Commit Graph

22079 Commits

Author SHA1 Message Date
Arpit Jalan f7d413bb1b Merge pull request #4727 from techAPJ/log-name-changes
FEATURE: log all username and name changes
2017-02-28 00:53:00 +05:30
Arpit Jalan b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Robin Ward bf9626d031 FIX: Embedding was broken with non-english URLs and ports 2017-02-27 12:17:52 -05:00
Arpit Jalan 877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Guo Xiang Tan 0e8c849572 UX: "See more" on not found page should redirect to /top. 2017-02-27 13:33:19 +08:00
Guo Xiang Tan 0675f9f838 Merge pull request #4684 from tgxworld/fix_reset_context_when_context_type_changes
Fix reset context when context type changes
2017-02-27 12:24:44 +08:00
Guo Xiang Tan ac37bd3dbc FIX: Search menu results does not refresh when search context is changed. 2017-02-27 12:23:41 +08:00
Guo Xiang Tan d2b83a9682 Merge pull request #4720 from rizka10/patch-3
Fix a minor typo on a mailer template
2017-02-27 11:51:38 +08:00
Guo Xiang Tan 2fc0b35765 Merge pull request #4722 from oblakeerickson/typo_routes_file
FIX: typo in a routes.rb comment
2017-02-27 11:51:13 +08:00
Guo Xiang Tan 82595bc1ab Merge pull request #4725 from jomaxro/patch-2
Remove references to elder
2017-02-27 11:50:48 +08:00
Guo Xiang Tan 758e3e52f7 FIX: Mobile topic timeline broken on Chrome 56.
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention.
  From Chrome 56 onwards, `touchstart` event listeners are treated as passive
  by default which does not call `preventDefault` resulting in the page
  scrolling when topic timeline handle is being dragged.
2017-02-27 11:39:57 +08:00
jomaxro f5673fbd47 Remove references to elder
The use of the TL4 name Elder was changed in 2014 to Leader.  The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Sam Saffron 7e8f0dc967 FIX: attempt to handle ios edge case where token is seen but unsaved
This relaxes our security in the following way

- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)

- new auth token is marked unseen if we are presented with an old token
after we already saw new one

This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
Blake Erickson 0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
David McClure b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Blake Erickson 5ba8f8d1a6 FIX: typo in a routes.rb comment
sidekiq was spelled wrong
2017-02-25 10:03:19 -07:00
Blake Erickson e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson 0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
rizka10 e651faa397 Fix a minor typo on a mailer template
"with" is supposed to be "wish" on 'unsubscribe_mailer.text_body_template'
2017-02-24 16:13:47 +02:00
Régis Hanol fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan 889ab85431 Merge pull request #4719 from rimian/patch-3
fix malformed qunit url
2017-02-24 11:32:01 +08:00
Guo Xiang Tan fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam Saffron 3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Rimian Perkins db9840b672 fix malformed qunit url
this removes the space between the query string and the URL

```
$MODULE='Acceptance: Search' rake qunit:test\[20000\]
....
Running: {"module":"Acceptance: Search"}
... http://localhost:60099/qunit?module=Acceptance%3A%20Search 20000
```

The timeout value seems to work fine.
2017-02-24 10:19:34 +11:00
Sam Saffron ef08462b33 spaces matter 2017-02-23 17:37:53 -05:00
Rafael dos Santos Silva f68540b022 Increase QUnit timeouts to allow on slower envs 2017-02-23 19:21:06 -03:00
Sam f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam eee22bf037 FEATURE: Add immutable cache for assets that do not update
This will eliminate revalidation of avatars, css, js and uploads on reloads on supporting browsers (at the moment firefox)
2017-02-23 12:24:47 -05:00
Sam ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam ad435da377 fix typo 2017-02-23 10:58:53 -05:00
Jeff Atwood ad6cb3c638 force all iOS editors to minimum height for compat 2017-02-22 16:56:19 -08:00
Jeff Atwood 22fc761cc3 tweak iOS composer heights a bit 2017-02-22 15:48:39 -08:00
Neil Lalonde c00ffabac3 search scope checkbox is default checked for your messages too 2017-02-22 17:45:12 -05:00
Neil Lalonde 0551b3f5ee FEATURE: replace emoji with unicode in title and description meta tags 2017-02-22 16:24:13 -05:00
Sam Saffron 0fc2b64f65 attempt 2 at adjusting class definition so its more easily extensible 2017-02-22 14:18:43 -05:00
Sam Saffron 08d56952df revert change, it is required 2017-02-22 14:10:55 -05:00
Sam Saffron d0d60ffa89 make is slightly easier to extend 2017-02-22 14:06:18 -05:00
Neil Lalonde 57784ddf2b remove unused setting import 2017-02-22 13:05:57 -05:00
Sam Saffron b7d2edc7dc FIX: allow some auth token misses prior to clearing cookie
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Sam Saffron 3532957ce1 index should have always been unique 2017-02-22 12:37:11 -05:00
Neil Lalonde 00700da6b8 remove null class 2017-02-22 12:23:45 -05:00
Neil Lalonde 53ec4c44f4 FIX: N+1 in topic_list 2017-02-22 12:20:50 -05:00
Neil Lalonde a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Arpit Jalan 2f657b0e32 FIX: do not refresh staff action logs every time the page is loaded 2017-02-22 17:25:39 +05:30