Commit Graph

322 Commits

Author SHA1 Message Date
Karina Kwiatek 7357e92865 Eager load relationships for questions, answers and users 2021-12-30 22:15:59 +01:00
Andreas Nedbal dcc781df3d Put all security related actions behind authentication 2021-12-29 22:35:17 +01:00
Karina Kwiatek 1b4aa8600d Set Sentry user context 2021-12-28 19:19:27 +01:00
Karina Kwiatek 065e56ccf1 Replace New Relic with Sentry 2021-12-28 18:32:03 +01:00
Karina Kwiatek 053ebafbc5
Merge pull request #213 from Retrospring/refactor/profile
Move profile fields to seperate table
2021-12-25 22:44:10 +01:00
Karina Kwiatek f28f714457 Allow retries for ShareWorker 2021-12-25 13:40:21 +01:00
Karina Kwiatek 8fa4feb469 Add endpoint for updating profile 2021-12-22 00:03:19 +01:00
Andreas Nedbal 58588d22b1 use .where.not instead of in-query condition for user confirm date 2021-10-03 20:49:33 +02:00
Andreas Nedbal 6639f6646a only count active users on about page 2021-10-03 20:40:25 +02:00
Karina Kwiatek 56786ebb38 Add direct field to questions
Co-authored-by: Georg Gadinger <nilsding@nilsding.org>
2021-08-11 16:56:58 +02:00
Dominik Kwiatek 2e6f49819a Address @nilsding's review comments 2020-11-15 22:08:18 +01:00
Dominik Kwiatek aeb1396422 Add tests for recovery codes 2020-11-15 10:21:06 +01:00
Dominik Kwiatek e16896fac1 Provide the user a way to generate new codes. 2020-11-01 18:52:42 +01:00
Dominik Kwiatek 61d82bdbec Display count of remaining recovery codes 2020-11-01 18:41:37 +01:00
Dominik Kwiatek 5eb4f32660 Clean up after TOTP is disabled. 2020-11-01 18:31:20 +01:00
Dominik Kwiatek 5dd920eba2 Allow recovery codes to be used to sign in in place of a OTP 2020-11-01 18:29:11 +01:00
Dominik Kwiatek b4f479a00f Generate recovery keys on TOTP setup 2020-11-01 17:55:31 +01:00
Dominik Kwiatek d20f527d8c Add drift period 2020-10-24 00:24:04 +02:00
Dominik Kwiatek 0f80bcef14 Remove I18n. prefix 2020-10-23 21:01:00 +02:00
Dominik Kwiatek 702156258c Remove user/sessions#two_factor_entry 2020-10-23 21:00:06 +02:00
Dominik Kwiatek 66cccbb5d6 Use the same string for 2FA failures 2020-10-23 20:58:42 +02:00
Dominik Kwiatek d7a1750694 Implement @nilsding's review changes 2020-10-23 20:45:06 +02:00
Dominik Kwiatek 556050aa66 Add tests for security settings page 2020-10-21 13:44:00 +02:00
Dominik Kwiatek 3211f8f59b Make OTP secret longer 2020-10-19 20:25:18 +02:00
Dominik Kwiatek 433f1d45e5 Use controller for setting up QR Code 2020-10-19 14:56:13 +02:00
Dominik Kwiatek 00da21a13d Redirect away from two factor entry page if no target user is set in session 2020-10-19 12:20:44 +02:00
Dominik Kwiatek 4ce5dfc92a Fix detaching, improve UI for attaching 2FA 2020-10-18 19:48:12 +02:00
Dominik Kwiatek 25410e111d Fix OTP auth triggering for users who haven't set it up
I thought I could be clever by using a null secret key as an indicator of it being disabled
2020-10-18 11:39:28 +02:00
Dominik Kwiatek 141ff59f63 Implement Two Factor Authentication 2020-10-18 10:39:46 +02:00
Dominik M. Kwiatek a92dd54be3 Address @nilsding's review comments 2020-05-27 20:07:39 +01:00
Dominik M. Kwiatek 984976a2f7 Omit hCaptcha if it is disabled 2020-05-27 20:07:39 +01:00
Dominik M. Kwiatek 7cac93ad4e Add hCaptcha 2020-05-27 20:07:39 +01:00
Georg Gadinger b58883e004 Remove "ask a group" feature 2020-05-25 18:34:43 +02:00
