Commit Graph

26289 Commits

Author SHA1 Message Date
Osama Sayegh
76aeee6735
A11Y: Focus last viewed topic in topic lists (#15300) 2021-12-15 10:02:31 +11:00
Kris
091ca9dbb1
UX: prevent timeline overflow in extreme cases (#15303) 2021-12-15 10:02:02 +11:00
Penar Musaraj
dba16391ad
DEV: cleanup for attributes in search filters (#15283) 2021-12-14 14:47:03 -05:00
Joffrey JAFFEUX
031f4f06d5
DEV: update and improvements to json editor (#15294)
- changes on how errors are handled to prevent weird cases
- uses didInsert/willDestroy to setup/clean state
- updates json editor library to 2.6.1
2021-12-14 17:21:49 +01:00
Bianca Nenciu
ce7c821aa9
UX: Extend user hyperlink in staff action logs (#15293)
The avatar hyperlink redirected to admin user page and the username
hyperlink applied a filter. Now both hyperlinks redirect to admin user
page.
2021-12-14 17:14:18 +02:00
Mark VanLandingham
175ced5096
DEV: Add chat invitation notification type (#15288) 2021-12-14 09:01:53 -06:00
Penar Musaraj
10caceec42
DEV: Prefers reads helper over alias (#15282) 2021-12-14 10:03:31 +08:00
Mark VanLandingham
53475cf5be
DEV: Plugin API to add desktop notification handlers (#15280) 2021-12-13 11:54:46 -06:00
Penar Musaraj
954ab4e0ec
DEV: Refactor popup-tip component (#15257) 2021-12-13 11:22:02 -05:00
Dan Ungureanu
adb6202c94
FIX: Check if invite domain is valid (#15238)
* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
2021-12-13 16:39:14 +11:00
Dan Ungureanu
3d4aee1487
DEV: Drop unused column email_tokens.token (#15203) 2021-12-13 16:29:47 +11:00
Martin Brennan
40d13ce662
DEV: Only support multipart for backup S3 uploads with Uppy (#15270)
In the composer, we already only allow for S3 multipart uploads
if enable_direct_s3_uploads is true, so in the backups uploader
that is based on Uppy we want to do the same thing. In future
if self-hosters need some way to not use S3 multipart in these
scenarios for whatever reason we can revisit this then (which
should be as simple as adding a enable_multipart_s3_uploads site
setting).
2021-12-13 15:24:00 +10:00
Martin Brennan
18a209bd0d
DEV: Use Uppy in wizard-field-image uploads (#15269)
We cannot use any of the uppy mixins or core code, because
the code there is not shared with the wizard, and to move
it all to discourse-common would be a task almost equal
difficulty to taking the ring to Mordor.

Therefore, we can just use the uppy vendor libraries in the
wizard, and do a quick-n-dirty version of the uppy upload
code for the wizard-field-image uploader.
2021-12-13 15:23:44 +10:00
Martin Brennan
1c97a7fe43
DEV: Move isInside to private function (#15268)
This text manipulation library can be used by plugins
as well, so better to have this defined as a function
instead of floating above the class.
2021-12-13 12:26:33 +10:00
Martin Brennan
fc01619bcb
FEATURE: Use Tab for indenting text in composer (#15208)
This commit allows for using Tab and Shift+Tab to indent
and de-indent selected text in the composer. The selected
text is searched for the most occurrences of either tabs (\t)
or spaces at the start of each line, and that character is
used for indentation of all lines.
2021-12-13 09:31:49 +10:00
Mark VanLandingham
5e534e5897
DEV: Allow emoji picker to disable popper for itself (#15256) 2021-12-10 14:45:22 -06:00
Joe
726649fd46
adds missing id (#15255) 2021-12-10 14:33:55 +01:00
Roman Rizzi
b7b61d4b56
FEATURE: A notification consolidation plan for keeping the latest one. (#15249)
We previously used ConsolidateNotifications with a threshold of 1 to re-use an existing notification and bump it to the top instead of creating a new one. It produces some jumpiness in the user notification list, and it relies on updating the `created_at` attribute, which is a bit hacky.

As a better alternative, we're introducing a new plan that deletes all the previous versions of the notification, then creates a new one.
2021-12-10 10:32:15 -03:00
Roman Rizzi
3602f83cf4
FEATURE: Delete previous reviewable reminders. (#15250)
We send the reminder using the GroupMessage class, which supports removing previous messages. We can't match them by raw because they could mention different moderators. Also, I had to change the subject to remove dynamically generated values, which is necessary for finding them.
2021-12-10 10:17:39 -03:00
Joffrey JAFFEUX
ac31c2bbb2
FIX: only consider it handled by composer when a composer (#15254) 2021-12-10 13:07:54 +01:00
Penar Musaraj
f24027b453
UX: Fix topic status icon size in mobile search results (#15251) 2021-12-09 14:32:12 -05:00
Kerry Liu
c8af3e7bc1
UX: only apply link formats on paste to selections that do not contain bbcode-like tags (#15204) 2021-12-09 16:41:44 +00:00
Joffrey JAFFEUX
e0ea16f05d
DEV: removes jquery usage from admin-watched-words (#15246) 2021-12-09 17:06:54 +01:00
Joffrey JAFFEUX
3052eb6ae6
DEV: fixes test as bodyClass is sometimes "foo bar" (#15248) 2021-12-09 15:34:50 +01:00
Joffrey JAFFEUX
adb23636e6
DEV: minor full page search refactoring (#15242)
- drops jquery usage
- shows clear all/ select all only when appropriate
- removes ~ char apparently un-needed
2021-12-09 13:48:08 +01:00
Joffrey JAFFEUX
f889ec2fcd
DEV: refactors admin-plugins/admin-site-settings (#15244)
- drops jQuery usage
- removes apparently useless clearfix
- uses @action
- drops unused clearFilter function in admin-plugins
2021-12-09 13:47:56 +01:00
Joffrey JAFFEUX
5d44adb9b9
DEV: refactors d-section (#15245)
- go tagless
- properly declares properties
- deprecates "false" in favour of false
- drops jquery
2021-12-09 13:47:47 +01:00
Joffrey JAFFEUX
76dff7fd9e
DEV: drops jquery usage from discovery-categories (#15243) 2021-12-09 13:47:13 +01:00
Angus McLeod
df3886d6e5
FEATURE: Experimental support for group membership via google auth (#14835)
This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. 

The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future.

https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 12:30:27 +00:00
Jeff Wong
347669ef04
DEV: Add keyboard:move selection event (#15241)
allows plugin event hook for keyboard:move-selection. Passes raw selected and all articles through named params.
2021-12-08 23:38:25 -08:00
Joffrey JAFFEUX
828e75c2f3
DEV: minor choose topic refactoring (#15233)
* DEV: minor choose topic refactoring

- prevents category to be clickable to make clicking topics easier
- drops jQuery
- uses @action
- uses ? operator where possible
- drops un-needed next/schedule usage

* uses topic-status component and prevents pinned icon to be focusable

* Update app/assets/javascripts/discourse/app/templates/components/choose-topic.hbs

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-09 14:08:21 +11:00
Alan Guo Xiang Tan
4d1c84f15f
UX: Make toggling to filtered replies mode less jumpy. (#15240)
Previously we would jump to the first two replies but it made the
transition very jumpy depending on how long the post being selected is.
2021-12-09 10:03:22 +08:00
Alan Guo Xiang Tan
e668b3dc71
DEV: Remove unnecessary element. (#15225)
This was added 6 years ago in d1e85bdd8b
and I can't see how this is useful for any customizations at all.
2021-12-09 08:40:23 +08:00
Alan Guo Xiang Tan
ae88b52370
DEV: Fix position of avatar flair to be based on the actual avatar. (#15226)
Previously, it was based on the container of the avatar. However, the
container of the avatar can be extended to contain more than just the
avatar itself. This resulted in the positioning of the avatar flair to
be off.
2021-12-09 08:38:39 +08:00
Jeff Wong
51abcd7524
DEV: add app event for user-card:after-show (#15227)
Adds user-card:after-show event for when a usercard is fully loaded and shown.
2021-12-08 15:23:39 -08:00
Osama Sayegh
aec9ce9819
A11Y: Move focus to highlighted post when visiting a topic (#15236)
Meta topic: https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/87?u=osama.
2021-12-08 21:33:15 +03:00
Andrei Prigorshnev
4e8983036a
DEV: do not return no_result_help from the server (#15220)
We don't need it anymore. Actually, I removed using of it on the client side a long time ago, when I was working on improving blank page syndrome on user activity pages (see https://github.com/discourse/discourse/pull/14311).

