f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature ( #6738 )
2018-12-07 15:01:44 +00:00
1d649e147b
FEATURE: show avatar flair on group, badges and directory pages ( #6732 )
2018-12-06 12:18:52 +01:00
56890efd7a
FEATURE: Add 'Advanced Test' for admin panel.
2018-12-05 21:56:18 +01:00
1a4f592749
FIX: Always allow admins upload selectable avatars.
2018-12-05 21:55:23 +01:00
978f0db109
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-05 16:43:07 +01:00
d33d031742
FEATURE: Filter topic and post web hook events by tags ( #6726 )
...
* FEATURE: Filter topic and post web hook events by tags
* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
3c9c95ac83
Update Rubocop to 0.60
2018-12-04 10:48:16 +01:00
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies ( #6702 )
2018-11-29 22:44:18 +05:30
4a8f21d387
FIX: prevent minimum_required_tags on category being set to null ( #6703 )
...
* FIX: prevent minimum_required_tags on category being set to null
* add migration for NOT_NULL constraint for minimum_required_tags
* add specs
2018-11-29 18:10:14 +01:00
55945ec7c8
FIX: throw error when link in reason for grant badge is an external link ( #6690 )
2018-11-28 18:01:41 +01:00
e7b76b319a
FEATURE: Setting for short title used by Android on homescreen
2018-11-28 14:59:30 +01:00
851ef14096
Revert "FIX: do not agree flags by default when deleting posts"
...
This reverts commit cb6fc8057b
2018-11-28 10:21:11 +05:30
bdb1268528
FIX: static page title should be consistent on client side and server side
2018-11-27 22:03:52 +05:30
6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
...
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
cb6fc8057b
FIX: do not agree flags by default when deleting posts
2018-11-27 10:57:20 +05:30
03deda2147
Upgrade to FontAwesome 5 (take two) ( #6673 )
...
* Add missing icons to set
* Revert FA5 revert
This reverts commit 42572ff
2018-11-26 16:49:57 -05:00
b5bf182ad5
FIX: validate topic deletion when acting on a flag
2018-11-25 23:24:03 +05:30
a1888b301b
DEV: Don't require login for QUit test path.
2018-11-23 13:50:19 +08:00
60941f214c
FIX: remove unneeded keys from failed response
2018-11-22 14:59:50 +05:30
6111b285d9
DEV: Remove comment that links to a private topic.
...
Not going to be useful for other developers.
2018-11-22 14:55:02 +08:00
8e32aa1483
FEATURE: show post approvals in Moderation History ( #6643 )
2018-11-22 10:22:23 +08:00
61eff22b29
FIX: raise `Discourse::NotFound` unless the user is present
2018-11-21 10:57:42 +05:30
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
539f1c6252
FIX: raise `Discourse::NotFound` unless the topic is present
2018-11-21 09:48:38 +05:30
20268385a5
FIX: never attempt to log invalid post numbers
...
Previously in some cases we would queue logging of invalid post numbers
The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
5951e111ad
FIX: handle nil topic value when removing allowed users
2018-11-20 22:55:39 +05:30
22a7f1e7f2
FIX: handle nil user value on password reset
2018-11-20 21:49:47 +05:30
e860c8b844
FIX: adds support for missing reports from old dashboard ( #6624 )
2018-11-19 12:20:05 +01:00
6556a87629
FIX: only check for conflict on edit drafts
...
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
7bc121a065
allow CSP reports to be sent when header isn't set by Discourse ( #6594 )
2018-11-14 16:23:29 -05:00
c78dcde973
FIX: only send originalText when we need to
2018-11-14 17:47:59 +01:00
34e4d82f1a
FEATURE: Report edit conflicts when saving draft. ( #6585 )
2018-11-14 12:56:25 +01:00
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
467be59d75
FEATURE: Allow expanded posts to return user custom fields
2018-11-13 12:44:54 -05:00
80ceb57c76
DEV: add API endpoint to destroy_timings only of last post
...
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
dda1824270
Use hijack in inline onebox controller
2018-11-13 02:39:20 +05:30
d89ffbeffd
FEATURE: Add button to delete unused tags ( #6587 )
...
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
2018-11-09 17:03:58 +11:00
e6b3310577
FIX: never redirect back to `/sso` it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
242a5fc5ef
Add DiscourseEvents for when users as unsuspended/unsilenced
2018-11-08 16:33:38 -05:00
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
09dc922b3b
Fix several FontAwesome 5 issues
...
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
0a442e319c
FIX: correct svg handling for images
...
We regressed and optimized images no longer worked with svg
The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
931c3d165b
Revert "FIX: We shouldn't include topics when mobile view is enabled"
...
This reverts commit 2feadcdafb
2018-11-02 10:29:44 -04:00
2feadcdafb
FIX: We shouldn't include topics when mobile view is enabled
...
This setting was set to be the opposite of what we want
2018-11-01 14:47:06 -04:00
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
32b1f34910
PERF: avoid DNS lookups when getting IP info
...
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
4b7ab97a01
FIX: Add 'log in via link' to email templates. ( #6545 )
2018-10-30 19:15:05 +00:00
92bf3c667e
FIX: Flash authentication data not rendered in latest iOS safari browser
2018-10-30 04:00:36 +05:30
84f858fc23
FIX: Remove orientation from the webmanifest
...
We don't really care about orientation, so let the user OS handle it.
2018-10-26 13:48:14 -03:00
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
2018-10-19 11:53:29 -04:00
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b455685b45
2018-10-19 13:44:43 +01:00
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` ( #6495 )
2018-10-15 11:32:52 -04:00
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
2018-10-15 09:43:31 +08:00
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
39b7e32848
DEV: Require sso and sig query string params for sso_login
2018-10-12 05:03:30 +05:30
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
2018-10-11 11:08:23 +08:00
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
51aba32651
FEATURE: add branch option to remote theme import
...
* FEATURE: add branch option to remote theme import
* FIX: Add missing variable in params
* FIX: Add missing param for import_theme method
* SPEC: Add test methods for branch support in git import
* FIX: Add missing space to scss style
* Do not assume default branch as master
* Change branch field placeholder
* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
e55f220b33
add category style boxes with featured topics option
2018-10-08 16:19:54 -07:00
22187508e3
FEATURE: adds header text/background color to site ( #6462 )
2018-10-08 11:52:57 +02:00
9bf522f227
FEATURE: Mixed case tagging ( #6454 )
...
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.
- If force_lowercase_tags is disabled, then mixed case tags are allowed.
- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.
- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.
- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.
- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
0e9841b995
SECURITY: remove admin memory diagnostics routes
2018-09-18 08:35:09 +10:00
6f1b8ad16d
FIX: tag groups page should only be visible to staff
...
No security concern here because nothing private was visible,
and no actions could be taken by non-staff users.
2018-09-17 11:41:18 -04:00
7b19ed06c1
reworked specs of existing group behavior
2018-09-17 17:46:43 +10:00
5bdf476de7
raise error early in drafts controller
2018-09-13 08:40:57 -04:00
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
...
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
e1b16e445e
Rename `FileHelper.is_image?` -> `FileHelper.is_supported_image?`.
2018-09-12 09:22:28 +08:00
16bd3f2cf2
FIX: use current user color scheme when filling `theme-color` attribute ( #6384 )
...
* FIX: use current user color scheme when filling `meta` attribute `theme-color`
* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
59c9051a2e
REFACTOR: Rescue error at the specific spot that is raising the error.
2018-09-03 11:04:58 +08:00
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
931cffcebe
FEATURE: Let users see their user auth tokens. ( #6313 )
2018-08-31 10:18:06 +02:00
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
9bf4333491
FIX: redirect to wrong URL after account creation on subfolder install
2018-08-24 10:34:44 -04:00
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
2711f173dc
FIX: don't allow inviting more than `max_allowed_message_recipients`
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
5a6d1ee257
FIX: defer actions in a static method
...
This avoids capturing a huge closure and passing to defer
2018-08-22 14:36:56 +10:00
17dc8f2490
UX: Wizard resends activation email when user exists
2018-08-21 19:13:41 +02:00
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
dc5fddbfe6
FIX: Do not show an empty modal when an IP address is allowed or blocked. ( #6265 )
2018-08-20 17:37:30 +02:00
b4f92a05b3
FIX: Load more on groups page does not account for params.
