Commit Graph

35809 Commits

Author SHA1 Message Date
Jarek Radosz
23b9da6b1c
DEV: Fix the CI workflow
See: https://github.com/actions/setup-ruby/pull/52
2020-01-20 18:51:55 +01:00
Neil Lalonde
2dd1ff79b4 Update translations 2020-01-20 11:00:44 -05:00
Dan Ungureanu
788ddcc407
FIX: Make topic query include topics from sub-sub-categories (#8709) 2020-01-20 17:06:58 +02:00
Martin Brennan
1014e56e80
DEV: Respond with 403 instead of 500 for disabled local login via email
Previously if local login via email was disabled because of the site setting or because SSO was enabled, we were raising a 500 error. We now raise a 403 error instead; we shouldn't raise 500 errors on purpose, instead keeping that code for unhandled errors. It doesn't make sense in the context of what we are validating either to raise a 500.
2020-01-20 16:11:58 +10:00
Dan Ungureanu
eeefa1177f
FIX: Make category-chooser show all parent categories (#8706) 2020-01-19 13:07:54 +02:00
Blake Erickson
79ec686ec9 DEV: Use blank instead of NOT present
Follow up to: 75069ff179
2020-01-18 07:34:15 -07:00
Jeff Atwood
1fb81e9f56 omit needless words 2020-01-17 16:16:21 -08:00
Blake Erickson
75069ff179 FIX: Users should be able to remove their primary group
This fix allows a user to remove their currently assigned primary group
if the Site Setting `user selected primary groups` is enabled.

Before this fix, if a user selected "none" for their primary group it
would silently fail and never be updated.
2020-01-17 15:43:54 -07:00
Gerhard Schlager
3fc589f875 FIX: Don't override timezone on every visit of profile preferences
The timezone should only be initialized when there is no timezone stored in the DB yet. This also fixes an error that happened in dev mode whenever you switch between user preference tabs.
2020-01-17 22:34:18 +01:00
romanrizzi
0d08eac1c7 UX: Users must confirm when leaving a private group 2020-01-17 17:58:47 -03:00
Kris
4089607b40 UX: Minor adjustments to choose topic modal 2020-01-17 15:02:04 -05:00
Joffrey JAFFEUX
a7ae28ed88
REFACTOR: removes places where we never show glyph and DRY code (#8744) 2020-01-17 20:58:15 +01:00
Gerhard Schlager
cb54bf4f45 FIX: Don't cause exceptions due to rename of reply_id column
This syncs the value of the `reply_id` column into the `reply_post_id` column until all servers have been deployed and the post migrations ran.

Follow-up to ab07b945c2
2020-01-17 19:43:00 +01:00
Kris
b56ade5043 FIX: show PM icon in docked header 2020-01-17 13:30:54 -05:00
Joffrey JAFFEUX
6abc2f5072
FIX: applies correct styles to icon and attempts to dry code (#8739) 2020-01-17 18:20:23 +01:00
Joffrey JAFFEUX
56fa77c032
FIX: do not increase size of emojis in markdown tables (#8742) 2020-01-17 18:15:05 +01:00
Gerhard Schlager
ab07b945c2
Merge pull request #8736 from gschlager/rename_reply_id_column
REFACTOR: Rename `post_replies.reply_id` column to `post_replies.reply_post_id`
2020-01-17 17:24:49 +01:00
Joffrey JAFFEUX
3b5a6c9895
REFACTOR: unify naming of only emoji (#8741) 2020-01-17 17:21:08 +01:00
Roman Rizzi
28d09227f5
FIX: Reload the ReviewableScore types when extending flags (#8740)
ReviewableScore#types extend the PostActionTypes with their own, storing the result inside a class variable. To avoid overwriting an existing flag, we need to calculate the next flag ID using these types instead of the PostAction ones. Since we first call the score types to calculate the id, this list gets memoized, leaving us with an outdated list.

To fix this, we now reload ReviewableScore#types after replacing flags.
2020-01-17 11:59:38 -03:00
Kris
af3dce4930 Hide PM glyph, follow-up to 02dbcac 2020-01-17 07:10:44 -05:00
Dan Ungureanu
7d8c33a094 FIX: Include sub-sub-categories in new/unread counts (#8710)
The count used to be less than the real one because the topics in
sub-sub-categories and deeper were not taken into account.
2020-01-17 10:02:57 +00:00
Martin Brennan
2583aedd42
FIX: Change additional public uploads to not be secure (#8738)
Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 13:16:27 +10:00
Kris
02dbcac861 UX: Improve appearance of pm title editing 2020-01-16 21:31:17 -05:00
Martin Brennan
9c04aa593c
Fix broken admin login fro SSO enabled sites (#8737)
* When we refactored away the admin-login route we introduced a bug where admins could not log into an SSO enabled site, because of a check in the email_login route that disallowed this.
* Allow admin to get around this check.
2020-01-17 11:25:31 +10:00
Régis Hanol
7b83237261 FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
Roman Rizzi
0c4ac2a7bc
Merge pull request from GHSA-569c-22ff-pj3x 2020-01-16 15:17:16 -03:00
Jarek Radosz
fe588cc7f8
DEV: Fix function prototype deprecations (#8681)
* DEV: Fix the function prototype observers deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.observes('foo') to observer('foo', function() {}). [deprecation id: function-prototype-extensions.observes] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-observes for more details.

