Commit Graph

78 Commits

Author SHA1 Message Date
Tarek Khalil 6e46197bc8
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
2019-04-18 12:36:37 +01:00
Robin Ward 1bce97a596 FIX: Allow queued posts from deleted users to be rejected 2019-04-03 11:40:46 -04:00
Maja Komel 4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel 34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Bianca Nenciu 191e31dccf FEATURE: Log user approvals. (#7121) 2019-03-12 19:16:56 +11:00
Vinoth Kannan d1bad881ea
FEATURE: Allow moderators to change topic timestamps (#7053) 2019-02-22 14:33:52 +05:30
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Gerhard Schlager 150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Arpit Jalan 36f9af4fa4 minor optimizations for post rejected logs 2018-06-02 09:44:55 +05:30
Arpit Jalan 89eca87f16 FEATURE: add staff action log for post rejections 2018-06-01 21:48:27 +05:30
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan 0a442977b3 FEATURE: add staff action log for post approvals 2018-04-23 11:28:44 +05:30
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Robin Ward 135195363b FIX: Not logging old post contents properly 2018-03-14 15:01:36 -04:00
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Arpit Jalan 1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Robin Ward a8b46df4bd More extensibility for custom silence/suspend messages 2018-01-19 11:35:19 -05:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Robin Ward 0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Robin Ward 09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Arpit Jalan e27b1b98d1 FIX: handle new user when logging name change 2017-03-01 13:43:57 +05:30
Arpit Jalan b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Neil Lalonde 98bd58df61 Don't show email of deleted users in staff action logs 2017-01-10 17:25:36 -05:00
Neil Lalonde fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Régis Hanol b0f7e4ba00 FEATURE: deactive users after too many bounces 2016-07-25 18:57:06 +02:00
Régis Hanol 367954057b should have been 'deleted_topic' 2016-06-15 14:45:18 +02:00
Régis Hanol ed4634dc34 FIX: don't error out when deleting a topic with no user 2016-06-15 14:41:08 +02:00
Régis Hanol ca1a532cf5 show 'revoke_email' in staff action logs 2016-06-06 22:58:09 +02:00
Régis Hanol 8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Arpit Jalan 8da446c8bc FIX: do not raise error if topic not found while logging 2016-04-11 09:32:37 +05:30
Arpit Jalan 43e3182a79 add IP address in backup log 2016-02-28 08:44:27 +05:30
Arpit Jalan 8f62a0caa8 FEATURE: log backup operation 2016-02-27 23:33:18 +05:30
Arpit Jalan 74f22f95da FEATURE: log admin/moderator grant/revoke action 2016-01-27 15:39:04 +05:30
Arpit Jalan cf1bd35fc6 FIX: while changing site text, old and new values can be nil 2016-01-18 20:56:14 +05:30
Neil Lalonde b8299a2710 log when staff blocks/unblocks someone 2016-01-14 15:05:11 -05:00
Arpit Jalan 4c967d11b4 FEATURE: log site text changes 2015-12-18 19:42:06 +05:30
Guo Xiang Tan 8b6b3cf858 FIX: Admin logging should not log permissions if none has been set. 2015-12-06 15:29:13 +08:00