Commit Graph

42517 Commits

Author SHA1 Message Date
David Taylor
7dc8f8b794 FEATURE: Allow linking an existing account during external-auth signup
When a user signs up via an external auth method, a new link is added to the signup modal which allows them to connect an existing Discourse account. This will only happen if:

- There is at least 1 other auth method available

and

- The current auth method permits users to disconnect/reconnect their accounts themselves
2021-08-10 15:07:40 +01:00
David Taylor
46dc189850 DEV: Improve robustness of associate_accounts_controller
This handles a few edge cases which are extremely rare (due to the UI layout), but still technically possible:

- Ensure users are authenticated before attempting association.

- Add a message and logic for when a user already has an association for a given auth provider.
2021-08-10 15:07:40 +01:00
David Taylor
2cae29f644 DEV: Update associate_accounts_controller to use secure_session
This is much cleaner than using redis directly. It also opens the door to more complex association change flows which may happen during login.
2021-08-10 15:07:40 +01:00
Arpit Jalan
97f701bc4c
UX: update member visibility help text to include flair information (#13995) 2021-08-10 19:31:29 +05:30
Joffrey JAFFEUX
6d41c37c16
DEV: stop propagation of events on button click (#13993) 2021-08-10 15:52:59 +02:00
Joffrey JAFFEUX
644441852e
FIX: prevents exception on malformatted messages (#13997)
The following example message would generate an exception:

```
Return-Path: <discourse@bar.com>
From: Foo Bar <discourse@bar.com>
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
Date: Fri, 15 Jan 2016 00:12:43 +0100
Message-ID: <21@foo.bar.mail>
Mime-Version: 1.0
Content-Type: text/html; charset=UTF-8

</div>

```

Exception:

```
NoMethodError:
       undefined method `split' for nil:NilClass
```
2021-08-10 15:49:32 +02:00
Arpit Jalan
3006de39d1
REVERT "FIX: do not show private group flair on user avatars" (#13991)
This reverts commit fe3e18f981 and 0d8fd9ace6
2021-08-10 17:25:11 +05:30
Joffrey JAFFEUX
4ca34940d3
DEV: ensures container is not destroyed before showing tooltip (#13992)
In fast tests it could results in an error.
2021-08-10 11:48:31 +02:00
Joffrey JAFFEUX
2efe91f49f
UI: fixes sidebar settings border and active styles (#13990)
- active setting should now correctly show an arrow which was previously floating in the middle of nowhere
- uses a correct color for border separation, previously the border was present but invisible as similar to the background
- slighty tweak padding
- makes arrow computation based on a variable
2021-08-10 08:53:22 +02:00
Martin Brennan
6774c600a4
DEV: Fix uploads controller flaky presigned put spec (#13985)
Was missing RateLimiter.clear_all!, leading to 403 errors
2021-08-10 14:30:22 +10:00
Martin Brennan
93af139a76
Revert "DEV: Move rate limiter disable to after :each for tests (#13986)" (#13987)
This reverts commit 52035dc665.
2021-08-10 14:12:36 +10:00
Martin Brennan
52035dc665
DEV: Move rate limiter disable to after :each for tests (#13986)
We weren't calling clear_all! for the rate limiter which
was the first problem, and the second problem was that it
is very odd to do state cleanup before tests instead of after,
so moved the disabling and clear_all! to after.
2021-08-10 13:38:35 +10:00
Alan Guo Xiang Tan
fa952c036c UX: Missing translation for title attribute for PM tag route. 2021-08-10 09:58:59 +08:00
dependabot[bot]
7ecd0da109 Build(deps): Bump oj from 3.12.3 to 3.13.0
Bumps [oj](https://github.com/ohler55/oj) from 3.12.3 to 3.13.0.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.12.3...v3.13.0)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 09:16:59 +08:00
dependabot[bot]
a38dc09e05 Build(deps): Bump faraday from 1.6.0 to 1.7.0
Bumps [faraday](https://github.com/lostisland/faraday) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 09:16:36 +08:00
Bianca Nenciu
d68f2de4c7
FIX: Reuse avatar-flair component in group preview (#13961)
Sometimes the group flair preview was different than the real group
flair because different components were used for rendering.
2021-08-09 15:38:49 -03:00
Robin Ward
5c07e544af Revert "DEV: Discourse.User has been deprecated since 2.6"
This reverts commit 3edf24437a.

