Commit Graph

287 Commits

Author SHA1 Message Date
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Arpit Jalan
b7327d2c34 UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
Neil Lalonde
4c2d6e19ba PERF: cache new users counts in summary emails
The query to count how many new users there are since a given date
is expensive. It's the least personalized stat and the one we fallback
to last when no better number can be found for the target user.
Give up accuracy so we can aggressively cache the user counts
that appear in this email.
2019-10-25 16:33:36 -04:00
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Arpit Jalan
c596d7df77 FIX: respect private_email setting for user invited notification email 2019-10-16 12:50:30 +05:30
Arpit Jalan
600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Sam Saffron
5aaf7e3316 FIX: during concurrent emails generation renderer should not be reused
Our instance used for template rendering needs a lock to ensure there is
no race condition where rendering happens on 2 threads at the same time.

This can lead to local poisoning which can cause unexpected results in
emails
2019-10-10 08:50:48 +11:00
Sam Saffron
71ea4ad7fc PERF: reuse renderer when rendering email templates
Previous to this fix we were leaking methods on the internal action view
template class per render.

This caused email generation to be very low and a steady memory leak in the
application in sidekiq when sending out emails

The behavior change is new to Rails 6 so this fix does not need to be
backported into stable.
2019-10-06 23:57:03 -04:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Robin Ward
66214eee85 SECURITY: Strip HTML from invite emails
We also strip new lines from the emails because it ruins the markdown
formatting which expects a one line message.
2019-07-05 14:57:11 -04:00
Osama Sayegh
14bae6d52d Make email_excerpt method take an optional post param (#7570)
The spoiler alert plugin replaces spoiler text found in email excerpts with posts URL, which means it needs to have a reference to the post it's processing.

This change makes `email_excerpt` accepts an optional post param, which calls `PrettyText.format_for_email` which then triggers the `reduce_cooked` event that the plugin subscribes to.
2019-05-20 10:04:23 +02:00
Neil Lalonde
7eea55d564 PERF: remove "new posts" stat from summary email
It performs horribly and isn't a personalized stat like the others.
2019-05-15 16:28:21 -04:00
Guo Xiang Tan
b584e30902 Fix modifying frozen strings error take 2. 2019-05-13 16:23:45 +08:00
Guo Xiang Tan
d369b84ced Fix modifying frozen strings error. 2019-05-13 14:31:20 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Joffrey JAFFEUX
497c0ba418 Revert "FIX: frozen string exception (#7505)"
This reverts commit 2938e3f033.
2019-05-08 17:27:03 +02:00
Joffrey JAFFEUX
2938e3f033
FIX: frozen string exception (#7505)
Initial backtrace:

```
/var/www/discourse/app/mailers/user_notifications.rb:554:in `send_notification_email'
/var/www/discourse/app/mailers/user_notifications.rb:459:in `notification_email'
/var/www/discourse/app/mailers/user_notifications.rb:318:in `user_private_message'
```

