Commit Graph

41385 Commits

Author SHA1 Message Date
Martin Brennan
355d51afde
FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic.

The invitation methods that are supported include:

* Inviting people to groups via email address
* Inviting people to topics via email address
* Using invitation links generated by the Invite Users UI in the /my/invited/pending route

The flow works like this:

1. User visits an invite URL
2. The normal invitation validations (redemptions/expiry) happen at that point
3. We store the invite key in a secure session
4. The user clicks "Accept Invitation and Continue" (see below)
5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login
6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email
7. If the invite is OK we create the user via the normal SSO methods
8. We redeem the invite and activate the user. We clear the invite key in secure session.
9. If the invite had a topic we redirect the user there, otherwise we redirect to /

Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case.

Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
2021-03-19 10:20:10 +10:00
Penar Musaraj
aee7ef0dc9
DEV: Fix build due to highlight.js branch issue (#12441)
Highlight.js changed their default branch from master to main. This switches to the @highlightjs/cdn-assets package, thus sidestepping the problem. It's a slightly cleaner integration though (no need to build locally anymore).
2021-03-18 18:21:23 -04:00
jbrw
aaf96edee0
FIX: all staff members (regardless of TL) should be able to pin/unpin topics (#12435) 2021-03-18 15:32:42 -04:00
Joffrey JAFFEUX
67e1ae3f7d
A11Y: makes search results count readable by screen reader (#12437) 2021-03-18 18:44:26 +01:00
Dan Ungureanu
033d6b6437
FEATURE: Obfuscate emails on invite show page (#12433)
The email should not be ever displayed in clear text, except the case
when the user authenticates using another service.
2021-03-18 19:09:23 +02:00
Dan Ungureanu
da1e37d2ce
FIX: browser-update should work with old browsers (#12436)
This caused issues in IE10 / IE11 with compatibility mode.
2021-03-18 19:09:01 +02:00
Dan Ungureanu
5024ea72d2
UX: Show first unique letters in invite link (#12434) 2021-03-18 19:05:38 +02:00
Roman Rizzi
da210b6d77
FEATURE: Replace markdown-it replacements rule. (#12417)
We override the default replacements rule to no longer replace "(c)", "(p)", and "(p)". Additionally, we merged the custom arrows rule into the replacement function.
2021-03-18 10:55:41 -03:00
Bianca Nenciu
1a433193d1
FIX: Do not treat code tag as block level element (#12432)
When syncing code elements, the inner text used to be escaped, which
rendered the actual HTML code instead. This commit overwrites default
parser settings to fix the way code tags are handled.
2021-03-18 15:30:15 +02:00
Joffrey JAFFEUX
cf703ccf66
A11Y: improves avatar menu focus/active states (#12422) 2021-03-18 13:29:27 +01:00
dependabot[bot]
06c60b017c
DEV: Bump unicorn from 5.8.0 to 6.0.0 (#12430)
Bumps [unicorn](https://yhbt.net/unicorn/) from 5.8.0 to 6.0.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-18 16:08:51 +11:00
Krzysztof Kotlarek
c5a116859d
FIX: delete post action from permanently deleted posts (#12309)
When Post is permanently deleted, we should delete correlated PostAction as well.
2021-03-18 15:22:41 +11:00
Kris
7e470bf8ae
UX: Improve topic footer alignment and layout (#12420) 2021-03-17 22:42:52 -04:00
Jordan Vidrine
74dbf2b1dc
UX: Move modal footer into better container (#12429)
* UX: Move modal footer into better container

This commit moves the modal footer under the sign-up form for a more cohesive feel between the login + create account modals.
2021-03-17 14:10:49 -05:00
Blake Erickson
44153cde18
FIX: Be able to handle long file extensions (#12375)
* FIX: Be able to handle long file extensions

Some applications have really long file extensions, but if we truncate
them weird behavior ensues.

This commit changes the file extension size from 10 characters to 255
characters instead.

See:

https://meta.discourse.org/t/182824

* Keep truncation at 10, but allow uppercase and dashes
2021-03-17 12:01:29 -06:00
Penar Musaraj
eb7f0ec766
FIX: In components, fall back to default theme color variables (#12423)
Component SCSS compilation should use the current theme's SCSS color
variables as a fallback before using the default core colors.

