Commit Graph

44875 Commits

Author SHA1 Message Date
Martin Brennan
5d0c2cba07
DEV: Fix typo for email encoded (#15577) 2022-01-14 09:33:15 +10:00
tshenry
8ef3513e4a
UX: Use https protocol for markdown help link (#15576) 2022-01-13 15:20:38 -08:00
Robin Ward
6272edd121 DEV: Support for running theme test with Ember CLI (third attempt)
The second attempt fixed issues with smoke test.

This one makes sure minification only happens in production mode.
2022-01-13 16:02:07 -05:00
Rafael dos Santos Silva
f82f0e1179
DEV: Fix readme CI badge (#15569) [skip ci] 2022-01-13 15:41:02 -03:00
Neil Lalonde
aa54645753
Version bump to v2.8.0.beta11 (#15567) 2022-01-13 10:35:59 -05:00
Neil Lalonde
3a126c134e
Version bump to v2.7.13 2022-01-13 10:16:51 -05:00
Joffrey JAFFEUX
e3174e70c6
FIX: attempts to compensate for first line spacing with pre-line (#15566) 2022-01-13 16:14:51 +01:00
Joffrey JAFFEUX
29bdcf2f7f
FIX: prevents tweets to lose format in onebox (#15565) 2022-01-13 15:34:40 +01:00
Joffrey JAFFEUX
25722e0b08
DEV: using Enter on a focused button should trigger action (#15564) 2022-01-13 14:24:52 +01:00
Dan Ungureanu
c7a6d9bc3a
SECURITY: Do not sign in unapproved users (#15552) 2022-01-13 10:42:48 +02:00
Alan Guo Xiang Tan
a407d42984 DEV: Fix deprecation warning after updating to messabe_bus 4.0.0.
```
MessageBus.reliable_pub_sub is deprecated, use MessageBus.backend_instance instead.
```

Follow-up to aee9fcd257
2022-01-13 14:11:07 +08:00
David Taylor
909de9b36c
FIX: Bypass service worker on the SSO path (#15558) (#15560)
This is a workaround a behavior change in Chromium v97.
The following text was sent to the blink-dev mailing list:

> This change broke a SingleSignOn login on the FOSS software Discourse. We have a flow like:
>
> 1. User visits forum.siteA.com, click login
> 2. Gets redirected to idp.siteB.com
> 3. Fills login details
> 4. Gets redirected to forum.siteA.com/session/sso_login?parameters
> 5. Gets redirected to forum.siteA.com/homepage
>
> On step 4, the response includes a `set-cookie` header, with proper `HttpOnly; SameSite=Lax; Secure `and set. But if there is an active service worker, the login will fail as that cookie will be rejected by Chromium due to SameSite rules now.
>
> t=2971 [st=258]        COOKIE_INCLUSION_STATUS
>                        --> domain = "forum.siteA.com"
>                        --> name = "_t"
>                        --> operation = "store"
>                        --> path = "/"
>                        --> status = "EXCLUDE_SAMESITE_LAX, DO_NOT_WARN"
>
> The service worker is a vanilla WorkboxJS service worker that intercepts all GETs with the "Network First" strategy.
>
> Disabling the service worker or using Firefox results in a successful login. There is no warning in either DevTools network tab nor the console that the cookie was rejected.
>
> Chrome 96: login works
> Chrome 97: login does not work
> Chrome 98: login does not work
>
> Is this expected behavior? Even if the request `GET forum.siteA.com` was initiated because of a redirect from a different domain, is it expected that Chrome will silently drop same site cookies from forum.siteA.com?

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2022-01-13 00:08:33 +00:00
Martin Brennan
107239a442
Revert "DEV: Support for running theme test with Ember CLI (second attempt)" (#15559)
This reverts commit 2c7906999a.

The changes break some things in local development (putting JS files
into minified files, not allowing debugger, and others)
2022-01-13 10:05:35 +10:00
Rafael dos Santos Silva
2278c7f82d
FIX: Bypass service worker on the SSO path (#15558)
This is a workaround a behavior change in Chromium v97.
The following text was sent to the blink-dev mailing list:

> This change broke a SingleSignOn login on the FOSS software Discourse. We have a flow like:
>
> 1. User visits forum.siteA.com, click login
> 2. Gets redirected to idp.siteB.com
> 3. Fills login details
> 4. Gets redirected to forum.siteA.com/session/sso_login?parameters
> 5. Gets redirected to forum.siteA.com/homepage
>
> On step 4, the response includes a `set-cookie` header, with proper `HttpOnly; SameSite=Lax; Secure `and set. But if there is an active service worker, the login will fail as that cookie will be rejected by Chromium due to SameSite rules now.
>
> t=2971 [st=258]        COOKIE_INCLUSION_STATUS
>                        --> domain = "forum.siteA.com"
>                        --> name = "_t"
>                        --> operation = "store"
>                        --> path = "/"
>                        --> status = "EXCLUDE_SAMESITE_LAX, DO_NOT_WARN"
>
> The service worker is a vanilla WorkboxJS service worker that intercepts all GETs with the "Network First" strategy.
>
> Disabling the service worker or using Firefox results in a successful login. There is no warning in either DevTools network tab nor the console that the cookie was rejected.
>
> Chrome 96: login works
> Chrome 97: login does not work
> Chrome 98: login does not work
>
> Is this expected behavior? Even if the request `GET forum.siteA.com` was initiated because of a redirect from a different domain, is it expected that Chrome will silently drop same site cookies from forum.siteA.com?
2022-01-12 20:01:53 -03:00
David Taylor
da6f837572
DEV: Bump bundler from 2.2.26 to 2.3.4 (#15549) 2022-01-13 08:50:04 +11:00
Kris
320c4c12f4
UX: adjust invite and related form spacing (#15556) 2022-01-13 08:41:28 +11:00
dependabot[bot]
9ea4d8dab0
Build(deps): Bump ecma-re-validator from 0.3.0 to 0.4.0 (#15557)
Bumps [ecma-re-validator](https://github.com/gjtorikian/ecma-re-validator) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/gjtorikian/ecma-re-validator/releases)
- [Commits](https://github.com/gjtorikian/ecma-re-validator/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: ecma-re-validator
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-13 08:38:33 +11:00
Jarek Radosz
aee9fcd257
DEV: Update message_bus to 4.0.0 (#15553) 2022-01-13 08:14:52 +11:00
Arpit Jalan
c593727497
FIX: navigate to topic/PM regardless of Shift key press (#15551)
Currently when pressing Shift key and hitting Reply button the user
stays on the post they are on and does not get navigated to newly
created topic/PM/reply. This is fine for replies but creates confusion
when composing a new topic/PM.

This commits makes it such that pressing Shift key and Reply button
(or ctrl-shift-enter / cmd-shift-enter) works only for replies and not
for new topic/PM. The user will always be navigated to new topic/PM.
2022-01-13 08:13:33 +11:00
Robin Ward
2c7906999a DEV: Support for running theme test with Ember CLI (second attempt)
This PR includes support for running theme tests in legacy ember
production envrionments.
2022-01-12 15:43:29 -05:00
Dan Ungureanu
584c6a2e8b
SECURITY: Do not sign in unapproved users (#15552) 2022-01-12 22:24:54 +02:00
David Taylor
6750c682ac DEV: Add integration test for refreshing discovery-topics views
This test would have detected the regression which was fixed in f94c01b233
2022-01-12 12:18:37 +00:00
David Taylor
78c6fc6e43 DEV: Use Ember router to determine currentURL
This means that our DiscourseURL logic will work consistently in tests, where `window.location` doesn't get updated.

To make it work properly, our `replaceState` implementation needed to be updated so that it writes the new URL to Ember's router, rather than bypassing the router and going straight to the `location` API.

A couple of tests needed updating following this fix:
- the composer-test was asserting that the new reply should be missing from the DOM... when really it **should** be in the DOM, and this fix to the test environment makes it so
- the topic-test was making a fake topic fixture based on the data from a topic with a different id. This was causing the topic route to get confused, and 'fix' the currentURL. This commit updates it to use a fixture with consistent data.

This commit also removes the feature detection of `window.history`. It's feature-detected within `discourse-location`. Plus, we don't support any browsers without it.
2022-01-12 12:18:37 +00:00
Natalie Tay
dd3ed27930
DEV: Allow utility class domFromString to take in strings with multiple top level elements (#15548)
Previously only `<div>one top element</div>` was allowed because we use `firstChild` instead of `children`.
We also want `<div>one</div><div>two</div>` to work with this method.
2022-01-12 19:49:24 +08:00
David Taylor
252bb87ab3
Revert "DEV: Support for running theme test with Ember CLI" (#15547)
This reverts commit ea84a82f77.

