Commit Graph

46510 Commits

Author SHA1 Message Date
Bianca Nenciu
f60e6837c6
FEATURE: Add setting to always confirm old email (#18417)
By default, only staff members have to confirm their old email when
changing it. This commit adds a site setting that when enabled will
always ask the user to confirm old email.
2022-09-30 00:49:17 +03:00
Daniel Waterworth
cb922ca8c8
DEV: update .ruby-version.sample (#18426) 2022-09-29 13:38:44 -05:00
Jarek Radosz
000c7a3ee3 Version bump to v2.9.0.beta10 2022-09-29 20:37:21 +02:00
Jarek Radosz
4b66086d04 Revert "Version bump to v2.3.0.beta10 (#18425)"
This reverts commit b92185a2d4.
2022-09-29 20:37:21 +02:00
Jarek Radosz
b92185a2d4
Version bump to v2.3.0.beta10 (#18425) 2022-09-29 20:23:19 +02:00
Jarek Radosz
b27d5626d2
SECURITY: Prevent arbitrary file write when decompressing files (#18421)
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2022-09-29 20:00:38 +02:00
Jarek Radosz
ae1e536e83
SECURITY: moderator shouldn't be able to import a theme via API (#18418)
* SECURITY: moderator shouldn't be able to import a theme via API.
* DEV: apply `AdminConstraint` for all the "themes" routes.

Co-authored-by: Vinoth Kannan <svkn.87@gmail.com>
2022-09-29 20:00:20 +02:00
Roman Rizzi
ba139b8c23
REFACTOR: Improve reusability by Decoupling flag modal from flag target. (#18251)
* REFACTOR: Improve reusability by Decoupling flag modal from flag target.

We want chat message's flags to have the same features as topic and posts' flags, but we prefer not having to duplicate core's logic. This PR moves target specific bits to different classes, allowing plugins to flag custom things by
providing their own.

* A couple of fixes for the flag modal:

- Make sure buttons are disabled until a flag type is selected.
- Don't throw an error when checking if the user can undo an action on a deleted topic.
- Disable flagging on deleted topics.
2022-09-29 11:57:36 -03:00
Rafael dos Santos Silva
fb5695795f
UX: Fix composer position on Firefox for Android (#18403)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-09-29 11:35:01 -03:00
Jarek Radosz
300db0615f
DEV: Fix InstallTrigger deprecation warnings on Firefox (#18380)
"InstallTrigger is deprecated and will be removed in the future."
2022-09-29 13:31:29 +02:00
Alan Guo Xiang Tan
5248fbbe24
UX: Add flag icon for review section link in sidebar (#18414) 2022-09-29 15:41:23 +08:00
Alan Guo Xiang Tan
4f84ed6723
FIX: Use Category#category_text for sidebar title (#18411)
Previously we used `Category#category_excerpt` but the excerpt keeps the
HTML entities around if present and we can't really display HTML in the
title of a link.
2022-09-29 14:44:41 +08:00
Alan Guo Xiang Tan
ec1851b1dc
DEV: Fix lint (#18412) 2022-09-29 14:44:23 +08:00
Alan Guo Xiang Tan
4c2525adc6
UX: Correct padding and height for sidebar section message (#18410)
Follow-up to f1cbc23f1e
2022-09-29 14:06:28 +08:00
Alan Guo Xiang Tan
3ec1808d75
DEV: Revert change in background-color of sidebar (#18409)
Follow-up to f1cbc23f1e
2022-09-29 13:52:23 +08:00
Alan Guo Xiang Tan
f1cbc23f1e
UX: Add icons to all section links in Sidebar (#18378)
This commit introduces an icon to all links in the sidebar. If an icon has not been configured, we will fall back to a generic "link" icon. As part of this commit, we also standardised the size of each prefix to 20px by 20px and set a fix margin. This is to allow sufficient space for text prefixes and image prefixes to be displayed. 

Tests have been intentionally left out for now as I don't feel like asserting for the icons will bring much value at this point. Time shall prove me wrong.

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2022-09-29 12:28:01 +08:00
dependabot[bot]
b6dfe5e394
Build(deps): Bump net-pop from 0.1.1 to 0.1.2 (#18405)
Bumps [net-pop](https://github.com/ruby/net-pop) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/ruby/net-pop/releases)
- [Commits](https://github.com/ruby/net-pop/compare/v0.1.1...v0.1.2)

