Commit Graph

12415 Commits

Author SHA1 Message Date
Martin Brennan
b8a5f95eb6
FIX: Handle multiple In-Reply-To Message-ID in group inbox (#29912)
This fix handles the case where an In-Reply-To mail header
can contain multiple Message-IDs. We use this header to
try look up an EmailLog record to find the post to reply
to in the group email inbox flow.

Since the case where multiple In-Reply-To Message-IDs is
rare (we've only seen a couple of instances of this causing
errors in the wild), we are just going to use the first one
in the array.

Also, Discourse does not support replying to multiple posts
at once, so it doesn't really make sense to use multiple
In-Reply-To Message-IDs anyway.
2024-11-26 11:12:40 +10:00
Jan Cernik
a964e62cd8
FIX: Discourse Connect fixes for full page login (#29915) 2024-11-25 18:06:14 -03:00
Penar Musaraj
e6fdfcdcd2
DEV: Remove experimental_topics_filter setting (#29902) 2024-11-25 10:49:40 -05:00
David Taylor
bfe0eccdd9
FIX: Extension-less secure uploads (#29914)
Previously, the secure-upload redirection logic would fail for extension-less files. This commit updates it to work, and adds a spec for the behavior.

Extension-less file uploads are not allowed by default, so this is a very niche situation.
2024-11-25 12:18:21 +00:00
Selase Krakani
a20b7fa83f
DEV: Gracefully handle regex_replace max column length violations (#29787)
* DEV: Gracefully handle `regex_replace` violations of column length constraints

This is a follow-up to the `remap` [refactor](9b0cfa99c5).
Similar to `remap`, the entire `regex_replace` operation fails if the new content exceeds the column’s max length.

This change introduces an optional mode, controlled by the new `skip_max_length_violations` param
to skip records eligible for `regex_replace`  where the new content violates the max column length constraint.

It also includes updates to the exception message raised when `regex_replace` fails to include more details

* DEV: Remove string escapes in heredoc text
2024-11-25 11:39:53 +00:00
Osama Sayegh
118f7869bb
FEATURE: Add bulk destroy to admin users list (#29744)
This commit introduces a new feature that allows staff to bulk select and delete users directly from the users list at `/admin/users/list`. The main use-case for this feature is make deleting spammers easier when a site is under a large spam attack.

Internal topic: t/140321.
2024-11-25 11:13:35 +03:00
Osama Sayegh
eaa3f813c1
FIX: Don't secure the about banner image (#29889)
Uploads that are linked to site settings shouldn't be flagged as secure in login-required sites that enable secure uploads. However, in order for site setting uploads to not be marked secured, the frontend uploader has to include 2 params in the upload request: `for_site_setting: true` and `type: "site_setting"`.

Since these 2 params are semantically identical, we want the `type: "site_setting"` param alone to make the upload correctly treated as a site setting upload. To achieve that, we need to include the `site_setting` type in the public types list because the `for_site_setting` param has the same effect — it marks the upload as a public type.

b138eaf9e5/lib/upload_security.rb (L128-L131)
2024-11-25 11:12:00 +03:00
Ted Johansson
fd39753e58
DEV: Ignore normalize_emails when using SSO (#29890)
We recently tried to default the normalize_emails site setting to true to avoid spam. What this does is it considers e-mails the same regardless of plus addressing, e.g. bob+1@mail.com == bob+2@mail.com. This caused some problems for SSO users.

This PR makes it so that DiscourseConnect never normalizes e-mails.
2024-11-25 11:55:27 +08:00
Ted Johansson
88af23e1ca
DEV: Modernize admin user fields (#29843)
This PR modernizes the user fields area of the admin UI. It is largely based on the work on the emoji section.
2024-11-25 11:54:43 +08:00
Mark VanLandingham
d880db3b7b
DEV: Apply modifier for topic_view link_counts (#29883) 2024-11-22 14:49:39 -06:00
Juan David Martínez Cubillos
08440b0035
DEV: Add tl3_custom_promotions plugin modifier to tl3_promotions.rb (#29834)
* DEV: Add tl3_custom_promotions plugin modifier to tl3_promotions.rb

* added tests

* added tests for demotions

* changed argument order in test
2024-11-22 15:28:43 -05:00
Gerhard Schlager
0295b4165c
FIX: Permalink.create didn't work as expected anymore (#29895)
This moves the logic of setting the correct permalink values back into the controller. And it replaces the validation with a simpler one, that always works, even when the model is loaded from the DB.

Follow-up to #29634 which broke import scripts and lots of documentation on Meta.
2024-11-22 21:11:26 +01:00
Akshay Birajdar
b138eaf9e5
FEATURE: Add Bulk actions to /filter page (#29420)
- Add bulk actions component on /filter page for both desktop & mobile view.
- Add system specs to assert bulk actions to be available on /filter page.
2024-11-22 11:51:06 +11:00
Bianca Nenciu
250a145361
DEV: Fix undefined variable (#29876)
Follow up to commit 429cf656e7.
2024-11-21 20:23:20 +02:00
Gabriel Grubba
db15e11cb9
FEATURE: Add modifier to delete after merge (#29872)
while it is ok to have the check for if the person can delete a topic, for this feature some times you might want some more flexibility.