...
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
37d4f27c44
FIX: quality/bugfix dashboard/reports pass ( #6283 )
2018-08-17 16:19:25 +02:00
9628c3cf97
FEATURE: automatically correct extension for bad uploads
...
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
baa72d18f8
FIX: simplify so we ban all auth paths
...
previously plugins that have auth paths were not disallowed and robots
tend to call them
2018-08-16 19:16:47 +10:00
796164b58c
FIX: automatically correct bad avatars on access
...
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
c8b5e6baae
FEATURE: Use `display: browser` in webmanifest for iOS devices
...
Since iOS doesn't have a back button and can have issues on log in.
See https://twitter.com/firt/status/1021477243909033984
2018-08-15 23:36:08 -03:00
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
12bab65167
FIX: going from /categories to /latest on mobile might break infinite scrolling
2018-08-15 01:22:03 +02:00
de92913bf4
FIX: store the topic links using the cooked upload url
2018-08-14 12:23:32 +02:00
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
6f6b4ff988
regression: don't return from a block
...
also clean up some warnings (shadowed var, unused var)
2018-08-10 14:53:55 +10:00
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
0d45826d22
fix theme previewing ( #6245 )
2018-08-08 10:58:45 +03:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
67ec81babf
FIX: fixes last backup/last_update dates ( #6242 )
2018-08-07 08:19:52 -04:00
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
7f2f3b8b22
FIX: improves reports resilience ( #6239 )
...
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
535732bdc1
FIX: ensure the 'email_revoked' PM template is customizable
2018-08-03 17:10:20 +02:00
4a872823e7
Improvements to user drafts ( #6226 )
...
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels
* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
c12a9279f6
post deleted notification regression because controller was agreeing with all flags too early
2018-07-30 16:45:46 -04:00
87537b679c
Drop `reply_key`, `skipped` and `skipped_reason` from `email_logs`.
2018-07-30 11:39:28 +08:00
1708ff1808
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:38:08 -04:00
330cf78c83
FIX: don’t break browser history on dashboard visit ( #6186 )
2018-07-26 14:59:28 -04:00
0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
9989c8179d
FIX: Translation for default (light) color scheme was missing
2018-07-25 11:28:14 +02:00
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
fad9c2b971
PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table.
2018-07-24 13:51:53 +08:00
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
caa669cf29
FIX: if exclude_category_ids is specified pass it through
...
This allows us to optionally show all topics on latest even if stuff is
suppressed via a plugin
2018-07-23 17:23:00 +10:00
37b726982d
Fix silence and unsilenced response bodies
...
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
1d5096eb46
FIX: lazy load more reports in dashboard
2018-07-20 23:35:53 -04:00
1a78e12f4e
FEATURE: part 2 of dashboard improvements
...
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
a2281fbb19
FEATURE: allows to jump to a date in a topic
2018-07-19 16:00:13 +02:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
f3868fd646
FIX: Create empty user_avatar row if not exist
2018-07-16 14:06:49 +05:30
ac0053f491
FEATURE: navigate to first post and auto bump category settings
...
### navigate_to_first_post_after_read setting for categories
When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)
### num_auto_bump_daily
Set a number of topics that will automatically bump daily on a category.
- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day
Also some minor organisation on category settings
Froze strings on category.rb
2018-07-16 18:10:35 +10:00
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
06deffc9da
FIX: returns provider_not_enabled error even if enabled
2018-07-13 22:49:30 +05:30
9647a0a4bc
Remove unnecessary complex method.
2018-07-13 15:34:28 +08:00
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
18f5f646b1
FEATURE: allow selecting a tag when moving posts to a new topic ( #6072 )
2018-07-06 18:21:32 +02:00
b9835cc392
FIX: do not use scheduler for uploading csv file for invite
...
Since the bulk invite process already happens in a dedicated Sidekiq job
2018-07-04 13:28:11 +05:30
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
6a54da0902
FIX: raise invalid params for bad callback
...
Corrects it so we raise a 400 instead of logged 500 error
2018-06-29 10:43:33 +10:00
982df3c17b
FIX: return status 400 for invalid member params
...
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
fd7bb8e656
FIX: Scope the `cn` to the subfolder
2018-06-28 11:03:36 -04:00
2c971c41f6
FIX: post deletions rate limit per day was not working
2018-06-28 19:21:27 +05:30
a6d50d1ff7
FEATURE: new settings to control posts deletions rate limit
2018-06-28 17:03:37 +05:30
c352f8eb15
FEATURE: rate limit post deletions to 50 per day
2018-06-28 16:38:58 +05:30
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
7efdccdbc5
FIX: allow staff to remove tags from queued topics
2018-06-26 17:08:40 +05:30
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled
2018-06-20 22:26:37 +02:00
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports
2018-06-18 12:31:56 +02:00
51cb38783e
FIX: start_url was wrong in non-subfolder
2018-06-15 14:29:33 -03:00
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
030e322a39
FEATURE: block top level /my/ routes
2018-06-12 19:47:45 +10:00
44ee26721a
FIX: add check for missing assets file in development
2018-06-11 11:18:34 -07:00
f9ab3848ed
FEATURE: support disabling emails for non-staff users
2018-06-07 18:31:08 +05:30
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
d8e641cd98
FIX: avatar_url includes upload_path twice when local storage used
2018-06-06 18:27:30 +05:30
a83ab01264
REFACTOR: Remove extra param for group mentionable and messableable route.
2018-06-06 09:42:09 +08:00
f8d82f135f
FIX: do not verify group visibility when checking for mentionable/messageable
2018-06-05 16:59:21 +05:30
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
21e9315416
FIX: Use user account email instead of auth email when totp is enabled.
...
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
...
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
449399bef3
return 403 forbidden when local logins disabled
2018-05-26 05:18:19 +03:00
5b2e7c8d10
fix the build
2018-05-26 03:11:10 +02:00
4195c7c9ea
FEATURE: Ability to clear a user's penalty history
...
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache
...
FIX: update cache times for service workers
2018-05-25 09:28:17 +08:00
53b97b28f0
FIX: in rare conditions post timing would miss the user
2018-05-24 15:38:33 +10:00
3db1032bfd
FIX: not found page shouldn't include the Google search form for sites with login_required enabled
2018-05-23 16:59:02 -04:00
3edca8b104
Return a 403 instead of 200 when trying to delete a user with posts
...
See [this commit][1] for more info
[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
3e06def856
FIX: If we have no logo defined use sketch in manifest
2018-05-22 12:10:59 +10:00
788ca1f112
FIX: stop adding email to unsubscribe url
...
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis
Also move controller to request specs
2018-05-22 09:07:03 +10:00
467d91347a
Missing specs for `Group`, `Tag`, `Category` and `Flag` web hooks.
2018-05-21 17:29:58 +08:00
9f422c93f6
FIX: restrict updates on `confirm_old_email` email templates
2018-05-19 12:19:59 +05:30
003b7f06ad
FIX: rescue specific error
2018-05-18 09:52:16 +05:30
04c7dbafa3
FIX: manifest.json better detection at mime type. Find size if uploaded
2018-05-17 14:45:24 -07:00
41ffafb65e
FIX: best effort at returning correct mime types in manifest.json
2018-05-17 12:14:39 -07:00
53f8f6095d
FEATURE: staff action logs when creating/updating/deleting badges
2018-05-17 18:09:27 +02:00
9532d9a555
FIX: handle invalid tags
2018-05-17 19:33:12 +05:30
131b7f5da5
make 🤖 rubocop happy
2018-05-16 16:35:04 +02:00
3cd4c82c49
Allow parameters for group and username filters on directory ( #5815 )
2018-05-16 16:20:17 +02:00
5e97a9bfb7
FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone
2018-05-16 09:48:19 +02:00
ff90881238
DEV: fix live refresh if you have a custom theme selected in dev
2018-05-16 17:25:49 +10:00
21e0b7c818
avoid async report pattern and replace with simpler hijack
2018-05-16 16:05:03 +10:00
193b6d5651
UX: improve new dashboard
...
