c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
342ef5f81a
FEATURE: out-of-the-box dark/light user selectable themes
2017-05-03 11:31:33 -04:00
81190f5d66
FIX: Redirect away from `account-created` if you're logged in
2017-05-03 11:18:01 -04:00
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
d4111c8676
correct spec
2017-04-20 17:24:21 -04:00
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
2bc3aa7ed4
remove no digest refs
...
the digestless special dev behavior is no longer needed
2017-04-18 17:05:33 -04:00
f968b4e662
Fix the build
2017-04-18 16:34:58 +05:30
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
809fbb25ce
FIX: blanking theme field was not properly removing it
2017-04-13 17:24:15 -04:00
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
0bbad5040a
`topic-status-info` component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
6b976433c9
Support for both `/users/` and `/u/` paths
2017-03-30 10:23:24 -04:00
3ef82bb32c
SECURITY: CSRF vulnerabilities in `Admin::BackupsController`.
2017-03-23 10:29:35 +08:00
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
a1d04a7a9a
Fix rspec tests.
2017-03-20 12:35:08 +08:00
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
0abe433495
Merge pull request #4736 from techAPJ/group-bulk-add
...
FIX: grant trust level when bulk adding users to group
2017-03-06 12:43:26 +01:00
d5bcc70e9c
FIX: grant trust level when bulk adding users to group
2017-03-06 14:39:53 +05:30
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
107d6783a9
Remove use of stubs in tests.
2017-03-01 10:53:03 +08:00
76dd6933d2
Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
...
This reverts commit e6d75f6844
2017-03-01 10:16:59 +08:00
e6d75f6844
Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
...
This reverts commit 0e3def7d2b
2017-02-28 11:27:14 +08:00
0e3def7d2b
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
2017-02-27 13:19:26 -05:00
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
1060239e2d
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 13:13:10 +08:00
0847b4258a
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit fbe51d68a7
2017-02-24 13:12:29 +08:00
fbe51d68a7
SECURITY: Ensure that user has been authenticated.
2017-02-24 10:47:48 +08:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
7652901b75
reduce mocking and stubbing in controller spec
2017-02-13 14:31:15 -05:00
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
c531f4ded5
remove rails-observers
...
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.
For example: if we want to upgrade to rails 5 there is no published gem
Internally the usage of observers had quite a few problem.
The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
2f6a4cc6de
remove UserActionObserver, replace with after_save and service
...
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
a2096a01fb
add test case for handling uploads without extension
2016-12-20 00:46:47 +05:30
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
2d61d7d644
update embed_controller_spec
2016-12-13 16:29:51 -05:00
43ee9f884e
FEATURE: Add `Group#full_name`.
2016-12-13 16:16:26 +08:00
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
1135e00c83
FIX: regression unable to dismiss unread
2016-12-06 08:49:40 +11:00
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
37b256e7f2
Fix specs.
2016-12-05 17:13:58 +08:00
431aa79bb3
Merge pull request #4587 from techAPJ/invite-upload
...
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
ce974da9e5
FIX: simplify CSV file upload
2016-12-05 14:09:08 +05:30
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
b45fd21ed9
FIX: Clean up specs.
2016-12-05 13:37:33 +08:00
dc66f6681a
add spec for brotli controller, ensure cached correctly
2016-12-05 16:08:36 +11:00
dafd1453d6
FIX: topic list filters for bookmarked, posted, and read now work with tag filter
2016-12-02 15:58:14 -05:00
bc0a8142fe
PERF: Only show members count on group page.
2016-12-02 16:28:54 +08:00
b8dc58be90
got to be careful with integrity specs
2016-11-29 18:01:09 +11:00
266322ce2e
FEATURE: add help text for no bookmarks in user page
2016-11-29 17:56:00 +11:00
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
88a46be051
FEATURE: display text excerpts when scrolling on mobile
2016-11-25 11:35:29 +11:00
bfd0418f07
added a test for safe mode
2016-11-23 13:31:05 +11:00
32a8d5ed1f
Merge pull request #4550 from cpradio/cannot-see-mention
...
