Commit Graph

11382 Commits

Author SHA1 Message Date
Penar Musaraj
45cbfc088e
FIX: Webauthn origin was incorrect for subfolder setups (#25651) (#25654) 2024-02-13 08:37:51 -05:00
Alan Guo Xiang Tan
39dffcb657
FIX: Update themes javascript cache after running themes migrations (#25564)
Why this change?

This is caused by a regression in
59839e428f, where we stopped saving the
`Theme` object because it was unnecessary. However, it resulted in the
`after_save` callback not being called and hence
`Theme#update_javascript_cache!` not being called. As a result, some
sites were reporting that after runing a theme migration, the defaults
for the theme settings were used instead of the settings overrides
stored in the database.

What does this change do?

Add a call to `Theme#update_javascript_cache!` after running theme
migrations.
2024-02-05 14:49:23 +08:00
David Taylor
9b50de4569
SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00
Loïc Guitaut
484954ec4c DEV: Add early support for aarch64 dev env
This patch allows running system specs on an aarch64 Linux system
(typically our `discourse_dev` docker image).
As Chrome isn’t available for the aarch64 architecture (yet), we have to
rely on Firefox instead. This has some drawbacks like not being able to
access the browser logs like we do with the Chrome webdriver.
2024-01-30 15:50:44 +01:00
David Taylor
283fe48243
DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404)
These routes were previously rendered using Rails, and had a fairly fragile 2fa implementation in vanilla-js. This commit refactors the routes to be handled in the Ember app, removes the custom vanilla-js bundles, and leans on our centralized 2fa implementation. It also introduces a set of system specs for the behavior.
2024-01-30 10:32:42 +00:00
Sam
27301ae5c7
FEATURE: support silent internal links (#25472)
Internal links always notify and add internal connections in topics.

This adds a special feature that lets you append `?silent=true` to a link
to have it excluded from:

1. Notifications - users will not be notified for these links
2. Post links below posts in the UI

This is specifically useful for large reports where adding all these connections
just results in noise.
2024-01-30 17:03:58 +11:00
Martin Brennan
304a7f3e1a
FIX: Do not show quote copy button to anon (#25471)
This was an oversight in 51016e56dd,
anon doesn't have any need to copy quotes, just as they have
no need to open the composer with a quote prefilled.
2024-01-30 13:19:35 +10:00
marstall
5a00d1964f
DEV: add site setting to disable watched word checking in user fields (#25411)
adding a hidden sitesetting, `disable_watched_word_checking_in_user_fields` - false by default. if set to true, you can use any word at all in user profile fields.

meta: https://meta.discourse.org/t/watched-words-scope/282699/20
2024-01-29 12:44:32 -05:00
David Taylor
1bfccdd4f2
DEV: Allow run_second_factor! to be used before login (#25420)
In a handful of situations, we need to verify a user's 2fa credentials before `current_user` is assigned. For example: login, email_login and change-email confirmation. This commit adds an explicit `target_user:` parameter to the centralized 2fa system so that it can be used for those situations.

For safety and clarity, this new parameter only works for anon. If some user is logged in, and target_user is set to a different user, an exception will be raised.
2024-01-29 12:28:47 +00:00
Ted Johansson
f0a46f8b6f
DEV: Automatically update groups for test users with explicit TL (#25415)
For performance reasons we don't automatically add fabricated users to trust level auto-groups. However, when explicitly passing a trust level to the fabricator, in 99% of cases it means that trust level is relevant for the test, and we need the groups.

This change makes it so that when a trust level is explicitly passed to the fabricator, the auto-groups are refreshed. There's no longer a need to also pass refresh_auto_groups: true, which means clearer tests, fewer mistakes, and less confusion.
2024-01-29 17:52:02 +08:00
Blake Erickson
7200a41207
FIX: export csv file failed message (#25443)
When exporting a csv file and the size of the file exceeded the
max_export_file_size_kb it will still send the PM that the export
succeeded with a broken link to a missing export file. This change
ensures that a failed message will be sent instead.
2024-01-26 11:16:02 -07:00
Ted Johansson
7e5d2a95ee
DEV: Convert min_trust_level_to_tag_topics to groups (#25273)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-26 13:25:03 +08:00
Blake Erickson
89883b2f51
WIP: Experiemental Bulk Topic Actions Dropdown (#25245)
* WIP: Experiemental Bulk Topic Actions Dropdown