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
e4a33cbc0a
FIX: update cache times for service workers
...
Add a last modified time.
Register newer service workers and claim clients more quickly.
2018-05-14 12:29:24 -07:00
e9abdaebbe
UX: show an enveloppe icon when a badge is used in messages
...
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
6332d5040d
UX: switch dashboard to be the new dashboard
...
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
bc9e0d46af
PERF: use cached reports for dashboard if available
2018-05-14 12:01:44 +10:00
37232fcb58
FIX: staff members should see all tags
2018-05-13 17:50:21 +02:00
2cf6fb7359
FIX: always unstage users when they log in
2018-05-13 17:00:02 +02:00
be6404d651
FIX: redirect users after signing up with a social login when using SSO provider
2018-05-13 16:03:11 +02:00
09cf35c760
FIX: redirect users after signing up using SSO provider
2018-05-12 00:41:27 +02:00
abda21a41f
Revert "FIX: redirect to sso_destination_url after account activation"
...
This reverts commit 0402e97368
2018-05-11 22:55:45 +02:00
0402e97368
FIX: redirect to sso_destination_url after account activation
2018-05-11 19:57:04 +02:00
2958e17cde
remove duplicate code
2018-05-11 12:16:37 +02:00
8a783412b7
UX: improvements to new dashboard
...
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
bd352a17bf
FIX: Show a json api response when deleting a user with posts
...
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
bbc85258c9
Rename `display_plugins` -> `visible_plugins`.
2018-05-09 07:52:45 +08:00
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
c6f45fcfdb
Expose an API for plugins to be hidden on the admin plugin page.
2018-05-08 13:24:58 +08:00
3a6e137e70
FIX: add context for deactivated user logs
2018-05-08 08:18:04 +05:30
ff6be3c2e3
FEATURE: add profile_background fields into SSO ( #5701 )
...
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
aa0d32231c
FIX: Incorrect query when removing a group owner.
...
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
91b31860a1
Feature: Push notifications for Android ( #5792 )
...
* Feature: Push notifications for Android
Notification config for desktop and mobile are merged.
Desktop notifications stay as they are for desktop views.
If mobile mode, push notifications are enabled.
Added push notification subscriptions in their own table, rather than through
custom fields.
Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
a0447b47e0
UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out.
2018-05-03 16:18:19 -04:00
980972182f
dashboard next: caching, mobile support and new charts
2018-05-03 15:41:41 +02:00
bd77795d7a
REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges
2018-04-26 13:25:24 -04:00
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
ed4c0c4a63
FEATURE: Add option to delete all replies of flagged post
2018-04-24 11:08:05 -04:00
146a6c3592
FIX: exclude topics from latest in /categories on refresh
...
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
54d153068a
DEV: remove qunit rails fork and add a couple of async tests
2018-04-23 16:42:40 +10:00
70d181bff8
FIX: Better error message in `GroupsController#add_members`.
...
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
9014ca4624
FEATURE: Enable the Web Share Target API
...
This will allow a Discourse instance that was installed[1] to receive share events.
See https://wicg.github.io/web-share-target/ for the spec.
1: https://developers.google.com/web/fundamentals/app-install-banners/
2018-04-19 17:00:05 -03:00
91bf10bd12
FIX: create upload record for exported csv files
2018-04-20 00:27:49 +05:30
0e414d0890
dashboard next: trending search report
...
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
01c061d20d
dashboard next: perf and UI tweaks
...
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
9353ae4b5d
Remove obsolete per topic unsubscribe page.
2018-04-16 16:11:20 +05:30
0e15a575f4
EXPERIMENTAL: new dashboard UI
...
This is the first iteration of an effort towards making a very good dashboard.
Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
a8a12eb2d9
SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users
2018-04-15 18:01:58 +05:30
18f50ca01a
FIX: parameterize tag_id
2018-04-14 16:42:53 +05:30
3632b8d8d6
FEATURE: provide extra signal about content age to crawlers
...
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
9ca6ebe8fe
FEATURE: enforce tagging on categories
2018-04-11 07:15:24 +05:30
3a86a2588c
FIX: bulk append/replace tags was not working
2018-04-10 13:01:03 +05:30
5925a581db
array is not supported here, use a simple comma delimited list
2018-04-10 14:37:10 +10:00
d9d86577ff
FIX: Staff users are not affected by `enable_group_directory` site setting.
2018-04-10 09:22:01 +08:00
c82b2dcc24
Remove admin group management pages.
2018-04-09 15:14:50 +08:00
185d6ac747
FIX: use safe navigation operator when checking for totp_enabled
2018-04-09 12:33:41 +05:30
0623785f69
FIX: Prevent group owners from editing admin only settings.
2018-04-06 11:44:58 +08:00
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
cd6a99a027
FEATURE: Send a different PM when a post has been hidden more than once
2018-04-05 14:03:21 +02:00
e36e9de28a
Allow admin to view logs of automatic groups.
2018-04-05 16:31:55 +08:00
8760c4d68c
Fix `GroupsController#group_params` to allow more group attributes to be updated.
2018-04-05 13:53:00 +08:00
434cbc649f
FEATURE: Webhook for tag events
2018-04-04 17:49:20 +05:30
16341219ab
Log exception if remote theme importing failed
2018-04-02 20:10:18 +05:30
142571bba0
Remove use of `rescue nil`.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
...
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
22b631510c
FIX: Silenced user wasn't being linked properly
2018-03-29 17:07:09 -04:00
73c1d3e7fe
FIX: tag notification preferences were being cleared when other preferences were changed
2018-03-29 15:08:32 -04:00
52e75eaee9
UX: Tweaks to group pages.
2018-03-29 17:04:48 +08:00
eab64710ff
FIX: Shared draft performance fix + missing avatars
2018-03-28 16:11:43 -04:00
4b5977aa6a
Revert "PERF: Don't join on shared drafts unless you have to"
...
This reverts commit efedd9745f
2018-03-28 15:35:13 -04:00
efedd9745f
PERF: Don't join on shared drafts unless you have to
2018-03-28 13:57:39 -04:00
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
70be8124a3
SECURITY: Don't expose development route in production.
2018-03-28 11:32:47 +08:00
7311023a52
Merge pull request #5700 from discourse/crawl-block
...
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
ff9d7a9bfb
FIX: authComplete query param should carry-forward to login page
2018-03-27 17:22:07 +05:30
7edab1c0b9
UX: Add `groups/custom/new` route for admins to create a new group.
2018-03-27 17:39:05 +08:00
558914b986
Fix random spec errors
2018-03-27 11:14:06 +02:00
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
2ecd234e27
UX: Consolidation group manangement into a single tab.
2018-03-27 13:34:46 +08:00
f2c060bdf2
FEATURE: option for tags in a tag group to be visible only to staff
2018-03-26 17:05:09 -04:00
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
fa0868fc3f
Explicit param permit and assignment cleanup.
2018-03-23 09:59:31 -07:00
5f19ad9507
FIX: allow destination categories to be set if not at first
2018-03-23 11:33:02 -04:00
38af67eb73
Update the destination category id when a user changes it
2018-03-23 11:12:56 -04:00
7a4b70ef58
UX cleanup changes to 2FA flow.
2018-03-23 11:05:36 +08:00
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
f3b402ffd5
UX: Allow users to filter members on group page.
...
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
d96c1058a2
FEATURE: add staff action log for 'restore topic'
2018-03-21 18:04:13 +05:30
a23509cbf3
UX: Limit the number of group names displayed on user page.
2018-03-21 16:38:33 +08:00
9f216ac182
FIX: Infinite loading more on groups page.
2018-03-21 09:25:42 +08:00
b9abd7dc9e
FEATURE: Shared Drafts
...
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.
* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.
* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.
* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.
* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
15bcfcd182
UX: Allow users to filter by different group types on groups page.
2018-03-20 17:38:11 +08:00
41b0fbe001
UX: Indicate user's group membership on groups page.
2018-03-19 18:29:30 +08:00
05ea034490
UX: Allow groups page to be searchable.
2018-03-19 17:16:51 +08:00
0522aabaab
UX: Allow user_count on groups page to be sortable.
