Commit Graph

5906 Commits

Author SHA1 Message Date
David Taylor
501ac4dfa6 DEV: Cleanup properly after user_serializer test 2018-10-17 10:54:22 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Sam
19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Penar Musaraj
b06dccac49 FIX: force enable a user's email_private_messages option when user replies via email (#6478)
* Enable user email PM when posting to group or replying to topic via email

* remove extra line

* Add test and fix snake_case

* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Davide Porrovecchio
005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Sam
fc94732f88 avoid looking up badge multiple times in spec 2018-10-16 10:42:16 +11:00
Bianca Nenciu
c68a456baa FIX: Do not award badges for links in restricted categories. (#6492) 2018-10-16 10:38:59 +11:00
Neil Lalonde
0724948878 fix failing spec when HUB_BASE_URL is present 2018-10-15 15:06:02 -04:00
Neil Lalonde
d166c38ab7 REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Guo Xiang Tan
8fa59f0548 FIX: Can't clean a tag if the given string is frozen. 2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan
5ae4cbcf88 DEV: Clear ColorScheme.hex_cache to avoid leaking state. 2018-10-15 11:16:26 +08:00
Guo Xiang Tan
2ce684b134 DEV: Clear hex_cache after each test. 2018-10-15 10:24:46 +08:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Sam
057087e0e8 FEATURE: log long running jobs in the defer queue
If a job in the defer queue takes longer than 90 seconds log an error
2018-10-12 17:03:47 +11:00
Sam
a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06 FEATURE: Allow bulk removing users from a group
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Gerhard Schlager
7a41a783a4 FIX: Don't reply to Unsubscribe email sent to mailing list mirror 2018-10-11 16:09:22 +02:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32 FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user 2018-10-11 17:11:46 +05:30
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Guo Xiang Tan
5039a6c3f1 FIX: Strip null bytes in mail subjects. 2018-10-11 09:46:32 +08:00
Vinoth Kannan
59be289084 FIX: Do not add lightbox to onebox images (#6479) 2018-10-11 08:57:21 +11:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
4e0533a20b FIX: Generate Onebox for posts of type moderator_action. (#6466) 2018-10-10 18:39:03 +08:00
Sam
45f01e637b FIX: when associating Github account disassociate others
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
2018-10-10 15:46:50 +11:00
Guo Xiang Tan
f26804394a DEV: Remove the use of stubs on Rails.logger in our test suite. 2018-10-10 09:34:50 +08:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Bianca Nenciu
1fb1f4c790 FIX: Make error in Discourse Hub more descriptive. (#6438) 2018-10-09 22:05:31 +08:00
David Taylor
ac89a728f8 DEV: Remove autospec hacks for social auth providers
This was causing erratic test failures. Autospec continues to work after
removing, so this 5-year-old code is no longer needed.
2018-10-09 12:42:57 +01:00
Erin Kosewic
51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Gerhard Schlager
2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Gerhard Schlager
4881fb028f FIX: allow_uppercase_posts didn't work for topic titles 2018-10-08 23:50:06 +02:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Guo Xiang Tan
40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Arpit Jalan
c0bb04d89d FIX: convert tag string to array when filtering topic list by tags 2018-10-08 08:56:25 +05:30
Guo Xiang Tan
1b1ef21481 DEV: Improve Jobs::CleanUpEmailLogs specs. 2018-10-08 11:11:20 +08:00
Penar Musaraj
26956bbe1a FIX: Safari issue with some emojis (#6456)
https://meta.discourse.org/t/emojis-selected-on-ios-displaying-additional-rectangles/86132/8
2018-10-08 10:32:25 +08:00
Sam
550e108a8c FEATURE: only export settings that changed via rake task 2018-10-08 11:54:52 +11:00
Vinoth Kannan
4000dddd32
Merge pull request #6458 from vinothkannans/fix-giphy
FIX: Display large/broken image placeholders for image oneboxes
2018-10-07 18:08:54 +05:30
Vinoth Kannan
c499872597 FIX: Display large/broken image placeholders for image oneboxes 2018-10-07 17:42:41 +05:30
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan
8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Sam
5b630f3188 FIX: stop logging every time invalid params are sent
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan
3faa022c6f
Merge pull request #6453 from vinothkannans/sso_provider_redirect
FIX: redirect users to SSO client URL after social login
2018-10-05 00:34:34 +05:30
Vinoth Kannan
ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
David Taylor
5b56a8cd09 DEV: Merge multiple discourse_tagging_spec files 2018-10-04 15:44:29 +01:00
Maja Komel
361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Paul Trippett
b8a1196b6b Add missing fields to Upload Fabricator (#6448) 2018-10-04 22:00:07 +08:00
Guo Xiang Tan
d43ed4afa2 Remove unused variable. 2018-10-04 13:21:37 +08:00
Lucas Nicodemus
1907338834 FIX: No longer educate users who are editing
A user editing a post will no longer get composer messages that are
meant for new users posting replies and threads. These messages don't
make sense in an edit context at all -- they're usually discussing
making salient replies or topics, or adding avatars. They make even less
sense when a user is an admin attempting to change the default topics
for the first time.