This PR also removes some old resource strings that we don't use anymore. We have new strings for blank pages.
2021-12-08 21:46:54 +04:00
David Taylor
a6230b8138
UX: Improve composer presence-display positioning (#15235)
Previously the discourse-presence plugin was using a `position: absolute` hack to display the 'replying...' users in the top right of the composer. This commit adds a more suitable plugin outlet, and updates the discourse-presence styling so it slots into the flex-box layout at the top of the composer
2021-12-08 16:18:49 +00:00
Dan Ungureanu
d8fe0f4199
FEATURE: Restrict link invites to email domain (#15211)
Allow multiple emails to redeem a link invite only if the email domain
name matches the one specified in the link invite.
2021-12-08 17:06:57 +02:00
Joffrey JAFFEUX
e1b4e2e034
DEV: removes jquery usage from add-category-tag-classes (#15232)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-08 14:32:27 +01:00
Bianca Nenciu
b1c11d5787
FIX: Select correct topic draft for user (#15234)
The old query could return multiple rows.
2021-12-08 15:23:44 +02:00
Bianca Nenciu
049bc33838
FIX: Update has_topic_draft when draft is updated (#15219)
Current user state regarding the new topic draft was not updated when
the draft was created or destroyed.
2021-12-08 14:40:35 +02:00
Joffrey JAFFEUX
a144f49ec2
UX: scroll row to top of container in select-kit (#15230) 2021-12-08 12:22:18 +01:00
Loïc Guitaut
74387e83b6 DEV: Stop polluting all Ruby classes
The `ReviewableScore` model was defining class methods on `self.class`
from a singleton context so instead of defining methods on
`ReviewableScore` it was defining them on `Class`, so basically on every
existing class.

This patch resolves this issue. Using `enum` from `ActiveRecord` in the
future will avoid this kind of problems.
2021-12-08 11:32:25 +01:00
Jarek Radosz
301d5657fe
FIX: --header-offset didn't account for overscroll (#15221)
Fixes miniprofiler badge sliding away from the header when you rubber-band overscroll on the top of the page (in Safari)
2021-12-08 01:40:49 +01:00
Mark VanLandingham
a7fdcb921a
DEV: Sniff isPwa for capabilities (#15218) 2021-12-07 15:35:06 -06:00
David Taylor
f3d480dacb
DEV: Allow PresenceChannel to specify custom activity thresholds (#15217)
This allows consumers to vary the parameters on a per-channel basis. e.g. if you wanted a channel to consider someone 'away' after 10 minutes, and another channel to consider someone 'away' after 1 minute, that is now possible.
2021-12-07 20:57:57 +00:00
Jarek Radosz
6e8df3d66b
DEV: Deprecate registerOption() (#15209)
It's been a no-op for 5 years now.
2021-12-07 18:33:45 +01:00
Penar Musaraj
03b0c9f267
A11Y: Remove dupe label on signup confirm field (#15212) 2021-12-07 11:40:00 -05:00
Loïc Guitaut
d0888c190e FIX: Display pending posts in a moderated category
Currently we display pending posts in topics (both for author and staff
members) but the feature is only enabled when there’s an enabled global site
setting related to moderation.

This patch allows to have the same behavior for a site where there’s
nothing enabled globally but where a moderated category exists. So when
browsing a topic of a moderated category, the presence of pending posts
will be checked whereas nothing will happen in a normal category.
2021-12-07 10:14:45 +01:00
Krzysztof Kotlarek
412a6c0e8c
FIX: edit tag test (#15207)
Broken with PR https://github.com/discourse/discourse/pull/15149
2021-12-07 07:24:55 +01:00
Krzysztof Kotlarek
a616bc296a
FIX: tag transition only if tag name changed (#15149)
We need to change path only if tag name is changed. If a description is added, we don't need to reload.
2021-12-07 05:44:55 +01:00
Dan Ungureanu
9a6ec1d0c6 PERF: Add index on email_tokens.token_hash 2021-12-07 10:17:45 +08:00
Alan Guo Xiang Tan
4e67297a7c FIX: Missing allowed urls when displaying granualar API key scopes.
Follow-up to 3791fbd919
2021-12-07 10:17:17 +08:00
Alan Guo Xiang Tan
44588255fc FEATURE: Introduce API scopes for badges. 2021-12-07 10:17:17 +08:00
Andrei Prigorshnev
f3508065a3
FIX: auth incorrectly handles duplicate usernames (#15197) 2021-12-06 20:49:04 +04:00
Penar Musaraj
bf18145e70
UX: Fix flair dropdown styling in user account (#15201) 2021-12-06 11:28:10 -05:00
Roman Rizzi
43903f8dfe
FIX: Updating a consolidated notification should bump it to the top. (#15199)
In the future, it would be better to have a consolidated_at timestamp instead of updating created_at.
2021-12-06 12:31:44 -03:00
David Taylor
0b364140ec
DEV: Add :before_email_login event for plugins (#15187) 2021-12-06 09:38:37 +08:00
Andrei Prigorshnev
ce074d118e
DEV: drop unused method (#15190)
There are no usages in Core and plugins.
The last usage was removed in https://github.com/discourse/discourse/pull/9369.
2021-12-06 09:37:54 +08:00
Jarek Radosz
28bf9599f5
FEATURE: Pre-setting user locale via bulk invite (#15195) 2021-12-06 02:08:21 +01:00
Jarek Radosz
4bb91754ad
FIX: Make user themes sort order case insensitive (#15193)
That's the order they appear in a dropdown in user preferences.
2021-12-06 01:55:34 +01:00
Martin Brennan
3b13f1146b
FIX: Add random suffix to outbound Message-ID for email (#15179)
Currently the Message-IDs we send out for outbound email
are not unique; for a post they look like:

topic/TOPIC_ID/POST_ID@HOST

And for a topic they look like:

topic/TOPIC_ID@HOST

This commit changes the outbound Message-IDs to also have
a random suffix before the host, so the new format is
like this:

topic/TOPIC_ID/POST_ID.RANDOM_SUFFIX@HOST

Or:

topic/TOPIC_ID.RANDOM_SUFFIX@HOST

This should help with email deliverability. This change
is backwards-compatible, the old Message-ID format will
still be recognized in the mail receiver flow, so people
will still be able to reply using Message-IDs, In-Reply-To,
and References headers that have already been sent.

This commit also refactors Message-ID related logic
to a central location, and adds judicious amounts of
tests and documentation.
2021-12-06 10:34:39 +10:00
David Taylor
972d7cb1d6
DEV: Fix mini-profiler location for custom (or missing) d-headers (#15192) 2021-12-04 23:33:07 +00:00
Jarek Radosz
d3912075b6
FIX: PWA badges were not updating (#15191)
That regressed in #7714, over two years ago. :P
2021-12-05 00:15:51 +01:00
Kris
03f3d79388
UX: remove style that breaks composer on pm page (#15189) 2021-12-03 21:56:37 -05:00
Kris
6d2eae27a6
UX: reduce composer jumpiness on android (#15184) 2021-12-03 17:02:22 -05:00
Kris
657c137384
UX: Prevent overflow on mobile timeline dates (#15182) 2021-12-03 13:48:26 -05:00
Kris
b01ded9c89
UX: Improve tag info style (#15177) 2021-12-03 10:22:05 -05:00
Joffrey JAFFEUX
f9e2ab570b
FIX: allows more precise placement strategy on mobile (#15171)
* FIX: allows more precise placement strategy on mobile

- default to absolute on mobile, fixed on desktop
- allows to set a global `placementStrategy` or a specific to each view `mobilePlacementStrategy` `desktopPlacementStrategy`

This is mainly used to allow a proper composer-actions positioning in mobile.