---
updated-dependencies:
- dependency-name: net-pop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 10:23:09 +08:00
Martin Brennan
87a6cab772
FIX: Migration typo for secure_uploads (#18408)
Fixes typo from 8ebd5edd1e causing
deploy issues.
2022-09-29 11:30:14 +10:00
dependabot[bot]
854ec97772
Build(deps-dev): Bump selenium-webdriver from 4.4.0 to 4.5.0 (#18404)
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.4.0...selenium-4.5.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:01:42 +08:00
dependabot[bot]
c8be7644fa
Build(deps): Bump net-smtp from 0.3.1 to 0.3.2 (#18406)
Bumps [net-smtp](https://github.com/ruby/net-smtp) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/ruby/net-smtp/releases)
- [Changelog](https://github.com/ruby/net-smtp/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/net-smtp/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: net-smtp
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:01:10 +08:00
dependabot[bot]
a53643515d
Build(deps): Bump net-imap from 0.2.3 to 0.3.0 (#18407)
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.2.3 to 0.3.0.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.2.3...v0.3.0)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:00:56 +08:00
Martin Brennan
8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Osama Sayegh
70b96ac4e7
DEV: Include quote notifications in the replies tab in the user menu (#18401)
The rationale behind this change is that quote notifications are almost always as important as replies notifications so it makes sense for them to be included in the replies tab instead of the "other" tab. Internal topic: t/74748.
2022-09-28 21:41:11 +03:00
Rafael dos Santos Silva
ea3bc7d7dc
UX: Restore full sized composer on mobile (#18400) 2022-09-28 15:32:09 -03:00
Jordan Vidrine
64601779f0
UX: Style changes to match updates (#18397) 2022-09-28 12:31:56 -05:00
Keegan George
c3d9324d4d
FEATURE: Remember adjusted composer height (#18385)
This PR makes adjusted composer height persistent for a user. After dragging to change the composer height, the updated height will be stored in localStorage and will be restored when opening the composer again.
2022-09-28 08:43:52 -07:00
Penar Musaraj
37b043fefc
FIX: Ensure composer grippie stays visible (#18396)
Fixes a small regression in ab58b0c.
2022-09-28 10:02:03 -04:00
Andrei Prigorshnev
833c8055e1
FEATURE: Optionally show user status on email group user chooser (#18367) 2022-09-28 17:31:20 +04:00
dependabot[bot]
297ce90a88
Build(deps): Bump @babel/core in /app/assets/javascripts (#18388)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.19.1 to 7.19.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.3/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-09-28 12:48:09 +02:00
Osama Sayegh
b10b5eb17b
DEV: Unsubscribe from MessageBus channel when leaving review-index route (#18395)
We subscribe to a couple of MessageBus channels when the review-index route is entered, but we should unsubscribe when exiting the route otherwise callbacks would leak every time the review-index is entered and that might cause subtle and weird bugs or errors.
2022-09-28 12:58:19 +03:00
dependabot[bot]
567fcaecb8
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#18389)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.19.2 to 7.19.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.3/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-28 11:43:40 +02:00
Osama Sayegh
51cabf0f26
DEV: Use the correct property for checking if redesigned user menu is enabled (#18394)
The correct attribute for the new user menu feature flag is `redesigned_user_menu_enabled`, not `enable_redesigned_user_menu`.
2022-09-28 10:50:52 +03:00
Alan Guo Xiang Tan
4b561277a9
FEATURE: Add review link to community section for logged in user (#18374)
When there are pending reviewables, the review section link is displayed
in the main section. When there are no pending reviewables, the review
section link is displayed under the more links drawer.

Internal ref: /t/74210
2022-09-28 09:58:07 +08:00
Arpit Jalan
bc97f3d1c1
FIX: some composer messages were broken (#18392) 2022-09-28 07:21:20 +05:30
Martin Brennan
57caf08e13
DEV: Minimal first pass of rails system test setup (#16311)
This commit introduces rails system tests run with chromedriver, selenium,
and headless chrome to our testing toolbox.

We use the `webdrivers` gem and `selenium-webdriver` which is what
the latest Rails uses so the tests run locally and in CI out of the box.

You can use `SELENIUM_VERBOSE_DRIVER_LOGS=1` to show extra
verbose logs of what selenium is doing to communicate with the system
tests.

By default JS logs are verbose so errors from JS are shown when
running system tests, you can disable this with
`SELENIUM_DISABLE_VERBOSE_JS_LOGS=1`

You can use `SELENIUM_HEADLESS=0` to run the system
tests inside a chrome browser instead of headless, which can be useful to debug things
and see what the spec sees. See note above about `bin/ember-cli` to avoid
surprises.

I have modified `bin/turbo_rspec` to exclude `spec/system` by default,
support for parallel system specs is a little shaky right now and we don't
want them slowing down the turbo by default either.

### PageObjects and System Tests

To make querying and inspecting parts of the page easier
and more reusable inbetween system tests, we are using the
concept of [PageObjects](https://www.selenium.dev/documentation/test_practices/encouraged/page_object_models/) in
our system tests. A "Page" here is generally corresponds to
an overarching ember route, e.g. "Topic" for `/t/324345/some-topic`,
and this contains logic for querying components within the topic
such as "Posts".

I have also split "Modals" into their own entity. Further down the
line we may want to explore creating independent "Component"
contexts.

