Commit graph

406 commits

Author SHA1 Message Date
Neil Lalonde
89265c3a8b FIX: BAD CSRF on login. Don't check csrf in the fake login form since it doesn't actually do anything. 2013-08-27 11:31:14 -04:00
Sam
c4a0152dc6 recover from bad CSRF tokens without requiring a hard refresh of the browser 2013-08-27 15:56:12 +10:00
Einar Jonsson
9085cec232 Move json hash from users controller to NicknameUnavailable 2013-08-26 15:00:11 +00:00
Sam
afd1a3ac7b yeah ... we should be installing the gem :) 2013-08-26 13:52:15 +10:00
Sam
213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam
b52aba15e0 major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-26 12:59:17 +10:00
Sam
90dddb4395 store honeypot challenge in redis for extra security 2013-08-26 12:55:13 +10:00
Sam
c4a2e62a95 Merge pull request #1378 from justin808/justin808_cc
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
Einar Jonsson
0d22a77c63 Added test case for nickname registration failure
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Robin Ward
b32e87c929 Merge pull request #1377 from ZogStriP/avatar-work
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
Robin Ward
b74754e673 Merge pull request #1371 from einarj/cleanup_user_registration
Extracted nickname registration into a private controller method
2013-08-25 07:30:10 -07:00
Robin Ward
e1efde6707 Merge pull request #1376 from gcapizzi/lists_controller_refactoring
ListController refactoring
2013-08-25 07:29:35 -07:00
Justin Gordon
464595df5c Lower Complexity of UsersController
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
Robin Ward
c0b051c9f6 Show Private Messages pill as a topic list rather than individual messages. 2013-08-24 16:58:16 -04:00
Régis Hanol
3b9e62e6b9 improved specs for avatar 2013-08-24 22:45:05 +02:00
Giuseppe Capizzi
6f19cb7252 Extract ListController#list_target_user 2013-08-24 19:38:02 +02:00
Einar Jonsson
84987cd835 Extracted nickname registration into a private controller method 2013-08-23 09:46:33 +00:00
Neil Lalonde
86012ac579 Fix a case when the wrong topic is loaded because the slug starts with a number 2013-08-22 16:23:46 -04:00
Sam
d7596840e5 only staff should be able to see bookmarks and favs of other users
ensure that when they click on them they see the correct topics (topics for user they are looking at, not current user)
2013-08-22 09:18:54 +10:00
Neil Lalonde
47add6da70 Log when a site customization is deleted 2013-08-21 12:33:24 -04:00
Neil Lalonde
a95303fcd8 Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 12:33:24 -04:00
Einar Jonsson
916a3f33f2 Refactored user activation business logic out of UsersController and
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Neil Lalonde
3abeb5f793 Staff action logs can be filtered to changes of one site setting 2013-08-20 13:50:51 -04:00
Sam
df2b0b47bd Merge pull request #1360 from michaelkirk/feature/oauth2
not recording Oauth2 user email
2013-08-19 14:57:05 -07:00
Neil Lalonde
1d030666d8 Log site setting changes and show in admin 2013-08-19 16:58:38 -04:00
Michael Kirk
9e8d8870f5 fixed: record Oauth2 user email 2013-08-19 11:21:27 -07:00
Sam
a9393e4a7a paging for flag list
corrected reload behavior on flag list
refactored post actions ... extracted flag queries
2013-08-19 21:14:26 +10:00
Michael Kirk
4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol
ea6e73076b change your avatar in a modal 2013-08-17 00:35:29 +02:00
Neil Lalonde
b6285b85d2 Add reject option to pending users page 2013-08-16 11:42:43 -04:00
Neil Lalonde
293361dcd3 Screened URLs list in admin 2013-08-15 10:52:26 -04:00
Sam
11dca1fd92 make code climate a bit happier 2013-08-06 06:25:44 +10:00
Neil Lalonde
86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Robin Ward
aec929b184 Screw it, don't choose columns. 2013-08-14 12:26:31 -04:00
Robin Ward
a05ffafd4c FIX: Direct link to Avatar 2013-08-14 12:22:44 -04:00
Robin Ward
479ca86713 FIX: Don't select columns if we don't have to. 2013-08-14 12:18:54 -04:00
Robin Ward
6793cba4ae FIX: Displaying actions 2013-08-14 12:04:35 -04:00
Régis Hanol
4866f4d8f5 FIX: N+1 query for avatars 2013-08-14 15:25:05 +02:00
Régis Hanol
3524b90d6a FIX: avatars in quotes/oneboxes
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol
c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Neil Lalonde
b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde
bb492eb8bf Add filtering to staff logs page 2013-08-09 16:59:05 -04:00
Neil Lalonde
90a3bcf6ff Add filter by action to staff logs page 2013-08-09 10:06:59 -04:00
Neil Lalonde
33bddbff85 Use Ember.ListView for staff action logs page 2013-08-09 10:06:58 -04:00
Neil Lalonde
0d44313a4b Use Ember.ListView for blocked emails list 2013-08-09 10:06:58 -04:00
Neil Lalonde
5c8c52482a Add a way to view staff action logs in admin 2013-08-07 16:27:34 -04:00
Neil Lalonde
d2fb6ec53f Blocked Emails list in admin 2013-08-07 16:27:34 -04:00
Robin Ward
1c3804934e Show the entire history of replies above a post when you expend "in reply to" 2013-08-06 17:43:10 -04:00
Neil Lalonde
c74da0d262 Admins who haven't been approved can log in when must_approve_users is enabled 2013-08-06 16:51:29 -04:00
Neil Lalonde
98b58150bb Dashboard calculations are done with an async job now 2013-08-02 18:32:33 -04:00