Commit Graph

53459 Commits

Author SHA1 Message Date
Natalie Tay
0bf87c5ed8
FIX: Prevent content layout shift on mobile (#26238) 2024-03-19 16:56:32 +08:00
Alan Guo Xiang Tan
4f24e3b3b2
DEV: Support running system tests using chromium and custom chromedriver (#26234)
Why this change?

Google does not yet publish binaries for chrome and chromedriver for
`linux/arm64`. In 484954ec4c, we attempted
to add support for running system tests on `linux/arm64` by switching to
Firefox but our system tests seem to make lots of assumptions about
running on chromium based browsers so there are some tests that don't work in Firefox.

This commit works around the lack of chrome and chromedriver binaries by
doing the following:

1. Adds a `DISCOURSE_SYSTEM_TEST_CHROMIUM` ENV variable which when set to
  `1` will allow us to run system tests using a chromium binary. Chromium
  binaries for `linux/arm64` are available and since Chrome is Chromium based, all of our 
  system tests "should pass" even when running against a Chromium binary. I don't expect 
  this to be perfect but I expect it to be better than running against Firefox. This change buys us time
  until Chrome finally ships binaries for `linux/arm64`.

2. Adds a `DISCOURSE_SYSTEM_TEST_CHROMEDRIVER_PATH` ENV variable to
   allow the chromedriver path to be configured. We need this because
   the [electron project](https://github.com/electron/electron/releases) actually
   releases chromewebdriver for `linux/arm64` so someone running
   `linux/arm64` can download the necessary chromedriver from the
   project instead of relying on selenium-manager.

This change is also important for us to support [discourse_test](https://github.com/discourse/discourse_docker/blob/main/image/discourse_test/Dockerfile) and [discourse_dev](https://github.com/discourse/discourse_docker/blob/main/image/discourse_dev/Dockerfile) images targeted at `linux/arm64`.
2024-03-19 14:47:14 +08:00
Natalie Tay
f30cc5ebed
FIX: Show max tag error and prevent search (#26233)
Show the tag limit and prevent searches when max is 0
2024-03-19 12:47:18 +08:00
Jarek Radosz
11099434b5
DEV: Clean up mobileView/desktopView uses (#26229)
Inspired by a piece of "do not do x if it's not a mobile view" code 🙃
2024-03-18 23:29:42 +01:00
dependabot[bot]
9c3ddd46f0
Build(deps-dev): Bump rouge from 4.2.0 to 4.2.1 (#26231)
Bumps [rouge](https://github.com/rouge-ruby/rouge) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/rouge-ruby/rouge/releases)
- [Changelog](https://github.com/rouge-ruby/rouge/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rouge-ruby/rouge/compare/v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: rouge
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 23:18:54 +01:00
dependabot[bot]
c0be49d4e7
Build(deps-dev): Bump rspec-rails from 6.1.1 to 6.1.2 (#26230)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 6.1.1 to 6.1.2.
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v6.1.1...v6.1.2)

---
updated-dependencies:
- dependency-name: rspec-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 23:18:20 +01:00
Alan Guo Xiang Tan
239b70342f
PERF: Remove unnecessary <link rel="preload"> for theme javascript (#26220)
This is a follow up to e2da72b76c.

Why this change?

According to https://web.dev/articles/preload-critical-assets,

> By preloading a certain resource, you are telling the browser that you would like to fetch it sooner than the browser would otherwise discover it because you are certain that it is important for the current page.

The preload resource hint is meant to tell the browser to fetch
resources that it would not discover upfront or early. However, we are
not using it the right way because we are literally adding the resource
hint right before a `<script>` tag which means the browser would have
discovered the resource even without the resource hint.

What does this change do?