Georg Gadinger ea0685136e Rename Groups to Lists
haha regexp go brrr

special thanks to @seatsea for helping me out with the French locales
2020-05-25 18:04:54 +02:00
Karina Kwiatek ff9741589d Implement cropping; make uploaders DRY 2020-05-17 20:38:40 +01:00
Georg Gadinger 9b4c8027b8 Fix pagination for ajax views 2020-05-09 04:39:09 +02:00
Andreas Nedbal 928eeb28f3 Redirect user to edit_user_theme_path after deletion 2020-05-06 22:19:30 +02:00
Andreas Nedbal 880429f5f9 Add new fields for themes
- In the settings view
- In the model validation
- In the controller parameter permissions
- In the CoffeeScript/Ruby helpers
2020-05-05 02:02:16 +02:00
Andreas Nedbal 53979580d8 Merge branch 'master' into feature/bootstrap 2020-05-04 23:19:54 +02:00
Andreas Nedbal e7c5b1a4a3 Remove theme preview route and logic 2020-05-04 17:26:38 +02:00
Georg Gadinger 0109322610 add spec for Ajax::ModerationController 2020-05-01 22:41:26 +02:00
Georg Gadinger 3e95d5ebeb add spec for Ajax::ReportController 2020-05-01 10:17:05 +02:00
Georg Gadinger 6f3f3afa2f add spec for Ajax::GroupController 2020-05-01 10:17:05 +02:00
Georg Gadinger 54532c71e1 add spec for Ajax::QuestionController
also fix some minor annoyances
2020-05-01 10:17:05 +02:00
Georg Gadinger 1824fb1c25 add spec for Ajax::InboxController 2020-05-01 10:17:05 +02:00
Georg Gadinger d492cd34f6 AjaxController: also rescue from StandardError 2020-05-01 10:17:05 +02:00
Andreas Nedbal 91a7f7ed33 Fix wrong partial in Ajax::CommentController#create 2020-04-29 14:01:48 +02:00
Andreas Nedbal b22c7d358c Fix wrong partial path in Ajax::AnswerController#create 2020-04-29 13:33:53 +02:00
Andreas Nedbal 45b11bddfd Merge branch 'master' into feature/bootstrap 2020-04-29 02:49:07 +02:00
Georg Gadinger 29a5d0408c ajax_controller: fix variable name 2020-04-28 21:42:41 +02:00
Georg Gadinger 2f2b9ab1f4 New Relic be like: *notices your errors* OwO what's this? 2020-04-28 20:32:36 +02:00
Georg Gadinger e07d069c73 Refactor Ajax::*Controllers
Also removed the unused `Ajax::QuestionController#preview` method and
route
2020-04-28 20:28:00 +02:00
Andreas Nedbal e9e0a222b0 Merge branch 'master' into feature/bootstrap 2020-04-27 02:11:54 +02:00
Georg Gadinger aeef50ad78
Merge pull request #86 from Retrospring/cleanup
Minor Cleanup
2020-04-26 20:03:46 +02:00
Karina Kwiatek 926631eca3 Remove more left-over references to role fields 2020-04-25 22:23:37 +01:00
Karina Kwiatek f42cc6aed9 Remove all other references to removed roles 2020-04-25 21:20:02 +01:00
Andreas Nedbal 96309eb8ba Move all modals into shared views/modal directory 2020-04-25 15:16:45 +02:00
Georg Gadinger 445d9ebe2a Fix user questions page 2020-04-23 03:31:07 +02:00
Georg Gadinger 101b3b68d3 Use cursored pagination, remove WillPaginate 2020-04-20 23:13:24 +02:00
Karina Kwiatek 391f4a28ed Merge branch 'master' into feature/announcements
# Conflicts:
#	db/schema.rb
2020-04-19 21:52:58 +01:00
Karina Kwiatek a505e7ee71 Ensure we're logged in as an admin when using the AnnouncementController 2020-04-19 21:45:07 +01:00
Karina Kwiatek b6d6c1fded Add announcements to the top of the application template 2020-04-19 21:38:21 +01:00
Georg Gadinger 946bb3ae9d Use Rolify for admin and moderator roles 2020-04-19 22:35:58 +02:00
