Commit Graph

352 Commits

Author SHA1 Message Date
Blake Erickson
e9e88c9b82 Remove legacy avatar code
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf Have pick_avatar return json.
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Régis Hanol
07211489f0 FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page 2014-11-27 19:51:13 +01:00
Régis Hanol
7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Robin Ward
c9eb809dad FIX: The text to users who signed up when approval was required was
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol
865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Robin Ward
71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Régis Hanol
10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Robin Ward
4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward
f9a8f6d6ce FEATURE: Support for a required setting on user fields. 2014-10-08 15:10:19 -04:00
Sam
0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Robin Ward
381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Arpit Jalan
41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Robin Ward
be93f224a6 Revert "add user email on account created page"
This reverts commit 164fc1108a.
2014-10-01 10:30:26 -04:00
Arpit Jalan
164fc1108a add user email on account created page 2014-10-01 13:53:50 +05:30
Robin Ward
edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Régis Hanol
7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Sam
a901d682fe raise not found if user is not found 2014-09-25 17:45:45 +10:00
Sam
8f8ea735ee FIX: allow retry activation of account by username or password 2014-09-25 17:42:48 +10:00
Arpit Jalan
b3838c2c1c Trigger browser password manager after sigining up 2014-09-24 01:04:36 +05:30
Sam
7a4082cbad FIX: allow API to create users when invite_only is true 2014-09-23 09:06:19 +10:00
Neil Lalonde
c4e285f3ec SECURITY: rate limit change email requests 2014-09-18 10:48:56 -04:00
riking
2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward
56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward
c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Robin Ward
ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Arpit Jalan
4cd8abc905 FEATURE: dynamically load invites 2014-08-05 22:20:23 +05:30
Neil Lalonde
939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward
4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
riking
915f60b0fc Don't redirect to login when activating account... 2014-07-15 10:50:28 -07:00
Neil Lalonde
766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward
cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Sam
4a2cc269ab FIX: allow selection of no title 2014-07-14 18:07:07 +10:00
Sam
833c50c460 FEATURE: Read Faq badge 2014-07-11 17:32:29 +10:00
Sam
9a9ad9bda8 FEATURE: Badge progress
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam
5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward
9000c358d1 REFACTOR: Use common path for RESTful DELETE action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward
4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Andrew Bezzub
386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
riking
6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam
91b6459f2b BUGFIX: allow users to pick no avatar 2014-05-30 14:45:55 +10:00
Sam
5adc486cef BUGFIX: missing avatars in topic map
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam
504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Neil Lalonde
6e0eb89697 Don't show suspended users in autocomplete fields unless you are staff 2014-05-13 11:44:15 -04:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
f61f29439e Track the ip address where user was registered 2014-04-29 14:37:56 -04:00
Vikhyat Korrapati
b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Régis Hanol
64b8f2f759 TRIVIAL: remove puts statement (cc. @eviltrout) 2014-04-21 23:00:13 +02:00
Robin Ward
b9ca124756 Support for /my/preferences to automatically redirect to the logged in
user.
2014-04-21 11:52:11 -04:00
Vikhyat Korrapati
8113e8d897 Basic UI for selecting gold/silver badges as titles. 2014-04-18 09:20:51 +05:30
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam
be06156629 SECURITY: when enabled_local_logins is false users could log in via API
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Sam
619fa50d4b BUGFIX: twitter auth asking for a password 2014-03-20 14:49:25 +11:00
Neil Lalonde
9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Johan Jatko
98c479c3c4 FEATURE: Profile Backgrounds
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Neil Lalonde
8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Leonard Teo
c13aa8852b Whitelist :active param so that we can automatically create users that are active via API 2014-02-04 15:40:30 -05:00
Neil Lalonde
da825451d0 Invite link can't be used to log in after you set a password or sign in with 3rd party 2014-01-21 16:56:41 -05:00
Benjamin Kampmann
c743a985a4 Allow groups to be used as aliases for user mention
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
Neil Lalonde
854d9c8fc6 Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:47 -05:00
Sam
05a3c8090f Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
Neil Lalonde
561961eff6 FIX: can grant titles to regular users. Guardian initializer needs current_user, not the target user. 2013-12-10 12:46:35 -05:00
Scott Albertson
51eff92170 Refactor UsersController#create
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde
981d8f6aea Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing... 2013-11-19 14:15:28 -05:00
Robin Ward
32a3da86da Merge pull request #1640 from salbertson/sa-refactor-users-controller-invites
Refactor UsersController#invited
2013-11-12 08:18:52 -08:00
Scott Albertson
77b59b54ce Refactor UsersController#invited
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
railsaholic
58f78e9001 Refactor Users#upload_avatar method
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```

Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
Sam
3473734af0 FIX: bust broken password 2013-11-11 22:28:26 +11:00
sirMackk
af67284995 User ctrl refactor - breaks up large methods, moves some logic into model
Includes missing methods from backup for travis to pass

fix missing code, failing specs

keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Scott Albertson
72bfa4471f Move logic for updating a user into a service class 2013-11-07 08:39:39 -08:00
Robin Ward
25ef66c60b User invites page now has search, displays first invites_shown records 2013-11-05 17:53:26 -05:00
Robin Ward
3d6d7c8abe SiteSetting to hide regular names from users 2013-10-30 15:45:34 -04:00
Régis Hanol
9b2f821012 Merge pull request #1512 from ScotterC/avatar-from-url
Build out a URI Adapter to allow uploading an avatar via a url
2013-10-21 13:17:37 -07:00
Robin Ward
2308784713 Merge pull request #1543 from railsaholic/small_users_controller_refactoring
refactor UsersController to reduce complexity
2013-10-21 12:21:03 -07:00
Scott Carleton
cbef844a57 Build out a URI Adapter to allow uploading an avatar via a url
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
Neil Lalonde
648b11a0eb Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:50:18 -04:00
Manoj
868e4ffe6d refactor UsersController to reduce complexity
Refactored: UsersController#create
2013-10-19 15:18:11 +05:30
dbarbera
9106596a9a add image authorization on upload_avatar 2013-10-12 14:11:44 +02:00
Régis Hanol
23bf4436f5 FIX: avatar was attached to the user who uploaded it... 2013-10-12 10:55:41 +02:00
Sam
7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam
f0a122a66c move job files so they live underneath app/ and not in lib/
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
Matthieu Guillemot
3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Einar Jonsson
724b3aadcf Extracted nickname registration out of the UsersController and into its
own service.
2013-09-09 09:26:50 +00:00
Einar Jonsson
9085cec232 Move json hash from users controller to NicknameUnavailable 2013-08-26 15:00:11 +00:00
Sam
afd1a3ac7b yeah ... we should be installing the gem :) 2013-08-26 13:52:15 +10:00
Sam
b52aba15e0 major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-26 12:59:17 +10:00
Sam
90dddb4395 store honeypot challenge in redis for extra security 2013-08-26 12:55:13 +10:00
Sam
c4a2e62a95 Merge pull request #1378 from justin808/justin808_cc
Lower Complexity of UsersController
2013-08-25 17:14:39 -07:00
Einar Jonsson
0d22a77c63 Added test case for nickname registration failure
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Robin Ward
b32e87c929 Merge pull request #1377 from ZogStriP/avatar-work
Improved specs for avatar + added a warning whenever the uploaded image is not a square
2013-08-25 07:30:34 -07:00
Justin Gordon
464595df5c Lower Complexity of UsersController
https://codeclimate.com/github/discourse/discourse/UsersController#method-complexity
2013-08-24 22:57:12 -10:00
Régis Hanol
3b9e62e6b9 improved specs for avatar 2013-08-24 22:45:05 +02:00
Einar Jonsson
84987cd835 Extracted nickname registration into a private controller method 2013-08-23 09:46:33 +00:00
Einar Jonsson
916a3f33f2 Refactored user activation business logic out of UsersController and
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Michael Kirk
4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol
ea6e73076b change your avatar in a modal 2013-08-17 00:35:29 +02:00
Robin Ward
aec929b184 Screw it, don't choose columns. 2013-08-14 12:26:31 -04:00
Robin Ward
a05ffafd4c FIX: Direct link to Avatar 2013-08-14 12:22:44 -04:00
Régis Hanol
4866f4d8f5 FIX: N+1 query for avatars 2013-08-14 15:25:05 +02:00
Régis Hanol
3524b90d6a FIX: avatars in quotes/oneboxes
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol
c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Neil Lalonde
b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde
16cd3e2a53 Fix to allow admins to change the case of a someone's username 2013-07-30 16:48:45 -04:00
Neil Lalonde
5f8a130277 Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-29 15:29:43 -04:00
Robin Ward
0e504aac9b FIX: You can reset your password even if logins are required. 2013-07-15 12:12:54 -04:00
Neil Lalonde
a352b70bfc Permit changing my own username's case without an error saying it is already taken 2013-06-28 16:21:46 -04:00
Sam
4b56aa8183 Merge pull request #1089 from budnik/minor_refactorings
Some refactorings
2013-06-25 17:29:51 -07:00
Neil Lalonde
b2d300fe0b Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer. 2013-06-25 18:39:20 -04:00
Neil Lalonde
a86b35c873 Remove the access_password site setting 2013-06-25 15:05:25 -04:00
Dmitriy Budnik
2722029d38 stylistic refactorings
w/ less syntactic sugar
2013-06-25 18:23:23 +03:00
Vipul A M
1884dc8d3f fake_success_reponse => fake_success_response 2013-06-21 01:17:35 +05:30
Chris Hunt
09d3800701 Move 'dynamic favicon' from Server to User pref 2013-06-14 23:58:24 -07:00
Chris Hunt
41b0692543 Show 'waiting approval' and don't send email
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Robin Ward
bac03a3369 Merge pull request #975 from jd-erreape/username_refactor
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
Juan de Dios Herrero
96d23ddd8d Refactored user_name suggestion methods into a module to reduce the complexity of User model 2013-06-06 16:40:10 +02:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Sam
913a607528 need to punch through account creation stuff 2013-06-05 14:01:24 +10:00
Sam
2dfba8d6de we need to be able to do username checks for registration to work 2013-06-05 12:50:42 +10:00
Robin Ward
0f296cd42b Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now. 2013-05-22 12:06:37 -04:00
Sam
42494b5bb1 we can't trust CSRF for anon the way it is designed.
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
Jonathan Roes
057b4768e6 strip whitespace when changing e-mail addresses
Fixes #778.
2013-04-27 23:03:06 -04:00
Régis Hanol
b24c1a1ad9 better consistency around email case sensitivity 2013-04-15 02:20:33 +02:00
Philipp Weissensteiner
3dcb1905e3 Refactor user controller, create action, mostly.
The gist of the commit are a few improvements in the
create action, where:

* long boolean statemenst have been wrapped in smaller more readable
  methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
  visual clutter)
* specs have been added where I came across untested methods/branches

Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Sam
0f362c5474 this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save 2013-04-12 10:07:58 +10:00
Robin Ward
738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Sarah Vessels
54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Sam
38f185355d added options to disable quoting and open links in new tabs
fixed a some regressions
removed some dead code
fixed messages about constants being re-defined
2013-03-12 20:06:58 -07:00
Robin Ward
d1d4530efd User Profile enhancements:
- Added PreloadStore support to avoid duplicate requests
- preliminary SEO
- Support for opengraph/twitter cards
2013-03-08 15:04:37 -05:00
Neil Lalonde
2ebe0336ae On signup, handle duplicate key errors on email and username better 2013-03-07 14:56:55 -05:00
Régis Hanol
239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich
d2f3c829db refactor User and TrustLevel a bit
* rename `User#password_required` to `User#password_required!`
* emails with "i" @ something are a special case as well
* get rid of `self.` and returns where possible
* prefer "unless a" instead of "if !a"
* `unread_notifications` without manually iterating
* introduce `User#moderator?`
* introduce `TrustLevel#valid_key?`, `TrustLevel#compare`, and
  `TrustLevel#level_key`
2013-02-28 19:15:54 +03:00
nverba
b45f872c04 Added Github authentication option, disabled by default with enable options in settings. 2013-02-26 05:00:21 +00:00
Neil Lalonde
ff3e012034 Add a link that allows you to send activation email again 2013-02-22 11:49:58 -05:00
Neil Lalonde
39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Sam Saffron
87d83802b9 added option that allows users to decide when they consider topics new (default 2 days old or newer)
added site_setting to control the default new_topic_duration_minutes
added 10 minutes option for auto_track_topics_after_msecs, default bumped up to 5 mins
2013-02-14 17:36:14 +11:00
Neil Lalonde
4e9d9138d6 Fix broken signup with Twitter 2013-02-12 20:50:31 -05:00
Neil Lalonde
824b09389f Don't allow signups without a password 2013-02-12 15:42:16 -05:00
Neil Lalonde
ce7088f081 check_username api now returns correct error message for invalid lengths etc 2013-02-08 14:12:48 -05:00
Cyril Mougel
84191802df Extract the validation of Username format in own class to avoid
complexity in user model object
2013-02-08 12:54:47 -05:00
Neil Lalonde
79dfccf717 Username validation in signup and username change forms 2013-02-07 18:23:52 -05:00
Mike Moore
e41b6537f9 Remove expectation of term case 2013-02-07 09:35:38 -07:00
Mike Moore
5b01ac9288 Return User objects instead of hashes 2013-02-07 09:35:38 -07:00
Mike Moore
972b9d735c Extract search logic to UserSearch model 2013-02-07 09:35:38 -07:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Neil Lalonde
471c61fd69 Add honeypot and challenge to signup form 2013-02-06 19:25:36 -05:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00