Commit Graph

840 Commits

Author SHA1 Message Date
Martin Brennan
849631188f
FEATURE: Allow custom date + time for bookmark reminders (#9185)
A custom date and time can now be selected for a bookmark reminder

The reminder will not happen at the exact time but rather at the next 5 minute interval of the bookmark reminder schedule.

This PR also fixes issues with bulk deleting topic bookmarks.
2020-03-12 10:52:15 +10:00
Martin Brennan
793f39139a
FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071)
* This PR implements the scheduling and notification system for bookmark reminders. Every 5 minutes a schedule runs to check any reminders that need to be sent before now, limited to **300** reminders at a time. Any leftover reminders will be sent in the next run. This is to avoid having to deal with fickle sidekiq and reminders in the far-flung future, which would necessitate having a background job anyway to clean up any missing `enqueue_at` reminders.

* If a reminder is sent its `reminder_at` time is cleared and the `reminder_last_sent_at` time is filled in. Notifications are only user-level notifications for now.

* All JavaScript and frontend code related to displaying the bookmark reminder notification is contained here. The reminder functionality is now re-enabled in the bookmark modal as well.

* This PR also implements the "Remind me next time I am at my desktop" bookmark reminder functionality. When the user is on a mobile device they are able to select this option. When they choose this option we set a key in Redis saying they have a pending at desktop reminder. The next time they change devices we check if the new device is desktop, and if it is we send reminders using a DistributedMutex. There is also a job to ensure consistency of these reminders in Redis (in case Redis drops the ball) and the at desktop reminders expire after 20 days.

* Also in this PR is a fix to delete all Bookmarks for a user via `UserDestroyer`
2020-03-12 10:16:00 +10:00
Jarek Radosz
4e5dd4105c DEV: Fix flaky signed_url_for_path spec
AWS gem uses internally `Time.now` to generate the presigned URLs, so often two consecutive calls with the same params would give different results.
2020-03-10 23:22:26 +01:00
Blake Erickson
6fb4c333b0
FIX: Throw error when removing a user from group fails (#9162)
This commit ensures that an error is thrown when a user fails to be
removed from a group instead of silently failing.

This means when using the api you will receive a 400 instead of a 200 if
there is a failure. The remove group endpoint allows the removal of
multiple users, this change means that if you try to delete 10 users,
but 1 of them fails you will receive a 400 instead of 200 even though
the other 9 were removed successfully. Rather than adding a bunch more
complexity I think this is more than adequate for most use cases.
2020-03-10 15:25:00 -06:00
Jarek Radosz
29b35aa64c
DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
Kane York
218d3f5f44 Add tests for /srv/status behavior 2020-03-09 14:06:13 -07:00
Robin Ward
ec21a15fa7 FIX: Incorrect message when logging in via email
If `hide email address taken` was true, it would always display a
success message, rather than the non-comittal "maybe we emailed that
user" response.
2020-03-09 12:54:33 -04:00
Mark VanLandingham
174764be25
FEATURE: Add embed_set_canonical_url setting (#9134) 2020-03-09 09:31:24 -05:00
Martin Brennan
baea65e4bc
FIX: Embarassing algoriths typo -> algorithms for security keys (#9126) 2020-03-09 09:22:08 +10:00
Bianca Nenciu
20cfa7b810
FIX: Check if auth token exists before revocation (#9095) 2020-03-07 15:04:12 +02:00
David Taylor
ff62911a89
FEATURE: New route for loading multiple user cards simultaneously (#9078)
Introduces `/user-cards.json`

Also allows the client-side user model to be passed an existing promise when loading, so that multiple models can share the same AJAX request
2020-03-06 12:23:22 +00:00
Martin Brennan
29ccdf5d35
FIX: Show a nicer error if name/code missing for TOTP/Security Keys (#9124)
Meta: https://meta.discourse.org/t/improve-error-message-when-not-including-name-setting-up-totp/143339

* when the user creates a TOTP second factor method we want
to show them a nicer error if they forget to add a name
or the code from the app, instead of the param missing error
* also add a client-side check for this and for security key name,
no need to bother the server if we can help it
2020-03-06 14:37:40 +10:00
Robin Ward
e01d5e2adc SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:23:21 -05:00
Robin Ward
79ce7085c2 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:23:21 -05:00
Arpit Jalan
a157f4aaaa Remove invite_admin route. 2020-03-05 06:45:08 +05:30
Martin Brennan
3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
David Taylor
0903aa44bb
FEATURE: Always disable customizations on the /safe-mode route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
romanrizzi
4673f31c75 FIX: Bulk badge awards should work even if the CSV has nil values 2020-02-27 11:08:24 -03:00
Dan Ungureanu
514c22e64b
FIX: Make reviewable claiming work with deleted topics (#9040)
This fixes the case when the reviewed topic is deleted (for example, in
discourse-akismet).
2020-02-25 15:49:23 +02:00
Joffrey JAFFEUX
0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Dan Ungureanu
533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Martin Brennan
97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Robin Ward
fe6fe324c9 FIX: Minor linting issue for future rubocops 2020-02-19 14:04:56 -05:00
Roman Rizzi
9441362c72
FEATURE: Support uploading a csv with either user emails or usernames (#8971) 2020-02-18 10:53:12 -03:00
Robin Ward
d51107e2c9 FIX: If a group is unmentionable, don't render it as mentionable
Now if a group is visible but unmentionable, users can search for it
when composing by typing with `@`, but it will be rendered without the
grey background color.