This is causing problems with `/theme-qunit` on legacy, non-ember-cli production sites. Reverting while we work on a fix
2022-01-11 23:38:59 +00:00
Kris
1d0e5ae4c8
DEV: add invite-page class (#15546) 2022-01-11 17:05:13 -05:00
Robin Ward
ea84a82f77 DEV: Support for running theme test with Ember CLI
This is quite complex as it means that in production we have to build
Ember CLI test files and allow them to be used by our Rails application.

There is a fair bit of glue we can remove in the future once we move to
Ember CLI completely.
2022-01-11 15:42:13 -05:00
dependabot[bot]
4afe47f9e6 Build(deps): Bump rainbow from 3.0.0 to 3.1.1
Bumps [rainbow](https://github.com/sickill/rainbow) from 3.0.0 to 3.1.1.
- [Release notes](https://github.com/sickill/rainbow/releases)
- [Changelog](https://github.com/sickill/rainbow/blob/master/Changelog.md)
- [Commits](https://github.com/sickill/rainbow/compare/v3.0.0...v3.1.1)

---
updated-dependencies:
- dependency-name: rainbow
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 14:31:35 -05:00
dependabot[bot]
4a33f9febe
Build(deps): Bump hashie from 4.1.0 to 5.0.0 (#14867)
Bumps [hashie](https://github.com/hashie/hashie) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/hashie/hashie/releases)
- [Changelog](https://github.com/hashie/hashie/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hashie/hashie/compare/v4.1.0...v5.0.0)

---
updated-dependencies:
- dependency-name: hashie
  dependency-type: indirect
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 18:43:57 +00:00
Discourse Translator Bot
2976b63094
Update translations (#15540) 2022-01-11 14:21:34 +01:00
David Taylor
8eb61de1cd
FIX: Handling of /p/### URLs within Ember (#15536) 2022-01-11 13:10:46 +00:00
David Taylor
5cfe42474a
FIX: LOAD_PLUGINS=0 in dev/prod, warn in plugin:pull_compatible_all (stable) (#15538)
The `plugin:pull_compatible_all` task is intended to take incompatible plugins and downgrade them to an earlier version. Problem is, when running the rake task in development/production environments, the plugins have already been activated. If an incompatible plugin raises an error in `plugin.rb` then the rake task will be unable to start.

This commit centralises our LOAD_PLUGINS detection, adds support for LOAD_PLUGINS=0 in dev/prod, and adds a warning to `plugin:pull_compatible_all` if it's run with plugins enabled.
2022-01-11 12:30:38 +00:00
David Taylor
b3e52f99e6
FIX: LOAD_PLUGINS=0 in dev/prod, warn in plugin:pull_compatible_all (#15537)
The `plugin:pull_compatible_all` task is intended to take incompatible plugins and downgrade them to an earlier version. Problem is, when running the rake task in development/production environments, the plugins have already been activated. If an incompatible plugin raises an error in `plugin.rb` then the rake task will be unable to start.

This commit centralises our LOAD_PLUGINS detection, adds support for LOAD_PLUGINS=0 in dev/prod, and adds a warning to `plugin:pull_compatible_all` if it's run with plugins enabled.
2022-01-11 12:30:22 +00:00
Bianca Nenciu
dd3e766efd
DEV: Do not manually require ip_addr (#15535) 2022-01-11 12:43:00 +02:00
David Taylor
b537d591b3
FIX: allow slug-less topic URLs to work within the same topic (#15508)
- Update the TOPIC_URL_REGEXP in `lib/url` so that `navigatedToPost` doesn't attempt to handle slug-less URLs. Slugs must contain at least one non-numeric character, so we can use that fact to make the regex more specific. We want slug-less URLs to be routed as a normal Ember transition, so that `topic-by-slug-or-id` can catch them and re-write the URL to include the slug.

- Update the `topic-by-slug-or-id` afterModel to ensure that the Ember router is used to handle the redirect, rather than DiscourseURL. This guarantees that it will function as a redirect (DiscourseURL.routeTo sometimes bypasses the router). This solves the history problem which was worked-around in 27211ee7bb.

- Update routes/topic to recover from aborted transitions gracefully. This means that following an aborted transition, the browser URL continues to be updated with post numbers as the user scrolls down the page.
2022-01-11 10:37:37 +00:00
Bianca Nenciu
5d35c38db2
FEATURE: Search screened IP address in blocks (#15461)
An admin could search for all screened ip addresses in a block by
using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16.
This feature allows admins to search for a single IP address in all
screened IP blocks. 192.168.0.1 returns all IP blocks that match it,
for example 192.168.0.0/16.

