Commit Graph

7307 Commits

Author SHA1 Message Date
Sam Saffron
bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00
Martin Brennan
c677f8ee6a
DEV: Add debug lines for mystery no_user_selected error (#8759)
On some customer forums we are randomly getting a "You must select a valid user" error when sending a PM even when all parameters seem to be OK. This is an attempt to track it down with more data.
2020-01-21 10:50:44 +10:00
Krzysztof Kotlarek
aa04349cfd
FIX: Incorrect locale in badge granter (#8749)
We want to use default locale when:
a) Site settings are not allowing for user locale
OR
b) User locale are blank
2020-01-21 09:08:48 +11:00
Krzysztof Kotlarek
0420be88a6
FIX: when tag or category is added notify users that topic was modified (#8750)
There is a feature, that when tag or category is added to the topic,
customers who are watching that category or tag are notified.

The problem is that it is using default notification type "new post"

It would be better to use "new post" only when there really is a new
post and "edited" when categories or tags were modified.
2020-01-21 08:41:13 +11:00
Dan Ungureanu
788ddcc407
FIX: Make topic query include topics from sub-sub-categories (#8709) 2020-01-20 17:06:58 +02:00
Martin Brennan
1014e56e80
DEV: Respond with 403 instead of 500 for disabled local login via email
Previously if local login via email was disabled because of the site setting or because SSO was enabled, we were raising a 500 error. We now raise a 403 error instead; we shouldn't raise 500 errors on purpose, instead keeping that code for unhandled errors. It doesn't make sense in the context of what we are validating either to raise a 500.
2020-01-20 16:11:58 +10:00
Blake Erickson
75069ff179 FIX: Users should be able to remove their primary group
This fix allows a user to remove their currently assigned primary group
if the Site Setting `user selected primary groups` is enabled.

Before this fix, if a user selected "none" for their primary group it
would silently fail and never be updated.
2020-01-17 15:43:54 -07:00
Gerhard Schlager
ab07b945c2
Merge pull request #8736 from gschlager/rename_reply_id_column
REFACTOR: Rename `post_replies.reply_id` column to `post_replies.reply_post_id`
2020-01-17 17:24:49 +01:00
Martin Brennan
2583aedd42
FIX: Change additional public uploads to not be secure (#8738)
Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 13:16:27 +10:00
Martin Brennan
9c04aa593c
Fix broken admin login fro SSO enabled sites (#8737)
* When we refactored away the admin-login route we introduced a bug where admins could not log into an SSO enabled site, because of a check in the email_login route that disallowed this.
* Allow admin to get around this check.
2020-01-17 11:25:31 +10:00
Régis Hanol
7b83237261 FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
Roman Rizzi
0c4ac2a7bc
Merge pull request from GHSA-569c-22ff-pj3x 2020-01-16 15:17:16 -03:00
Gerhard Schlager
f216c6d60b FEATURE: Drop "backup" schema 7 days after restore
The "backup" schema is used to rollback a failed restore. It isn't useful after a longer period of time and turns into a waste of disk space.
2020-01-16 17:48:47 +01:00
Gerhard Schlager
eeb2855a48 DEV: Add spec to find MF locale for en_US
Follow-up to aecadcb267
2020-01-16 14:40:53 +01:00
Gerhard Schlager
a2fd8ac990 DEV: Add spec for disabled UpdateS3Inventory job
Follow-up to c351ffe580
2020-01-16 13:57:57 +01:00
Joffrey JAFFEUX
948bd00340
FEATURE: line with only 1 to 3 emojis will now display as large emojis 2020-01-16 09:54:26 +01:00
Martin Brennan
7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
Gerhard Schlager
5e3fc31f2c DEV: Less hacky way of rolling back DB changes
Some specs use psql to test database restores and dropping the table after the test needs to happen outside of rspec because of transactions. The previous attempt lead to some changes to be stored in the test database.
2020-01-15 23:37:42 +01:00
Gerhard Schlager
68a7ae3091 REFACTOR: Simplify backup version check
Adds specs for inalid version number in metadata file.
Follow-up to c3cd2389fe
2020-01-15 23:37:40 +01:00
Arpit Jalan
0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Dan Ungureanu
c2d051315d FIX: Create post notices only for public posts (#8708)
This also ensures only public posts are considered when creating post
notices for new and returning users.
2020-01-15 11:40:19 +01:00
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Régis Hanol
5d75f90b27 FIX: group membership leak
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
David Taylor
4fdfc2665d FIX: Update featured badge ranking when mass-awarding badges
Follow-up to cff6e941de
2020-01-14 14:39:20 +00:00
David Taylor
cff6e941de
PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
Gerhard Schlager
e474cda321 REFACTOR: Restoring of backups and migration of uploads to S3 2020-01-14 11:41:35 +01:00
Roman Rizzi
d69c5eebcf
Feature: Mass award badge (#8694)
* UI: Mass grant a badge from the admin ui

* Send the uploaded CSV and badge ID to the backend

* Read the CSV and grant badge in batches

* UX: Communicate the result to the user

* Don't award if badge is disabled

* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.

* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Martin Brennan
9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Martin Brennan
cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Robin Ward
dcbe527a82 FIX: Don't log a claimed topic database error during tests
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
Gerhard Schlager
6d6ffe5131 FIX: Allow users to change title in locales other than English 2020-01-08 18:08:04 +01:00
David Taylor
5eda44f8f2 FIX: Do not redirect to /auth/* urls after authentication
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
2020-01-08 17:06:03 +00:00
Robin Ward
e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
Vinoth Kannan
13f229808a FIX: add noindex header to user profile pages. 2020-01-08 11:26:20 +05:30
Martin Brennan
5b75b8c135 Still redirect to signed URL for secure uploads
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
2020-01-07 14:02:17 +10:00
Martin Brennan
abca91cc4d
FEATURE: Add rake task to disable secure media (#8669)
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-07 12:27:24 +10:00
David Taylor
d1779346e8 FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
David Taylor
5df815c2ee
FIX: New/unread count after dismissing new topics in a regular category (#8659)
6e1fe22 introduced the possiblity for category_users to have a NULL notification_level, so that we can store `last_seen_at` dates without locking the notification level. At the time, this did not affect the topic-tracking-state query. However, the query changes in f434de2 introduced a slight change in behavior.

Previously, a subquery would look for a category_user with notification_level=mute. f434de2 refactored this to remove the subquery, and inverted some of the logic to suit.

The new query checked for `notification_level <> :muted`. If `notification_level` is NULL, this comparison will return NULL. In this scenario, notification_level=NULL means that we should fall back to the default tracking level (regular), and so we want the expression to resolve as true, not false. There was already a check for the existence of the category_users row, but it did not check for the existence of a NOT NULL notification_level.

This commit amends the expression so that the notification_level will only be compared if it is non-null.
2020-01-06 16:15:24 +00:00
Krzysztof Kotlarek
afff96ce54 DEV: Improved performance of report spec (#8642)
* FIX: bulk insert to create application requests
* FIX: bulk insert to create topics
* FIX: no need to create separate user for each topic, post etc.
* FIX: Another bulk_insert of ApplicationRequests
* FIX: dont create user and topic instances when not neccessary
* FIX: merge examples with expensive setup into one example
2020-01-06 17:17:07 +11:00
Sam Saffron
e89935127c DEV: correct flaky spec
This ensures that the user object is created fresh for each example.

This is required for this particular spec as we can not risk having a stale
object, which can lead to a flaky spec.
2020-01-06 10:54:18 +11:00
Vinoth Kannan
9a6606dd30 DEV: Add option to keep quoted content in post excerpt. 2020-01-04 18:56:52 +05:30
Osama Sayegh
fac71da605
FIX: Don't give error 500 when invalid date param is given to admin reports (#8658)
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
2020-01-03 17:01:38 +03:00
Vinoth Kannan
cfd1549abe FIX: allow underscore in file extension while downloading the uploads. 2020-01-03 10:09:07 +05:30
Roman Rizzi
98853b217f
FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
David Taylor
b60b57cddd
FIX: Allow any protocol in wildcard url checker (#8651)
This is required for people using apps with custom protocols. We still verify the entire URL (including protocol) against the site setting value.

Refactored wildcard_url_checker so that it always returns a boolean, rather than sometimes returning a regex match.
2020-01-02 16:03:13 +00:00
David Taylor
45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Martin Brennan
c031434b86
FIX: Catch error when unknown COSE algorithm is supplied for Security Key (#8649)
Added a fix to gracefully error with a Webauthn::SecurityKeyError if somehow a user provides an unkown COSE algorithm when logging in with a security key.

If `COSE::Algorithm.find` returns nil we now fail gracefully and log the algorithm used along with the user ID and the security key params for debugging, as this will help us find other common algorithms to implement for webauthn
2020-01-02 10:14:22 +10:00
Roman Rizzi
c751291769
FIX: The 'reviewed' status filter should include deleted elements (#8630) 2019-12-30 14:56:17 -03:00
Robin Ward
5214f82841 API endpoints should return a response, not nil 2019-12-30 10:14:29 -05:00
David Taylor
bc4c40abd4
DEV: Remove unsafe-eval from development CSP (#8569)
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
2019-12-30 12:17:12 +00:00