Commit Graph

3315 Commits

Author SHA1 Message Date
Régis Hanol
7b83237261 FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
Martin Brennan
7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
Arpit Jalan
0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Régis Hanol
5d75f90b27 FIX: group membership leak
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
romanrizzi
d3091edcea UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view 2020-01-13 15:53:41 -03:00
Roman Rizzi
d69c5eebcf
Feature: Mass award badge (#8694)
* UI: Mass grant a badge from the admin ui

* Send the uploaded CSV and badge ID to the backend

* Read the CSV and grant badge in batches

* UX: Communicate the result to the user

* Don't award if badge is disabled

* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.

* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Martin Brennan
9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Martin Brennan
cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Robin Ward
dcbe527a82 FIX: Don't log a claimed topic database error during tests
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
David Taylor
5eda44f8f2 FIX: Do not redirect to /auth/* urls after authentication
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
2020-01-08 17:06:03 +00:00
Robin Ward
e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
Vinoth Kannan
13f229808a FIX: add noindex header to user profile pages. 2020-01-08 11:26:20 +05:30
Bianca Nenciu
eef21625c6
Rename 'target usernames' with 'target recipients' in Composer (#8606)
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"

This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.

* DEV: Add test for replying to PM
2020-01-07 15:33:48 +02:00
Martin Brennan
5b75b8c135 Still redirect to signed URL for secure uploads
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
2020-01-07 14:02:17 +10:00
Martin Brennan
abca91cc4d
FEATURE: Add rake task to disable secure media (#8669)
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-07 12:27:24 +10:00
Osama Sayegh
fac71da605
FIX: Don't give error 500 when invalid date param is given to admin reports (#8658)
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
2020-01-03 17:01:38 +03:00
David Taylor
45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Robin Ward
5214f82841 API endpoints should return a response, not nil 2019-12-30 10:14:29 -05:00
Arpit Jalan
49c124a12e fix the build. 2019-12-24 15:56:44 +05:30
Arpit Jalan
2c0574010a FIX: better error message when forum is in read-only mode 2019-12-24 15:49:27 +05:30
Krzysztof Kotlarek
ac626a0dc3
FIX: bug when revoking badge as title (#8616)
When user revokes badge as title, UserHistory item is created. However,
that object is not accepting revoke_reson parameter.
2019-12-24 08:03:51 +11:00
Mark VanLandingham
6ec3d42b16
FEATURE: Allow complex post params from plugin (#8598) 2019-12-20 10:37:12 -06:00
Bianca Nenciu
9fe11d0fc3 Revert "Rename 'target usernames' with 'target recipients' in Composer (#8468)"
This reverts commit ebb288dc2c.
2019-12-20 11:56:20 +02:00
Bianca Nenciu
ebb288dc2c
Rename 'target usernames' with 'target recipients' in Composer (#8468) 2019-12-20 10:28:14 +02:00
David Taylor
8106d94c05 SECURITY: Correct permission check when revoking user API keys 2019-12-17 10:56:16 +00:00
Martin Brennan
beb91e7eff
FIX: require: false for rotp gem (#8540)
The ROTP gem is only used in a very small amount of places in the app, we don't need to globally require it.

Also set the Addressable gem to not have a specific version range, as it has not been a problem yet.

Some slight refactoring of UserSecondFactor here too to use SecondFactorManager to avoid code repetition
2019-12-17 10:33:51 +10:00
Joffrey JAFFEUX
aa73df768a
DEV: improves error message when sso param is not passed (#8549)
SingleSignOnProvider is expecting a sso param later in the chain. If sso param is not found it will cause a 500 with the following exception: `NoMethodError (undefined method `unpack1' for nil:NilClass)` as `set_return_sso_url` is attempting to decode it: https://github.com/discourse/discourse/blob/master/lib/single_sign_on_provider.rb#L19
2019-12-16 12:33:24 +01:00
Régis Hanol
1309262569 UX: pluralize "likes/read this"
When expending the number of likes/reads, the text wasn't handling
proper pluralization that might be useful in locales that requires it.
2019-12-13 22:18:28 +01:00
Roman Rizzi
b6a2875749
FIX: Granting staff status should auto-approve users waiting approval (#8533)
* FIX: Granting staff status should auto-approve users waiting approval

* Update app/models/concerns/roleable.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-12-12 16:26:38 -03:00
Martin Brennan
edbc356593
FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528)
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:

URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.

I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.

Addressable is now also an explicit gem dependency.
2019-12-12 12:49:21 +10:00
David Taylor
1e59371a4f DEV: Remove unused omit_stats variable from user serializer (#8513)
* DEV: Remove unused omit_stats variable from user serializer

This was hard-coded to true in a8b5192efd, and is no longer used anywhere

* Remove attribute declarations
2019-12-12 13:27:23 +11:00
Régis Hanol
278d70f3eb FIX: Add new content type for theme/component
When uploading a theme/component, depending on the extension of the
file and the OS/Browser being used, the content type might differ.

This adds the "application/x-zip-compressed" content type that is being
sent by most Browsers on latest Windows when uploading a .zip file.
2019-12-11 19:50:23 +01:00
Dan Ungureanu
adfa793731
SECURITY: Ensure only image uploads can be inlined
This prevents malicious files (for example special crafted XMLs) to be
used in XSS attacks.
2019-12-11 17:04:49 +02:00
Martin Brennan
6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Blake Erickson
b73a133bb5 FIX: Prevent scientific notation in free space check (#8473)
It's possibly that when trying to upload a backup the free space check
will output scientific notation resulting in an incorrect "There is not
enough space on disk" error.

The free space check uses the Linux `print` command which could return a
number using scientific notation like `1.60459e+10` and when ruby
converts it to an integer it will have the value of `1` instead of
`16045879296`. Which means even though you have 16GB of free space you
could not upload a 1GB backup file.

