Sam
f0d5f83424
FEATURE: limit assets less that non asset paths
...
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
OsamaSayegh
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward
13eda41ff5
Fix lint errors
2018-03-03 14:34:19 -05:00
Robin Ward
31e3bf6d8d
FEATURE: New "Categories and Top" homepage style
...
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Guo Xiang Tan
939180efa8
FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
2018-03-02 10:39:10 +08:00
Sam
75172024ca
SECURITY: ensure users have permission when moving categories
2018-03-02 12:13:27 +11:00
Guo Xiang Tan
fb75f188ba
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
Guo Xiang Tan
947b6fdf46
FIX: Incorrect rate limit applied to topics invitation flow.
2018-03-01 12:50:00 +08:00
Guo Xiang Tan
5a462b930d
REFACTOR: Prefer exists?
over present
.
2018-03-01 10:22:41 +08:00
Guo Xiang Tan
c64f09b6b7
REFACTOR: Simplify and DRY Group#invite
.
2018-02-26 11:59:07 +08:00
Régis Hanol
0559a4736a
FIX: don't double request when downloading a file
2018-02-24 12:35:57 +01:00
Sam
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
.
was not a needed change, but was elsewhere
2018-02-23 17:59:00 +11:00
Sam
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags
...
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Maja Komel
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
Sam
720e1965e3
FEATURE: add category suppress from latest
...
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.
New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Robin Ward
83d8fa2892
FIX: Allow customized usernames to work in this route
...
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags
2018-02-21 23:55:59 +05:30
Vinoth Kannan
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
Guo Xiang Tan
b16471edfb
FIX: Invalid token error incorrectly displayed on email login page.
2018-02-21 15:46:53 +08:00
Guo Xiang Tan
14f3594f9f
Review Changes for f4f8a293e7
.
2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Régis Hanol
60ec483caa
FIX: include title in local onebox when linking to a different topic
2018-02-19 22:40:14 +01:00
Robin Ward
02093ecbdd
Extensibility: Allow plugins to munge user params
2018-02-16 19:12:02 -05:00
Guo Xiang Tan
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
Guo Xiang Tan
96e5a7da46
Prefer success_Json
over custom success JSON payload.
2018-02-15 07:47:35 +08:00
Robin Ward
a3e5a31674
FIX: Allow 404 pages to use the current theme
2018-02-14 15:29:01 -05:00
Sam
38f4acd55a
FIX: rate limiter text is confusing, should not say daily
...
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Sam
f028ffaf29
SECURITY: correct local onebox category checks
...
Also removes ugly "source_topic_id" from cooked posts
Patch was authored by @zogstrip
Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
Erick Guan
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Guo Xiang Tan
f9280617d0
Remove redundant comment.
2018-02-13 15:58:13 +08:00
Muhlis Cahyono
cc3cf6588b
FEATURE: Notification API Endpoints for Admins
...
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Sam
b34b1b6fe3
FIX: invite to message was not allowing groups
...
Previously we were incorrectly checking mentionable instead of messageable
Also fix edge case where multiple groups sharing a name mean that exact match override is not working
Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
Robin Ward
569e57f0a9
FIX: Delete the invalid auth cookie even if you hit the rate limit
2018-02-09 19:09:54 -05:00
Gerhard Schlager
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
Robin Ward
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
Neil Lalonde
9fa71e198e
FIX: admin reports charts should use same time of day as dashboard numbers
2018-02-01 15:59:39 -05:00
Sam
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
2d340d1122
FIX: Don't allow username update via update route
...
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
Robin Ward
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol
e2d82b882e
FIX: redirect to original URL after social login
2018-01-26 18:52:27 +01:00
Gerhard Schlager
683be5e555
FIX: Application should not crash when selected locale is missing
2018-01-25 14:57:41 +01:00
Sam
2437b0d531
FIX: regression, missing 404 page
2018-01-23 09:00:28 +11:00
Régis Hanol
5c1eaeca9e
FIX: prevent users from moving whispers to new topic
2018-01-22 17:23:19 +01:00
Gerhard Schlager
dde0fcc658
FEATURE: Allow sending invites to staged users
2018-01-22 15:37:18 +01:00
Régis Hanol
f74ac826c5
slightly more meaningful error message
2018-01-22 12:20:53 +01:00
Sam
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00