Commit Graph

10340 Commits

Author SHA1 Message Date
Osama Sayegh
976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
Alan Guo Xiang Tan
25ce1f3399
PERF: Don't execute a git command each time we log a log line (#30177)
We already have a `GIT_VERSION` constant in `DiscourseLogstashLogger` so
we can just use that.
2024-12-09 11:11:03 +08:00
Martin Brennan
8a89a77248
FIX: Discard empty bundles for reviewables (#30121)
Followup c7e471d35a

It is currently possible to add a bundle (which is a collection
of actions used for a dropdown on the client) for a reviewable
via actions.add_bundle and then never add any actions to it.

This causes the client to explode, as seen in the referenced
commit, because of the way our store expects to resolve objects
referenced by ID that are passed down by the serializer, which
then causes Ember to have an unrecoverable render error.

Fixing this on the serializer level is not really possible because
of all the ActiveModel::Serializer magic that serializes
objects by ID reference when doing things like has_many.
`Reviewable#actions_for` is a better place to do this anyway,
because this is the main location where the bundles and actions
are built for every action via the serializer.
2024-12-05 15:41:13 +10:00
Krzysztof Kotlarek
28b4ff6cb6
FIX: update flag reason message with default value (#30026)
Currently only system flags are translated. When we send message to the user that their post was deleted because of custom flag, we should default to custom flag name.
2024-12-04 14:46:52 +11:00
Kris
60826162b5
A11Y: remove redundant alt text from github oneboxes (#30083) 2024-12-04 12:25:03 +11:00
Gary Pendergast
2513339955
FEATURE: Show when a badge has been granted for a post (#29696)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-12-03 13:43:27 +11:00
Kelv
435fbb7408
DEV: unsilence deprecation warning for old Font Awesome icons (#30028)
* DEV: unsilence deprecation warnings for old Font Awesome icon names

* update fa-user to user font awesome icon name
* update pencil-alt to pencil font awesome 6 icon name
2024-12-03 10:28:39 +08:00
David Taylor
b47ae6d437
UX: Strip multiline comments in github oneboxes (#30040)
We were already stripping comments from GitHub issue/PR oneboxes, but the regex was not correctly matching multiline comments.
2024-12-02 18:08:55 +00:00
Alan Guo Xiang Tan
44a81069ac
DEV: Avoid creating system message when system user initiates restore (#30027)
There is no point creating a message for the system user since it is a
non-human user.
2024-12-02 16:13:38 +08:00
Régis Hanol
7d58793759
DEV: deduplicate inline styles in emails (#30015)
In order to limit issues with duplicate inline CSS definitions, this will now deduplicate inline CSS styles with the "last-to-be-defined-wins" strategy.

Also removes unecessary whitespaces in inline styles.

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219

Co-authored-by: Thomas Kalka <thomas.kalka@gmail.com>
2024-11-30 16:38:45 +01:00
Régis Hanol
20d46c9583
PERF: only diff HTML / Markdown when needed (#30014)
When serializing the `body_changes` in the `PostRevisionSerializer`, we create two diffs: one for the `cooked` and another one for the `raw` version of the post.

Inside `DiscourseDiff`, we generate both `html` and `markdown` diffs when we only need the `html` diffs for the `cooked` version of the post and the `markdown` diff for the `raw` version of the post.

This solves the issue repored in https://meta.discourse.org/t/server-error-accessing-topic-revisions-on-a-specific-topic/339185 where some revisions would return 500 because of a `ArgumentError : Attributes per element limit exceeded` exception when trying to generate the `html` diff on a very large `raw`.
2024-11-30 16:30:30 +01:00
Jarek Radosz
85ead5ac7a
Revert "FIX: deduplicate css in mails (#30003)" (#30013)
This reverts commit 6e726d436f.

The specs were failing in the original PR but the CI didn't run.
2024-11-30 15:32:32 +01:00
Thomas Kalka
6e726d436f
FIX: deduplicate css in mails (#30003)
Feature: Resolve final styles in email notifications

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219
2024-11-30 14:51:02 +01:00
Hoa Nguyen
607dd2cbd8
DEV: improve the plugin:spec rake task (#29050)
Allow the plugin:spec to receive the test file path, rather than always run all tests of the plugin.
2024-11-29 06:33:14 +11:00
Bianca Nenciu
5abee8ac6b
DEV: Log number of live slots used by requests (#29884) 2024-11-28 18:25:48 +02:00
Loïc Guitaut
88f1b3b195 DEV: Try fixing flaky spec related to Scheduler::Defer
Checking if a connection is available is probably not enough, when the
connection is available, we should still verify it’s not stale.
2024-11-28 15:30:13 +01:00
Loïc Guitaut
f69f0211df DEV: Fix flaky spec related to Scheduler::Defer
In some cases in CI env, it seems the AR connection isn’t available and
the `ensure` block is executed. It’s calling `#verify!` on the
connection, so it can fail sometimes. This is probably why
`#clear_active_connections!` was failing too sometimes.

