Commit Graph

35955 Commits

Author SHA1 Message Date
Robin Ward
37888d9818 FIX: Never return the same reply more than once via reply_ids
If our reply tree somehow ends up with cycles or other odd
structures, we only want to consider a reply once, at the first
level in the tree that it appears.
2020-02-03 13:41:18 -05:00
David Taylor
7640914552
UX: Include muted categories on the category page by default (#8842)
* DEV: Add data-notification-level attribute to category UI

* Show muted categories on the category page by default

This reverts commit ed9c21e42c.

* Remove redundant spec - muted categories are now visible by default
2020-02-03 10:40:02 -08:00
Penar Musaraj
6301477b4c FIX: Make dropdown custom user fields compatible with select-kit 2 2020-02-03 13:19:38 -05:00
Robin Ward
f83362b05b FIX: Don't return post replies from other topics
It seems in some situations replies have been moved to other topics but
the `PostReply` table has not been updated. I will try and fix this in a
follow up PR, but for now this fix ensures that every time we ask a post
for its replies that we restrict it to the same topic.
2020-02-03 13:12:27 -05:00
Matt Marjanović
ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816)
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
Stephen Chung
98e9302c26
Log error when optimized image file fails to store. (#8840) 2020-02-03 12:28:45 -05:00
dependabot-preview[bot]
a96eba9714
Build(deps): Bump rubyzip from 2.1.0 to 2.2.0 (#8833)
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/compare/v2.1.0...v2.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-03 12:11:41 -05:00
dependabot-preview[bot]
302774f0e9
Build(deps): Bump ffi from 1.12.1 to 1.12.2 (#8831)
Bumps [ffi](https://github.com/ffi/ffi) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/ffi/ffi/releases)
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ffi/ffi/compare/1.12.1...1.12.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-03 12:10:48 -05:00
dependabot-preview[bot]
335f63f8fd
Build(deps): Bump unicorn from 5.5.2 to 5.5.3 (#8830)
Bumps [unicorn](https://yhbt.net/unicorn/) from 5.5.2 to 5.5.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-03 12:09:29 -05:00
dependabot-preview[bot]
16ae49eb95
Build(deps-dev): Bump parallel_tests from 2.30.1 to 2.31.0 (#8829)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.1 to 2.31.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.1...v2.31.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-03 12:08:54 -05:00
Penar Musaraj
231617ff70 DEV: Rename deprecated "warning" icon to "exclamation-triangle" 2020-02-03 10:43:05 -05:00
Daniel Waterworth
7c7098c700 FIX: Off-by-one error setting the distributed mutex key to expire
Accounting for fractional seconds, a distributed mutex can be held for
almost a full second longer than its validity.

For example: if we grab the lock at 10.5 seconds passed the epoch with a
validity of 5 seconds, the lock would be released at 16 seconds passed
the epoch. However, in this case assuming that all other processing
takes a negligible amount of time, the key would be expired at 15.5
seconds passed the epoch.

Using expireat, the key is now expired exactly when the lock is released.
2020-02-03 14:54:50 +00:00
Arpit Jalan
e7a511fc7f Bump onebox version.
- remove Douban onebox
- show map icon for Google Map composer preview
2020-02-03 18:57:38 +05:30
Joffrey JAFFEUX
0431942f3d
DEV: select-kit 2 (#7998)
This new iteration of select-kit focuses on following best principales and disallowing mutations inside select-kit components. A best effort has been made to avoid breaking changes, however if you content was a flat array, eg: ["foo", "bar"] You will need to set valueProperty=null and nameProperty=null on the component.

Also almost every component should have an `onChange` handler now to decide what to do with the updated data. **select-kit will not mutate your data by itself anymore**
2020-02-03 14:22:14 +01:00
Arpit Jalan
0e2cbee339 UX: add icon for Google Map onebox. 2020-02-03 18:12:42 +05:30
Dan Ungureanu
a2f8ac9aac
FIX: Check parameter types
/u/is_local_username used to throw a 500 error
2020-02-03 12:36:08 +02:00
Martin Brennan
baca59c1a6 Merge branch 'master' of github.com:discourse/discourse 2020-02-03 15:13:33 +10:00
Martin Brennan
89cb8f769a Remove redundant spec in TopicConverter
* the spec to check if changing the topic between PM and
  public to see if the upload security status is changed
  is already covered extensively in topic_upload_security_manager_spec.rb
2020-02-03 15:08:11 +10:00
Martin Brennan
dd3a7f4825
FIX: Admin user list not showing 2FA icon for only security keys enabled (#8839)
If someone only had security keys enabled, the icon to say they had 2FA enabled would not show in the admin staff user list. It would only show if they had TOTP enabled.
2020-02-03 14:37:46 +10:00
Sam Saffron
9a199be279 UX: hide the allow_embedding_site_in_an_iframe setting
This setting is very high risk and can potentially break all
sorts of features.

To avoid complications and save people from themselves we are
hiding the site setting.