2018-03-19 16:15:13 +08:00
c1bf707e7d
PERF: N+1 queries on badges page.
2018-03-19 14:36:09 +08:00
52b9af10a1
PERF: PG queries for the `UserEmail#email` column was not using the index.
2018-03-19 11:31:14 +08:00
f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
...
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
89f5c90ce0
FIX: show an error page on click tracking error
2018-03-17 00:33:11 +01:00
e9bc763440
FIX: show only allowed tags on PM tags page and display correct count
...
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
fe96ef6ed2
UX: Use topic list for displaying group messages on group page.
...
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
ba15273d3f
FEATURE: maintain preview theme, while previewing
...
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
2097f5330c
FIX: Login redirect path was broken in subfolder installs
2018-03-15 11:49:35 +08:00
a35227918f
UX: Display group topics in a topic list.
2018-03-15 11:37:55 +08:00
d31dfe0e84
FIX: Silencing / Suspending a user should not send a hidden message
2018-03-14 14:39:52 -04:00
f7bd05e534
FEATURE: set 'Retry-After' header for 429 responses ( #5659 )
2018-03-13 23:12:41 +08:00
7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
...
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
24338fbbe8
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:06:58 +05:30
65ac80b014
FEATURE: Log Staff edits in Staff Action Logs
...
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.
If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
758b9a7dda
FEATURE: prototype of local theme directory watcher
...
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
aac7796124
FIX: do not show tags with 0 count on /tags page
2018-03-09 20:57:31 +05:30
7c0e6b820e
move key so it does not interfere with other errors
2018-03-09 16:42:11 +11:00
39e679d3cb
FEATURE: allow themes to live in private git repos
...
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
c29660c8f1
FEATURE: filter personal messages by tags
2018-03-08 14:42:07 +05:30
1365bab0d7
FEATURE: Live updates for user's messages page.
...
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
f0d5f83424
FEATURE: limit assets less that non asset paths
...
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
13eda41ff5
Fix lint errors
2018-03-03 14:34:19 -05:00
31e3bf6d8d
FEATURE: New "Categories and Top" homepage style
...
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
75172024ca
SECURITY: ensure users have permission when moving categories
2018-03-02 12:13:27 +11:00
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
947b6fdf46
FIX: Incorrect rate limit applied to topics invitation flow.
2018-03-01 12:50:00 +08:00
5a462b930d
REFACTOR: Prefer `exists?` over `present`.
2018-03-01 10:22:41 +08:00
c64f09b6b7
REFACTOR: Simplify and DRY `Group#invite`.
2018-02-26 11:59:07 +08:00
0559a4736a
FIX: don't double request when downloading a file
2018-02-24 12:35:57 +01:00
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
2018-02-23 17:59:00 +11:00
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
...
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
720e1965e3
FEATURE: add category suppress from latest
...
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.
New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
83d8fa2892
FIX: Allow customized usernames to work in this route
...
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
2b509eaa91
Merge branch 'master' into pm-tags
2018-02-21 23:55:59 +05:30
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
b16471edfb
FIX: Invalid token error incorrectly displayed on email login page.
2018-02-21 15:46:53 +08:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
60ec483caa
FIX: include title in local onebox when linking to a different topic
2018-02-19 22:40:14 +01:00
02093ecbdd
Extensibility: Allow plugins to munge user params
2018-02-16 19:12:02 -05:00
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
96e5a7da46
Prefer `success_Json` over custom success JSON payload.
2018-02-15 07:47:35 +08:00
a3e5a31674
FIX: Allow 404 pages to use the current theme
2018-02-14 15:29:01 -05:00
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
f028ffaf29
SECURITY: correct local onebox category checks
...
Also removes ugly "source_topic_id" from cooked posts
Patch was authored by @zogstrip
Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
f9280617d0
Remove redundant comment.
2018-02-13 15:58:13 +08:00
cc3cf6588b
FEATURE: Notification API Endpoints for Admins
...
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
b34b1b6fe3
FIX: invite to message was not allowing groups
...
Previously we were incorrectly checking mentionable instead of messageable
Also fix edge case where multiple groups sharing a name mean that exact match override is not working
Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
569e57f0a9
FIX: Delete the invalid auth cookie even if you hit the rate limit
2018-02-09 19:09:54 -05:00
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
9fa71e198e
FIX: admin reports charts should use same time of day as dashboard numbers
2018-02-01 15:59:39 -05:00
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
2d340d1122
FIX: Don't allow username update via update route
...
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
e2d82b882e
FIX: redirect to original URL after social login
2018-01-26 18:52:27 +01:00
683be5e555
FIX: Application should not crash when selected locale is missing
2018-01-25 14:57:41 +01:00
2437b0d531
FIX: regression, missing 404 page
2018-01-23 09:00:28 +11:00
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
dde0fcc658
FEATURE: Allow sending invites to staged users
2018-01-22 15:37:18 +01:00
f74ac826c5
slightly more meaningful error message
2018-01-22 12:20:53 +01:00
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
b2009d6e32
PERF: bypass theme handling on static routes
2018-01-17 16:33:17 +11:00
72b592c395
PERF: add frozen string literals to app controller
2018-01-17 16:32:52 +11:00
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
6177fb80eb
UX: switch to quartlerly period view for search log term graphs
2018-01-16 07:53:22 +05:30
e3a616764e
PERF: add frozen strings
2018-01-15 12:44:54 +11:00
6d68275ef9
don't show tag groups if they're restricted to categories you can't access
2018-01-12 14:25:42 -05:00
2493648f9c
PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster
2018-01-12 11:03:03 -05:00
4d50feb6bd
FEATURE: add setting to display tags by tag groups
2018-01-12 11:03:02 -05:00
49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
dd33050e10
Add discourse events for when a user is suspended/silenced
2018-01-11 12:56:45 -05:00
e904d92b98
FIX: Suspension / Silence reasons were incorrect on save
2018-01-11 10:54:47 -05:00
b96ae14261
FEATURE: Display force_https warning in admin problems dashboard
2018-01-11 12:16:10 +05:30
daad2291ba
simplify production switch and serve extra locales from actual site
2018-01-10 08:19:51 +11:00
61384c8026
Skip CDN for admin locales since it is login required
2018-01-10 01:24:03 +05:30
672888f526
FIX: handle invalid password reset token
2018-01-09 23:48:17 +05:30
c9f42506b7
If login is required skip CDN
2018-01-09 17:51:53 +11:00
6b8320fea6
PERF: use cdn for extra locales
2018-01-09 17:00:42 +11:00
ea63abf0f7
bypass mini profiler for locales
...
bypass cdn for now
2018-01-09 11:30:59 +11:00
b0a7ee1aec
FIX: source admin locale from cdn
2018-01-09 10:27:33 +11:00
8ff5f5f2ef
FIX: cache admin locale file for 24 hours
2018-01-09 10:23:49 +11:00
642645ba9a
FIX: broken select badge as user title ( #5474 )
...
* FIX: broken select badge as user title
* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
ed4b845930
FIX: render error message when backup download fails
2018-01-05 19:46:43 +05:30
5ad1709dba
PERF: cache service worker for 1 hour
2017-12-28 08:31:01 +11:00
f5e170c6b5
FIX: catch all server-side error when uploading a file
...
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
3937ff0425
FIX: don't preload json on static routes
2017-12-27 14:33:36 +11:00
69a90f31fb
FEATURE: Allow Forums to disable the Backups feature
2017-12-21 15:22:04 -05:00
62a27f9d57
FEATURE: warn if attempting to mention a group with too many members
2017-12-21 16:13:57 +11:00
7f69362d9d
FIX: external links in whisper ended up in a white page
...
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
6a2bce1931
FIX: Data loss on update of single user_field.
...
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
eab66065d1
FEATURE: search log term details page ( #5445 )
2017-12-20 13:41:31 +11:00
97ceebb570
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:25:22 +08:00
433ef4513b
FEATURE: upload images and fonts in themes via hijack
2017-12-18 10:40:10 +11:00
5e90abfaea
FIX: use hijack for emoji uploads
2017-12-18 10:31:19 +11:00
001abfc4cb
Revert "FIX: not permitted theme params when importing theme"
...