* this might fail too
2019-05-08 16:52:38 +02:00
Sam Saffron
1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Bianca Nenciu
3d545d66df FEATURE: Send user activation reminders. (#7280) 2019-04-10 16:53:52 +02:00
Guo Xiang Tan
6815f777f9 DEV: Remove unused method. 2019-04-04 14:19:39 +08:00
Gerhard Schlager
197e3fd722 FIX: Keep original subject in emails to staged users
Renaming a topic shouldn't be visibile to staged users when the topic was created via email.
2019-01-18 11:07:54 +01:00
Gerhard Schlager
858a456aaf FEATURE: Use email_site_title in From of digest emails 2019-01-04 17:06:19 +01:00
Gerhard Schlager
c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
Bianca Nenciu
a06d310855 DEV: Refactor location string builders. (#6794) 2018-12-20 10:23:05 +01:00
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Gerhard Schlager
2c5d9269a0 FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 11:44:28 +02:00
Gerhard Schlager
9d35240620 Revert "FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled"
This reverts commit c788737eed.
2018-09-05 01:53:22 +02:00
Gerhard Schlager
c788737eed FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 00:47:39 +02:00
Guo Xiang Tan
87537b679c Drop reply_key, skipped and skipped_reason from email_logs. 2018-07-30 11:39:28 +08:00
Sam
0c59346478 PERF: reduce querying when creating notifications
also style avoid shadowing of vars
2018-07-11 12:38:11 +10:00
Maja Komel
0942e2c795 allow adding tags as a custom subject format for emails (#5846)
allow adding tags as a custom subject format for emails
2018-07-11 12:24:07 +10:00
Jeff Wong
4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Arpit Jalan
392f184b24 FIX: check for existence of topic before looking for category 2018-05-17 10:49:01 +05:30
Jeff Wong
62a8904729
Feature: Include participants at the bottom of PM emails (#5797)
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Guo Xiang Tan
74ce2220a7 Make rubocop happy. 2018-03-12 09:48:41 +08:00
Leo McArdle
89f41f8236 FIX: error when group_in_subject enabled but no group in pm 2018-03-11 12:22:11 +00:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Leo McArdle
5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Joshua Rosenfeld
f85055d653 FIX: Remove activation link from account approved email (#5548) 2018-02-01 14:59:37 +01:00
Arpit Jalan
0e0794dff9 FIX: correct use of invitee vs inviter in email templates 2017-12-04 14:09:48 +05:30
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Neil Lalonde
bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Neil Lalonde
e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Robin Ward
677b016387 Send a suspension message via email to a user 2017-09-25 12:26:41 -04:00
Neil Lalonde
7181fce71e remove unused file pending_flags_mailer.rb 2017-09-12 18:00:51 -04:00
Neil Lalonde
beea5cac48 FIX: send the queued posts reminder as a message to moderators instead of an email to the contact_email 2017-09-12 18:00:51 -04:00
Neil Lalonde
94d8f6d734 FIX: digest emails should not include posts that are still in the edit grace period 2017-08-14 12:47:33 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
b59dfb86f4 UX: Include group name in email when group is invited to a PM.
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
Robin Ward
574681dc47 FIX: Show emoji in inline oneboxes 2017-07-21 14:24:48 -04:00
Sam
c79418d334 DEV: Move RTL into lib where it belongs 2017-07-03 15:26:57 -04:00
Arpit Jalan
16d356ab4e FEATURE: resending invite should include original custom message
https://meta.discourse.org/t/will-resent-invite-include-original-custom-message/64699
2017-06-30 18:13:33 +05:30
Neil Lalonde
5be7a2dad4 FIX: invalid html in notification emails when template has been customized 2017-05-10 14:01:26 -04:00
Guo Xiang Tan
71a266b673 Remove daily mailing mode option as it doesn't scale.
https://meta.discourse.org/t/daily-updates-option-for-mailing-list-mode/45029/14?u=tgxworld
2017-05-05 12:21:50 +08:00
Guo Xiang Tan
982e3d04f6 PERF: Allow memory to be freed instead of fetching all the objects into memory at once.
```
MemoryProfiler.report do
  Jobs::UserEmail.new.execute(type: :mailing_list, user_id: user.id)
end.pretty_print
```

Before:
```
Total allocated: 180096119 bytes (1962025 objects)
Total retained:  2194 bytes (16 objects)

allocated memory by gem
-----------------------------------
  66979096  activerecord-4.2.8
  43507184  nokogiri-1.7.1
  43365188  mail-2.6.4
   5960201  activesupport-4.2.8
   5056267  discourse/lib
   4835284  rack-mini-profiler-0.10.1
   3825817  arel-6.0.4
   2186088  i18n-0.8.1
   1719330  discourse/app
```

