Commit Graph

12382 Commits

Author SHA1 Message Date
Juan David Martínez Cubillos
789aa2d9de
DEV: Add PluginRegistry modifiers to #review and #recalculate (#29128)
* DEV: Add PluginRegistry modifiers to #review and #recalculate

* added tests

* changed added registry logic
2024-10-16 10:26:10 -05:00
Natalie Tay
4aa923aab1
FIX: Support add_directory_column in glimmered table header toggle (#29231)
#29209 introduced a bug where columns to the directory added via add_directory_column are not being translated properly.

This fixes the issue and adds an integration test.
2024-10-16 21:49:01 +08:00
David Taylor
78ed8ede8a
DEV: Improve isolation and concurrency for minio-based upload specs (#29216)
- Uses a temporary, clean, per-test-process directory for minio data
- Runs a separate minio instance for each test process
- Unskips minio-based tests in CI
2024-10-16 10:40:58 +01:00
Alan Guo Xiang Tan
322a3be2db
DEV: Remove logical OR assignment of constants (#29201)
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Penar Musaraj
80ac3275ba
DEV: update rake task to disable 2FA for a user (#29052)
- limits security key deletes to second factor keys
- also deletes backup codes (lingering backup codes break login flow entirely)

* Add spec for rake task to disable 2FA for a user
2024-10-16 09:11:29 +11:00
Jan Cernik
7e1cca87a9
UX: Add option to use fullpages for login and signup (#29034)
This adds dedicated routes for /login and /signup, replacing the use of modals. Currently, this is behind the experimental_full_page_login feature flag. It also includes some small consistency fixes related to formatting, spacing, icons, and the loading of certain elements
2024-10-15 11:10:54 -03:00
Loïc Guitaut
281570226b DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.

---

The previous implementation of this patch had a bug: it wasn’t handling
locales with country/region code properly. So instead of iterating over
the problematic keys, it was raising an error.
2024-10-15 12:45:23 +02:00
Jeff Wong
d92d65fe73
Revert "DEV: Output failing MF keys when compilation fails" (#29200)
This reverts commit 8eff922ace.
2024-10-14 17:42:36 -07:00
Alan Guo Xiang Tan
448fae6ea5
DEV: Make BIGINT values more readable in tests env (#29189) 2024-10-15 07:44:27 +08:00
Alan Guo Xiang Tan
c949d95951
DEV: Fix not flushing Redis properly for system test. (#29188)
In  ed6c9d1545, we started flushing
Redis's database at the end of each test. However, we had something like
this:

```
config.after(:each, type: :system) { teardown system test stuff }
config.after(:each) { # flush redis }
```

When stuff was defined in this order, flushing redis was called before
the teardown of system test. Instead we have to switch the order around
which is what this commit does.
2024-10-14 15:24:29 +08:00
Ted Johansson
408de686bb
DEV: Convert admin user fields to FormKit (#29070)
This change replaces the admin form for adding and editing custom user fields with a new FormKit implementation.
2024-10-14 13:19:53 +08:00
Natalie Tay
ede06ffd43
FIX: Allow user to log in another account using the same device (client_id) (#29121)
Allow user to log in another account using the same device (client_id)
2024-10-14 12:39:20 +08:00
Jarek Radosz
7ab4df9a04
DEV: Fix linting in notify_category_change_spec (#29175) 2024-10-11 19:55:33 +02:00
Yuvaraj J
65a1e149ad
FIX: Notify mailing list subscribers on category change (#28811)
cf. https://meta.discourse.org/t/email-notifications-dont-get-sent-on-category-change-for-mailing-list-mode-users/308096
2024-10-11 14:47:39 +02:00
Martin Brennan
2193667e1f
FIX: Plugin JS failing to load would break admin interface (#29139)
If a plugin's JS fails to load for some reason, most commonly
ad blockers, the entire admin interface would break. This is because
we are adding links to the admin routes for plugins that define
them in the sidebar.

We have a fix for this already in the plugin list which shows a warning
to the admin. This fix just prevents the broken link from rendering
in the sidebar if the route is not valid.
2024-10-11 09:26:10 +10:00
Bianca Nenciu
33a4ab13b5
DEV: Set bigint sequences to start at MAX_INT (#28961)
This helps uncover issues with bigint columns that are joined with int
columns. It also introduces a temporary API for plugins to migrate int
columns to bigint in test environment to make tests pass.
2024-10-10 19:28:45 +03:00
Mark VanLandingham
882c2da29e
DEV: Add modifier to SuggestedTopicsBuilder#add_results (#29164) 2024-10-10 10:03:26 -05:00
Jarek Radosz
8105b545c3
DEV: Fix random typos (#29161) 2024-10-10 16:11:55 +02:00
Mark VanLandingham
909264ee75
DEV: Publish DiscourseEvent after top topic period is calculated (#29142) 2024-10-10 08:10:39 -05:00
Alan Guo Xiang Tan
47f383d1ac
DEV: Attempt to fix a flaky spec (#29155)
We some times get the following failure on Github CI:

```
expected StandardError with message matching /some.host/, got #<Socket::ResolutionError: getaddrinfo: Temporary failure in name resolution> with backtrace:
```
2024-10-10 17:19:53 +08:00
Kelv
32e261ef73
DEV: Migrate user passwords data to UserPassword table (#28746)
* Add migrations to ensure password hash is synced across users & user_passwords

* Persist password-related data in user_passwords instead of users

* Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed

* Add post deploy migration to mark password-related columns from users table as read-only

* Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
2024-10-10 09:23:06 +08:00
Alan Guo Xiang Tan
ed6c9d1545
DEV: Call Discourse.redis.flushdb after the end of each test (#29117)
There have been too many flaky tests as a result of leaking state in
Redis so it is easier to resolve them by ensuring we flush Redis'
database.

Locally on my machine, calling `Discourse.redis.flushdb` takes around
0.1ms which means this change will have very little impact on test
runtimes.
2024-10-09 07:19:31 +08:00
Alan Guo Xiang Tan
a243d1d6a1
DEV: Fix state leak in spec (#29135)
`GlobalSetting.skip_redis` sets a class instance variable so we need
to reset it.

Follow-up to 7d441e3782
2024-10-09 06:36:47 +08:00
Penar Musaraj
520f71b8f8
FIX: Routing back to homepage from admin sidebar (#29125) 2024-10-08 10:05:08 -04:00
Loïc Guitaut
229773e7a8 DEV: Drop OpenStruct for the context object in services
While using `OpenStruct` is nice, it’s generally not a very good idea as
it usually leads to performance problems.

The `OpenStruct` source code even says basically to avoid it.

Since the context object is crucial in our services, this patch replaces
`OpenStruct` with a custom implementation instead.
2024-10-08 10:34:55 +02:00
Ted Johansson
974a3bfc41
DEV: Fix flaky login wizard redirect spec (#29105) 2024-10-08 10:24:20 +08:00
Krzysztof Kotlarek
4ea3d69979
FIX: flaky flags system spec (#29039)
Because of unreliability, the spec was temporarily disabled. However, it is ensuring that the custom flags system is working correctly. Therefore it would be great to enable it again.

I made a few fixes to try to mitigate this situation:
- Reduced amount of Redis calls;
- When deleting, ensure that the modal is closed before checking the result;
- Moved duplicated name tests to a separate block;
- Increased wait time to 3 times the default because I noticed that sometimes it gets stuck for a moment. Most of the time it is fast, but sometimes when I run tests in a loop 50 times I see slowness.
2024-10-08 08:38:42 +11:00
Ted Johansson
ec7703e622
FIX: Only render admin notice dismiss button for admins (#29103)
Dismissing admin notices is an admin-only action. This is enforced on the back-end both by a routing constraint and a policy in the relevant service.

However, we still unconditionally display the "Dismiss" button to anyone with access to the admin dashboard. When clicked, it results in a 404 modal (due to the routing constraint.)

With this change we only render the dismiss button for admins.
2024-10-07 13:14:01 +08:00
Ted Johansson
7ecb258b83
FIX: Support idempotent admin notice dismissal (#29099)
If you have the admin dashboard open, and one of the admin notices listed has already been dismissed (e.g. in another tab, or by another admin) we would show an ugly "FAILED" modal.

