support for handling emails coming from screened email addresses 2016-04-18 23:01:54 +02:00
Régis Hanol de9136a8f2 FIX: bypass TL0-specific validations on posts in a PM 2016-04-18 22:08:42 +02:00
Régis Hanol 868e70e817 FIX: ensure we only ever enqueue 1 UpdateGravatar job 2016-04-18 12:44:09 +02:00
Régis Hanol 8fcd359e2a Revert "FIX: Jobs.cancel_scheduled_job wasn't working anymore due to our move to using multiple queues"
This reverts commit b7c16991f7.
2016-04-13 18:30:25 +02:00
Régis Hanol b7c16991f7 FIX: Jobs.cancel_scheduled_job wasn't working anymore due to our move to using multiple queues
FIX: Don't queue more than 1 'update_gravatar' job per user
2016-04-13 18:12:28 +02:00
James Kiesel 609969bf6f Remove `has_many :views` from User (#4150) 2016-04-08 00:37:10 +02:00
Sam a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Régis Hanol 0bf001ccd7 FIX: badge grant count wasn't filtered to the current user in the user summary 2016-03-30 23:11:00 +02:00
Neil Lalonde 54f8bdd13b FIX: only validate username when changing it 2016-03-29 11:53:21 -04:00
Robin Ward 1006b1ba94 Various Plugin Enhancements and Extension Points 2016-03-11 15:53:37 -05:00
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Sam f0e942f647 PERF: move 3 more option columns out of the user table 2016-02-18 16:57:22 +11:00
Sam 3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Sam dd6ebde824 FIX: Always ensure notifications are treated as read once clicked
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries

- Add feature "SetTransientHeader" that allows shipping info to server
   in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Arpit Jalan eec8436cfe FEATURE: filter admin reports via user group 2016-02-04 11:23:49 +05:30
Sam Saffron a764cc3a42 FEATURE: by default users track a group (as opposed to watch)
FEATURE: a rollup counting number of messages in the group inbox to tracking users
2016-01-27 21:38:33 +11:00
Sam Saffron 7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Régis Hanol 3083657358 FEATURE: better email in support
FEATURE: new incoming_email model
FEATURE: infinite scrolling in emails admin
FEATURE: new 'emails:import' rake task
2016-01-19 00:57:55 +01:00
Sam Saffron c2e45c8377 Update annotate and annotate models 2016-01-11 17:30:56 +11:00
Sam 03ea0bfe22 FEATURE: allow users to archive messages
Messages are now in 3 buckets

- Inbox for all new messages
- Sent for all sent messages
- Archive for all messages you are done with

You can select messages from your Inbox or Sent and move them to your Archive,
you can move messages out of your Archive similarly

Similar concept applied to group messages, except that archiving and unarchiving
will apply to all group members
2015-12-23 11:09:30 +11:00
Sam a8b5192efd FEATURE: User page refactor
Re-organise user page so it is easier to find interesting info
split it into tabs

- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
Régis Hanol 1cde276656 FEATURE: ability to send emails to a group 2015-12-07 17:01:08 +01:00
Sam 88f1a8f0b1 Merge pull request #3821 from mpalmer/letter-avatar-proxy
Proxy letter avatars by default
2015-11-19 20:02:16 +11:00
Régis Hanol 92ba6125c4 FEATURE: new 'automatically_unpin_topics' user preference 2015-11-17 18:21:40 +01:00
Sam Saffron 6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Matt Palmer af4a48a67c Use Discourse.current_hostname
Much cleaner.
2015-11-06 14:13:44 +11:00
Matt Palmer c09f345cff Proxy letter avatars by default
On sites that don't otherwise configure an avatar fallback, Discourse will
now tell the client to get its letter avatars from a location which nginx
proxies to the centralised `avatars.discourse.org` service.  This alleviates
privacy concerns, whilst still providing some degree of performance benefit
(no need for every site to delay avatar response by 300ms for image
rendering).

It is still possible to gain the benefits of global image caching and the
lower latency of requesting directly from a CDN, by explicitly changing the
`external_system_avatars_url` site setting to
`https://avatars.discourse.org/letter/{first_letter}/{color}/{size}.png`.
2015-11-06 14:13:44 +11:00
Arpit Jalan a439500bac FIX: do not mark post as spam if the previous flag was disagreed 2015-10-17 01:30:53 +05:30
Régis Hanol fe656fb04d FIX: select appropriate period when redirecting to top 2015-09-21 20:28:20 +02:00
Sam c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Régis Hanol b9a9a91335 FIX: couldn't set 'never' for the default email digest frequency setting 2015-09-14 10:36:25 +02:00
Sam f948ee9e26 FIX: ensure letter avatar service uses same algorithm 2015-09-14 09:42:21 +10:00
Régis Hanol 93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Régis Hanol 0c58f08207 FIX: profile picture selector 2015-09-11 15:10:56 +02:00
Sam 6437cd0341 FEATURE: add support for generic external avatar services
This changes it so we only ship an avatar template down to the client
it has no magic, all it knows is how to plug in size
2015-09-11 15:10:56 +02:00
Sam 90d49d1497 correct paths used for external service 2015-09-11 13:18:07 +10:00
Régis Hanol 2742602254 FEATURE: support for external letter avatars service 2015-09-11 02:12:40 +02:00