This reverts commit 813df1a3fb
2017-12-14 11:40:14 +01:00
041deac67a
Revert "FIX: constant lookup error when exporting theme"
...
This reverts commit 1eda8c50f0
2017-12-14 11:40:08 +01:00
813df1a3fb
FIX: not permitted theme params when importing theme
2017-12-14 11:25:58 +01:00
1eda8c50f0
FIX: constant lookup error when exporting theme
2017-12-14 11:25:11 +01:00
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
14cfce2827
Merge branch 'master' of github.com:discourse/discourse
2017-12-14 17:17:02 +11:00
96584403cd
SECURITY: prevent staged accounts from changing email
2017-12-14 17:16:49 +11:00
34342ad0d8
FIX: `User#user_avatar` may be nil.
2017-12-14 13:23:03 +08:00
1b4483c942
FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts
2017-12-13 22:12:06 +01:00
a393d3bcbb
FIX: ensure staged accounts are always inactive
...
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
492af81e67
FIX: save registration_ip_address for staged users logging in via social auth
2017-12-12 17:41:16 +05:30
e2b64257b3
Fix undefined method for `NilClass` error.
2017-12-12 18:54:29 +08:00
b014540fde
FIX: view was getting rendered twice for rate limiting error
2017-12-12 14:48:58 +05:30
3c230d8f97
FIX: 'redirect_to :back' is deprecated
2017-12-11 12:18:19 +05:30
74b9828731
FIX: Remove mentions filters from user and groups
...
Additionally return no data if disabled
2017-12-07 16:29:02 -05:00
5003f07b2c
FEATURE: new site setting show_inactive_accounts
2017-12-07 19:22:41 +05:30
f0ef307d2d
FIX: topic timer offset applied two times
...
timezone offset was calculated and sent from browser to server, it would be applied on utc time generated from '2013-11-22 5:00' format for example and then sent back to browser which would display it thinking it's UTC time using `moment(utc time)` when it's in fact an UTC time we have offseted with the initial user timezone.
This is impossible to automatically test in the current app state. Easiest reproduction is in live browser after setting your timezone to `America/New_York`, when setting a topic timer to later_today, after save, the time under the topic should be off to something roughly equal +1/-1 hour to your timezone offset.
2017-12-07 14:42:58 +01:00
410994b7f5
FEATURE: Show a button to Staff for "Moderation History" on posts/topics
...
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
6e054b2572
FEATURE: Convert HTML to Markdown while pasting in composer
2017-12-05 12:23:39 -05:00
e73fbfe265
FIX: `Topic#featured_link_root_domain` extracts URL before parsing.
2017-12-04 10:00:07 +08:00
496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements
...
FEATURE: support search click through tracking for user, category and tags
2017-12-01 12:08:38 +05:30
e3925278e2
FEATURE: support search click through tracking for user, category and tags
...
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj
This commit adds following features:
- support for tracking click through to user, tag and category
- new filter for search type (header, full page)
This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
f7f743970b
Just use space to prettify SSO verbose error logging.
2017-11-30 15:10:00 +08:00
0d34caff85
UX: show error message when no gravatar is associated
2017-11-29 18:09:44 +01:00
1218ead355
UX: preloaded gravatar was appearing on the right instead of the left
2017-11-29 18:07:09 +01:00
1d8b834301
Merge pull request #5369 from vinothkannans/queued
...
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
7b8699f3be
FIX: Can't load `service-worker.js` in production.
2017-11-28 15:40:57 +08:00
b094894c94
Feature: Add service worker registration method to plugin API
2017-11-28 14:01:41 +08:00
77f90876d3
REFACTOR: Track manual locked user levels separately from groups
2017-11-27 11:23:44 -05:00
31aa21b5a4
FIX: Error if queued post not found while updating
2017-11-27 19:25:51 +05:30
608207b2e5
FEATURE: avatar proxy happens in background
...
This ensures that even if it is slow to download avatars site will
continue to work
Also simplifies hijack pattern
2017-11-27 17:43:24 +11:00
d5e7691ae9
favicon proxy now uses hijack
2017-11-27 14:51:14 +11:00
eb428ef54d
FEATURE: uploads are processed a faster
...
Also cleans up API to always return 422 on upload error. (previously returned 200)
Uploads are processed using new hijack pattern
2017-11-27 12:43:35 +11:00
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00
49f97d75b7
FIX: make uploads safe for block that can run later
2017-11-23 17:28:18 +11:00
d43a54e83a
FIX: use current_user.id in onebox instead of param
2017-11-23 15:32:19 +11:00
4addc5e329
Add missing contexts when destroying users
2017-11-22 15:43:54 +01:00
a92f61e926
FIX: allow login required sites access to attachements
2017-11-22 10:50:55 +11:00
8d98752b57
Allow sites to bootstrap the error page.
...
This will display working dropdowns and such even if the page is a 404.
2017-11-21 16:13:09 -05:00
628275fc31
FIX: Some badge routes were still working even with badges disabled
2017-11-21 12:22:44 -05:00
2d48caffdf
FIX: be more lenient when deleting a custom emoji
2017-11-20 23:50:23 +01:00
0a9daba627
FIX: Support for long suspension emails
2017-11-20 12:45:46 -05:00
92a831bae6
FEATURE: user directory returns staged users during search
2017-11-19 01:17:31 +01:00
8f6d35aa59
FEATURE: category setting for mailinglist mirror
2017-11-17 15:29:14 +01:00
cef64e8f03
UX: Use `no_ember` styling for omniauth error page
2017-11-15 14:04:26 -05:00
4c4410225e
UX: cap likes 2 ( #5237 )
2017-11-15 11:28:54 +11:00
3831663fea
FEATURE: search logs page ( #5313 )
2017-11-15 11:13:50 +11:00
971e302ff2
FEATURE: Support an end date for user silencing
2017-11-14 13:20:19 -05:00
4b42a0abc9
FIX: add error for suspended users attempting to login via sso
2017-11-14 16:52:00 +11:00
47e4c9bb46
FIX: import/export theme should work with uploads
2017-11-14 16:30:23 +11:00
dfe9f70747
UX: warn that something must be selected with safe mode
2017-11-13 15:59:51 +11:00
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
38b8d68c68
FEATURE: Allow the user to select a custom home page ( #5268 )
...
* Add user_home configuration option
* Use the new user_home preference to actually show the right home page
* Fix trailing whitespace
* Update user_option_serializer.rb
* Fix JavaScript default homepage tests
* Use an object instead of a giant switch
* Remove trailing whitespace
* Make the default `user_home` set to `null` instead of `0`
* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
ed16cba77f
REFACTOR: Raise error if email token fails to create.
2017-11-08 12:02:33 +08:00
d7880af0bb
FIX: change password form validation should instruct admins to use min password length for admin accounts
2017-11-07 16:14:56 -05:00
2f0c9793f1
FEATURE: Allow multiple html builders to be registered via plugins
2017-11-03 11:32:32 -04:00
d320f4840d
FIX: Unable to invite groups that are not public visible into pms.
...
https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6
2017-11-03 21:40:33 +08:00
56412adad5
FEATURE: custom setting for large square site icon
...
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
edf4af608e
FIX: Better match when searching for groups.
2017-11-02 10:20:14 +08:00
ab2a5cef38
FIX: Can't edit membership request template on group page.
2017-11-02 08:51:43 +08:00
3c8b376e4a
FIX: Coalesce properly logos for the mobile manifest
2017-11-01 02:28:09 -02:00
32b3847d52
FIX: Update mobile logo resolution
...
This makes Discourse compliant with latest Google PWA requirements,
so we get the App Install banner back.
Should bump our Lighthouse PWA Audit score to 11/11.
2017-11-01 01:51:51 -02:00
076df104dc
FEATURE: Support filtering of groups page by category if in url
2017-10-31 17:50:06 -04:00
1bd9e64a36
FIX: offline controller regression
2017-10-31 15:44:50 +11:00
bd1616d3d9
Add offline route and service worker to fix Android app install banner ( #5217 )
...