Instead of relying on patching this class and method, it would be better to have a modifier that can be decide if the topic should be deleted after the merge.
2024-11-21 11:12:06 -03:00
Bianca Nenciu
429cf656e7
FIX: Use FinalDestination::HTTP to push notifications (#29858)
Sometimes `Jobs::PushNotification` gets stuck, probably because of the
network call. This commit replaces `Excon` with `FinalDestination::HTTP`
which is safer.
2024-11-21 14:11:51 +11:00
Blake Erickson
acc87202b9
DEV: Fix flaky test with bulk select closing topics (#29871)
This commit is going to try using the `have_read_post` page object from
`topic_view` instead of the page object for `topic` because it's
implementation has a longer wait time as it uses the ENV variable for
wait time: `Capybara.default_max_wait_time * 2`.

If this works out we should probably remove the duplicated
`have_read_post` page object so that we have a single implementation.
2024-11-20 16:34:44 -07:00
Alan Guo Xiang Tan
6e1aeb1f50
DEV: Fix constant redefinition warnings when running specs (#29837)
Don't load rake files over and over again when running specs.
2024-11-20 15:17:36 +11:00
Kris
acc7caa816
A11Y: make the uppy image uploader keyboard navigable (#29807) 2024-11-19 15:38:13 -05:00
Angus McLeod
ec7de0fd68
Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
Bianca Nenciu
4f11d16deb
DEV: Remove migrate_column_to_bigint spec helper (#29805)
This spec helper was introduced as a temporary solution to the problem
of mismatched types between primary key and foreign key columns. All
plugins have been migrated and the only remaining use of this helper is
in core Discourse.
2024-11-19 21:22:02 +02:00
Loïc Guitaut
719457e430 DEV: Add a try step to services
This patch adds a new step to services named `try`.

It’s useful to rescue exceptions that some steps could raise. That way,
if an exception is caught, the service will stop its execution and can
be inspected like with any other steps.

Just wrap the steps that can raise with a `try` block:
```ruby
try do
  step :step_that_can_raise
  step :another_step_that_can_raise
end
```
By default, `try` will catch any exception inheriting from
`StandardError`, but we can specify what exceptions to catch:
```ruby
try(ArgumentError, RuntimeError) do
  step :will_raise
end
```

An outcome matcher has been added: `on_exceptions`. By default it will
be executed for any exception caught by the `try` step.
Here also, we can specify what exceptions to catch:
```ruby
on_exceptions(ArgumentError, RuntimeError) do |exception|
  …
end
```

Finally, an RSpec matcher has been added:
```ruby
  it { is_expected.to fail_with_exception }
  # or
  it { is_expected.to fail_with_exception(ArgumentError) }
```
2024-11-19 12:01:07 +01:00
Krzysztof Kotlarek
04bac33ed9
UX: consistent flags page (#29798)
Add/Edit form should not have an admin header
2024-11-19 14:46:08 +11:00
Ted Johansson
235c6434c1
FIX: Don't include secret membership groups when serializing other users (#29799)
As part of a previous fix we changed which groups are serialized for a user, in order to fix a bug in the default group selector under user preferences.

However, we should only change this when serializing the current user. This change combines the old code-path and the new based on who is serializing.
2024-11-18 19:25:42 +08:00
Selase Krakani
9b0cfa99c5
DEV: Gracefully handle remaps which violate DB column constraints (#29501)
* DEV: Gracefully handle remaps which violate DB column constraints

This change implements length constraint enforcement to skip remaps
which exceed column max lengths

* DEV: Only perform skipped column stats lookup when verbose is true

* DEV: Tidy up specs

* DEV: Make skipping violating remap behaviour opt-in

This change introduces a new `skip_max_length_violations` param for
`remap`, set to `false` by default to ensure we still continue to fail
hard when max lenth constraints are violated.

To aid in quick resolution when remaps fail, this change also
adds more context to the exception message to include the offending table
and column information

* Apply suggestions from code review

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>

* FIX: Various fixes

- Linter errors
- Remap status "logger" early return condition

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-11-15 10:42:25 +00:00
Alan Guo Xiang Tan
6bf0ac730f
FIX: Rescue ActiveRecord::ReadOnlyError when baking theme field (#29776)
Firstly, we need to understand that ActiveRecord can be
connected to a role which prevent writes and this happens in Discourse when a
replica database has been setup for failover purposes. When a role
prevent writes from happening, ActiveRecord will raise the
`ActiveRecord::ReadOnlyError` if a write query is attempted.

Secondly, theme fields are baked at runtime within GET requests. The
baking process involves writing the baked value to the
`ThemeField#baked_value` column in the database.

