Commit graph

455 commits

Author SHA1 Message Date
Sam
c4a0152dc6 recover from bad CSRF tokens without requiring a hard refresh of the browser 2013-08-27 15:56:12 +10:00
Einar Jonsson
9085cec232 Move json hash from users controller to NicknameUnavailable 2013-08-26 15:00:11 +00:00
Sam
afd1a3ac7b yeah ... we should be installing the gem :) 2013-08-26 13:52:15 +10:00
Sam
213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam
b52aba15e0 major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-26 12:59:17 +10:00
Sam
90dddb4395 store honeypot challenge in redis for extra security 2013-08-26 12:55:13 +10:00
Sam
c4a2e62a95 Merge pull request #1378 from justin808/justin808_cc
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
Einar Jonsson
0d22a77c63 Added test case for nickname registration failure
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Robin Ward
b32e87c929 Merge pull request #1377 from ZogStriP/avatar-work
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
Robin Ward
b74754e673 Merge pull request #1371 from einarj/cleanup_user_registration
Extracted nickname registration into a private controller method
2013-08-25 07:30:10 -07:00
Robin Ward
e1efde6707 Merge pull request #1376 from gcapizzi/lists_controller_refactoring
ListController refactoring
2013-08-25 07:29:35 -07:00
Justin Gordon
464595df5c Lower Complexity of UsersController
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
Robin Ward
c0b051c9f6 Show Private Messages pill as a topic list rather than individual messages. 2013-08-24 16:58:16 -04:00
Régis Hanol
3b9e62e6b9 improved specs for avatar 2013-08-24 22:45:05 +02:00
Giuseppe Capizzi
6f19cb7252 Extract ListController#list_target_user 2013-08-24 19:38:02 +02:00
Einar Jonsson
84987cd835 Extracted nickname registration into a private controller method 2013-08-23 09:46:33 +00:00
Neil Lalonde
86012ac579 Fix a case when the wrong topic is loaded because the slug starts with a number 2013-08-22 16:23:46 -04:00
Sam
d7596840e5 only staff should be able to see bookmarks and favs of other users
ensure that when they click on them they see the correct topics (topics for user they are looking at, not current user)
2013-08-22 09:18:54 +10:00
Neil Lalonde
47add6da70 Log when a site customization is deleted 2013-08-21 12:33:24 -04:00
Neil Lalonde
a95303fcd8 Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 12:33:24 -04:00
Einar Jonsson
916a3f33f2 Refactored user activation business logic out of UsersController and
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Neil Lalonde
3abeb5f793 Staff action logs can be filtered to changes of one site setting 2013-08-20 13:50:51 -04:00
Sam
df2b0b47bd Merge pull request #1360 from michaelkirk/feature/oauth2
not recording Oauth2 user email
2013-08-19 14:57:05 -07:00
Neil Lalonde
1d030666d8 Log site setting changes and show in admin 2013-08-19 16:58:38 -04:00
Michael Kirk
9e8d8870f5 fixed: record Oauth2 user email 2013-08-19 11:21:27 -07:00
Sam
a9393e4a7a paging for flag list
corrected reload behavior on flag list
refactored post actions ... extracted flag queries
2013-08-19 21:14:26 +10:00
Michael Kirk
4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol
ea6e73076b change your avatar in a modal 2013-08-17 00:35:29 +02:00
Neil Lalonde
b6285b85d2 Add reject option to pending users page 2013-08-16 11:42:43 -04:00
Neil Lalonde
293361dcd3 Screened URLs list in admin 2013-08-15 10:52:26 -04:00
Sam
11dca1fd92 make code climate a bit happier 2013-08-06 06:25:44 +10:00
Neil Lalonde
86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Robin Ward
aec929b184 Screw it, don't choose columns. 2013-08-14 12:26:31 -04:00
Robin Ward
a05ffafd4c FIX: Direct link to Avatar 2013-08-14 12:22:44 -04:00
Robin Ward
