Commit Graph

45435 Commits

Author SHA1 Message Date
Roman Rizzi
e5691362df
DEV: add smtp_should_reject to the receive_emails api key scope (#17110) 2022-06-16 13:46:56 -03:00
David Taylor
691afa2593
DEV: Handle emoji-picker and d-editor being destroyed simultaneously (#17109) 2022-06-16 17:16:15 +01:00
David Taylor
c00205730e
FIX: Ensure presence endpoints don't break the session (#17108)
Presence endpoints are often called asynchronously at the same time as other request, and never need to modify the session. Skipping ensures that an unneeded cookie rotation doesn't race against another request and cause issues.

This change brings presence in line with message-bus's behaviour.
2022-06-16 14:38:43 +01:00
David Taylor
a4fc88ce68
FIX: Ensure emoji is inserted in the correct location (#17107)
In the specific case where you start typing an emoji, then open the full emoji picker, the chosen emoji would be inserted in the wrong place. This was an unintentional side effect of the changes in 75d9c16156

This commit updates the `emojiSelected` logic to avoid mutating the 'selected' object, and also adds a test for this specific behaviour.
2022-06-16 12:16:53 +01:00
Arpit Jalan
c39cebc161
PERF: remove server plugin outlet for post (#17105) 2022-06-16 17:21:24 +10:00
Alan Guo Xiang Tan
c625dc0adc
FEATURE: Add messages section links to experimental sidebar. (#17096) 2022-06-16 13:33:40 +08:00
Gerhard Schlager
888f50543d
DEV: Fix javascript:update rake task (#17098)
* The `javascript:update` rake task failed because recent versions of chart.js use a lowercase filename (`chart.min.js` instead of `Chart.min.js`)

* Changed `loadScript()` to use lowercase keys to lookup scripts

* `svg-arrow.css` seems to have changed slightly (linebreak at the end of file)
2022-06-15 19:49:04 +02:00
Isaac Janzen
a7034c5a14
DEV: Update create-account test to be more clear (#17102) 2022-06-15 12:47:47 -05:00
Isaac Janzen
bc0a37b642
DEV: @bind create-account actions (#17100)
DEV: @bind create-account actions

Context: https://github.com/discourse/discourse/pull/16983#discussion_r894721403
2022-06-15 12:36:04 -05:00
David Taylor
275849771f
DEV: Emit a 'change' event when PresenceChannel info changes (#17088)
e.g.

```
presenceChannel = this.presence.getChannel('/blah');
presenceChannel.subscribe();
presenceChannel.on('change', (channel) => console.log(channel.users));
```

This commit also does some refactoring to remove the use of an unnecessary EmberObject and dynamic `defineProperty` call
2022-06-15 16:13:44 +01:00
Jarek Radosz
f723b4c322
FIX: Handle sites with more than 1 JSON-LD element (#17095)
A followup to #17007
2022-06-15 02:55:55 +02:00
Martin Brennan
4d3c1ceb44
FEATURE: Log the SMTP response in EmailLog (#17056)
When sending emails with delivery_method_options -> return_response
set to true, the SMTP sending code inside Mail will return the SMTP
response when calling deliver! for mail within the app. This commit
ensures that Email::Sender captures this response if it is returned
and stores it against the EmailLog created for the sent email.

A follow up PR will make this visible within the admin email UI.
2022-06-15 10:28:30 +10:00
Krzysztof Kotlarek
63df2b4550
FIX: whisper available when reply to topic (#17054)
When a user is answering a whisper comment, they cannot change from whisper to regular answer.

However, user can click reply to topic. We keep `postSnapshot` so user can change mind and switch back to reply to post. In that case, a toggle whisper button should appear.

To make it happen, I am ensuring to display a toggle whisper button when user is replying to topic - `postLink` attribute is missing.
2022-06-15 09:59:57 +10:00
Jarek Radosz
39f45c701c
DEV: Mark inline styles as safe (#17093)
Fixes many Ember deprecation warnings like:

```
WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see https://emberjs.com/deprecations/v1.x/#toc_binding-style-attributes. Style affected: "border-color: #33B0B0; --category-color: #33B0B0;"
```
2022-06-15 01:31:21 +02:00
Daniel Waterworth
d7886e4d18
FIX: Allow all subdomains of localhost in development (#17089)
domains can contain numbers.

