Commit Graph

159 Commits

Author SHA1 Message Date
David Taylor
ded3639f87 DEV: Add openid-connect as an official plugin 2018-12-06 16:16:47 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor
052bf37578 FIX: Use Discourse.deprecate instead of Rails.logger.warn
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Bianca Nenciu
d408073fc2 DEV: Update official plugins list
canned replies is now named discourse-canned-replies which keeps our naming consistent
2018-10-15 13:53:21 +11:00
Joshua Rosenfeld
aba4dec27f
Update official plugin list
* Remove duplicate entry
* Add missing plugins
* Update list for new names
2018-10-12 10:12:31 -04:00
Guo Xiang Tan
1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Rishabh Nambiar
943f017a17 Mark discourse-perspective-api as an official plugin 2018-10-04 14:34:22 +05:30
Joshua Rosenfeld
afaa722c32
sort official plugin list, remove duplicate entry
`discourse-sitemap` was listed twice, sorted list to help avoid duplication
2018-09-09 13:41:26 -04:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Dax74
5f51ef27e7
Added sitemap plugin in the official list 2018-08-29 10:58:26 +02:00
Sam
47e6b8b318 discourse etiquette is an official plugin 2018-08-27 10:03:49 +10:00
Sam
8fa5dd4a1f FEATURE: discourse-checklist is now an official plugin 2018-08-21 10:44:40 +10:00
Robin Ward
5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam
4b000f5d12 FIX: do not use lib for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Jeff Wong
059862ed46 Mark discord auth plugin official 2018-08-01 09:33:14 -07:00
David Taylor
8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor
467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor
88241f57a3
FEATURE: allow auth plugins to have a site setting for full screen login 2018-07-26 11:11:16 +01:00
Nick Shearer
def2c977ce allow auth plugins to have a site setting for if they should be full screen vs popup window 2018-07-25 19:20:11 -05:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joshua Rosenfeld
212f518cd1
Add invite tokens to official plugins list 2018-06-30 17:24:45 -04:00
Robin Ward
6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX
24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Blake Erickson
9963078dd1 Add to offical plugins list 2018-06-18 10:20:49 -06:00
Robin Ward
e5c156b226 Add characters-required to official plugins list 2018-06-18 10:30:46 -04:00
Régis Hanol
4d75535f9e Revert "Revert "Revert "Add discourse-group-tracker to official plugin list."""
This reverts commit d1dc8e4226.
2018-06-11 15:52:20 +02:00
Régis Hanol
d1dc8e4226 Revert "Revert "Add discourse-group-tracker to official plugin list.""
This reverts commit 1a00aaa825.
2018-06-11 14:30:16 +02:00
Guo Xiang Tan
1a00aaa825 Revert "Add discourse-group-tracker to official plugin list."
This reverts commit e262cb07d4.
2018-06-08 10:51:16 +08:00
Guo Xiang Tan
e262cb07d4 Add discourse-group-tracker to official plugin list. 2018-06-08 09:55:26 +08:00
Dax74
5bd38e3a29
Add Github Linkback plugin 2018-05-31 01:02:35 +02:00
Joshua Rosenfeld
4ad924bcf5
Add discourse-policy as official plugin 2018-05-29 16:57:05 -04:00
jomaxro
be01491c04 Revert "Correct BBCode plugin name"
This reverts commit 10dfdd7d2a.
2018-05-19 20:03:49 -04:00
Joshua Rosenfeld
10dfdd7d2a
Correct BBCode plugin name 2018-05-19 19:53:39 -04:00
Guo Xiang Tan
c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan
8cf0f51eb2 UX: Display site settings shortcut for poll and discourse-nginx-performance-report.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Sam
c81854ad14 FEATURE: Rename discourse-cronos to discourse-local-dates 2018-05-04 16:11:50 +10:00
Joffrey JAFFEUX
78435833a5
FEATURE: discourse-cronos is now a core plugin 2018-05-03 20:15:57 +02:00
Robin Ward
93b40d5e59 Don't use puts here since it happens in tests 2018-04-30 12:26:43 -04:00
Neil Lalonde
e52d914c08 add discourse-user-card-badges to official plugins 2018-04-26 15:28:06 -04:00
Sam
98d142b1c1 also causes test failure, removing 2018-04-26 13:48:44 +10:00
Sam
0a82d739f9 unofficialize plugin 2018-04-26 13:23:14 +10:00
Sam
4ded5e18e6 add more official plugins 2018-04-26 12:33:07 +10:00
Gerhard Schlager
afe1a2793d Mark discourse-signatures plugin as official 2018-04-25 11:58:39 +02:00