This change makes the admin dismiss endpoint idempotent. If the admin notice is already destroyed, then respond with 200. This will also correctly remove it from the list in the front-end.
2024-10-07 12:29:33 +08:00
Penar Musaraj
92ac6be82a
SECURITY: prevent topic list filtering by hidden tags for unathorized users
This fixes an issue where unathorized users were able to filter topics
by tags that are hidden from them.
2024-10-07 11:48:55 +08:00
OsamaSayegh
d7164d57ec
SECURITY: Block registrations for encoded emails that are invalid 2024-10-07 11:48:52 +08:00
Régis Hanol
34d04e7507
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773

FIX: Duplicated parent posts

DEV: Query refactor
2024-10-07 11:48:48 +08:00
Bianca Nenciu
e081cc14fb
SECURITY: Use different anon cache keys for XHR requests
XHR requests are handled differently by the application and the
responses do not have any preloaded data so the cache key needs to
differntiate between those requests.
2024-10-07 11:48:45 +08:00
Jeff Wong
7d441e3782
FIX: skips caching a generated secret key base token if skip_redis is true. (#29029)
Allows for `SKIP_DB_AND_REDIS` env var to be used without a secret key setup in
global setting env.
2024-10-06 06:46:58 -07:00
Loïc Guitaut
8eff922ace DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.
2024-10-04 23:38:27 +09:00
David Taylor
69d2373f77
DEV: Resolve stat registration flaky tests (#29084) 2024-10-04 13:49:22 +01:00
Penar Musaraj
0cc231f61c
DEV: Do not include passkey metadata needlessly (#29074)
Only current user should see passkey metadata.
2024-10-03 15:44:21 -04:00
Martin Brennan
3108e3a6b6
DEV: Try fix bookmark flaky (#29069)
I think the check for the bookmark icon is too optimistic,
so the DB might not be updated by the time we check. Using
try_until_success should fix this, we also don't have a
toast to check against via AJAX success, by design.
2024-10-03 14:34:36 +10:00
Loïc Guitaut
fc1c5f6a8d DEV: Have contract take a block in services
Currently in services, the `contract` step is only used to define where
the contract will be called in the execution flow. Then, a `Contract`
class has to be defined with validations in it.

This patch allows the `contract` step to take a block containing
validations, attributes, etc. directly. No need to then open a
`Contract` class later in the service.

It also has a nice side effect, as it’s now easy to define multiples
contracts inside the same service. Before, we had the `class_name:`
option, but it wasn’t really useful as you had to redefine a complete
new contract class.
Now, when using a name for the contract other than `default`, a new
contract will be created automatically using the provided name.

Example:
```ruby
contract(:user) do
  attribute :user_id, :integer

  validates :user_id, presence: true
end
```
This will create a `UserContract` class and use it, also putting the
resulting contract in `context[:user_contract]`.
2024-10-02 17:00:01 +09:00
Sam
baeca887d9
FEATURE: improve the suppression for admins when required (#29041)
Previously admins could still click on topics when `suppress_secured_categories_from_admin` was set

This change improves the block so admins without permission will not be allowed to click through till they add themselves to appropriate groups

Keep in mind this setting is a quality of life setting and not a SECURITY
setting, admins have an infinite way of bypassing visiblity limits
2024-10-02 10:52:02 +10:00
Daniel Waterworth
c544686540
DEV: Add expires flag to enable_readonly (#29033)
... to control whether readonly mode expires or not.
2024-09-30 13:59:51 -05:00
Ted Johansson
e0a0a13a91
FIX: Fix broken client-side review actions (#29025)
After #28603, the options "agree and suspend" and "agree and silence" in the review queue weren't working. This was happening because the optionalService, when used as a decorator, needs a name argument to work properly. We were also lacking tests for this.
2024-09-30 13:27:25 +08:00
Krzysztof Kotlarek
c5a024f8df
FIX: custom flag name should be unique (#28869)
Validation to ensure that the custom flag name is unique.
2024-09-30 09:17:19 +10:00
Linca
a1e5796ba1
FEAT: Allow admin delete user's associated accounts (#29018)
This commit introduces a feature that allows an admin to delete a user's
associated account. After deletion, a log will be recorded in staff
actions.

ref=t/136675
2024-09-27 20:08:05 +08:00
Bianca Nenciu
e2f3474bc3
FIX: permanent delete of posts by deleted users (#28992)
Permanently deleting posts that no longer have a user associated was not
working as expected because of UserAction.log which expected user_id to
be present.
2024-09-24 12:26:31 +03:00
Loïc Guitaut
78d9f9fa40 DEV: Rename ServiceRunner to Service::Runner for consistency 2024-09-20 10:04:42 +02:00
Loïc Guitaut
afdb1ac0a0 DEV: Disallow default params in service steps
With the current implementation, a service step can be written as:
```ruby
def my_step(a_default_value: 2)
  …
end
```
That’s a pattern we want to avoid as default values (if needed) should
be probably defined in a contract.

This patch makes a service raise an exception if a default value is
encountered.
2024-09-19 14:47:55 +02:00
Loïc Guitaut
fe1098ebac FIX: Don’t raise on some search terms
Currently, when certain search terms are provided, this can lead to
`Search.need_segmenting?` raising an error because it makes `URI#path`
to return `nil` instead of a string.

This patch forces a cast to string so it won’t raise anymore.
2024-09-19 11:35:10 +02:00
Loïc Guitaut
05b8ff436c DEV: Introduce a Service::ActionBase class for service actions
This will help to enforce a consistent pattern for creating service
actions.

This patch also namespaces actions and policies, making everything
related to a service available directly in
`app/services/<concept-name>`, making things more consistent at that
level too.
2024-09-18 17:02:46 +02:00
Ted Johansson
e60876ce49
FIX: Appropriately handle uninstalled problem checks (#28771)
When running checks, we look to the existing problem check trackers and try to grab their ProblemCheck classes.

In some cases this is no longer in the problem check repository, e.g. when the check was part of a plugin that has been uninstalled.

In the case where the check was scheduled, this would lead to an error in one of the jobs
2024-09-18 10:11:52 +08:00
Ted Johansson
be33363f13
FEATURE: Add ability to dismiss admin notices (#28916)
his is a new feature that lets admins dismiss notices from the dashboard. This helps with self-service in cases where a notice is "stuck", while we work on provisions to prevent "sticking" in the first place.
2024-09-17 14:43:34 +08:00
Linca
741e9d70ad
FIX: Don't show move topic for private messages for TL4 (#28871)
In TopicController, in addition to ensure_can_move_posts!, we also
checked if the topic is private message in this line:

```ruby
raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff?
```

However, this was not present in `guardian.can_move_posts?`. As a result,
the frontend topic view got an incorrect serialized result, thinking
that TL4 could move the private message post. In fact, once they tried
to move it, they got the `InvalidAccess` error message.

This commit fixes that TL4 will no longer sees the "move to" option in
the "select post" panel for a private message.
2024-09-16 11:30:05 +08:00
Jan Cernik
0c019b2e45
FIX: Error when moving the group default notification state (#28910) 2024-09-13 16:01:20 -03:00
Kris
a914d3230b
DEV: remap all core icons for fontawesome 6 upgrade (#28715)
Followup to 7d8974d02f

Co-authored-by: David Taylor <david@taylorhq.com>
2024-09-13 16:50:52 +01:00
Osama Sayegh
3baf6233aa
FIX: Remove anonymous users from users directory (#28892)
Anonymous users are "shadow" users created when an existing real user desires to post anonymously. This feature is off by default, but it can be enabled via the `allow_anonymous_posting` site setting. Those shadow users shouldn't be included in the users directory (`/u`).
2024-09-13 15:12:57 +03:00
Alan Guo Xiang Tan
97143efc52
PERF: Drop user_search_similar_results site setting (#28874)
In 14cf8eacf1, we added the
`user_search_similar_results` site setting which when enabled will use
trigram matching for similarity search in `UserSearch`. However, we
noted that adding the `index_users_on_username_lower_trgm` index is
causing the PG planner to not use the `index_users_on_username_lower`
index when the `=` operator is used against the `username_lower` column.

Based on the PG mailing list discussion where support for the `=`
operator in gist_trgm_ops was being considered, it stated that "I also have checked that btree_gist is preferred over pg_trgm gist
index for equality search." This is however quite different from reality
on our own PG clusters where the btree index is not preferred leading to
significantly slower queries when the `=` operator is used.

Since the pg_trgm gist index is only used for queries when the `user_search_similar_results` site setting
is enabled, we decided to drop the feature instead as it is hidden and
disabled by default. As such, we can consider it experiemental and drop
it without deprecation.

PG mailing list discussiong: https://www.postgresql.org/message-id/CAPpHfducQ0U8noyb2L3VChsyBMsc5V2Ej2whmEuxmAgHa2jVXg%40mail.gmail.com
2024-09-13 09:04:02 +08:00
Penar Musaraj
c182bb34ad
DEV: Skip flakey admin flags test (#28895) 2024-09-13 09:22:30 +10:00
Krzysztof Kotlarek
560b01f0cf
FIX: flaky system admin flags specs (#28873)
Recently `custom_` prefix was added for flags https://github.com/discourse/discourse/pull/28839

When we wait to ensure that `Tasteless` flag is deleted, we need to use new prefix as well.
2024-09-13 06:25:30 +10:00
Osama Sayegh
64b67e0a4f
FIX: Exclude inactive and silenced users from /about page stats (#28877)
The user directory (`/u`) excludes inactive and silenced users from the list, so for the sake parity, it makes sense to also exclude those users from the /about page stats.

