Commit Graph

46970 Commits

Author SHA1 Message Date
Osama Sayegh
e120c94236
FIX: Don't attempt to add user again to a group when syncing groups via SSO (#18772)
This commit fixes a regression introduced in 8979adc where under certain conditions the groups syncing logic in Discourse Connect would try to add users to groups they're already members of and cause errors when users try to sign in using Discourse Connect.
2022-10-28 13:27:12 +03:00
Jarek Radosz
fa5f43e7c0
DEV: Delete old buffered-render attributes (#18786)
That mixin was removed in 1a31a403ce (January 2020)
2022-10-28 08:30:14 +08:00
Alan Guo Xiang Tan
4244b1c57d
FIX: Ignore unique conflicts when backfilling sidebar defaults (#18785)
`insert_all!` raises an error when the insertion violates any unique
constraints which is not what we want here.

Follow-up to 1b56a55f50
2022-10-28 07:47:41 +08:00
Sam
d99293d837
FEATURE: reduce suspicious distance logins warning to 100km (#18767)
Suspicious login emails are incredibly rare, we are concerned they are in
fact too rare. Attempt to reduce the distance down to 100km.
2022-10-28 07:01:11 +08:00
dependabot[bot]
249f322ac9
Build(deps-dev): Bump test-prof from 1.0.10 to 1.0.11 (#18781)
Bumps [test-prof](https://github.com/test-prof/test-prof) from 1.0.10 to 1.0.11.
- [Release notes](https://github.com/test-prof/test-prof/releases)
- [Changelog](https://github.com/test-prof/test-prof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/test-prof/test-prof/compare/v1.0.10...v1.0.11)

---
updated-dependencies:
- dependency-name: test-prof
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-28 06:37:58 +08:00
dependabot[bot]
3e5d0f2e99
Build(deps): Bump json_schemer from 0.2.21 to 0.2.22 (#18782)
Bumps [json_schemer](https://github.com/davishmcclurg/json_schemer) from 0.2.21 to 0.2.22.
- [Release notes](https://github.com/davishmcclurg/json_schemer/releases)
- [Commits](https://github.com/davishmcclurg/json_schemer/compare/v0.2.21...v0.2.22)

---
updated-dependencies:
- dependency-name: json_schemer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-28 06:36:18 +08:00
Kris
9c2f0edbec
UX: make whole category box clickable (#18780) 2022-10-27 15:27:53 -04:00
Dan Gebhardt
952b033165
FIX: Ensure that custom {{action}} modifier works with actions hash (#18779)
A callback that's provided as a string, such as `{{action "doSomething"}}`, may target the method `doSomething` on the context OR the context's `action` hash (if it exists).
2022-10-27 20:12:34 +01:00
Blake Erickson
9b1536fb83
DEV: Update expired reset password copy (#18778) 2022-10-27 12:29:50 -06:00
David Taylor
a9f5af1065
UX: Allow linebreaks mid-word in github onebox file paths (#18777) 2022-10-27 18:16:18 +01:00
Kris
2556e5a715
FIX: a couple of topic elements are too wide (#18775) 2022-10-27 10:59:58 -04:00
David Taylor
6388637931
FIX: Move group-box group name from class to data attribute (#18773)
Having the group name in the `class` attribute can cause a clash with 'real' CSS classes. Putting it in a data attribute is much safer, and can still be targetted via CSS if desired.
2022-10-27 13:07:24 +01:00
Natalie Tay
4b6a5f08fa
FIX: Allow users already in automatic groups to log in (#18771) 2022-10-27 14:59:27 +08:00
Alan Guo Xiang Tan
101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768)
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:26:14 +08:00
Alan Guo Xiang Tan
1b56a55f50
DEV: Sidebar default tags and categories are determined at user creation (#18620)
The previous sidebar default tags and categories implementation did not
allow for a user to configure their sidebar to have no categories or
tags. This commit changes how the defaults are applied. When a user is being created,
we create the SidebarSectionLink records based on the `default_sidebar_categories` and
`default_sidebar_tags` site settings. SidebarSectionLink records are
only created for categories and tags which the user has visibility on at
the point of user creation.

With this change, we're also adding the ability for admins to apply
changes to the `default_sidebar_categories` and `default_sidebar_tags`
site settings historically when changing their site setting. When a new
category/tag has been added to the default, the new category/tag will be
added to the sidebar for all users if the admin elects to apply the changes historically.
Like wise when a tag/category is removed, the tag/category will be
removed from the sidebar for all users if the admin elects to apply the
changes historically.