If we combine the two points above, we can see how the writing of the
baked value to the database will trigger a `ActiveRecord::ReadOnlyError`
in a GET requests when the database is connected to a role preventing
writes. However, failing to bake a theme is not the end of the world and
should not cause GET requests to fail. Therefore, this commit adds a rescue
for `ActiveRecord::ReadOnlyError` in the `ThemeField#ensure_baked!`
method.
2024-11-15 10:19:10 +08:00
Martin Brennan
4e5de17e7c
FIX: Admin backups erroring because of S3 dualstack (#29775)
Followup 0568d36133
Followup 97cf069a06

Due to the S3 dualstack endpoint change, sites with
S3 backups configured but _not_ S3 uploads were erroring,
with admins unable to access the backups page. This
commit fixes the error by not enabling S3 dualstack
endpoints if S3 uploads have not been enabled, backups
don't need to use them.

c.f. https://meta.discourse.org/t/unable-to-backup-or-navigate-to-backups/335899
2024-11-15 12:05:59 +10:00
Jan Cernik
2ac1894292
FIX: Error with social logins and fullpage signup (#29761) 2024-11-14 16:02:17 -03:00
Régis Hanol
fd1220af69
FIX: chat bookmarks in drawer mode (#29757)
When using chat in drawer mode, after you've clicked on a chat bookmark in the user menu, clicking any other chat bookmark would "do nothing".

In 8b18fd1556 we added an optimization to prevent the same route from being reloaded, but it ended up breaking the bookmarks.

This commit reverts the changed made the above commit and adds a system specs that ensure we can click two chat bookmarks in the user menu when using chat in drawer mode.

Internal ref - t/134362
2024-11-14 17:20:11 +01:00
Gabriel Grubba
b39c30045b
FEATURE: Add skip notification option to group invite to topic (#29741)
* FEATURE: Add skip notification option to group invite to topic

* DEV: rename `skip_notification` to `should_notify`

* DEV: update `should_notify` param to be default `true` in controllers

* DEV: update spec to use `greater than` instead of `equal to` to prevent flakiness

* Update app/controllers/topics_controller.rb

Co-authored-by: David Taylor <david@taylorhq.com>

* DEV: merged two `#invite_group` specs into one

* DEV: Added test case for `invite-group` in requests spec

---------

Co-authored-by: David Taylor <david@taylorhq.com>
2024-11-14 13:00:15 -03:00
Penar Musaraj
9b691853e0
FIX: Dismiss unread posts in subcategories (#29671)
When a parent category shows topics from subcategories, dismissing
should dismiss posts in both parent and subcategories.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-11-14 10:06:12 -05:00
David Taylor
fd5ef6896d
DEV: Overhaul devcontainer configuration (#28446)
- Uses a more appropriate image, with immutable tag (so update prompts work correctly)
- Updates port forwarding
- Improves mount setup (inc. persistant PG/Redis when rebuilding)
- Fixes ember-cli live reload
- Automatically configures VSCode & extensions
2024-11-14 12:11:38 +00:00
Krzysztof Kotlarek
42b1ca8f78
UX: redesign admin permalinks page (#29634)
Redesign the permalinks page to follow the UX guide. In addition, the ability to edit permalinks was added.

This change includes:
- move to RestModel
- added Validations
- update endpoint and clear old values after the update
- system specs and improvements for unit tests
2024-11-14 10:03:58 +11:00
Kris
9a22d7df7b
UX: reduce bottom topic map threshold, with protections (#29665) 2024-11-13 07:58:44 -05:00
Jan Cernik
920fa4c248
FIX: Correctly load the invites model when using full page logins (#29713) 2024-11-13 08:56:16 -03:00
Osama Sayegh
00196b8652
FIX: Restore and deprecate the :type param of uploads#create (#29736)
Follow up to 6f8f6a7726

Prior to the linked commit, the `uploads#create` endpoint had a `upload_type` and `type` param that acted as aliases for each other and raised an error if both of them were missing. In the linked commit, we removed the `type` param and always required the `upload_type` param which break API consumers that only included `type` in their requests.

This commit adds back the `type` param temporarily and introduces a deprecation message for it so that API consumers are made aware of the eventual removal of the `type` param.
2024-11-13 14:07:20 +03:00
David Taylor
86a2558f5f
DEV: Add remove debugging URLs to system spec helper (#29722)
These URLs allow the state of a headless browser to be viewed and debugged using any other browser, without needing to restart the test with `SELENIUM_HEADLESS=0`.
2024-11-13 09:27:48 +00:00
Jan Cernik
234133bd3b
UX: Split hide_profile_and_presence user option (#29632)
It splits the hide_profile_and_presence user option and the default_hide_profile_and_presence site setting for more granular control. It keeps the option to hide the profile under /u/username/preferences/interface and adds the presence toggle in the quick user menu.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-11-12 22:22:58 -03:00
Loïc Guitaut
d637bd6519
DEV: Don’t replace Rails logger in specs (#29721)
Instead of replacing the Rails logger in specs, we can instead use
`#broadcast_to` which has been introduced in Rails 7.
2024-11-13 08:47:39 +08:00
Mark VanLandingham
9b8af0ea9f
DEV: Create permanent version of moved_posts table from PostMover class (#29664)
This is a very simple change, which creates a permanent table in the DB, rather than generating a temporary table when moving posts. This change is about capturing data and any usage will appear in a follow-up.

