github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 13:18:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
31,986 Commits 190 Branches 500 Tags 938 MiB
3fd04df781
Commit Graph

2775 Commits

Author SHA1 Message Date
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff 
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
 2018-09-12 09:32:32 +08:00
Guo Xiang Tan
e1b16e445e Rename FileHelper.is_image? -> FileHelper.is_supported_image?. 2018-09-12 09:22:28 +08:00
Osama Sayegh
16bd3f2cf2 FIX: use current user color scheme when filling theme-color attribute (#6384) 
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
 2018-09-12 11:04:58 +10:00
Neil Lalonde
9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Sam
879067d000 FIX: check admin theme cookie against user selectable 
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
 2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Vinoth Kannan
d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Sam
2f5c21e28c FIX: return a 400 error instead of 500 for null injections 
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
 2018-09-04 12:11:52 +10:00
Gerhard Schlager
f33433bf9e Validation of params should restrict to max int (#6331) 
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
 2018-09-03 14:45:32 +10:00
Guo Xiang Tan
59c9051a2e REFACTOR: Rescue error at the specific spot that is raising the error. 2018-09-03 11:04:58 +08:00
Bianca Nenciu
f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam
b3aab1770f FIX: set old last modified date for invalid avatars 
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
 2018-08-31 17:07:31 +10:00
Blake Erickson
ae532f8548 FIX: return 422 for an invalid group name on category create 2018-08-30 14:28:55 -06:00
David Taylor
103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Bianca Nenciu
72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Neil Lalonde
9bf4333491 FIX: redirect to wrong URL after account creation on subfolder install 2018-08-24 10:34:44 -04:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split 
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
 2018-08-24 11:30:00 +10:00
Sam
29315b73c2 FIX: improve last_modified date returned for avatars 
instead of hard coding a date:

1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
 2018-08-24 09:36:11 +10:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients 
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
 2018-08-23 14:36:49 +10:00
James Kiesel
cdea969c6a FEATURE: Make initial admins TL1 
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
 2018-08-22 15:45:24 +10:00
Sam
5a6d1ee257 FIX: defer actions in a static method 
This avoids capturing a huge closure and passing to defer
 2018-08-22 14:36:56 +10:00
Gerhard Schlager
17dc8f2490 UX: Wizard resends activation email when user exists 2018-08-21 19:13:41 +02:00
Sam
2d96160192 FEATURE: improve API error reporting for invalid records 2018-08-21 11:54:34 +10:00
Bianca Nenciu
dc5fddbfe6 FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 17:37:30 +02:00
Guo Xiang Tan
b4f92a05b3 FIX: Load more on groups page does not account for params. 
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
 2018-08-20 17:08:50 +08:00
Sam
ce4b12ae59 FIX: if we have not target available do not redirect 2018-08-20 13:10:59 +10:00
Joffrey JAFFEUX
37d4f27c44
FIX: quality/bugfix dashboard/reports pass (#6283) 2018-08-17 16:19:25 +02:00
Sam
9628c3cf97 FEATURE: automatically correct extension for bad uploads 
This fixes with post thumbnails on the fly
 2018-08-17 14:00:27 +10:00
Sam
baa72d18f8 FIX: simplify so we ban all auth paths 
previously plugins that have auth paths were not disallowed and robots
tend to call them
 2018-08-16 19:16:47 +10:00
Sam
796164b58c FIX: automatically correct bad avatars on access 
Also start relying on upload extension for optimized images
 2018-08-16 16:32:56 +10:00
Rafael dos Santos Silva
c8b5e6baae FEATURE: Use display: browser in webmanifest for iOS devices 
Since iOS doesn't have a back button and can have issues on log in.

See https://twitter.com/firt/status/1021477243909033984
 2018-08-15 23:36:08 -03:00
Misaka 0x4e21
d4fd19d49a UX: Replace Google search with Discourse search on not found page 
* UX: Replace Google search with Discourse search on not found page.