Since these messages actually do make sense for a user when they have a
low post count, though, they're still going to occur. They just occur
when a user is creating new content (and thus, more likely to read the
notice), not during edits.

This is in response to this issue:
https://meta.discourse.org/t/education-message-for-editing-wiki-topic/66682
2018-10-04 13:20:13 +08:00
Vinoth Kannan
a651d39b8a
FIX: Display errors in single theme pages (#6449)
Currently the errors are not well handled. So it breaks the whole UI of admin themes list page.
2018-10-04 02:33:06 +05:30
Sam
ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Neil Lalonde
dc1e7bb645 UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details 2018-10-02 13:46:54 -04:00
Penar Musaraj
34516c72bd
FIX: Recover public actions (likes) when recovering a post (#6412) 2018-10-02 11:25:08 -04:00
Joffrey JAFFEUX
a515ba8612 FIX: corrects typo and adds a spec for likes report (#6439)
* FIX: corrects typo and adds a spec for likes report

* save!
2018-10-02 02:27:43 -07:00
Bianca Nenciu
e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Penar Musaraj
da9eee5262 FIX: Force enable user PM emails option when user posts to a group by email. 2018-10-02 12:38:10 +08:00
Gerhard Schlager
e2770bc1c4 FIX: async reload of locales could result in missing translations 2018-10-01 17:14:36 +02:00
Guo Xiang Tan
cfa7173da3 FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 16:26:40 +08:00
Guo Xiang Tan
de85bb0a39 FIX: Don't update user_profile URLs unless upload is persisted. 2018-10-01 14:21:39 +08:00
Guo Xiang Tan
e262a08350 Add UploadRecovery#recover_user_profile_backgrounds. 2018-10-01 10:51:54 +08:00
Robin Ward
02da022c70
PERF: Quit out of the email job quickly if disabled (#6423)
This prevents sidekiq from doing a bunch of queries when email is
disabled.