Too many plugins rely on this right now and need to be updated.
2021-08-09 13:42:26 -04:00
Robin Ward
3edf24437a DEV: Discourse.User has been deprecated since 2.6 2021-08-09 12:40:42 -04:00
Laurent Arnoud
03896a9c43
FIX: Errno::EXDEV when across filesystem boundaries (#13976)
ref https://bugs.ruby-lang.org/issues/12615

```
        W: rake aborted!
        W: Errno::EXDEV: Invalid cross-device link @ rb_file_s_rename - (/app/tmp/adeeee62504de67238341871bda1aaf0, /app/app/assets/javascripts/plugins/discourse-cakeday.js.e
rb)
        W: lib/discourse.rb:65:in `rename'
        W: lib/discourse.rb:65:in `atomic_write_file'
        W: /app/lib/plugin/instance.rb:683:in `activate!'
        W: lib/discourse.rb:246:in `block in activate_plugins!'
        W: lib/discourse.rb:243:in `each'
        W: lib/discourse.rb:243:in `activate_plugins!'
```
2021-08-09 12:20:26 +02:00
Jarek Radosz
e68c1d5ba5
DEV: Use key over the deprecated keyCode (#13795)
Makes the code a bit more readable. Inspired by https://github.com/emberjs/ember.js/pull/19185
2021-08-09 11:41:36 +02:00
Joffrey JAFFEUX
8df48b516f
DEV: ensures click listeners are reset between tests (#13900) 2021-08-09 10:00:56 +02:00
Joffrey JAFFEUX
800926fcce
FIX: prevents s shortcut to generate an error (#13974)
When no element is selected, on the homepage for example, pressing `s` would generate the following error:

```
Uncaught TypeError: Cannot read property 'click' of undefined
```

Note that this commit also removes jquery usage.
2021-08-09 09:39:01 +02:00
dependabot[bot]
0790bbdea5
Build(deps): Bump rubocop-ast from 1.8.0 to 1.9.0 (#13975)
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-ast/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-09 00:27:39 +02:00
Vinoth Kannan
8c27e69523
UX: disable "Queue For Review" button if user can't perform action. (#13966)
Currently, it's returning JS error when trying to click the button when the action is already performed by the same staff user.
2021-08-07 12:36:56 +05:30
Robin Ward
3fdb64184b FIX: Don't swallow an error if we can't run yarn ember build 2021-08-06 15:13:18 -04:00
Andrei Prigorshnev
09ad3ed41d
FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970)
This reverts a part of changes introduced by https://github.com/discourse/discourse/pull/13947

In that PR I:
1. Disallowed topic feature links for TL-0 users
2. Additionally, disallowed just putting any URL in topic titles for TL-0 users

Actually, we don't need the second part. It introduced unnecessary complexity for no good reason. In fact, it tries to do the job that anti-spam plugins (like Akismet plugin) should be doing.

This PR reverts this second change.
2021-08-06 20:07:42 +04:00
Arpit Jalan
0d8fd9ace6
FIX: do not show flair bg color if flair is not visible (#13969)
follow up to fe3e18f981
2021-08-06 20:53:23 +05:30
Andrei Prigorshnev
b66674fec2
DEV: ignore the given_daily_likes table when moving timestamps on Try (#13971)
This will fix the try-reset build that failed today. Probably this going to happen again with other tables that have constraints on date columns. I'm going to modify the script to make it work without ignoring such tables. After that, the only table we're going to need to ignore will be the 2FA table.