Creates a new dropdown that can be used for topic bulk actions.
2024-01-25 09:12:06 -07:00
Ted Johansson
57ea56ee05
DEV: Remove full group refreshes from tests (#25414)
We have all these calls to Group.refresh_automatic_groups! littered throughout the tests. Including tests that are seemingly unrelated to groups. This is because automatic group memberships aren't fabricated when making a vanilla user. There are two places where you'd want to use this:

You have fabricated a user that needs a certain trust level (which is now based on group membership.)
You need the system user to have a certain trust level.
In the first case, we can pass refresh_auto_groups: true to the fabricator instead. This is a more lightweight operation that only considers a single user, instead of all users in all groups.

The second case is no longer a thing after #25400.
2024-01-25 14:28:26 +08:00
Martin Brennan
74fd883a89
DEV: Improve site setting rename generator (#25354)
We need to be able to generate these migrations
for plugin settings as well. Also, we can use the
type supervisor to get the enum data in a nicer way.
2024-01-25 10:45:46 +10:00
Ted Johansson
6ad34a0152
DEV: Exclude system users when calculating group user count (#25400)
We want to exclude the system user from group user counts, since intuitively admins wouldn't include them.

Originally this was accomplished by booting said system user from the groups, but this is causing problems, because the system user needs TL group membership to perform certain tasks.

After this PR, system user is still in the TL groups, but excluded when refreshing the user count.
2024-01-25 08:13:58 +08:00
Martin Brennan
0e50f88212
DEV: Move min_trust_to_post_embedded_media to group setting (#25238)
c.f. https://meta.discourse.org/t/we-are-changing-giving-access-to-features/283408
2024-01-25 09:50:59 +10:00
Leonardo Mosquera
508e2e601c
FIX: FinalDestination::HTTP: validate address argument (#25407)
This would only be empty due to a programming error elsewhere, but
checking this here is a failstop so that it doesn't go further.
2024-01-24 18:50:42 -03:00
Vinoth Kannan
ecb7fb0481
FEATURE: add option to sort topic query result via plugin. (#25349)
Previously, it was not possible to modify the sorting order of the `TopicQuery` result from a plugin. This feature adds support to specify custom sorting functionality in a plugin. We're using the `apply_modifier` method in the `DiscoursePluginRegistry` module to achieve it.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-01-24 12:58:12 +05:30
Ted Johansson
32e2a1fd4a
DEV: Add delegated Group#human_users scope (#25398)
Some preparatory refactoring as we're working on TL groups for the system user. On User we have a scope #human_users to exclude the system user, DiscoBot, etc. This PR adds the same scope (delegated to User) on Group.
2024-01-24 13:33:05 +08:00
Penar Musaraj
4d43ef5186
FEATURE: Enable passkeys by default (#25340) 2024-01-23 17:23:26 +01:00
Alan Guo Xiang Tan
0478b45fd3
DEV: Print out backtraces of all threads when spec times out on CI (#25356)
Why this change?

We have been seeing specs time out on GitHub CI but the problem is that
we are unable to debug those timeouts due to a lack of information. This
change seeks to print out the backtraces of all threads right before a
spec times out on CI.

What does this change do?

1. Starts a thread on CI which will wait for a spec to start running.
1. Once a spec starts running, the thread will sleep for
   `PER_SPEC_TIMEOUT_SECONDS -1` seconds.
1. After sleeping, the thread checks if the spec is still running and
   prints out the backtraces of all threads if it is. Otherwise, the
thread does nothing and runs the next loop.
1. At the end of each spec run, we ensure that the thread is in a
   waiting state for the next spec run to start.