Critical emails are a special case and will be sent.
2018-10-01 01:15:45 +08:00
Kyle Zhao
819f090d6a move large blobs out of <head> (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Penar Musaraj
70d74f8fc1 FIX: advanced search ordering broken when using tags 2018-09-28 17:27:08 +08:00
Bianca Nenciu
5407036ef9 DEV: Run prettier. (#6420) 2018-09-21 11:02:23 +00:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Guo Xiang Tan
1a64b3a487 FIX: Don't try to recover an invalid sha1. 2018-09-20 14:21:57 +08:00
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan
195bd02fce FIX: Avoid race condition when enqueuing job. 2018-09-20 11:24:01 +08:00
Jeff Wong
d5442fbf08 FIX: do not send tl1 welcome message when a user has the basic user badge 2018-09-19 12:53:36 -07:00
Guo Xiang Tan
767f27929d Rename Jobs::RecoverPostUploads to rerun the job take 2. 2018-09-19 22:40:32 +08:00
Guo Xiang Tan
d403883d16 DEV: Improve specs for 293cf600f0. 2018-09-19 16:03:52 +08:00
Sam
5302709343 FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Guo Xiang Tan
bc7f58191e FIX: UploadRecovery should look at links too. 2018-09-19 11:52:57 +08:00
Guo Xiang Tan
4a92c5b2d6 UploadRecovery should recover attachments too. 2018-09-19 10:44:36 +08:00
Vinoth Kannan
9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Arpit Jalan
fadcd36f92 FIX: do not treat ignore_redirects domains as blacklisted
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
2018-09-18 10:38:02 +05:30
Guo Xiang Tan
ce6a0a5e9e FIX: Moving upload to tombstone should update modification time.
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
2018-09-18 10:48:29 +08:00
Guo Xiang Tan
f2fbf1fdb0 DEV: Basic specs for TagGroupsController. 2018-09-18 08:22:03 +08:00
Sam
7d6b348d0b SECURITY: correct XSS on long topic titles 2018-09-18 08:54:44 +10:00
Régis Hanol
4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao
7b19ed06c1 reworked specs of existing group behavior 2018-09-17 17:46:43 +10:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
33541c4096 FEATURE: unconditionally omit no-follow for staff
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Sam
37c5280f73 correct spec 2018-09-17 11:37:01 +10:00
Rishabh
4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Sam
725d2c0d47 correct spec 2018-09-17 10:54:35 +10:00
Sam
173d0d53d5 correct erratic spec 2018-09-17 10:12:00 +10:00
OsamaSayegh
c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
Neil Lalonde
526ffc4966 FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403 2018-09-14 15:40:20 -04:00
Neil Lalonde
b87a089822 FIX: don't block api requests when whitelisted_crawler_user_agents is set 2018-09-14 15:40:20 -04:00
Guo Xiang Tan
c3f6b4d966 DEV: Test against real Upload#url format. 2018-09-14 13:43:33 +08:00
Sam
419b14e58b FIX: correctly keep stylesheet cache entries
The intent from day one was to keep MAX_TO_KEEP stylesheets per target
however the DELETE statement did not perform target filtering

