Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
26,691 Commits 211 Branches 500 Tags 858 MiB
Commit Graph

815 Commits

Author SHA1 Message Date
Guo Xiang Tan 70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Joffrey JAFFEUX ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component 
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
 2018-02-26 11:42:57 +01:00
Guo Xiang Tan a9699da672 UX: Specify pattern and maxlength for 2FA input fields. 2018-02-26 18:29:46 +08:00
Guo Xiang Tan 1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Maja Komel 76a2fc3d07 UX: Add og metadata for groups. 
https://meta.discourse.org/t/onebox-for-groups/79155
 2018-02-22 15:03:41 +08:00
Guo Xiang Tan 964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Guo Xiang Tan edf326a9a5 Fix incorrect translation. 2018-02-22 08:06:37 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP 
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
 2018-02-21 09:04:07 +08:00
Guo Xiang Tan 7902296c11 Oops we should register a service worker as long as it is supported. 2018-02-15 15:02:14 +08:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email 
Co-authored-by: tgxworld <tgx@discourse.org>
 2018-02-13 16:14:39 +08:00
Robin Ward 0776340b29 SECURITY: Prevent robots from indexing more routes 
These routes could contain sensitive material and should never be
indexed for content.
 2018-02-04 13:24:36 -05:00
Neil Lalonde 2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Sam 8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Vinoth Kannan f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Gerhard Schlager 44ee388070 FEATURE: omit images from og and twitter description tags 2017-11-28 21:34:02 +01:00
Kris c2da25dd5c
Cleaning up the 404 page (#5363) 2017-11-24 12:41:31 -05:00
Neil Lalonde 66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward cef64e8f03 UX: Use `no_ember` styling for omniauth error page 2017-11-15 14:04:26 -05:00
Robin Ward d07ebf9d4c UX: Support for custom error pages and headers in plugins 2017-11-14 16:31:44 -05:00
Robin Ward 1c56e1c063 Support for HTML builders on the no-ember view 2017-11-14 16:04:27 -05:00
Robin Ward 52480d554a UX: Support for custom 404 pages 2017-11-14 11:57:17 -05:00
Sam dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Michael Howell 38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268) 
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
 2017-11-10 06:45:19 +11:00
Neil Lalonde 7eb5f78343 UX: increase max length of topic titles in summary email html by 40 characters 2017-11-06 10:00:01 -05:00
Neil Lalonde 7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Penar Musaraj bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217) 
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
 2017-10-31 10:46:48 +11:00
Neil Lalonde a5afc08363 FIX: html links in text part of summary email 2017-10-30 15:43:01 -04:00
Neil Lalonde 28bc5ac10a FIX: link to about page on subfolder 2017-10-30 14:34:12 -04:00
Neil Lalonde fec5691064 FIX: unsubscribe links in summary emails were missing subfolder 2017-10-30 14:28:43 -04:00
Neil Lalonde bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Arpit Jalan 33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Guo Xiang Tan ad9553ff86 Merge pull request #5238 from discourse/jomaxro-patch-1 
Add div to login-required text
 2017-10-24 17:04:18 +08:00
Robin Ward e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Arpit Jalan cafbf506cc better error message when confirming email change 2017-10-20 20:58:00 +05:30
Joshua Rosenfeld 64e5532b90 Add div to login-required text 2017-10-15 14:45:24 -04:00
Guo Xiang Tan 6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page." 
This reverts commit 190558db9d.
 2017-10-09 09:03:07 +08:00
Guo Xiang Tan 190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Sam 70bb2aa426 FEATURE: allow specifying s3 config via globals 
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
 2017-10-06 16:20:01 +11:00
Sam ebdf8d6718 remove uneeded code 2017-10-04 15:05:58 +11:00
Sam 14310d2eee UX: title in JS must match title on Server 
Corrects title flashing with incorrect value on front page reloads
 2017-10-04 15:04:42 +11:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Arpit Jalan 6d35b62238 add image type attribute to icon link tag 2017-09-08 12:48:30 +05:30
Leo McArdle e183600563 FIX: redirect loop for new users visiting /new-topic using full screen login 2017-09-07 21:02:41 +01:00
Bianca Nenciu fa69e0dd77 Improved metadata for tags. (#5067) 2017-08-28 13:11:34 -04:00
Neil Lalonde d506e577a5 FEATURE: if full search returns no results, show google search form 2017-08-15 16:46:41 -04:00
Arpit Jalan b354099252 FEATURE: add custom open graph tag for ignoring canonical url 2017-08-15 19:24:20 +05:30
David Taylor 37300d6777 SECURITY: Do not show latest/top topics on 404 for login_required sites 2017-08-13 19:02:44 +03:00
Arpit Jalan bf2c35aa99 FEATURE: add RSS feed for badge pages 2017-08-09 13:43:49 +05:30