Commit Graph

116 Commits

Author SHA1 Message Date
Régis Hanol
95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
David Taylor
23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor
052bf37578 FIX: Use Discourse.deprecate instead of Rails.logger.warn
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Guo Xiang Tan
1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Robin Ward
5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam
4b000f5d12 FIX: do not use lib for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
David Taylor
8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor
467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Robin Ward
6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX
24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Guo Xiang Tan
c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan
8cf0f51eb2 UX: Display site settings shortcut for poll and discourse-nginx-performance-report.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Robin Ward
93b40d5e59 Don't use puts here since it happens in tests 2018-04-30 12:26:43 -04:00
Robin Ward
cfcdc4b420 Output when a locale is invalid 2018-04-20 15:29:18 -04:00
Joffrey JAFFEUX
45f657336e
FEATURE: adds support for loading existing core asset in pretty text 2018-04-10 08:37:16 +02:00
Gerhard Schlager
eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Jeff Wong
b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward
966c7e7f07 FEATURE: Allow plugins to dynamically add seed fixture paths
This is useful if your plugin wants different seed data for different
locales for example.
2017-11-16 14:43:17 -05:00
Robin Ward
838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward
823936ca9c A plugin API to catch exceptions 2017-10-02 12:05:12 -04:00
Robin Ward
34f98f362f Add a plugin hook to specify a class on the body of the document 2017-09-28 13:17:09 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward
e7885c20cb Add reloadable support for patching in an avatar lookup 2017-08-30 14:24:03 -04:00
Guo Xiang Tan
2157079d09 Add Plugin API to register a category custom field. 2017-08-17 15:59:57 +09:00
Régis Hanol
55f449edc5 FIX: reloading issues with classes 2017-08-16 23:00:52 +02:00
Robin Ward
5ed809a15b FIX: Reloading issues with classes 2017-08-13 13:19:50 -04:00
Régis Hanol
51ef36abb4 Add a bunch of reload-friendly class variables accessors plugin APIs 2017-08-12 04:21:02 +02:00
Régis Hanol
04460ecac5 'add_to_serializer' should define the 'include_' method by default 2017-08-09 22:22:18 +02:00
Robin Ward
f11253dcb6 Allow plugin patches to reload in development mode 2017-08-09 12:30:27 -04:00
Robin Ward
43fd90b2da Remove serve_public_dir -- it's not needed 2017-07-28 13:44:38 -04:00
Robin Ward
5ae79697b8 Remove unused register_theme code, expose serve_public 2017-07-28 11:47:25 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam
6a1f579c6e FIX: don't search for plugins in nested subdirectories 2017-05-16 17:28:56 -04:00
Robin Ward
1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Régis Hanol
747f4812e4 fix custom emoji support when using subfolder 2017-03-24 02:09:39 +01:00
Régis Hanol
9f65658c5c register_emoji should work with subfolder installs 2017-03-24 01:08:12 +01:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Robin Ward
fffa285dbf Insert middleware in production mode if enabled 2017-01-18 18:05:56 -05:00
Robin Ward
adb73180f7 FEATURE: Let plugins register themes easily 2017-01-13 11:50:52 -05:00
Robin Ward
b60bc47a4c Plugins can register providers for global settings 2017-01-09 17:18:58 -05:00