Follow-up-to: 00e756e358
2022-06-14 14:54:49 -05:00
Jarek Radosz
348b6e848f
FIX: NavItem and Composer prop overriding was broken (#17092) 2022-06-14 21:16:33 +02:00
Discourse Translator Bot
e0364cf228
Update translations (#17087) 2022-06-14 16:57:33 +02:00
Gerhard Schlager
96e87af605
FIX: Rake tasks related to uploads were broken (#17085) 2022-06-14 11:05:03 +02:00
Alan Guo Xiang Tan
4a240f6c90
DEV: First pass at messages section experimental sidebar (#17084) 2022-06-14 15:56:20 +08:00
Alan Guo Xiang Tan
e7e23e8d9c
FIX: Remove tags from experimental sidebar on notification level changed (#17083)
As part of this commit, a bug where updating a tag's notification level on the server side does not update the state of the user's tag notification levels on the client side is fixed too.
2022-06-14 15:39:56 +08:00
dependabot[bot]
47034d9ca0
Build(deps): Bump zeitwerk from 2.5.4 to 2.6.0 (#17080)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.5.4 to 2.6.0.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.5.4...v2.6.0)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-14 13:49:03 +08:00
Sam
4a1937adff
FEATURE: Change auto tracking to require 5 minutes vs 4 (#17081)
Per @codinghorror, we prefer to change this setting to 5 minutes to avoid
tracking topic automatically except for extremely exceptional situations.
2022-06-14 13:48:19 +08:00
Alan Guo Xiang Tan
0ae7b43018
PERF: Remove total for time to first response report. (#17082)
The query is very inefficient without any constraints on large sites and
the average of all time to first response since the beginning of time is
not useful as well.
2022-06-14 13:27:48 +10:00
Blake Erickson
f313276966
Version bump to v2.9.0.beta5 (#17077) 2022-06-13 15:27:06 -06:00
Blake Erickson
ae6a907943
SECURITY: banner-info (#17071) 2022-06-13 11:10:21 -06:00
David Taylor
6650218e3d
FIX: Ensure that extract_upload_ids works with all short URLs (#17070)
We do not zero-pad our base62 short URLs, so there is no guarantee that the length is 27. Instead, let's greedily match all consecutive base62 characters and look for a matching upload.

This reverts bd32656157 and 36f5d5eada.
2022-06-13 17:01:27 +01:00
sansnumero
f0c6dd5682
Add support for JSON LD in Onebox (#17007)
* FIX: Fix a bug that is accessing the values in a hash wrongly and write tests

I decided to write tests in order to be confident in my refactor that's in the next commit.
Meanwhile I have discovered a potential bug. The `title_attr` key was accessed as a string,
but all the keys are actually symbols so it was never evaluated to be true.

irb(main):025:0> d = {key: 'value'}
=> {:key=>"value"}
irb(main):026:0> d['key']
=> nil
irb(main):027:0> d[:key]
=> "value"

* DEV: Extract methods for readability

I will be adding a new method following the conventions in place for adding a new normalizer. And this will make the readability of the `raw` block even more difficult; so I am extracting self contained private methods beforehand.

* FEATURE: Parse JSON-LD and introduce Movie object

JSON LD data is very easily transferable to Ruby objects because they contain types. If these types are mapped to Ruby objects, it is also better to make all the parsed data very explicit and easily extendable.

JSON-LD has many more standardized item types, with a full list here: https://schema.org/docs/full.html
However in order to decrease the scope, I only adapted the movie type.

* DEV: Change inheritance between normalizers

Normalizers are not supposed to have an inheritance relationships amongst each other. They are all normalizers, but all normalizing separate protocols. This is why I chose to extract a parent class and relieve Open Graph off that responsibility. Removing the parent class altogether could also a possibility, but I am keeping the scope limited to having a more accurate representation of the normalizers while making it easier to add a new one.

* Lint changes

* Bring back the Oembed OpenGraph inheritance

There is one test that caught that this inheritance was necessary. I still think modelling wise this inheritance shouldn't exist, but this can be tackled separately.

* Return empty hash if the json received is invalid

Before this change if there was a parsing error with JSON it would throw an exception. The goal of this commit is to rescue that exception and then log a warning. I chose to use Discourse's logger wrapper `warn_exception` to have the backtrace and not just used Rails logger. I considered raising an `InvalidParameters` error however if the JSON here is invalid it should not block showing of the Onebox, so logging is enough.

* Prep to support more JSONLD schema types with case

* Extract mustache template object created from JSONLD
2022-06-13 17:32:34 +02:00
Wolftallemo
be556ef17b
FIX: Skip CSRF token check on webhook routes (#16982)
The `WebhookController` inherits directly from `ActionController::Base`. Since Rails 5.2, forgery protection has been enabled by default. When we applied those new defaults in 0403a8633b, it took effect on this controller and broke integrations.

