Commit Graph

337 Commits

Author SHA1 Message Date
Loïc Guitaut
d6bec460a8 DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
Martin Brennan
b8a5f95eb6
FIX: Handle multiple In-Reply-To Message-ID in group inbox ()
This fix handles the case where an In-Reply-To mail header
can contain multiple Message-IDs. We use this header to
try look up an EmailLog record to find the post to reply
to in the group email inbox flow.

Since the case where multiple In-Reply-To Message-IDs is
rare (we've only seen a couple of instances of this causing
errors in the wild), we are just going to use the first one
in the array.

Also, Discourse does not support replying to multiple posts
at once, so it doesn't really make sense to use multiple
In-Reply-To Message-IDs anyway.
2024-11-26 11:12:40 +10:00
Alan Guo Xiang Tan
57f4176b57
DEV: Bump rubocop_discourse () 2024-11-06 06:27:49 +08:00
Alan Guo Xiang Tan
322a3be2db
DEV: Remove logical OR assignment of constants ()
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Martin Brennan
f5cbc3e3b8
FEATURE: Allow oneboxing private GitHub repo URLs and add private indicator to HTML ()
Followup 560e8aff75

The linked commit allowed oneboxing private GitHub PRs,
issues, commits, and so on, but it didn't actually allow
oneboxing the root repo e.g https://github.com/discourse/discourse-reactions

We didn't have an engine for this, we were relying on OpenGraph
tags on the HTML rendering of the page like we do with other
oneboxes.

To fix this, we needed a new github engine for repos specifically.

Also, this commit adds a `data-github-private-repo` attribute to
PR, issue, and repo onebox HTML so we have an indicator of
whether the repo was private, which can be used for theme components
and so on.
2024-07-19 12:21:45 +10:00
Rafael dos Santos Silva
b2a9676f0b
FEATURE: Support Spotify Onebox () 2024-06-19 13:27:27 -03:00
Jarek Radosz
5cb84f8dcf
DEV: Revert rails 7.1 upgrade ()
* Revert "FIX: Set `override_level` on Logster loggers ()"

This reverts commit c1b0488c54.

* Revert "DEV: Make parameters optional to all FakeLogger methods"

This reverts commit 3318dad7b4.

* Revert "FIX: Remove references to `Rails.logger.chained`"

This reverts commit f595d599dd.

* Revert "DEV: Upgrade Rails to 7.1"

This reverts commit 081b00391e.
2024-06-18 23:48:30 +02:00
Loïc Guitaut
081b00391e DEV: Upgrade Rails to 7.1 2024-06-18 15:58:05 +02:00
Jan Cernik
30e963be03
DEV: Add spec for x.com onebox url matcher () 2024-05-28 09:04:20 -03:00
Martin Brennan
9c85ea5945
DEV: Remove old TODOs for message-id formats ()
Introduced back in 2022 in
e3d495850d,
our new more specific message-id format for inbound and
outbound emails has now been in use for a very long time,
we can remove the support for the old formats:

`topic/:topic_id/:post_id.:random@:host`
`topic/:topic_id@:host`
`topic/:topic_id.:random@:host`
2024-05-28 13:57:09 +10:00
dsims
e6e3eaf472
FIX: avoid error from missing meta tags () 2024-05-14 11:41:53 -04:00
Alan Guo Xiang Tan
6dac187785
DEV: Support translations for property labels in objects schema editor ()
Why this change?

In cdba864598, we added support for adding
a description which will be displayed under the input of each property
on the client side.

Currently this convention in the locale file is followed:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name: <description for the name property>
            links:
              name: <description for the name property in link>
              url: <description for the url property in link>
```

Since we now want to allow the label to be translated as well, we will
be changing the convention to the following:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name:
              label: <label for the name property>
              description: <description for the name property>
            links:
              name:
                label: <label for the name property>
                description: <description for the name property in link>
              url:
		label: <label for the url property>
                description: <description for the url property in link>
```

If the locale file does not provide a `label` key under the property's
name, the client side will just display the property's name as the
label for the input field.
2024-03-28 10:53:51 +08:00
Alan Guo Xiang Tan
476d91d233
DEV: Change category type to categories type for theme object schema ()
Why this change?

This is a follow-up to 86b2e3aa3e.

Basically, we want to allow people to select more than 1 category as well.

What does this change do?

1. Change `type: category` to `type: categories` and support `min` and `max`
   validations for `type: categories`.

2. Fix the `<SchemaThemeSetting::Types::Categories>` component to support the
   `min` and `max` validations and switch it to use the `<CategorySelector>` component
   instead of the `<CategoryChooser>` component which only supports selecting one category.
2024-03-27 10:54:30 +08:00
Alan Guo Xiang Tan
cdba864598
DEV: Support description for properties in objects schema ()
Why this change?