* FEATURE: Remove roll up button for screened IPs

* FIX: Match more specific screened IP address first
2022-01-11 09:16:51 +02:00
Bianca Nenciu
5a8b8f6f1e
FEATURE: Show warning if user won't be mentioned (#15339)
The new warnings cover more cases and more accurate. Most of the
warnings will be visible only to staff members because otherwise they
would leak information about user's preferences.
2022-01-11 09:16:20 +02:00
Vinoth Kannan
6626089034
UX: change text of public_topic action code in login required sites. (#14764)
The wording "made this topic public" made confusion in login required forums.
2022-01-11 11:35:16 +05:30
Alan Guo Xiang Tan
2ee9a09c8c DEV: Fix failing test. 2022-01-11 11:45:22 +08:00
Alan Guo Xiang Tan
6fb89c153a Revert "DEV: Remove stale ignored_columns from models."
This reverts commit 9f5c8644d0.

Have to revert because the ignored columns have not been dropped.
2022-01-11 11:00:58 +08:00
Alan Guo Xiang Tan
c2afc3915b FEATURE: Customizable rules and plugins for PrettyText.markdown.
This commit extends the options which can be passed to
`PrettyText.markdown` so that which Markdown-it rules and Discourse
Markdown plugins to be used when rendering a text can be customizable.
Currently, this extension is mainly used by plugins.
2022-01-11 10:39:40 +08:00
Alan Guo Xiang Tan
9f5c8644d0 DEV: Remove stale ignored_columns from models. 2022-01-11 10:38:10 +08:00
Jarek Radosz
2dcad9772f FIX: Don't display duplicated emoji in picker 2022-01-11 10:37:02 +08:00
Krzysztof Kotlarek
22249806a8 FEATURE: decorate username in email-group-user-chooser-row
We are allowing plugins to decorate username selector:

1f1aa6a0d8/app/assets/javascripts/discourse/app/lib/plugin-api.js (L1154)

1472e47aae/app/assets/javascripts/discourse/app/templates/user-selector-autocomplete.hbr (L9)

The same decoration can be beneficial for email-group-user-chooser-row. An example use case is to show the icon that a user is on holiday when assigning a user to post/topic.
2022-01-11 09:49:27 +08:00
Alan Guo Xiang Tan
ab2c17236a DEV: Follow Discourse's convention when monkey patching.
Having to load `ip_addr` is confusing especially when that file exists
to monkey patch Ruby's `IpAddr` class. Moving it to our freedom patches
folder which is automatically loaded on initialization.
2022-01-11 09:48:27 +08:00
Jarek Radosz
0d9ab0beb3
DEV: Fix a flaky spec (#15529)
It's very much possible for there to be a topic with id 999.
2022-01-11 01:51:57 +01:00
dependabot[bot]
8e2dd937cb
Build(deps): Bump bootsnap from 1.9.3 to 1.9.4 (#15528)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 00:36:44 +01:00
dependabot[bot]
5e8b2742d9
Build(deps): Bump jmespath from 1.4.0 to 1.5.0 (#15525)
Bumps [jmespath](https://github.com/trevorrowe/jmespath.rb) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/trevorrowe/jmespath.rb/releases)
- [Changelog](https://github.com/jmespath/jmespath.rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trevorrowe/jmespath.rb/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: jmespath
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 00:03:33 +01:00
Jarek Radosz
933f6780ee
FIX: Update recent emoji list when selecting from it (#15514)
…after you re-open the modal or select another emoji.

Reason:
Even the most used emoji would be knocked off the list after a while, if you use any emoji outside the recent. Consider the sequence:

, 😃,  (from recent), 😀,  (from recent), 😛,  (from recent), 😎,  (from recent), and so on

With the previous logic, the check mark emoji would leave the list, even though it used constantly and (and the time of removal) would the the second most recent used emoji.

---

It doesn't update the list when you use the recent list so that you can click an emoji repeatedly and it doesn't shift from under your mouse cursor.
2022-01-11 00:00:47 +01:00
dependabot[bot]
a18c1cf8a4
Build(deps): Bump ffi from 1.15.4 to 1.15.5 (#15526)
Bumps [ffi](https://github.com/ffi/ffi) from 1.15.4 to 1.15.5.
- [Release notes](https://github.com/ffi/ffi/releases)
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ffi/ffi/compare/v1.15.4...v1.15.5)

---
updated-dependencies:
- dependency-name: ffi
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-10 23:54:49 +01:00