27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
2018-10-15 09:43:31 +08:00
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
2018-10-11 11:08:23 +08:00
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
2f90c15d7a
Fix random build error
2018-10-09 01:03:05 +02:00
22187508e3
FEATURE: adds header text/background color to site ( #6462 )
2018-10-08 11:52:57 +02:00
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
819f090d6a
move large blobs out of `<head>` ( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
4bb980b9f7
FEATURE: do not allow moderators to export user list ( #6418 )
2018-09-21 09:07:13 +08:00
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
f2fbf1fdb0
DEV: Basic specs for `TagGroupsController`.
2018-09-18 08:22:03 +08:00
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
6659417807
FEATURE: match user title when primary group changes
...
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
7f05af5995
cleanup
2018-09-12 13:10:14 -04:00
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
b8c0a29bec
better test name
2018-09-12 11:09:30 -04:00
11fd18b254
code-styling fixes
2018-09-12 11:06:30 -04:00
3a00c2adeb
add test to ensure that userA cannot see drafts stream of userB
2018-09-12 10:13:20 -04:00
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
3bb4f4c5ef
Adds test to make sure moderators can't make master keys
...
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
26082688d1
FIX: Zero is a valid value for the page parameter
2018-09-05 20:43:05 +02:00
d9be4f47e8
SPEC: redirect to original URL after social signup
2018-09-05 03:24:50 +05:30
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
c6f339a0b5
format json better with spaces in my test
2018-08-30 14:39:40 -06:00
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
ebe7835316
FIX: links in rss feeds are sometimes wrong on subfolder installs
2018-08-27 18:05:15 -04:00
2271918be2
FEATURE: Use S3 dualstack endpoints
...
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
2711f173dc
FIX: don't allow inviting more than `max_allowed_message_recipients`
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
17dc8f2490
UX: Wizard resends activation email when user exists
2018-08-21 19:13:41 +02:00
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
b4f92a05b3
FIX: Load more on groups page does not account for params.
...
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
f5fe58384f
correct regression around file renaming
2018-08-20 16:08:05 +10:00
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
d7b1919ead
correct specs
2018-08-20 12:46:14 +10:00
a9e502936f
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 13:09:48 +08:00
f62073a22a
correct regression uploading images
2018-08-16 18:49:08 +10:00
937ab3f213
FIX: Validation of min_posts and max_posts didn't work
2018-08-16 10:36:53 +02:00
796164b58c
FIX: automatically correct bad avatars on access
...
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
38c10a3dc2
correct the validator
2018-08-15 14:56:24 +10:00
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
06f82a7d72
correct exception handling, always do to_i in array
2018-08-15 11:31:42 +10:00
bc47148d35
add validation to exclude_category_ids
2018-08-15 09:53:28 +10:00
12bab65167
FIX: going from /categories to /latest on mobile might break infinite scrolling
2018-08-15 01:22:03 +02:00
ba0e322fd0
FIX: Validation of topic params broke discourse-assign
2018-08-14 18:45:46 +02:00
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
d10c9d7d75
FIX: Missing extensions for non-image uploads due to 2b57239389.
2018-08-13 10:58:55 +08:00
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
1708ff1808
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:38:08 -04:00
f38942d121
FIX: Destroy session between omniauth callbacks controller tests
2018-07-25 16:33:42 +01:00
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
fad9c2b971
PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table.
2018-07-24 13:51:53 +08:00
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
f4b5eccad3
FIX: categories page crawler view had incorrect URLs
2018-07-23 14:54:41 -04:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
a2281fbb19
FEATURE: allows to jump to a date in a topic
2018-07-19 16:00:13 +02:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
ac0053f491
FEATURE: navigate to first post and auto bump category settings
...
### navigate_to_first_post_after_read setting for categories
When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)
### num_auto_bump_daily
Set a number of topics that will automatically bump daily on a category.
- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day
Also some minor organisation on category settings
Froze strings on category.rb
2018-07-16 18:10:35 +10:00
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
0a28181c62
Fix the build take 2.
2018-07-10 11:27:03 +08:00
5374a0e720
Fix the build.
2018-07-10 09:48:57 +08:00
10bc69a62f
FEATURE: Event on topic merge ( #6057 )
2018-07-10 09:28:57 +08:00
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
9948f57a99
REFACTOR: Update test to assert for the right objects.
2018-07-09 09:54:14 +08:00
18f5f646b1
FEATURE: allow selecting a tag when moving posts to a new topic ( #6072 )
2018-07-06 18:21:32 +02:00
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
982df3c17b
FIX: return status 400 for invalid member params
...
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
fd7bb8e656
FIX: Scope the `cn` to the subfolder
2018-06-28 11:03:36 -04:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
7efdccdbc5
FIX: allow staff to remove tags from queued topics
2018-06-26 17:08:40 +05:30
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
ae5d255f83
FIX: Reference example.com instead of somesite.com in examples
...