It can still be modified using the console if absolutely needed.
2020-02-03 15:28:02 +11:00
Martin Brennan
5f1749a1c0 Minor change to case-insensitive regex for s3_presigned_url? 2020-02-03 14:22:35 +10:00
Krzysztof Kotlarek
5b03f35614
FIX: suppress notification flood when post is edited (#8838) 2020-02-03 11:27:18 +11:00
dependabot-preview[bot]
6455c6ee87
Build(deps-dev): Bump simplecov from 0.18.0 to 0.18.1 (#8827)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.0 to 0.18.1.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.0...v0.18.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-31 10:22:12 -05:00
Roman Rizzi
df43ac901d
FIX: We don't want to update the post read count and user stats if the post timing wasn't created due to a conflict. (#8824) 2020-01-31 10:23:24 -03:00
Jarek Radosz
73b04976e5
FIX: Use updated_at in the S3 inventory job (#8823)
When we change upload's sha1 (e.g. when resizing images) it won't match the data in the most recent S3 inventory index. With this change the uploads that have been updated since the inventory has been generated are ignored.
2020-01-31 11:02:44 +01:00
Martin Brennan
c994fd1b01
FIX: Serve .ico files without nginx 404 for secure media uploads (#8826)
Add nginx location to handle /secure-media-uploads/ requests .ico files were getting a 404 when being looked for via /secure-media-uploads/. this nginx config addition fixes the issue.
2020-01-31 12:45:02 +10:00
Martin Brennan
8d77e99827
FIX: Stop encoding presigned URLs with UrlHelper (#8818)
When FinalDestination is given a URL it encodes it before doing anything else. however S3 presigned URLs should not be messed with in any way otherwise we can end up with 400 errors when downloading the URL e.g.

<Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message>

The signature of presigned URLs is very important and is automatically generated and should be preserved.
2020-01-31 09:09:34 +10:00
dependabot-preview[bot]
a520012538
Build(deps): Bump cose from 0.10.0 to 0.11.0 (#8822)
Bumps [cose](https://github.com/cedarcode/cose-ruby) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases)
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-30 14:32:27 -05:00
dependabot-preview[bot]
3c40bcca17
Build(deps): Bump oj from 3.10.1 to 3.10.2 (#8821)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.1 to 3.10.2.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.1...v3.10.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-30 14:30:50 -05:00
Penar Musaraj
999e2ff514
UX: Show vertical topic timeline while composing (#8813)
Keeps topic timeline visible if space permits when composing, and adjusts its height dynamically.
2020-01-30 13:52:48 -05:00
Joshua Rosenfeld
11a9f15fed
Update email provider listing
* Most providers don't have generous free plans anymore
* Mailjet limits the emails sent per day on the free plan.
2020-01-30 12:01:00 -05:00
Dan Ungureanu
62b9a432bd
FIX: Import sub-sub-categories (#8810)
This should make the importer more resilient to incomplete or damaged
backups. It will disable some validations and attempt to automatically
repair category permissions before importing.
2020-01-30 18:46:33 +02:00
Dan Ungureanu
e470b27b41
FIX: Ensure 'unless' helper resolves variable name once (#8820)
This fixes a bug which caused '{{#unless var}}' to act the same as
'{{#if true}}' because 'unless' was transforming the conditional value
to 'undefined'.
2020-01-30 18:41:39 +02:00
Robin Ward
6d8f12612b Revert "Build(deps): Bump oauth2 from 1.4.2 to 1.4.3 (#8815)"
This reverts commit dc34c24ffe.
2020-01-30 11:04:50 -05:00
Mark VanLandingham
089d38e9d3
FIX: Disallow featuring hidden topics (#8814) 2020-01-30 10:00:49 -06:00
dependabot-preview[bot]
dc34c24ffe
Build(deps): Bump oauth2 from 1.4.2 to 1.4.3 (#8815)
Bumps [oauth2](https://github.com/oauth-xx/oauth2) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/oauth-xx/oauth2/releases)
- [Changelog](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-30 10:59:59 -05:00
Rafael dos Santos Silva
f15264e977 FEATURE: Add Tactile feedback on likes 2020-01-30 12:01:52 -03:00
Dan Ungureanu
bf50087d72
Revert "FIX: Create post notices only for public posts (#8708)"
This reverts commit c2d051315d.
2020-01-30 14:26:08 +02:00
Arpit Jalan
33abd68bdf fix the build. 2020-01-30 17:51:55 +05:30
Arpit Jalan
a3115e430e DEV: migration to remove 'bounce_score_threshold_deactivate' setting record 2020-01-30 17:32:57 +05:30
Arpit Jalan
62c21ba649 Remove bounce_score_threshold_deactivate setting.
Removed `bounce_score_threshold_deactivate` setting as the deactivate
threshold is not getting reached.
2020-01-30 16:17:31 +05:30
Sam Saffron
9f0e57b338 DEV: update rack-mini-profiler
This contains a fix to avoid a certain exception that kept popping up on
page transitions when mini profiler was fighting with our app and our app
was removing the mini profiler timing.
2020-01-30 17:57:47 +11:00
Martin Brennan
1150cd4621
FIX: Stop secure media URLs being censored too liberally in emails (#8817)
For example /t/ URLs were being replaced if they contained secure-media-uploads so if you made a topic called "Secure Media Uploads Are Cool" the View Topic link in the user notifications would be stripped out.

Refactored code so this secure URL detection happens in one place.
2020-01-30 16:19:14 +10:00
Martin Brennan
c84652eb8b Get rid of no longer needed target_usernames warning log 2020-01-30 12:30:11 +10:00
Martin Brennan
bd04b9cbbe Fix extremely slow topic_converter_spec 2020-01-30 10:43:05 +10:00
Neil Lalonde
34f564acd6 FIX: customized email subjects was ignored for some notifications
Email templates for notifications about new posts and topics weren't
using customized values.
2020-01-29 14:49:08 -05:00
Roman Rizzi
2ee6a615b7
FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
Dan Ungureanu
09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
Kris
d24d47b2ee
FIX: set showFooter to true on group topic list (#8795)
If using {{#if showFooter}} in a template, showFooter is never set to true on a group's g/groupname/activity/topics route (it's correctly set on other group routes like group-activity-posts)
2020-01-29 12:12:38 -05:00
Joffrey JAFFEUX
e19459185a
DEV: new widget hooks mousemove/mouseup/mousedown/doubleclick (#8807) 2020-01-29 17:19:12 +01:00