479ca86713 FIX: Don't select columns if we don't have to. 2013-08-14 12:18:54 -04:00
Robin Ward
6793cba4ae FIX: Displaying actions 2013-08-14 12:04:35 -04:00
Régis Hanol
4866f4d8f5 FIX: N+1 query for avatars 2013-08-14 15:25:05 +02:00
Régis Hanol
3524b90d6a FIX: avatars in quotes/oneboxes
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol
c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Neil Lalonde
b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde
bb492eb8bf Add filtering to staff logs page 2013-08-09 16:59:05 -04:00
Neil Lalonde
90a3bcf6ff Add filter by action to staff logs page 2013-08-09 10:06:59 -04:00
Neil Lalonde
33bddbff85 Use Ember.ListView for staff action logs page 2013-08-09 10:06:58 -04:00
Neil Lalonde
0d44313a4b Use Ember.ListView for blocked emails list 2013-08-09 10:06:58 -04:00
Neil Lalonde
5c8c52482a Add a way to view staff action logs in admin 2013-08-07 16:27:34 -04:00
Neil Lalonde
d2fb6ec53f Blocked Emails list in admin 2013-08-07 16:27:34 -04:00
Robin Ward
1c3804934e Show the entire history of replies above a post when you expend "in reply to" 2013-08-06 17:43:10 -04:00
Neil Lalonde
c74da0d262 Admins who haven't been approved can log in when must_approve_users is enabled 2013-08-06 16:51:29 -04:00
Neil Lalonde
98b58150bb Dashboard calculations are done with an async job now 2013-08-02 18:32:33 -04:00
Sam
803d023e23 Fixed GitHub auth, GitHub can provide us with a valid email - so automatically log in for those cases 2013-08-02 12:16:44 +10:00
Sam
160107a712 working plugin interface for custom openid auth, custom css and custom js 2013-08-01 16:02:43 +10:00
Neil Lalonde
16cd3e2a53 Fix to allow admins to change the case of a someone's username 2013-07-30 16:48:45 -04:00
Neil Lalonde
06140740d0 Version checks: tolerate old version check data that can happen immediately after upgrading but forgetting to restart sidekiq/clockwork. Don't cache version check data along with other dashboard data. 2013-07-30 12:12:04 -04:00
Neil Lalonde
4fd5087f91 Add button to delete a spammer in the flag modal
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde
e076158789 Add ip_address, email, and context to staff_action_logs table. Context should usually be the url from which the staff member performed the action, but could be any string that describes what the staff member was doing when the action was performed. 2013-07-29 15:29:43 -04:00
Neil Lalonde
5f3e9131ed Deleting a user from admin user page has the option to also block signups from the same email address 2013-07-29 15:29:43 -04:00
Neil Lalonde
5f8a130277 Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-29 15:29:43 -04:00
Neil Lalonde
e25638dab0 add a way to delete posts and topics when deleting a user with UserDestroyer 2013-07-29 15:29:43 -04:00
Neil Lalonde
a8df9778b5 Rename AdminLog to StaffActionLog 2013-07-29 15:29:43 -04:00
Sam
22893e203a Merge pull request #1260 from sir-pinecone/reactivate-admin-refresh-btn
Fix auto-group refresh response so that ajax callback runs
2013-07-28 22:22:55 -07:00
Sam
aa6c92922d SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00
Sam
4a20d09523 distributed memoizer added to ensure absolute duplicate posts don't get through
in case of an absolute dupe just return the memoized post

This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Michael Campagnaro
aa7e96c0fa Fix auto-group refresh response so that ajax callback runs 2013-07-26 19:47:32 -04:00
Robin Ward
c28b377494 Don't redirect to arbitrary URLs via link tracker 2013-07-26 12:14:11 -04:00
Robin Ward
0317cf9608 Show topics as a list of topics on the User Stream. 2013-07-25 15:56:20 -04:00
Sam
cb5ce3aab9 Merge pull request #1247 from sir-pinecone/strip-spaces-from-login
Strip leading/trailing spaces from login
2013-07-24 00:16:55 -07:00
Sam
