Commit Graph

75 Commits

Author SHA1 Message Date
Joffrey JAFFEUX 6102c287f7
FIX: prevents i18n helper to return a SafeString (#9191)
For convenience the i18n helper has been made returning a SafeString, but when used with other helpers, a String is expected and will cause unexpected behaviors.

This is the root cause of the initial bug fixed in d2bb127e2c

This commit is kept as it's a better security in case of unexpected behavior.
2020-03-12 16:50:20 +01:00
Joffrey JAFFEUX 683cb28099
DEV: enforces ember-template-lint: no-triple-curlies (#9165)
This pr replaces `{{{ }}}` usage by a {{html-safe}} helper. While it doesn't solve the underlying issue, it gives us a path forward without risking breaking too much existing behavior.

Also introduces an htmlSafe computed macro:

```
import { htmlSafe } from "discourse/lib/computed";

htmlDescription: htmlSafe("description")
```

Overtime {{html-safe}} usage should be removed and moved to components properties or specialized components/helpers.
2020-03-11 09:23:10 +01:00
romanrizzi f795c1b8e8 Revert "DEV: enforces ember-template-lint: no-triple-curlies (#9150)"
This reverts commit d436b600fb.

Triple curlies are still necessary for some raw templates.
2020-03-10 15:00:12 -03:00
Joffrey JAFFEUX d436b600fb
DEV: enforces ember-template-lint: no-triple-curlies (#9150)
This pr replaces `{{{ }}}` usage by a {{html-safe}} helper. While it doesn't solve the underlying issue, it gives us a path forward without risking breaking too much existing behavior.

Also introduces an htmlSafe computed macro:

```
import { htmlSafe } from "discourse/lib/computed";

htmlDescription: htmlSafe("description")
```

Overtime {{html-safe}} usage should be removed and moved to components properties or specialized components/helpers.
2020-03-10 16:46:57 +01:00
Joffrey JAFFEUX f1bb1db354
DEV: enforces ember-template-lint: no-unbound (#9147)
From ember-template-lint documentation (https://github.com/ember-template-lint/ember-template-lint/blob/master/docs/rule/no-unbound.md):

```
{{unbound}} is a legacy hold over from the days in which Ember's template engine was less performant. Its use today is vestigial, and it no longer offers performance benefits.

It is also a poor practice to use it for rendering only the initial value of a property that may later change.
```

Co-Authored-By: Jarek Radosz <jradosz@gmail.com>
2020-03-09 15:28:31 +01:00
Joffrey JAFFEUX e9b6b0194c
DEV: enforce ember-template-lint: no-unnecessary-concat (#9133) 2020-03-07 12:58:48 +01:00
Joffrey JAFFEUX 0431942f3d
DEV: select-kit 2 (#7998)
This new iteration of select-kit focuses on following best principales and disallowing mutations inside select-kit components. A best effort has been made to avoid breaking changes, however if you content was a flat array, eg: ["foo", "bar"] You will need to set valueProperty=null and nameProperty=null on the component.

Also almost every component should have an `onChange` handler now to decide what to do with the updated data. **select-kit will not mutate your data by itself anymore**
2020-02-03 14:22:14 +01:00
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Joffrey JAFFEUX aaf15944f8
FIX: errors due to confusion between trustLevel and trust_level (#8149) 2019-10-03 08:52:07 -04:00
Joffrey JAFFEUX 7c9d62c280
FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-26 14:51:45 +02:00
Kris dbd14a805c UX: Wrap long names on user admin page 2019-05-24 13:39:16 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Joffrey JAFFEUX 9ade04b709
FIX: removes legacy browsers-refresh button (#7028) 2019-02-19 16:38:21 +01:00
Kris 66f6382090 FIX: Icon missing due to typo 2019-01-22 13:01:21 -05:00
Joffrey JAFFEUX fc710de3ab
DEV: refactoring admin user index (#6927) 2019-01-22 16:44:55 +01:00
Joffrey JAFFEUX 80d42b4ea2
icons deprecations fixes (#6920) 2019-01-22 12:02:02 +01:00
Arpit Jalan 1591c42a06 FIX: profile picture not showing up on user admin page 2019-01-16 09:21:11 +05:30
Joffrey JAFFEUX f9648de897
DEV: upgrades from Ember 2.13 to Ember 3.5.1 (#6808)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 11:06:01 +01:00
Bianca Nenciu f0027961c7 FIX: Properly reset controller of admin-user-index. (#6760) 2018-12-17 15:28:29 +01:00
Kris c219a5fb1e
Add btn-default class to all default buttons (#6521) 2018-10-24 16:09:36 -04:00
Kyle Zhao d9bea66365 UX: confirmation before changing group membership in admin (#6426) 2018-10-01 21:34:08 -07:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Leo McArdle 21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Jeff Wong 406c6d679a FIX: correct display for unlocking on tl0 2018-06-19 17:47:03 -07:00
Arpit Jalan 59a8471308 FIX: do not show SSO external_email to moderators 2018-06-12 14:20:44 +05:30
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Robin Ward c658fb6e31 Move some display logic out of model, upgrade old code patterns 2018-05-25 12:54:22 -04:00
Robin Ward 3c8369def6 The `isSilenced` and `isSuspended` aliases were useless
We already had `silenced` and `suspended` on the model with the same
effect!
2018-05-25 10:29:26 -04:00
Sudaraka Jayathilaka 42fc116af4 Add after-user-details plugin outlet 2018-05-03 10:41:10 +10:00
Guo Xiang Tan e43baafa02 UX: Link to automatic group page on user admin page. 2018-04-13 10:46:30 +08:00
Robin Ward 17f12c0ce4 Add new plugin outlet below admin user names 2018-04-04 15:47:14 -04:00
Robin Ward 22b631510c FIX: Silenced user wasn't being linked properly 2018-03-29 17:07:09 -04:00
Arpit Jalan b18fec4d5d UX: move Impersonate to the bottom of page 2018-03-14 00:06:40 +05:30
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Joshua Rosenfeld e5655f0b6b
UX: Add specific classes to ip address rows on user admin 2018-02-02 00:40:10 -05:00
Robin Ward 34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Robin Ward aeebcef7e2 FIX: Don't show the email from the suspension on the user profile 2017-12-07 13:27:02 -05:00
Robin Ward 4ae1bbaeba FIX: Only show the full suspension reason on the admin side 2017-12-07 13:27:02 -05:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Neil Lalonde 7c6f991313 REFACTOR: remove AgeWord calls from serializers and do it in javascript 2017-11-17 17:53:30 -05:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Robin Ward 162932114e UX: Add an outlet to the user admin page 2017-11-09 14:18:30 -05:00
Joffrey JAFFEUX ae1743c61f [WIP] select-box-kit refactoring 2017-10-19 12:51:08 -07:00
Robin Ward f7c967b754 Add forever to the suspension dropdown 2017-10-02 15:04:22 -04:00
Joshua Rosenfeld fbfc4de3eb Move staged below active 2017-09-26 16:46:37 -04:00
Robin Ward 6bce3004d9 UX: Nicer selection of suspend duration 2017-09-25 12:28:00 -04:00
Robin Ward 2a56cf8bb6 Tests + Refactoring for Suspension Modal 2017-09-25 12:26:06 -04:00
Robin Ward daceeb9700 Refactor user suspension modal 2017-09-25 12:25:14 -04:00
Leo McArdle 0ce9098339 add admin-user-details plugin outlet (#5141) 2017-09-07 16:17:27 +02:00