Commit Graph

205 Commits

Author SHA1 Message Date
Sam
e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Guo Xiang Tan
81d333289e FIX: Return 503 when in readonly mode. 2016-12-07 14:04:42 +08:00
Sam
1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam
c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Guo Xiang Tan
d95fbd89d0 Enable miniprofiler in development automatically. 2016-11-29 10:59:10 +08:00
Sam
63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Neil Lalonde
600b23c0a4 FIX: permalink redirects should work on tag paths 2016-10-04 12:01:42 -04:00
Rafael dos Santos Silva
c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Robin Ward
7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Sam
75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Sam
eaf87f0770 FIX: correctly handle api key so it uses current user provider 2016-08-26 10:39:13 +10:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Guo Xiang Tan
5fed886c8f FIX: Update post replies when we move posts. (#4324) 2016-07-13 17:34:21 +02:00
Guo Xiang Tan
e221414935
PERF: Remove N+1 queries on user messages page. 2016-06-29 09:30:54 +08:00
James Cook
c0e25b5a9a Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
improvement
2016-06-10 22:08:37 -05:00
Robin Ward
4180e207c3 FIX: Crazy large ids should not raise exceptions 2016-03-23 12:13:47 -04:00
Sam
84d234a98a Merge pull request #4076 from scossar/locale-from-header-setting
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
Robin Ward
06591022fe FEATURE: Generous badge 2016-03-15 16:08:29 -04:00
scossar
0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Sam Saffron
7598037080 Only pull in gem if it is being used, remove middleware 2016-03-04 23:17:14 +11:00
Régis Hanol
1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Sam
610954ecce Merge pull request #4035 from tgxworld/dont_return_500_when_plugin_is_disabled
Return 404 instead 500 when plugin is disabled.
2016-02-27 16:55:50 +11:00
scossar
0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Guo Xiang Tan
a3fa80847e Return 404 instead 500 when plugin is disabled. 2016-02-24 17:09:30 +08:00
Arpit Jalan
d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Sam
4c0a40f2b0 FIX: publish notification state when notifications are read
(this clears green and blue bubbles)
2016-02-22 12:24:51 +11:00
Sam
dd6ebde824 FIX: Always ensure notifications are treated as read once clicked
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries

- Add feature "SetTransientHeader" that allows shipping info to server
   in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Régis Hanol
825a01cec3 fix the build 2016-01-15 12:34:28 +01:00
Régis Hanol
c9c6b09f36 FIX: allow staff members to edit staged users preferences 2016-01-15 12:16:00 +01:00
Faisal Abbas
f2480aa81f FIX: When 410 is received, display proper error message instead of generic. 2015-12-30 17:18:32 +05:00
Robin Ward
d1ebb9d0b5 FIX: I18n Fallbacks were not applying correctly 2015-12-23 12:09:18 -05:00
Robin Ward
de88be2fbc Support for "Only show overridden" in site text customization 2015-11-30 15:25:08 -05:00
Régis Hanol
16b3d26d7b allow staff members to view staged accounts user card/profile 2015-11-27 20:02:24 +01:00
Robin Ward
1506eba28d Support for overriding client side translation keys 2015-11-20 17:14:01 -05:00
Robin Ward
3720783c1b Refactor to our own Discourse I18n backend
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
Arpit Jalan
106cb9874a FIX: show 404 page when user is logged out and navigates to private message 2015-10-30 17:41:55 +05:30
Robin Ward
db5379508e FIX: Don't show an anonymous cache if there is a flash 2015-10-28 15:12:05 -04:00
Sam
6f43b575a8 FEATURE: no need to cap new and unread together anymore
- leave unread alone
- cap new at 500 per site, with a site setting
2015-10-01 17:17:15 +10:00
Robin Ward
3620c8c85e Move descriptions for rate limiting errors into the exception 2015-09-24 13:52:46 -04:00
Sam
335be272ff FEATURE: implement capping of new/unread
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread

This dynamic capping is applied under 2 conditions:

1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items

2. Unread capping is applied if a user hits max_tracked_new_unread,
  meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread

This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
Dan Singerman
8055d065f2 Refactor ApplicationController#redirect_to_login_if_required to use session for SSO 2015-08-11 16:48:55 +01:00
Robin Ward
9911e92e24 Merge pull request #3609 from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Arpit Jalan
d6069e8c90 UX: fix container layout 2015-07-28 13:58:30 +05:30
Sam
4491813d22 Revert "Revert "PERF: optimise query that gathers topic tracking state""
This reverts commit 909be09f1a.
2015-07-21 21:48:07 +10:00
Sam
909be09f1a Revert "PERF: optimise query that gathers topic tracking state"
This reverts commit 343e417a55.
2015-07-21 17:35:50 +10:00
Sam
343e417a55 PERF: optimise query that gathers topic tracking state
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
Kane York
ecfa17b5a7 FEATURE: Localization fallbacks (server-side)
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.

The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00