This commit uses the `printf` command instead which allows you to
specify that you do not want scientific notation.

I'm not sure why this hasn't been an issue before, but I was
experiencing it locally in development.
2019-12-11 12:57:03 +11:00
Neil Lalonde
81a43f2c1e REFACTOR: use rest serializer for tag-info categories
But the "synonyms" can't use the TagSerializer yet. We still have some
code from the discourse-tagging plugin that uses "text" instead of
"name", "count" instead of "topic_count", etc. We should make the js
consistent with the TagSerializer and then stop using tag_counts_json.
2019-12-10 14:58:11 -05:00
Neil Lalonde
20464116ae FIX: tag input doesn't show all top 5 permitted tags 2019-12-10 10:30:01 -05:00
Joffrey JAFFEUX
47731175f4
FIX: ensures slug and id are not arrays (#8495)
If for some reason an URL was create in this format:

```
?slug[]=foo&slug[]=bar
```

This would have create an exception of this kind:

```
NoMethodError (undefined method `tr' for ["foo", "bar"]:Array
Did you mean?  try)
```
2019-12-10 09:28:51 +01:00
Sam Saffron
0c52537f10 DEV: update rubocop to version 0.77
We like to stay as close as possible to latest with rubocop cause the cops
get better.

This update required some code changes, specifically the default is to avoid
explicit returns where implicit is done

Also this renames a few rules
2019-12-10 11:48:39 +11:00
Mark VanLandingham
14cb386f1e
FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
dependabot-preview[bot]
9b30922109 Build(deps): Bump rotp from 3.3.1 to 5.1.0 (#8477)
* Build(deps): Bump rotp from 3.3.1 to 5.1.0

Bumps [rotp](https://github.com/mdp/rotp) from 3.3.1 to 5.1.0.
- [Release notes](https://github.com/mdp/rotp/releases)
- [Changelog](https://github.com/mdp/rotp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdp/rotp/compare/v3.3.1...v5.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix breaking ROTP changes
2019-12-09 14:29:48 +10:00
Vinoth Kannan
e51091f199 REFACTOR: do X-Frame-Options header removal in application controller.
Co-authored-by: Sam <sam.saffron@gmail.com>
Previous commit: f7084a4339
2019-12-06 18:25:32 +05:30
Gerhard Schlager
86186de1e3 FIX: Redirect to /login-preferences didn't work for subfolders 2019-12-05 22:34:44 +01:00
Neil Lalonde
875f0d8fd8
FEATURE: Tag synonyms
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.

Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
2019-12-04 13:33:51 -05:00
romanrizzi
d0bb6314c6 DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
romanrizzi
c86ca3609e FIX: Filter readers avatars correctly when the post is a whisper 2019-12-03 10:50:02 -03:00
Dan Ungureanu
e4f05a0d15
FIX: Call the right method 2019-12-03 14:16:06 +02:00
Joffrey JAFFEUX
0d3d2c43a0
DEV: s/\$redis/Discourse\.redis (#8431)
This commit also adds a rubocop rule to prevent global variables.
2019-12-03 10:05:53 +01:00
Roman Rizzi
9eccfb7b52 FIX: Guarantee order to correctly defer replies in review queue (#8426)
Our code used to  approve the first flagged post and ignore the rest in some specific conditions.
2019-12-03 18:39:10 +11:00
Bianca Nenciu
57f108899a
FEATURE: Make site texts controller handle pages and locales (#8408)
Some endpoints are returning i18n keys instead of translated messages
and with these changes, the site_texts endpoint can help translating
those.

Pagination part is needed for better wildcard support. For example,
looking for 'js.notifications' would set 'has_more' to true, but return
only the first 50 messages with no way of fetching the remaining.
2019-11-30 15:16:36 +02:00
Krzysztof Kotlarek
b120728999
FEATURE: Ability to add components to all themes (#8404)
* FEATURE: Ability to add components to all themes

This is the first and functional step from that topic https://dev.discourse.org/t/adding-a-theme-component-is-too-much-work/15398/16

The idea here is that when a new component is added, the user can easily assign it to all themes (parents).

To achieve that, I needed to change a site-setting component to accept `setDefaultValues` action and `setDefaultValuesLabel` translated label.
Also, I needed to add `allowAny` option to disable that for theme selector.

I also refactored backend to accept both parent and child ids with one method to avoid duplication (Renamed `add_child_theme!` to more general `add_relative_theme!`)

* FIX: Improvement after code review

* FIX: Improvement after code review2

* FIX: use mapBy and filterBy directly
2019-11-28 16:19:01 +11:00
Sam Saffron
7371b427cd DEV: correct a few Ruby 2.7 deprecations
Note:

```
def foo(bar: 1)
end

foo({bar: 2})
# raises a deprecation, instead use:

foo(**{bar: 2})
```

Additionally when matching regexes always use strings. It does not make
sense to match a non string to a regex.
2019-11-28 13:13:29 +11:00
Martin Brennan
901054fd75
FIX: Cache failed onebox URL request server-side (#8421)
We already cache failed onebox URL requests client-side, we now want to cache this on the server-side for extra protection. failed onebox previews will be cached for 1 hour, and any more requests for that URL will fail with a 404 status. Forcing a rebake via the Rebake HTML action will delete the failed URL cache (like how the oneboxer preview cache is deleted).
2019-11-28 07:48:29 +10:00
Martin Brennan
e7c7a05097
FIX: Mark secure media upload insecure automatically if used for theme component (#8413)
When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2019-11-28 07:32:17 +10:00
Sam Saffron
88ecb650a9 DEV: Implement a faster Discourse.cache
This is a bottom up rewrite of Discourse cache to support faster performance
and a limited surface area.