Internal topic: t/70928.
2024-09-12 22:28:49 +03:00
Loïc Guitaut
b806dce13d DEV: Refactor suspend/silence user services
- fetch models inside services
- validate `user_id` in contracts
- use policy objects
- extract more logic to actions
- write specs for services and action
2024-09-12 10:28:48 +02:00
Martin Brennan
7ced4fccc7
FIX: Support date field in FormKit page object (#28872)
Adds support for `input-date` field when calling
`fill_in` on a FormKit field. Capybara supports passing
a Date object to `fill_in(with: value)` for date inputs,
so there is nothing fancy that needs to be done to support this.
2024-09-12 13:35:33 +10:00
Martin Brennan
78268ca767
DEV: Fix another report flaky (#28868)
Followup 0323b366f3

This was happening because another spec was adding a
report using the plugin API, but there was nothing
resetting that, so later in the reports controller
when we did Report.singleton_methods, we ended up
with another report with no translation, causing another
error.
2024-09-12 10:34:38 +10:00
Bianca Nenciu
38592dc48e
PERF: Preload user options when status is enabled (#28827)
The user option 'hide_profile_and_presence' is necessary to figure out
if the user status has to be displayed or not. In order to avoid N+1s
generated by `include_status?` method, both `user_status` and
`user_option` relations have to be included.
2024-09-11 10:39:14 +03:00
Bianca Nenciu
d63ffe22f4
DEV: Track SQL queries from MiniSql (#28824)
`track_sql_queries` only returned queries that were executed by
ActiveRecord. All queries executed through DB.exec, DB.query and others
were not returned.
2024-09-11 10:14:53 +03:00
Krzysztof Kotlarek
1f1709d249
FIX: use a custom prefix for custom flags (#28839)
Currently, when the custom flag has the same name as the system flag (which is disabled) then it is not displayed. To fix the problem, `custom_` prefix as `name_key` is used to distinguish between the system and the custom flag.

I considered writing a migration to fix existing custom flags name key. However, at the end of migration I would need to run rails code to reset cache `Flag.reset_flag_settings!`. I decided to skip that step as it is a very edge case. If someone has the same flag name as the system flag, then all they have to do is edit the flag and click save.

In addition, I made 2 small fixes:
- edit flag title was missing translation;
- flag form UI was not showing that description is the required field.
2024-09-11 15:30:20 +10:00
Martin Brennan
0323b366f3
DEV: Fix report flakys (#28838)
The Report model spec was directly adding methods
to the Report class, which was causing errors in the
admin reports controller because it would look for
a translation of the report name (e.g. report_timeout_test)
like so `I18n.t("reports.#{type}.title")`, then get an
error because the translation did not exist.

This is fixed by using `Report.stubs` instead, which is
cleaned up after every test.
2024-09-11 15:24:19 +10:00
Osama Sayegh
d760403bfd
DEV: Fix the build on github (#28831) 2024-09-11 07:52:23 +08:00
Keegan George
f2059bf15f
FIX: Form template limit validation (#28791) 2024-09-10 08:11:44 -07:00
Osama Sayegh
0a994a9221
FEATURE: Add setting to exclude groups from /about page (#28809)
This commit adds a new `about_page_hidden_groups` setting to exclude members of specific groups from the admin and moderator lists on the /about page.

Internal topic: t/137717.
2024-09-10 14:43:41 +03:00
Martin Brennan
14b436923c
FEATURE: Switch to new methods of pageview measurement and reporting (#28729)
### UI changes

All of the UI changes described are gated behind the `use_legacy_pageviews`
site setting.

This commit changes the admin dashboard pageviews report to
use the "Consolidated Pageviews with Browser Detection" report
introduced in 2f2da72747 with
the following changes:

* The report name is changed to "Site traffic"
* The pageview count on the dashboard is counting only using the new method
* The old "Consolidated Pageviews" report is renamed as "Consolidated Legacy Pageviews"
* By default "known crawlers" and "other" sources of pageviews are hidden on the report

When `use_legacy_pageviews` is `true`, we do not show or allow running
the "Site traffic" report for admins. When `use_legacy_pageviews` is `false`,
we do not show or allow running the following legacy reports:

* consolidated_page_views
* consolidated_page_views_browser_detection
* page_view_anon_reqs
* page_view_logged_in_reqs

### Historical data changes

Also part of this change is that, since we introduced our new "Consolidated
Pageviews with Browser Detection" report, some admins are confused at either:

* The lack of data before a certain date , which didn’t exist before
  we started collecting it
* Comparing this and the current "Consolidated Pageviews" report data,
  which rolls up "Other Pageviews" into "Anonymous Browser" and so it
  appears inaccurate

All pageview data in the new report before the date where the _first_
anon or logged in browser pageview was recorded is now hidden.
2024-09-10 09:51:49 +10:00
Guhyoun Nam
aacd354de5
FEATURE: Added Category Experts unapproved post WebHook Event (#28802)
This PR is adding a Category Experts unapproved WebHook event type.
2024-09-10 07:56:35 +09:00
David Taylor
7d8974d02f
UX: Upgrade to fontawesome 6.6.0 (#28778)
This upgrade is designed to be fully backwards-compatible. Any icon names which have changed will be automatically remapped to the new name. For now, this will happen silently. In future, once core & official themes/plugins have been updated, we will start raising deprecation errors to help theme/plugin authors update their code.

Extracted from https://github.com/discourse/discourse/pull/28715

Announcement at https://meta.discourse.org/t/were-upgrading-our-icons-to-font-awesome-6/325349

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2024-09-09 14:40:56 +01:00
Linca
aab2987438
FEATURE: Log tag group changes in staff action log (#28787)
* FEATURE: Log tag group changes in staff action log

This commit records every change (add, change, delete) to a tag group in
the staff action log.

It uses a modal that was originally called ThemeChangeModal to display
changes, allowing staffs to see the specific changes clearly. The modal
is renamed to StaffActionLogChangeModal in this PR.

ref: https://meta.discourse.org/t/-/325011/14

Co-authored-by: Keegan George <kgeorge13@gmail.com>
2024-09-09 10:50:48 +08:00
Sérgio Saquetim
f8e3a90ab9
DEV: Forces custom search filter matchers to be case insensitive (#28785) 2024-09-06 12:30:51 -03:00
Jarek Radosz
02f8396cfc
DEV: Remove register_color_scheme api (#28777)
This was added 10 years ago, but currently there's not a single use in our public and private plugins and no reference in third-party plugins on github
2024-09-06 17:26:53 +02:00
Gabriel Grubba
a98d3d40f2
FEATURE: Add user to topic_tags_changed event (#28714)
* FEATURE: Add user to topic_tags_changed event

Add user to topic_tags_changed event context
Update automation plugin with new arguments in event
Update tests for new arguments

relates to https://github.com/discourse/discourse-chat-integration/pull/214

* DEV: change variable name for better readability

changed `tags` to be payload and used `values_at` to get the values of the keys
2024-09-06 11:23:30 -03:00
Osama Sayegh
d642020b0f
FIX: Add traffic info footer to the new /about page (#28779)
This commit adds the traffic info footer that currently exists on the old /about page to the new one.
2024-09-06 15:05:46 +03:00
Osama Sayegh
722c008adb
FEATURE: Add 'Edit this page' link at the top of the new /about page (#28766)
This commit adds a link to the top of the new /about page, shown to admins only, to allow them to easily navigate to `/admin/config/about` where they can edit the /about page.

Internal topic: t/137546.
2024-09-06 13:35:30 +03:00
Ted Johansson
776b4ec8e2
DEV: Remove old problem check system - Part 1 (#28772)
We're now using the new, database-backed problem check system. This PR removes parts of the old, Redis-backed system that is now defunct.
2024-09-06 17:00:25 +08:00
Loïc Guitaut
e94707acdf DEV: Drop WithServiceHelper
This patch removes the `with_service` helper from the code base.
Instead, we can pass a block with actions directly to the `.call` method
of a service.

This simplifies how to use services:
- use `.call` without a block to run the service and get its result
  object.
- use `.call` with a block of actions to run the service and execute
  arbitrary code depending on the service outcome.

It also means a service is now “self-contained” and can be used anywhere
without having to include a helper or whatever.
2024-09-05 09:58:20 +02:00
Sérgio Saquetim
7c3ad27de6
DEV: Remove the old header widgets code (#28390)
Remove the header widget code.

More info can be found in https://meta.discourse.org/t/upcoming-header-changes-preparing-themes-and-plugins/296544
2024-09-04 14:50:53 -03:00
Osama Sayegh
280adda09c
FEATURE: Support designating multiple groups as mods on category (#28655)
Currently, categories support designating only 1 group as a moderation group on the category. This commit removes the one group limitation and makes it possible to designate multiple groups as mods on a category.

Internal topic: t/124648.
2024-09-04 04:38:46 +03:00
Penar Musaraj
8c19104866
FIX: Passkey login when Discourse used as SSO provider (#28672)
Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
2024-09-03 11:46:23 -04:00
Joffrey JAFFEUX
e418f7056f
FIX: prevents PM to large groups (#28681)
This commit introduces a new hidden site setting: `group_pm_user_limit`, default to `1000` which will raise an error when attempting to create a PM target a large group.
2024-09-03 12:08:14 +02:00
David Taylor
80b9c280ba
DEV: Switch to pnpm for JS dependencies (#28671)
This will bring significant improvements to install speed & storage requirements. For information on how it may affect you, see https://meta.discourse.org/t/324521

This commit:
- removes the `yarn.lock` and replaces with `pnpm-lock.yaml`
- updates workspaces to pnpm format
- adjusts package dependencies to work with pnpm's stricter resolution strategy
- updates Rails app to load modules from more specific node_modules directories
- adds a `.pnpmfile` which automatically cleans up old yarn-managed `node_modules` directories
- updates various scripts to call `pnpm` instead of `yarn`
- updates patches to use pnpm's native patch system instead of patch-package
- adds a patch for licensee to support pnpm
2024-09-03 10:51:07 +01:00
Loïc Guitaut
9b4b5b5028 FIX: Return proper results when searching for a topic in Japanese
Currently, when the default locale is Japanese, the search for a topic
using its URL, path or ID doesn’t work as expected. It will either
return wrong results or no result at all.