This meant we often deleted the wrong stylesheets from the cache
2018-09-14 12:54:11 +10:00
Guo Xiang Tan
6a2589353b
Merge pull request #6394 from tgxworld/recover_broken_uploads
FIX: Onceoff job to recover missing post uploads.
2018-09-13 18:16:56 -07:00
Guo Xiang Tan
aa1af9fc22 FIX: Onceoff job to recover missing post uploads.
This fixes the regression due to 1f636c445b
2018-09-14 09:04:01 +08:00
Gerhard Schlager
fd931b948d Use a more helpful failure message in spec 2018-09-13 21:31:44 +02:00
Régis Hanol
30619c244c FIX: don't index urls to local files 2018-09-13 18:53:53 +02:00
Joffrey JAFFEUX
a6502ce879
FIX: ensures errors in report initialization fail nicely (#6392) 2018-09-13 17:36:55 +02:00
Guo Xiang Tan
2ae7d3a118
Merge pull request #6388 from pmusaraj/drafts-second-user-test
Add test to ensure a user cannot see drafts stream of another user
2018-09-13 06:53:44 -07:00
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json
FIX: ignore and log bad json values for custom fields
2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7 FIX: ignore and log bad json values for custom fields 2018-09-13 14:26:30 +05:30
Guo Xiang Tan
0a06b3d977 Accept custom AR relation for UploadRecovery. 2018-09-13 16:33:14 +08:00
Guo Xiang Tan
6c65718301 Include response body when raising an error in FileHelper#download. 2018-09-13 15:43:58 +08:00
Guo Xiang Tan
05a57d4f27 DEV: Clear cache after not before.
* Clearing after ensures that state does not leak
  to specs in other files.
2018-09-13 14:23:32 +08:00
Guo Xiang Tan
5eb65ad612 FIX: Do not try to recover invalid Upload#short_url in UploadRecovery. 2018-09-13 13:59:17 +08:00
Guo Xiang Tan
1afe7162e1 Fix the build. 2018-09-13 13:41:38 +08:00
Guo Xiang Tan
d99dd840e4 Add basic test case for UploadRecovery. 2018-09-13 13:26:23 +08:00
pmusaraj
7f05af5995 cleanup 2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec better test name 2018-09-12 11:09:30 -04:00
pmusaraj
11fd18b254 code-styling fixes 2018-09-12 11:06:30 -04:00
pmusaraj
3a00c2adeb add test to ensure that userA cannot see drafts stream of userB 2018-09-12 10:13:20 -04:00
Guo Xiang Tan
3884e99e88 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan
b3469bea2d FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:50:23 -07:00
Sam
d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
71caf7521d Drop tif, tiff, webp and bmp from supported images.
https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-12 09:29:54 +08:00
Osama Sayegh
16bd3f2cf2 FIX: use current user color scheme when filling theme-color attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Robin Ward
3bb4f4c5ef Adds test to make sure moderators can't make master keys
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
Gerhard Schlager
1a01385e88 FIX: "false" didn't work as locale_default 2018-09-11 13:42:10 +02:00
Guo Xiang Tan
85620abb71 DEV: Clear connections after multisite specs. 2018-09-11 10:15:06 +08:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Rishabh Nambiar
81c87df18a FIX: don't raise an error on integer usernames 2018-09-10 22:17:56 +05:30
David Taylor
84fc7abb73 FIX: Allow rake destroy:topics to delete topics in sub-categories 2018-09-10 12:52:14 +01:00
Guo Xiang Tan
df04e69cde FIX: S3Helper#list creates incorrect prefix. 2018-09-10 16:34:40 +08:00
Neil Lalonde
9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Sam
879067d000 FIX: check admin theme cookie against user selectable
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process.
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator.
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
2018-09-06 11:18:11 +08:00
Gerhard Schlager
26082688d1 FIX: Zero is a valid value for the page parameter 2018-09-05 20:43:05 +02:00
Guo Xiang Tan
f3aef2cc83 FIX: Incorrect/missing extension in short_url fails to map to upload.
`Hash#invert` causes us to lose keys if the hash contains similar
values.
2018-09-05 21:48:58 +08:00
Gerhard Schlager
2c5d9269a0 FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687 correct prev commit
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42 FIX: correct urls in uploads table to point at dualstack
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table