I did include a new column created_new_topic in the new table, so that it can be easily audited without having to compare destination topic created_at with moved_post records.
2024-11-12 14:35:20 -06:00
Krzysztof Kotlarek
a0242764f3
FIX: flaky system flags spec (#29694)
Wait for the flag button to arrive before clicking it.
2024-11-13 07:13:18 +11:00
Roman Rizzi
d97d48ead1
FIX: Ensure normalized_email gets anonymized (#29719) 2024-11-12 14:36:17 -03:00
Krzysztof Kotlarek
34ed35e174
FIX: filterable staff logs for flags (#29695)
Flag actions must be added to `staff_actions` method to be filterable.
2024-11-12 11:23:18 +11:00
Martin Brennan
7f1e403a25
Revert "DEV: Enable the normalize_emails site setting by default (#29587)" (#29712)
This reverts commit 7d9d98422c.
2024-11-12 10:23:02 +10:00
Sérgio Saquetim
3019bb577b
DEV: Modernize the post menu from widgets to Glimmer components (#28670)
This commit modernizes the post menu by migrating it from the existing widget-based implementation to Glimmer components. This transition aims to improve the maintainability, performance, and overall developer experience.

It also introduces a new DAG-based transformer API for customizations that aims to be more flexible than the widget base one.

---------

Co-authored-by: David Taylor <david@taylorhq.com>
2024-11-11 15:36:08 -03:00
Bianca Nenciu
f1700ca589
FEATURE: Paginate categories when there are many (#29569)
This commit removes the new optimized category style introduced in
previous commits (d37a0d40, 9a80d718 and 430c42ac), in favour of the
existent `categories_only`.
2024-11-11 17:32:45 +02:00
Ted Johansson
189d98f3ca
DEV: Convert admin emojis UI to new layout (#29615)
This PR converts the custom emoji UI in the admin pages to follow the new admin UI guidelines.
2024-11-11 15:04:15 +08:00
Angus McLeod
cb4b8146a3
Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
Ted Johansson
f573fd8f5e
FEATURE: Add more bulk dismiss buttons with confirmation (#29331)
When performing bulk dismissal in Unread and New views, the dismiss button stays at the top of the UI. Because of this we want to provide the dismiss action also in the "sticky" menu that's always in view, even when scrolling a long list of topics.
2024-11-08 15:59:12 +08:00
Alan Guo Xiang Tan
af642d0d69
Revert "FEATURE: Mark bad uploads with :invalid_url (#29640)" (#29657)
This reverts commit 5a00a041f1.

Implementation is currently not correct. Multiple uploads can share the
same etag but have different paths in the S3 bucket.
2024-11-08 13:04:52 +08:00
Osama Sayegh
4bc030f76f
FIX: Add back the option to create invite without emailing (#29641)
Follow-up to a5497b74be

In the linked commit, as part of simplifying the invite modal, we removed the option to skip sending an email when creating an invite restricted to a specific address. This has caused confusion about whether an email will be sent by Discourse or not, so we're adding back the option to create a restricted invite without emailing.

Internal topic: t/134023/48.
2024-11-08 07:59:24 +03:00
Martin Brennan
97cf069a06
FIX: S3 custom endpoint incompatible with dualstack (#29654)
Followup 0568d36133

S3 itself and other S3-compatible providers do not
allow using an S3 custom endpoint and dualstack at
the same time, so this commit fixes that by not using
dualstack when the endpoint is present.
2024-11-08 11:12:49 +10:00
Kris
64291fedf8
UX: lower min_post_count to show bottom topic map (#29649) 2024-11-07 20:10:18 -05:00
Bianca Nenciu
5a00a041f1
FEATURE: Mark bad uploads with :invalid_url (#29640)
A "bad upload" in this context is a upload with a mismatched URL. This can happen when changing the S3 bucket used for uploads and the upload records in the database have not been remapped correctly.
2024-11-08 08:05:14 +08:00
Renato Atilio
7568e732cc
FIX: resume editing when through /new-message (#29637)
"Resume editing" would do nothing when going through the `/new-message` flow.

This seems to be broken since [this commit](b0f6d074be). which moved `this._setModel` calls around – the same we're doing now, but to different places: the first one needs to happen after the `draft.data` has been set , while the second needs to happen before the `this.open` call.
2024-11-07 17:39:58 -03:00
Martin Brennan
0568d36133
FIX: Use dualstack S3 endpoint for direct uploads (#29611)
When we added direct S3 uploads to Discourse, which use
presigned URLs, we never took into account the dualstack
endpoints for IPv6 on S3.