This commit removes the preload resource hint which are added right
before script tags since the optimization here is highly questionable at the expense of making
our initial DOM larger.
2024-03-19 07:03:49 +11:00
chapoi
fe02868a79
UX: chat > fix lock icon in original message link (#26227) 2024-03-18 19:30:36 +01:00
Bianca Nenciu
d78657bf9b
DEV: Fix spec (#26226)
Follow up to commit a90b88af56.
2024-03-18 20:05:56 +02:00
Régis Hanol
4e02bb5dd9
PERF: avoid publishing user actions to the user who did the action (#26225)
We never use that information and this also fixes an issue with the BCC plugin which ends up triggering a rate-limit because we were publishing a "NEW_PRIVATE_MESSAGE" to the user sending the BCC for every recipients 💥

Internal - t/118283
2024-03-18 18:05:46 +01:00
Bianca Nenciu
a90b88af56
PERF: Fix N+1 when searching categories (#26223) 2024-03-18 19:01:17 +02:00
Gabriel Grubba
8ae462c724
FEATURE: add language picker for theme translations in admin UI (#26150)
Allows editing translations of a theme in locales other than the current localy.
2024-03-18 12:00:28 -04:00
David Taylor
5023ff480e
FIX: Ensure dnd icon is updated immediately in glimmer header (#26221)
Adds `@tracked` to the relevant property on the User model so that it is autotracked correctly via the function call `glimmer-header/user-dropdown/notifications#isInDoNotDisturb` -> `models/user#isInDoNotDisturb`.
2024-03-18 14:50:23 +00:00
Alan Guo Xiang Tan
e2da72b76c
PERF: Remove unnecessary <link rel="preload"> (#26219)
Why this change?

According to https://web.dev/articles/preload-critical-assets,

> By preloading a certain resource, you are telling the browser that you would like to fetch it sooner than the browser would otherwise discover it because you are certain that it is important for the current page.

The preload resource hint is meant to tell the browser to fetch
resources that it would not discover upfront or early. However, we are
not using it the right way because we are literally adding the resource
hint right before a `<script>` tag which means the browser would have
discovered the resource even without the resource hint.

What does this change do?

This commit removes the preload resource hint which are added right
before script tags since the optimization here is highly questionable at the expense of making 
our initial DOM larger.
2024-03-18 20:07:29 +08:00
Alan Guo Xiang Tan
27b0ebff4c
DEV: Fix syntax for Link entity header for experimental_preconnect_link_header (#26218)
Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link, the
syntax for multiple links is something like

```
Link: <https://one.example.com>; rel="preconnect", <https://two.example.com>; rel="preconnect", <https://three.example.com>; rel="preconnect"
```

There should be no trailing `;` before the `,`.
2024-03-18 19:49:16 +08:00
dependabot[bot]
85bf6c6833
Build(deps-dev): Bump puppeteer-core from 22.4.1 to 22.5.0 (#26214)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.4.1 to 22.5.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.4.1...puppeteer-core-v22.5.0)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 09:03:29 +01:00
Joffrey JAFFEUX
5e3bc594c6
UX: do not close post text selection on scroll (#26217) 2024-03-18 09:03:13 +01:00
Joffrey JAFFEUX
bbb8595107
PERF: defer loading channels (#26155)
Prior to this change we would pre-load all the user channels which making initial page load slower. This change will make them be loaded right after initial load. In the past this was not possible as the channels would have to be loaded on each page transition. However since about a year, we made the channels to be cached on the frontend and no other request will be needed.

I have decided for now to not show a loading state in the sidebar as I think it would be noise, but we can reconsider this later.

Note given we don't have the channels loaded at first certain things where harder to accomplish. The biggest UX change of this commit is that we removed all the complex logic of computing the best channel to display when you load /chat. We will now store the id of the last channel you visited and will use this id to decide which channel to show.
2024-03-18 08:35:07 +01:00
Joffrey JAFFEUX
0bccdc4dbc
DEV: removes generated documentation (#26207) 2024-03-18 06:58:59 +01:00
Alan Guo Xiang Tan
36cdb1444c
EXPERIMENTAL: preconnect and dns-prefetch resource hints for CDN domains (#26215)
Why this change?