This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
b8fc699164 FIX: Detect {{foo}} as interpolation key 2018-09-05 00:47:39 +02:00
Vinoth Kannan
d9be4f47e8 SPEC: redirect to original URL after social signup 2018-09-05 03:24:50 +05:30
Vinoth Kannan
d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Guo Xiang Tan
3b337bfc6b Revert "FIX: Don't rate limit admin and staff constraints when matching routes."
This reverts commit 651b50b1a1.
2018-09-04 14:27:21 +08:00
Guo Xiang Tan
19182c0c8f DEV: Skip fragile tests for now. 2018-09-04 13:58:09 +08:00
Guo Xiang Tan
651b50b1a1 FIX: Don't rate limit admin and staff constraints when matching routes.
* When an error is raised when checking route constraints, we
  can only return true/false which either lets the request
  through or return a 404 error. Therefore, we just skip
  rate limiting here and let the controller handle the
  rate limiting.
2018-09-04 13:52:58 +08:00
Guo Xiang Tan
08b268c5bc Be more forceful in disconnecting connections during failover. 2018-09-04 10:32:43 +08:00
Sam
ad70502ab8 FIX: ignore invalid usernames in incoming link tracker
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3 Enable Lint/ShadowingOuterLocalVariable for Rubocop. 2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c FIX: return a 400 error instead of 500 for null injections
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
eeedc3901e FIX: Replying to deleted post via email should create new reply to topic 2018-09-03 23:06:40 +02:00
Vinoth Kannan
24a14af15a FIX: Respect invalidate_oneboxes option for inline oneboxes 2018-09-03 22:33:43 +05:30
Guo Xiang Tan
ecf60c0c33 DEV: More attempts at stablizing specs in Travis.
Re-enable skipped test because it doesn't fail locally
for me to debug it.
2018-09-03 14:52:15 +08:00
Gerhard Schlager
f33433bf9e Validation of params should restrict to max int (#6331)
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
747c9bb47f
Merge pull request #6317 from nbianca/ignore_blacklisted_domains
FIX: Ignore OneBox blacklisted domains.
2018-09-03 11:10:52 +08:00
Guo Xiang Tan
0fac6cdba9 DEV: Better debugging information when test fails. 2018-09-03 10:55:25 +08:00
Maja Komel
182d9a4666 FIX: escape regex chars when searching site texts 2018-09-02 17:25:57 +10:00
Bianca Nenciu
f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Osama Sayegh
60eff9421a FIX: precompile desktop_theme and mobile_theme stylesheets
required for environments that pre stage docker images and keep old image running during the deploy
2018-08-31 21:23:55 +10:00
Guo Xiang Tan
5a214a687c FIX: Exclude UserAuthToken and UserAuthTokenLog in user webhook. 2018-08-31 17:25:56 +08:00
Guo Xiang Tan
ae2f00ee73 DEV: Include the thread in the error message. 2018-08-31 17:14:19 +08:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam
b3aab1770f FIX: set old last modified date for invalid avatars
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Sam
1866a8e8da correct invalid spec 2018-08-31 15:06:30 +10:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Sam
9b7cab589a FIX: revert diacritic stripping
See more details in test case and at: https://meta.discourse.org/t/discourse-should-ignore-if-a-character-is-accented-when-doing-a-search/90198/16?u=sam
2018-08-31 11:46:55 +10:00
Guo Xiang Tan
81b99efc68 DEV: Raise an error if thread doesn't return within expected time. 2018-08-31 09:26:28 +08:00
Vinoth Kannan
297e8aaf2e FIX: Escape regex pattern variable before using it 2018-08-31 03:02:24 +05:30
Blake Erickson
c6f339a0b5 format json better with spaces in my test 2018-08-30 14:39:40 -06:00
Blake Erickson
ae532f8548 FIX: return 422 for an invalid group name on category create 2018-08-30 14:28:55 -06:00
David Taylor
103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Osama Sayegh
9efbf2c49f FIX: changing component settings should trigger refresh for parent theme CSS (#6340) 2018-08-30 20:53:03 +10:00
Guo Xiang Tan
9c7e029d01 DEV: Attempt to stablize multisite tests. 2018-08-30 17:31:17 +08:00
David Taylor
f0abb4d09a FIX: Allow user actions to be saved even if the post has nil user
This issue made it impossible to delete users if they had flagged a post with nil user
2018-08-30 01:03:32 +01:00
Sam
e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
Bianca Nenciu
72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Gerhard Schlager
b2cf725700 FIX: Don't try to send invite email when invite was deleted 2018-08-29 12:43:12 +02:00
Sam
44cf3cf975 FIX: queue heartbeats in readonly modes
If sidekiq is paused or Discourse is in readonly continue to queue
heartbeats

If we do not do that then a master process can end up reaping sidekiq
workers and causing various badness