This commit fixes the issue by using the dualstack endpoints
for presigned URLs and requests, which are used in the
get-presigned-put and batch-presign-urls endpoints used when
directly uploading to S3.

It also makes regular S3 requests for `put` and so on use
dualstack URLs. It doesn't seem like there is a downside to
doing this, but a bunch of specs needed to be updated to reflect this.
2024-11-07 11:06:39 +10:00
Keegan George
fad0d2ec62
UX: New experimental features should be marked clearly (#29622)
This PR adds a small visual change to the new feature item on the `/admin/whats-new` page. When features are marked with an experimental site setting, they should show an indication on the feature item that it is "Experimental"
2024-11-06 15:26:30 -08:00
Bianca Nenciu
635faaaf59
DEV: Add system spec for categories page (#29621)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
Follow up to commit 948e283e0f.
2024-11-06 20:01:27 +02:00
Jean
708533b1e0
FEATURE: Add links to searchable user fields in users directory and user profile (#29338)
* FEATURE: Add links to searchable user fields in users directory and user profile
2024-11-06 13:35:30 -04:00
Gabriel Grubba
75beb5a84f
FIX: Change create_post_for_category_and_tag_changes setting to use whispers instead of small actions (#29602)
It currently can leak private tags/categories, to address this we are moving to whispers.
2024-11-06 09:28:28 -03:00
Loïc Guitaut
5177aef37d FIX: Don’t try to serialize associations in PostRevisionSerializer
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Currently, if an association is added as a tracked field in
`PostRevisor`, the `PostRevisionSerializer` class will try to serialize
it somehow. This will raise an error as ActiveRecord collection proxies
can't be serialized.

This patch addresses this issue by skipping any association tracked by
the `PostRevisor` class.
2024-11-06 10:38:41 +01:00
Osama Sayegh
6f8f6a7726
FIX: Pass upload type correctly to uploads#create (#29600)
Prior to Uppy, the `uploads#create` endpoint used to receive a `type` param that indicated the purpose/target of the upload, such as `avatar`, `site_setting` and so on. With the introduction of Uppy, the `type` param became the MIME type of the file being uploaded, and the purpose/target of the upload became a new param called `upload_type`, however the backend could still use the `type` param (which now contains MIME type) as the purpose/target of the upload if `upload_type` is absent.

We technically don't need to send the MIME type over the network, but it seems like it's done by Uppy and we have no control over the `type` param that Uppy includes:

758de8167b/app/assets/javascripts/discourse/app/lib/uppy/uppy-upload.js (L146-L151)

This commit does a couple of things:

1. It amends the `uploads#create` endpoint so it always requires the `upload_type` param and doesn't fallback to `type` if `upload_type` is absent
2. It forces consumers of the `UppyUpload` class (and by extension `UppyImageUploader`) to specify `type` of the upload

Internal topic: t/140945.
2024-11-06 07:00:35 +03:00
Ted Johansson
7d9d98422c
DEV: Enable the normalize_emails site setting by default (#29587)
The normalize_emails setting makes it so that only canonical e-mails are considered for validation purposes. This means disallowing "plus addressing". For example, with this enabled, bob@discourse.org and bob+foo@discourse.org are considered the same address, and you can only sign up with one of them.

Currently this is disabled by default, leading to a lot of spam sign-ups. It's healthier to consider this an opt-out setting.
2024-11-06 11:20:36 +08:00
Krzysztof Kotlarek
973b599e11
FIX: correctly display category name in replace text modal (#29612)
Bug introduced in this PR https://github.com/discourse/discourse/pull/23232

The previous modal was using `category.name`

https://github.com/discourse/discourse/pull/23232/files#diff-bfae353a2f3457780e5c281b6a165261cfe552dd9dd791f3859e52d60e22be7fL20
2024-11-06 13:39:52 +11:00
Alan Guo Xiang Tan
57f4176b57
DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
Osama Sayegh
c3bc7a6a05
DEV: Add support for image fields in FormKit PageObject (#29589)
This commit adds an API `upload_image` to `FormKitField` page object for setting an image file on an `Image` field in FormKit. Usage is like this:

```ruby
form.field("image_field").upload_image(image_path)
```

The `value` API also now supports `Image` fields; it returns an `Upload` record if the field has an uploaded image.
2024-11-05 15:35:53 +03:00
Martin Brennan
badca20749
DEV: Combine S3 system spec helpers into one (#29580)
It's annoying to have to do both of these every
time you write an S3 system spec, let's just do them
in one call instead.
2024-11-05 09:28:14 +10:00
Keegan George
7a936da05c
DEV: Auto grid images no longer experimental (#29572)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Recently we added a new feature for automatically gridding images in the composer (https://github.com/discourse/discourse/pull/29260). After testing this feature under a setting for a short period of time, the feature is no longer experimental anymore.

This PR removes the site setting `experimental_auto_grid_images`.
2024-11-04 08:21:40 -08:00
Bianca Nenciu
723dc1fa55
Dev fix some types (#29547)
The primary key is usually a bigint column, but the foreign key columns
are usually of integer type. This can lead to issues when joining these
columns due to mismatched types and different value ranges.