* FIX: Update application_controller_spec.rb.
 2018-08-15 11:53:04 +10:00
Régis Hanol
12bab65167 FIX: going from /categories to /latest on mobile might break infinite scrolling 2018-08-15 01:22:03 +02:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Sam
ad5f502332 FIX: add a basic validator for topic params 
This cuts down on log noise when people try out sql injection
 2018-08-14 17:01:04 +10:00
Sam
6f6b4ff988 regression: don't return from a block 
also clean up some warnings (shadowed var, unused var)
 2018-08-10 14:53:55 +10:00
Gerhard Schlager
b9072e8292 FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246) 2018-08-10 10:51:03 +10:00
Gerhard Schlager
ef4b9f98c1 FEATURE: Allow admins to reply without topic bump 2018-08-10 10:48:30 +10:00
Neil Lalonde
2c4d7225d8 FIX: permalink redirects with subfolder 2018-08-09 11:05:27 -04:00
Sam
ed4c0f256e FIX: check permalinks for deleted topics 
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
 2018-08-09 15:05:12 +10:00
Osama Sayegh
0d45826d22
fix theme previewing (#6245) 2018-08-08 10:58:45 +03:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components 
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
 2018-08-08 14:46:34 +10:00
Joffrey JAFFEUX
67ec81babf
FIX: fixes last backup/last_update dates (#6242) 2018-08-07 08:19:52 -04:00
Guo Xiang Tan
2b57239389 FIX: Upload's content is the only source of truth for the file type. 2018-08-07 13:15:00 +08:00
Sam
6797395bd0 FIX: staff should be allowed to agree and keep post 2018-08-07 10:05:43 +10:00
Joffrey JAFFEUX
7f2f3b8b22
FIX: improves reports resilience (#6239) 
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
 2018-08-06 16:57:40 -04:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer. 
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
 2018-08-06 09:25:48 +01:00
Régis Hanol
535732bdc1 FIX: ensure the 'email_revoked' PM template is customizable 2018-08-03 17:10:20 +02:00
Penar Musaraj
4a872823e7 Improvements to user drafts (#6226) 
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
 2018-08-02 07:41:27 +10:00
Penar Musaraj
1f45215537 FEATURE: Drafts view in user profile 
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
 2018-08-01 16:34:54 +10:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
Neil Lalonde
c12a9279f6 post deleted notification regression because controller was agreeing with all flags too early 2018-07-30 16:45:46 -04:00
Guo Xiang Tan
87537b679c Drop reply_key, skipped and skipped_reason from email_logs. 2018-07-30 11:39:28 +08:00
Neil Lalonde
1708ff1808 UX: add a route /rules as an alias for /faq and /guidelines 2018-07-26 15:38:08 -04:00
Joffrey JAFFEUX
330cf78c83
FIX: don’t break browser history on dashboard visit (#6186) 2018-07-26 14:59:28 -04:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166) 
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
 2018-07-25 16:44:09 +01:00
Gerhard Schlager
9989c8179d FIX: Translation for default (light) color scheme was missing 2018-07-25 11:28:14 +02:00
Gerhard Schlager
1ac643d71c FIX: Email template for "Queued Posts Reminder" was not found 2018-07-24 17:26:52 +02:00
Guo Xiang Tan
fad9c2b971 PERF: Move EmailLog#reply_key into new post_reply_keys table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) 
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
 2018-07-23 16:51:57 +01:00
Sam
caa669cf29 FIX: if exclude_category_ids is specified pass it through 
This allows us to optionally show all topics on latest even if stuff is
suppressed via a plugin
 2018-07-23 17:23:00 +10:00
Blake Erickson
37b726982d Fix silence and unsilenced response bodies 
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
 2018-07-22 16:08:36 -06:00
Joffrey JAFFEUX
1d5096eb46 FIX: lazy load more reports in dashboard 2018-07-20 23:35:53 -04:00
Joffrey JAFFEUX
1a78e12f4e
FEATURE: part 2 of dashboard improvements 
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
 2018-07-19 14:33:11 -04:00
Joffrey JAFFEUX
a2281fbb19
FEATURE: allows to jump to a date in a topic 2018-07-19 16:00:13 +02:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Vinoth Kannan
f3868fd646 FIX: Create empty user_avatar row if not exist 2018-07-16 14:06:49 +05:30
Sam
ac0053f491 FEATURE: navigate to first post and auto bump category settings 
### navigate_to_first_post_after_read setting for categories

When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)

### num_auto_bump_daily

Set a number of topics that will automatically bump daily on a category.

- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day

Also some minor organisation on category settings

Froze strings on category.rb
 2018-07-16 18:10:35 +10:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Vinoth Kannan
06deffc9da FIX: returns provider_not_enabled error even if enabled 2018-07-13 22:49:30 +05:30
Guo Xiang Tan
9647a0a4bc Remove unnecessary complex method. 2018-07-13 15:34:28 +08:00
Guo Xiang Tan
711371e8c8 FIX: Select+below will ask server for post ids on megatopics. 2018-07-13 15:10:39 +08:00
Kyle Zhao
2901691e87 FEATURE: per-category approval settings (#5778) 
- disallow moving topics to a category that requires topic approval
 2018-07-13 12:51:08 +10:00
Guo Xiang Tan
258e9e35ca PERF: Make mega topics work without a stream. 
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld.
 2018-07-12 12:46:12 +08:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components 
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
 2018-07-12 14:18:21 +10:00
David Taylor
9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071) 
Do not allow authentication with disabled plugin-supplied auth providers
 2018-07-09 14:25:58 +10:00
Maja Komel
18f5f646b1 FEATURE: allow selecting a tag when moving posts to a new topic (#6072) 2018-07-06 18:21:32 +02:00
Arpit Jalan
b9835cc392 FIX: do not use scheduler for uploading csv file for invite 
Since the bulk invite process already happens in a dedicated Sidekiq job
 2018-07-04 13:28:11 +05:30
Sam
e72fd7ae4e FIX: move crawler blocking into anon cache 
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
 2018-07-04 11:14:43 +10:00
Sam
7f98ed69cd FIX: move crawler blocking to app controller 
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
 2018-07-04 10:30:50 +10:00
Sam
6a54da0902 FIX: raise invalid params for bad callback 
Corrects it so we raise a 400 instead of logged 500 error
 2018-06-29 10:43:33 +10:00
Sam
982df3c17b FIX: return status 400 for invalid member params 
previously error returned was a 500 which is not ideal
and is logged
 2018-06-29 10:15:17 +10:00
Robin Ward
fd7bb8e656 FIX: Scope the cn to the subfolder 2018-06-28 11:03:36 -04:00
Arpit Jalan
2c971c41f6 FIX: post deletions rate limit per day was not working 2018-06-28 19:21:27 +05:30
Arpit Jalan
a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Arpit Jalan
c352f8eb15 FEATURE: rate limit post deletions to 50 per day 2018-06-28 16:38:58 +05:30
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Arpit Jalan
6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Arpit Jalan
7efdccdbc5 FIX: allow staff to remove tags from queued topics 2018-06-26 17:08:40 +05:30
Joffrey JAFFEUX
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Guo Xiang Tan
0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql 
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
 2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Rafael dos Santos Silva
51cb38783e FIX: start_url was wrong in non-subfolder 2018-06-15 14:29:33 -03:00
Rafael dos Santos Silva
8fc08aad09 FEATURE: Update the webmanifest 
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
 2018-06-14 00:13:28 -03:00
Sam Saffron
030e322a39 FEATURE: block top level /my/ routes 2018-06-12 19:47:45 +10:00
Jeff Wong
44ee26721a FIX: add check for missing assets file in development 2018-06-11 11:18:34 -07:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade 
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
 2018-06-07 14:21:33 +10:00
Vinoth Kannan
d8e641cd98 FIX: avatar_url includes upload_path twice when local storage used 2018-06-06 18:27:30 +05:30
Guo Xiang Tan
a83ab01264 REFACTOR: Remove extra param for group mentionable and messableable route. 2018-06-06 09:42:09 +08:00
Arpit Jalan
f8d82f135f FIX: do not verify group visibility when checking for mentionable/messageable 2018-06-05 16:59:21 +05:30
Guo Xiang Tan
95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Guo Xiang Tan
21e9315416 FIX: Use user account email instead of auth email when totp is enabled. 
https://meta.discourse.org/t/github-2fa-flow-broken/88674
 2018-05-30 12:15:12 +08:00
Guo Xiang Tan
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request 
REFACTOR: users contollers specs => request specs
 2018-05-28 13:32:37 +08:00
OsamaSayegh
449399bef3 return 403 forbidden when local logins disabled 2018-05-26 05:18:19 +03:00
Régis Hanol
5b2e7c8d10 fix the build 2018-05-26 03:11:10 +02:00
Robin Ward
4195c7c9ea FEATURE: Ability to clear a user's penalty history 
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
 2018-05-25 12:54:22 -04:00
Guo Xiang Tan
569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache 
FIX: update cache times for service workers
 2018-05-25 09:28:17 +08:00
Sam
53b97b28f0 FIX: in rare conditions post timing would miss the user 2018-05-24 15:38:33 +10:00
Neil Lalonde
3db1032bfd FIX: not found page shouldn't include the Google search form for sites with login_required enabled 2018-05-23 16:59:02 -04:00
Blake Erickson
3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts 
See [this commit][1] for more info

