Commit Graph

1106 Commits

Author SHA1 Message Date
Sam 906f189914 have to clear debounce cache for tests 2018-01-15 15:29:54 +11:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Arpit Jalan 672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Sam 8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Joffrey JAFFEUX 642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Régis Hanol 7f69362d9d FIX: external links in whisper ended up in a white page
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
Philipp Daniels 6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Guo Xiang Tan 97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam 96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Sam a393d3bcbb FIX: ensure staged accounts are always inactive
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
Arpit Jalan 1d43d7f136 optimize spec 2017-12-12 13:00:53 +05:30
Arpit Jalan d21db0f186 add a test case to verify presence of registration_ip_address for staged users 2017-12-11 21:33:00 +05:30
Robin Ward 74b9828731 FIX: Remove mentions filters from user and groups
Additionally return no data if disabled
2017-12-07 16:29:02 -05:00
Arpit Jalan 5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Sam dd70ef3abf Revert "Revert "PERF: improve speed of rate limiter""
This reverts commit 2373d85239.
2017-12-04 21:23:11 +11:00
Sam 2373d85239 Revert "PERF: improve speed of rate limiter"
This reverts commit a9bcdd7f27.
2017-12-04 21:19:28 +11:00
Sam a9bcdd7f27 PERF: improve speed of rate limiter
Also

- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
2017-12-04 18:17:30 +11:00
Arpit Jalan 496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements
FEATURE: support search click through tracking for user, category and tags
2017-12-01 12:08:38 +05:30
Arpit Jalan e3925278e2 FEATURE: support search click through tracking for user, category and tags
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj

This commit adds following features:

- support for tracking click through to user, tag and category
- new filter for search type (header, full page)

This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
Vinoth Kannan 7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Guo Xiang Tan 1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
Guo Xiang Tan 1d8b834301
Merge pull request #5369 from vinothkannans/queued
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Vinoth Kannan 31aa21b5a4 FIX: Error if queued post not found while updating 2017-11-27 19:25:51 +05:30
Guo Xiang Tan 5805979e88 FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
Sam eb428ef54d FEATURE: uploads are processed a faster
Also cleans up API to always return 422 on upload error. (previously returned 200)

Uploads are processed using new hijack pattern
2017-11-27 12:43:35 +11:00
Sam e0e99d4bbd PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-24 15:31:40 +11:00
Guo Xiang Tan 82222e8d18 Improve specs to test for the right response status. 2017-11-24 09:32:44 +08:00
Sam e61629ed84 remove spec containing mock 2017-11-23 17:54:27 +11:00
Robin Ward 628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Robin Ward 0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Gerhard Schlager 92a831bae6 FEATURE: user directory returns staged users during search 2017-11-19 01:17:31 +01:00
OsamaSayegh 4c4410225e UX: cap likes 2 (#5237) 2017-11-15 11:28:54 +11:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Sam 47e4c9bb46 FIX: import/export theme should work with uploads 2017-11-14 16:30:23 +11:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde 9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Neil Lalonde d7880af0bb FIX: change password form validation should instruct admins to use min password length for admin accounts 2017-11-07 16:14:56 -05:00
Sam 56412adad5 FEATURE: custom setting for large square site icon
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Sam 1bd9e64a36 FIX: offline controller regression 2017-10-31 15:44:50 +11:00
Erick Guan 7c3123a2dd Downcase encoded slug by default and more specs 2017-10-26 16:50:29 +08:00
Rafael dos Santos Silva 5d5268a82b Feature: Group handling 2017-10-25 22:49:17 -02:00
Arpit Jalan 9586f0bdc9 fix the build - take 2 2017-10-20 21:34:56 +05:30
Arpit Jalan 13b2bf52c9 fix the build 2017-10-20 20:31:49 +05:30
Neil Lalonde 2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Robin Ward f73a3cc0d4 Don't include suspended_at or suspended_till unless suspended 2017-10-13 12:17:54 -04:00
Arpit Jalan a2183c3f1d SECURITY: verify that inviter can invite new user to a topic 2017-10-09 15:59:41 +05:30
Neil Lalonde 1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00