Note this commit also fixes a mouseDown event which could propagate quote-button event and cause the composer to close full screen on mobile

* mobile only
2021-12-03 11:47:33 +11:00
Mark VanLandingham
7e005f2ea3
DEV: Don't error when emoji-picker is used outside composer (#15172) 2021-12-02 14:50:30 -06:00
Jordan Vidrine
9ecf454074
DEV: Invite page changes (#15175) 2021-12-02 13:18:11 -06:00
Jarek Radosz
7456a59022
FEATURE: Add the ability to go back and forth between PM and New Topic (#15173)
Before this, if you were composing a new topic and then switched the mode to "New Message", the dropdown would disappear.

So if you changed your mind, you'd have to copy the text you typed, cancel, click "New Topic" again, and then paste the text. (and if you already had a title entered too, things would be more complicated…)
2021-12-02 19:46:40 +01:00
Daniel Waterworth
bd10f113e9
DEV: Raise errors for (black|white)list accesses (#15174)
These have been deprecated for a while
2021-12-02 12:16:55 -06:00
Michelle Bueno Saquetim Vendrame
9b5836aa1d
Add three reports (#14338)
* Add report top_users_by_received_likes

* Add report top_users_by_received_likes_from_inferior_trust_level

* Add report top_users_by_likes_received_from_a_variety_of_people

* Add test to report_top_users_by_received_likes

* add top_users_by_likes_received_from_a_variety_of_people report test

* add top_users_by_likes_received_from_inferior_trust_level report tests
2021-12-02 22:41:55 +05:30
Daniel Waterworth
2f04a9b9fb
DEV: Remove site_setting_saved event (#15164)
We said we would drop it from 2.4, so this is long overdue

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-02 09:33:03 -06:00
David Taylor
cfb6199a95
FIX: Don't redirect XHR/JSON requests when login is required (#15093)
When redirecting to login, we store a destination_url cookie, which the user is then redirected to after login. We never want the user to be redirected to a JSON URL. Instead, we should return a 403 in these situations.

This should also be much less confusing for API consumers - a 403 is a better representation than a 302.
2021-12-02 15:12:25 +00:00
David Taylor
55cbc70f3f
DEV: Ensure redirects are passed through to the client by ember-cli (#15170)
By default, `fetch` will transparently follow redirects, even across domain boundaries
2021-12-02 15:03:45 +00:00
Penar Musaraj
732678f642
UX: Fix alignment in group navigation bar (#15169)
Same as #15145.
2021-12-02 09:45:33 -05:00
Andrei Prigorshnev
1c0022c195
FIX: extract and fix overriding of usernames by external auth (#14637) 2021-12-02 17:42:23 +04:00
David Taylor
ceca34aca6
DEV: Ensure ember-cli does not attempt to bootstrap non-ember pages (#15168)
1b3d124a introduced a logic change which meant that we attempted to bootstrap, even on pages without any `preloadJson` (i.e. non-ember HTML pages from Discourse). This commit restores the original logic, making sure to avoid `?.`.
2021-12-02 10:58:54 +00:00
David Taylor
44d16fcd8e
DEV: Print full stack trace on ember-cli bootstrap error (#15167) 2021-12-02 10:58:03 +00:00
Sam
3a73028a70
PERF: migrate normalized_emails in a migrations (#15166)
Old OnceOff job could perform pretty slowly on sites with millions of emails

New implementation operates in batches in a migration, minimizing locking.
2021-12-02 15:08:22 +11:00
Jarek Radosz
1b3d124a4e
DEV: Don't use ?. in bootstrap-json (#15162)
That code is not transpiled, so it doesn't work on older node versions.
2021-12-01 22:04:56 +01:00
Mark VanLandingham
bd140948e3
DEV: Changes to support chat uploads (#15153) 2021-12-01 13:24:16 -06:00
David Taylor
abe30a17da
DEV: Fix ember CLI bootstrap logic (#15160)
When 1fa7a87f was rebased onto `main`, it didn't take into account the recent changes in c0781d7d. This commit updates the logic to work properly.
2021-12-01 18:31:52 +00:00
Kerry Liu
64e1ca6daa UX: only apply link formats on paste to selections that do not contain links 2021-12-01 13:29:17 -05:00
Osama Sayegh
1d69261bc0
FIX: Set auto_update to false for non-git themes/components (#15157)
Related to: 20f736aa11.

`auto_update` is true by default at the database level, but it doesn't make sense for `auto_update` to be true on themes that are not imported from a Git repository.
2021-12-01 19:58:13 +03:00
David Taylor
1fa7a87f86
SECURITY: Remove ember-cli specific response from application routes (#15155)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
2021-12-01 16:10:40 +00:00
Andrei Prigorshnev
f37375f582
DEV: avoid sending events to a destroying object and enable few skipped tests (#15030) 2021-12-01 18:21:44 +04:00
Martin Brennan
4bdb956a0d
Revert "UX: Fix alignment in group navigation bar (#15145)" (#15150)
This reverts commit 01830f9d28.

This broke sidebar and could have affected customer themes
on a full enterprise deploy.
2021-12-01 16:13:03 +11:00
Natalie Tay
0f598ca51e
SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
Penar Musaraj
01830f9d28
UX: Fix alignment in group navigation bar (#15145) 2021-12-01 11:49:34 +11:00
Martin Brennan
d64323b4e6
DEV: Change create-invite-uploader to use uppy (#15088)
Part of overall strategy to remove jQuery file uploader
from the codebase. Also added some helper functionality to
the uppy mixin to allow for non-autostart uploads (all
previous upload changes have been for auto start components.)
2021-12-01 09:45:05 +10:00
Martin Brennan
dce6c6fb50
FIX: Native File object was not passed to uploadHandler (#15146)
The commit 20b2a42f49 broke
upload handlers, because previously we passed through the
native File object to the handler, not the uppy-wrapped
File object.
2021-12-01 09:01:53 +10:00
Krzysztof Kotlarek
9cabd3721b
FEATURE: ability to add description to tags (#15125)
Ability to add description to tags, which will be displayed on hover.
2021-12-01 09:18:56 +11:00
Jarek Radosz
0bf30196c9
FIX: Broken css in #15141 (#15144) 2021-11-30 20:02:22 +01:00
Jarek Radosz
feb9a3675d
UX: Tweak mobile composer styling (#15141)
A followup to #15117
2021-11-30 19:50:28 +01:00
Jarek Radosz
ac79c5efc6
UX: Tweak composer styling (#15117)
* Even margins
* Slightly more muted and unified borders, separators, and icons
* Editor and preview area have same height
2021-11-30 17:41:22 +01:00
Jarek Radosz
7ce6971539
DEV: Add drop-date to drop-dateless deprecations (#15133) 2021-11-30 17:41:04 +01:00
Jarek Radosz
c0781d7d23
DEV: Replace bent with node-fetch in bootstrap (#15139)
Drops the `acceptedStatusCodes` array.
2021-11-30 17:40:32 +01:00
Roman Rizzi
1fc06520bd
REFACTOR: Improve support for consolidating notifications. (#14904)
* REFACTOR: Improve support for consolidating notifications.