[1]: bd352a17bf
 2018-05-22 17:02:02 -06:00
Sam
3e06def856 FIX: If we have no logo defined use sketch in manifest 2018-05-22 12:10:59 +10:00
Sam
788ca1f112 FIX: stop adding email to unsubscribe url 
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
 2018-05-22 09:07:03 +10:00
Guo Xiang Tan
467d91347a Missing specs for Group, Tag, Category and Flag web hooks. 2018-05-21 17:29:58 +08:00
Arpit Jalan
9f422c93f6 FIX: restrict updates on confirm_old_email email templates 2018-05-19 12:19:59 +05:30
Arpit Jalan
003b7f06ad FIX: rescue specific error 2018-05-18 09:52:16 +05:30
Jeff Wong
04c7dbafa3 FIX: manifest.json better detection at mime type. Find size if uploaded 2018-05-17 14:45:24 -07:00
Jeff Wong
41ffafb65e FIX: best effort at returning correct mime types in manifest.json 2018-05-17 12:14:39 -07:00
Régis Hanol
53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan
9532d9a555 FIX: handle invalid tags 2018-05-17 19:33:12 +05:30
Régis Hanol
131b7f5da5 make 🤖 rubocop happy 2018-05-16 16:35:04 +02:00
Joe Buhlig
3cd4c82c49 Allow parameters for group and username filters on directory (#5815) 2018-05-16 16:20:17 +02:00
Régis Hanol
5e97a9bfb7 FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone 2018-05-16 09:48:19 +02:00
Sam
ff90881238 DEV: fix live refresh if you have a custom theme selected in dev 2018-05-16 17:25:49 +10:00
Sam
21e0b7c818 avoid async report pattern and replace with simpler hijack 2018-05-16 16:05:03 +10:00
Sam
193b6d5651 UX: improve new dashboard 
- top referred topics
- limit search logs to 8 results
 2018-05-15 15:08:36 +10:00
Jeff Wong
e4a33cbc0a FIX: update cache times for service workers 
Add a last modified time.

