IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-01 13:09:33 -06:00
Code Issues Packages Projects Releases Wiki Activity
30,250 Commits 222 Branches 500 Tags 907 MiB
e6b3310577
Commit Graph

354 Commits

Author SHA1 Message Date
Sam
e6b3310577 FIX: never redirect back to /sso it will cause a loop 
If for any reason our return url is set to `/sso` bypass using it
for login redirect
 2018-11-09 14:27:36 +11:00
Sam
15991677d4 FIX: ensure we never cache login redirects by mistake 2018-11-09 11:14:35 +11:00
Sam
d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes 
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
 2018-11-02 16:39:47 +11:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored 
Display the percentage when reviewing flags.
 2018-11-01 09:59:50 -04:00
Sam
ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam
aa044623bd FIX: do not create superflous sessions when logged on 
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
 2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Blake Erickson
589e3fcaa0 FIX: return 400 for missing required params (#6546) 
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
 2018-10-31 13:02:48 +11:00
Bianca Nenciu
e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482) 
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
 2018-10-30 22:08:57 +00:00
Rafael dos Santos Silva
2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
8e274f7296 UX: bumps the user-api-key version to 3 (#6526) 
* UX: bumps the user-api-key version to 3

* fix spec
 2018-10-25 09:46:34 +00:00
Régis Hanol
addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514) 
do not register new MIME type, parse raw body instead
 2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
David Taylor
3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)" 
This reverts commit fb8231077a.
 2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512) 
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
 2018-10-19 13:44:43 +01:00
Blake Erickson
f1ba981ae9 Improve add user to group spec for uppercase usernames 
Oops forgot to check for this. See previous commit for more details.
 2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf FIX: lowercase username for add/rem group members 
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
 2018-10-18 13:17:24 -06:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Arpit Jalan
42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider 
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
 2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447) 
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
 2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3. 
This reverts commit 3c59106bac.
 2018-10-15 09:43:31 +08:00
Sam
a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472) 
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
 2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06 FEATURE: Allow bulk removing users from a group 
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
 2018-10-11 15:30:54 -06:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3." 
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
 2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile 
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
 2018-10-10 17:34:33 -04:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335) 
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
 2018-10-09 22:21:41 +08:00
Gerhard Schlager
2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Sam
5b630f3188 FIX: stop logging every time invalid params are sent 
Previously we were logging warning for invalid encoded params, this can
cause a log flood
 2018-10-05 14:33:19 +10:00
Vinoth Kannan
ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
Kyle Zhao
819f090d6a move large blobs out of <head> (#6428) 
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
 2018-09-28 17:28:33 +08:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417) 
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
 2018-09-19 22:33:10 -07:00
Vinoth Kannan
9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Guo Xiang Tan
f2fbf1fdb0 DEV: Basic specs for TagGroupsController. 2018-09-18 08:22:03 +08:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes 
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
 2018-09-17 15:08:39 +10:00
pmusaraj
7f05af5995 cleanup 2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec better test name 2018-09-12 11:09:30 -04:00