Before this commit, we didn't have a single way of consolidating notifications. For notifications like group summaries, we manually removed old ones before creating a new one. On the other hand, we used an after_create callback for likes and group membership requests, which caused unnecessary work, as we need to delete the record we created to replace it with a consolidated one.

We now have all the consolidation rules centralized in a single place: the consolidation planner class. Other parts of the app looking to create a consolidable notification can do so by calling Notification#consolidate_or_save!, instead of the default Notification#create! method.

Finally, we added two more rules: one for re-using existing group summaries and another for deleting duplicated dashboard problems PMs notifications when the user is tracking the moderator's inbox. Setting the threshold to one forces the planner to apply this rule every time.

I plan to add plugin support for adding custom rules in another PR to keep this one relatively small.

* DEV: Introduces a plugin API for consolidating notifications.

This commit removes the `Notification#filter_by_consolidation_data` scope since plugins could have to define their criteria. The Plan class now receives two blocks, one to query for an already consolidated notification, which we'll try to update, and another to query for existing ones to consolidate.

It also receives a consolidation window, which accepts an ActiveSupport::Duration object, and filter notifications created since that value.
2021-11-30 13:36:14 -03:00
Andrei Prigorshnev
284ab8cdf7
DEV: migrate (almost all) routes from actions: to @action syntax (#14722)
This should be safe, all these places are pretty straightforward. I've run into one problem when changing this, though. That problem was fixed in https://github.com/discourse/discourse/pull/14624
2021-11-30 17:01:06 +04:00
Andrei Prigorshnev
88f9bb3dc9
FIX: do not suggest "user1" as a username to invited users (#15031)
Recently, the wrong new behavior appeared – we started to suggest to invited users usernames like "user1".

To reproduce:
1. Create an invitation with default settings, do not restrict it to email
2. Copy an invitation link and follow it in incognito mode
See username already filled, with eg “user1”. See screenshot. Should be empty.

This bug was very likely introduced by my recent changes to UserNameSuggester.
2021-11-30 16:59:37 +04:00
Jarek Radosz
24356e339b
DEV: Fix pending posts page, make tests work in legacy env (#15132)
* Running the tests only in the ember cli env hid the fact that the pending posts feature wasn't working in the legacy environment
* Tests were using ember-cli-only APIs while there are widely used testing APIs in Discourse that support both ember envs
* `ember-test-selectors` was in both dependencies and devDependencies in discourse/package.json
* `qunit-dom` in package.json was not only unused but also defunct, as it wasn't pulled into the legacy env app

A followup to #14501, and #15128.
2021-11-30 13:01:39 +01:00
Osama Sayegh
fced35de15
UX: Add title attribute to reports cells (#15137)
Some reports, like the Web Crawler User Agents report, have very long strings that need to be truncated when displayed. However, there is no way to see the full value without exporting the report or inspecting the elements using dev tools. This PR set a `title` attribute with the full value to the reports `<td>` elements so that the full value is shown on hover.
2021-11-30 14:58:42 +03:00
Joffrey JAFFEUX
77a1d8675c
FIX: adds 422 status code to bootstrap json (#15138)
A post error validation would return a 422 status code. This status code was not accepted with the recent changes to bootstrap-json/index.js and would return a "Discourse Build Error" string, preventing any kind of bootbox popup error in the composer.
2021-11-30 11:54:38 +01:00
Osama Sayegh
7bd3986b21
FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131)
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
Jeff Wong
9896fc7d33
FIX: allow staff to upload when they should and authorized_extensions is blank (#15136)
Allow staff to upload when authorized_extensions is blank, but
authorized_extensions_for_staff is not
2021-11-29 21:40:54 -08:00
David Taylor
af4b8d0e21
DEV: Automatically leave PresenceChannels when in the background (#15047)
* DEV: Improve PresenceChannel state storage

Replaces some objects with Maps, and removes the redundant _presentChannels Set.

* DEV: Automatically leave PresenceChannels when in the background

If a tab has been in the background for 10s, or there has been no user activity for 60s, then the user will be removed from all PresenceChannels until activity resumes. Developers can opt-out of this by passing `{onlyWhileActive: false}` to the `enter` method.
2021-11-30 15:38:19 +11:00
Jarek Radosz
6662101208
DEV: Fix a test leak (#15135)
The leak was introduced in #11722 and a test was added that relied on it in #14563

This PR fixes the leak (bookmarks-test), fixes the test that relied on it (fast-edit-test), and repleces some ad-hoc code with cloneJSON helper (other files)
2021-11-30 13:45:26 +11:00
Martin Brennan
7e5f52a163
DEV: Use pushObject for inProgressUploads in uppy (#15134)
The inProgressUploads is meant to be used to display these uploads
in a UI, and Ember will only update the array in the UI if pushObject
is used to notify it.
2021-11-30 10:42:45 +10:00
Martin Brennan
f70e6c302f
DEV: Switch to using uppy uploads in composer by default (#15058)
This is a big change to change over to using the uppy
upload mixin in the composer by default. This gets rid
of the temporary composer-editor-uppy component, as well
as removing the old ComposerUpload mixin and copying over
any missing functions that were not yet implemented by
ComposerUploadUppy. This has been working well on our
hosting for some time now and has led us to several
bug fixes.

This commit also deletes the old plugin API for adding
preprocessors for the uploads. The accepted method of doing
this now is via an uppy preprocessor plugin, which we have
several examples of in the core codebase.

Leaving the `enable_experimental_composer_uploader` site setting
intact for now because some plugins still rely on it, this
will be removed at a later date.

One step closer to ending the jQuery file uploader saga...
2021-11-30 08:33:06 +10:00
Joffrey JAFFEUX
3dc0b9e077
UX: closes multi-select on selection when maximum=1 (#15092) 2021-11-29 14:29:11 +01:00
Loïc Guitaut
354f88358c DEV: Add ember-test-selectors to production env 2021-11-29 11:31:31 +01:00
David Taylor
0ab57975a4
FIX: Ensure widget hooks always call the correct instance (#15127)
Widgets instances are ephemeral - they change on every re-render. We always want to notify the 'most recent' widget instance of events. This regressed in 1b9cf1b1 because the touchStart and drag hooks would persist the widget instance from the initial render. This commit switches TouchStart and Drag back to the pattern other events use, so that the most recent instance is always called. The performance benefits of per-element event listeners are retained.
2021-11-29 09:33:40 +00:00
Loïc Guitaut
a5fbb90df4 FEATURE: Display pending posts on user’s page
Currently when a user creates posts that are moderated (for whatever
reason), a popup is displayed saying the post needs approval and the
total number of the user’s pending posts. But then this piece of
information is kind of lost and there is nowhere for the user to know
what are their pending posts or how many there are.

This patch solves this issue by adding a new “Pending” section to the
user’s activity page when there are some pending posts to display. When
there are none, then the “Pending” section isn’t displayed at all.
2021-11-29 10:26:33 +01:00
Joffrey JAFFEUX
6e603799eb
FIX: treats ipad as mobileView for popper positioning (#15091)
* FIX: treats ipad as mobileView for popper positioning

* ensures it doesn’t break wizard
2021-11-29 17:40:01 +11:00
Jarek Radosz
530eb0c9bd
DEV: Throw on non-xhr errors (#15123)
Makes it easier to debug post-stream problems when the issue isn't with the server response.
2021-11-29 17:36:48 +11:00
Jarek Radosz
5d643a498e
FIX: Global log notice regressed in #15000 (#15119)
Notice models didn't have the same injections as GlobalNotice components.
2021-11-29 17:13:35 +11:00
Martin Brennan
20b2a42f49
DEV: Send multiple files in batches to composer upload handlers when using uppy (#15124)
In jQuery file upload land, we were sending a single file through
at a time to matching upload handlers. This in turn required plugin
authors to marshal the files as they came through one by one if they
wanted to group them together to do something with them. Now that
we are using uppy, files come through in the groups they are added
in (for example dropping multiple, selecting multiple from the system
file dialogue).