Register newer service workers and claim clients more quickly.
 2018-05-14 12:29:24 -07:00
Régis Hanol
e9abdaebbe UX: show an enveloppe icon when a badge is used in messages 
- the badge count now includes messages
- only show the message badges to admins
 2018-05-14 19:02:00 +02:00
Sam
6332d5040d UX: switch dashboard to be the new dashboard 
Also:
- add pageviews
- add problems and version sections
 2018-05-14 13:07:59 +10:00
Sam
bc9e0d46af PERF: use cached reports for dashboard if available 2018-05-14 12:01:44 +10:00
Régis Hanol
37232fcb58 FIX: staff members should see all tags 2018-05-13 17:50:21 +02:00
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Régis Hanol
be6404d651 FIX: redirect users after signing up with a social login when using SSO provider 2018-05-13 16:03:11 +02:00
Régis Hanol
09cf35c760 FIX: redirect users after signing up using SSO provider 2018-05-12 00:41:27 +02:00
Régis Hanol
abda21a41f Revert "FIX: redirect to sso_destination_url after account activation" 
This reverts commit 0402e97368.
 2018-05-11 22:55:45 +02:00
Régis Hanol
0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Régis Hanol
2958e17cde remove duplicate code 2018-05-11 12:16:37 +02:00
Sam
8a783412b7 UX: improvements to new dashboard 
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
 2018-05-11 13:30:32 +10:00
Blake Erickson
bd352a17bf FIX: Show a json api response when deleting a user with posts 
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
 2018-05-10 13:04:36 -06:00
Guo Xiang Tan
bbc85258c9 Rename display_plugins -> visible_plugins. 2018-05-09 07:52:45 +08:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed 
FIX: deprecate invite_passthrough_hours setting
 2018-05-08 20:17:57 +05:30
Guo Xiang Tan
c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Arpit Jalan
3a6e137e70 FIX: add context for deactivated user logs 2018-05-08 08:18:04 +05:30
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701) 
Add profile_background and card_background fields into Discourse SSO.
 2018-05-07 10:03:26 +02:00
Guo Xiang Tan
aa0d32231c FIX: Incorrect query when removing a group owner. 
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
 2018-05-07 13:57:00 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792) 
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
 2018-05-04 15:31:48 -07:00
Neil Lalonde
a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Gerhard Schlager
ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Sam
146a6c3592 FIX: exclude topics from latest in /categories on refresh 
When you hit refresh on categories page it would not supress correctly
 2018-04-24 11:07:26 -04:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam
54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Guo Xiang Tan
70d181bff8 FIX: Better error message in GroupsController#add_members. 
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
 2018-04-20 10:28:52 +08:00
Rafael dos Santos Silva
9014ca4624 FEATURE: Enable the Web Share Target API 
This will allow a Discourse instance that was installed[1] to receive share events.

See https://wicg.github.io/web-share-target/ for the spec.