The problem lies with how we process the provided terms in Japanese
mode. For example, if `http://localhost/t/-/55` is provided, currently
this will result in `http localhost t 5 5` to be searched for.

This patch addresses the issue by checking whether the provided term
needs segmenting. If the provided term is a number, or a path or a full
URL, then it doesn’t need segmenting. When that happens we skip the
processing we normally apply for Japanese, making the search return the
expected results.
2024-09-03 09:48:58 +02:00
Natalie Tay
cc873977ec
DEV: Ensure unique notification level per tag user (#28638)
TagUser.rb is used to set user notification levels for a tag, we don't have a unique index on the notification level itself. This means that there might be some weird case where a user may have multiple of the same notification level on a tag.

This PR adds a migration which de-duplicates this based on defaults, where we keep the earliest record in the event there is multiple notification level per-user-per-tag.
2024-09-03 15:43:02 +08:00
Kelv
a455567f9e
DEV: make UserPassword 1:1 to User (#28528)
* add data migration to keep only unexpired or most recently expired user password
* refactor to 1:1 relationship between User and UserPassword
* add migration to remove redundant indexes on user passwords
2024-09-03 11:09:33 +08:00
Krzysztof Kotlarek
7577231ba2
DEV: the ability to define setting areas (#28570)
A new setting attribute is used to define the areas (separated by `|`).

In addition, endpoint `/admin/config/site_settings.json` accepts new `filter_area` data.
2024-09-03 09:25:45 +10:00
Guhyoun Nam
050c665160
FEATURE: Added Category Experts approved WebHook Event (#28525)
This PR is adding a Category Experts WebHook event type.
2024-09-03 06:59:15 +09:00
Joffrey JAFFEUX
b4f8ea6ade
FIX: correctly pass updateGroupings to the modal (#28683)
A previous refactor has moved this function in the controller instead of the route making it inaccessible to the modal.

This commit is fixing this and also adding a spec.
2024-09-02 17:32:18 +02:00
David Battersby
997fbc9757
FEATURE: Add ability to watch chat threads (#28639)
This change introduces a new thread notification level allowing users to get notified when someone replies to the thread.

Users who watch a thread will get a green notification on the chat icon and a user notification (blue). User notifications are consolidated based on thread id to prevent cluttering the original users notification area.

---------

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-09-02 16:45:55 +04:00
Joffrey JAFFEUX
b0059c735c
DEV: uses context blocks (#28658) 2024-08-30 11:26:15 +02:00
Joffrey JAFFEUX
d81fc1448b
DEV: implements register_modifier(:custom_homepage_enabled) (#28657)
This commit will allow plugin developers to enable/disable the custom homepage.

Usage:

```ruby
register_modifier(:custom_homepage_enabled) do |enabled, args|
  true
end 
```

Args might contain request and/or current_user.
2024-08-30 11:06:07 +02:00
Martin Brennan
361e954c55
UX: Change admin plugins list to follow UI guidelines (#28478)
This commit introduces a little bit of duplication
since the old plugin UIs not using the new plugin show
page look different from ones like AI and Gamification
which have been converted. We can use the new admin
header component on the plugins list, but for the other
pages we are manually rendering a breadcrumb trail and
the list of plugin tabs.

Over time as we convert more plugins to use the new UI
guidelines and show page we can get rid of this duplication.
2024-08-30 14:53:36 +10:00
Bianca Nenciu
1f206349fd
DEV: Split slow test in multiple smaller tests (#28646)
* DEV: Split slow test in multiple smaller tests

This might be faster because the  smaller chunks of the test may run in
parallel.

* DEV: Fabricate reviewables only once
2024-08-30 14:47:29 +10:00
Martin Brennan
daa06a1c00
DEV: Improve external upload debugging (#28627)
* Do not delete created external upload stubs for 2 days
  instead of 1 hour if enable_upload_debug_mode is true,
  this aids with server-side debugging.
* If using an API call, return the detailed error message
  if enable_upload_debug_mode is true. In this case the user
  is not using the UI, so a more detailed message is appropriate.
* Add a prefix to log messages in ExternalUploadHelpers, to
  make it easier to find these in logster.
2024-08-30 10:25:04 +10:00
Joffrey JAFFEUX
4f705b3146
FIX: ensure About#stats uses the cache (#28634)
Prior to this fix we were calling `fetch_stats` which is never checking if we have a cache entry. This call is making a lot of SQL calls, so it's better to use the cache.
2024-08-29 12:16:57 +02:00
Ted Johansson
bfad9a7170
DEV: Gracefully handle an array of IDs passed to Topics#show (#28631)
We're seeing a lot of log noise coming from unhandled exceptions stemming from requests to TopicsController#show where id is passed in as an array.

In the implementation of the method, we assume that if id is present it will be a string. This is because one of the routes to this action uses :id as a URL fragment, and so must be a string. However, there are other routes that go to this endpoint as well. Some of them don't have this URL fragment, so you can pass an arbitrary id query parameter.

Instead of a downstream unhandled exception, we raise a Discourse::InvalidParameters upfront.
2024-08-29 14:22:42 +08:00
Krzysztof Kotlarek
b90b56f953
FIX: do not enforce 2fa when an account is created with OAuth (#28625)
In this PR we introduced a new setting `enforce_second_factor_on_external_auth` which disables enforce 2FA when the user is authenticated with an external provider.

https://github.com/discourse/discourse/pull/27506

However, with the first registration with an external provider, we authenticate the user right after activation. In that case, we need to also keep information that the user was authenticated with an external OAuth provider.
2024-08-29 11:19:04 +10:00
Joffrey JAFFEUX
6f91014d64
FIX: correctly filter user bookmarks (#28612)
We were not updating `searchTerm` when changing the input which was making us always send an empty q parameter.

This commit is also adding tests for:
- initial url with q param
- filtering the bookmarks through the input
2024-08-28 15:39:07 -04:00
Loïc Guitaut
d26d45540e DEV: Use run_successfully matcher in service specs 2024-08-28 16:30:09 +02:00
Jan Cernik
b092ccbdc5
UX: Add progress bar to the registration flow (#27694) 2024-08-28 08:43:39 -03:00
Krzysztof Kotlarek
80449d39d3
FIX: Flaky flags spec (#28591)
Because of caching, whenever flags are created, they have to be destroyed to not modify the state.
2024-08-28 17:03:43 +10:00
Martin Brennan
4f0fe92195
UX: Add group link to category permission row (#28560)
Makes it easier to reach the group from the category security
tab, and moves the trash button to the right to avoid misclicks.

Also converts the category permission row to gjs
2024-08-28 16:11:16 +10:00
Gabriel Grubba
c8f5445030
Revert "DEV: Removal of create_post_for_category_and_tag_changes setting (#28…" (#28587)
This reverts commit fc33826dc5.
2024-08-27 16:19:51 -03:00
Penar Musaraj
ee3b175373
DEV: Ignore invalid tag parameter in TagsController (#28557)
This had no effect in the app, but it was resulting in errors in the logs.
2024-08-27 12:06:54 -04:00
Loïc Guitaut
31c0a08f8a DEV: Fix RSpec service matchers when a model is not found
This is a follow-up of d749227e87.

This patch checks if the key `not_found` is present on the result object
instead of calling `#blank?` on the model, as it can trigger an
`ActiveRecord` relation.
2024-08-27 15:35:40 +02:00
Jan Cernik
437d7a0ad1
FIX: Endless loading post history (#28425) 2024-08-27 09:33:13 -03:00
Ted Johansson
ac5964c402
DEV: Fix flaky profile spec by waiting for request to finish (#28573)
To test the restricted routing when filling up required fields, we fill up the field and then navigate to the root path and checking that we're not redirected.

This is somewhat flaky, and the screenshot shows we are back at the profile page, without any prompt to fill up fields.

My hypothesis is in cases where the backend is "slow" to respond, we're navigating away from the page before the request finishes (which will redirect back to the profile page.)

This PR adds an expectation after saving, to wait until the unrestricted profile page is rendered, before navigating away.
2024-08-27 16:15:30 +08:00
Alan Guo Xiang Tan
82b50ab7a7
DEV: Skip failing system test on CI (#28568) 2024-08-27 10:33:42 +08:00
Osama Sayegh
6161b1796b
DEV: Change number of displayed admins/mods on the new about page to 6 (#28566)
This commit changes the cutoff number for the admins and mods lists on the new /about page from 12 to 6. If the admins or mods lists are bigger than 6, the about page will display the 6 most recently seen admins/mods, and tuck the rest away behind a "view more" button.
2024-08-27 04:57:46 +03:00
Martin Brennan
193dcc48fb
DEV: Fix flaky site text spec (#28565)
Followup a16faa27cd

I18n and translation overrides were not reset
between specs which led to the wrong text being
searched for in assertions
2024-08-27 09:47:34 +08:00
Krzysztof Kotlarek
df6c152fa1
UX: flag settings tab to follow UI guidelines (#28479)
Add settings tab to flags moderation page.
2024-08-27 09:47:19 +10:00
Penar Musaraj
fe3d82a44a
FIX: Respect the End key when last post is already rendered (#28524)
Given we are a single-page-app, we hijack the browser's default behavior
for keyboard shortcuts like End because on long topics (20+ posts) we
need to load the last post before really reaching the end of the page.