ActiveSupport::Cache::Store accepts many options we do not use, this partial
implementation only picks the bits out that we do use and want to support.

Additionally params are named which avoids typos such as "expires_at" vs "expires_in"

This also moves a few spots in Discourse to use Discourse.cache over setex
Performance of setex and Discourse.cache.write is similar.
2019-11-27 16:11:49 +11:00
Sam Saffron
941162e90e FIX: draft not clearing when replying to new topic
This amends our API so we provide it with the draft key when saving a post
this means post creator can clean up the draft consistently even if we are
doing fancy stuff like replying to a new topic or new pm or whatever.

There will be some followup work to clean it up so client never calls destroy
on draft during normal operation and the #create/#update endpoints takes care of it
every time
2019-11-26 18:23:20 +11:00
Krzysztof Kotlarek
6e403f20ee
FIX: Don't error when the empty current value in dif (#8406)
If current value is nil we should use `&.` combined with `dig` to protect diff from erroring

It is happening when for example theme is delete (new value is empty)
2019-11-26 09:17:14 +11:00
Dan Ungureanu
a992caf741
DEV: Replace magic values (#8398)
Follow-up to 35942f7c7c.
2019-11-25 14:32:19 +02:00
Martin Brennan
afb5533581
FEATURE: Add timezone to core user_options (#8380)
* Add timezone to user_options table

* Also migrate existing timezone values from UserCustomField,
  which is where the discourse-calendar plugin is storing them

* Allow user to change their core timezone from Profile

* Auto guess & set timezone on login & invite accept & signup

* Serialize user_options.timezone for group members. this is so discourse-group-timezones can access the core user timezone, as it is being removed in discourse-calendar.

* Annotate user_option with timezone

* Validate timezone values
2019-11-25 10:49:27 +10:00
Krzysztof Kotlarek
43ddf60cdf
FIX: When dismissing category inform via MessageBus (#8371)
When category is dismissed, `dismiss_new` message is sent to fronted to clean state.

In addition, I noticed that when old dismiss new button is clicked, no message is sent so I decided to kill two birds with one stone.
2019-11-25 06:17:31 +11:00
Roman Rizzi
c92f0b8775
FEATURE: New API to apply custom filters to the review queue (#8392) 2019-11-22 16:33:10 -03:00
Sam Saffron
b57e108e84 FEATURE: improve email change workflow
- Show old and new email address during the process
- Ensure correct user is logged on when attempting to make email changes
- Support reloading a page during the email reset process without resubmit
of form
- Improve tests
- Fixed issue where redirect back to site was not linking correctly in
subfolder setups

Internal refactor of single action into 4 distinct actions that are simpler
to reason about.

This also removes the step that logs on an account after you confirm an
email change, since it is no longer needed which leaves us with safer
internals.

This left me no choice but to amend translations cause the old route was
removed.
2019-11-21 16:28:35 +11:00
Dan Ungureanu
555711ccb5
FIX: Use correct MIME type for theme exports (#8379) 2019-11-20 17:19:16 +02:00
David Taylor
46841888b7 FIX: For a single authenticator, do not interrupt registration flow
Followup to 0a14b9b42a
2019-11-19 19:15:11 +00:00
Neil Lalonde
a4dbec5bf9 FIX: unable to remove required tag group from a category 2019-11-18 15:54:00 -05:00
Neil Lalonde
228c4814be FIX: errors when using tags with colons in their name 2019-11-18 13:20:37 -05:00
Dan Ungureanu
352d43b101
FIX: Better handling of Group model state (#8356)
The group card and group members page were affecting each other and were
leaking members list and the query parameters which led to bad UX
experience and sub-optimal performance (client made more queries because
it was loading fewer members).

This commit refactors the group model to make it more consistent, remove
dead code, move error handling outside of model.
2019-11-18 14:59:28 +02:00
Vinoth Kannan
3bb7ad4be1
FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
Vinoth Kannan
4e4844f4db REFACTOR: reduce the number of db queries. 2019-11-18 12:06:13 +05:30
Martin Brennan
af0cc89b11 Mark upload show paths as is_asset_path (#8365)
* this is to avoid excessive rate limiting, especially
  for secure media on media-heavy topics
2019-11-18 16:56:20 +11:00
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Vinoth Kannan
56b19ba740 UX: instead of total user count display only the count of users going to be affected.
edec922803
2019-11-18 00:09:38 +05:30
Roman Rizzi
4cf3c9cccb
FEATURE: Filter reviewables by date range (#8354) 2019-11-15 15:29:59 -03:00
romanrizzi
ff355ad204 FIX: Don't show bots as post readers 2019-11-14 17:53:52 -03:00
Penar Musaraj
067696df8f DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
Martin Brennan
e7226a8c84
FEATURE: Allow scoping search to tag (#8345)
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
2019-11-14 10:40:26 +10:00
Krzysztof Kotlarek
6e1fe22a9d
FEATURE: Dismiss new per category (#8330)
Ability to dismiss new topics per category.
2019-11-14 11:16:13 +11:00
David Taylor
0a14b9b42a FEATURE: Automatically redirect to authenticator when there is only one
This brings the behavior in line with native Discourse SSO. If login is required, and a user tries to visit the forum, they will be directed straight to the external login page without requiring any clicks.
2019-11-13 17:28:12 +00:00
Neil Lalonde
7711df40e6
REFACTOR: redo DiscourseTagging.filter_allowed_tags (#8328)
This method had grown into a monster. Its query had bugs
that I couldn't fix, and new features would be hard to add.
Also I don't understand how it all works anymore...
Replace it with common table expressions that can be queried
to generate the results we need, instead of subtracting
results using lots of "NOT IN" clauses.