Internal Ref: /t/73500
2022-10-27 06:38:50 +08:00
Alan Guo Xiang Tan
a473e352de
DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692)
Before this commit, there was no way for us to efficiently check an
array of topics for which a user can see. Therefore, this commit
introduces the `TopicGuardian#can_see_topic_ids` method which accepts an
array of `Topic#id`s and filters out the ids which the user is not
allowed to see. The `TopicGuardian#can_see_topic_ids` method is meant to
maintain feature parity with `TopicGuardian#can_see_topic?` at all
times so a consistency check has been added in our tests to ensure that
`TopicGuardian#can_see_topic_ids` returns the same result as
`TopicGuardian#can_see_topic?`. In the near future, the plan is for us
to switch to `TopicGuardian#can_see_topic_ids` completely but I'm not
doing that in this commit as we have to be careful with the performance
impact of such a change.

This method is currently not being used in the current commit but will
be relied on in a subsequent commit.
2022-10-27 06:13:21 +08:00
dependabot[bot]
d4583357cb
Build(deps-dev): Bump rspec from 3.11.0 to 3.12.0 (#18761)
Bumps [rspec](https://github.com/rspec/rspec-metagem) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/rspec/rspec-metagem/releases)
- [Commits](https://github.com/rspec/rspec-metagem/compare/v3.11.0...v3.12.0)

---
updated-dependencies:
- dependency-name: rspec
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-27 05:30:51 +08:00
dependabot[bot]
e12413dc0e
Build(deps): Bump memory_profiler from 1.0.0 to 1.0.1 (#18762)
Bumps [memory_profiler](https://github.com/SamSaffron/memory_profiler) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/SamSaffron/memory_profiler/releases)
- [Changelog](https://github.com/SamSaffron/memory_profiler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SamSaffron/memory_profiler/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: memory_profiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-27 05:30:27 +08:00
Penar Musaraj
9ec62091c6
DEV: Update upload mismatch error message (#18759)
Following feedback from translators, it does not look like we need to
refer to an "upload stub" here.
2022-10-26 15:41:50 -04:00
Gerhard Schlager
3fbae5dd03
UX: Use a friendlier educational message (#18760)
See /t/82115/3
2022-10-26 20:53:57 +02:00
Jarek Radosz
a727476fb7
DEV: Revert topic loading async changes (#18757)
This reverts commits 2c5e8f1763 (#18585) and 589a249a65 (#18727)

Those changes caused race conditions with scroll-to-post/lockOn code.
2022-10-26 20:16:01 +02:00
Dan Gebhardt
0221855ba7
DEV: Normalize event handling to improve Glimmer + Classic component compat (Take 2) (#18742)
Classic Ember components (i.e. "@ember/component") rely upon "event
delegation" to listen for events at the application root and then dispatch
those events to any event handlers defined on individual Classic components.
This coordination is handled by Ember's EventDispatcher.

In contrast, Glimmer components (i.e. "@glimmer/component") expect event
listeners to be added to elements using modifiers (such as `{{on "click"}}`).
These event listeners are added directly to DOM elements using
`addEventListener`. There is no need for an event dispatcher.

Issues may arise when using Classic and Glimmer components together, since it
requires reconciling the two event handling approaches. For instance, event
propagation may not work as expected when a Classic component is nested
inside a Glimmer component.

`normalizeEmberEventHandling` helps an application standardize upon the
Glimmer event handling approach by eliminating usage of event delegation and
instead rewiring Classic components to directly use `addEventListener`.

Specifically, it performs the following:

- Invokes `eliminateClassicEventDelegation()` to remove all events associated
  with Ember's EventDispatcher to reduce its runtime overhead and ensure that
  it is effectively not in use.

- Invokes `rewireClassicComponentEvents(app)` to rewire each Classic
  component to add its own event listeners for standard event handlers (e.g.
  `click`, `mouseDown`, `submit`, etc.).

- Configures an instance initializer that invokes
  `rewireActionModifier(appInstance)` to redefine the `action` modifier with
    a substitute that uses `addEventListener`.