* DEV: Fix the function prototype event listeners deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.on('foo') to on('foo', function() {}). [deprecation id: function-prototype-extensions.on] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-on for more details.

* DEV: Simplify `default as` imports

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-01-16 18:56:53 +01:00
Jarek Radosz
ff5a82b614
FIX: Change rootNone behavior in category-chooser (#8692)
This breaking change was originally a deprecation fix for overriding a computed property `none`.

There are 4 uses of `rootNone` in core and "all-the-plugins":
1. in discourse-chat-integration, admin-plugins-chat-edit-rule.hbs - changed behavior, that I'd consider a fix - `rootNoneLabel` is now used regardless of `siteSettings.allow_uncategorized_topics` value, which I believe was an originally intended behavior (i.e. it most likely hasn't been tested with disabled uncategorized topics)
2. in discourse-slack-official, plugins-slack.hbs - the same as 1.
3. in core, edit-category-general.hbs (in this PR) - no change in behavior
4. in discourse-googlebooks, edit-category-general.hbs - no change in behavior (since `allowUncategorized="true"` is also passed as an argument)
2020-01-16 18:51:29 +01:00
Gerhard Schlager
f216c6d60b FEATURE: Drop "backup" schema 7 days after restore
The "backup" schema is used to rollback a failed restore. It isn't useful after a longer period of time and turns into a waste of disk space.
2020-01-16 17:48:47 +01:00
Gerhard Schlager
eeb2855a48 DEV: Add spec to find MF locale for en_US
Follow-up to aecadcb267
2020-01-16 14:40:53 +01:00
Gerhard Schlager
a2fd8ac990 DEV: Add spec for disabled UpdateS3Inventory job
Follow-up to c351ffe580
2020-01-16 13:57:57 +01:00
Joffrey JAFFEUX
948bd00340
FEATURE: line with only 1 to 3 emojis will now display as large emojis 2020-01-16 09:54:26 +01:00
Arpit Jalan
91f8ada8e0 FIX: add missing translation key for narrative bot Italian locale. 2020-01-16 13:23:16 +05:30
Martin Brennan
18bba860b5 Fix mobile topic-timeline not closing on scrolling past last post (#8730)
* when we dragged the topic-timeline handle past the last post
  in a topic we were not closing the timeline as we would if
  scrolling to a specific post
* this also fixes the issue where when scrolling past the end of
  the topic with a massive last post, none of the post could be
  seen
2020-01-16 17:23:44 +11:00
Martin Brennan
7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
Gerhard Schlager
5e3fc31f2c DEV: Less hacky way of rolling back DB changes
Some specs use psql to test database restores and dropping the table after the test needs to happen outside of rspec because of transactions. The previous attempt lead to some changes to be stored in the test database.
2020-01-15 23:37:42 +01:00
Gerhard Schlager
68a7ae3091 REFACTOR: Simplify backup version check
Adds specs for inalid version number in metadata file.
Follow-up to c3cd2389fe
2020-01-15 23:37:40 +01:00
Mark VanLandingham
135d09d671
FIX: Styling for feature topic on profile modal (#8727) 2020-01-15 15:20:12 -06:00
Sam Saffron
f8e92298f2 DEV: default Oj to compat mode
Out-of-the-box Oj uses :object mode, this shifts us to use :compat mode
by default which is safer.
It means any de-serialization going forward will default to this mode.

If we wish to serialize or deserialize arbitrary objects going forward with
no json interfaces we will have to opt in.
2020-01-16 07:52:28 +11:00
Arpit Jalan
0bc65fa60e
FIX: show error message if the topic deletion fails (#8723) 2020-01-16 00:58:03 +05:30
Roman Rizzi
2db7b3d9c7
FIX: Correctly wrap image and resize controls inside paragraph (#8718) 2020-01-15 14:01:14 -03:00
Arpit Jalan
0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Dan Ungureanu
ff93c4b2f4
DEV: Fix tests 2020-01-15 15:57:37 +02:00
Dan Ungureanu
31701b7549
DEV: Fix failing 2FA tests 2020-01-15 15:27:21 +02:00
Dan Ungureanu
c2d051315d FIX: Create post notices only for public posts (#8708)
This also ensures only public posts are considered when creating post
notices for new and returning users.
2020-01-15 11:40:19 +01:00
Régis Hanol
c4817e9ee9 DEV: lint 💅 2020-01-15 11:36:33 +01:00
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Martin Brennan
c3cd2389fe SECURITY: use strict JSON parsing when parsing backup metadata 2020-01-15 11:24:41 +01:00
Régis Hanol
5d75f90b27 FIX: group membership leak
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
Joffrey JAFFEUX
ac865112a3
FIX: ensures group-navigation states changes when route changes (#8724) 2020-01-15 10:13:07 +01:00