This is mostly a backwards-compatibility fix, new themes and components
should use CSS custom properties, which offer better support for on-the-fly
color scheme changes (dark mode support, etc.).
2021-03-17 13:34:15 -04:00
Bianca Nenciu
97623f5351
FIX: Do not raise if post no longer exists (#12428) 2021-03-17 19:22:05 +02:00
Robin Ward
52859bdeab
FIX: Viewing some tag routes wasn't rendering the list without JS (#12344) 2021-03-17 13:02:32 -04:00
Robin Ward
11e6e9cca2
FIX: Tests in admin/tests were not running (#12391)
Since we want to run them in the core app they've been moved into the
`tests` directory for discourse, and updated to the latest format.
2021-03-17 13:02:12 -04:00
Bianca Nenciu
50f8782def
FIX: Fix narrative bot settings in multisites (#12380)
after_initialize is not called for each multisite database, but just
for first (default) database.
2021-03-17 17:41:31 +02:00
Bianca Nenciu
16b5fa030b
DEV: Set disable_mailing_list_mode automatically (#12402)
The user mailing list mode continued to be silently enabled and
UserEmail job checked just that ignoring site setting
disable_mailing_list_mode.

An additional migrate was added to set disable_mailing_list_mode
to false if any users enabled the mailing list mode already.
2021-03-17 17:39:10 +02:00
Gerhard Schlager
38dd81d38a
DEV: Remove deprecated Sidekiq config (#12427)
> WARNING: Sidekiq::Web.sessions= is no longer relevant and will be removed in Sidekiq 7.0.
2021-03-17 16:29:10 +01:00
Daniel Waterworth
9c3d5f861d
DEV: Speed up topics_controller_spec.rb (#12395) 2021-03-17 10:25:43 -05:00
Joffrey JAFFEUX
482bcc8726
A11Y: associates lists with labels on interface page (#12426) 2021-03-17 16:03:09 +01:00
Joffrey JAFFEUX
cb0427ffdf
A11Y: links change username input to its label (#12424) 2021-03-17 15:47:27 +01:00
Bianca Nenciu
9b4b2149ff
FIX: Allow group owners manage group flair (#12415)
Follow up to commit 901cee55cd.
2021-03-17 16:35:51 +02:00
Osama Sayegh
d56b2e85aa
FIX: Escape Font Awesome icons (#12421)
This is not a security issue because regular users are not allowed to insert FA icons anywhere in the app. Admins can insert icons via custom badges, but they do have the ability to create themes with JS.
2021-03-17 16:11:40 +03:00
Osama Sayegh
a23d0f9961
UX: Add image uploader widget for uploading badge images (#12377)
Currently the process of adding a custom image to badge is quite clunky; you have to upload your image to a topic, and then copy the image URL and pasting it in a text field. Besides being clucky, if the topic or post that contains the image is deleted, the image will be garbage-collected in a few days and the badge will lose the image because the application is not that the image is referenced by a badge.

This commit improves that by adding a proper image uploader widget for badge images.
2021-03-17 08:55:23 +03:00
Kris
26bfb5d6b9
UX: reduce opacity of code copy button (#12418) 2021-03-16 19:22:35 -07:00
Krzysztof Kotlarek
146775072a
FIX: mention notification takes precedence over group (#12407)
When a specific user is mentioned and group to which this user belongs, a direct mention notification should take precedence.
2021-03-17 08:20:41 +11:00
Robin Ward
37c42a57b0
DEV: Make dockcontainer and hidepassed the defaults (#12416)
This makes running qunit tests in a browser much simpler
2021-03-16 14:34:59 -04:00
Dan Ungureanu
fb19ee9eee
FIX: Correctly use invite to topic email templates (#12411)
It was used both when inviting from a topic page and when creating
invites with "Send to topic on first login", while it should be used
only in the former case.
2021-03-16 17:08:54 +02:00
Discourse Translator Bot
bc88ea5976
Update translations (#12412) 2021-03-16 15:49:29 +01:00
Arpit Jalan
64d2f260a9
FIX: do not convert format for site setting uploads (#12410) 2021-03-16 20:14:41 +05:30
Dan Ungureanu
eda8a839d4
UX: Show Topic column in invites pending tab (#12413) 2021-03-16 16:29:41 +02:00
dependabot[bot]
49a3fcb0f1
Build(deps): Bump sidekiq from 6.1.3 to 6.2.0 (#12406)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.1.3 to 6.2.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.1.3...v6.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-16 09:48:50 -04:00
Robin Ward
1c82ed9f3e
REFACTOR: Use a <script src> tag to start the app (#12401)
This is to help with potential CSP issues.
2021-03-16 09:36:11 -04:00
Roman Rizzi
dc3af285b2
UX: Show the Dismiss New button at the top of the topics. (#12403)
We want to be consistent across desktop and mobile.
2021-03-16 10:07:04 -03:00
Krzysztof Kotlarek
e10a74694a
FIX: deprecation warning - initialization autoloaded the constant (#12400)
Get rid of deprecation related to Zeitwerk autoloader.