Karina Kwiatek 473f2cdcc5 Show announcement validation errors on the frontend 2020-04-19 21:26:55 +01:00
Karina Kwiatek 6187cb0b6c Add the ability to edit announcements 2020-04-19 20:58:57 +01:00
Karina Kwiatek f14a168bce Implement deletion of announcements 2020-04-19 20:50:33 +01:00
Karina Kwiatek e3b89f7346 Implement creation of announcements 2020-04-19 20:34:48 +01:00
Karina Kwiatek 8a632a09cd Create Announcement model & controller 2020-04-19 20:12:22 +01:00
Georg Gadinger 8b129bbbf4 Fix moderation panel. 2020-04-19 18:33:20 +02:00
Georg Gadinger 6f6ac3cc7d Merge remote-tracking branch 'origin/master' into rails5 2020-04-19 14:32:47 +02:00
Georg Gadinger 9fa8ef1501 enable 'Discover' page for mods 2020-04-19 13:55:13 +02:00
Karina Kwiatek a19402af41 Upgrade to Rails 5.2 2020-04-19 00:45:50 +01:00
Georg Gadinger d47991f379 Fixes for devise 4.x 2019-03-29 22:37:10 +01:00
Georg G 0deb4c4ccc added export view/controller/routes 2016-01-05 20:54:38 +01:00
Yuki e510a6e8b4 Do you feel it, Mr. Krabs? 2015-09-18 18:09:26 +09:00
Yuki c107cb19cb LEEDLE LEEDLE LEEE 2015-09-18 18:08:08 +09:00
Yuki 64ba41d9a6 Fix reports 2015-09-18 18:02:16 +09:00
pixeldesu ede3ad1b92 Update notification design and behaviour
- Add display of content that was replied to/with
- Instead of marking notifications new, only show new items and hide seen entries
- Add a 'New Notifications' page and set it as default
- Add proper display if there are no new notifications
- Adjust theme to fit new changes
2015-09-16 22:18:40 +02:00
Yuki 8cbd85a89c the copy paste is strong 2015-09-01 18:48:56 +05:30
Yuki 4b891b3f70 Fix dangerous send exploit 2015-09-01 18:44:50 +05:30
Yuki 5d3d3a68e7 Fix remote code execution exploit 2015-09-01 18:44:31 +05:30
pixeldesu a9ad31b285 move check if user is logged in out of template 2015-08-28 16:36:49 +02:00
Yuki 71caf3cce5 Several changes to theming, solving a bunch of bugs 2015-08-27 05:30:26 +05:30
Yuki a7c3acea76 ISHYGDDT 2015-08-26 02:14:14 +05:30
Yuki c2da575955 invalid is invalid 2015-08-26 01:20:17 +05:30
Yuki 2e0a00e461 Braces 2015-08-26 00:50:18 +05:30
Yuki 7c68b2a167 PRODUCTION V DEVELOPMENT, ROUND 3 FIGHT 2015-08-26 00:45:08 +05:30
Yuki 906692e78f Theming is finished
Previews, settings pane and presets!
2015-08-25 23:57:06 +05:30
Yuki 1912fc3766 Model goop
also made the theme selection logic for user profiles and current user, and the saving logic
2015-08-25 13:56:36 +05:30
Yuki 47344a5774 ThemeHelper.render_theme_with_context 2015-07-29 22:24:33 +05:30
Yuki aec452cbd1 CSS -> SCSS 2015-07-29 22:01:34 +05:30
Yuki 9ef71a84e9 Merge branch 'master' of github.com:Retrospring/retrospring into feature-themes 2015-07-29 19:52:14 +05:30
Yuki 26a517a650 Fixes, workers now output to sidekiq, not rails 2015-07-27 12:42:12 +05:30
Yuki 92bbfef2df Moved ask all + ask group to worker, validates user_id for ask person now 2015-07-27 12:29:56 +05:30
Yuki 54b051a7e7 Temp. layout for testing 2015-07-24 22:42:14 +05:30
Yuki 3b0646644a Replace @users with Hash 2015-07-24 01:14:20 +05:30
Yuki 2aef9bd71f Support for Ruby 2.0.0 2015-07-24 01:13:39 +05:30
Yuki deb6d12108 Moderation Priority + IP 2015-07-23 23:21:13 +05:30
pixeldesu 36d6cd5816 remove strict case requirement 2015-07-17 22:46:05 +02:00
pixeldesu 19d6ccd855 change logic for deletion when no user or no question is found 2015-07-17 22:31:10 +02:00