1: https://developers.google.com/web/fundamentals/app-install-banners/
 2018-04-19 17:00:05 -03:00
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX
0e414d0890
dashboard next: trending search report 
This commit also improves how data is loaded sync and async
 2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX
01c061d20d
dashboard next: perf and UI tweaks 
* cache CORE reports
* adds backups/uploads section
* few css tweaks
 2018-04-18 21:30:41 +02:00
Robin Ward
3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically 
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
 2018-04-16 15:43:20 -04:00
Arpit Jalan
9353ae4b5d Remove obsolete per topic unsubscribe page. 2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX
0e15a575f4
EXPERIMENTAL: new dashboard UI 
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
 2018-04-16 10:42:06 +02:00
Arpit Jalan
a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Arpit Jalan
a8a12eb2d9 SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users 2018-04-15 18:01:58 +05:30
Arpit Jalan
18f50ca01a FIX: parameterize tag_id 2018-04-14 16:42:53 +05:30
Sam
3632b8d8d6 FEATURE: provide extra signal about content age to crawlers 
Adds Last-Modified field to help teach crawlers not to crawl old content
 2018-04-13 14:58:33 +10:00
Régis Hanol
df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Arpit Jalan
9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Arpit Jalan
3a86a2588c FIX: bulk append/replace tags was not working 2018-04-10 13:01:03 +05:30
Sam
5925a581db array is not supported here, use a simple comma delimited list 2018-04-10 14:37:10 +10:00
Guo Xiang Tan
d9d86577ff FIX: Staff users are not affected by enable_group_directory site setting. 2018-04-10 09:22:01 +08:00
Guo Xiang Tan
c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Arpit Jalan
185d6ac747 FIX: use safe navigation operator when checking for totp_enabled 2018-04-09 12:33:41 +05:30
Guo Xiang Tan
0623785f69 FIX: Prevent group owners from editing admin only settings. 2018-04-06 11:44:58 +08:00
Sam
3a7b696703 FEATURE: allow for setting crawl delay per user agent 
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
 2018-04-06 10:15:23 +10:00
Gerhard Schlager
cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Guo Xiang Tan
e36e9de28a Allow admin to view logs of automatic groups. 2018-04-05 16:31:55 +08:00
Guo Xiang Tan
8760c4d68c Fix GroupsController#group_params to allow more group attributes to be updated. 2018-04-05 13:53:00 +08:00
Vinoth Kannan
434cbc649f FEATURE: Webhook for tag events 2018-04-04 17:49:20 +05:30
Vinoth Kannan
16341219ab Log exception if remote theme importing failed 2018-04-02 20:10:18 +05:30
Guo Xiang Tan
142571bba0 Remove use of rescue nil. 
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
 2018-04-02 13:52:51 +08:00
Vinoth Kannan
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks 
FEATURE: Webhook for group and category events
 2018-04-02 10:53:21 +05:30
Guo Xiang Tan
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment 
20180323 Fix Mass Assignment Warning
 2018-04-02 10:19:25 +08:00
Robin Ward
22b631510c FIX: Silenced user wasn't being linked properly 2018-03-29 17:07:09 -04:00
Neil Lalonde
73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Guo Xiang Tan
52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Robin Ward
eab64710ff FIX: Shared draft performance fix + missing avatars 2018-03-28 16:11:43 -04:00
Robin Ward
4b5977aa6a Revert "PERF: Don't join on shared drafts unless you have to" 
This reverts commit efedd9745f.
 2018-03-28 15:35:13 -04:00
Robin Ward
efedd9745f PERF: Don't join on shared drafts unless you have to 2018-03-28 13:57:39 -04:00
Guo Xiang Tan
21ae49ab92 Simplify log in for request specs. 2018-03-28 11:32:47 +08:00
Guo Xiang Tan
70be8124a3 SECURITY: Don't expose development route in production. 2018-03-28 11:32:47 +08:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block 
FEATURE: control web crawlers access with white/blacklist
 2018-03-27 15:06:03 -04:00
Vinoth Kannan
ff9d7a9bfb FIX: authComplete query param should carry-forward to login page 2018-03-27 17:22:07 +05:30
Guo Xiang Tan
7edab1c0b9 UX: Add groups/custom/new route for admins to create a new group. 2018-03-27 17:39:05 +08:00
Gerhard Schlager
558914b986 Fix random spec errors 2018-03-27 11:14:06 +02:00
Vinoth Kannan
e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Guo Xiang Tan
2ecd234e27 UX: Consolidation group manangement into a single tab. 2018-03-27 13:34:46 +08:00
Neil Lalonde
f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Guo Xiang Tan
dcd1d422d1 UX: Allow admins to set users as owners while adding users. 
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
 2018-03-26 17:33:50 +08:00
Guo Xiang Tan
35745166b5 UX: New group membership management workflow. 