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
764a572070
FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory
2016-11-02 15:29:33 -04:00
71f940d478
FIX: use metadata to hold the message_id with sparkpost
2016-10-27 19:35:50 +02:00
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
ee9946388c
Merge pull request #4507 from ming-relax/feat-delete-by-email
...
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
7803a06e50
Use expect change for groups_controller_spec.rb
2016-10-24 10:32:21 +08:00
19e2eec219
Allow step 0 to resend the confirmation email
2016-10-21 11:34:19 -04:00
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
dffd8baa91
Remove user from a group by user email
2016-10-18 17:10:47 +08:00
3949c24f80
FIX: sparkpost webhooks support
2016-10-17 11:26:49 +02:00
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
ddcc084d22
Revert "FEATURE: Use the top period default for users who have been inactive or are new"
2016-10-11 17:56:46 +02:00
2de50a616d
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 09:55:15 -04:00
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
3e513f5c05
Merge pull request #4459 from vibol/master
...
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
1302db2683
Skip randomly failing test first.
2016-10-01 05:14:35 +08:00
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00
cde18834f8
Fix randomly failing spec.
2016-09-30 05:18:54 +08:00
c3d60d5d1d
Merge remote-tracking branch 'upstream/master'
2016-09-29 02:12:05 -07:00
72ccb4e11d
FIX: Plugin "admin_js" translations bundle was not fetched.
2016-09-29 04:42:26 +08:00
34af73c7cb
FEATURE: sparkpost webhook
2016-09-26 22:13:34 -07:00
0229df4c73
Second review fixes
2016-09-26 20:46:55 -03:00
f96fffeb34
Add tests
2016-09-26 20:46:55 -03:00
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
ef84981e38
Invite Users step
2016-09-22 09:52:19 -04:00
9f12b571ef
Wizard: Server Side Validation + Finished Step
2016-09-22 09:52:19 -04:00
3a4615c205
Wizard: Step 1
2016-09-22 09:48:58 -04:00
0471ad393c
Scaffold for new Wizard - Rails / Ember / Tests
2016-09-22 09:48:58 -04:00
6070939daa
Support for other i18n bundles
2016-09-22 09:48:58 -04:00
9374e5d42d
Revert "FIX: don't overwrite category's logo & background URLs"
...
This reverts commit 641b95f655
2016-09-22 11:30:19 +08:00
641b95f655
FIX: don't overwrite category's logo & background URLs
2016-09-21 22:11:31 +02:00
2766b2edc3
FIX: Allow redirection for slugs that start with digits
2016-09-19 13:31:19 -04:00
c463cf63d4
FEATURE: Webhook for user creation and approval
2016-09-19 10:12:55 +08:00
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
a04dadf9b4
FIX: Randomly failing specs try 2.
2016-09-16 15:10:37 +08:00
903d1dd326
FIX: Randomly failing specs.
2016-09-16 14:56:59 +08:00
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
2c9a47dda5
FIX: Validate the raw content of posts before enqueuing them
2016-09-12 12:26:49 -04:00
2d859ba0ed
FIX: user api should always be available to staff
2016-09-12 15:42:06 +10:00
e78b7a243e
FIX: Don't enqueue posts if the user can't create them (ex: closed)
2016-09-09 12:15:56 -04:00
1d281e02c7
id is optional if already specified in header
2016-09-02 17:08:46 +10:00
be0fd5b4cc
FEATURE: allow user api key revocation for read only keys
2016-09-02 17:04:00 +10:00
0217973374
FIX: Importing user avatar when new user login by SSO
2016-08-29 20:47:19 +08:00
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
ca79c4b276
stop eating up push_urls
2016-08-26 13:23:06 +10:00
fcdf13f52d
add some more testing
2016-08-26 13:18:20 +10:00
a37db9448f
correctly return access rights in auth redirect
2016-08-26 13:12:38 +10:00
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
a25a8115e8
FEATURE: support HEAD request to /user-api-key/new
...