When editing a objects typed theme setting, the input fields which are
rendered should include a description so that the user knows the purpose
of the field which they are changing.

What does this change do?

This change adds support for adding description to each property in the
schema for an object by following a given convention in the locale file.

For a schema like this:

```
objects_setting:
  type: objects
  schema:
    name: section
    properties:
      name:
        type: string
        required: true
      links:
        type: objects
        schema:
          name: link
          properties:
            name:
              type: string
              required: true
              validations:
                max_length: 20
            url:
              type: string
```

Description for each property in the object can be added like so:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name: <description for the name property>
            links:
              name: <description for the name property in link>
              url: <description for the url property in link>
```

If the a description is not present, the input field will simply not
have an description.

Also note that a description for a theme setting can now be added like
so:

```
en:
  theme_metadata:
    settings:
      some_other_setting: <This will be used as the description>
      objects_setting:
        description: <This will also be used as the description>
```
2024-03-15 07:47:42 +08:00
Alan Guo Xiang Tan
e7f539df10
UX: Display setting description for objects typed theme setting ()
Why this change?

Prior to this change, there is no description being displayed for
objects typed theme setting because we were rendering a button instead
of the components for the various setting types which will render the
setting's description.

What does this change do?

1. Introduce `SiteSettings::Description` compoment to centralise the HTML
being rendered across all settings component.

2. Renders the `SiteSettings::Description` component after the edit
   button in `site_setting.hbs`.
2024-03-13 12:38:21 +08:00
Régis Hanol
5fcb7c262d
FIX: prevents duplicate attachments in incoming emails ()
## What?

Depending on the email software used, when you reply to an email that has some attachments, they will be sent along, since they're part of the embedded (replied to) email.

When Discourse processes the reply as an incoming email, it will automatically add all the (valid) attachments at the end of the post. Including those that were sent as part of the "embedded reply".

This generates posts in Discourse with duplicate attachments 🙁

## How?

When processing attachments of an incoming email, before we add it to the bottom of the post, we check it against all the previous uploads in the same topic. If there already is an `Upload` record, it means that it's a duplicate and it is _therefore_ skipped.

All the inline attachments are left untouched since they're more likely new attachments added by the sender.
2024-03-01 18:38:49 +01:00
Alan Guo Xiang Tan
afb0adf48d
DEV: Validate objects when updating typed objects theme settings ()
Why this change?

This change ensures that we validate the value of the new objects
when updating typed objects theme settings.
2024-02-28 10:33:22 +08:00
Alan Guo Xiang Tan
412b36cc93
FIX: Error when integer values are set as default of string type settings ()
Why this change?

