The old password reset flow:
* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.
The new password reset flow:
* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
* Fix users being redirected back to the change password page after
successfully changing their password.
* Move passwords controller out of /maintenance/ namespace.
* Add tests.
Change it so that when a post contains bad tags, the tags themselves are
highlighted rather than the entire post.
This also adds a data-tag-name attribute to tags in tag lists.
Remove the nag message when an approver hasn't approved anything
recently. Also remove the modqueue random posts page. As of 3d410398a,
inactive approvers are now warned via dmails.
Add a curated posts page at /explore/posts/curated. Curated posts are
the most favorited posts by contributor-level users (users with
unlimited upload permissions).
Also add an order:curated tag using for use in regular searches.
Make searches on the /tags index includes aliases too. Show matching
aliases like this:
Name: gray*
? 75098 grey_hair <- gray_hair
? 35345 grey_eyes <- gray_eyes
Remove the edit, update, and approve endpoints for tag aliases and
implications. These have been useless since individual alias and
implication requests were removed. Aliases and implications could only
be edited or approved if they were in the pending state, which is no
longer possible.
Also remove unused new alias/implication request forms.
Remove `POST /moderator/post/undelete` endpoint. Replace it with
`POST /post_approvals` instead.
Fixes it so that undeleting a post has the same behavior as approving a
post. Namely, it reloads the page instead of just flashing a "Post was
undeleted" message.
Turn deletions into soft deletions (set the is_deleted flag) instead of
hard deletions (remove from database). The is_deleted flag actually
already existed, but it was never used before.
Also remove options to configure names of wiki notice pages. These names
generally don't need to be changed and we already hardcode links to wiki
pages in other places anyway.
* Add ability to report dmails.
* Enable reports for comments, forum posts, and dmails.
* Allow Members to send reports.
* Don't allow users to report the same thing twice.
Change the title of the post index page to look like this:
"Danbooru: Anime Image Board" (for the front page)
"Kantai Collection Art | Danbooru" (for a tag search)
Change the meta description of the front page to look like this:
Danbooru is the original anime image 'booru. Find over 3.75 million
anime pictures categorized by over 100 million tags.
Change the meta description for a tag search to look like this:
Find over 37,168 Azur Lane images on Danbooru. Azur Lane (碧蓝航线)
(벽람항로) is a Chinese shipgirl-themed side-scrolling shoot 'em up
mobile game developed by Shanghai Manjuu and Xiamen Yongshi...
* Rarely used (only used ~15 times in total, not used at all since 2015-2016).
* Merging topics didn't properly bump the new topic.
* Merging topics didn't log a modaction when the old topic was deleted.
* Merging topics broke the old topic. Moving all the posts from one topic
to another leaves the old topic with zero posts. This normally can't
happen and it causes exceptions when you try to view the empty topic.
* It was technically possible to merge a topic with itself. This would
break the response_count.
* It was technically possible for a mod to merge a topic into an
admin-only topic.
Few people used forum subscriptions (only around 100), and even fewer
people were subscribed to active threads. Most subscriptions were for
old threads that will never be bumped again. The implementation also had
a few problems:
* Unsubscribe links in emails didn't work (they unset the user's
receive_email_notifications flag, but forum subscriptions didn't
respect this flag).
* Some users had invalid email addresses, which caused notifications to
bounce. There was no mechanism for preventing bounces.
* The implementation wasn't scalable. It involved a daily linear scan
over _all_ forum subscriptions looking for any topics that had been updated.
Few people used dmail filters (~900 users in 5 years) and even fewer
used them correctly. Most people used them to try to block dmail spam,
but usually they either blocked too much (by adding common words that
are present in nearly all dmails, causing all mails to them to be
filtered) or too little (blocking specific email addresses or urls,
which usually are never seen again after the spammer is banned).
Nowadays the spam detection system does a better job of filtering spam.
- Limited to Builders+
-- Moderator+ can also use as they may be too busy ATM
- Only on users, comments, and forum posts
- Multiple reports can be generated per instance
- Primarily posts to a moderator-only topic for viewability
- Secondarily has a table for searchability
-- Viewable only by moderators
* Rename 'privacy mode' to 'private favorites'.
* Make the private favorites setting only hide favorites, not favgroups
and not the user's uploads on their profile page.
* Make the favgroup is_public flag default to true instead of false and
fix existing favgroups to be public if the user didn't have privacy mode
enabled before.
* List _all_ public favgroups on the /favorite_groups index, not just
favgroups belonging to the current user.
* Add a /users/<id>/favorite_groups endpoint.
This was an alternate frontpage that contained a list of previews of the
most popular tags. This page was never linked from anywhere and it was
unknown by most users.
Eliminate the Danbooru.config.hostnames option. It was only used for
rewriting links in notes. Just using the main hostname is good enough,
there aren't any notes still using any of Danbooru's alternate domain
names.
Remove the targeted down voting report. This report hasn't been working
for a while. The /post_votes page is a better way to investigate
downvoting activity anyway.
Remove the ssl_options config option. Let nginx handle HSTS and
http->https redirects instead. At the rails level, all we need to do is
set the secure cookie flag when https is enabled (which we assume it's
enabled in production).
This was a search page that let you search for tags, aliases, and
implications at the same time. It never got much use and it's been
broken for a while now (the search form passed the wrong param to the
controller).