Fixed are bugs with tag schemas that use combinations of
tag groups, parent tags, and one-tag-per-topic restrictions.
For example: https://meta.discourse.org/t/130991/6
2019-11-12 14:28:44 -05:00
Gerhard Schlager
6ebffaaf6e FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
Martin Brennan
56d3e29a69
FIX: Badge and user title interaction fixes (#8282)
* Fix user title logic when badge name customized
* Fix an issue where a user's title was not considered a badge granted title when the user used a badge for their title and the badge name was customized. this affected the effectiveness of revoke_ungranted_titles! which only operates on badge_granted_titles.
* When a user's title is set now it is considered a badge_granted_title if the badge name OR the badge custom name from TranslationOverride is the same as the title
* When a user's badge is revoked we now also revoke their title if the user's title matches the badge name OR the badge custom name from TranslationOverride
* Add a user history log when the title is revoked to remove confusion about why titles are revoked
* Add granted_title_badge_id to user_profile, now when we set badge_granted_title on a user profile when updating a user's title based on a badge, we also remember which badge matched the title
* When badge name (or custom text) changes update titles of users in a background job
* When the name of a badge changes, or in the case of system badges when their custom translation text changes, then we need to update the title of all corresponding users who have a badge_granted_title and matching granted_title_badge_id. In the case of system badges we need to first get the proper badge ID based on the translation key e.g. badges.regular.name
* Add migration to backfill all granted_title_badge_ids for both normal badge name titles and titles using custom badge text.
2019-11-08 15:34:24 +10:00
Mark VanLandingham
bf778d66b5
FIX: unicode group names encoded for url (#8302) 2019-11-06 14:25:45 -06:00
Gerhard Schlager
61b1f9c36b FEATURE: Load translation overrides without JS eval 2019-11-05 19:16:38 +01:00
David Taylor
52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Daniel Waterworth
fa2c06da93 DEV: Change tag routing for categories on the server-side
These are the changes to tags routing that correspond to the category
routing changes of d84c34ad. The new scheme is:

/tags/c/*slug_path/:id/none/:tag_id/ENDPOINT
/tags/c/*slug_path/:id/none/:tag_id
/tags/c/*slug_path/:id/:tag_id/ENDPOINT
/tags/c/*slug_path/:id/:tag_id
2019-11-05 13:24:36 +00:00
Vinoth Kannan
671f303b53
FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
Daniel Waterworth
f3f04f1643 REFACTOR: Handle no_subcategories option during routing 2019-11-04 10:58:06 +00:00
Mark VanLandingham
66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Vinoth Kannan
72aa26c8c5
FEATURE: New site settings for default tags in user preferences. (#8283) 2019-11-01 12:40:13 +05:30
Neil Lalonde
d777844ed6 FEATURE: categories can require topics have a tag from a tag group
In a category's settings, the Tags tab has two new fields to
specify the number of tags that must be added to a topic
from a tag group. When creating a new topic, an error will be
shown to the user if the requirement isn't met.
2019-10-31 16:10:19 -04:00
Daniel Waterworth
d84c34ad75 DEV: Server-side category routing changes
The routes for categories are changing. The scheme that I intend to move
us to is:

/c/*slug_path/(:id)/ENDPOINT
/c/*slug_path/(:id)

This commit adds support for the new scheme to the server side without
dropping support for existing URLs. It is necessary to support existing
URLs for two reasons:

 * This commit does not change any client side routing code,
 * Posts that contain category hashtags that refer to a root category
   are baked into URLs that do not fit this new scheme, (/c/[id]-[slug])
2019-10-31 18:06:22 +00:00
Sam Saffron
c5e67726fd FIX: under some conditions draft would say it was saving when not
This is a major change to draft internals. Previously there were quite a
few cases where the draft system would say "draft saved", when in fact
we just skipped saving.

This commit ensures the draft system deals with draft ownership handover in
a predictable way.

For example:

- Window 1 editing draft
- Window 2 editing same draft at the same time

Previously we would allow window 1 and 2 to just fight on the same draft
each window overwriting the same draft over an over.

This commit introduces an ownership concept where either window 1 or 2 win
and user is prompted on the loser window to reload screen to correct the issue

This also corrects edge cases where a user could have multiple browser windows
open and posts in 1 window, later to post in the second window. Previously
drafts would break in the second window, this corrects it.
2019-10-31 17:15:58 +11:00
Vinoth Kannan
d355506123 FEATURE: Option to update user preferences of all users when default site setting changed. 2019-10-31 06:48:03 +05:30
Joffrey JAFFEUX
0ba28e344b FIX: tags can be filtered on categoryId without a q param (#8264) 2019-10-31 10:16:23 +10:00
Jarek Radosz
080e899b8c
DEV: Tag group improvements (#8252)
* DEV: Add the actual "tag_groups/new" route

Allows refreshing the "new" page without an error.

* DEV: Prevent attempts to create group tags if tagging is disabled

* DEV: Refactor the tag-groups controller

Gets rid of `selectedItem`, `selected`, and `selectTagGroup` action.

* DEV: Rename tag-groups-show to tag-groups-edit

* DEV: Refactor tag-groups form

* Extracted the tag-groups-form that's used by tag-groups-new and tag-groups-edit
* The model is now a buffered property
* Serialization relies more heavily on RestAdapter now
* Data is sent as JSON
* Payload is now namespaced ("tag_group")