Note that there is no need for us to teardown or cleanup the thread
since the process terminates after running all the tests.
2024-01-23 06:55:49 +08:00
Mark VanLandingham
7bad0b1d8a
DEV: Trigger DiscourseEvent on push notification send (#25375) 2024-01-22 15:30:35 -06:00
Roman Rizzi
a709b7e861
FIX: Allow sanitized-HTML in GH issues and categories oneboxes. (#25374)
Follow-up to d78357917c

Related meta topic: https://meta.discourse.org/t/html-is-not-render-on-category-onebox-description/289424:
2024-01-22 15:25:29 -03:00
Jean
a37d26f559
FEATURE: Add support for custom site name in Open Graph metadata (#25373) 2024-01-22 13:57:52 -04:00
Mark VanLandingham
d5e3a47d3c
DEV: Reset DiscoursePluginRegistry after spec (#25369) 2024-01-22 08:51:36 -06:00
Jarek Radosz
5278734fe2
FIX: Ignore invalid images when shrinking uploads (#25346) 2024-01-22 12:10:29 +01:00
Martin Brennan
b3904eab45
FIX: User group check should return true for system user for auto groups (#25357)
This is a temporary fix to address an issue where the
system user is losing its automatic groups when the server
is running. If any auto groups are provided, and the user is
a system user, then we return true. The system user is admin,
moderator, and TL4, so they usually have all auto groups.

We can remove this when we get to the bottom of why the auto
groups are being deleted.
2024-01-22 14:40:29 +10:00
Ted Johansson
d17ae1563d
DEV: Convert min_trust_level_for_user_api_key to groups (#25299)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_for_user_api_key  site setting to user_api_key_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-19 11:25:24 +08:00
Ted Johansson
46f1c209be
FIX: Account for moderators in group to TL mapping (#25326)
If configuring only moderators in a group based access setting, the mapping to the old setting wouldn't work correctly, because the case was unaccounted for.

This PR accounts for moderators group when doing the mapping.
2024-01-19 11:10:28 +08:00
Ted Johansson
fb087b7ff6
DEV: Convert min_trust_to_post_links to groups (#25298)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_post_links  site setting to post_links_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-18 14:08:40 +08:00
Bianca Nenciu
abad38c2e7
DEV: Make lazy_load_categories setting use groups (#25282)
This allows certain users to test the new feature and avoid disruptions
in other's workflows.
2024-01-17 20:26:51 +02:00
Penar Musaraj
719956f255
FIX: Allow staff to change group members visibility level for automatic groups (#25281) 2024-01-17 12:54:52 -05:00
Bianca Nenciu
4cfc0e231a
DEV: Change categories#index loading strategy (#25232)
The old strategy used to load 25 categories at a time, including the
subcategories. The new strategy loads 20 parent categories and at most
5 subcategories for each parent category, for a maximum of 120
categories in total.
2024-01-17 17:18:01 +02:00
Kelv
f2e669a008
DEV: add system test for topic map (#25242)
* DEV: add system test for topic map
2024-01-17 19:25:18 +08:00
Sam
df8bb947b2
FEATURE: improvements to hot algorithm (#25295)
- Decrease gravity, we come in too hot prioritizing too many new topics
- Remove all muted topics / categories and tags from the hot list
- Punish topics with zero likes in algorithm
2024-01-17 16:12:03 +11:00
Alan Guo Xiang Tan
54e6c1d823
DEV: Allow test-prof to be disabled completely with PREFABRICATION env (#25294)
Why this change?

We have been looking into a flaky system tests in one of our plugins
where the DB transaction flow can be messed up from time to time. Our
debugging effort is complicated by that fact that `test-prof` starts a
DB transaction in a `before(:all)` block which makes it hard to properly
log information. By allowing test-prof to be disabled completely, we
believe it will make it easier for us to isolate the problem we are
investigating.

What does this change do?

1. Avoid loading test-prof files if `PREFABRICATION` env has been set to
   `0`.

2. Set `PREFABRICATION=0` for plugin system tests in Github actions
2024-01-17 11:00:32 +08:00
Sam
ebd3971533
FEATURE: experiment with hot sort order (#25274)
This introduces a new experimental hot sort ordering. 

It attempts to float top conversations by first prioritizing a  topics with lots of recent activity (likes and users responding) 

The schedule that updates hot topics is disabled unless the hidden site setting: `experimental_hot_topics` is enabled. 