Here, we just check the connection is present before clearing the
connections.
2024-11-28 11:46:52 +01:00
Sam
07813ba83c
DEV: fix hanging spec (#29974) 2024-11-28 11:06:19 +08:00
Sam
72132c35fb
DEV: fix flaky spec (#29972)
Spec was flaky cause work could still be in pipeline after the defer
length is 0. Our length denotes the backlog, not the in progress
count.

This adds a mechanism for gracefully stopping the queue and avoids
wait_for callse
2024-11-28 11:21:35 +11:00
Angus McLeod
6acf673f8d
FIX: topic post counts for webhook post_destroyed event (#29853)
* FIX: topic post counts for webhook post_destroyed event

- Generate webhook data after posts are destroyed
- Don't count user_deleted posts

* Remove unnecessary conditional
2024-11-27 11:36:51 -08:00
Loïc Guitaut
fac6147039 DEV: Verify DB connection before trying to clear active connections 2024-11-27 18:12:11 +01:00
Loïc Guitaut
d6bec460a8 DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
Ted Johansson
f4d0a77d5f
DEV: Add "delete user" options to illegal flag review (#29956)
We already add the "delete user" and "delete and block user" options to the drop-down for potential spam, but we should do this for potentially illegal posts as well.

This is entirely based on the implementation for the potential spam one, including caching the status on the reviewable record.

Also note that just as for potential spam, the user must be "deletable" for the option to appear.

I also took the liberty to move the options in the drop-down to what I think is a more intuitive place. (Between delete post and suspend/silence user.)
2024-11-27 17:23:57 +08:00
Martin Brennan
2ef9d6ac47
FEATURE: Allow admins to force refresh "What's new?" (#29911)
Sometimes changes to "What's new?" feed items are made or the feed items are
removed altogether, and the polling interval to check for new features is 1 day.

This is quite long, so this commit introduces a "Check for updates"
button for admins to click on the "What's new?" page which will bust
the cache for the feed and check again at the new features endpoint.
This is limited to 5 times per minute to avoid rapid sending of
requests.
2024-11-27 09:40:55 +10:00
Martin Brennan
b8a5f95eb6
FIX: Handle multiple In-Reply-To Message-ID in group inbox (#29912)
This fix handles the case where an In-Reply-To mail header
can contain multiple Message-IDs. We use this header to
try look up an EmailLog record to find the post to reply
to in the group email inbox flow.

Since the case where multiple In-Reply-To Message-IDs is
rare (we've only seen a couple of instances of this causing
errors in the wild), we are just going to use the first one
in the array.

Also, Discourse does not support replying to multiple posts
at once, so it doesn't really make sense to use multiple
In-Reply-To Message-IDs anyway.
2024-11-26 11:12:40 +10:00
Selase Krakani
a20b7fa83f
DEV: Gracefully handle regex_replace max column length violations (#29787)
* DEV: Gracefully handle `regex_replace` violations of column length constraints

This is a follow-up to the `remap` [refactor](9b0cfa99c5).
Similar to `remap`, the entire `regex_replace` operation fails if the new content exceeds the column’s max length.

This change introduces an optional mode, controlled by the new `skip_max_length_violations` param
to skip records eligible for `regex_replace`  where the new content violates the max column length constraint.

It also includes updates to the exception message raised when `regex_replace` fails to include more details

* DEV: Remove string escapes in heredoc text
2024-11-25 11:39:53 +00:00
Osama Sayegh
eaa3f813c1
FIX: Don't secure the about banner image (#29889)
Uploads that are linked to site settings shouldn't be flagged as secure in login-required sites that enable secure uploads. However, in order for site setting uploads to not be marked secured, the frontend uploader has to include 2 params in the upload request: `for_site_setting: true` and `type: "site_setting"`.