* Update app/assets/javascripts/discourse/controllers/tag-groups-new.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Update app/assets/javascripts/discourse/components/tag-groups-form.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Update app/assets/javascripts/discourse/controllers/tag-groups-edit.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-10-30 16:57:13 +01:00
Régis Hanol
92213813d4 Revert "FIX: Require q param in /tags/filter/search route (#8263)"
This reverts commit 968a1419df.
2019-10-30 10:37:18 +01:00
Martin Brennan
968a1419df
FIX: Require q param in /tags/filter/search route (#8263)
* Require q param in /tags/filter/search route.
* If not provided this route was causing a 500 error when
  DiscourseTagging.clean_tag was called, because .downcase
  was being called on the param (which was nil).
* Now return a 400 error instead.
2019-10-30 16:32:48 +10:00
Daniel Waterworth
2e979a4681 DEV: Passing the list options to page_params is unnecessary
They are always merged with the result before being used.
2019-10-29 12:03:24 +00:00
Bianca Nenciu
ff9345fbb0
DEV: simplify logic (#8249)
Anonymous users are only possible if allow_anonymous_posting is true,
which means that 'user.is_anonymous' check implies that
allow_anonymous_posting is true.
2019-10-29 12:10:27 +02:00
Daniel Waterworth
2989276c06 DEV: url_for on a String returns the string unchanged
...which makes it quite unnecessary.
2019-10-29 08:56:46 +00:00
Daniel Waterworth
918bb76f76 DEV: No need to look up a category repeatedly by its slug 2019-10-28 18:30:40 +00:00
Mark VanLandingham
4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Daniel Waterworth
0e1c5c6bba FIX: Prefer Category.find_by_slug over Category.find_by(slug: ...)
It handles encoded slugs properly and ignores subcategories.
2019-10-28 17:05:21 +00:00
David Taylor
6de49b88df FIX: Respond to user search correctly when category_id is blank
Previously it would search for category_id=0, which does not exist. With the new permission checks, this returns a 404
2019-10-28 13:18:47 +00:00
Vinoth Kannan
31577b2131 FEATURE: wiki editors are allowed edit tags for wiki topics.
If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 23:35:38 +05:30
romanrizzi
a411806551 FIX: Return blank avatar when downloading an avatar is not possible due to file size 2019-10-22 12:05:36 -03:00
Blake Erickson
7d09af7eda
FIX: Prevent null-byte searches causing 500 error (#8226)
This fix ensures that searches that contain a null byte return a 400
error instead of causing a 500 error.

For some reason from rspec we will reach the raise statement inside
of the `rescue_from ArgumentError` block, but outside of rspec it will
not execute the raise statement and so a 500 is thrown instead of
reaching the `rescue_from Discourse::InvalidParameters` block inside of
the application controller.

This fix raises Discourse::InvalidParameters directly from the search
controller instead of relying on `PG::Connection.escape_string` to
raise the `ArgumentError`.
2019-10-22 08:44:52 -06:00
Daniel Waterworth
594925b896 FIX: id is always true since it's been to_i'd
Let's only look up the category if the id has been provided
2019-10-21 13:21:12 +01:00
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Jarek Radosz
f6ea986aec
DEV: Remove suspend from Admin::UsersController responses (#8206)
`suspend` isn't a User attribute, but was being assigned to the frontend User model as if it was. The model has a computed property that depends on `suspended_till`, so instead of overriding this property, it's better to return relevant attributes.

Fixes a computed-property.override deprecation (https://emberjs.com/deprecations/v3.x#toc_computed-property-override)
2019-10-18 01:49:26 +02:00
Mark VanLandingham
bd969332e0 FIX: Display site text overrides for non '_MF' keys (#8189)
FIX: Transform pluralized keys to `.other`, to check valid interpolation
2019-10-17 18:34:07 +02:00
Rafael dos Santos Silva
6e9c8fe854
FIX: More encoded slug fixes (#8191)
* FIX: Do not encode the URL twice

Now that we encode slugs in the server we don't need this anymore.

Reverts fe5na33

* FIX: More places do deal with encoded slugs

* the param is a string now, not a hash

* FIX: Handle the nil slug on /categories

* DEV: Add seeded? method to identity default categories

* DEV: Use SiteSetting to keep track of seeded categories
2019-10-16 17:08:43 -03:00
Sam Saffron
d5d8db7fa8 FEATURE: improve honeypot and challenge logic
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.

This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.

We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations

Client has been made aware of these changes.

Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293

This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
2019-10-16 16:53:44 +11:00
Daniel Waterworth
5f5b232cde FIX: Category.find_by_slug
find_by_slug should ensure that the parent actually exists when its
looking for a parent.
2019-10-15 16:44:24 +01:00
Vinoth Kannan
b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Arpit Jalan
815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Krzysztof Kotlarek
99086edf85
FIX: Allow themes to upload and serve js files (#8188)
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 15:40:33 +11:00
Rafael dos Santos Silva
76ab0350f1
FIX: Properly encoded slugs when configured to (#8158)
When an admin changes the site setting slug_generation_method to
encoded, we weren't really encoding the slug, but just allowing non-ascii
characters in the slug (unicode).

That brings problems when a user posts a link to topic without the slug, as
our topic controller tries to redirect the user to the correct URL that contains
the slug with unicode characters. Having unicode in the Location header in a
response is a RFC violation and some browsers end up in a redirection loop.

Bug report: https://meta.discourse.org/t/-/125371?u=falco

This commit also checks if a site uses encoded slugs and clear all saved slugs
in the db so they can be regenerated using an onceoff job.
2019-10-11 12:38:16 -03:00
David Taylor
67787799bb DEV: Allow plugins to mark user custom fields as editable only by staff
This adds a staff_only parameter to the register_editable_user_custom_field API. The default is false, to maintain backwards compatibility.
2019-10-11 09:57:55 +01:00
Sam Saffron
3d5f71dac7 DEV: stop mixing in application helper where not needed
We were mixing in 20 or so methods into a controller just to use a single
one.

The helper itself is not the actual implementation anyway... MobileDetection
is responsible here.
2019-10-09 13:06:18 +11:00
Dan Ungureanu
fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor
d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Roman Rizzi
10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Sam Saffron
34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Sam Saffron
3f6af54fe1 DEV: minor fixes related to zeitwerk
A couple of specs stopped working post zeitwerk. Adding missing require
corrected inheritance to avoid a circular ref.
2019-10-02 14:28:18 +10:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Rafael dos Santos Silva
7543695744 FIX: PWA install was broken due to missing basic logo
The current manifest validation in Chrome requires at least one
non-maskable icon to make it installable.