This was using a temporary plugin / test API to make tests pass. After
more careful consideration, we concluded that it is safe to alter the
tables directly.
2024-11-01 19:19:25 +02:00
benj
cfc23c43e9
FEATURE - Add username column to custom emoji table (#29522)
* Adds emoji column for creator username
2024-11-01 10:32:59 -05:00
Martin Brennan
254cf22559
FIX: Allow target attribute in translation overrides (#29503)
Some of our translations are HTML and have `target='_blank'`
included, we should allow the same when sanitizing input for
translation overrides.
2024-11-01 09:48:07 +10:00
Régis Hanol
927054b01e
FIX: duplicate topics in digests / summaries (#29517)
When using the `digest_suppress_tags` site setting to list some tags that should be removed from the digests, if there was a topic that had one suppressed tag and other regular tag(s), it would be duplicated in the summaries.

https://meta.discourse.org/t/multiple-repeated-summary-mail-entries/296539

Thanks to @scossar for [figuring it out](https://meta.discourse.org/t/multiple-repeated-summary-mail-entries/296539/30).
2024-10-31 18:22:41 +01:00
Penar Musaraj
c8e03f251f
DEV: Remove body docked class and its scroll event listener (#29515)
Docking is a leftover from older header code, it looks like it is no
longer used in the app. This helper was registering a scroll event
listener to check if the header should be docked or not. Initially, a
"docked" class was added to the body element. This class persisted
through the lifecycle of the app and the scroll event was doing no
useful work.

Some older themes may still use it in CSS, that will cause a regression,
from a quick look at existing code, the surface area should be small
(2-3 themes). It's worth removing the event listener for performance
reasons. We could possibly add the class "docked" statically to the body
element, but it's redundant. It's best to clean up the relevant CSS in
themes, where applicable.
2024-10-31 10:21:50 -04:00
Osama Sayegh
0ad1c02932
FEATURE: Add 'Community title' field to about config page (#29500)
This commit adds a new "Community title" field to the about config page. This field controls the `short_site_description` setting, which is shown in the browser tab for key pages such categories pages and topic lists.

Internal topic: t/140812.
2024-10-31 10:04:31 +03:00
Martin Brennan
1a3b9a7352
DEV: Secure upload rake task improvements (#29484)
This commit changes the uploads:secure_upload_analyse_and_update
and uploads:disable_secure_uploads to no longer rebake affected
posts inline. This just took way too long, and if the task stalled
you couldn't be sure if the rest of it completed.

Instead, we can update the baked_version of affected posts and
utilize our PeriodicalUpdates job to gradually rebake them. I added
warnings about increasing the site setting rebake_old_posts_count and
the global setting max_old_rebakes_per_15_minutes before doing this
as well.

For good measure, the affected post IDs are written to a JSON file too.
2024-10-31 13:33:11 +10:00
Martin Brennan
d5b328b193
DEV: Site setting keyword changes (#29486)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
This commit contains two changes to how our site setting
keyword system works:

1. Crowdin, our translation provider, does not support YAML lists,
   so we are changing site setting keywords in server.en.yml to
   be pipe-separated (|)
2. It's unclear to translators what they are supposed to do with
   aliases of site settings where the name has changed, e.g.
   min_trust_level_for_here_mention. Instead of getting these as
   keywords from the yml file, we can discern these from
   SiteSettings::DeprecatedSettings automatically, and still use
   them for client-side search

These changes should help improve the situation for translators.
2024-10-31 13:18:34 +10:00
Martin Brennan
1c717f733c
FIX: Blank "Legacy Pageviews" report showed no data (#29502)
Followup bd4e8422fe

In the previous commit, we introduced the `page_view_legacy_total_reqs`
report. However this was not tested properly, and due to a typo
the report returned no data.

This commit fixes the issue and adds a spec to catch this.
2024-10-31 12:51:29 +10:00
Osama Sayegh
19672faba6
FEATURE: Add invite link to the sidebar (#29448)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
This commit adds a new "Invite" link to the sidebar for all users who can invite to the site. Clicking the link opens the invite modal without changing the current route the user is on. Admins can customize the new link or remove it entirely if they wish by editing the sidebar section.

Internal topic: t/129752.
2024-10-30 05:31:14 +03:00
Martin Brennan
c3f99c8634
DEV: Fix admin confirmation flaky spec (#29456) 2024-10-30 04:59:51 +10:00
Jan Cernik
e5ac69fd65
DEV: Revert flaky specs fix attempts (#29472) 2024-10-29 13:37:37 -03:00
Osama Sayegh
2ffe413b0b
FEATURE: Enable the new /about page for everyone (#29390)
This commit removes the feature flag for the new /about page, enabling it for all sites, and removes the code for old the /about page.