```
some_setting:
  default: 0
  type: string
```

A theme setting like the above will cause an error to be thrown on the
server when importing the theme because the default would be parsed as
an integer which caused an error to be thrown when we are validating the
value of the setting.

What does this change do?

Convert the value to a string when working with string typed theme
settings.
2024-02-27 10:18:38 +08:00
Alan Guo Xiang Tan
7bcfe60a76
DEV: Validate default value for type: objects theme settings ()
Why this change?

This change adds validation for the default value for `type: objects` theme
settings when a setting theme field is uploaded. This helps the theme
author to ensure that the objects which they specifc in the default
value adhere to the schema which they have declared.

When an error is encountered in one of the objects, the error
message will look something like:

`"The property at JSON Pointer '/0/title' must be at least 5 characters
long."`

We use a JSON Pointer to reference the property in the object which is
something most json-schema validator uses as well.

What does this change do?

1. This commit once again changes the shape of hash returned by
   `ThemeSettingsObjectValidator.validate`. Instead of using the
   property name as the key previously, we have decided to avoid
   multiple levels of nesting and instead use a JSON Pointer as the key
   which helps to simplify the implementation.

2 Introduces `ThemeSettingsObjectValidator.validate_objects` which
  returns an array of validation error messages for all the objects
  passed to the method.
2024-02-27 09:16:37 +08:00
Alan Guo Xiang Tan
fb0e656cb7
DEV: Refactor subclasses in ThemeSettingsManager to individual files ()
Why this change?

One Ruby class per file improves readability
2024-02-08 12:59:52 +08:00
Alan Guo Xiang Tan
9f884cdaab
DEV: Introduce experimental type: objects theme setting ()
Why this change?

This commit introduces an experimental `type: objects` theme setting
which will allow theme developers to store a collection of objects as
JSON in the database. Currently, the feature is still in development and
this commit is simply setting up the ground work for us to introduce the
feature in smaller pieces.

What does this change do?

1. Adds a `json_value` column as `jsonb` data type to the `theme_settings` table.
2. Adds a `experimental_objects_type_for_theme_settings` site setting to
   determine whether `ThemeSetting` records of with the `objects` data
   type can be created.
3. Updates `ThemeSettingsManager` to support read/write access from the
   `ThemeSettings#json_value` column.
2024-02-08 10:20:59 +08:00
Martin Brennan
74fd883a89
DEV: Improve site setting rename generator ()
We need to be able to generate these migrations
for plugin settings as well. Also, we can use the
type supervisor to get the enum data in a nicer way.
2024-01-25 10:45:46 +10:00
Alan Guo Xiang Tan
59839e428f
DEV: Add skip_migrations param when importing remote theme ()
Why this change?

Importing theme with the `bundle` params is used mainly by
`discourse_theme` CLI in the development environment. However, we do not
want migrations to automatically run in the development environment
and instead want the developer to be intentional about running theme
migrations. As such, this commit adds support for a
`skip_migrations` param when importing a theme with the `bundle` params.

This commit also adds a `migrated` attribute for migrations theme fields
to indicate whether a migrations theme field has been migrated or not.
2024-01-11 14:04:02 +08:00
Martin Brennan
89705be722
DEV: Add auto map from TL -> group site settings in DeprecatedSettings ()
When setting an old TL based site setting in the console e.g.:

SiteSetting.min_trust_level_to_allow_ignore = TrustLevel[3]

We will silently convert this to the corresponding Group::AUTO_GROUP. And vice-versa, when we read the value on the old setting, we will automatically get the lowest trust level corresponding to the lowest auto group for the new setting in the database.
2023-12-26 14:39:18 +08:00
Jarek Radosz
7196613e2e
DEV: Fix various spec linting issues ()
Duplicated specs, incorrect descriptions, incorrect assertions, incorrect filenames, old todo
2023-12-04 13:45:19 +01:00
Kris
797da5870b
FEATURE: remove category badge style options, set bullet style as default () 2023-11-13 10:46:15 -05:00
Roman Rizzi
d78357917c SECURITY: Onebox templates' HTML injections.
The use of triple-curlies on Mustache templates opens the possibility for HTML injections.
2023-11-09 13:39:11 +11:00
Daniel Waterworth
290306a932
SECURITY: Reduce maximum size of SVG sprite cache to prevent DoS
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-09-12 15:31:28 -03:00
Alan Guo Xiang Tan
d2e4b32c87
DEV: Add support for uploading a theme from a directory in system tests ()
Why this change?

Currently, we do not have an easy way to test themes and theme components
using Rails system tests. While we support QUnit acceptance tests for
themes and theme components, QUnit acceptance tests stubs out the server
and setting up the fixtures for server responses is difficult and can lead to a
frustrating experience. System tests on the other hand allow authors to
set up the test fixtures using our fabricator system which is much
easier to use.

What does this change do?

In order for us to allow authors to run system tests with their themes
installed, we are adding a `upload_theme` helper that is made available
when writing system tests. The `upload_theme` helper requires a single
`directory` parameter where `directory` is the directory of the theme
locally and returns a `Theme` record.
2023-09-12 07:38:47 +08:00
Martin Brennan
5cb45f8714
DEV: Add email fixture ()
For use with discourse-automation feature
2023-09-01 16:29:47 +10:00
Joffrey JAFFEUX
df7dab9dce
FIX: ensures generic onebox has width/height for thumbnail ()
Prior to this fix we would output an image with no width/height which would then bypass a large part of `CookedProcessorMixin` and have no aspect ratio. As a result, an image with no size would cause layout shift.

It also removes a fix for oneboxes in chat messages due to this case.
2023-08-09 20:31:11 +02:00
Roman Agilov