However, when the last post is already rendered, the End shortcut
currently does nothing, it takes the user to the start of the last post.
If that post is too long, the user will have to scroll down manually.

This change ensures that if the last post of a topic is already rendered
(whether it is in the viewport or not), pressing End will take the user
to the very bottom of the page.

Note for the reviewer: the test added here is for the general case, it
is too hard to test the case where the last post is already rendered,
that isn't covered here.
2024-08-26 14:39:30 -04:00
Jan Cernik
b0f6d074be
FIX: Destroy draft when clicking the Discard button (#28552) 2024-08-26 12:49:26 -03:00
Osama Sayegh
5eea7244c7
FIX: Add users to user directory on account activation (#28505)
Follow-up to e3ae57ea7a

The previous commit added an `after_create` callback that triggers a refresh for the user directory whenever a `User` record is created. Theoretically, this approach should work, however, there's a gotcha in practice, because during a real user registration, when the `User` record is created in the database, it's not marked as active until the user verifies their email address and the user directory excludes inactive users, so the initial directory refresh triggered by the `after_create` callback becomes pointless.

To make a new user appear in the user directory immediately after sign up, we need to trigger a refresh via an `after_save` callback when they verify their email address and become active.
2024-08-26 18:01:24 +03:00
Loïc Guitaut
cda596601b FIX: Return properly interpolated translations for flags
Currently, `FlagSerializer#short_description` properly provides
`base_path` to its translations, but `FlagSerializer#description` does
not. This breaks the link to guidelines when flagging a post, for
example.

This patch provides `base_path` for `FlagSerializer#description` too.
2024-08-26 16:46:30 +02:00
Joffrey JAFFEUX
f7990ec8f6
FIX: prevents topic hot scope error on future topics (#28545)
Prior this fix a topic created in the future could generate this exception:

```
Job exception: ERROR:  a negative number raised to a non-integer power yields a complex result
```

This fix and spec should ensure we don't consider topics in the future as the rest of the `update_scores` function is doing at other places.
2024-08-26 14:07:31 +02:00
Ted Johansson
981110d96e
FIX: Fix incorrect check for required custom fields (#28541)
This check was checking the wrong scope, causing problems in certain edge conditions, for example:

1. Admin adds an "on signup" field that isn't editable after signup.
2. Admin adds a "for all users" field.
3. User goes and fills up the "for all users" field from 2.
4. User is now stuck on the required fields page without any fields showing.

With this change, we only consider "for all users" fields when asking if required custom fields are filled in.
2024-08-26 15:33:19 +08:00
Martin Brennan
0803e2d237
DEV: Add select_range to composer page object (#28539)
Covers the use case of doing this in composer:

```javascript
page.execute_script("document.querySelector('.d-editor-input').setSelectionRange(6, 12);")
```
2024-08-26 14:50:14 +10:00
Martin Brennan
a16faa27cd
FEATURE: Allow showing site text search in selected locale (#28453)
When searching for site texts for admin using the english
version of the text, previously we would show the english
version in the results _even if_ there was another locale
translated version available when a locale was selected
from the dropdown.

This commit adds a "Only show results in selected locale"
checkbox option which will instead make it so the results
shown are in the target locale, making it easier for translators
to tell when there is actually translations vs. missing tranlsations.
2024-08-26 11:25:36 +10:00
Martin Brennan
e58e7a49f5
FIX: Bookmark reminder was clearing incorrectly (#28506)
Followup 76c56c8284

The change introduced above made it so the expired
bookmark reminders were cleared when using the bulk
action menu for bookmarks. However this also affected
clearing reminders for bookmarks when sending notifications.

When clearing bookmark reminders after sending notifications,
we take into account the auto delete preference:

* never          - The bookmark `reminder_at` date should not be cleared,
                   and the bookmark is kept.
* clear_reminder - The bookmark `reminder_at` date is cleared and
                   the bookmark is kept

The `never` option made it so "expired" bookmark reminder show
on the user's bookmark list.

This commit fixes the change from the other commit and only
forces clearing of `reminder_at` if using the bookmark bulk
action service.
2024-08-26 09:17:39 +10:00
Blake Erickson
274e18622e
FIX: Video uploads sometimes hang indefinitely (#28523)
If there is a codec issue or something trying to process a video file
for thumbnail generation, uploads could hang indefinitely. This fix
  ensures that we continue the upload process even if we encounter an
  error trying to generate a thumbnail for it.
2024-08-23 15:58:54 -06:00
Osama Sayegh
a7cd523faf
FIX: Refresh the edit tag section when navigating to another tag (#28519)
If you’re viewing a tag and you switch to a different tag via the sidebar or the tags dropdown, after expanding the info section of the tag page via the wrench button, the info section keeps showing the previous tag's details instead of the new one.

This happens because the tag info section makes an ajax request to load the tag's details, and this request is made inside the `didInsertElement` hook which is only fired once when the component is rendered. To fix this, we need to set the result from the ajax request to null and add a `didUpdateAttrs` hook to trigger another request to load the info of the new tag.

Internal topic: t/134809.
2024-08-23 20:08:24 +03:00
Joffrey JAFFEUX
fee8caf529
FIX: correctly reset form before destroying it (#28516)
This change is preventing the "is dirty check" from happening when clicking delete on this form. This was not good UX and was also causing bugs by leaving the form in a unexpected state.
2024-08-23 14:58:31 +02:00
Alan Guo Xiang Tan
21bb28df91
PERF: Ensure suggested topics is only loaded on last page of topic view (#28507)
This commit improves `TopicsController#show` to not load suggested and
related topics unless it is the last page of the topic's view.
Previously, we avoided loading suggested and related topics by the use
of conditionals in the `TopicViewSerializer` to avoid calling
`TopicView#suggested_topics` and `TopicView#related_topics`. However,
this pattern is not reliable as the methods can still be called from
other spots in the code base. Instead, we ensure that
`TopicView#include_suggested` and `TopicView#include_related` is set
correctly on the instance of `TopicView` which ensures that for the
given instance, `TopicView#suggested_topics` and
`TopicView#related_topics` will be a noop.
2024-08-23 16:10:50 +08:00
Sam
7ab7e6bb23
FEATURE: allow plugins to specify keyboard shortcuts for hidden toolbar items (#28456)
Previous to this change there is no clean way to apply keyboard shortcuts
to things such as "add poll" and other hidden options in the toolbar

This allows shortcuts to be specified similar to how they are on the toolbar



Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-08-23 09:28:28 +10:00
Blake Erickson
b53df4d884
FIX: Videos not uploading due to thumbnail generation error (#28493)
If we don't get a `videoWidth` back for a video don't try and generate a
thumbnail for it.

Also as part of this change I switched getImageData, the function
throwing the error, to use video.videoWidth instead of canvas.width
because it's very likely we were setting canvas.width too early before
the width could be read. Now that we are reading the value inside of the
setTimeout hopefully we will actually have a width. Just incase we don't
detect a width we will now exit early instead of throwing an error.

We only need to check for `0` and not null because the value is an
integer and will always return a 0 if it can't be read. https://developer.mozilla.org/en-US/docs/Web/API/HTMLVideoElement/videoWidth

See https://meta.discourse.org/t/322363
2024-08-22 13:35:18 -06:00
锦心
ac365a86a2
FIX: Trigger user_logged_out event when the user logs out (#28482)
What did this fix?
===============

Previously, we only triggered this event in the `user.logged_out` method.
This resulted in the event being triggered only when the user was logged
out by the administrator or the site had strict logout mode enabled.
This bug affected customers who managed user status via webhooks.

meta topic: https://meta.discourse.org/t/user-log-out-event-not-triggered-in-webhooks/249464
2024-08-22 21:48:27 +08:00
Osama Sayegh
67cde14a61
DEV: Use Service::Base for suspend and silence actions (#28459)
This commit moves the business logic in the `Admin::UsersController#suspend` and `Admin::UsersController#silence` actions to dedicated service classes. There's no functional changes in this commit.

Internal topic: t/130014.
2024-08-22 14:38:56 +03:00
Jan Cernik
5090a56aa2
UX: Show topic map in topics without replies by default (#28468) 2024-08-21 17:41:50 -03:00
Renato Atilio
676f0897ac
FIX: subfolder account activation (#28463) 2024-08-21 13:50:38 -03:00
Osama Sayegh
10ae7ef44a
FEATURE: Add estimated number of global and EU visitors to the about page (#28382)
This commit implements 2 new metrics/stats in the /about page for the _estimated_ numbers of unique visitors from the EU and the rest of the world. This new feature is currently off by default, but it can be enabled by turning on the hidden `display_eu_visitor_stats` site settings via the rails console.