This also impacts restore which can do weird stuff TM in cases like this
2018-08-29 12:36:59 +10:00
Sam
740308675b FEATURE: erode bounce score every time an email is sent
Introduces a hidden setting (default is 0.1) that erodes bounce score
every time we send an email. This means that erratic failures are less
painful cause system auto corrects
2018-08-28 17:02:12 +10:00
Kyle Zhao
e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Sam
9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Davide Porrovecchio
1826626272 FEATURE: Add Content-Type header to CORS
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
2018-08-28 11:19:38 +10:00
Neil Lalonde
ebe7835316 FIX: links in rss feeds are sometimes wrong on subfolder installs 2018-08-27 18:05:15 -04:00
Bianca Nenciu
b6963b8ffb FIX: Ignore OneBox blacklisted domains. 2018-08-27 20:40:55 +02:00
Sam
dc17ae3b2f correct specs 2018-08-27 14:50:56 +10:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Raul Tambre
2271918be2 FEATURE: Use S3 dualstack endpoints
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
Maja Komel
020eba4623 FIX: find tags with non-latin names (#6312) 2018-08-27 11:05:28 +10:00
Kris
faf09bb8c8 Replacing default brown category color 2018-08-24 14:18:14 -04:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
James Kiesel
a4001c1ea0 FEATURE: Pop revise modal on post edited notification (#6287)
* Add revision number to notification url

* Pop modal on route change

* Add semicolon

* Ensure modal pops even when navigating within a topic

* Ensure modal pops when visiting from other page

* Fix eslint errors

* Fix prettier errors

* Add callback for notification item click

* Remove stray revisionUrl function

* Rename to afterRouteComplete
2018-08-24 09:13:07 -04:00
Guo Xiang Tan
932195d828 DEV: Update test case for TopicEmbed. 2018-08-24 09:42:12 +08:00
Guo Xiang Tan
1ba24496ab
Merge pull request #6261 from xrav3nz/fix/topic-embed-import-updates
FIX: update TopicEmbed's title and user correctly
2018-08-24 09:32:03 +08:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Guo Xiang Tan
4a552fb967
Merge pull request #6303 from nbianca/user_serializer_spec
Add spec for UserSerializer and UserApiKey.
2018-08-24 08:16:11 +08:00
Sam
ac11f8df52 correct regression searching with diacritics 2018-08-24 10:00:51 +10:00
Sam
29315b73c2 FIX: improve last_modified date returned for avatars
instead of hard coding a date:

1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Régis Hanol
bc7b530b0a FIX: remove diacritics instead of transliterating 2018-08-24 00:38:44 +02:00
Bianca Nenciu
ff441bc4ca Add spec for UserSerializer and UserApiKey. 2018-08-23 19:01:02 +02:00
Régis Hanol
2fcf2b899e FIX: remove diacritics when tokenizing html for search 2018-08-23 17:13:52 +02:00
Arpit Jalan
7a91df3248
Merge pull request #6290 from techAPJ/latest-full-name
UX: show full name on /latest page
2018-08-23 17:34:54 +05:30
Arpit Jalan
1a7cd6648b UX: show full name on /latest page 2018-08-23 14:41:06 +05:30
Guo Xiang Tan
dd810b8b05
Merge pull request #6304 from tgxworld/create_functions_in_different_schema
FIX: Create `BaseDropper` functions in a different schema.
2018-08-23 15:01:41 +08:00
Guo Xiang Tan
212ee15804 FIX: Create BaseDropper functions in a different schema.
https://meta.discourse.org/t/error-when-restore-db-backup/93145/25?u=tgxworld
2018-08-23 12:52:21 +08:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Guo Xiang Tan
36a7028f19 FEATURE: Clean up PostReplyKey records.
* Default retention of 90 days.
2018-08-23 10:40:02 +08:00
Régis Hanol
f01169d6ff FIX: don't send email when the post was deleted 2018-08-22 13:13:58 +02:00
James Kiesel
cdea969c6a FEATURE: Make initial admins TL1
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
Sam
272de95175 FIX: client duplicate registration should be cleaned up
If for any reason we are unable to correct client id on a user api key
invalidate old keys for client/user
2018-08-22 12:56:49 +10:00
Sam
5d96809abd FIX: improve support for subfolder S3 CDN 2018-08-22 12:31:13 +10:00
Sam
f5142861e5 Revert "Revert "FIX: upload URLs from S3 on subfolder installs""
This reverts commit 26c96e97e5.