880dd53f48 Merge pull request #1249 from sir-pinecone/strip-spaces-from-group
Strip spaces from group names upon creation
2013-07-24 00:15:53 -07:00
Michael Campagnaro
867ce0310c display group validation errors in alert modal 2013-07-24 00:42:44 -04:00
Michael Campagnaro
b223cdb493 Strip spaces from group names upon creation 2013-07-24 00:00:17 -04:00
Michael Campagnaro
25f8692a79 Strip leading/trailing spaces from login 2013-07-23 23:03:38 -04:00
Régis Hanol
be9217d4c8 add server-side filesize check on uploads 2013-07-24 00:54:41 +02:00
Robin Ward
3ee6e42016 FIX: Server side errors with Topic.similar_to 2013-07-23 10:02:58 -04:00
Sam
9ac6c6e2e9 Merge pull request #1233 from sir-pinecone/improve-group-deletion
Add confirmation modal to admin group deletion
2013-07-23 00:43:06 -07:00
Stephan Kaag
0e3b8fbb24 Remove some calls to all. They are not required, and Rails4 raises warnings about them. 2013-07-22 20:44:11 +02:00
Sam
1f3c5cb656 allow end user to recover a post they delete
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Michael Campagnaro
9616767bff Add confirmation modal to admin group deletion 2013-07-22 02:48:23 -04:00
Sam
0ec1438b9a correct auto track param parsing for WordPress 2013-07-22 15:07:20 +10:00
Sam
acba0ea41e add auto track to permitted params 2013-07-22 15:07:20 +10:00
Sam
c2be81a76e Merge pull request #1199 from ZogStriP/uploads
adds the `max_attachment_size_kb` setting
2013-07-16 23:03:42 -07:00
Sam
06bd9e3234 allow login required screen to be customized 2013-07-16 20:49:04 +10:00
Sam
352ac9e60c Finalize read only and post only categories, finished off UI work 2013-07-16 15:46:11 +10:00
Sam
ecf17cfebb work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-16 15:46:11 +10:00
Sam
c7697bbae2 remove duplicate code 2013-07-16 15:44:38 +10:00
Régis Hanol
5ce05ff5cb adds the max_attachment_size_kb setting
so that we can specify a different max upload size for attachments and images.
2013-07-16 02:01:36 +02:00
Robin Ward
0e504aac9b FIX: You can reset your password even if logins are required. 2013-07-15 12:12:54 -04:00
Robin Ward
6ca5df0a09 Can recover deleted topics. Deleted topics show the first post as deleted in the UI. 2013-07-12 12:09:17 -04:00
Robin Ward
5eaae063f0 Discourse Macro Helpers + Minor Fix to Admin User View 2013-07-11 19:35:52 -04:00
Robin Ward
19c169540c Staff can enter and view deleted topics 2013-07-11 16:39:35 -04:00
Robin Ward
7fd8bb75d9 Merge pull request #1177 from ZogStriP/attachments
Attachments
2013-07-11 06:49:20 -07:00
Sam
1aef6de4b0 automatically approve invited users on forum where moderators must approve (keep in mind only moderators can invite)
speed up specs a touch
allow invite controller to accept an email in absence of user (cleans up API)
2013-07-11 11:22:00 +10:00
Régis Hanol
27ab5f471c support arbitrary attachments 2013-07-10 22:59:53 +02:00
Robin Ward
b7327942af Add deleted_by to Trashable tables 2013-07-09 15:46:36 -04:00
Neil Lalonde
ba7a4e9845 Merge pull request #1165 from novemberkilo/feature/log-trust-level-boosts
Log all changes of user trust level by an admin
2013-07-09 12:16:08 -07:00
Robin Ward
d98f288aa4 FIX: Recovering a deleted post was not updating a topic's statistics 2013-07-09 12:15:55 -04:00
Navin
d77ce23de2 Log all changes of user trust level by an admin 2013-07-08 11:53:22 +02:00
Sam
085e094497 404 if a category does not exist .... 2013-07-08 15:56:13 +10:00
Sam
91238af6f1 correct failing specs 2013-07-08 12:25:38 +10:00
Neil Lalonde
25d2cbc33f Merge branch 'master' of github.com:discourse/discourse 2013-07-05 16:52:27 -04:00
Neil Lalonde
1c0e0da683 Add rss feed for latest and hot 2013-07-05 16:49:06 -04:00
Robin Ward
6cd6484b5e New mode for Wordpress: Filter ONLY posts liked by moderators 2013-07-05 16:07:24 -04:00