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
3b792054f2
Merge pull request #4387 from gdpelican/feature/tags-intersection
...
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
037e9bb7b8
Support any number of tag intersections
2016-08-15 15:30:17 -04:00
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
7e73b933c7
First pass
2016-08-12 15:28:46 -04:00
7e4503dd99
FEATURE: basic info route for all sites, even ones that require login
...
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
dd1a184955
Correct mailing list mode unsubscribe
2016-06-17 11:57:23 +10:00
852860de66
FEATURE: simpler and friendlier unsubscribe workflow
...
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
49f8a2baa7
FEATURE: support for mandrill webhooks
2016-06-13 12:32:14 +02:00
3015030fe2
FIX: unlisted topics do not get "slug auto correct" logic
2016-06-10 10:53:26 +10:00
214e25f1b5
use proper 'Message-Id' field
2016-06-09 00:33:13 +02:00
3e3538d603
loosen security a bit on mailgun's webhook
2016-06-08 22:38:38 +02:00
431179dd25
FEATURE: Prompt users when they are entering duplicate links
2016-06-07 14:47:22 -04:00
6aaa484baa
REFACTOR: Move composer messages to store
2016-06-07 14:47:22 -04:00
cc66bff730
we forgot to update the mailgun tests
2016-06-06 16:55:24 -07:00
fe595f1653
FEATURE: mailjet webhook
2016-06-06 19:47:45 +02:00
9704603fab
FEATURE: sendgrid webhooks
2016-06-01 21:48:06 +02:00
116efffdaa
FEATURE: webhooks support for mailgun
2016-05-30 17:11:17 +02:00
cb5be1fe8f
Upgrade rspec to 3.4.0.
2016-05-30 11:38:38 +08:00
f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
49a6d0b789
FIX: Don't bother with negative offsets
2016-05-09 16:33:55 -04:00
82daf93eb3
Merge pull request #4206 from techAPJ/convert-topic
...
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
b061ba5c52
FIX: Broken spec. Stupid mocking.
2016-05-03 15:30:48 -04:00
acfb540952
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-02 21:34:05 +05:30
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
9e50f36c50
Merge pull request #4137 from cpradio/add-warning-to-flag
...
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
379bfac36d
Merge pull request #4010 from riking/patch-sitelinks
...
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
22b2f5285c
FIX: extract links in post processor
...
when oneboxes are not cached or are refreshed they can introduce new
links, these links must be extracted otherwise you can not follow them
2016-04-12 12:28:18 +10:00
a5cd557906
Simplify setting the top_page_default_timeframe SiteSetting ( #4149 )
2016-04-07 18:06:54 +02:00
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
8ec7fd84fd
FEATURE: prioritize sidekiq jobs
...
This commit introduces 3 queues for sidekiq
"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs
"critical jobs"
Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick
"low priority jobs"
Notify mailing list
Pull hotlinked images
Update gravatar
"default"
All the rest
Note: for people running sidekiq from command line use
bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
2b9e8e5a7d
Merge pull request #4147 from cpradio/default_top_timeframe
...
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
c5bb1d1cfe
Return default top setting as part of best_periods_for to see if it can be used
2016-04-05 14:27:18 -04:00
d402a45781
FIX: hitting '/t/:id/posts.json' should return the first page of posts
2016-04-05 19:12:14 +02:00
95fa340601
Added spec tests
2016-04-03 19:44:14 -04:00
41208b99a1
FEATURE: RSS feed for user posts and topics
2016-03-31 20:24:05 +05:30
f2ddd44712
FEATURE: Add /search discovery
...
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00
9a5ded48cf
FIX: Return a proper error message when sync sso fails.