3eac47443f
FEATURE: Add audio.com onebox provider ()
* Audio.com provider added to onebox
* added specs for audio.com onebox provider
2023-08-08 16:55:04 +10:00
Penar Musaraj
318bdbdb46
DEV: Cleanup onebox spec discourse topic fixtures () 2023-07-31 15:09:47 -04:00
Alan Guo Xiang Tan
d9a7779811
DEV: Fix flaky core backend spec ()
Why this change?

The user id in a fixture file was hardcoded to 666. Once we've
fabricated enough user objects until the sequence for `User#id` reaches
666, the specs in vanilla_body_parser_spec.rb will fail.

What is the fix here?

This commit increases the user id to a large integer which we will
likely never hit in the next 10-20 years.
2023-07-18 07:01:19 +08:00
Rafael dos Santos Silva
3fd327c458
FEATURE: Basic support for threads.net onebox () 2023-07-06 16:02:49 -03:00
Jan Cernik
24c90534fb
FIX: Use Twitter API v2 for oneboxes and restore OpenGraph fallback () 2023-06-22 14:39:02 -03:00
Bianca Nenciu
4973f0ccde
UX: Remove 'Create Topics' notice ()
We are looking at simplifying the new admin/user experience and the
many notices bring unnecessary complexity.
2023-06-08 22:30:26 +03:00
Osama Sayegh
c2fcd55a80
FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales ()
Prior to this commit, we didn't have RTL versions of our admin and plugins CSS bundles and we always served LTR versions of those bundles even when users used an RTL locale, causing admin and plugins UI elements to never look as good as when an LTR locale was used. Example of UI issues prior to this commit were: missing margins, borders on the wrong side and buttons too close to each other etc.

This commit creates an RTL version for the admin CSS bundle as well as RTL bundles for all the installed plugins and serves those RTL bundles to users/sites who use RTL locales.
2023-06-01 05:27:11 +03:00
Régis Hanol
db9d998de3
FIX: improve mailman email parsing ()
https://meta.discourse.org/t/improving-mailman-email-parsing/253041

When mirroring a public mailling list which uses mailman, there were some cases where the incoming email was not associated to the proper user.

As it happens, for various (undertermined) reasons, the email from the sender is often not in the `From` header but can be in any of the following headers: `Reply-To`, `CC`, `X-Original-From`, `X-MailFrom`.

It might be in other headers as well, but those were the ones we found the most reliable.
2023-05-19 10:33:48 +02:00
Michael Brown
076def505e
FIX: email receiver should ignore x-auto-response-suppress
This header is used by Microsoft Exchange to indicate when certain types of
autoresponses should not be generated for an email.

It triggers our "is this mail autogenerated?" detection, but should not be used
for this purpose.
2023-05-03 12:20:00 -04:00
David Taylor
7070f81596
DEV: Allow DROP NOT NULL in pre-deploy migrations ()
Our SafeMigrate system is designed to prevent tables/columns being dropped in pre-deploy migrations. Its regex-based detection was triggering incorrectly on `ALTER COLUMN DROP NOT NULL`.
2023-03-22 14:43:32 +00:00
Osama Sayegh
3f908c047d
FIX: Use the default value correctly for theme settings of type uploads ()
When a theme setting of type `upload` has a default upload, it should return the URL of the specified default upload until a custom upload is used for the setting. However, currently this isn't the case and we get null instead of the default upload URL.

The reason for this is because the `super` method of `#value` already returns the default upload URL (if there's one), so we can't pass that to `cdn_url` which expects an upload ID:

c961dcc757/lib/theme_settings_manager.rb (L212)

This commit fixes the bug by skipping the call to `cdn_url` when we fallback to the default upload for the setting value.
2023-03-06 11:41:47 +03:00
Martin Brennan
cf5fa23cd3
DEV: Remove old secure_media setting ()
This has been renamed to secure_uploads since
8ebd5edd1e
2023-02-14 09:41:18 +10:00
Ayke Halder
137dbaf0dc
DEV: declare post position as simple number in structured data ()
This replaces the position declared as `#123` with the more simple version `123`.

The property position may be of type Integer or Text. A value of type Integer, or more precise of type Text which simply casts to integer, is sufficient here.
See: https://schema.org/position

In category-view the topic-list already uses this notation for the position of topics:
`<meta itemprop="position" content="123">`
2023-01-30 08:07:04 +01:00
Loïc Guitaut
14d97f9cf1 FEATURE: Show more context in Discourse topic oneboxes
Currently when generating a onebox for Discourse topics, some important
context is missing such as categories and tags.

This patch addresses this issue by introducing a new onebox engine
dedicated to display this information when available. Indeed to get this
new information, categories and tags are exposed in the topic metadata
as opengraph tags.
2023-01-11 14:22:53 +01:00
David Taylor
cb932d6ee1
DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
Rafael dos Santos Silva
06ff15f3ae
DEV: Fix png optimization test flakyness ()
* DEV: Fix png optimization test flakyness

Update fixture with oxipng 7

This test broke when the pngoptimizer got better so the pre-optimized png in the fixtures was compressed further on upload creation, breaking the expected size.
2022-12-20 16:05:14 -03:00
Rafael dos Santos Silva
d247e5d37c
FEATURE: Youtube Short onebox support ()
* FEATURE: Youtube Shorts onebox support

Co-authored-by: Canapin <canapin@gmail.com>
2022-12-06 11:56:48 -03:00
Sam
755ca0fcbb
PERF: stop downloading images from post processor and lean on uploads
Previously we would unconditionally fetch all images via HTTP to grab
original sizing from cooked post processor in 2 different spots.

This was wasteful as we already calculate and cache this info in upload records.

This also simplifies some specs and reduces use of mocks.
2022-11-25 12:40:31 +11:00
David Taylor
174a8b431b
DEV: Support passing relative URLs CSP builder ()
Raw paths like `/test/path` are not supported natively in the CSP. This commit prepends the site's base URL to these paths. This allows plugins to add 'local' assets to the CSP without needing to hardcode the site's hostname.
2022-11-24 11:27:47 +00:00