In https://web.dev/articles/preconnect-and-dns-prefetch, it describes
how hinting to the browser to preconnect to domains which we will
eventually use the connection for can help improve the time it takes to
load a page.

We are putting this behind an experimental flag so that we can test and
profile this in a production environment.

What does this change introduce?

Introduce a hidden experimental `experimental_preconnect_link_header`
site setting which when enabled will add the `preconnect` and
`dns-prefetch` resource hints to the response headers for full page load
requests.
2024-03-18 13:45:41 +08:00
David Battersby
d5b944f1de
FEATURE: add chat direct message button to user profile (#26135)
This change adds the chat direct message button to user profiles, similarly to how we use it within the user card.
2024-03-18 11:17:37 +08:00
Alan Guo Xiang Tan
426c035b80
UX: First pass styling experimental objects typed setting editor (#26194)
Why this change?

This is a first pass at styling the editor for creating/editing/updating
an objects typed theme setting. Only the desktop view is being
considered at the current moment.

The objects typed theme setting is still behind a feature flag at this moment so there is no need for us to get the styling perfect. The purpose of this PR is to get us to a state which we can quickly iterate with a designer on.
2024-03-18 10:03:30 +08:00
dependabot[bot]
a95840d39d
Build(deps): Bump rails_multisite from 5.0.1 to 6.0.0 (#26208)
Bumps [rails_multisite]() from 5.0.1 to 6.0.0.

---
updated-dependencies:
- dependency-name: rails_multisite
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:57 +08:00
dependabot[bot]
e5a35baf49
Build(deps-dev): Bump json-schema from 4.1.1 to 4.2.0 (#26212)
Bumps [json-schema](https://github.com/voxpupuli/json-schema) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/voxpupuli/json-schema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/voxpupuli/json-schema/compare/v4.1.1...v4.2.0)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:44 +08:00
dependabot[bot]
d451b149fd
Build(deps): Bump nokogiri from 1.16.2 to 1.16.3 (#26209)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:04:04 +08:00
dependabot[bot]
7d9795a10e
Build(deps-dev): Bump sqlite3 from 1.7.2 to 1.7.3 (#26210)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.2...v1.7.3)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:03:49 +08:00
dependabot[bot]
192874d0a8
Build(deps-dev): Bump shoulda-matchers from 6.1.0 to 6.2.0 (#26211)
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: shoulda-matchers
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:00:29 +08:00
dependabot[bot]
df18da64b3
Build(deps-dev): Bump lefthook from 1.6.6 to 1.6.7 (#26213)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.6 to 1.6.7.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.6...v1.6.7)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 07:55:16 +08:00
Ted Johansson
e2ee70c4e2
FIX: Amend broken Mailgun API key check (#26206) 2024-03-18 09:10:30 +10:00
Martin Brennan
78bafb331a
FEATURE: Allow site settings to be edited throughout admin UI (#26154)
This commit makes it so the site settings filter controls and
the list of settings input editors themselves can be used elsewhere
in the admin UI outside of /admin/site_settings

This allows us to provide more targeted groups of settings in different
UI areas where it makes sense to provide them, such as on plugin pages.
You could open a single page for a plugin where you can see information
about that plugin, change settings, and configure it with custom UIs
in the one place.