This commit changes the matching upload handlers to send through
all matching files at once instead of piecemeal.
2021-11-29 11:19:02 +10:00
Jarek Radosz
13aed6fe3b
FIX: Setting bookmarks in some cases was broken (#15120)
Error introduced in #14781

```
Error: Assertion Failed: You attempted to update <(unknown):ember3217>.bookmarks to "<(unknown):ember3846>", but it is being tracked by a tracking context, such as a template, computed property, or observer. In order to make sure the context updates properly, you must invalidate the property when updating it. You can mark the property as `@tracked`, or use `@ember/object#set` to do this.
```
2021-11-28 23:34:51 +01:00
Martin Brennan
e464958333
DEV: Fix uploadHandler impl. in composer-upload-uppy mixin (#15105)
In f6528afa01 I added parity support
for composer upload handlers to the uppy-ized composer. However the
way I assumed that it was only possible to handle a single file
upload at a time was false; it only appeared this way in the old
jQuery file upload composer because jQuery file upload sent through
files one at a time even if multiple were added at once. This caused
issues in certain plugins and themes by third parties.

This commit fixes the issue by making the uppy upload handler work
the same as the old one, by capturing all of the added files that
have matching handlers then going through them one by one and passing
them to the handler function.
2021-11-29 08:32:06 +10:00
Jarek Radosz
fb5e871dff
DEV: Remove unnecessary functions (#15113) 2021-11-28 12:45:32 +01:00
David Taylor
1b9cf1b1c7
PERF: Update widget hooks to avoid global scroll-blocking events (#15116)
For widget event handlers, we register a single listener on the `<body>`, and then notify the relavent widget (if any) when the event fires.

`touchstart` and `touchmove` events are particularly performance sensitive because they block scrolling on mobile. Therefore we want to avoid registering global non-passive listeners for these events.

This commit updates the WidgetTouchStartHook and WidgetDragHook implementations to automatically register listeners on the specific widget DOM elements when required.

This commit removes the last global scroll-blocking event handler from Discourse core. That means that mobile scrolling is now completely decoupled from our JS app. Even if the JS app is completely blocked (e.g. during rendering), scrolling will now continue to work. This should make things feel a lot smoother, especially on lower performance devices.
2021-11-28 10:47:44 +00:00
David Taylor
bca5c58c90
DEV: Disable 'passive' handlers for pan-events mixin (#15118)
These were set to `passive: true` in ff72522f.

However, two consumers of this mixin (topic-navigation and site-header) do need to call `e.preventDefault()`, so we can't use passive listeners here.

That's ok, because this mixin only applies to a specific component's element, not the entire page. So having these non-passive listeners doesn't affect the vast majority of scrolling
2021-11-28 10:42:59 +00:00
David Taylor
136189508b
DEV: Ensure scrolling-post-stream event listeners are removed correctly (#15115)
The method was switched from _debouncedScrollCallback to _debouncedScroll in ff72522f, but the cleanup was not updated to match.
2021-11-27 17:04:31 +00:00
David Taylor
1b184cefd0
PERF: Update scrolling mixin implementation (#15109)
This mixin calls the "scrolled" method of some object with no parameters, so there is no way that consumers would ever call `event.preventDefault()`. Therefore we can make the listeners passive, and improve scrolling performance on mobile.

This commit also updates the mixin to remove JQuery usage. The API is slightly modified to remove the need for an event 'name' for binding/unbinding.

The calls to `.bindScrolling` and `.unbindScrolling` in user-stream.js are removed because they are already called by the LoadMore mixin which is applied to the component.

The `bindScrolling` method claimed to offer debouncing-by-default. However, a bug in the `opts` parsing meant that debouncing was skipped if a 'name' was passed in. Therefore the only consumer actually being debounced was the LoadMore mixin. This commit fixes the opts parsing, so all consumers get the same behavior.

However, when scrolling, debounce is rarely what we want. The documentation of `bindScrolling` says "called every 100ms". In fact, debounce means that the functions were only called 'after the user **stops scrolling** for 100ms'. If you're scrolling very slowly (e.g. when using momentum-based scrolling on mobile), then this can be quite frustrating. This is why "Load more" is only triggered on topics/topic-lists when you completely stop scrolling.

Therefore, this commit also replaces the default 'debounce' with a 'throttle'. The 'throttle' is configured with `immediate = false`, so that it fires on the trailing edge, and therefore the final call will always be **after** we finish scrolling. (the default `immediate: true` would fire on the leading edge, and so the last call could be up to 100ms **before** we finish scrolling).
2021-11-26 20:22:50 +00:00
David Taylor
5d59b7e733
DEV: Make plugin api errors more descriptive (#15111)
With more descriptive errors, developers will know **why** a change is required, and may be more likely to take action.
2021-11-26 20:22:29 +00:00
David Taylor
e8bb37bd89
PERF: Disable ember touchstart listener (#15112)
Registering non-passive listeners for the touchstart event can affect scroll performance on mobile devices, and now shows a warning in Chrome. Our current version of Ember unconditionally registers all event listeners, even if they're unused. It also doesn't support passive event listeners. Once we get to Ember 4.0, it lazily registers event listeners, and supports passive listeners via the `{{on` helper.

We already disable the ember `mousemove` and `touchmove` events for performance, so it makes sense to do the same for `touchstart`. We are not using `touchstart` anywhere in core, and I cannot find any official/unofficial plugins which use it. If a `touchstart` event is required, plugins/themes can always register their own listeners (preferably on a specific element, rather than the whole `document`)
2021-11-26 20:22:02 +00:00
Jarek Radosz
fac6cc0778
DEV: Make @afterRender do just that, no extra next() (#15086) 2021-11-26 20:16:08 +01:00
David Taylor
4229e3f22c DEV: Set passive: false on composer grippie events
We do call `event.preventDefault()` on these events. They're limited to a single element, so performance impact should be negligable. Adding `passive: false` prevents the chrome dev tools warning.
2021-11-26 18:03:39 +00:00
David Taylor
ff72522f30 PERF: Use passive event listeners for touchstart, touchmove
None of these places call `event.preventDefault()`. Therefore we can register the event listeners as 'passive', and improve scroll performance on mobile devices.
2021-11-26 18:03:39 +00:00
Penar Musaraj
a12b73f881
UX: Fix extra indent on lists when supporting mixed text direction (#15110) 2021-11-26 12:32:45 -05:00
Robin Ward
f1178514fa Segment Ember CLI tests
Note `/topics/bulk` missing the first slash seems to expose an error not
present without segmentation.
2021-11-26 12:14:30 -05:00
Jarek Radosz
2971d03307
DEV: Don't create unnecessary scope methods (#15104)
Skipping methods we don't use gives us mem/perf gains (minuscule but still), but more importantly fixes warnings about `Poll#open` (created by `enum :status`) conflicting with some internal AR method. 😃
2021-11-26 16:34:07 +01:00
David Taylor
4d3eb3f1ac
PERF: Set --header-offset property only when changed (#15107)
Calling `setProperty("--header-offset", newValue)` will always cause a 'Recalculate Style' event, even if the value is unchanged. On my browser, these 'Recalculate Style' events take about 6-7ms each time the `dockCheck` function is run.