It will also no longer pop up a JIT warning saying "You are about to
mention X people" because the group will not be mentioned.
2020-02-14 12:29:56 -05:00
Robin Ward
dafa354d3d FIX: Confirm draft_key is present on GET
Also adds a test for the `show` action which did not exist
2020-02-14 11:06:12 -05:00
Robin Ward
bfdd42c53a FIX: Return a 404 when the draft_key is missing
Previously if `draft_key` was missing you'd get a 500 error in the logs.
2020-02-14 10:48:56 -05:00
Régis Hanol
aad46a1aba DEV: remove unused 'composer/parse_html' route 2020-02-14 16:15:34 +01:00
Martin Brennan
e1e74abd4f
FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954)
### UI Changes

If `SiteSetting.enable_bookmarks_with_reminders` is enabled:

* Clicking "Bookmark" on a topic will create a new Bookmark record instead of a post + user action
* Clicking "Clear Bookmarks" on a topic will delete all the new Bookmark records on a topic
* The topic bookmark buttons control the post bookmark flags correctly and vice-versa
Disabled selecting the "reminder type" for bookmarks in the UI because the backend functionality is not done yet (of sending users notifications etc.)

### Other Changes

* Added delete bookmark route (but no UI yet)
* Added a rake task to sync the old PostAction bookmarks to the new Bookmark table, which can be run as many times as we want for a site (it will not create duplicates).
2020-02-13 16:26:02 +10:00
Blake Erickson
965ac3567b FIX: Handle SSO Provider Parse exception
Prevent unnecessary 500 errors from appearing in the logs and return a
422 response instead.
2020-02-12 16:08:04 -07:00
Dan Ungureanu
3f50481188
Improvements to group mentions (#8927)
* FIX: Avoid highlight mention to groups that are not public
* UX: Composer autocomplete will suggest all visible group names
2020-02-12 10:11:10 +02:00
David Taylor
e32833cf1a
DEV: Make badge test resilient to disabled badges
This can happen when plugins seed disabled badges in the database
2020-02-11 18:01:33 +00:00
Joffrey JAFFEUX
6a7e82c44c
DEV: Apply rubocop (#8926) 2020-02-11 16:21:03 +00:00
Jay Pfaffman
d294e13225
add postmark webhook handling (#8919) 2020-02-11 10:09:07 -05:00
Dan Ungureanu
ecaf2c2f4e
FIX: Make category slug validation less strict (#8915)
This was changed recently and caused issues saving old categories which
already had digits at the beginning of the slug (for example, '30-days').
2020-02-11 17:01:12 +02:00
Jeff Wong
1a1bb7a2c9
FEATURE: Add logging when claiming and unclaiming reviewable flagged posts (#8920) 2020-02-10 15:40:01 -08:00
Neil Lalonde
542e62ccf0 FIX: tag info misleading message saying it's not restricted
When a tag is restricted to a secured category that the user can't see,
the message was saying that it wasn't restricted to any categories.
Now it will say it's restricted to categories you can't access.
2020-02-05 15:23:39 -05:00
Joffrey JAFFEUX
f0fe2ba9ac
UX: introduces icon-picker component for badges (#8844) 2020-02-05 00:41:10 +01:00
Rafael dos Santos Silva
f88fa99b0b
DEV: Fix web manifest short_title tests 2020-02-04 14:46:33 -03:00
Matt Marjanović
ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816)
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
Mark VanLandingham
089d38e9d3
FIX: Disallow featuring hidden topics (#8814) 2020-01-30 10:00:49 -06:00
Dan Ungureanu
09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
Mark VanLandingham
e29fef9e99
FEATURE: Users can feature any public topic on his/her profile (#8809) 2020-01-29 10:10:23 -06:00
David Taylor
25fd2b544a
PERF: Use a separate route for user cards, and split user serializer (#8789)
Adds a new route `/u/{username}/card.json`, which has a reduced number of fields. This change is behind a hidden site setting, so we can test compatibility before rolling out.
2020-01-28 11:55:46 +00:00
Vinoth Kannan
b6765aac4b FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
Régis Hanol
821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
Blake Erickson
e85f4f6cc8 DEV: Add a test for ensure only edited badge titles updates a users
title

Adding a test to make sure we don't regress here in the future.

Follow up to: 8a89b7e108
2020-01-22 16:42:45 -07:00
Dan Ungureanu
89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Sam Saffron
bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00
Martin Brennan
c677f8ee6a
DEV: Add debug lines for mystery no_user_selected error (#8759)
On some customer forums we are randomly getting a "You must select a valid user" error when sending a PM even when all parameters seem to be OK. This is an attempt to track it down with more data.
2020-01-21 10:50:44 +10:00