There are a number of assumptions that we're making here in order to estimate the number of unique visitors, specifically:

1. we're assuming that the average of page views per anonymous visitor is similar to the average number of page views that a logged-in visitor makes, and
2. we're assuming that the ratio of logged in visitors from the EU is similar to the ratio of anonymous visitors from the EU

Discourse keeps track of the number of both logged-in and anonymous page views, and also the number of unique logged-in visitors and where they're from. So with those numbers and the assumptions above, we can estimate the number of unique anonymous visitors from the EU and the rest of the world.

Internal topic: t/128480.
2024-08-21 00:03:42 +03:00
Ted Johansson
948e7bd55e
DEV: Allow disabling problem checks programatically (#28440)
We need a way to disable certain checks programatically, e.g. on Discourse hosting. This PR adds a configuration option for this, and makes it so that disabled checks aren't run as part of #run_all.
2024-08-20 16:42:06 +02:00
Loïc Guitaut
0636855706 DEV: Allow using an AR relation as a model in services
This patch allows using an AR relation as a model in services without
fetching associated records. It will just check if the relation is empty
or not. In the former case, the execution will stop at that point, as
expected.
2024-08-20 16:32:46 +02:00
Osama Sayegh
db6eff7be9
DEV: Allow custom site activity items in the new /about page (#28400)
This commit introduces a new frontend API to add custom items to the "Site activity" section in the new /about page. The new API is called `addAboutPageActivity` and it works along side the `register_stat` serve-side API which serializes the data that the frontend API consumes. More details of how the two APIs work together is in the JSDoc comment above the API function definition.

Internal topic: t/128545/9.
2024-08-20 16:16:05 +03:00
Osama Sayegh
35b748e7f4
FIX: Don't show silence button on staff users and display similar users (#28423)
This commit fixes a bug where the silence button is incorrectly displayed on the admin page of a staff user. It's not actually possible to silence a staff user because the backend correctly prevents it, but the frontend isn't checking if the button should be displayed.

Another small bug that this commit fixes is the similar users list not showing up inside the silence/suspend modals due to also a bug in the frontend.

I've also changed the way similar users are loaded so that they're not returned by the `admin/users#show` endpoint anymore and moved them into a new endpoint that the penalize modals (suspend and silence) can call directly to retrieve the list of users. This is done because the similar users list is never shown on the admin user page (`/admin/users/:user_id/:username`); they're only needed when the suspend or silence modals are opened.

Internal topic: t/130014.
2024-08-20 15:27:29 +03:00
Martin Brennan
e9b427ff53
FEATURE: Change default for push_notification_time_window_mins (#28431)
Currently the push_notification_time_window_mins is set to 10
minutes by default. We want to change this to 1 minute, which is the
delay it has been set to on meta and our internal site already for over
a year now.

This conforms to the expectation users have that notifications are
delivered close to immediately.
2024-08-20 15:46:07 +10:00
Martin Brennan
1446596089
UX: Apply admin interface guidelines to Backups page (#28051)
This commit converts the Backups page in the admin interface
to follow our new admin interface guidelines.

As part of this work, I've also made `AdminPageHeader` and `AdminPageSubheader`
components that can be reused on any admin page for consistency, that handle
the title and action buttons and also breadcrumbs.

Also renamed `AdminPluginFilteredSiteSettings` to `AdminFilteredSiteSettings` since
it can be used generally to show a subset of filtered site settings, not only
settings for a plugin. Not sure if it's ideal to have to define a new route for this
for every config area, but not sure how else to do it right now.
2024-08-20 09:59:43 +10:00
Joffrey JAFFEUX
5b17e85fe1
FIX: broken mentioned users with capitalized usernames (#28421)
This commit fixes two codepaths which where incorrectly working with capitalized usernames as we were doing a mix of username_lower and non lower username.

Also adds two specs for these cases.
2024-08-19 20:57:45 +02:00
Loïc Guitaut
86f1c177d6 DEV: Remove unnecessary freedom patches
This patch removes two freedom patches:

- `mail_disable_starttls.rb`: this has been fixed in the 2.8 release of
  the mail gem, so we don’t need it anymore.
- `rails4.rb`: those methods have been deprecated for a while now and
  should have been dropped with Discourse v3.2.
2024-08-19 12:06:54 +02:00
Alan Guo Xiang Tan
9d5f4bf2f1
DEV: Add tests for Guardian#is_developer? (#28419)
DEV: Add tests for `Guardian#is_developer?`

Follow up to e1c4cf2566
2024-08-19 14:20:09 +08:00
Martin Brennan
31a6d24053
FEATURE: Unseen feature indicator in admin sidebar (#28397)
This commit adds a blue dot next to the "What's New"
link in the admin sidebar if the user has not seen the
new features yet, as a followup to 3e5976f843
which removed the tab on the dashboard that had this same
functionality.

When the admin visits the "What's New" page they count
as having seen all the features straight away. This could
be something we want to change, but for now this keeps the
same functionality.
2024-08-19 14:50:30 +10:00
Guhyoun Nam
9c1812e071
FEATURE: add system_user_max_attachment_size_kb site setting (#28351)
* System user attachment size WIP

* spec check

* controller update

* add max to system_user_max_attachment_size_kb

* DEV: update to use static method for `max_attachment_size_for_user`

add test to use large image.
add check for failure.

* DEV: update `system_user_max_attachment_size_kb` default value to 0

remove unecessary test.
update tests to reflect the new default value of `system_user_max_attachment_size_kb`

* DEV: update maximum_file_size to check when is an attachment made by a system user

Add tests for when `system_user_max_attachment_size_kb` is over and under the limit
Add test for checking interaction with `max_attachment_size_kb`

* DEV: move `max_attachment_size_for_user` to private methods

* DEV: turn `max_attachment_size_for_user` into a static method

* DEV: typo in test case

* DEV: move max_attachment_size_for_user to private class method

* Revert "DEV: move max_attachment_size_for_user to private class method"

This reverts commit 5d5ae0b715.

---------

Co-authored-by: Gabriel Grubba <gabriel@discourse.org>
2024-08-16 11:03:39 -03:00
Martin Brennan
dbafa10b3c
DEV: Add backup helpers for specs (#28394)
This has been split out from https://github.com/discourse/discourse/pull/28051
so we can use this same code in plugin specs before merging the core PR,
adds some helpers for creating local backup temp files
and cleaning them up.
2024-08-16 14:51:57 +10:00
Martin Brennan
3e5976f843
FEATURE: Always show full page "New Features" to admins (#28383)
We used to show New Features in a tab on the dashboard,
but this could get pushed down the page especially on
our hosting. In 043117ca13
we made a separate What's New page, so this commit removes
the dashboard tab and changes the admin notification to
send the admin to /admin/whats-new instead of the dashboard
tab.
2024-08-16 09:12:24 +10:00
Roman Rizzi
636d05fc20
FEATURE: Allow completely custom score reasons. (#28348)
After this change, a reason won't exclusively be a translation key anymore, but now, it can display a custom reason as well.
2024-08-14 15:53:59 -03:00
Gabriel Grubba
fc33826dc5
DEV: Removal of create_post_for_category_and_tag_changes setting (#28321)
* DEV: Removal of create_post_for_category_and_tag_changes setting

reverting commit: #65f35e1
and adding a migration to remove the setting
ref: t/132320

* DEV: change checks for zeros to check for nils

* DEV: remove create_post_for_category_and_tag_changes migration file

If anything goes wrong, we can always revert back to the previous state.
2024-08-14 12:12:21 -03:00
Osama Sayegh
1bcb5c4e21
UX: Tweak styling for the new /about page (#28367)
Various tweaks the new /about page. Main change is to make it display 3 columns of users instead of 2 when there's enough space.
2024-08-14 14:57:35 +03:00
Osama Sayegh
3704a917a9
FIX: Don't show blank space when there's no banner image (#28366)
This commit fixes a bug in the redesigned about page where if there's no banner image configured for the page, the top of the page where the banner goes is occupied with large white space. Additionally, this commit also fixes a related bug in the admin config area for the /about page where it's not possible to remove the uploaded banner image.
2024-08-14 10:34:34 +03:00
Krzysztof Kotlarek
e82e255531
FIX: serialize Flags instead of PostActionType (#28362)
### Why?
Before, all flags were static. Therefore, they were stored in class variables and serialized by SiteSerializer. Recently, we added an option for admins to add their own flags or disable existing flags. Therefore, the class variable had to be dropped because it was unsafe for a multisite environment. However, it started causing performance problems. 

### Solution
When a new Flag system is used, instead of using PostActionType, we can serialize Flags and use fragment cache for performance reasons. 

At the same time, we are still supporting deprecated `replace_flags` API call. When it is used, we fall back to the old solution and the admin cannot add custom flags. In a couple of months, we will be able to drop that API function and clean that code properly. However, because it may still be used, redis cache was introduced to improve performance.

To test backward compatibility you can add this code to any plugin
```ruby
  replace_flags do |flag_settings|
    flag_settings.add(
      4,
      :inappropriate,
      topic_type: true,
      notify_type: true,
      auto_action_type: true,
    )
    flag_settings.add(1001, :trolling, topic_type: true, notify_type: true, auto_action_type: true)
  end
```
2024-08-14 12:13:46 +10:00
Loïc Guitaut
1e3caeafa0 DEV: Add spec to ensure app works with multiple tagged loggers
When upgrading to Rails 7.1, we had some problems because we were using
several tagged loggers at the same time. They were all added to the main
broadcast logger shipped with Rails, but the Rails 7.1 codebase contains
a bug making a request being run as many times as there are tagged loggers.