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
 2018-03-26 16:15:02 +08:00
Kevin Elliott
fa0868fc3f Explicit param permit and assignment cleanup. 2018-03-23 09:59:31 -07:00
Robin Ward
5f19ad9507 FIX: allow destination categories to be set if not at first 2018-03-23 11:33:02 -04:00
Robin Ward
38af67eb73 Update the destination category id when a user changes it 2018-03-23 11:12:56 -04:00
Guo Xiang Tan
7a4b70ef58 UX cleanup changes to 2FA flow. 2018-03-23 11:05:36 +08:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Guo Xiang Tan
f3b402ffd5 UX: Allow users to filter members on group page. 
* Only admins are allowed to filter users by email.
 2018-03-22 14:02:41 +08:00
Arpit Jalan
d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Guo Xiang Tan
a23509cbf3 UX: Limit the number of group names displayed on user page. 2018-03-21 16:38:33 +08:00
Guo Xiang Tan
9f216ac182 FIX: Infinite loading more on groups page. 2018-03-21 09:25:42 +08:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts 
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
 2018-03-20 17:15:26 -04:00
Guo Xiang Tan
15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Guo Xiang Tan
41b0fbe001 UX: Indicate user's group membership on groups page. 2018-03-19 18:29:30 +08:00
Guo Xiang Tan
05ea034490 UX: Allow groups page to be searchable. 2018-03-19 17:16:51 +08:00
Guo Xiang Tan
0522aabaab UX: Allow user_count on groups page to be sortable. 2018-03-19 16:15:13 +08:00
Guo Xiang Tan
c1bf707e7d PERF: N+1 queries on badges page. 2018-03-19 14:36:09 +08:00
Guo Xiang Tan
52b9af10a1 PERF: PG queries for the UserEmail#email column was not using the index. 2018-03-19 11:31:14 +08:00
Arpit Jalan
f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page 
FIX: show only allowed tags on PM tags page and display correct count
 2018-03-17 08:29:00 +05:30
Régis Hanol
89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Arpit Jalan
e9bc763440 FIX: show only allowed tags on PM tags page and display correct count 
FIX: tags page should link to user profile we are browsing
 2018-03-17 00:17:48 +05:30
Guo Xiang Tan
fe96ef6ed2 UX: Use topic list for displaying group messages on group page. 
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
 2018-03-16 11:56:40 +08:00
Sam
ba15273d3f FEATURE: maintain preview theme, while previewing 
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
 2018-03-15 16:17:22 +11:00
Rafael dos Santos Silva
2097f5330c FIX: Login redirect path was broken in subfolder installs 2018-03-15 11:49:35 +08:00
Guo Xiang Tan
a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Robin Ward
d31dfe0e84 FIX: Silencing / Suspending a user should not send a hidden message 2018-03-14 14:39:52 -04:00
Kyle Zhao
f7bd05e534 FEATURE: set 'Retry-After' header for 429 responses (#5659) 2018-03-13 23:12:41 +08:00
Arpit Jalan
7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page 
FEATURE: replace PM tags dropdown with a dedicated tags page
 2018-03-13 13:08:21 +05:30
Arpit Jalan
24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Robin Ward
65ac80b014 FEATURE: Log Staff edits in Staff Action Logs 
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
 2018-03-12 13:51:40 -04:00
Sam
758b9a7dda FEATURE: prototype of local theme directory watcher 
(note this will be documented a bit late)
 2018-03-12 18:36:06 +11:00
Arpit Jalan
aac7796124 FIX: do not show tags with 0 count on /tags page 2018-03-09 20:57:31 +05:30
Sam
7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos 
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
 2018-03-09 16:14:38 +11:00
Arpit Jalan
c29660c8f1 FEATURE: filter personal messages by tags 2018-03-08 14:42:07 +05:30
Guo Xiang Tan
1365bab0d7 FEATURE: Live updates for user's messages page. 
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
 2018-03-06 18:15:21 +08:00
Sam
f0d5f83424 FEATURE: limit assets less that non asset paths 
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
 2018-03-06 15:20:39 +11:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611) 
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
 2018-03-04 19:04:23 -05:00
Robin Ward
13eda41ff5 Fix lint errors 2018-03-03 14:34:19 -05:00
Robin Ward
31e3bf6d8d FEATURE: New "Categories and Top" homepage style 
Select this option if you want to show top topics on the homepage
instead of latest topics.
 2018-03-03 14:26:57 -05:00
Guo Xiang Tan
939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan
fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan
947b6fdf46 FIX: Incorrect rate limit applied to topics invitation flow. 2018-03-01 12:50:00 +08:00
Guo Xiang Tan
5a462b930d REFACTOR: Prefer exists? over present. 2018-03-01 10:22:41 +08:00
Guo Xiang Tan
c64f09b6b7 REFACTOR: Simplify and DRY Group#invite. 2018-02-26 11:59:07 +08:00