In future we will do this in "config areas" for other parts of the
admin UI.
2024-03-18 08:50:39 +10:00
Kris
d0d659e733
UX: update twitter icon, add threads & mastodon (#26203) 2024-03-15 16:48:23 -04:00
Daniel Waterworth
1fbcc6936c
DEV: Regression test for categories N+1 (#26204) 2024-03-15 15:10:37 -05:00
Penar Musaraj
531e33b303
DEV: Allow user api key scope for notifications#totals (#26205)
The `/notifications/totals` route is a stripped down version of `notifications#index`. This just allows the mobile app to use this new route.
2024-03-15 16:06:32 -04:00
Penar Musaraj
8cf2f909f5
DEV: Dedicated route for current user notification counts (#26106)
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-03-15 12:08:37 -04:00
Nat
ad7e3e04f3
Bump version to v3.3.0.beta1 2024-03-15 15:01:58 +08:00
Bianca Nenciu
b425fbc2a2
SECURITY: Generate more category CSS on client
This commit moves the generation of category background CSS from the
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visible to the
current user.
2024-03-15 14:24:11 +08:00
Penar Musaraj
62ea382247
SECURITY: Limit invites params length 2024-03-15 14:24:07 +08:00
Daniel Waterworth
8cade1e825
SECURITY: Prevent large staff actions causing DoS
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
Alan Guo Xiang Tan
003b80e62f
SECURITY: Add rate limits for uploads 2024-03-15 14:24:00 +08:00
Daniel Waterworth
819361ba28
SECURITY: Don't disclose the existence of secret subcategories 2024-03-15 14:23:55 +08:00
dependabot[bot]
085edb170d
Build(deps): Bump sassc-embedded from 1.70.0 to 1.70.1 (#26184)
Bumps sassc-embedded from 1.70.0 to 1.70.1.

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:54 +08:00
dependabot[bot]
f2914bafd3
Build(deps): Bump follow-redirects from 1.15.4 to 1.15.6 (#26191)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:39 +08:00
Alan Guo Xiang Tan
cdba864598
DEV: Support description for properties in objects schema (#26172)
Why this change?

When editing a objects typed theme setting, the input fields which are
rendered should include a description so that the user knows the purpose
of the field which they are changing.

What does this change do?

This change adds support for adding description to each property in the
schema for an object by following a given convention in the locale file.

For a schema like this:

```
objects_setting:
  type: objects
  schema:
    name: section
    properties:
      name:
        type: string
        required: true
      links:
        type: objects
        schema:
          name: link
          properties:
            name:
              type: string
              required: true
              validations:
                max_length: 20
            url:
              type: string
```

Description for each property in the object can be added like so:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name: <description for the name property>
            links:
              name: <description for the name property in link>
              url: <description for the url property in link>
```

If the a description is not present, the input field will simply not
have an description.

Also note that a description for a theme setting can now be added like
so:

```
en:
  theme_metadata:
    settings:
      some_other_setting: <This will be used as the description>
      objects_setting:
        description: <This will also be used as the description>
```
2024-03-15 07:47:42 +08:00
dependabot[bot]
ede6118f69
Build(deps): Bump terser from 5.29.1 to 5.29.2 (#26186)
Bumps [terser](https://github.com/terser/terser) from 5.29.1 to 5.29.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.29.1...v5.29.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:36:08 +08:00
dependabot[bot]
70d27de7fe
Build(deps-dev): Bump esbuild from 0.20.1 to 0.20.2 (#26187)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:52 +08:00
dependabot[bot]
1a7ea82198
Build(deps-dev): Bump lefthook from 1.6.5 to 1.6.6 (#26188)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.5 to 1.6.6.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.5...v1.6.6)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:37 +08:00
dependabot[bot]
31c41dd013
Build(deps): Bump sass-embedded from 1.71.1 to 1.72.0 (#26189)
Bumps sass-embedded from 1.71.1 to 1.72.0.

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:22 +08:00
dependabot[bot]
6901fcd254
Build(deps): Bump json_schemer from 2.2.0 to 2.2.1 (#26190)
Bumps json_schemer from 2.2.0 to 2.2.1.

---
updated-dependencies:
- dependency-name: json_schemer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:08 +08:00
Blake Erickson
70c23f11a9
DEV: Add API scopes for post revisions (#26183)
This commit adds API scopes for reading, modifying, and deleting post
revisions.
2024-03-14 15:24:54 -06:00
Joffrey JAFFEUX
c986f9a947
DEV: adds details/location options to downloadCalendar (#26177)
This will now only be used for google to pre-fill the associated fields in: https://calendar.google.com/calendar/u/0/r/eventedit
2024-03-14 21:32:15 +01:00