Since these 2 params are semantically identical, we want the `type: "site_setting"` param alone to make the upload correctly treated as a site setting upload. To achieve that, we need to include the `site_setting` type in the public types list because the `for_site_setting` param has the same effect — it marks the upload as a public type.

b138eaf9e5/lib/upload_security.rb (L128-L131)
2024-11-25 11:12:00 +03:00
Ted Johansson
88af23e1ca
DEV: Modernize admin user fields (#29843)
This PR modernizes the user fields area of the admin UI. It is largely based on the work on the emoji section.
2024-11-25 11:54:43 +08:00
Mark VanLandingham
d880db3b7b
DEV: Apply modifier for topic_view link_counts (#29883) 2024-11-22 14:49:39 -06:00
Jarek Radosz
2589545623
DEV: Detect hbr topic list customizations (#29793) 2024-11-21 16:00:49 +01:00
Loïc Guitaut
581fb97bfa DEV: Fix benchmark script
Following a recent commit (cb4b8146a3),
the benchmark script wasn’t working anymore (and the related rake task).

This patch fixes it. It also adds some information about Ruby YJIT being
enabled or not.
2024-11-20 14:36:44 +01:00
David Taylor
32665cf9dd
DEV: Consolidate i18n import paths (#29804)
Enables our new eslint rules which enforce consistent i18n imports. For more info, see 0d58b40cd7
2024-11-19 20:45:18 +00:00
Loïc Guitaut
719457e430 DEV: Add a try step to services
This patch adds a new step to services named `try`.

It’s useful to rescue exceptions that some steps could raise. That way,
if an exception is caught, the service will stop its execution and can
be inspected like with any other steps.

Just wrap the steps that can raise with a `try` block:
```ruby
try do
  step :step_that_can_raise
  step :another_step_that_can_raise
end
```
By default, `try` will catch any exception inheriting from
`StandardError`, but we can specify what exceptions to catch:
```ruby
try(ArgumentError, RuntimeError) do
  step :will_raise
end
```

An outcome matcher has been added: `on_exceptions`. By default it will
be executed for any exception caught by the `try` step.
Here also, we can specify what exceptions to catch:
```ruby
on_exceptions(ArgumentError, RuntimeError) do |exception|
  …
end
```

Finally, an RSpec matcher has been added:
```ruby
  it { is_expected.to fail_with_exception }
  # or
  it { is_expected.to fail_with_exception(ArgumentError) }
```
2024-11-19 12:01:07 +01:00
Selase Krakani
9b0cfa99c5
DEV: Gracefully handle remaps which violate DB column constraints (#29501)
* DEV: Gracefully handle remaps which violate DB column constraints

This change implements length constraint enforcement to skip remaps
which exceed column max lengths

* DEV: Only perform skipped column stats lookup when verbose is true

* DEV: Tidy up specs

* DEV: Make skipping violating remap behaviour opt-in

This change introduces a new `skip_max_length_violations` param for
`remap`, set to `false` by default to ensure we still continue to fail
hard when max lenth constraints are violated.

To aid in quick resolution when remaps fail, this change also
adds more context to the exception message to include the offending table
and column information

* Apply suggestions from code review

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>

* FIX: Various fixes

- Linter errors
- Remap status "logger" early return condition

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-11-15 10:42:25 +00:00
Alan Guo Xiang Tan
6bf0ac730f
FIX: Rescue ActiveRecord::ReadOnlyError when baking theme field (#29776)
Firstly, we need to understand that ActiveRecord can be
connected to a role which prevent writes and this happens in Discourse when a
replica database has been setup for failover purposes. When a role
prevent writes from happening, ActiveRecord will raise the
`ActiveRecord::ReadOnlyError` if a write query is attempted.

Secondly, theme fields are baked at runtime within GET requests. The
baking process involves writing the baked value to the
`ThemeField#baked_value` column in the database.

If we combine the two points above, we can see how the writing of the
baked value to the database will trigger a `ActiveRecord::ReadOnlyError`
in a GET requests when the database is connected to a role preventing
writes. However, failing to bake a theme is not the end of the world and
should not cause GET requests to fail. Therefore, this commit adds a rescue
for `ActiveRecord::ReadOnlyError` in the `ThemeField#ensure_baked!`
method.
2024-11-15 10:19:10 +08:00
Alan Guo Xiang Tan
69b552a211
DEV: Fix uploads:fix_missing_s3 rake task when file is too big (#29735)
If the upload has existed before, we should allow the upload to be
created even if the upload's size is too big.
2024-11-13 15:01:44 +08:00
Jan Cernik
234133bd3b
UX: Split hide_profile_and_presence user option (#29632)
It splits the hide_profile_and_presence user option and the default_hide_profile_and_presence site setting for more granular control. It keeps the option to hide the profile under /u/username/preferences/interface and adds the presence toggle in the quick user menu.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-11-12 22:22:58 -03:00
Angus McLeod
cb4b8146a3
Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
Alan Guo Xiang Tan
af642d0d69
Revert "FEATURE: Mark bad uploads with :invalid_url (#29640)" (#29657)
This reverts commit 5a00a041f1.

