49ed382c2a
FIX: return 429 when admin api key is limited on admin route
...
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
672888f526
FIX: handle invalid password reset token
2018-01-09 23:48:17 +05:30
8ff5f5f2ef
FIX: cache admin locale file for 24 hours
2018-01-09 10:23:49 +11:00
642645ba9a
FIX: broken select badge as user title ( #5474 )
...
* FIX: broken select badge as user title
* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
ef4c6c67ba
fix the build
2017-12-23 14:42:40 +05:30
7f69362d9d
FIX: external links in whisper ended up in a white page
...
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
6a2bce1931
FIX: Data loss on update of single user_field.
...
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
97ceebb570
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:25:22 +08:00
96584403cd
SECURITY: prevent staged accounts from changing email
2017-12-14 17:16:49 +11:00
a393d3bcbb
FIX: ensure staged accounts are always inactive
...
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
1d43d7f136
optimize spec
2017-12-12 13:00:53 +05:30
d21db0f186
add a test case to verify presence of registration_ip_address for staged users
2017-12-11 21:33:00 +05:30
74b9828731
FIX: Remove mentions filters from user and groups
...
Additionally return no data if disabled
2017-12-07 16:29:02 -05:00
5003f07b2c
FEATURE: new site setting show_inactive_accounts
2017-12-07 19:22:41 +05:30
dd70ef3abf
Revert "Revert "PERF: improve speed of rate limiter""
...
This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb.
2017-12-04 21:23:11 +11:00
2373d85239
Revert "PERF: improve speed of rate limiter"
...
This reverts commit a9bcdd7f279827e86ec474bcf4c9ed96bc1c0060.
2017-12-04 21:19:28 +11:00
a9bcdd7f27
PERF: improve speed of rate limiter
...
Also
- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
2017-12-04 18:17:30 +11:00
496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements
...
FEATURE: support search click through tracking for user, category and tags
2017-12-01 12:08:38 +05:30
e3925278e2
FEATURE: support search click through tracking for user, category and tags
...
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj
This commit adds following features:
- support for tracking click through to user, tag and category
- new filter for search type (header, full page)
This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
1c2d1682ae
Merge pull request #5328 from tgxworld/reenable_interpolation_keys_check
...
FIX: Re-enable invalid interpolation keys check and allow default key…
2017-11-30 13:04:54 +08:00
1d8b834301
Merge pull request #5369 from vinothkannans/queued
...
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
77f90876d3
REFACTOR: Track manual locked user levels separately from groups
2017-11-27 11:23:44 -05:00
31aa21b5a4
FIX: Error if queued post not found while updating
2017-11-27 19:25:51 +05:30
5805979e88
FIX: Re-enable invalid interpolation keys check and allow default keys to be left out of translation overrides.
...
https://meta.discourse.org/t/bulk-invite-from-file-resets-the-invite-forum-mailer-customized-text/67606/16
2017-11-27 11:00:08 +08:00
eb428ef54d
FEATURE: uploads are processed a faster
...
Also cleans up API to always return 422 on upload error. (previously returned 200)
Uploads are processed using new hijack pattern
2017-11-27 12:43:35 +11:00
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00
82222e8d18
Improve specs to test for the right response status.
2017-11-24 09:32:44 +08:00
e61629ed84
remove spec containing mock
2017-11-23 17:54:27 +11:00
628275fc31
FIX: Some badge routes were still working even with badges disabled
2017-11-21 12:22:44 -05:00
0a9daba627
FIX: Support for long suspension emails
2017-11-20 12:45:46 -05:00
92a831bae6
FEATURE: user directory returns staged users during search
2017-11-19 01:17:31 +01:00
4c4410225e
UX: cap likes 2 ( #5237 )
2017-11-15 11:28:54 +11:00
971e302ff2
FEATURE: Support an end date for user silencing
2017-11-14 13:20:19 -05:00
47e4c9bb46
FIX: import/export theme should work with uploads
2017-11-14 16:30:23 +11:00
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
9dc9ca4ac0
FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all
2017-11-10 12:18:25 -05:00
d7880af0bb
FIX: change password form validation should instruct admins to use min password length for admin accounts
2017-11-07 16:14:56 -05:00
56412adad5
FEATURE: custom setting for large square site icon
...
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
1bd9e64a36
FIX: offline controller regression
2017-10-31 15:44:50 +11:00
7c3123a2dd
Downcase encoded slug by default and more specs
2017-10-26 16:50:29 +08:00
5d5268a82b
Feature: Group handling
2017-10-25 22:49:17 -02:00
9586f0bdc9
fix the build - take 2
2017-10-20 21:34:56 +05:30
13b2bf52c9
fix the build
2017-10-20 20:31:49 +05:30
2db66072d7
SECURITY: signup without verified email using Google auth
2017-10-16 13:51:41 -04:00
f73a3cc0d4
Don't include suspended_at or suspended_till unless suspended
2017-10-13 12:17:54 -04:00
a2183c3f1d
SECURITY: verify that inviter can invite new user to a topic
2017-10-09 15:59:41 +05:30
1faae3c765
rename forgot_password_strict to hide_email_address_taken
2017-10-03 15:28:31 -04:00
e47f5cedd2
FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup
2017-10-03 15:28:30 -04:00
85c5bb4ea4
Fix randomly failing spec.
2017-10-03 11:59:26 +08:00