This commit stores the 'previous' value in an instance variable, and only calls setProperty if the value has changed. This brings the total runtime of `dockCheck` down to about 70µs on my machine.
2021-11-26 15:25:03 +00:00
Jarek Radosz
1441226b1a
DEV: Don't polute all ActiveRecord classes (#15103)
`pending`, `approved`, `rejected`, `ignored`, and `deleted` scope method were accessible on all model classes… 😂

Fixes `Creating scope :pending. Overwriting existing method DiscoursePostEvent::EventDate.pending.` warnings.
2021-11-26 10:17:10 +08:00
Martin Brennan
73db60ad2a
DEV: Add 201 to bootstrap-json accepted status codes (#15102)
The theme creator endpoints return JSON with a 201 CREATED
status code. With the recent changes to bootstrap-json/index.js
for the Ember CLI proxy, these endpoints were broken because
201 was not an accepted status code. This commit simply
adds 201 to the array, but prettier forced a reformat as well!
2021-11-26 11:13:15 +10:00
Robin Ward
9123f471e8 FIX: Don't throw errors on duplicate keys in Yaml
We shouldn't have them, but they shouldn't break a build either.
2021-11-25 16:56:02 -05:00
Jarek Radosz
c3eb75bf00
DEV: Don't crash on empty plugin translations (#15097)
ember build would throw and exit on:

```yml
# plugins/my_plugin/config/locales/client.en.yml
en:
  js:
    my_plugin:

```
2021-11-25 22:55:37 +01:00
Penar Musaraj
d99deaf1ab
FEATURE: show recent searches in quick search panel (#15024) 2021-11-25 15:44:15 -05:00
Rafael dos Santos Silva
5647819de4
FEATURE: Send a 'noindex' header in non-canonical responses (#15026)
* FEATURE: Optionally send a 'noindex' header in non-canonical responses

This will be used in a SEO experiment.

Co-authored-by: David Taylor <david@taylorhq.com>
2021-11-25 16:58:39 -03:00
Penar Musaraj
1166afa4e8
FIX: Software update prompt position on themes with extra header (#15094) 2021-11-25 11:16:55 -05:00
Jarek Radosz
cabacb5c48
DEV: Drop non-visualViewport Safari hacks (#15007)
Those were required pre-iOS 13.
2021-11-25 16:56:11 +01:00
David Taylor
03998e0a29
FIX: Use CDN URL for internal onebox avatars (#15077)
This commit will also trigger a background rebake for all existing posts with internal oneboxes
2021-11-25 12:07:34 +00:00
David Taylor
fd93d6f955
DEV: lib/user-presence improvements (#15046)
- Remove JQuery
- Remove legacy `document.webkitHidden` support. None of our currently supported browsers need this
- Use `passive` event listeners. These allows the browser to process the events first, before passing control to us
- Add a new `unseenTime` parameter. This allows consumers to request a delay before being notified about the browser going into the background
- Add a method for removing a callback
- Fire the callback when presence changes in either direction. Previously it would only fire when the user becomes present after a period of inactivity.
- Ensure callbacks are only called once for each state change. Previously they would be called every 60s, regardless of the value
- Listen to the `visibilitychanged` and `focus` events, treating them as equivalent to user action. This will make messagebus re-activate more quickly when switching back to a stale tab
- Add test helpers
- Delete the unused `discourse/lib/page-visible` module.
- Call message-bus's onVisibilityChange API directly, rather than dispatching a fake event on the `document`
2021-11-25 12:07:07 +00:00
Dan Ungureanu
6e2d4a14ac
FIX: Delete unconfirmed AND expired email tokens only (#15089) 2021-11-25 10:34:30 +02:00
Dan Ungureanu
fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
Natalie Tay
4c46c7e334
DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
Jordan Vidrine
09260148b1
DEV: Add cta app event (#15051)
Add app event for when CTA is triggered for anon users
2021-11-25 15:10:26 +11:00
Alan Guo Xiang Tan
db5edc713b
DEV: Make it clear that plugin-api on the client side follows semver. (#15070) 2021-11-25 09:26:28 +08:00
Jarek Radosz
704974da6a
DEV: Allow using incorrect headers with ember-cli (#15085)
Makes it possible to pass-through invalid headers, e.g. `Content-Type: multipart/form-data;;`

That ability regressed with the latest changes.
2021-11-25 00:45:55 +01:00
Robin Ward
c27e324bd1 FEATURE: Support i18n in Ember CLI plugin tests 2021-11-24 15:19:36 -05:00
Jarek Radosz
de3680eb5c
DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
Jarek Radosz
e41f98bf96
DEV: Fix set-after-destroy issues (#15078)
Fixes broken tests on the legacy ember env.
2021-11-24 20:13:52 +01:00
Jarek Radosz
9380c1273e
DEV: Fix another form of sending data in ember-cli (#15079) 2021-11-24 18:54:15 +01:00
Osama Sayegh
8fd10e6414
FIX: Don't crash the browser when tapping autocomplete suggestions on Android/Gboard (#15076)
This is a workaround for an annoying bug that crashes the browser when an autocomplete suggestion is selected on Android if the virtual keyboard is Gboard. It's specific to Gboard because it sometimes sends `keydown` and `keyup` events twice for a single key press, more details can be found here: https://meta.discourse.org/t/emoji-selector-crashes-the-message-editor-in-android-chrome/187009/24?u=osama.
2021-11-24 20:44:46 +03:00
Kerry Liu
ded9fe950a UX: add additional tests for pasting a link on a selection 2021-11-24 12:33:22 -05:00
Kerry Liu
f37bffdf6c UX: when pasting a link use linkify rules 2021-11-24 12:33:22 -05:00
Kerry Liu
0009498901 UX: pasting links on a selection will apply a link format 2021-11-24 12:33:22 -05:00
Jarek Radosz
c75224e3d9
DEV: Update supported node versions (#15073)
13 and 15 are no longer supported by node, and issues with discourse dependencies prevent us from using 17. (for now)
2021-11-24 18:18:35 +01:00
Bianca Nenciu
59e0ed8820
FEATURE: Highlight changed tags in post revisions (#15072) 2021-11-24 18:51:25 +02:00
Jarek Radosz
1ab4b1a4a8
DEV: Minor cleanup of create-account tests (#14989) 2021-11-24 16:43:25 +01:00
Jarek Radosz
9105163882
DEV: Fix the /tests path in ember-cli server (#15075) 2021-11-24 15:34:04 +01:00
Jarek Radosz
e217364a46
DEV: Fix ember-cli proxy issues (#15071)
* DEV: Fix ember-cli proxy compat with node < 16
* DEV: Fix uploading via ember-cli
* DEV: Fix proxying /logs & other CSP-enabled pages
2021-11-24 12:52:25 +01:00
Bianca Nenciu
3ea8937157
FEATURE: Add email normalization rules setting (#14593)
When this setting is turned on, it will check that normalized emails
are unique. Normalized emails are emails without any dots or plus
aliases.

This setting can be used to block use of aliases of the same email
address.
2021-11-24 11:30:06 +02:00
Alan Guo Xiang Tan
057ef55684
DEV: Allow callback to be registered to remove post menu button. (#15061)
This will allow buttons in the post menu to be remove based on a post's
attributes or site settings.
2021-11-24 13:26:52 +08:00
Jarek Radosz
3172e08b6d
DEV: Fix ember-cli proxying to production sites (#15042) 2021-11-23 23:31:54 +01:00
Bianca Nenciu
73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Vinoth Kannan
0ededb1454
UX: timestamp should not hide handle of topic timeline in mobile. (#15066)
Previously, since the space of the timestamp is big in some locales, it blocked the visibility of topic timeline handle in mobile view.
2021-11-23 23:24:58 +05:30
David Taylor
c749b41163
UX: Fallback to regular title if screen-reader title is unavailable (#15048)
c401d641 introduced a new translation key for auth providers, and provided new strings for core providers. However, not all plugins have added this string. This commit makes the screenreader title fallback to the regular title in those cases.
2021-11-23 11:12:54 +00:00
Natalie Tay
adf6498fe2
FEATURE: Show browser search tip when discourse search shows up in a topic (#15055) 2021-11-23 13:11:17 +08:00
Alan Guo Xiang Tan
8226ab1099
PERF: Updating first unread PM for user not respecting limits. (#15056)
In b8c8909a9d, we introduced a regression
where users may have had their `UserStat.first_unread_pm_at` set
incorrectly. This commit introduces a migration to reset `UserStat.first_unread_pm_at` back to
`User#created_at`.