Implementation is currently not correct. Multiple uploads can share the
same etag but have different paths in the S3 bucket.
2024-11-08 13:04:52 +08:00
Natalie Tay
6c36af9f62
DEV: Add verbose logging for google oauth (#29459)
Some checks failed
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Has been cancelled
Licenses / run (push) Has been cancelled
Linting / run (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Has been cancelled
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Has been cancelled
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Has been cancelled
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Has been cancelled
2024-11-08 11:03:17 +08:00
Bianca Nenciu
5a00a041f1
FEATURE: Mark bad uploads with :invalid_url (#29640)
A "bad upload" in this context is a upload with a mismatched URL. This can happen when changing the S3 bucket used for uploads and the upload records in the database have not been remapped correctly.
2024-11-08 08:05:14 +08:00
Martin Brennan
0568d36133
FIX: Use dualstack S3 endpoint for direct uploads (#29611)
When we added direct S3 uploads to Discourse, which use
presigned URLs, we never took into account the dualstack
endpoints for IPv6 on S3.

This commit fixes the issue by using the dualstack endpoints
for presigned URLs and requests, which are used in the
get-presigned-put and batch-presign-urls endpoints used when
directly uploading to S3.

It also makes regular S3 requests for `put` and so on use
dualstack URLs. It doesn't seem like there is a downside to
doing this, but a bunch of specs needed to be updated to reflect this.
2024-11-07 11:06:39 +10:00
Keegan George
fad0d2ec62
UX: New experimental features should be marked clearly (#29622)
This PR adds a small visual change to the new feature item on the `/admin/whats-new` page. When features are marked with an experimental site setting, they should show an indication on the feature item that it is "Experimental"
2024-11-06 15:26:30 -08:00
Kris
f24c274867
UX: replace broken link SVG with new Font Awesome 6 name (#29623) 2024-11-06 13:35:07 -05:00
Gabriel Grubba
75beb5a84f
FIX: Change create_post_for_category_and_tag_changes setting to use whispers instead of small actions (#29602)
It currently can leak private tags/categories, to address this we are moving to whispers.
2024-11-06 09:28:28 -03:00
Alan Guo Xiang Tan
57f4176b57
DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
Sam
3b0332ef6c
DEV: use Sets for setting lists. (#29584)
This makes membership checks more efficient
2024-11-05 16:04:24 +11:00
Martin Brennan
1a3b9a7352
DEV: Secure upload rake task improvements (#29484)
This commit changes the uploads:secure_upload_analyse_and_update
and uploads:disable_secure_uploads to no longer rebake affected
posts inline. This just took way too long, and if the task stalled
you couldn't be sure if the rest of it completed.

Instead, we can update the baked_version of affected posts and
utilize our PeriodicalUpdates job to gradually rebake them. I added
warnings about increasing the site setting rebake_old_posts_count and
the global setting max_old_rebakes_per_15_minutes before doing this
as well.

For good measure, the affected post IDs are written to a JSON file too.
2024-10-31 13:33:11 +10:00
Martin Brennan
d5b328b193
DEV: Site setting keyword changes (#29486)
Some checks are pending
Licenses / run (push) Waiting to run
Linting / run (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (annotations, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (backend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (frontend, themes) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, chat) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, core) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, plugins) (push) Waiting to run
Tests / ${{ matrix.target }} ${{ matrix.build_type }} (system, themes) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Chrome) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox ESR) (push) Waiting to run
Tests / core frontend (${{ matrix.browser }}) (Firefox Evergreen) (push) Waiting to run
This commit contains two changes to how our site setting
keyword system works:

1. Crowdin, our translation provider, does not support YAML lists,
   so we are changing site setting keywords in server.en.yml to
   be pipe-separated (|)
2. It's unclear to translators what they are supposed to do with
   aliases of site settings where the name has changed, e.g.
   min_trust_level_for_here_mention. Instead of getting these as
   keywords from the yml file, we can discern these from
   SiteSettings::DeprecatedSettings automatically, and still use
   them for client-side search

These changes should help improve the situation for translators.
2024-10-31 13:18:34 +10:00
Bianca Nenciu
430c42acde
FEATURE: Conditionally force optimized category style (#29473)
The `categories_only_optimized` category page style has been introduced
in commit d37a0d401c. This commit makes
sure that style is enforced for users who can see over 1000 categories
in order to keep `/categories` page functional.
2024-10-30 16:46:56 +02:00