Commit Graph

34364 Commits

Author SHA1 Message Date
Gerhard Schlager
2a95c5c5d6 FIX: Don't update watching_first_post notifications when moving first post
The first post isn't moved. It gets copied during a move. Notifications of this special type should still link to the original first post.
2019-08-12 22:59:43 +02:00
Robin Ward
5981678abd FIX: Trusted users might cause content to be hidden with one flag
The text has been updated to be less specific about "Multiple community
members" to address this case.
2019-08-12 16:00:16 -04:00
Mohamad Abras
6cc9fe42ce add mongo adapter to nodebb importer (#8000) 2019-08-12 14:15:11 -04:00
Kyle Zhao
ca7f1dabbf REFACTOR: user-menu-links widget for extensibility (#7996) 2019-08-12 14:01:59 -04:00
Gerhard Schlager
d686318133 FIX: Prevent failed remaps during restores
Additional changes:
* Verbose logging of remaps during restores
* Exclude the backup_metadata table from restores
2019-08-12 17:15:01 +02:00
Gerhard Schlager
c05739c3c8 FIX: Truncate topic_links.url to 500 chars during remap
This column often breaks remaps because of some weird, long URLs. The data isn't that important, so truncating a couple of URLs doesn't hurt that much.
2019-08-12 17:15:00 +02:00
Gerhard Schlager
8b6341669a REFACTOR: Less duplicate code in DbHelper.remap 2019-08-12 17:15:00 +02:00
Kris
1232889b30 UX: Prevent twitter onebox iframes from being taller than mobie viewport 2019-08-12 11:03:54 -04:00
Dan Ungureanu
2a98becfde
FIX: Do not create a double like notification. (#7999)
When a user liked, unliked and liked again the same post, the poster
would receive a notification such as "X and X liked ...". This happened
because PostActionNotifier.post_action_created was called twice.
2019-08-12 16:22:46 +03:00
David Taylor
1a8fee11a0 DEV: If only one auth provider is enabled allow GET request
In this case, the auth provider is acting as a SSO provider, and can be trusted to maintain its own CSRF protections.
2019-08-12 11:03:05 +01:00
David Taylor
d348368ab6
FEATURE: Allow themes to override color transformation variables (#7987)
Theme developers can now add any of the transformed color variables to their color scheme in about.json. For example

```
  "color_schemes": {
    "Light": {
      "primary": "333333",
      "secondary": "ffffff",
      "primary-low": "ff0000"
    }
  },
```

would override the primary-low variable when compiling SCSS for the color scheme. The primary-low variable will also be visible in administrator color palette UI.
2019-08-12 11:02:38 +01:00
David Taylor
750802bf56
UX: Improve error handling for common OmniAuth exceptions (#7991)
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 10:55:02 +01:00
Joffrey JAFFEUX
731f61a818
UX: modifies admin email template to have more space for the form (#7993) 2019-08-12 10:27:25 +02:00
Jeff Wong
4cd0cd2f8e FIX: Blank second factor gets default name 2019-08-11 22:13:33 -07:00
Arpit Jalan
44f4801087 Bump onebox version.
- do not double encode percentage in url
- support hashbang in url
2019-08-12 08:42:50 +05:30
Blake Erickson
d7c73ded14 Ran prettier to clean up some formatting
Follow up to:

https://review.discourse.org/t/feature-external-auth-when-redeeming-invites/5152?u=blake
2019-08-11 19:00:52 -06:00
Blake Erickson
87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
Joffrey JAFFEUX
3503758599
FIX: polyfills String.prototype.repeat for IE (#7994) 2019-08-10 20:39:04 +02:00
Gerhard Schlager
e4f14ca3d7 FIX: Disallow user self-delete when user posted in PMs
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
2019-08-10 12:30:16 +02:00
Kris
9f445bec09 use color variables 2019-08-09 20:53:59 -04:00
romanrizzi
d01c938e1a Revert "FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element."
This reverts commit 50afe59306.
2019-08-09 11:35:22 -03:00
romanrizzi
50afe59306 FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element. 2019-08-09 11:13:09 -03:00
Gerhard Schlager
74d78e3636 FIX: Drop readonly function when dropping table 2019-08-09 11:39:46 +02:00
Gerhard Schlager
7cb51d0e40 FIX: Create readonly functions during backup
Temporarily recreate already dropped functions in the discourse_functions schema in order to allow restoring of backups which still reference dropped functions.
2019-08-09 11:39:46 +02:00
Dan Ungureanu
8aa5df69f0
FIX: Detect DiscourseHub user agent.
It used to show up as an unknown device and browser in user preferences
(Recently Used Devices).
2019-08-09 11:58:15 +03:00
Sam Saffron
1f47ed1ea3 PERF: message_bus will be deferred by server when flooded
The message_bus performs a fair amount of work prior to hijacking requests
this change ensures that if there is a situation where the server is flooded
message_bus will inform client to back off for 30 seconds + random(120 secs)

This back-off is ultra cheap and happens very early in the middleware.