After:
```
Total allocated: 161935975 bytes (1473940 objects)
Total retained:  2234 bytes (17 objects)

allocated memory by gem
-----------------------------------
  45430264  activerecord-4.2.8
  43568627  nokogiri-1.7.1
  43430754  mail-2.6.4
  11233878  rack-mini-profiler-0.10.1
   5260825  activesupport-4.2.8
   5054491  discourse/lib
   2186088  i18n-0.8.1
   1822494  arel-6.0.4
```
2017-05-03 17:01:57 +08:00
Neil Lalonde
b193ae2d15 FIX: missing link in unsubscribe text of summary emails 2017-04-28 10:37:52 -04:00
Robin Ward
a545117d2e FIX: Forgot to clear out a topic excerpt 2017-04-27 11:49:39 -04:00
Robin Ward
2efe0442bf FIX: Messed up i18n key 2017-04-27 11:45:59 -04:00
Robin Ward
bf9c4a7828 FEATURE: secure_email site setting to prevent data going out in email 2017-04-26 13:05:56 -04:00
Neil Lalonde
2916b45666 multiplier should not have been changed 2017-04-12 14:48:30 -04:00
Neil Lalonde
3957540dd1 FIX: convert emoji to unicode in topic titles in emails 2017-04-10 13:15:25 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Arpit Jalan
1853a4852c FIX: use email prefix only in subject 2017-03-21 20:29:57 +05:30
Neil Lalonde
402ddb810c FIX: email customizations now apply to both html and text parts 2017-03-10 14:08:03 -05:00
Neil Lalonde
15adbdcdd5 FEATURE: new template parameters for notification emails that can be used in links: topic_title_url_encoded and site_title_url_encoded 2017-03-10 14:08:03 -05:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Neil Lalonde
581d477ff3 add a comment because I can never find the mailing list summary email 2017-02-08 12:13:29 -05:00
Neil Lalonde
d9146de080 FIX: an image can be shown twice in summary emails 2017-01-09 13:27:43 -05:00
Neil Lalonde
225e6703ba FIX: summary shows 0 new topics even though it shows some topics 2016-12-30 15:18:13 -05:00
Neil Lalonde
67347432b7 Remove unread counts from last section of summary email, and rename it "New for you" 2016-12-28 14:06:01 -05:00
Neil Lalonde
74956694e5 If summary email finds no topics, show topics more than 1 day old from new users 2016-12-19 14:54:08 -05:00
Neil Lalonde
239d06b218 add Likes Recieved to possible stats in summary email 2016-12-12 14:20:25 -05:00
Neil Lalonde
ad5d16af8e FIX: summary email popular posts ordering by score, and increase minimum score to qualify as popular 2016-12-07 12:40:44 -05:00
Neil Lalonde
576a424130 FEATURE: number of new topics at the end of summary email can be controlled by a new setting, digest_other_topics 2016-12-01 14:20:24 -05:00
Neil Lalonde
985daf5c72 FIX: summary should not include certain post types 2016-12-01 12:01:32 -05:00
Neil Lalonde
a187932126 Counts at top of summary email are links 2016-11-29 17:10:25 -05:00
Neil Lalonde
96daf5431f digest: don't show stats with 0. try to show new posts and new users counts. 2016-11-24 16:28:24 -05:00
Neil Lalonde
79dc0518c9 FIX: popular posts in digest need to use same restrictions as topics 2016-11-23 11:24:18 -05:00
Neil Lalonde
86deec3528 FIX: exclude popular posts from deleted topics 2016-11-22 13:23:21 -05:00
Neil Lalonde
1183e582c3 FIX: digest popular posts need minimum datetime 2016-11-18 16:57:23 -05:00
Neil Lalonde
45f368126f FEATURE: New summary/digest email design 2016-11-18 14:03:42 -05:00
Régis Hanol
829143bf88 FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled 2016-08-01 20:19:00 +02:00
Régis Hanol
7848a84e0e FIX: ensure summary emails have the 'List-Unsubscribe' header set 2016-07-15 11:39:29 +02:00
Robin Ward
5f91919663 Email support for watching first post 2016-07-07 12:23:19 -04:00
James Kiesel
7a6bc3f1d7 Apply notification styles to mailing list email manually (#4283)
* Apply notification styles to mailing list email manually

* Fix failing spec
2016-06-21 20:42:30 +05:30
Sam
852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
James Cook
c0e25b5a9a Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
improvement
2016-06-10 22:08:37 -05:00
Arpit Jalan
40e9e1be66 FEATURE: user-friendly custom message 2016-06-08 18:23:22 +05:30
Arpit Jalan
4253141700 FEATURE: custom email message for topic invites 2016-06-07 23:43:15 +05:30
Arpit Jalan
7b205ebba4 FEATURE: customize invite email message 2016-06-06 20:15:30 +05:30
Régis Hanol
99ad251731 different email footer when mailing_list_mode is enabled 2016-06-03 15:48:54 +02:00
James Kiesel
feffe23cc5 FEATURE: More granular mailing list mode (#4068)
* Rearrange frontend to account for mailing list mode

* Allow update of user preference for mailing list frequency

* Add mailing list frequency estimate

* Simplify frequency estimate; disable activity summary for mailing list mode

* Remove combined updates

* Add specs for enqueue mailing list mode job

* Write mailing list method for mailer

* Fix linting error

* Account for stale topics

* Add translations for default mailing list setting

* One query for mailing list topics

* Fix failing spec

* WIP

* Flesh out html template

* First pass at text-based mailing list summary

* Add user avatar

* Properly format posts for mailing list

* Move make_all_links_absolute into Email::Styles

* Apply first_seen_at to user

* Send mailing list email summary hourly based on first_seen_at

* Branch and test cleanup

* Use existing mailing list mode estimate

* Fix failing specs
2016-05-21 15:17:54 +02:00
Arpit Jalan
51d194cc21 FIX: show invited by username when inviting to topic 2016-04-13 11:38:29 +05:30
Régis Hanol
a359a973e2 remove useless content when sending email to a staged used 2016-04-11 19:06:10 +02:00
Arpit Jalan
17afdc34cc UX: user invite email style should be consistent with other user notifications 2016-03-25 19:28:55 +05:30
Sam
c095304d6d FEATURE: limit daily emails per user to 100 per day via site setting
- controlled via max_emails_per_day_per_user, 0 to disable
- when limit is reached user is warned
2016-03-23 15:08:48 +11:00
Robin Ward
5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00