This commit adds the maskable entry as another entry, following up
on changes added in 3e590b8
2019-09-22 00:20:25 -04:00
Rafael dos Santos Silva
3e590b87cf FEATURE: Add support for maskable icons in the PWA manifest
Because:

- Chrome 78 and Firefox Fenix have support for it
- The icons will look better by using all the availiable space
- Admins can control the icon and add appropriate padding since we have a
dedicated asset for the manifest logo. Read more about it on
https://css-tricks.com/maskable-icons-android-adaptive-icons-for-your-pwa/

This commit:

- Adds a new key under the icons array in the webmanifest, named purpose
with maskable value.
2019-09-21 11:50:00 -04:00
David Taylor
7c494cc631 DEV: Live-reloading of core/plugin CSS alongside preview_theme_id
In development, we track the last requested theme id, and use that to refresh the correct stylesheet targets. The after_action hook runs on every request, but the preview_theme_id parameter is only sent on the initial HTML request. This commit ensures we only fetch the development theme_id on HTML requests
2019-09-16 17:27:19 +01:00
romanrizzi
08b7a3fdfe Fix: Don't show non-members as readers when the post is a whisper 2019-09-13 17:14:31 -03:00
Roman Rizzi
1576b07a10
FIX: Improve protection against problematic usernames (#8097) 2019-09-13 15:11:27 -03:00
romanrizzi
bd930a9c77 FIX: Do not show staged users avatars when expanding the read count indicator 2019-09-10 14:21:34 -03:00
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Kyle Zhao
9b10a78d82 FEATURE: Quick access panels in user menu (#8073)
* Extract QuickAccessPanel from UserNotifications.

* FEATURE: Quick access panels in user menu.

This feature adds quick access panels for bookmarks and personal
messages. It allows uses to browse recent items directly in the user
menu, without being redirected to the full pages.

* REFACTOR: Use QuickAccessItem for messages.

Reusing `DefaultNotificationItem` feels nice but it actually requires a
lot of extra work that is not needed for a quick access item.

Also, `DefaultNotificationItem` shows an incorrect tooptip ("unread
private message"), and it is not trivial to remove / override that.

* Use a plain JS object instead.

An Ember object was required when `DefaultNotificationItem` was used.

* Prefix instead suffix `_` for private helpers.

* Set to null instead of deleting object keys.

JavaScript engines can optimize object property access based on the
object’s shape. https://mathiasbynens.be/notes/shapes-ics

* Change trivial try/catch to one-liners.

* Return the promise in case needs to be waited on.

* Refactor showAll to a link with href

* Store `emptyStatePlaceholderItemText` in state.

* Store items in Session singleton instead.

We can drop `staleItems` (and `findStaleItems`) altogether. Because
`(old) items === staleItems` when switching back to a quick access
panel.

* Add `limit` parameter to the `user_actions` API.

* Explicitly import Session instead.
2019-09-09 11:03:57 -04:00
Roman Rizzi
7d5f3c1338 UX/PERF: Update readers count when a post from another user is read. Don't fetch the post data again just to update the count. (#8078) 2019-09-09 11:29:15 +10:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Robin Ward
bde0ef865f
FEATURE: Adds a pop up that shows a more detailed score for reviewables (#8035)
If you click a (?) icon beside the reviewable status a pop up will
appear with expanded informatio that explains how the reviewable got its
score, and how it compares to system thresholds.
2019-09-04 09:56:25 -06:00
Sam Saffron
213117b84c PERF: use CDN url for proxy of favicon
This avoids hitting S3 direct which is usually not desirable.
2019-09-04 18:21:07 +10:00
Arpit Jalan
3e37801d05 DEV: validate param value on /embed/topics 2019-09-04 13:31:46 +05:30
Arpit Jalan
111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Régis Hanol
75eebc904e FEATURE: new 'Discourse-Render' HTTP header 2019-08-30 20:45:18 +02:00
Osama Sayegh
ff8cc244d8
FIX: remote theme record not saved when checking for updates (#8054) 2019-08-30 00:32:54 +03:00
Gerhard Schlager
d516e492a4 FIX: An overridden text of a non-existent plural key resulted in error
When there is an overridden text in the database that belongs to
a pluralized key which doesn't exist in English anymore, the
Customize Texts admin page was unusable. This stops those keys from
ever being returned by a search.
2019-08-29 17:41:19 +02:00
Sam Saffron
0bf3316aec FIX: race condition during deploys creating stylesheets
In some cases stylesheet cache path may be missing, ensure it exists
prior to writing stylesheet
2019-08-29 17:27:07 +10:00
David Taylor
de4bf6ee9f FIX: When activating via omniauth, create tokens after password reset
Resetting a password invalidates all email tokens, so we need to create the tokens after the password reset.
2019-08-28 14:43:25 +01:00
David Taylor
a5e198fa30 SECURITY: Reset password when activating an account via auth provider
Followup to d693b4e35fe0e58c5578eae4a56c06dff4756ba2
2019-08-28 14:07:07 +01:00
David Taylor
9878bc62b3 Revert "Merge pull request from GHSA-7cmh-wm9h-j63f"
This reverts commit 8e5a8d1d54. The change will be re-applied with improvements.
2019-08-28 14:07:03 +01:00
Osama Sayegh
68f87dffa5
DEV: include TopicQueryParams in TagsController (#8045)
* DEV: include TopicQueryParams in TagsController

* Fix rubocop
2019-08-28 11:41:50 +03:00
Penar Musaraj
5c02bfb000 FEATURE: Site settings for linking with iOS/Android native apps
- Adds support for iOS Universal Links via an `apple-app-site-association` endpoint