* set up static offline.html route and service worker for Android Web App Banner
* add viewport meta tag to offline view for android app banner
* add i18n support for offline.html pages, cleanup
* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
fab3e25101
FIX: badge selector showing up for anon
2017-10-30 16:21:31 +11:00
33f0d80ed5
UX: better title on search page
2017-10-27 09:13:04 +05:30
f1615c2148
Merge pull request #5263 from tgxworld/improve_pattern
...
REFACTOR: Always validate email by default.
2017-10-26 14:34:09 +08:00
5d5268a82b
Feature: Group handling
2017-10-25 22:49:17 -02:00
defea6245c
REFACTOR: Always validate email by default.
2017-10-25 13:48:34 +08:00
23dce88f5f
FIX: Removed a line by accident, broke tests
2017-10-23 14:49:14 -04:00
89a1b34480
FIX: Show the deleted icon if the quote expands a deleted topic
2017-10-23 13:41:41 -04:00
804b4f32f8
better error message when API authentication fails
2017-10-20 20:05:34 +05:30
989280a222
FIX: Don't rotate session in reaodnly mode.
2017-10-20 17:15:28 +08:00
25c25ae423
FEATURE: Allow user to leave a PM.
2017-10-19 12:32:55 +08:00
f50d447881
FIX: render secure category topics in RSS if the user can view the topics
2017-10-18 14:23:30 +05:30
2db66072d7
SECURITY: signup without verified email using Google auth
2017-10-16 13:51:41 -04:00
a2183c3f1d
SECURITY: verify that inviter can invite new user to a topic
2017-10-09 15:59:41 +05:30
a6f2533d38
SECURITY: Fix XSS on unsubscribed page.
2017-10-09 09:04:46 +08:00
6fe604b93e
Revert "SECURITY: Fix XSS on unsubscribed page."
...
This reverts commit 190558db9d
2017-10-09 09:03:07 +08:00
190558db9d
SECURITY: Fix XSS on unsubscribed page.
2017-10-09 08:59:03 +08:00
3efde2618d
UX: Do not display non-human users on group page.
...
https://meta.discourse.org/t/members-of-groups-staff/71437
2017-10-06 10:35:40 +08:00
4771b0a99f
FIX: user fields in invite signups were broken
2017-10-04 23:04:24 +02:00
1faae3c765
rename forgot_password_strict to hide_email_address_taken
2017-10-03 15:28:31 -04:00
e47f5cedd2
FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup
2017-10-03 15:28:30 -04:00
daf1dda700
FIX: username autocomplete in assign modal wasn't working
2017-10-03 12:49:45 +02:00
a966f2134c
Merge pull request #5215 from gschlager/email_templates
...
Add specs for EmailTemplatesController
2017-10-03 14:30:19 +08:00
469c6776c6
FIX: exporting admin dashboard reports were broken
...
http://eileencodes.com/posts/actioncontroller-parameters-now-returns-an-object-instead-of-a-hash/
2017-10-02 19:30:23 +05:30
5bb326a452
Add specs for EmailTemplatesController
2017-10-02 14:53:27 +02:00
8140e54675
FIX: More fixes for `Group#mentionable` and `Group#messageable` feature.
2017-10-02 17:45:58 +08:00
4e07bbfbbf
FIX: Only allow intergers for page params.
2017-10-02 10:45:54 +08:00
ac04f5e0cc
update response error when deleting tags ( #5213 )
2017-09-30 16:31:32 +02:00
f6c484881b
FIX: wasn't able to save watched/tracked/muted categories/tags
2017-09-29 13:09:48 +02:00
6baea9948b
Revert "fix the build"
...
This reverts commit 8b74c7d325
2017-09-29 08:57:06 +08:00
8b74c7d325
fix the build
2017-09-28 15:50:01 +02:00
cd6dff58dd
FIX: add user option/profile fields that were not permitted
2017-09-28 14:59:53 +02:00
5d53eefcab
Fix broken test.
2017-09-28 16:09:58 +08:00
5f1c29e424
FIX: Display json response when `Discourse::InvalidAccess` is raised for
...
non json requests.
2017-09-28 15:31:16 +08:00
373fd8990e
PERF: N+1 when generating not found page.
2017-09-28 15:31:16 +08:00
4319d8a142
FIX: Missing template error when rendering `topics#show` error message.
2017-09-28 11:06:44 +08:00
6a7920ad75
FIX: wasn't able to change default theme
2017-09-27 20:05:31 +02:00
1a37812625
FIX: show error message when keys are missing in email template
...
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
2568312475
FIX: Use exact patht to ensure we always redirect with the right format.
2017-09-27 11:55:06 +08:00
af01e62b14
FIX: wasn't allowed to set a user's title anymore
2017-09-26 20:13:24 +02:00
28c54b42c5
FIX: wasn't able to update user options anymore
2017-09-26 20:00:10 +02:00
460ed3c8cf
Revert "Allow `NotFound` to specify an optional `Location` for the resource"
...
This reverts commit 4ae66c9e01
2017-09-26 12:58:24 -04:00
4ae66c9e01
Allow `NotFound` to specify an optional `Location` for the resource
2017-09-26 09:10:18 -04:00
6f5051861c
Remove unused option.
2017-09-26 14:47:38 +08:00
5d37f8673b
PERF: Only send down suggested payload when loading last chunk.
2017-09-26 14:42:27 +08:00
d1ebc62065
The ability to display errors on flagging actions.
2017-09-25 12:28:01 -04:00
09ed2ed749
Add Suspend User to flags page
2017-09-25 12:28:00 -04:00
6bce3004d9
UX: Nicer selection of suspend duration
2017-09-25 12:28:00 -04:00
677b016387
Send a suspension message via email to a user
2017-09-25 12:26:41 -04:00
2a56cf8bb6
Tests + Refactoring for Suspension Modal
2017-09-25 12:26:06 -04:00
d7c37d9369
Add front end service for staff controls
2017-09-25 12:25:14 -04:00
5cf50f0034
Adjust flagged posts to use the store
2017-09-25 12:25:14 -04:00
5e69217793
Add filtering support to flags
2017-09-25 12:25:14 -04:00
40eba8cd93
FEATURE: View flags grouped by topic
2017-09-25 12:25:14 -04:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
8ed318c4fe
display 'similar to' earlier when composing a post
2017-09-16 01:03:29 +02:00
797936d2c5
FIX: don't leak whisper count in user card
2017-09-14 20:08:16 +02:00
4e49b3b140
FIX: do not create new email token if there already exists a confirmed one
2017-09-14 10:52:29 +05:30
104d97695d
FIX: don't activate un-confirmed email on omniauth authentication ( #5176 )
2017-09-12 17:36:17 +02:00
171d9e5aed
SECURITY: Prevent users from updating to blacklisted email domains
2017-09-12 10:11:08 -04:00
d7d9923b8e
FIX: display email validation error messages
2017-09-11 13:22:14 -04:00
5d4221fbe1
PERF: Avoid calling expensive `PostGuardian#can_see_post?` multiple times.
...
Before
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 19
75: 19
90: 21
99: 27
topic:
50: 56
75: 62
90: 64
99: 99
timings:
load_rails: 1262
ruby-version: 2.4.1-p111
rss_kb: 198432
pss_kb: 136612
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_9877: 327892
pss_kb_9877: 263671
rss_kb_9946: 325468
pss_kb_9946: 261671
rss_kb_10153: 326456
pss_kb_10153: 262657
```
After
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 18
75: 18
90: 20
99: 28
topic:
50: 41
75: 42
90: 46
99: 49
timings:
load_rails: 1201
ruby-version: 2.4.1-p111
rss_kb: 187936
pss_kb: 123596
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_26478: 342360
pss_kb_26478: 276696
rss_kb_26547: 340368
pss_kb_26547: 275930
rss_kb_26747: 338964
pss_kb_26747: 274466
```
2017-09-08 14:07:24 +08:00
4d840d10db
PERF: Reduce number of Redis hits per requests.
2017-09-07 13:34:27 +08:00
8463b676df
Revert "Activate mini-profiler when in profiling env."
...
This reverts commit d61109388c
2017-09-06 11:26:03 +08:00
d61109388c
Activate mini-profiler when in profiling env.