Capybara DSL should be included in each PageObject class,
reference for this can be found at https://rubydoc.info/github/teamcapybara/capybara/master#the-dsl

For system tests, since they are so slow, we want to focus on
the "happy path" and not do every different possible context
and branch check using them. They are meant to be overarching
tests that check a number of things are correct using the full stack
from JS and ember to rails to ruby and then the database.

### CI Setup

Whenever a system spec fails, a screenshot
is taken and a build artifact is produced _after the entire CI run is complete_,
which can be downloaded from the Actions UI in the repo.

Most importantly, a step to build the Ember app using Ember CLI
is needed, otherwise the JS assets cannot be found by capybara:

```
- name: Build Ember CLI
  run: bin/ember-cli --build
```

A new `--build` argument has been added to `bin/ember-cli` for this
case, which is not needed locally if you already have the discourse
rails server running via `bin/ember-cli -u` since the whole server is built and
set up by default.

Co-authored-by: David Taylor <david@taylorhq.com>
2022-09-28 11:48:16 +10:00
Martin Brennan
ec83260686
Revert "init (#18387)" (#18391)
This reverts commit c975fa3b29.

CSS changes here break CI
2022-09-28 10:33:09 +10:00
Jordan Vidrine
c975fa3b29
init (#18387) 2022-09-27 19:15:11 -05:00
Renato Atilio
4c085873e5
FIX: 404 sending beacon "leave all" on subfolder install 2022-09-27 19:57:38 +01:00
Penar Musaraj
cc4af80c7d
DEV: refactor bootbox alerts (#18292) 2022-09-27 14:47:13 -04:00
Discourse Translator Bot
5dea425ee9
Update translations (#18381) 2022-09-27 19:07:56 +02:00
Keegan George
ca1038187f
A11Y: Improve user card accessibility (#18348) 2022-09-27 10:06:20 -07:00
Arpit Jalan
2ee721f8aa
FEATURE: add composer warning when user haven't been seen in a long time (#18340)
* FEATURE: add composer warning when user haven't been seen in a long time

When a user creates a PM and adds a recipient that hasn't been seen in a
long time then we'll now show a warning in composer indicating that the
user hasn't been seen in a long time.
2022-09-27 22:06:40 +05:30
Rafael dos Santos Silva
0f5db0838d
FEATURE: JS API interface for hljs plugins (#18382)
* FEATURE: JS API interface for hljs plugins

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-09-27 13:26:52 -03:00
Penar Musaraj
217274f2c1
A11Y: multiple fixes to user stream items (#18368)
- in group activity, allows avatars to be selectable by tabbing or screen readers
- in user activity > drafts, fixes a bug where for draft replies, the wrong avatar was being shown in the user card
- in both group and user activity, fixes the order of focusable items
2022-09-27 10:59:26 -04:00
Penar Musaraj
b97cb222c2
A11Y: Associate label with input in bookmark modal (#18371) 2022-09-27 09:18:59 -04:00
Penar Musaraj
250c0bccbd
A11Y: Add aria label to composer messages Esc button (#18372) 2022-09-27 08:52:09 -04:00
Selase Krakani
049f8569d8
FIX: Recursively tag topics with missing ancestor tags (#18344)
* FIX: Recursively tag topics with missing ancestor tags

Given only a child tag, walk up the ancestry chain, get all of it's
ancestors for use in tagging a topic

* FIX: Ensure only one parent tag is returned for topic tagging

Current implementation selects and return first parent tag if child tag
has multiple parents.

This change updates recursive parent tag implementation to only return
parent tags via only one ancestry line.

* DEV: Add test case for tag cycles

Given we aren't performing a strict graph traversal to get a tag's
parent, cycles do not have any effect on the tags returned for topic
tagging.
2022-09-27 12:04:16 +00:00
David Taylor
53ee8746f6
DEV: Bump rubocop config and switch back to rubygems (#18379) 2022-09-27 12:07:09 +01:00
dependabot[bot]
653ef5f3b1
Build(deps): Bump omniauth-oauth2 from 1.7.2 to 1.7.3 (#17139)
Bumps [omniauth-oauth2](https://github.com/omniauth/omniauth-oauth2) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/omniauth/omniauth-oauth2/releases)
- [Changelog](https://github.com/omniauth/omniauth-oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/omniauth/omniauth-oauth2/compare/v1.7.2...v1.7.3)

---
updated-dependencies:
- dependency-name: omniauth-oauth2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-27 13:01:36 +02:00
Bianca Nenciu
20a17f248c
FIX: Make sure featured category topics are unique (#18343)
In the past, CategoryFeaturedTopic.feature_topics raised an exception
sometimes because it tried to create multiple CategoryFeaturedTopic
records for the same topic.

This code should not raise any exceptions as long as the list of new
topic IDs is unique because all previous records are deleted first,
then recreated and everything happens inside a transaction. The previous
rescue block was dead code anyway because it tried to catch
PG::UniqueViolation instead of ActiveRecord::RecordNotUnique. This
commit includes a fix to ensure that the topic IDs are unique.
2022-09-27 14:01:22 +03:00