Follow-up to b8c8909a9d.
2021-11-23 12:51:54 +08:00
Martin Brennan
db4c52ca26
DEV: Add single file progress and cancel for uppy in composer (#15053)
This commit adds handlers for the composer uppy mixin to allow
for cancelling individual file uploads, not just all of them
at once. This is also combined with better tracking of in progress
uploads along with their progress percentage, for UI that needs
to be able to display the progress for individual files and
also cancel individual files.

To use this, a cancel button in the UI should call a function like this:

```javascript
cancelSingleUpload(fileId) {
  this.appEvents.trigger(`${this.eventPrefix}:cancel-upload`, {
    fileId,
  });
},
```

Additionally, the `inProgressUploads` can be shown in the UI. It is an array of objects with the file name, ID, and the progress percentage. We can add more data to this if needed down the line.
2021-11-23 14:00:23 +10:00
Kris
52532758f7
DEV: add plugin outlet before topic list views (#15054) 2021-11-22 22:52:46 -05:00
Natalie Tay
340901c913
DEV: Add if a user is using an Apple device in widget capabilities (#15021)
* Consolidate device capability sniffing in caps
2021-11-23 11:21:31 +08:00
Martin Brennan
49c49e8ae0
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
This takes the uppy chunking algorithm and combines it with some
form submission from resumable.js for parity with the current
backup controller to make local backup uploads work with uppy.
We can then use this to replace the resumable-upload component
and the resumable.js library from our codebase, once stable.

This is disabled by default, so people using local backups will not
be affected. The enable_experimental_backup_uploader site setting
must be enabled for this to work.
2021-11-23 08:45:42 +10:00
Jarek Radosz
68b0fdd2b3
DEV: Fix silence user context message (#15040) 2021-11-22 19:44:20 +01:00
Jarek Radosz
bd2e1a8c38
FIX: Don't hit permalink-check if not authorized (#15039) 2021-11-22 19:44:00 +01:00
Jarek Radosz
ceed48f321
UX: Make banner full-width (#15038) 2021-11-22 19:43:45 +01:00
Dan Ungureanu
d420a7b2c8
DEV: Reuse code for TrustLevelAndStaffSetting (#15044)
The code that checked this permission was duplicated everytime a new
settings of this type was added. This commit changes the behavior of
some functionality because some feature checks were bypassed for staff
members.
2021-11-22 20:18:53 +02:00
RogerBW
fd66df5997
FEATURE: adds uploads scope for API keys (#14941)
* FEATURE: adds uploads scope for API keys

* Add basic test, change "image" to "file"
2021-11-22 10:49:08 -07:00
Jarek Radosz
d91d67a442
FEATURE: Allow theme settings to request refresh (#15037)
Similar to site settings, adds support for `refresh` option to theme settings.

```yaml
super_feature_enabled:
  type: bool
  default: false
  refresh: true
```
2021-11-22 13:16:56 +01:00
Martin Brennan
9f8ee8f137
FIX: Don't publish notifications to MessageBus for inactive users (#15035)
We are pushing /notification-alert/#{user_id} and /notification/#{user_id}
messages to MessageBus from both PostAlerter and User#publish_notification_state.
This can cause memory issues on large sites with many users. This commit
stems the bleeding by only sending these alert messages if the user
in question has been seen in the last 30 days, which eliminates a large
chunk of users on some sites.
2021-11-22 14:38:49 +11:00
Natalie Tay
9015183942
Always show input when editing text by removing hover (#15034) 2021-11-22 10:23:42 +08:00
Natalie Tay
d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan
fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Penar Musaraj
10a57825c8
UX: Fix fast edit save button color in dark schemes (#15027) 2021-11-19 16:15:10 -05:00
jbrw
97b27a7426
FIX: Remove 'Open Draft' label after topic draft deleted (#14997)
* FIX: Remove 'Open Draft' label after topic draft deleted
2021-11-19 11:00:11 -05:00
David Taylor
e906596942
FIX: Ensure mobile topic-list links are treated as Ember transitions (#15022)
In the topic lists, it's important that we apply `pointer-events: none;` to the links. 0e371d4 updated the selector used for this css.

In `templates/list/topic-list-item.hbs`, `.main-link` is applied to the same element as `.topic-list-data`, so the new selector applied correctly.

In `templates/mobile/list/topic-list-item.hbr`, `.main-link` is nested within `.topic-list-data`, so the new selector did not apply correctly.

This commit switches the selector back to simply `.main-link`, so that it works for both mobile and desktop.
2021-11-19 13:47:53 +00:00
Andrei Prigorshnev
b0d8d9e73d
FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
David Taylor
2153011cdb
PERF: Use more efficient text-direction check in select-kit init (#15015)
Calling `window.getComputedStyle` during initialization causes the browser to pause and 'Recalculate Style'. On my machine, this adds about 7ms to boot time. Instead, we can check for the `rtl` class on the html element, which is added by the server, and doesn't require computing styles.
2021-11-19 10:17:23 +00:00
Alan Guo Xiang Tan
1566cd2048
DEV: Return promise for toggleFilteredRepliesView widget action. (#15020)
This allows plugin to wait on the promise when the widget action is
called.
2021-11-19 15:40:35 +08:00
Alan Guo Xiang Tan
4b4973ee0d
PERF: Reduce records queried in UserStat.update_first_unread_pm. (#15016)
The inefficiency here is that we were previously fetching all the
records from `TopicAllowedUser` before filtering against a limited subset of
users based on `User#last_seen_at`.
2021-11-19 15:30:39 +11:00
Natalie Tay
da9a9a8e65
FIX: Add a confirm and cancel button when editing alt text (#15003) 2021-11-19 10:57:09 +08:00
David Taylor
254689b1fb
DEV: Remove JQuery from discourse/lib/text-direction (#15014) 2021-11-19 01:09:36 +00:00
jbrw
9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Jarek Radosz
e6670393df
DEV: Refactor logs-notice/global-notice (#15000) 2021-11-18 21:49:58 +01:00
Robin Ward
2c045c6368 FIX: Don't overwrite computed property for loading spinner fix
This fixes an issue CvX found on PR #14666 where a previous fix
overwrote a computed property.

The better fix (as is often the case with Ember) is to remove an
observer and call methods when things change ourselves.
2021-11-18 15:04:11 -05:00
Jordan Vidrine
9ebfcbb867
FIX: Topic list separator fix (#15011) 2021-11-18 13:32:44 -06:00
Dan Ungureanu
6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
David Taylor
ed2c3ebd71
PERF: Move preload hints to the <head> (#15008)
We have two JS assets which are included in the `<body>` of responses. We were including the `<link rel='preload'` hint alongside the script tag in the body. Instead, we can move the preload hint to the `<head>` so that the browser discovers it earlier, and can start preloading the assets while the body is loading.
2021-11-18 18:02:16 +00:00
David Taylor
135fdd59ed
PERF: Improve JS app boot speed by optimizing customResolve() (#14990)
Time spent in the 'find module with suffix' portion of our `customResolve` function were adding up to around 100ms-150ms when booting the app. This time is spread over 150+ calls, so it's not immediately obvious in flamegraphs.

This commit implements a (reversed) [Trie](https://en.wikipedia.org/wiki/Trie) which enables fast suffix-based lookups on a list of strings.

In my tests, this requires < 5ms to initialize, and brings the cumulative 'find module with suffix' time down to `< 5ms`. This corresponds to a ~100ms improvement in LCP metrics in my browser.