2017-09-06 11:19:20 +08:00
5c1143cd55
Add missing test case for `PostController#timings`.
2017-09-04 16:36:02 +08:00
9f0f086b3e
FEATURE: allow API to mark accounts as approved on creation
2017-08-28 15:36:46 -04:00
6bc74ceb50
Split alias levels in mentionable and messageable levels. ( #5065 )
...
* Split alias levels in mentionable and messageable levels.
* Fixed some tests.
* Set messageable level to everyone by default.
* By defaults, groups are not mentionable or messageable.
* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
4b4169c8fd
Merge pull request #5053 from fantasticfears/session-controller
...
Spec for local auth check
2017-08-24 09:42:54 +09:00
91d3929f52
Merge pull request #5078 from lelelelemon/master
...
change count>0 to exists
2017-08-24 09:24:42 +09:00
8124f26a6e
change count>0 to exists
2017-08-23 22:54:51 +00:00
8dfb1be4d1
FEATURE: unlisted *only* means not listed in topic lists
...
Remove security by obscurity feature that tries for exact slug match
If you need to hide a topic from users either move to a secure category
or convert to a PM
2017-08-22 17:53:54 -04:00
d7a2584c6e
FEATURE: image uploads now have short urls
...
Shorten all image uploads to use short urls, this is the client
side implementation.
2017-08-22 16:40:08 -04:00
2f0c6c99e0
FIX: ip lookup not working
...
Also add a powered by line so it is clear this makes an external service call
2017-08-21 14:18:49 -04:00
84c83afd35
Allow optional import_mode param for posts in api ( #4952 )
2017-08-17 07:53:04 -04:00
c7a101476e
Spec for local auth check
2017-08-16 11:01:00 +02:00
b77aa29e71
Merge pull request #5013 from LeoMcA/alternate-emails-phase-1.5
...
FIX: add additional email to tests and clean up resulting mess
2017-08-16 16:19:28 +09:00
c3249f6e93
FEATURE: add full editing access to queued posts ( #5047 )
...
For pending new topics: the body of the post, title, categories
and the tags are editable.
For pending new replies: only the body is applicable and thus
editable
DISCUSSION: https://meta.discourse.org/t/66754
2017-08-15 12:44:05 -04:00
4f09a5a7a5
Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post
2017-08-12 04:10:45 +02:00
bf2c35aa99
FEATURE: add RSS feed for badge pages
2017-08-09 13:43:49 +05:30
898c6ba037
Merge pull request #5033 from tgxworld/reason_when_requesting_to_join_a_group
...
FEATURE: Force user to enter reason when requesting for group members…
2017-08-09 15:54:21 +09:00
a9613163b5
FEATURE: Force user to enter reason when requesting for group membership.
2017-08-09 15:45:28 +09:00
e36a20660d
FIX: handle topics without excerpt for meta description tag
2017-08-08 22:17:05 +05:30
d182f0f2d1
Add support for preloaded custom_fields on Group
2017-08-08 15:45:27 +02:00
2e4b3e9b06
Don't include all html builders on client and server side
2017-08-07 11:29:35 -04:00
3f24ed2b3e
Can't revert due to incompatibility of new site setting types.
...
Revert "Revert "FEATURE: Site settings defaults per locale""
This reverts commit 439fe8ba24
2017-08-07 10:43:09 +09:00
439fe8ba24
Revert "FEATURE: Site settings defaults per locale"
...
This reverts commit 468a8fcd20
2017-08-07 10:31:50 +09:00
3c0de22bf0
FIX: wasn't able to remove a user's primary group
2017-08-04 18:13:20 +02:00
468a8fcd20
FEATURE: Site settings defaults per locale
...
This change-set allows setting different defaults for different locales.
It also:
- Adds extensive testing around site setting validation
- raises deprecation error if site setting has the default property based on env
- relocated site settings for dev and tests in the initializer
- deprecated client_setting in the site setting's loading process
- ensure it raises when a enum site setting being set
- default_locale is promoted to `required` category.
- fixes incorrect default setting and validation
- fixes ensure type check for site settings
- creates a benchmark for site setting
- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
33e22cf598
Add back `Admin::GroupsController#index` route for now.
...
* The endpoint is being used by discourse_api.
2017-08-03 00:24:23 +09:00
67882ec37d
Hunt-and-kill a few more mis-encoded params
...
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217/6?u=mpalmer
2017-08-01 18:03:44 +10:00
7ee861f457
FIX: Return a UTF-8 string in tag notifications
...
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217
2017-08-01 16:27:52 +10:00
fa3c240e8b
Merge pull request #4981 from dmacjam/fix_limited_search_results
...
FIX: limited search results
2017-07-31 20:23:57 -04:00
836dee1120
FIX: add additional email to tests and clean up resulting mess
2017-07-31 22:27:29 +00:00
7c1d7fb423
Merge branch 'master' into fix_limited_search_results
2017-07-31 15:55:31 -04:00
6c997b65d9
optimize enqueuing activation email code
2017-07-31 22:57:39 +05:30
0b01d0e95d
FIX: staff cannot manually activate accounts after 48 hours has elapsed
...
https://meta.discourse.org/t/staff-cannot-manually-activate-invited-accounts-after-48-hours-has-elapsed/66292/14?u=techapj
2017-07-31 22:24:09 +05:30
2e2b5e28aa
FIX: add slight delay when enqueuing activation email
2017-07-31 16:52:07 +05:30
4620dfe92d
FEATURE: Add group settngs to allow users to leave a group freely.
...
https://meta.discourse.org/t/split-join-leave-freely-setting-on-groups/65565
2017-07-28 15:00:25 +09:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
5cfc2d8972
Run wizard specs in docker:test
2017-07-27 11:29:18 -04:00
2442bba131
UX: Better group creation workflow.
...
* Owners and users can now be added to a group during creation.
https://meta.discourse.org/t/you-cannot-allow-membership-requests-without-any-owners/64760/3
2017-07-27 16:12:42 +09:00
24cb950432
FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block
2017-07-26 11:01:09 -04:00
b59dfb86f4
UX: Include group name in email when group is invited to a PM.
...
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
e3ac6585bd
FIX: Search by topic_id should not be restricted by `SiteSetting.min_search_term_length`.
2017-07-26 09:52:39 +09:00
6c0a29698b
Fix JS tests failing when running in `RAILS_ENV=test`.
...
Fixes the following error:
```
phantomjs /home/tgxworld/work/discourse/vendor/assets/javascripts/run-qunit.js http://localhost:60099/qunit
2017-07-25 16:27:41 +0900: Rack app error handling request { GET /stylesheets/desktop.css }
<Errno::ENOENT: No such file or directory @ rb_sysopen - /home/tgxworld/work/discourse/tmp/stylesheet-cache/desktop.css>
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `write'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `show_resource'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:9:in `show'
```
2017-07-25 16:31:31 +09:00
1b0750d7ef
Merge pull request #4983 from tgxworld/group_owners_can_invite_users_to_groups
...
Group owners can invite users to groups
2017-07-24 16:21:19 +09:00
407a23663d
FEATURE: send rejection email for unrecognized errors
2017-07-21 18:26:52 +01:00
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
3882722195
FEATURE: Inline (Mini) Oneboxing
...
see:
https://meta.discourse.org/t/mini-inline-onebox-support-rfc/66400?source_topic_id=66066
2017-07-20 15:38:04 -04:00
e5ee4ccc48
Add pagination and checking for more results to search.
2017-07-20 18:12:34 +02:00
bf6c3b7017
FIX: don't error out when an unsubscribe key isn't associated to a user anymore
2017-07-20 12:24:24 +02:00
d0b027d88d
FEATURE: phase 1 of supporting multiple email addresses
2017-07-20 11:22:27 +09:00
cdb3706025
Track clicks on topics in search results
2017-07-17 15:42:32 -04:00
97e211f837
FEATURE: Log Search Queries
2017-07-14 14:30:58 -04:00
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
340a3ee5cb
correct spec to handle not null visibility_level
2017-07-03 16:03:26 -04:00
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
72c92b0f4e
FIX: include canonical meta tag on category pages
2017-07-03 13:25:22 +05:30
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
7b35c55a1e
FIX: Display Google search form when 404 page is rendered by Ember.