It corrects a situation where a flood to message bus could cause the app
to become unresponsive

MessageBus update is here to ensure message_bus gem properly respects
Retry-After header and status 429.

Under normal state this code should never trigger, to disable raise the
value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell
message bus to go away if we are queueing for 100ms or longer
2019-08-09 17:48:01 +10:00
Eduardo Poleo
b500ef77d7 Poll migration is not idempotent (#7964)
The migration script is not idempotent due to database constrains on the
poll related objects, namely:

polls: index_polls_on_post_id_and_name (post_id,name) UNIQUE
poll_options: index_poll_options_on_poll_id_and_digest  (poll_id,digest) UNIQUE
poll_votes:  index_poll_votes_on_poll_id_and_poll_option_id_and_user_id  (poll_id,poll_option_id,user_id) UNIQUE

This change skips a particular poll migration if it's already found on
the db.
2019-08-08 18:48:53 +02:00
Bianca Nenciu
7c83d2eeb2 FIX: Award 'First Onebox' badge just for Oneboxed URLs. (#7974) 2019-08-08 18:45:18 +02:00
David Taylor
922c40f87c UX: Clear username when opening ignore duration modal 2019-08-08 16:31:34 +01:00
David Taylor
90108b2450 FIX: Correct OmniAuth route ordering
/auth/failure should be given higher precedence than /auth/:provider
2019-08-08 15:49:09 +01:00
Dan Ungureanu
3008ecccbd FIX: Notify on Reviewable update. (#7980)
If a post is flagged after an action was already performed on it, it
will update the previous Reviable instance and not create a new one.
The notification logic was implemented in the :create callback which was
completely skipped in this case.
2019-08-08 16:04:34 +02:00
David Taylor
6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
David Taylor
7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Guo Xiang Tan
32b4bdaccd DEV: Remove mocks from tests. 2019-08-08 15:17:45 +08:00
Guo Xiang Tan
740e2a6025 DEV: Add comment about fork of image_optim. 2019-08-08 13:03:35 +08:00
Guo Xiang Tan
636b6c3a5a FIX: Wrong discobot tutorial started for certain locales.
If a locale has triggers that start with the same word, our regexp will
always end up matching the first trigger. For example,

`start tutorial` and `start tutorial advanced`

To support the change, we have to make the match on triggers more
restrictive. `@discobot quote here` will no longer work like `@discobot
quote`.
2019-08-08 10:53:58 +08:00
Guo Xiang Tan
b574276e6e DEV: Correct hardcoded value in discobot tests. 2019-08-08 10:53:58 +08:00
Neil Lalonde
5f87089b67 FIX: remove dependency on present? in distributed_mutex lib 2019-08-07 15:39:51 -04:00
Penar Musaraj
78500fb770 UX: Improve layout of poll builder modal 2019-08-07 15:00:03 -04:00
Gerhard Schlager
24877a7b8c FIX: Correctly encode non-ASCII filenames in HTTP header
Backport of fix from Rails 6: 890485cfce
2019-08-07 19:10:50 +02:00
Arpit Jalan
e90aac11cb fix the build 2019-08-07 16:39:58 +05:30
Arpit Jalan
b0e781e2d4 FIX: do not follow redirect on same host with path /login or /session 2019-08-07 16:26:55 +05:30
Leo McArdle
6296ae3d31 FEATURE: add setting to show content of forwarded emails in topics (#7935) 2019-08-07 12:32:19 +02:00
Joffrey JAFFEUX
5d72561f4f
FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
Kris
9e248de02a slightly better button wrapping when list controls are long 2019-08-06 23:44:44 -04:00
Sam Saffron
2408d55551 FIX: embedding topics would fail with some HTML
When truncating content we try to search for first paragraph, if HTML had
no P it would fallback to first div which may have nested elements.
2019-08-07 12:45:55 +10:00
Sam Saffron
3c44e54c3f DEV: followup on secure category mention
Follows up on #f7809207

- Priority mention support only available for groups with less than 500 members
- Proper use attribute on model
2019-08-07 10:31:25 +10:00
Robin Ward
f1b3e72581 FIX: Don't hide/close topics if they don't meet minimum visibility
There are situations where depending on site settings, actions could be
taken due to flags (for example, hiding a post) but those actions were
not visibile in the review queue due to visibility settings.

This patch makes sure that the minimum score required for an action such
as hiding a post needs to meet the visibility for a moderator to see it.
2019-08-06 15:36:39 -04:00
Roman Rizzi
44ad8ee39b
FIX: Use unescaped title as combo-box id (#7979) 2019-08-06 16:27:01 -03:00