Additional changes include:
* d-button: only preventDefault / stopPropagation for handled actions
   This allows unhandled events to propagate as expected.
* d-editor: avoid adding duplicate event listener for tests
   This extra event listener causes duplicate paste events in tests.
* group-manage-email-settings: Monitor `input` instead of `change` event for checkboxes
2022-10-26 14:44:12 +01:00
Andrei Prigorshnev
20efd494ef
DEV: move BasicUserWithStatusSerializer from Discourse Chat (#18745) 2022-10-26 16:41:31 +04:00
Alan Guo Xiang Tan
fd993240fd
DEV: Add missing assertion for InvitesController test (#18755) 2022-10-26 13:04:55 +01:00
David Taylor
1da5aa9027
DEV: Parallelize core JS tests in docker.rake (#18756) 2022-10-26 12:00:35 +01:00
Osama Sayegh
787d512c03
FIX: Add theme-color <meta> tag when a dark scheme is selected (#18747)
Meta topic: https://meta.discourse.org/t/meta-theme-color-is-not-respecting-current-color-scheme/239815/7?u=osama.

This commit renders an additional `theme-color` `<meta>` tag for the dark scheme if the current user/request has a scheme selected for dark mode. We currently only render one `theme-color` tag which is always based on the user's selected scheme for light mode, but if the user also selects a scheme for dark mode and uses a device that's configured to use/prefer dark mode, the Discourse UI will be in dark mode, but any parts of the browser/OS UI that's colored based on the `theme-color` tag, would use a color from the user's selected light scheme and look inconsistent with the Discourse UI because the `theme-color` tag is based on the user's selected light scheme.

The additional `theme-color` tag has `media="(prefers-color-scheme: dark)"` and is based on the user's selected dark scheme which means any browser UI that's colored based on `theme-color` tags should be able to pick the right tag based on the user's preference for light/dark mode.
2022-10-26 07:18:05 +03:00
dependabot[bot]
d680d019a2
Build(deps): Bump eslint in /app/assets/javascripts (#18713)
Bumps [eslint](https://github.com/eslint/eslint) from 7.32.0 to 8.26.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.32.0...v8.26.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 09:20:59 +08:00
Jarek Radosz
f822a933fa
DEV: Clean up pre-initializers (#18680) 2022-10-26 09:19:54 +08:00
Alan Guo Xiang Tan
305b7c8fae
DEV: Update rubocop (#18754) 2022-10-26 09:05:15 +08:00
Andrei Prigorshnev
9129f18815
DEV: make possible to pass both async and sync callbacks to the user status modal (#18712) 2022-10-26 08:59:08 +08:00
dependabot[bot]
9dd431c272
Build(deps): Bump net-http from 0.2.2 to 0.3.0 (#18748)
Bumps [net-http](https://github.com/ruby/net-http) from 0.2.2 to 0.3.0.
- [Release notes](https://github.com/ruby/net-http/releases)
- [Commits](https://github.com/ruby/net-http/compare/v0.2.2...v0.3.0)

---
updated-dependencies:
- dependency-name: net-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 08:38:19 +08:00
dependabot[bot]
1b27e3c3eb
Build(deps): Bump rspec-mocks from 3.11.1 to 3.11.2 (#18749)
Bumps [rspec-mocks](https://github.com/rspec/rspec-mocks) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/rspec/rspec-mocks/releases)
- [Changelog](https://github.com/rspec/rspec-mocks/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-mocks/compare/v3.11.1...v3.11.2)

---
updated-dependencies:
- dependency-name: rspec-mocks
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 08:38:03 +08:00
dependabot[bot]
a18082725b
Build(deps): Bump rubocop-ast from 1.22.0 to 1.23.0 (#18751)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 08:37:50 +08:00
Blake Erickson
f78ea9926b
DEV: Add description for active param on create user api docs (#18753)
The `active` param on the create user endpoint requires that an api key
is used in the request header otherwise it is ignored, so adding this
distinction to the api docs.
2022-10-25 18:24:54 -06:00
Kris
d3663a143b
FIX: variable name typo (#18752) 2022-10-25 17:59:09 -04:00
Isaac Janzen
2737bc55bb
DEV: Update docs for composerBeforeSave (#18746)
* DEV: Update docs for composerBeforeSave
2022-10-25 14:19:45 -05:00
Kris
d0f88da9c9
FEATURE: control topic width with variables (#18743) 2022-10-25 14:45:37 -04:00
Discourse Translator Bot
5f02f11acc
Update translations (#18740) 2022-10-25 17:00:49 +02:00
Jarek Radosz
3949efb45f
FIX: Reset error props on Topic model (#18739)
If there's an error loading a topic, and later you load it successfully - the the stale error message would still briefly show up every time you navigate to that topic
2022-10-25 12:17:00 +02:00
Loïc Guitaut
ca97850726 DEV: remove deprecation warnings related to Nokogiri 2022-10-25 10:57:03 +02:00
Osama Sayegh
43ef44127c
UX: Send notification of type replied to topic author if they're watching the topic (#18684)
Related to aeee7ed.