2017-06-29 14:37:24 +09:00
a9c0df0b58
FIX: always try to convert PNG to JPG when pasting an image
2017-06-23 12:13:48 +02:00
ae7734707e
REFACTOR: Merge different templates from rendering user stream items
2017-06-20 15:45:41 -04:00
b5ec241716
FIX: Validate interpolation keys used in translation overrides.
...
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
b5249fb4ca
FIX: Send request membership PM to last 5 active group owner.
2017-06-15 11:37:09 +08:00
34996b4eff
FIX: show invite validation error message in response
2017-06-13 22:41:53 +05:30
5d63a7f4a6
FIX: pull hotlinked images even when they have no extension
2017-06-13 13:27:05 +02:00
a5d3abc9b6
FIX: Create group membership request on behalf of user.
2017-06-13 17:49:21 +09:00
54e8fb0d89
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 22:41:29 +02:00
2ff850d446
FIX: If forcing a refresh, don't return a onebox preview
2017-06-12 14:05:59 -04:00
0b41046238
don't force SiteSetting.title into meta title tag
2017-06-12 13:50:50 -04:00
b9c94aa234
FEATURE: add required user fields to invite accept form
...
UX: make "accept invitation" page consistent with sign up modal
2017-06-12 20:43:07 +05:30
5994c85ea9
FIX: Raise the right error when email params is missing.
2017-06-12 17:48:32 +09:00
6e37f09b19
UX: add email to '/email/unsubscribed' page
2017-06-10 09:51:12 +05:30
038454bde2
FIX: always confirm emails when SSO says so
2017-06-08 01:05:33 +02:00
54bb2a6bc2
FIX: Don't redirect to wizard when resetting password
2017-06-07 12:36:52 -04:00
2cad739262
FIX: Better error message when username change fails.
...
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
b4060778d9
FIX: you should always be allowed to see actions you created
2017-06-02 14:24:06 -04:00
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
607998af33
FEATURE: dropdown to filter staff action logs
2017-05-30 11:25:42 -04:00
d2c2139da8
FEATURE: require name when accepting invite if 'full name required' setting is enabled
2017-05-29 21:46:43 +05:30
b584264d82
FIX: Don't show "resend email" option when user approval is on
2017-05-25 15:29:05 -04:00
29fac1ac18
PERF: improve performance of unread queries
...
Figuring out what unread topics a user has is a very expensive
operation over time.
Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)
When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.
This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.
We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
6eb6c25816
FIX: Keep the flash when redirecting for login_required
2017-05-25 14:10:15 -04:00
ca965f83c3
Revert "FIX: If login is required, redirect to the `/login` route instead of root"
...
This reverts commit 8a8dec550b
2017-05-25 14:04:28 -04:00
8a8dec550b
FIX: If login is required, redirect to the `/login` route instead of root
2017-05-25 13:35:15 -04:00
cdbe027c1c
Refactor `FileHelper` to use keyword arguments.
2017-05-24 13:54:26 -04:00
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
238a156300
FIX: `TopicTimestampChanger` should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
4382a0bb07
Rename `PostTimestampChanger` -> `TopicTimestampChanger`.
2017-05-22 15:01:33 +08:00
908433a7a0
SECURITY: Validate the `entity` when downloading a CSV
2017-05-19 16:00:51 -04:00
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
1fd8e426f2
FIX: better uploads error page
2017-05-18 23:29:37 +05:30
13e489b4ca
replace the upload type whitelist with a sanitizer
2017-05-18 12:13:13 +02:00
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
55b61e9bea
rename topic_status_update to topic_timer
2017-05-11 18:27:53 -04:00
18de62b015
Add get_embeddable_css_class to assist multi-site embed styling
...
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
1768c45a33
FIX: If we can't proxy to a CDN due to HTTP error, render blank
2017-05-04 12:42:46 -04:00
57a2042ef6
FIX: Quiet server side errors for requesting json for account-created
2017-05-04 12:30:13 -04:00
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
81190f5d66
FIX: Redirect away from `account-created` if you're logged in
2017-05-03 11:18:01 -04:00
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
57788200ec
REFACTOR: Add `User.reserved_username?`.
2017-04-13 10:44:26 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
406d721f11
Fix `NilClass` error in `UsersController`.
2017-04-04 14:17:45 +08:00
f4758a4c4d
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:16:05 +08:00
0bbad5040a
`topic-status-info` component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
b6e9871b4b
Update `Topic#closed` client side when closing/opening a topic temporarily.
2017-03-31 15:05:00 +08:00
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
f3cd5f61c5
FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site
2017-03-28 09:07:23 +05:30
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
8e5e3b5af8
FIX: sso provider require return_sso_url
2017-03-22 09:08:38 -04:00
874e8900af
Display email address in SSO error message.
2017-03-21 15:37:46 -04:00
aeaf5075bf
Custom errors for when Email is invalid via SSO
2017-03-21 15:23:38 -04:00
52d78294cc
Render a layout when there's an SSO error
2017-03-21 15:23:38 -04:00
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
b94c7b4902
missing disposition
2017-03-20 17:07:32 -04:00
652b2d7199
remove redundent header setting
2017-03-20 16:08:18 -04:00
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
f5f54c1b77
Merge pull request #4764 from tgxworld/nuke_backticks
...
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
e7c972ac89
FIX: Don't use backticks that take in inputs.
2017-03-17 15:33:51 +08:00
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
6d7e968e30
FEATURE: box-style rendering of sub-categories
2017-03-13 15:25:52 -04:00
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
1a745ca16a
else @user makes no sense :)
2017-03-13 10:22:23 -04:00
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
f13367cecd
FIX: latest + category not respecting homepage category suppression
2017-03-10 15:17:51 -05:00
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
ca20cb9941
FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list
2017-03-02 15:06:56 -05:00
3d347fb9c4
FIX: Don't mark user as `active` if verified email is different.
2017-03-02 14:24:30 +08:00
dbfea9b5b0
correct refactor
2017-03-01 18:26:26 -05:00
c79b146283
FEATURE: make list controller a bit more extensible
2017-03-01 16:41:09 -05:00
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
3754b038e8
fix brotli origin
2017-02-23 18:26:40 -05:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
a702330ccd
FEATURE: make show_subcategory_list a per-category setting
2017-02-22 11:42:36 -05:00
3ce3abef8f
FIX: add Content-Disposition and Content-Type headers when downloading attachments
2017-02-20 15:59:01 +01:00
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
040e10a627
reduce duplication
2017-02-15 17:27:10 -05:00
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
3818c196e0
remove disallowed params
2017-02-15 16:47:14 -05:00
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
1deec95ccb
Use `natural` orientation for web app manifest.
...
The `any` orientation forces the rotation even when the device's screen
rotation is disabled. Using `natural` respects that and restores the
expected behaviour.
2017-02-12 18:04:06 +00:00
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
18007ed34b
FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`.
2017-02-01 14:51:56 +08:00
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
2017-01-25 13:12:24 +08:00
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
d6bf5b0e78
Use `any` orientation for web app manifest.
2017-01-11 17:32:24 +08:00
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
David Taylor
Maja Komel
Bianca Nenciu
Guo Xiang Tan
Vinoth Kannan
Régis Hanol
Arpit Jalan
Saurabh Patel
Gerhard Schlager
Penar Musaraj
Guo Xiang Tan
Kyle Zhao
Sam
Joffrey JAFFEUX
Leo McArdle
Bianca Nenciu
Robin Ward
Blake Erickson
Rafael dos Santos Silva
Erin Kosewic
Jeff Wong
Neil Lalonde
Osama Sayegh
James Kiesel
Misaka 0x4e21
Leo McArdle
Joe Buhlig
Kevin Elliott
OsamaSayegh
Erick Guan
Muhlis Cahyono
Philipp Daniels
Vinoth Kannan
Michael Howell
Eleanor Demis
junwen yang
Mudasir Raza
Kyle Zhao
Matt Palmer
Jakub Macina
Pat David
Ryan C. Gordon
Aashaka Shah
Victor van Poppelen
Nicolas
Jeff Atwood
Claas Augner