You can control "decay" with `hot_topic_gravity` and `recency` with `hot_topics_recent_days` 

Data is stored in the new `topic_hot_scores` table and you can check it out on the `/hot` route once 
enabled. 
---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2024-01-17 13:01:04 +11:00
Alan Guo Xiang Tan
22614ca85b
DEV: Compile theme migrations javascript files when running theme qunit (#25219)
Why this change?

Currently, is it hard to iteratively write a theme settings migrations
because our theme migrations system does not rollback. Therefore, we
want to allow theme developers to be able to write QUnit tests for their
theme migrations files enabling them to iteratively write their theme
migrations.

What does this change do?

1. Update `Theme#baked_js_tests_with_digest` to include all `ThemeField`
records of `ThemeField#target` equal to `migrations`. Note that we do
not include the `settings` and `themePrefix` variables for migration files.

2. Don't minify JavaScript test files becasue it makes debugging in
   development hard.
2024-01-16 09:50:44 +08:00
David Taylor
a562214f56
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264) 2024-01-15 19:54:50 +00:00
Penar Musaraj
f2cf5434f3
Revert "DEV: Convert min_trust_level_to_tag_topics to groups (#25258)" (#25262)
This reverts commit c7e3d27624 due to
test failures. This is temporary.
2024-01-15 11:33:47 -05:00
Ted Johansson
c7e3d27624
DEV: Convert min_trust_level_to_tag_topics to groups (#25258)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-15 20:59:08 +08:00
Mark VanLandingham
66fb2257cf
DEV: Add apply_modifier in Email::Renderer for html modifications (#25205) 2024-01-12 09:14:55 -06:00
Martin Brennan
80b93e06f7
FIX: Admin sidebar on mobile was still showing forum panel (#25236)
This commit makes it so the admin sidebar (when enabled)
will hide the other forum sidebar sections on mobile, the
same way it does on desktop. It was not happening automatically
because the sidebar component is also inside the hamburger-dropdown
component, which is used on mobile.
2024-01-12 14:49:08 +10:00
Renato Atilio
c2aa64b251
FEATURE: Allow sorting group members by custom field via API (#25061)
* UX: add sorting params to groups table plugin outlet

* FEATURE: allow sorting group members by custom field via API

---------

Co-authored-by: Jean Perez <jmperez127@gmail.com>
2024-01-11 13:39:17 -03:00
Renato Atilio
f5f3742166
FIX: respect creation date when paginating group activity posts (#24993)
* FIX: respect creation date when paginating group activity posts

There are scenarios where the chronological order of posts doesn't match the order of their IDs. For instance, when moving the first post from one topic or PM to another, a new post (with a higher ID) will be created, but it will retain the original creation time.

This PR changes the group activity page and endpoint to paginate posts using created_at instead of relying on ID ordering.
2024-01-11 13:37:27 -03:00
Alan Guo Xiang Tan
59839e428f
DEV: Add skip_migrations param when importing remote theme (#25218)
Why this change?

Importing theme with the `bundle` params is used mainly by
`discourse_theme` CLI in the development environment. However, we do not
want migrations to automatically run in the development environment
and instead want the developer to be intentional about running theme
migrations. As such, this commit adds support for a
`skip_migrations` param when importing a theme with the `bundle` params.

This commit also adds a `migrated` attribute for migrations theme fields
to indicate whether a migrations theme field has been migrated or not.
2024-01-11 14:04:02 +08:00
Martin Brennan
08d641d932
DEV: Convert review_media_unless_trust_level to group-based setting (#25201)
This commit moves the review_media_unless_trust_level setting
to skip_review_media_groups as part of our move from TL to group
based settings.

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408
2024-01-11 13:43:01 +10:00
Blake Erickson
6ebe61ecec
FIX: Logs api scope not working (#25215) 2024-01-10 19:30:10 -07:00
Bianca Nenciu
c916806fe8
FIX: Serialize categories when viewing a topic (#25206)
When navigating straight to a topic the category was not displayed at
all because the categories were not loaded. Similarly, the categories
for suggested topics were not loaded either.

This commit adds a list of categories to topic view model class and
serializer.
2024-01-10 20:30:59 +02:00