Original PR was reverted because of multisite bug #12381 - thank you @davidtaylorhq for fixing it.

I added the last commit to fix that multisite problem.
2021-03-16 09:47:57 +11:00
dependabot[bot]
ddf8e9b6b6
Build(deps): Bump omniauth-google-oauth2 from 0.8.1 to 0.8.2 (#12405)
Bumps [omniauth-google-oauth2](https://github.com/zquestz/omniauth-google-oauth2) from 0.8.1 to 0.8.2.
- [Release notes](https://github.com/zquestz/omniauth-google-oauth2/releases)
- [Changelog](https://github.com/zquestz/omniauth-google-oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zquestz/omniauth-google-oauth2/compare/v0.8.1...v0.8.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-15 22:34:14 +01:00
Rafael dos Santos Silva
f8d9f09370
FEATURE: Fallback to system users when creating new TopicEmbed (#12386)
Previosly, if the topic embed request had a missing username parameter,
and SiteSetting.embed_by_username was empty we would fail to create the
new topic and not show any errors.

Now we will fallback using the priority:

1. Username parameter
2. SiteSetting.embed_by_username
3. SiteSetting.site_contact_username
4. system user
2021-03-15 11:58:53 -03:00
dependabot[bot]
0d3b7a3a82
Build(deps): Bump faker from 2.16.0 to 2.17.0 (#12396)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.16.0 to 2.17.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.16.0...v2.17.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-15 11:10:33 +01:00
Dan Ungureanu
790c4ad4a7
FEATURE: Improve expired invites tab (#12392)
This commit extends functionality of the expired invites tab, making
it more similar to the pending tab. It also implements a different
layout for mobile.
2021-03-15 11:52:58 +02:00
Sam
6c57f6f49d
DEV: ensure state is clean prior to spec (#12399)
Corrects flaky spec

Previously we were only clearing state after our spec ran, leaving possible
edge cases where `Discourse.plugins` had data.

Clean-up source of the plugin leak

1 pop was not enough to clear the plugin, plus make specs a bit more
deliberate
2021-03-15 09:11:23 +01:00
Martin Brennan
139a547f22
DEV: Change Bookmark.clear_reminder! update to update! (#12398)
* Change update to update! for bookmark clear_reminder!

This way the update will not fail silently
2021-03-15 16:10:40 +11:00
David Taylor
7970d1d99f
FEATURE: Allow a cluster_name to be configured and used for /srv/status (#12365)
The cluster name can be configured by setting the `DISCOURSE_CLUSTER_NAME` environment variable. If set, you can then call /srv/status with a `?cluster=` parameter. If the cluster does not match, an error will be returned. This is useful if you need a load balancer to be able to verify the identity, as well as the presence, of an application container.
2021-03-15 15:41:59 +11:00
Rafael dos Santos Silva
7fecf1b885
FIX: Move PWA App shortcut for bookmarks to new path (#12388) 2021-03-15 15:36:50 +11:00
Jarek Radosz
303d2227cc
DEV: Fix FakeLogger spec issues (#12397)
* DEV: Add `#level` and `#level=` to `FakeLogger`

* DEV: Fix a leaky test
2021-03-15 15:36:10 +11:00
Blake Erickson
5c84f702b0
DEV: Update api docs to deprecate target_usernames field (#12394)
When creating a PM target_usernames has been deprecated for some time
now but the api docs have yet to reflect this.

The api docs now specify to use target_recipients.

See: eef21625c6
2021-03-12 16:48:39 -07:00
Kris
01babeccdf
FEATURE: Add above-timeline plugin outlet (#12373) 2021-03-12 18:40:51 -05:00