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
5f86434bf1
DEV: make tests less fragile
2018-06-14 18:31:07 +10:00
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
4a9dadb646
Add test case for topic embed CSS
2018-06-13 16:22:54 +10:00
249a256cd2
Fix build
2018-06-11 09:12:28 +03:00
77f1cdf20e
REFACTOR: admin backups controller specs to requests ( #5953 )
2018-06-11 13:26:24 +08:00
1dbe13886f
REFACTOR: admin site texts controller specs to requests ( #5958 )
2018-06-11 12:59:21 +08:00
4f06d6078b
REFACTOR: admin themes controller specs to requests ( #5954 )
2018-06-11 12:54:16 +08:00
1fe092da0a
REFACTOR: admin badges controller specs to requests ( #5960 )
2018-06-11 12:50:56 +08:00
bf8d392a51
REFACTOR: admin user fields controller specs to requests ( #5961 )
2018-06-11 12:50:21 +08:00
4c8939d530
REFACTOR: admin email controller specs to requests ( #5962 )
2018-06-11 12:50:08 +08:00
c0776884dd
REFACTOR: admin reports controller specs to requests ( #5963 )
2018-06-11 12:49:28 +08:00
da94eaa81d
REFACTOR: admin color schemes controller specs to requests ( #5964 )
2018-06-11 12:48:58 +08:00
767f022b29
REFACTOR: admin screened ip addresses controller specs to requests ( #5965 )
2018-06-11 12:48:34 +08:00
93b1386fb2
REFACTOR: admin site settings controller specs to requests ( #5966 )
2018-06-11 12:48:09 +08:00
325f975ed3
REFACTOR: admin dashboard controller specs to requests ( #5967 )
2018-06-11 12:47:42 +08:00
a4574cf2ca
REFACTOR: admin webhooks controller specs to requests ( #5969 )
2018-06-11 12:47:29 +08:00
a914ec28fc
REFACTOR: admin impersonate controller specs to requests ( #5968 )
2018-06-11 12:47:14 +08:00
d22b552c9b
REFACTOR: admin emojis controller specs to requests ( #5974 )
2018-06-11 12:39:31 +08:00
12b1687e1f
REFACTOR: admin permalinks controller specs to requests ( #5970 )
2018-06-11 12:37:21 +08:00
37c84451ed
REFACTOR: admin staff action logs controller specs to requests ( #5971 )
2018-06-11 12:37:06 +08:00
65241c6778
REFACTOR: admin api controller specs to requests ( #5972 )
2018-06-11 12:35:45 +08:00
2c8a9d36af
REFACTOR: admin versions controller specs to requests ( #5973 )
2018-06-11 12:35:05 +08:00
237559c76f
REFACTOR: admin screened emails controller specs to requests ( #5975 )
2018-06-11 12:33:54 +08:00
f30c2dacb2
REFACTOR: admin screened urls controller specs to requests ( #5976 )
2018-06-11 12:33:38 +08:00
63b2207065
REFACTOR: admin plugins controller specs to requests ( #5977 )
2018-06-11 12:33:07 +08:00
c6fe082fe4
REFACTOR: admin controller specs to requests ( #5978 )
2018-06-11 12:32:55 +08:00
4ac7be1d1c
REFACTOR: admin embeddable hosts controller specs to requests ( #5979 )
2018-06-11 12:32:13 +08:00
062aecd239
REFACTOR: admin embedding controller specs to requests ( #5980 )
2018-06-11 12:31:58 +08:00
f5ad0022f7
REFACTOR: admin users controller specs to requests ( #5946 )
2018-06-08 12:42:06 +08:00
3a8f69c3d2
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 16:11:09 +08:00
1e805cfd3e
REFACTOR: composer messages controller specs to requests ( #5940 )
2018-06-07 13:51:52 +08:00
c6c1ef71c1
REFACTOR: inline onebox controller specs to requests
2018-06-07 13:11:45 +08:00
30be1b0d2b
REFACTOR: category hashtags controller specs to requests ( #5936 )
2018-06-07 13:09:23 +08:00
9975f9751e
REFACTOR: metadata controller specs to requests ( #5935 )
2018-06-07 13:08:28 +08:00
1957cb541b
REFACTOR: permalinks controller specs to requests ( #5934 )
2018-06-07 13:08:13 +08:00
f2a5a84f0b
REFACTOR: similar topics controller specs to requests ( #5933 )
2018-06-07 13:07:53 +08:00
37829a521a
REFACTOR: stylesheets controller specs to requests
2018-06-07 13:06:32 +08:00
a8d33603f9
REFACTOR: export CSV controller specs to requests
2018-06-07 13:02:02 +08:00
0124209a96
REFACTOR: site controller specs to requests
2018-06-07 12:58:33 +08:00
3c96ee4b6f
REFACTOR: clicks controller specs to requests ( #5929 )
2018-06-07 12:57:29 +08:00
2688cc6241
REFACTOR: post action users controller specs to requests
2018-06-07 12:55:01 +08:00
e2e566214d
REFACTOR: user avatars controller spec to requests
2018-06-07 12:53:33 +08:00
Maja Komel
Kyle Zhao
Guo Xiang Tan
Sam
Bianca Nenciu
Blake Erickson
Gerhard Schlager
Robin Ward
Joffrey JAFFEUX
Vinoth Kannan
pmusaraj
Neil Lalonde
David Taylor
Raul Tambre
Osama Sayegh
James Kiesel
Misaka 0x4e21
Régis Hanol
Leo McArdle
Jordan Seanor
Arpit Jalan
Michael Brown
Rafael dos Santos Silva