Commit Graph

48563 Commits

Author SHA1 Message Date
Ted Johansson
3044fca9b2 FIX: Fix flaky test resulting from PostAlerter keyword arguments (#19826)
We've been doing some work to support new keyword argument semantics in Ruby 3. As part of that we made some changes to `DiscourseEvent::TestHelper`. The backwards compatibility fix doesn't work if the method is called with an empty hash as the final argument. This fix adds a valid option to the final hash in the particular test.
2023-01-25 13:48:49 +02:00
Martin Brennan
5d9306a6fc FIX: Improve error reporting and failure modes for channel archiving (#19791)
There was an issue with channel archiving, where at times the topic
creation could fail which left the archive in a bad state, as read-only
instead of archived. This commit does several things:

* Changes the ChatChannelArchiveService to validate the topic being
  created first and if it is not valid report the topic creation errors
  in the PM we send to the user
* Changes the UI message in the channel with the archive status to reflect
  that topic creation failed
* Validate the new topic when starting the archive process from the UI,
  and show the validation errors to the user straight away instead of
  creating the archive record and starting the process

This also fixes another issue in the discourse_dev config which was
failing because YAML parsing does not enable all classes by default now,
which was making the seeding rake task for chat fail.
2023-01-25 13:48:49 +02:00
Discourse Translator Bot
b77160e10f
Update translations (#19975) 2023-01-24 16:32:59 +01:00
David Taylor
5e28c1e883
SECURITY: Bump Rails to v7.0.4.1 (stable) (#19957) 2023-01-23 15:39:24 -05:00
Alan Guo Xiang Tan
0e69aeb276
SECURITY: Default tags to show count of topics in unrestricted categories (#19929)
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information.
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope.
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 11:59:37 +08:00
Discourse Translator Bot
c84f189011
Update translations (#19898) 2023-01-18 11:42:57 +01:00
Alan Guo Xiang Tan
c368d35602
FIX: Regression in TopicTrackingState MessageBus message scope. (#19835) (#19837)
0403cda1d1 introduced a regression where
topics in non read-restricted categories have its TopicTrackingState
MessageBus messages published with the `group_ids: [nil]` option. This
essentially means that no one would be able to view the message.
2023-01-12 08:52:02 +08:00
OsamaSayegh
f54d21a80b
Version bump to v3.0.0 2023-01-11 08:17:04 +03:00
OsamaSayegh
ecdbf44983
Merge branch 'main' into stable 2023-01-11 08:15:34 +03:00
OsamaSayegh
c2731f1ec5
Merge branch 'main' into stable 2023-01-11 08:01:25 +03:00
Martin Brennan
5f4911dae8
FIX: Channel archive N1 when serializing current user (#19820)
* FIX: Channel archive N1 when serializing current user

The `ChatChannelSerializer` serializes the archive for the
channel if it is present, however this was causing an N1 for
the current user serializer in the case of DM channels, which
were not doing `includes(:chat_channel_archive)` in the
`ChatChannelFetcher`.

DM channels cannot be archived, so we can just never try to serialize
the archive for DM channels in `ChatChannelSerializer`, which
removes the N1.

* DEV: Add N1 performance spec for latest.html preloading

We modify current user serializer in chat, so it's a good
idea to have some N1 performance specs to avoid regressions
here.
2023-01-11 14:39:56 +10:00
dependabot[bot]
3ee0a49254
Build(deps): Bump pry from 0.14.1 to 0.14.2 (#19807)
Bumps [pry](https://github.com/pry/pry) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/pry/pry/releases)
- [Changelog](https://github.com/pry/pry/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pry/pry/compare/v0.14.1...v0.14.2)

---
updated-dependencies:
- dependency-name: pry
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 06:18:26 +08:00
dependabot[bot]
c76f15a0da
Build(deps-dev): Bump listen from 3.7.1 to 3.8.0 (#19808)
Bumps [listen](https://github.com/guard/listen) from 3.7.1 to 3.8.0.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](https://github.com/guard/listen/compare/v3.7.1...v3.8.0)

---
updated-dependencies:
- dependency-name: listen
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 06:18:10 +08:00
Alan Guo Xiang Tan
0403cda1d1
FIX: Error when publishing TopicTrackingState updates for certain topics (#19812)
When a topic belongs to category that is read restricted but permission
has not been granted to any groups, publishing ceratin topic tracking state
updates for the topic will result in the `MessageBus::InvalidMessageTarget` error being raised
because we're passing `nil` to `group_ids` which is not support by
MessageBus.