 Adds support for Google Digital Asset Links at the `.well-known/assetlinks.json` endpoint
2019-08-27 14:05:37 -04:00
David Taylor
8e5a8d1d54 Merge pull request from GHSA-7cmh-wm9h-j63f 2019-08-27 09:11:19 -07:00
romanrizzi
03d51d6519 FIX: Display actual readers on the first post 2019-08-27 12:13:38 -03:00
Roman Rizzi
7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
Roman Rizzi
3259ea60a6
DEV: Remove code deprecated by the new Reviewable API (#8023)
* Remove flag hooks and endpoints

* Remove #reject_bulk for users

* Remove code for quued_posts_controller
2019-08-26 10:33:26 -03:00
Régis Hanol
2ff5592941 FIX: Filter out hidden posts for wordpress 2019-08-23 11:50:03 +02:00
Penar Musaraj
14cdb01254 FIX: Allow topic edits when using a hidden tag
Previously, a regular user could not edit the title or category
of a topic if a hidden tag had already been applied.

This also stops hidden tag names from leaking in the error message.
2019-08-21 16:33:01 -04:00
romanrizzi
36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi
5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi
67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi
1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Rishabh
f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Régis Hanol
53667a01c2 FIX: ensure extra locales are only available to staff 2019-08-20 12:38:46 +02:00
Régis Hanol
d18c9b2d4d FIX: ensure offset is always positive 2019-08-20 12:03:16 +02:00
Arpit Jalan
24f94c40a6 SECURITY: don't reveal category details to users that do not have access 2019-08-19 12:38:28 +05:30
Blake Erickson
893d30fb92 REVERT: External auth when redeeming invites
Reverting this commit:

87a0a6664e

because I'm extracting all of this logic into a plugin instead.
2019-08-16 12:44:14 -06:00
Robin Ward
b8f21ea962 FIX: Explicitly require topic_query_params 2019-08-15 13:54:52 -04:00
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Bianca Nenciu
ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
David Taylor
750802bf56
UX: Improve error handling for common OmniAuth exceptions (#7991)
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 10:55:02 +01:00
Blake Erickson
87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
David Taylor
6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
Bianca Nenciu
37e7998a82
FEATURE: Send notification when member was accepted to group. (#7614) 2019-08-06 13:29:46 +03:00
Bianca Nenciu
b60b2a342f
FIX: Show membership requests link just for group owners. (#7543) 2019-08-06 13:28:22 +03:00
Sam Saffron
f780920759 FEATURE: mention in secure category to prioritize groups
This feature allows @ mentions to prioritize showing members of a group who
have explicit permission to a category.

This makes it far easier to @ mention group member when composing topics in
categories where only the group has access.

For example:

If Sam, Jane an Joan have access to bugs category.

Then `@` will auto complete to (jane,joan,sam) ordered on last seen at

This feature works on new topics and existing topics. There is an explicit
exclusion of trust level 0,1,2 groups cause they get too big.
2019-08-06 17:57:56 +10:00
Arpit Jalan
1481ea640c FIX: better error message on username update from Admin user page. 2019-08-01 10:23:42 +05:30
Osama Sayegh
13e74151a9
FEATURE: list category moderators on the about page (#7916)
https://meta.discourse.org/t/category-group-review-moderation/116478?u=osama
2019-07-31 16:46:58 +03:00
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Osama Sayegh
525920a979
FIX: Better error when SSO fails due to blank secret (#7946)
* FIX: Better error when SSO fails due to blank secret

* Update spec/requests/session_controller_spec.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-26 17:37:23 +03:00
Osama Sayegh
997add3af9
DEV: Add extension point to allow modifying SSO URL (#7937)
This allows plugins to, for example, add extra query params to the SSO URL when discourse redirects to to the SSO website.
2019-07-25 00:18:27 +03:00
David Taylor
0a6cae654b SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 10:28:15 +01:00
Osama Sayegh
8b5f44a9a7
FIX: apply defaults constraints to routes format (take 2) (#7920)
Reapplies 7d01c5de1a
2019-07-23 20:17:44 +03:00
Saurabh Patel
9e0a3b8229 bug: keep query params present in auth_redirect (#7923)
https://meta.discourse.org/t/user-api-keys-payload-and-existing-query-string-leads-to-a-double-question-mark/123617
2019-07-23 12:16:03 -04:00
Joffrey JAFFEUX
e117b10ea8
FIX: improves tags checking when updating category of topic (#7921)
- will ensure this tag is not restricted to another category, and not only ensure this category can use it
- will clean tags param, in case client is sending an empty array, eg: [""], this could be solved client-side, but we ensure it won't happen ever this way
2019-07-23 17:06:25 +02:00
Osama Sayegh
f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Gerhard Schlager
651a5b6e40 SECURITY: Validate backup chunk identifier 2019-07-22 08:43:16 +02:00
Robin Ward
8dd3cbfcb9
FEATURE: Allow choice of category when making a PM public (#7907)
* FEATURE: Allow choice of category when making a PM public

Previously it would default to uncategorized, which was not ideal on
some forums. This gives the staff member more choice about what they'd
like to do.

* Make the optional category more explicit

* Joffrey's feedback
2019-07-19 11:52:50 -04:00
Arpit Jalan
1f1b3e99d1 UX: update invite 'not found' message 2019-07-19 16:39:44 +05:30
Arpit Jalan
2f6ce29736 FIX: do not request refresh on 'log out all' request 2019-07-19 16:24:58 +05:30
Roman Rizzi
f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Michael Brown
e8ee392186 Revert "FIX: apply defaults constraints to routes format (#7890)"
This reverts commit 7d01c5de1a.