The fix was to use the code from the Rails 7.2 codebase.

This patch adds a small spec to ensure the behavior will stay the proper
one in the future.
2024-08-13 18:10:03 +02:00
Krzysztof Kotlarek
559c9dfe0a
REVERT: FIX: serialize Flags instead of PostActionType (#28334) 2024-08-13 18:32:11 +10:00
David Battersby
0954ae70a6
FEATURE: add delay to native push notifications (#28314)
This change ensures native push notifications respect the site setting for push_notification_time_window_mins. Previously only web push notifications would account for the delay, now we can bring more consistency between Discourse in browser vs Hub, by applying the same delay strategy to both forms of push notifications.
2024-08-13 12:12:05 +04:00
Krzysztof Kotlarek
094052c1ff
FIX: serialize Flags instead of PostActionType (#28259)
### Why?
Before, all flags were static. Therefore, they were stored in class variables and serialized by SiteSerializer. Recently, we added an option for admins to add their own flags or disable existing flags. Therefore, the class variable had to be dropped because it was unsafe for a multisite environment. However, it started causing performance problems. 

### Solution
When a new Flag system is used, instead of using PostActionType, we can serialize Flags and use fragment cache for performance reasons. 

At the same time, we are still supporting deprecated `replace_flags` API call. When it is used, we fall back to the old solution and the admin cannot add custom flags. In a couple of months, we will be able to drop that API function and clean that code properly. However, because it may still be used, redis cache was introduced to improve performance.

To test backward compatibility you can add this code to any plugin
```ruby
  replace_flags do |flag_settings|
    flag_settings.add(
      4,
      :inappropriate,
      topic_type: true,
      notify_type: true,
      auto_action_type: true,
    )
    flag_settings.add(1001, :trolling, topic_type: true, notify_type: true, auto_action_type: true)
  end
```
2024-08-13 11:22:37 +10:00
Régis Hanol
d10fd36319
FEATURE: participating users statistics (#28322)
Adds a new statistics (hidden from the UI, but available via the API) that tracks daily participating users.

A user is considered as "participating" if they have

- Reacted to a post
- Replied to a topic
- Created a new topic
- Created a new PM
- Sent a chat message
- Reacted to a chat message

Internal ref - t/131013
2024-08-12 23:47:13 +02:00
Jan Cernik
5b78bbd138
DEV: Convert account activation pages to use Ember (#28206) 2024-08-12 18:02:00 -03:00
Osama Sayegh
1d6e54e54c
DEV: Add admins and moderators sections to the redesigned /about page (#28273)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add sections for showing the site admins and moderators.

The lists of admins and moderators display the 10 most recently seen admins/moderators, with a button to display the rest of admins or moderators. Admins or moderators that have not logged in to the site in the last year will not be shown. Clicking on an admin's or moderator's name/avatar will show their user card.
2024-08-12 16:23:44 +03:00
Loïc Guitaut
84823550d4 DEV: Enable Rails 7.1 defaults 2024-08-12 10:41:13 +02:00
David Taylor
df5561d780
DEV: Ensure deprecation warning banner works in development builds (#28302)
In development, Ember raises an error when previously-used values are updated during a render. This is to avoid 'backtracking', where parts of templates have to be re-rendered multiple times. In general, this kind of pattern should be avoided, and Ember's warning helps us do that.

However, for the deprecation warning banner, it is quite reasonable for some rendering to trigger a deprecation, and thereby require the global-notice to be re-rendered. We can use our `DeferredTrackedSet` to achieve that. Its `.add` method will delay adding an item to the Set until after the current render has completed.
2024-08-09 15:04:05 +01:00
Krzysztof Kotlarek
56524f4bdf
DEV: flaky toggle flag spec (#28292)
Very similar to move up/down flag problem fixed here -  https://github.com/discourse/discourse/pull/28272

Those are the steps to toggle the flag:
1. click toggle - `saving` CSS class is added;
2. request to backend;
3. `saving` CSS class is removed.

And check if the flag was toggle was:
```ruby
def has_saved_flag?(key)
  has_css?(".admin-flag-item.#{key}.saving")
  has_no_css?(".admin-flag-item.#{key}.saving")
end
```
If the save action is very fast, then the saving class is removed before the first check.

Therefore I decided to invert it, and once action is finished add `saved` CSS class.

Then we can have a quick positive check:

```ruby
def has_saved_flag?(key)
  has_css?(".admin-flag-item.#{key}.saved")
end
```
2024-08-09 09:56:10 +10:00
Isaac Janzen
aeaae9babc
DEV: Add user modifier to prevent updating ip_address (#28280) 2024-08-08 13:06:08 -05:00
Penar Musaraj
7c5e3eacda
FEATURE: "Hot" replacing "Top" as default in the top menu (#28252)
This change only applies to instances that have not modified the
`top_menu` site setting.
2024-08-08 13:57:42 -04:00
Isaac Janzen
5b1d9d602f
DEV: Add guardian modifier to prevent sending PM (#28282) 2024-08-08 12:57:13 -05:00
Isaac Janzen
2527f4599d
DEV: Add search_log modifier to prevent search log logging (#28279) 2024-08-08 12:41:10 -05:00
Joffrey JAFFEUX
2fdee7849c
DEV: adds a tooltip system spec component (#28275)
Usage:

```
tooltip = PageObjects::Components::Tooltips.new(identifier)
expect(tooltip).to be_present(text: "Welcome")
expect(tooltip).to be_not_present(text: "Welcome")
tooltip.find(".my-button).click
```
2024-08-08 14:02:00 +02:00
Joffrey JAFFEUX
e79a50d7a9
DEV: adds logo page component (#28276)
Usage:

```
click_logo # globally accessible
PageObjects::Components::Logo.click
PageObjects::Components::Logo.hover
```
2024-08-08 13:52:48 +02:00
Loïc Guitaut
bf3d8a0a94 FIX: Don’t log an error when rendering a 404
Currently, in the list controller, when encountering an unsafe redirect
error, a 404 is rendered. The problem is that it’s done in a way that it
also logs a fatal error (because a `Discourse::NotFound` exception was
raised inside a `rescue_from` block).

This patch addresses that issue by simply rendering a 404 without
raising any error.
2024-08-08 09:21:27 +02:00
Alan Guo Xiang Tan
4c0af24173
DEV: Log a warning message when a MiniScheduler scheduled job is stuck (#28258)
This commit adds a `MiniSchedulerLongRunningJobLogger` class which will
poll every 60 seconds for mini_scheduler jobs which are stuck. When it
detects that a job is stuck, it will log a warning message with the
current backtrace of the thread that is executing the job.

Note that for scheduled jobs which are executed at a frequency of less
than 30 minutes, we will log when the job has been executing for 30
minutes.

For scheduled jobs executed at a frequency of less than 2 hours, we will
log when the job has been executing for a duration greater than its
specified frequency.

For scheduled jobs executed at a frequency greater than 2 hours, we will
log as long as the job has been executing for more than 2 hours.
2024-08-08 12:20:16 +08:00
Krzysztof Kotlarek
db4395d70c
FIX: flaky flags specs when moving up or down (#28272)
Those are the steps to move the flag:
1. open menu;
2. click move up - `saving` CSS class is added;
3. request to backend;
4. `saving` CSS class is removed.

To check if the action was finished we are using this method:
```
def move_up(key)
  open_flag_menu(key)
  find(".admin-flag-item__move-up").click
  has_saved_flag?(key)
  self
end

def has_saved_flag?(key)
  has_css?(".admin-flag-item.#{key}.saving")
  has_no_css?(".admin-flag-item.#{key}.saving")
end
```

However, sometimes specs were failing with `expected to find CSS ".admin-flag-item.spam.saving" but there were no matches`

I think that the problem is with those 2 lines:
```
  find(".admin-flag-item__move-up").click
  has_closed_flag_menu?
```
If the save action is very fast, then the `saving` class is removed before the first check.

Therefore, to determine that the move action is finished, I am checking if the menu is closed.
2024-08-08 09:50:28 +08:00
Loïc Guitaut
e494bafed3 FIX: Unescape URI properly when redirecting to a category
Currently, when a badly named category slug is provided, it can lead to
an infinite redirect.

This patch addresses the issue by properly unescaping `request.fullpath`
so the path is successfully rewritten and the redirect happens as
expected.
2024-08-07 15:53:21 +02:00
carson chang
854b8b7093
FEATURE: Add option to immediately delete stub topics upon merge (#28228)
Currently to handle stub topics after merging, there are only options to (1) never delete a stub topic and (2) delete a stub topic after X amount of days. This adds the option to immediately delete a stub topic upon merge.