Internal topic: t/140413.
2024-10-29 18:40:11 +03:00
Loïc Guitaut
2f334964f2 DEV: Remove hash-like access from service contracts
We decided to keep only one way to access values from a contract. This
patch thus removes the hash-like access from contracts.
2024-10-29 16:02:51 +01:00
Krzysztof Kotlarek
0839bce7b6
DEV: allow the plugin to register valid site setting areas (#29432)
In this PR, we defined the ability to group site settings by area - https://github.com/discourse/discourse/pull/28570

Plugins should be able to register in their own areas.
2024-10-29 09:40:31 +11:00
Martin Brennan
27bdfb6437
FEATURE: Add user preference to disable smart lists (#29434)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
Followup 30fdd7738e

Adds a new site setting and corresponding user preference
to disable smart lists. By default they are enabled, because
this is a better experience for most users. A small number of
users would prefer to not have this enabled.

Smart lists automatically append new items to each
list started in the composer when enter is pressed. If
enter is pressed on an empty list item, it is cleared.

This setting will be removed when the new composer is complete.
2024-10-28 14:18:15 +10:00
Martin Brennan
456fbb1dbf
FEATURE: Allow themes to define screenshots (#29079)
This commit allows themes to define up to 2 screenshots
in about.json. These should be paths within the theme's
git repository, images with a 1MB max file size and max width 3840x2160.

These screenshots will be downloaded and stored against a theme
field, and we will use these in the redesigned theme grid UI.

These screenshots will be updated when the theme is updated
in the same way the additional theme files are.

For now this is gated behind a hidden `theme_download_screenshots`
site setting, to allow us to test this on a small number of sites without
making other sites make unnecessary uploads.

**Future considerations:**

* We may want to have a specialized naming system for screenshots. E.g. having light.png/dark.png/some_palette.png
* We may want to show more than one screenshot for the theme, maybe in a carousel or reacting to dark mode or color palette changes
* We may want to allow clicking on the theme screenshot to show a lightbox
* We may want to make an optimized thumbnail image for the theme grid

---------

Co-authored-by: Ted Johansson <ted@discourse.org>
2024-10-28 10:10:20 +10:00
Martin Brennan
77f63a45d3
FIX: Use site contact user + group for Revise... review action (#29271)
Followup 9762e65758

When we added the Revise... option for posts/new topics
in the review queue, which sends a PM to the user, we used
`SystemMessage.create_from_system_user`, which always sends
the PM from the system user. However, this makes it so if the
user replies to the PM, which they are encouraged to do,
no one will see it unless they actively monitor the system inbox.

This commit changes it so `SystemMessage.create` is used,
which uses the `site_contact_username` and `site_contact_group`
site settings as participants in the sent PM. Then, when the
user replies, it will send to that inbox instead.

If `site_contact_username` is blank, the system user is used.
2024-10-28 09:40:10 +10:00
Isaac Janzen
1d2b6dbb01
DEV: Add disableDefaultKeyboardShortcuts plugin API to disable default keyboard shortcuts (#29401)
# Context

Add `disableDefaultKeyboardShortcuts` function to the plugin API to allow for disabling [default bindings](e4941278b2/app/assets/javascripts/discourse/app/lib/keyboard-shortcuts.js (L49)). 

# Details
This function is used to disable a "default" keyboard shortcut. You can pass an array of shortcut bindings as strings to disable them.

**Please note that this function must be called from a pre-initializer.**

Example:
```js
api.disableDefaultKeyboardShortcuts(['command+f', 'shift+c']);
```

- Added system spec, displaying intended behavior
2024-10-25 14:14:04 -05:00
Jan Cernik
5b7df76248
DEV: Fix flaky signup spec with invite codes (#29415) 2024-10-25 10:15:18 -03:00
Loïc Guitaut
584424594e DEV: Replace params by the contract object in services
This patch replaces the parameters provided to a service through
`params` by the contract object.

That way, it allows better consistency when accessing input params. For
example, if you have a service without a contract, to access a
parameter, you need to use `params[:my_parameter]`. But with a contract,
you do this through `contract.my_parameter`. Now, with this patch,
you’ll be able to access it through `params.my_parameter` or
`params[:my_parameter]`.

Some methods have been added to the contract object to better mimic a
Hash. That way, when accessing/using `params`, you don’t have to think
too much about it:
- `params.my_key` is also accessible through `params[:my_key]`.
- `params.my_key = value` can also be done through `params[:my_key] =
  value`.
- `#slice` and `#merge` are available.
- `#to_hash` has been implemented, so the contract object will be
  automatically cast as a hash by Ruby depending on the context. For
  example, with an AR model, you can do this: `user.update(**params)`.
2024-10-25 14:48:34 +02:00
Loïc Guitaut
41584ab40c DEV: Provide user input to services using params key
Currently in services, we don’t make a distinction between input
parameters, options and dependencies.

This can lead to user input modifying the service behavior, whereas it
was not the developer intention.

