Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
29,972 Commits 181 Branches 498 Tags 917 MiB
Commit Graph

325 Commits

Author SHA1 Message Date
Sam a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu 048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472) 
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
 2018-10-12 10:40:48 +11:00
Blake Erickson 13b3cead06 FEATURE: Allow bulk removing users from a group 
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
 2018-10-11 15:30:54 -06:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3." 
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
 2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile 
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
 2018-10-10 17:34:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335) 
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
 2018-10-09 22:21:41 +08:00
Gerhard Schlager 2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Joffrey JAFFEUX 22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Sam 5b630f3188 FIX: stop logging every time invalid params are sent 
Previously we were logging warning for invalid encoded params, this can
cause a log flood
 2018-10-05 14:33:19 +10:00
Vinoth Kannan ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
Kyle Zhao 819f090d6a move large blobs out of `<head>` (#6428) 
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
 2018-09-28 17:28:33 +08:00
Kyle Zhao 4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417) 
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
 2018-09-19 22:33:10 -07:00
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Guo Xiang Tan f2fbf1fdb0 DEV: Basic specs for `TagGroupsController`. 2018-09-18 08:22:03 +08:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao 6659417807 FEATURE: match user title when primary group changes 
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
 2018-09-17 15:08:39 +10:00
pmusaraj 7f05af5995 cleanup 2018-09-12 13:10:14 -04:00
pmusaraj aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
pmusaraj b8c0a29bec better test name 2018-09-12 11:09:30 -04:00
pmusaraj 11fd18b254 code-styling fixes 2018-09-12 11:06:30 -04:00
pmusaraj 3a00c2adeb add test to ensure that userA cannot see drafts stream of userB 2018-09-12 10:13:20 -04:00
Sam d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag 
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
 2018-09-12 13:16:59 +10:00
Robin Ward 3bb4f4c5ef Adds test to make sure moderators can't make master keys 
It wasn't obvious from the code, plus we'd never want this to regress!
 2018-09-11 12:02:06 -04:00
Neil Lalonde 9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Sam 879067d000 FIX: check admin theme cookie against user selectable 
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
 2018-09-07 10:47:28 +10:00
Gerhard Schlager 26082688d1 FIX: Zero is a valid value for the page parameter 2018-09-05 20:43:05 +02:00
Vinoth Kannan d9be4f47e8 SPEC: redirect to original URL after social signup 2018-09-05 03:24:50 +05:30
Vinoth Kannan d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Sam 2f5c21e28c FIX: return a 400 error instead of 500 for null injections 
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
 2018-09-04 12:11:52 +10:00
Gerhard Schlager f33433bf9e Validation of params should restrict to max int (#6331) 
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
 2018-09-03 14:45:32 +10:00
Bianca Nenciu f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Sam b3aab1770f FIX: set old last modified date for invalid avatars 
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
 2018-08-31 17:07:31 +10:00
Blake Erickson c6f339a0b5 format json better with spaces in my test 2018-08-30 14:39:40 -06:00
Blake Erickson ae532f8548 FIX: return 422 for an invalid group name on category create 2018-08-30 14:28:55 -06:00
David Taylor 103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Bianca Nenciu 72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Neil Lalonde ebe7835316 FIX: links in rss feeds are sometimes wrong on subfolder installs 2018-08-27 18:05:15 -04:00
Raul Tambre 2271918be2 FEATURE: Use S3 dualstack endpoints 
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
 2018-08-27 11:22:46 +10:00
Joffrey JAFFEUX 82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
Osama Sayegh e0cc29d658 FEATURE: themes and components split 
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
 2018-08-24 11:30:00 +10:00
Sam 29315b73c2 FIX: improve last_modified date returned for avatars 
instead of hard coding a date:

1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
 2018-08-24 09:36:11 +10:00
Osama Sayegh 2711f173dc FIX: don't allow inviting more than `max_allowed_message_recipients` 
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
 2018-08-23 14:36:49 +10:00
James Kiesel cdea969c6a FEATURE: Make initial admins TL1 
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
 2018-08-22 15:45:24 +10:00
Gerhard Schlager 17dc8f2490 UX: Wizard resends activation email when user exists 2018-08-21 19:13:41 +02:00
Sam 2d96160192 FEATURE: improve API error reporting for invalid records 2018-08-21 11:54:34 +10:00
Guo Xiang Tan b4f92a05b3 FIX: Load more on groups page does not account for params. 
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
 2018-08-20 17:08:50 +08:00
Sam f5fe58384f correct regression around file renaming 2018-08-20 16:08:05 +10:00