---------

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
Co-authored-by: Renato Atilio <renato@discourse.org>
2024-08-07 10:05:40 -03:00
Natalie Tay
a49a6941c6
DEV: Extend /filter's ability to order (#28242) 2024-08-07 16:37:00 +08:00
Osama Sayegh
5dbf812d32
DEV: Add site age and site activities section to the redesigned about page (#28214)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add the site age and a section on the right hand side to show site activities/statistics such as topics, posts, sign-ups, likes etc.
2024-08-07 11:11:41 +03:00
David Taylor
66de6a43a8
FIX: Ensure do-not-disturb icon updates correctly (#28253)
`currentUser.do_not_disturb_until` is a string, so we need to parse it before comparing to the current timestamp
2024-08-06 19:13:13 +01:00
Loïc Guitaut
97cd03d41a FIX: Return additional message types properly
Following a recent refactor, some methods from `FlagSettings` have been
renamed (`custom_types` -> `additional_message_types`). The
`PostActionType` model was using `custom_types` but when the renaming
was done, it was renamed to `with_additional_message` instead of
`additional_message_types`, which under the right circumstances will
raise an error.
2024-08-06 16:01:38 +02:00
Loïc Guitaut
9e9d88f078 DEV: Use rspec mocks to properly verify a race condition
This is a small followup of https://github.com/discourse/discourse/pull/28124.
2024-08-06 15:57:04 +02:00
Krzysztof Kotlarek
2b6c754779
Revert "FIX: Cache all flags multisite-safe (#28204)" (#28236)
This reverts commit 2225c03455.
2024-08-06 10:59:10 +10:00
Krzysztof Kotlarek
fc2259d1c8
FIX: limit the number of custom flags to 50 (#28221)
Admin can create up to 50 custom flags. It is limited for performance reasons.

When the limit is reached "Add button" is disabled and backend is protected by guardian.
2024-08-06 10:50:12 +10:00
Martin Brennan
2225c03455
FIX: Cache all flags multisite-safe (#28204)
This fixes an N1 in topics when loading all flags
and also makes the cache multisite-safe, followup
to fb7cc2d375
2024-08-06 09:59:49 +10:00
Alan Guo Xiang Tan
2492fe7715
FIX: Set sane default for Net::HTTP when processing a request (#28141)
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
2024-08-06 07:12:42 +08:00
Ted Johansson
6d1c2a3d5a
FIX: Don't clear inline problems when loading admin dashboard (#28220)
We support a low-level construct called "inline checks", which you can use to register a problem ad-hoc from within application code.

Problems registered by inline checks never show up in the admin dashboard, this is because when loading the dashboard, we run all realtime checks and look for problems. Because of an oversight, we considered inline checks to be "realtime", causing them to be run and clear their problem status.

To fix this, we don't consider inline checks to be realtime, to prevent them from running when loading the admin dashboard.
2024-08-05 11:45:55 +08:00
Krzysztof Kotlarek
300ef67481
UX: move admin flag form to form-kit (#28187)
Rewrite the admin flag form to use FormKit. This is a draft because waiting for Checkbox improvements.
2024-08-05 11:01:25 +10:00
David Battersby
6ec8728ebf
DEV: refactor live notifications setting in user preferences (#28145)
This change is mainly a refactor of the desktop notifications service to improve readability and have standardised values for tracking state for current user in regards to the Notification API and Push API.

Also improves readability when handling push notification jobs, especially in scenarios where the push_notification_time_window_mins site setting is set to 0, which will allow sending push notifications instantly.
2024-08-02 17:25:15 +04:00
David Taylor
11369018b6
DEV: Stop storing theme-transpiler on filesystem in development (#28198)
We were writing theme-transpiler JS files to the filesystem on a per-process basis, and then immediately reading them back in. Plus, there was no cleanup mechanism, so the tmp directory would grow indefinitely.

This commit refactors things so that the `build.js` script outputs the theme-transpiler source to stdout. That way, we can read it directly into the process, and then into mini-racer, without needing to go via the filesystem. No cleanup required!

In production, the theme-transpiler is still cached in a file during `assets:precompile`
2024-08-01 17:59:34 +01:00
Joffrey JAFFEUX
a6eba4b203
DEV: prevents chrome to ask for fav search engine (#28192) 2024-08-01 15:49:07 +02:00
Martin Brennan
77081de027
FIX: Badge image uploader (#28188)
In the formkit conversion in 2ca06ba236
we missed setting a type for the UppyImageUploader for badges. Also,
we were not passing down the `image_url` as form data, so when we used
`data.image` for that field the badge was not updating in the UI after
page loads and the image URL was not loading for preview.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-08-01 15:36:17 +02:00
Blake Erickson
6ee6b1f1d1
DEV: Add validation for allowed iframes setting (#28178)
- Adds a validator for the allowed iframes site setting
- Adds a migration to update any values that don't pass the validator

Follow up to: 188cb58daa
2024-08-01 06:51:02 -06:00
Sérgio Saquetim
366dfec16c
DEV: Add plugin API to perform actions when the plugin is turned on/off (#28156)
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-31 15:38:10 -03:00
Blake Erickson
30048ab97f
FIX: Video thumbnails for missing videos (#28152)
Skip trying to find a thumbnail if the video src cannot be found.

Bug report: https://meta.discourse.org/t/317423
2024-07-31 10:54:52 -06:00
Joffrey JAFFEUX
9383143bc6
FIX: system badges can be disabled (#28169)
A previous commit mistakenly assumed system badges couldn't be disabled.
2024-07-31 15:28:59 +02:00
Alan Guo Xiang Tan
f3ac2c9b5c
DEV: Fix flaky test (#28163)
Before this commit, running `rspec --seed 22953 --format documentation spec/requests/admin/site_texts_controller_spec.rb:191 spec/lib/freedom_patches/translate_accelerator_spec.rb:109` will fail.

Setting `I18n.config.available_locales` is equivalent to hard coding the
locales for the entire process. It should not be set so that `I18n` will
fallback to `backend.locales`.
2024-07-31 14:06:26 +08:00
Martin Brennan
a47bcfc2f3
DEV: Add RSPEC_EXCLUDE_NOISE_IN_BACKTRACE for rspec (#28160)
Sometimes the backtrace is quite big for failing specs, this env var
(RSPEC_EXCLUDE_NOISE_IN_BACKTRACE) can be set to
1 to remove backtrace from anything but spec or application code in
rspec. This makes it easier to see where the actual failure is
coming from, most of the time all the gem paths are noise.
2024-07-31 14:08:37 +10:00
Ted Johansson
a32390f5dc
FIX: Don't count draft views towards topic view stats (#28162)
When creating a shared draft, we're recording topic view stats on the draft and then pass those on when the draft is published, conflating the actual view count.

This fixes that by not registering topic views if the topic is a shared draft.
2024-07-31 11:10:50 +08:00
Martin Brennan
78f8b7ba99
DEV: Skip flaky topic map spec on CI (#28159) 2024-07-31 13:04:05 +10:00
Krzysztof Kotlarek
5830f2c9a1
FIX: double reviewable items bug (#28161)
When `SiteSetting.review_every_post` is true and the category `require_topic_approval` system creates two reviewable items.
1. Firstly, because the category needs approval, the `ReviewableQueuePost` record` is created - at this stage, no topic is created.
2. Admin is approving the review. The topic and first post are created.
3. Because `review_every_post` is true `queue_for_review_if_possible` callback is evaluated and `ReviewablePost` is created.
4. Then `ReviewableQueuePost` is linked to the newly generated topic and post.

At the beginning, we were thinking about hooking to those guards:
```
  def self.queue_for_review_if_possible(post, created_or_edited_by)
    return unless SiteSetting.review_every_post
    return if post.post_type != Post.types[:regular] || post.topic.private_message?
    return if Reviewable.pending.where(target: post).exists?
...
```
And add something like
```
 return if Reviewable.approved.where(target: post).exists?
```

However, because the callback happens in point 3. before the `ReviewableQueuePost` is linked to the `Topic`, it was not possible.

Therefore, when `ReviewableQueuePost` is creating a `Topic`, a new option called `:reviewed_queued_post` is passed to `PostCreator` to avoid creating a second `Reviewable`.
2024-07-31 12:45:00 +10:00
Loïc Guitaut
335ab115b3 FIX: Return properly interpolated translations for flag types
Currently, descriptions for flag types aren’t interpolated, returning
`%{base_path}` in their string, for example. This breaks the navigation
on the sites.

The behavior changed probably because of an upgrade of Ruby, as two
hashes were passed to `I18n.t` (`vars` and `default`) without using the
splat operator.
2024-07-30 18:30:57 +02:00
Régis Hanol
d5cd669464
FIX: race condition in Discourse.cache.fetch (#28124)
When using `Discourse.cache.fetch` with an expiry, there's a potential for a race condition due to how we read the data from redis.

The code used to be

```ruby
raw = redis.get(key) if !force
entry = read_entry(key) if raw
return entry if raw && !(entry == :__corrupt_cache__)
```

with `read_entry` defined as follow

```ruby
def read_entry(key)
  if data = redis.get(key)
    Marshal.load(data)
  end
rescue => e
  :__corrupt_cache__
end
```

If the value at "key" expired in redis between `raw = redis.get` and `entry = read_entry`, the `entry` variable would be `nil` despite `raw` having a value.

We would then proceed to return `entry` (which is `nil`) thinking it had a value, when it didn't.

The first `redis.get` can be skipped altogether and we can rely only on `read_entry` to read the data from redis. Thus avoiding the race condition and removing the double read operations.

Internal ref - t/132507
2024-07-30 09:08:12 +02:00
Natalie Tay
188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00