Before I fixed that, don't hesitate to tag me if the try-reset build fail again.
2021-08-06 18:27:23 +04:00
Roman Rizzi
044de6d670
DEV: Give callback listeners access to the request object. (#13965)
Plugins listening on the `before_auth` callback can interact with the request object and access data like the user agent or the remote IP address. We'll later store this data in the user record, but it might not exist at this point if we're authenticating a new account.
2021-08-06 11:26:11 -03:00
Joffrey JAFFEUX
bf43d8eb40
DEV: uses vanilla js and DOM to replace link mentions (#13959)
- uses DOM apis
- do not concat strings
- ensures string is set as innerText and not HTML
- do not work on jquery objects
2021-08-06 09:26:54 +02:00
dependabot[bot]
86f1f82f7b Build(deps-dev): Bump webmock from 3.13.0 to 3.14.0
Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-06 09:35:54 +08:00
Robin Ward
844c05b70b DEV: New Plugin API method for delegating an app event 2021-08-05 14:44:26 -04:00
Andrei Prigorshnev
2ec0a17bef
DEV: clarify the slow mode specs names (#13962) 2021-08-05 22:07:29 +04:00
Bianca Nenciu
38199424bc
SECURITY: Sanitize d-popover attributes (#13958) 2021-08-05 16:39:17 +03:00
Arpit Jalan
bb2c48b065
FIX: update iframe url for simplecast onebox (#13957)
https://meta.discourse.org/t/onebox-regression-simplecast-com/187911
2021-08-05 18:29:04 +05:30
Robin Ward
18c5e9338f DEV: Allow us to use Ember CLI assets in production
This adds an optional ENV variable, `EMBER_CLI_PROD_ASSETS`. If truthy,
compiling production assets will be done via Ember CLI and will replace
the assets Rails would otherwise use.
2021-08-05 08:32:33 -04:00
Arpit Jalan
a341dba5d9
FIX: update oEmbed URL for simplecast onebox (#13956) 2021-08-05 17:42:38 +05:30
Andrei Prigorshnev
0c0a11b66a
FEATURE: Disallow putting urls in the title for TL-0 users (#13947)
This disallows putting URLs in topic titles for TL0 users, which means that:

If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings)
Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users
TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected.

Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 13:38:39 +04:00
Alan Guo Xiang Tan
0bf27242ec FIX: Group inbox new filter not accounting for dismissed topics.
Follow-up to 2c046cc670
2021-08-05 16:53:12 +08:00
Alan Guo Xiang Tan
3f59ccefd7 FIX: Remove limit on dismissing unread and new messages.
Follow-up to 2c046cc670
2021-08-05 14:55:38 +08:00
Alan Guo Xiang Tan
bfe24f74e1 FIX: Restore server side route for tag messages filter.
Follow-up to 016efeadf6
2021-08-05 13:05:42 +08:00
Alan Guo Xiang Tan
2c046cc670 FEATURE: Dismiss new and unread for PM inboxes. 2021-08-05 12:56:15 +08:00
Martin Brennan
d3779d4cf7
FIX: Wrong default notification level shown for group (#13952)
In the group interaction UI, if the default_notification_level for
a group was set to 0 (muted) it incorrectly showed as Watching in
the UI because of the ember or() helper, using JS comparison, considered
0 to be a falsey value and always showed 3 (watching) instead.
2021-08-05 13:17:36 +10:00
Krzysztof Kotlarek
7063933755
FEATURE: send user-card:show event (#13910)
Send user-card:show event when card is opened. Other parts may listen, for example, for analytic purpose.
2021-08-05 11:52:28 +10:00
Joffrey JAFFEUX
2ebe900914
DEV: resets post menu extra buttons between tests (#13939)
This ensures we do not leak buttons in acceptance tests
2021-08-05 11:47:49 +10:00
Krzysztof Kotlarek
354c939656
FIX: remove Nokogumbo references (#13951)
Specs broken after f4720205c0
2021-08-05 11:46:25 +10:00
dependabot[bot]
4c041eb9f5
Build(deps): Bump nokogiri from 1.12.1 to 1.12.2 (#13948)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 10:53:13 +10:00
dependabot[bot]
f4720205c0
Build(deps): Bump sanitize from 5.2.3 to 6.0.0 (#13949)
Bumps [sanitize](https://github.com/rgrove/sanitize) from 5.2.3 to 6.0.0.
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](https://github.com/rgrove/sanitize/compare/v5.2.3...v6.0.0)

---
updated-dependencies:
- dependency-name: sanitize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 10:49:07 +10:00
jbrw
fb14e50741
SECURITY: Destroy EmailToken when EmailChangeRequest is destroyed (#13950) 2021-08-04 19:14:56 -04:00
Martin Brennan
d8a0d2262c
DEV: Update pretender and fake-xml-http-request (#13937)
We are still on a version of pretender since 2017
https://github.com/pretenderjs/pretender/releases/tag/v1.6.1

Since then many changes have been made, including adding support
for xhr.upload. Upgrading will let us write proper acceptance
tests for uppy, which uses XmlHTTPRequest internally including
xhr.upload.

Updates pretender to 3.4.7 and fake-xml-http-request to 2.1.2.

Note: There have been no breaking changes in the releases that would
affect us, mainly dropping support for old node versions.
2021-08-05 08:23:01 +10:00