This patch addresses the issue by changing how data is provided to
services:
- `params` is now used to hold all data coming from outside (typically
  user input from a controller) and a contract will take its values from
  `params`.
- `options` is a new key to provide options to a service. This typically
  allows changing a service behavior at runtime. It is, of course,
  totally optional.
- `dependencies` is actually anything else provided to the service (like
  `guardian`) and available directly from the context object.

The `service_params` helper in controllers has been updated to reflect
those changes, so most of the existing services didn’t need specific
changes.

The options block has the same DSL as contracts, as it’s also based on
`ActiveModel`. There aren’t any validations, though. Here’s an example:
```ruby
options do
  attribute :allow_changing_hidden, :boolean, default: false
end
```
And here’s an example of how to call a service with the new keys:
```ruby
MyService.call(params: { key1: value1, … }, options: { my_option: true }, guardian:, …)
```
2024-10-25 09:57:59 +02:00
Jan Cernik
d80dcaa261
DEV: Attempt to fix flaky signup spec (#29396) 2024-10-24 13:05:41 -03:00
Guhyoun Nam
82ad7f9d17
DEV: Delete plugin specific webhook event types (#29374)
Background
When creating webhooks on a site without the Discourse Category Experts plugin installed, the category_experts_unapproved_event and category_experts_approved_event webhook events are getting automatically added to webhooks without a way to disable them.

The category_experts_unapproved_event and category_experts_approved_event webhook events are associated with the Discourse Category Experts plugin so I am moving these webhook events into the Category Experts plugin.

Changes
This PR deletes Category Experts plugin specific webhook event types added into core.
2024-10-24 11:02:58 -05:00
Bianca Nenciu
2f1d1cd062
FIX: Skip CSRF check for POST /categories/search (#29392)
This endpoint used to be a GET request, but was changed to POST to allow
larger payloads.

Follow up to commit ebc1763aa5.
2024-10-24 17:06:21 +03:00
Jarek Radosz
587264f9d2
DEV: Remove extraneous spec code (#29386)
namely `js: true`, requiring `rails_helper`, and default `freeze_time` args
2024-10-24 14:15:32 +02:00
Bianca Nenciu
d37a0d401c
FEATURE: Introduce an optimized style for category page (#29239)
The new style is called `categories_only_optimized` and it is designed
to show only the parent categories, without any subcategories. This
works best for communities with many categories (over a thousand).
2024-10-24 13:46:42 +03:00
Jarek Radosz
44d1a818a3
DEV: Avoid a hacky workaround in d-toggle-switch specs (#29376) 2024-10-23 23:11:19 +02:00
Krzysztof Kotlarek
cd077ef93b
FIX: visual regression for new features (#29359)
Bug introduced in this PR https://github.com/discourse/discourse/pull/29244

When the experiment toggle button was introduced, new features did not look right when the toggle button was not available.

In addition, the plugin name can be an empty string. In that case, information about new features should be displayed.
2024-10-23 16:16:19 +11:00
Jarek Radosz
6a9af7c82f
FIX: Show the last rendered user-tip (#29346)
…or a tip with the highest priority.

This regressed in 597ef11195 where we got rid of `next()` calls, so we'd render the first tip we encounter.

The commit also adds a test and updates existing ones.
2024-10-22 22:41:29 +02:00
Loïc Guitaut
f79dd5c8b5 DEV: Stop injecting a service result object in the caller object
Currently, when calling a service with its block form, a `#result`
method is automatically created on the caller object. Even if it never
clashed so far, this could happen.

This patch removes that method, and instead use a more classical way of
doing things: the result object is now provided as an argument to the
main block. This means if we need to access the result object in an
outcome block, it will be done like this from now on:
```ruby
MyService.call(params) do |result|
  on_success do
    # do something with the result object
    do_something(result)
  end
end
```

In the same vein, this patch introduces the ability to match keys from
the result object in the outcome blocks, like we already do with step
definitions in a service. For example:
```ruby
on_success do |model:, contract:|
  do_something(model, contract)
end
```
Instead of
```ruby
on_success do
  do_something(result.model, result.contract)
end
```
2024-10-22 16:58:54 +02:00
Gerhard Schlager
07ff21d045
FIX: Restoring backup could fail due to missing discourse_functions (#29332)
Database dumps sometimes reference functions in the `discourse_functions` schema. It's possible that some of these functions have been dropped in a newer version of Discourse. In that case, restoring an older backup will fail with a `ERROR:  function discourse_functions.something_something() does not exist` error. The restore functionality contains a workaround for that problem, but it didn't work with functions created in plugin migrations.

This commit adds support for temporarily creating missing `discourse_functions` from plugins. And it adds a simple check if the DB migration file even contains the required `DROPPED_TABLES` or `DROPPED_COLUMNS` constant. We don't need to create an instance of the DB migration class unless one of those constants is used. This makes the restore slightly faster and works around a problem with migrations that execute without `up` or `down` methods (e.g. `BackfillChatChannelAndThreadLastMessageIdsPostMigrate`).
2024-10-22 16:13:01 +02:00