This commit explicitly disables CSRF protection on these webhook routes, and updates the specs so they'll catch this kind of regression in future.
2022-06-13 15:36:45 +01:00
Jarek Radosz
77632d2d36
DEV: Explicitly allow NavItem customization (#17061)
Allow overriding NavItem's title and displayName. Fixes multiple instances of `computed-property.override` warnings in plugins.
2022-06-13 12:46:04 +02:00
Jarek Radosz
8d0c2cd4f8
DEV: Allow disabling composer submit (#17062)
…without overriding the computed property. Will fix warnings in discourse-perspective-api plugin.
2022-06-13 12:45:47 +02:00
Alan Guo Xiang Tan
e9a77e7f19
FEATURE: Add new/unread counts to tags section links exp sidebar (#17057) 2022-06-13 14:54:01 +08:00
Alan Guo Xiang Tan
95fa4c5d52
DEV: Ensure topic-tracking-state state change callbacks are cleaned up (#17069) 2022-06-13 14:53:02 +08:00
Alan Guo Xiang Tan
94c3bbc2d1
DEV: Centralize user updates to a single MessageBus channel. (#17058)
Introduces an interface to publish user updates on the server side and
helps to reduce the growing number of subscriptions on the client side.
2022-06-13 14:27:43 +08:00
Alan Guo Xiang Tan
bd32656157
DEV: Skip flaky test. (#17068) 2022-06-13 13:48:08 +08:00
Alan Guo Xiang Tan
36f5d5eada
DEV: Skip flaky spec. (#17067) 2022-06-13 13:10:00 +08:00
dependabot[bot]
65929ed128
Build(deps): Bump multipart-post from 2.2.2 to 2.2.3 (#17066)
Bumps [multipart-post](https://github.com/socketry/multipart-post) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/socketry/multipart-post/releases)
- [Changelog](https://github.com/socketry/multipart-post/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketry/multipart-post/compare/v2.2.2...v2.2.3)

---
updated-dependencies:
- dependency-name: multipart-post
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-13 11:26:25 +08:00
dependabot[bot]
357ef528de
Build(deps): Bump diffy from 3.4.0 to 3.4.1 (#17065)
Bumps [diffy](https://github.com/samg/diffy) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/samg/diffy/releases)
- [Changelog](https://github.com/samg/diffy/blob/main/CHANGELOG)
- [Commits](https://github.com/samg/diffy/commits)

---
updated-dependencies:
- dependency-name: diffy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-13 11:15:29 +08:00
dependabot[bot]
69e5da448e
Build(deps): Bump rails-html-sanitizer from 1.4.2 to 1.4.3 (#17064)
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-13 11:15:14 +08:00
Jarek Radosz
e245839c3c
DEV: Remove old deprecations (#14906) 2022-06-12 21:28:20 +02:00
Discourse Translator Bot
f38a06f3a5
Update translations (#17022) 2022-06-11 13:20:37 +02:00
Jeff Wong
d7d9c10c1d FIX: display translated fallback as the group name for custom emoji groups 2022-06-10 11:10:05 -10:00
Jeff Wong
9a656e18e9 DEV: add translation fallback option for i18n
Allow for a default translation string to be returned when a translation cannot
be found.

Useful in contexts where there is a known fallback, such as custom emoji group
strings.
2022-06-10 11:10:05 -10:00
Joffrey JAFFEUX
532935043c
FIX: allows image to be displayed at the right size 2022-06-10 16:28:58 +02:00
Gabe Pacuilla
c04cb223f3
FIX: twitter onebox keeps whitespace for expanded links (#17055) 2022-06-10 01:20:26 -04:00
Alan Guo Xiang Tan
ced9a5ee6d
FEATURE: First pass tags section for experimental sidebar. (#17048)
Counts for the section links will be added in a follow up commit.
2022-06-10 09:49:36 +08:00
dependabot[bot]
874e070956
Build(deps): Bump multipart-post from 2.2.0 to 2.2.2 (#17053)
Bumps [multipart-post](https://github.com/socketry/multipart-post) from 2.2.0 to 2.2.2.
- [Release notes](https://github.com/socketry/multipart-post/releases)
- [Changelog](https://github.com/socketry/multipart-post/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketry/multipart-post/compare/v2.2.0...v2.2.2)

---
updated-dependencies:
- dependency-name: multipart-post
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-10 09:48:34 +08:00
David Taylor
75d9c16156
DEV: Remove jquery from textarea-manipulation, improve undo handling (#17050)
This commit removes many uses of `this._$textarea`, and also switches us to use `document.execCommand("insertText")` for the majority of manipulations. This means that the browser undo history will be preserved when doing things like pasting rich html, using bold/italic shortcuts, etc.

These manipulations are already extensively tested. This commit extends a few of the tests to verify the undo behavior.

There are still a few cases (e.g. replacing upload placeholders with true URLs) where we don't necessarily want to bring the composer into focus. In those cases, the old history-breaking behavior remains for now.
2022-06-10 10:42:50 +10:00
David Taylor
c054a47d9a
DEV: Add escapeRegExp util (#17051)
This was re-implemented in a number of places - it makes more sense as a utility function.
2022-06-10 10:37:54 +10:00
Isaac Janzen
3ebfde5ea2
DEV: Remove jquery from create-account modal (#16983) 2022-06-09 14:59:33 -05:00
Sérgio Saquetim
300f835703
DEV: Supress logs when RetrieveTitle.crawl fails with Net::ReadTimeout errors (#16971)
This PR changes the rescue block to rescue only Net::TimeoutError exceptions and removes the log line to prevent clutter the logs with errors that are ignored. Other errors can bubble up because they're errors we probably want to know about
2022-06-09 16:30:22 -03:00