Commit Graph

2335 Commits

Author SHA1 Message Date
Sam
f0d5f83424 FEATURE: limit assets less that non asset paths
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward
13eda41ff5 Fix lint errors 2018-03-03 14:34:19 -05:00
Robin Ward
31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Guo Xiang Tan
939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
947b6fdf46 FIX: Incorrect rate limit applied to topics invitation flow. 2018-03-01 12:50:00 +08:00
Guo Xiang Tan
5a462b930d REFACTOR: Prefer exists? over present. 2018-03-01 10:22:41 +08:00
Guo Xiang Tan
c64f09b6b7 REFACTOR: Simplify and DRY Group#invite. 2018-02-26 11:59:07 +08:00
Régis Hanol
0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Sam
a94dc0c731 Revert "FIX: preview theme not working consistently"
This reverts commit 845cec3ba0.
was not a needed change, but was elsewhere
2018-02-23 17:59:00 +11:00
Sam
845cec3ba0 FIX: preview theme not working consistently
Avoid flash, this makes debugging much simpler as well.

Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Maja Komel
76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan
964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Sam
720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Robin Ward
83d8fa2892 FIX: Allow customized usernames to work in this route
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan
b16471edfb FIX: Invalid token error incorrectly displayed on email login page. 2018-02-21 15:46:53 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Régis Hanol
60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Robin Ward
02093ecbdd Extensibility: Allow plugins to munge user params 2018-02-16 19:12:02 -05:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Guo Xiang Tan
96e5a7da46 Prefer success_Json over custom success JSON payload. 2018-02-15 07:47:35 +08:00
Robin Ward
a3e5a31674 FIX: Allow 404 pages to use the current theme 2018-02-14 15:29:01 -05:00
Sam
38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward
7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Guo Xiang Tan
f9280617d0 Remove redundant comment. 2018-02-13 15:58:13 +08:00
Muhlis Cahyono
cc3cf6588b FEATURE: Notification API Endpoints for Admins
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Sam
b34b1b6fe3 FIX: invite to message was not allowing groups
Previously we were incorrectly checking mentionable instead of messageable

Also fix edge case where multiple groups sharing a name mean that exact match override is not working

Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
Robin Ward
569e57f0a9 FIX: Delete the invalid auth cookie even if you hit the rate limit 2018-02-09 19:09:54 -05:00
Gerhard Schlager
8765279c90 FIX: Customizing site texts ignored current locale for _MF keys 2018-02-07 16:57:08 +01:00
Robin Ward
8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Neil Lalonde
9fa71e198e FIX: admin reports charts should use same time of day as dashboard numbers 2018-02-01 15:59:39 -05:00
Sam
41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
2d340d1122 FIX: Don't allow username update via update route
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol
e2d82b882e FIX: redirect to original URL after social login 2018-01-26 18:52:27 +01:00
Gerhard Schlager
683be5e555 FIX: Application should not crash when selected locale is missing 2018-01-25 14:57:41 +01:00
Sam
2437b0d531 FIX: regression, missing 404 page 2018-01-23 09:00:28 +11:00
Régis Hanol
5c1eaeca9e FIX: prevent users from moving whispers to new topic 2018-01-22 17:23:19 +01:00
Gerhard Schlager
dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Régis Hanol
f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Sam
12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00