This commit ensures that for said category above, we will publish the
updates to the admin groups.
2023-01-11 06:15:52 +08:00
dependabot[bot]
edbaa7cace
Build(deps): Bump rubocop from 1.42.0 to 1.43.0 (#19818)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.42.0 to 1.43.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.42.0...v1.43.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 06:15:32 +08:00
Justin René Back
aad7a14b36
FIX: Make DBHelper.find build valid query (#19408) 2023-01-10 22:38:52 +02:00
Discourse Translator Bot
9b321b98a5
Update translations (#19813) 2023-01-10 20:53:34 +01:00
Jarek Radosz
5cc4424f4b
DEV: Update .editorconfig to match new hbs rules (#19816) 2023-01-10 16:21:16 +01:00
Alan Guo Xiang Tan
8a7b62b126
DEV: Fix threading error when running jobs immediately in system tests (#19811)
```
class Jobs::DummyDelayedJob < Jobs::Base
  def execute(args = {})
  end
end

RSpec.describe "Jobs.run_immediately!" do
  before { Jobs.run_immediately! }

  it "explodes" do
    current_user = Fabricate(:user)
    Jobs.enqueue_in(1.seconds, :dummy_delayed_job)
    sign_in(current_user)
  end
end
```

The test above will fail with the following error if `ActiveRecord::Base.connection_handler.clear_active_connections!` is called before the configured Capybara server checks out a connection from the connection pool.

```
     ActiveRecord::ActiveRecordError:
       Cannot expire connection, it is owned by a different thread: #<Thread:0x00007f437391df58@puma srv tp 001 /home/tgxworld/.asdf/installs/ruby/3.1.3/lib/ruby/gems/3.1.0/gems/puma-6.0.2/lib/puma/thread_pool.rb:106 sleep_forever>. Current thread: #<Thread:0x00007f437d6cfc60 run>.
```

We're not exactly sure if this is an ActiveRecord bug or not but we've
invested too much time into investigating this problem. Fundamentally,
we also no longer understand why `ActiveRecord::Base.connection_handler.clear_active_connections!` is being called in an ensure block
within `Jobs::Base#perform` which was added in
ceddb6e0da 10 years ago. This
commit moves the logic for running jobs immediately out of the
`Jobs::Base#perform` method into another `Jobs::Base#perform_immediately` method such that
`ActiveRecord::Base.connection_handler.clear_active_connections!` is not
called. This change will only impact the test environment.
2023-01-10 13:41:25 +08:00
Blake Erickson
d24d27f557
DEV: Document group param for search endpoint (#19806) 2023-01-09 14:46:07 -07:00
Kris
b572f69f5f
UX: add btn-primary class on email confirm page (#19803) 2023-01-09 15:26:56 -05:00
Daniel Waterworth
dfc449a32e
FIX: Continue if checking themes if updating one fails (#19665) 2023-01-09 11:56:43 -06:00
Andrei Prigorshnev
baccf7e5c9
UX: Change language from "Do Not Disturb" to "Pause Notifications" (#19800)
We renamed "Do Not Disturb" to "Pause Notifications" in UI in 2d628c8. This renames one more instance that I forgot to address.
2023-01-09 21:51:04 +04:00
Bianca Nenciu
fb780c50fd
FIX: Replace all quote-like unicodes with quotes (#19714)
If unaccent is called with quote-like Unicode characters then it can
generate invalid queries because some of the transformed quotes by
unaccent are not escaped and to_tsquery fails because of bad input.

This commits replaces more quote-like Unicode characters before
unaccent is called.
2023-01-09 19:19:51 +02:00
David Taylor
ba3a6da5db
DEV: Add recent formatting commits to .git-blame-ignore-revs (#19799) 2023-01-09 14:51:48 +00:00
David Taylor
f05da14fb6
DEV: Do not include method definitions in serializer attributes
These accidental inclusions are mostly no-ops (because the method name is also included as an explicit symbol). The mistakes were made more obvious because syntax_tree adjusted the indentation of these methods
2023-01-09 14:15:00 +00:00
David Taylor
5a003715d3
DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
chapoi
a641ce4b62
UX: improve use of space for readability of admin email modal (#19797) 2023-01-09 14:24:58 +01:00
Ted Johansson
06bda1fc62
FIX: wrap plugin outlets on user preference page 2023-01-09 14:17:50 +01:00
David Taylor
6417173082
DEV: Apply syntax_tree formatting to lib/* 2023-01-09 12:10:19 +00:00
David Taylor
b0fda61a8e
DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
David Taylor
cb932d6ee1
DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
David Taylor
0cf6421716
DEV: Apply syntax_tree formatting to Gemfile 2023-01-09 11:13:33 +00:00
David Taylor
7c77cc6a58
DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
David Taylor
436b3b392b
DEV: Apply syntax_tree formatting to script/* 2023-01-09 11:13:22 +00:00
Jarek Radosz
ff508d1ae5
FIX: Correctly support DiscourseEvent kwargs (#19788)
Fixes the support for kwargs in `DiscourseEvent.trigger()` on Ruby 3, e.g.

```rb
DiscourseEvent.trigger(:before_system_message_sent, message_type: type, recipient: @recipient, post_creator_args: post_creator_args, params: method_params)
```