Trivial get on / was failing with a 404 with this change.
2019-07-15 17:31:24 -04:00
Osama Sayegh
7d01c5de1a
FIX: apply defaults constraints to routes format (#7890)
This fixes the problem where if a route ends with a dynamic segment and the segment contains a period e.g. `my.name`, `name` is interpreted as the format. This applies a default format constraints `/(json|html)/` on all routes. If you'd like a route to have a different format constraints, you can do something like this:

```ruby
get "your-route" => "your_controlller#method", constraints: { format: /(rss|xml)/ }

#or
get "your-route" => "your_controlller#method", constraints: { format: :xml }
```
2019-07-15 21:55:11 +03:00
Osama Sayegh
6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Guo Xiang Tan
a4234e9be0 DEV: Minor tweaks to Admin::WatchedWordsController. 2019-07-15 10:22:46 +08:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Dan Ungureanu
9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Arpit Jalan
2cd4e95d82 FIX: show category name in title for crawler view
Show category name in title for crawler view despite presence of `short_site_description`.

Bug reported here: https://meta.discourse.org/t/short-site-description-break-category-title-for-crawler-or-its-the-expected-behavior/122109/
2019-07-08 11:42:39 +05:30
Penar Musaraj
03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
David Taylor
2063d20e9a Revert "DEV: Let OmniAuth strategies return auth result. (#7833)"
This reverts commit dc5eb76551.

It is better to keep any custom redirect logic within omniauth, without relying on the app
2019-07-04 10:06:18 +01:00
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
Arpit Jalan
1708be4f27
FEATURE: support query params when redirecting to internal link on login (#7829) 2019-07-04 11:11:43 +05:30
David Taylor
0f813fc7c7 DEV: Remove reference to non-existent letter_proxy route
This was introduced in f04471e422, but never actually used
2019-07-03 23:48:32 +01:00
Osama Sayegh
3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Osama Sayegh
f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Sam Saffron
4dcc5f16f1 FEATURE: when under extreme load disable search
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
2019-07-02 11:22:01 +10:00
Dan Ungureanu
dc5eb76551 DEV: Let OmniAuth strategies return auth result. (#7833) 2019-07-01 13:13:11 -03:00
Ralph Rooding
4ba35472e6 Don't check for second factor when switching to anonymous account (#7803) 2019-06-27 15:01:26 -07:00
Gerhard Schlager
fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR
follow-up to 13f38055
2019-06-27 11:15:35 +02:00
Sam Saffron
5bc5c02af6 FIX: mark topics in sub categories as unread when dismissing parent
Previously we would only dismiss the parent category and leave the
child categories unread
2019-06-27 13:26:48 +10:00
Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Gerhard Schlager
13f38055ac SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:34:15 +02:00
David Taylor
afb5ec811d FIX: Don't use DistributedCache to store redis readonly state
This can cause unbound CPU usage in some cases, and excessive logging in other cases. This commit moves redis readonly information into the local process, but maintains the DistributedCache for postgres readonly state.
2019-06-25 11:20:34 +08:00
Dan Ungureanu
ee8669d778
FIX: Ensure :after_auth event is triggered. (#7791) 2019-06-21 21:57:49 +03:00
Penar Musaraj
e51de4cc25
FEATURE: Add endpoint to individually update a theme setting (#7789)
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
2019-06-21 13:49:14 -04:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Arpit Jalan
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Arpit Jalan
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
Dan Ungureanu
a046f6ced5 FEATURE: Trigger Discourse events from authenticators. (#7724) 2019-06-11 11:28:42 +10:00
Gerhard Schlager
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
Sam Saffron
cbd4d06da0 PERF: only check for totp record on current user at when needed
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Saurabh Patel
b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Roman Rizzi
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Robin Ward
d902c4eb9f FEATURE: Can sort reviewable queue
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00
Joffrey JAFFEUX
ce79a71c5d
typo s/faivcon/favicon (#7697) 2019-06-05 09:46:07 +02:00
Sam Saffron
b9df7a2257 FIX: if favicon is missing due to bad url we would return a 500 on favicons
This ensures that the error logging does not corrupt the cache
2019-06-05 16:43:40 +10:00
Arpit Jalan
e7fe7010b8
FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
Régis Hanol
33bc8c276d FIX: default top timeframe was overriding best_periods_for 2019-06-04 10:57:50 +02:00
Régis Hanol
d7ff640778 fix the build 2019-06-03 20:42:46 +02:00
Maja Komel
42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
Sam Saffron
e302c0af8b DEV: by default disable anon impersonation in dev environments
The impersonate any user by anonymous feature in dev should require a
deliberate opt-in. This way developers are better aware of the security
implications of this development only feature.
2019-06-03 10:02:27 +10:00
Robin Ward
2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
romanrizzi
e7ee556e87 Support multi-group user search 2019-05-30 08:45:20 +08:00
Guo Xiang Tan
a3938f98f8 Revert changes to FileStore::S3Store#path_for in f0620e7118.
There are some places in the code base that assumes the method should
return nil.
2019-05-29 18:39:07 +08:00
Guo Xiang Tan
f0620e7118 FEATURE: Support [description|attachment](upload://<short-sha>) in MD take 2.
Previous attempt was missing `post_uploads` records.
2019-05-29 09:26:32 +08:00
Penar Musaraj
7c9fb95c15 Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603)"
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
2019-05-28 16:37:01 -04:00
Guo Xiang Tan
b1d3c678ca FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603) 2019-05-28 11:18:21 -04:00
Bianca Nenciu
07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
Sam Saffron
7429700389 FIX: ensure we can download maxmind without redis or db config
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
2019-05-28 10:28:57 +10:00
Robin Ward
d26c4509ea FIX: Adding a user to a group twice under concurrency
This prevents an error from being raised / logged.
2019-05-27 15:42:40 -04:00