We have no choice but to run this code
2018-08-22 11:31:33 +10:00
Sam
26c96e97e5 Revert "FIX: upload URLs from S3 on subfolder installs"
This reverts commit 357df2ff4f.
2018-08-22 10:51:40 +10:00
Neil Lalonde
357df2ff4f FIX: upload URLs from S3 on subfolder installs 2018-08-21 14:58:55 -04:00
Gerhard Schlager
17dc8f2490 UX: Wizard resends activation email when user exists 2018-08-21 19:13:41 +02:00
Régis Hanol
d1607a387a FIX: only allow printable characters in uploads filename 2018-08-21 18:11:01 +02:00
Régis Hanol
3e436e2daf FIX: doesn't translate group permission keys 2018-08-21 12:56:56 +02:00
Kyle Zhao
baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Guo Xiang Tan
7dcc69aef4 DEV: Refactor test to not call private method. 2018-08-21 14:29:58 +08:00
Guo Xiang Tan
48f499b324 DEV: Refactor some mail receiver related specs. 2018-08-21 14:00:45 +08:00
Guo Xiang Tan
d104de2a09 Remove line that is no longer required. 2018-08-21 11:48:58 +08:00
Guo Xiang Tan
8bdf14834b PERF: Restrict number of skipped email log for Jobs::UserEmail. 2018-08-21 11:14:43 +08:00
Guo Xiang Tan
2c70d3f443 Take 2 on ba6f11c521. 2018-08-21 10:06:36 +08:00
Sam
2d96160192 FEATURE: improve API error reporting for invalid records 2018-08-21 11:54:34 +10:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Gerhard Schlager
14af90df5b UX: Stop putting usernames in edit reason when changing post owner 2018-08-20 12:28:04 +02:00
Guo Xiang Tan
b4f92a05b3 FIX: Load more on groups page does not account for params.
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
Sam
f5fe58384f correct regression around file renaming 2018-08-20 16:08:05 +10:00
Sam
ce4b12ae59 FIX: if we have not target available do not redirect 2018-08-20 13:10:59 +10:00
Sam
d7b1919ead correct specs 2018-08-20 12:46:14 +10:00
Sam
8b5e42ea16 FIX: always test and coerce to image on upload
In the past the filename of the origin was used as the source
for the extension of the file when optimizing on upload.

We now use the actual calculated extension based on upload data.
2018-08-20 12:18:59 +10:00
Bianca Nenciu
975a72ab7a FEATURE: Make links indexable. (#6285) 2018-08-20 10:39:19 +10:00
Robin Ward
a83f662492 FIX: Allow silenced users to like / bookmark, just not flag. 2018-08-17 11:06:18 -04:00
Guo Xiang Tan
010fe479cb Fix linting. 2018-08-17 17:34:25 +08:00
Guo Xiang Tan
16c0ebe8a8 Fix the build. 2018-08-17 16:53:07 +08:00
Guo Xiang Tan
a26ef7738f FIX: FileHelper#download should return nil if max size is exceeded. 2018-08-17 16:19:59 +08:00
Guo Xiang Tan
4b7c5ba162 Update UploadCreator specs to include cropping code path. 2018-08-17 15:22:12 +08:00
Guo Xiang Tan
fae8757cd4 FIX: Guardian#post_can_act? shouldn't raise an error if user of post has been deleted. 2018-08-17 15:11:30 +08:00
Guo Xiang Tan
a9e502936f FIX: Converting PNG to JPEG does not set the correct extension. 2018-08-17 13:09:48 +08:00
Régis Hanol
93201d8dbe FIX: don't trigger 'flag_reviewed' when no flags were reviewed 2018-08-16 18:11:29 +02:00
Joffrey JAFFEUX
10a3499d68
uses emoji versions for specs (#6276) 2018-08-16 13:45:30 +02:00