Fixes https://github.com/discourse/discourse-local-site-contacts
2023-01-09 11:26:39 +01:00
Martin Brennan
56eaf91589
FIX: Do not error when anon user looks at secure upload for deleted post (#19792)
If a secure upload's access_control_post was trashed, and an anon user
tried to look at that upload, they would get a 500 error rather than
the correct 403 because of an error inside the PostGuardian logic.
2023-01-09 16:12:10 +10:00
Martin Brennan
c31772879b
FIX: Disable image optimization in iOS Safari (#19790)
There are various performance issues with the Canvas in iOS Safari
that are causing crashes when processing images with spikes of over 100%
CPU usage. The cause of this is unknown, but profiling points to
CanvasRenderingContext2D.getImageData() and
CanvasRenderingContext2D.drawImage().

Until Safari makes some progress with OffscreenCanvas or other
alternatives we cannot support this workflow. We will revisit in 6
months.

This is gated behind the hidden `composer_ios_media_optimisation_image_enabled`
site setting for people who really still want to try using this.
2023-01-09 12:16:02 +10:00
Alan Guo Xiang Tan
673089a6b4
FIX: Error condition in SidebarSiteSettingsBackfiller (#19787) 2023-01-09 07:01:58 +08:00
dependabot[bot]
72318a30ec
Build(deps): Bump rspec-mocks from 3.12.1 to 3.12.2 (#19784)
Bumps [rspec-mocks](https://github.com/rspec/rspec-mocks) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/rspec/rspec-mocks/releases)
- [Changelog](https://github.com/rspec/rspec-mocks/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-mocks/compare/v3.12.1...v3.12.2)

---
updated-dependencies:
- dependency-name: rspec-mocks
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 06:55:04 +08:00
dependabot[bot]
9a6338c6cb
Build(deps-dev): Bump rubocop-discourse from 3.0.2 to 3.0.3 (#19785)
Bumps [rubocop-discourse](https://github.com/discourse/rubocop-discourse) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/discourse/rubocop-discourse/releases)
- [Commits](https://github.com/discourse/rubocop-discourse/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: rubocop-discourse
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 06:54:51 +08:00
dependabot[bot]
15e81b6174
Build(deps): Bump jsdom from 20.0.3 to 21.0.0 in /app/assets/javascripts (#19786)
Bumps [jsdom](https://github.com/jsdom/jsdom) from 20.0.3 to 21.0.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/20.0.3...21.0.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-08 23:41:14 +01:00
dependabot[bot]
d82c9f28a5
Build(deps): Bump rspec-expectations from 3.12.1 to 3.12.2 (#19783)
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/rspec/rspec-expectations/releases)
- [Changelog](https://github.com/rspec/rspec-expectations/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-expectations/compare/v3.12.1...v3.12.2)

---
updated-dependencies:
- dependency-name: rspec-expectations
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-08 23:21:50 +01:00
David Taylor
055310cea4
DEV: Apply syntax_tree formatting to plugins/* 2023-01-07 11:11:37 +00:00
David Taylor
93e2dad656
DEV: Introduce syntax_tree code formatter (#19775)
This commit introduces the necessary gems and config, but adds all our ruby code directories to the `--ignore-files` list.

Future commits will apply syntax_tree to parts of the codebase, removing the ignore patterns as we go
2023-01-07 11:11:08 +00:00
Roman Rizzi
7b5f7b4484
FIX: Don't change the default allowed_attribute when calling #sanitize_field (#19770) 2023-01-06 11:47:15 -03:00
David Taylor
5ce5ff053e
FIX: Bump messagebus to v4.3.1 (#19771)
Includes "FIX: Ensure non-long-polling requests are always spaced out": 233b248c96
2023-01-06 14:31:10 +00:00
Joffrey JAFFEUX
d464f1fc62
FIX: render_404 is not defined (#19769)
Note this endpoint is soon going to be replaced.
2023-01-06 14:38:08 +01:00
Matt Marjanović
aa4ff47208
FEATURE: Allow target attribute in links in user_field descriptions (#19102)
This change adds `target` to the set of attributes allowed by the
HTML sanitizer which is applied to the description of a user_field.

The rationale for this change:

 * If one puts a link (<a>...</a>) in the description of a user_field
   that is present and/or required at sign-up, the expectation is that
   a prospective new user will click on that link during sign-up.
 * Without an appropriate `target` attribute on the link, the new page
   will be loaded in the same window/tab as the sign-up form, but this
   will obliterate any fields that the user had already filled-out on
   the form.  (E.g., hitting the back-button will return to an
   empty form.)
 * Such UX behavior is incredibly aggravating to new users.

This change allows an admin to add a `target` attribute to links, to
instruct the browser to open them in a different window/tab, leaving
a sign-up form intact.
2023-01-06 10:18:35 -03:00
David Taylor
66e8a35b4d
DEV: Include message-bus request type in HTTP request data (#19762) 2023-01-06 11:26:18 +00:00