2016-03-26 13:30:15 +08:00
4180e207c3
FIX: Crazy large ids should not raise exceptions
2016-03-23 12:13:47 -04:00
34469e725b
FEATURE: separate API endpoints for public and private posts
2016-03-21 18:21:15 +05:30
bd83cf7f4c
FEATURE: add group posts and mentions RSS
2016-03-18 22:29:10 +05:30
1fba835d4f
FIX: Use a logging table for daily likes given. Use it for badges.
2016-03-18 11:18:54 -04:00
213950e4cf
FEATURE: add option to include topics from trust level 0 users in digest emails
2016-03-17 17:35:23 -04:00
0ea20f2d77
mock was causing spec to fail
2016-03-17 15:46:16 +11:00
84d234a98a
Merge pull request #4076 from scossar/locale-from-header-setting
...
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
06591022fe
FEATURE: Generous badge
2016-03-15 16:08:29 -04:00
0cbeda8414
add site setting for setting locale from header
2016-03-14 16:18:19 -07:00
89248580dc
FEATURE: revert post to a specific revision
2016-03-11 02:46:55 +05:30
5771d2aee2
SECURITY: Support for confirm old as well as new email accounts
2016-03-08 14:52:22 -05:00
d62689fa76
Move updating a user's email to its own controller
2016-03-08 14:52:22 -05:00
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
8d4bac7da2
fix build & add migration to clear common passwords cache
2016-03-03 19:39:22 +01:00
bfaa4cdb37
FEATURE: compose a new pre-filled private message to a group via URL
2016-03-03 00:19:06 +05:30
50e65634d7
FEATURE: new setting min_admin_password_length and better default
2016-03-02 14:43:26 +05:30
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
b2f4659792
Pass discourse username to TopicRetriever from embed controller
...
When you specify `discourse_username` param on the embed URL, it should
translate to creating the post with that username.
This commit ensures that this is now the case.
2016-02-25 13:02:25 +00:00
e8de80de98
FIX: Default to first page when page params is an array.
2016-02-25 11:32:58 +08:00
6df5b38b54
better user update spec
2016-02-24 16:10:08 +05:30
d77511319e
show monthly top topics on 404 page
2016-02-24 13:46:55 +05:30
1253afdf95
FIX: invite link should not auto-accept invitation if user is already logged in
2016-02-23 19:49:58 +05:30
3829c78526
PERF: shift most user options out of the user table
...
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded
New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
dd6ebde824
FIX: Always ensure notifications are treated as read once clicked
...
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries
- Add feature "SetTransientHeader" that allows shipping info to server
in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
35142847ba
FIX: Prepend the user id before username in admin user routes
2016-02-09 15:14:13 +01:00
b75353c26f
correct specs
2016-01-27 23:40:45 +11:00
0064927077
FIX: do not allow new email to be duplicate
...
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
74b5d063f9
FIX: enabling suppress_from_homepage should only remove the category from the homepage
2016-01-20 17:55:58 +01:00
f61537bc16
Merge pull request #3952 from gdpelican/unsubscribe-via-email
...
Unsubscribe via email
2016-01-20 14:38:14 +01:00
c7283751a3
Unsubscribe via email
2016-01-20 22:25:25 +13:00
7303f8f309
FEATURE: first pass at user summary page
2016-01-20 15:14:25 +11:00
ca3e2b4da3
FEATURE: you can not drill down and see why you have badges
...
Clicking on badges filters down the list to a particular user.
2016-01-18 17:59:20 +11:00
Sam Saffron
Robin Ward
Arpit Jalan
Guo Xiang Tan
Erick Guan
Neil Lalonde
Guo Xiang Tan
Régis Hanol
Blake Erickson
cpradio
Ming HU
Vibol Hou
Rafael dos Santos Silva
James Kiesel
Jeff Atwood
cpradio
Kane York
scossar
Sam Davies