Commit graph

140 commits

Author SHA1 Message Date
Neil Lalonde
a86b35c873 Remove the access_password site setting 2013-06-25 15:05:25 -04:00
Dmitriy Budnik
2722029d38 stylistic refactorings
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
Vipul A M
1884dc8d3f fake_success_reponse => fake_success_response 2013-06-21 01:17:35 +05:30
Chris Hunt
09d3800701 Move 'dynamic favicon' from Server to User pref 2013-06-14 23:58:24 -07:00
Chris Hunt
41b0692543 Show 'waiting approval' and don't send email
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Robin Ward
bac03a3369 Merge pull request #975 from jd-erreape/username_refactor
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
Juan de Dios Herrero
96d23ddd8d Refactored user_name suggestion methods into a module to reduce the complexity of User model 2013-06-06 16:40:10 +02:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Sam
913a607528 need to punch through account creation stuff 2013-06-05 14:01:24 +10:00
Sam
2dfba8d6de we need to be able to do username checks for registration to work 2013-06-05 12:50:42 +10:00
Robin Ward
0f296cd42b Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now. 2013-05-22 12:06:37 -04:00
Sam
42494b5bb1 we can't trust CSRF for anon the way it is designed.
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
Jonathan Roes
057b4768e6 strip whitespace when changing e-mail addresses
Fixes #778.
2013-04-27 23:03:06 -04:00
Régis Hanol
b24c1a1ad9 better consistency around email case sensitivity 2013-04-15 02:20:33 +02:00
Philipp Weissensteiner
3dcb1905e3 Refactor user controller, create action, mostly.
The gist of the commit are a few improvements in the
create action, where:

* long boolean statemenst have been wrapped in smaller more readable
  methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
  visual clutter)
* specs have been added where I came across untested methods/branches

Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Sam
0f362c5474 this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save 2013-04-12 10:07:58 +10:00
Robin Ward
738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Sarah Vessels
54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Sam
38f185355d added options to disable quoting and open links in new tabs
fixed a some regressions
removed some dead code
fixed messages about constants being re-defined
2013-03-12 20:06:58 -07:00
Robin Ward
d1d4530efd User Profile enhancements:
- Added PreloadStore support to avoid duplicate requests
- preliminary SEO
- Support for opengraph/twitter cards
2013-03-08 15:04:37 -05:00
Neil Lalonde
2ebe0336ae On signup, handle duplicate key errors on email and username better 2013-03-07 14:56:55 -05:00
Régis Hanol
239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich
d2f3c829db refactor User and TrustLevel a bit
* rename `User#password_required` to `User#password_required!`
* emails with "i" @ something are a special case as well
* get rid of `self.` and returns where possible
* prefer "unless a" instead of "if !a"
* `unread_notifications` without manually iterating
* introduce `User#moderator?`
* introduce `TrustLevel#valid_key?`, `TrustLevel#compare`, and
  `TrustLevel#level_key`
2013-02-28 19:15:54 +03:00
nverba
b45f872c04 Added Github authentication option, disabled by default with enable options in settings. 2013-02-26 05:00:21 +00:00
Neil Lalonde
ff3e012034 Add a link that allows you to send activation email again 2013-02-22 11:49:58 -05:00
Neil Lalonde
39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Sam Saffron
87d83802b9 added option that allows users to decide when they consider topics new (default 2 days old or newer)
added site_setting to control the default new_topic_duration_minutes
added 10 minutes option for auto_track_topics_after_msecs, default bumped up to 5 mins
2013-02-14 17:36:14 +11:00
Neil Lalonde
4e9d9138d6 Fix broken signup with Twitter 2013-02-12 20:50:31 -05:00
Neil Lalonde
824b09389f Don't allow signups without a password 2013-02-12 15:42:16 -05:00
Neil Lalonde
ce7088f081 check_username api now returns correct error message for invalid lengths etc 2013-02-08 14:12:48 -05:00
Cyril Mougel
84191802df Extract the validation of Username format in own class to avoid
complexity in user model object
2013-02-08 12:54:47 -05:00
Neil Lalonde
79dfccf717 Username validation in signup and username change forms 2013-02-07 18:23:52 -05:00
Mike Moore
e41b6537f9 Remove expectation of term case 2013-02-07 09:35:38 -07:00
Mike Moore
5b01ac9288 Return User objects instead of hashes 2013-02-07 09:35:38 -07:00
Mike Moore
972b9d735c Extract search logic to UserSearch model 2013-02-07 09:35:38 -07:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Neil Lalonde
471c61fd69 Add honeypot and challenge to signup form 2013-02-06 19:25:36 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00