Before the change in aeee7ed, notifications for direct replies to your posts and notifications for replies in watched topics looked the same in the notifications menu -- they both used the arrow icon.

We decided in aeee7ed to distinguish them by changing "watched topics" notifications to use the bell icon because it was confusing for users who watch topics to see the same icon for direct replies and "watched topics". However, that change also means that non-power/new users who receive replies to topics _they create_ will get notifications with the bell icon because technically they're watching the topic, but the arrow icon is more appropriate for this case because we use it throughout the app to indicate "replies".

This commit adds a special-case so that if a user is watching a topic AND the topic is created by them, they receive notifications with the arrow icon (type `replied`) instead of the bell icon (type `posted`) for new posts in the topic.

Internal topic: t/79051.
2022-10-25 11:53:35 +03:00
Osama Sayegh
8979adc3af
FIX: Log user addition/deletion from groups when they're changed via DiscourseConnect (#18677)
Discourse Connect can be used to manage group memberships of users by including a `add_groups`, `remove_groups` or `groups` attribute in the Discourse Connect payload. However, additions/deletions of users from groups aren't logged to the groups logs (available at `/g/<group>/manage/logs`) which can cause confusions to admins they try to figure out when/how users were added or removed from a group. This commit makes Discourse Connect add entries to the groups logs when it makes changes to users' group memberships.
2022-10-25 11:25:26 +03:00
dependabot[bot]
63bb1ca488
Build(deps): Bump snaky_hash from 2.0.0 to 2.0.1 (#18696)
Bumps [snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) from 2.0.0 to 2.0.1.
- [Release notes](https://gitlab.com/oauth-xx/snaky_hash/tags)
- [Changelog](https://gitlab.com/oauth-xx/snaky_hash/blob/main/CHANGELOG.md)
- [Commits](https://gitlab.com/oauth-xx/snaky_hash/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: snaky_hash
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 15:30:06 +08:00
dependabot[bot]
af3b5e9345
Build(deps): Bump oauth-tty from 1.0.3 to 1.0.5 (#18697)
Bumps [oauth-tty](https://gitlab.com/oauth-xx/oauth-tty) from 1.0.3 to 1.0.5.
- [Release notes](https://gitlab.com/oauth-xx/oauth-tty/tags)
- [Changelog](https://gitlab.com/oauth-xx/oauth-tty/blob/main/CHANGELOG.md)
- [Commits](https://gitlab.com/oauth-xx/oauth-tty/compare/v1.0.3...v1.0.5)

---
updated-dependencies:
- dependency-name: oauth-tty
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 15:29:48 +08:00
Jarek Radosz
df56ab172a
DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
Alan Guo Xiang Tan
d85c89ba6d
FIX: Category chooser not updating selection when editing reviewable (#18737) 2022-10-25 09:13:37 +08:00
Blake Erickson
fd8fd0a1f0
DEV: Document create group api params (#18736)
* DEV: Document create group api params

Documenting more params that are available to the create group api
endpoint.

* fix spelling
2022-10-24 18:55:51 -06:00
Kris
b6f5b236b3
UX: drag new user menus, scroll primary user nav (#18690) 2022-10-25 07:22:02 +08:00
Martin Brennan
cde2719ea1
DEV: Fix flaky uploads:disable_secure_uploads spec (#18719)
This test flakes occassionally, possibly because
of the arg ordering which we do not guarantee.
In future if this keeps occurring we may want to
try make expect_enqueued_with not care about argument
orders or the order of arrays etc within those arguments.
2022-10-25 09:01:15 +10:00
Martin Brennan
0730a56ce7
FEATURE: Generic hashtag autocomplete sorting (#18718)
Adds sorting for the HashtagAutocompleteService to
sort the results by case-insensitive text _within_
the type sort order specified by the params. This
should fix some flaky specs as well.
2022-10-25 08:59:17 +10:00