The only behavior change is to remove support for module filenames which are **not** dasherized. I haven't found any core/theme/plugin modules which are not dasherized in their filenames.
2021-11-18 16:38:00 +00:00
Jarek Radosz
a102673522
DEV: Avoid unnecessary site-settings:main lookups (#15006) 2021-11-18 17:11:59 +01:00
Jarek Radosz
8dc9e0f4bd
DEV: Use class syntax in key-value-store (#15005) 2021-11-18 16:54:47 +01:00
Jarek Radosz
82c72a46d1
DEV: Fix castInteger deprecations (#15004) 2021-11-18 16:52:14 +01:00
Jarek Radosz
4021842628
DEV: Make search an actual service (#14998) 2021-11-18 16:52:03 +01:00
Jarek Radosz
42fff92d9f
DEV: Make store an actual service (#14996)
`store:main` was unofficially deprecated 4 years ago in fbd5f1e411 (diff-b19dd1d6a5c7938fda9ae317136bbbb82339946ab457c9b95af936a47276c3ddR22)
2021-11-18 16:51:20 +01:00
Kris
19627eca4b
DEV: add outlet for extra categories column (#15002) 2021-11-18 09:46:59 -05:00
Vinoth Kannan
fc1c76cfcc
FIX: exclude moderator_action post for reply count in user summary. (#14991)
Previously, incorrect reply counts are displayed in the "top categories" section of the user summary page since we included the `moderator_action` and `small_action` post types.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-11-18 13:42:03 +05:30
Alan Guo Xiang Tan
db24c9b94e
FIX: Incorrect title and chevron when filtering by post number. (#14985)
The widget's state did not reflect the state of the controller.
2021-11-18 09:19:00 +08:00
Krzysztof Kotlarek
eb82849ccb
FIX: none and all categories filter (#14999)
parentCategory is passed to drop-category componen: https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/templates/components/bread-crumbs.hbs#L11

However, it is not available if it is not explicitly allow listed in selectKitOptions
2021-11-18 10:21:34 +11:00
Martin Brennan
b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh
b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz
9be69b603c
DEV: Make screen-track a regular service (#14983) 2021-11-17 20:56:06 +01:00
Bianca Nenciu
186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz
bf34d3524b
DEV: Fix a userFields computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX
439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX
113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Krzysztof Kotlarek
9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu
cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00
Penar Musaraj
2ff7f105d9
UX: launch full page search on second Enter hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay
c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00
Martin Brennan
515acb8fc4
FIX: Error when SMTP enabled in PostAlerter with no incoming email (#14981)
When 31035010af
was done it failed to take into account the case where the smtp_enabled
site setting was true, but the topic had no allowed groups / no
incoming email record, which caused errors for topics even with
nothing to do with group SMTP.
2021-11-17 09:24:17 +10:00
Martin Brennan
e7a4742490
FIX: Clean up emoji name which is file name (#14980)
Uppy adds the file name as the "name" parameter in the
payload by default, which means that for things like the
emoji uploader which have a name param used by the controller,
that param will be passed as the file name. We already use
the existing file name if the name param is null, so this
commit just does further cleanup of the name param, removing
the extension if it is a filename so we don't end up with
emoji names like blah_png.
2021-11-17 09:20:44 +10:00
Jarek Radosz
bf33d2cd4b
FIX: Include all categories in sortedCategories (#14979)
Fixes the issue where categories over two levels deep were missing.
2021-11-17 00:12:04 +01:00
Martin Brennan
7e39910de6
DEV: Refactor uppy s3 mulipart mixin to not use self = this (#14960)
We no longer use this pattern, so we can replace with function
binding instead.
2021-11-17 09:03:10 +10:00
Jordan Vidrine
aa31fbe29a
REFACTOR: Continued topic-list tweaks (#14977)
* REFACTOR: Prep for topic-list refactor
2021-11-16 14:44:04 -06:00
Mark VanLandingham
1b752a5dec
DEV: Export add emoji logic in textarea manipulation mixin (#14976) 2021-11-16 13:42:21 -06:00
Jordan Vidrine
19fb97bb13
FIX: Adjust topic list header alert (#14974) 2021-11-16 11:09:07 -06:00
jbrw
e306d84c56
FEATURE: display warning when sharing a topic in a restricted category (#14820)
* FEATURE: display warning when sharing a topic in a restricted category

If a topic belongs to a category that is not readable by everyone, display a text warning of "Only visible to members of groups: [group_a], [group_b]"

* DEV: Adding a new category means we need to bump this value

* DEV: pass category to showModal
2021-11-16 11:49:41 -05:00
Jarek Radosz
b6677fb126
DEV: Use radix 10 in parseInt() (#14973) 2021-11-16 16:36:44 +01:00
Akshay Birajdar
6b5e8be25a Support parsing array in #param_to_integer_list
Co-authored-by: Akshay Birajdar <akshay.birajdar@coupa.com>
2021-11-16 10:27:00 -05:00
Joffrey JAFFEUX
035822d9e0
DEV: sticky avatar was retained during tests (#14969) 2021-11-16 14:33:06 +01:00
Joffrey JAFFEUX
ff7e685a59
DEV: removes jquery usage from discourse-topic (#14964) 2021-11-16 13:17:44 +01:00
Joffrey JAFFEUX
0fbeb2e5a2
DEV: removes jquery usage from links-redirect (#14968) 2021-11-16 13:16:53 +01:00
Joffrey JAFFEUX
f9682f1c69
DEV: removes jquery usage from html-with-links (#14966) 2021-11-16 13:16:43 +01:00
Andrei Prigorshnev
32c6c4f417
DEV: Remove unused action (#14889)
There are no usages in Core and plugins.
2021-11-16 15:49:59 +04:00
Jordan Vidrine
370c729160
FIX: Additional fixes for last-visited on topic list (#14962) 2021-11-16 12:34:29 +01:00
Joffrey JAFFEUX
2167d4d890
FIX: fix regressions introduced in ae16b0a (#14967)
- ensures arrow up/down doesn’t also apply to textarea while autocomplete is opened
- ensures esc is closing autocomplete and also not closing composer while autocomplete is opened
2021-11-16 12:19:14 +01:00
Joffrey JAFFEUX
49f09345c7
FIX: adds missing class for last visit separator (#14965) 2021-11-16 11:40:08 +01:00
Joffrey JAFFEUX
ae16b0a9d4
DEV: reduces jquery usage and memory leaks in composer (#14924)
Removes more than 60 jquery function leaks in one `Acceptance: Composer` run.
2021-11-16 10:27:05 +01:00
Joffrey JAFFEUX
ef881fdedc
DEV: drops jquery/simplify code/removes leaked event (#14947) 2021-11-16 10:26:39 +01:00
Joffrey JAFFEUX
c768c2ab3a
DEV: drops jquery usage in stacked chart (#14946) 2021-11-16 10:26:26 +01:00
Joffrey JAFFEUX
43659a6de2
DEV: jquery removal/listeners/cleanup of permalink form (#14944)
- Removes jquery
- Removes a not unregistered listener and uses component event
- Removes external-url class as it was only valid in one case of the dropdown
- Uses @action
- Tagless
- Other minor changes
2021-11-16 10:25:54 +01:00
Joffrey JAFFEUX
c9a84d8067
DEV: removes unnecessary jquery selector (#14945) 2021-11-16 10:25:34 +01:00
Bianca Nenciu
88523a6d6a
FIX: Redirect to homepage if no posts exist (#14951)
After permanently deleting the first post of a topic the user was
sometimes stuck on the page because of an infinite loop. This problem
happened more often in Firefox.
2021-11-16 11:10:07 +02:00
Loïc Guitaut
c2be7c65e8 FEATURE: Move sticky avatars into core
This patch takes the small component we had for sticky avatars and adds
it into our core code base.

A small refactor has been made to have a `StickyAvatars` dedicated class.
2021-11-16 10:06:25 +01:00
Vinoth Kannan
c47a526371
FIX: exclude topics from muted tag in category featured list. (#14925)
Topics from muted tags were visible in the categories page's featured topics section since we didn't filter it before.
2021-11-16 12:10:50 +05:30