Commit Graph

42381 Commits

Author SHA1 Message Date
dependabot[bot]
d453d74ca7
Build(deps): Bump bootsnap from 1.7.2 to 1.7.3 (#12483)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.2...v1.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 22:24:23 +01:00
Bianca Nenciu
437c9a554b
FEATURE: Import and export watched word (#12444)
Find & Replace and Autotag watched words were not completely exported
and import did not work with these either. This commit changes the
input and output format to CSV, which allows for a secondary column.

This change is backwards compatible because a CSV file with only one
column has one value per line.
2021-03-22 22:32:18 +02:00
Rafael dos Santos Silva
fb4486d5f1
FEATURE: Add CSP frame-ancestors support (#12404) 2021-03-22 16:00:25 -03:00
David Taylor
5dbac4e58e
FIX: Add platforms to stable Gemfile (#12479)
There are a few issues which require us to do this:
 - We install the latest version of bundler on every rebuild. Therefore we're running 2.2.15 everywhere, even for 'stable' clusters
 - Bundler has changed how gem platforms are managed. That meant that on the stable branch we were building libv8 from source via the 'ruby' package, rather than using the precompiled x86_64-linux binary
 - Building the libv8 from source is currently failing

 Together, these things mean that builds of `stable` are currently failing. Each of the above issues should likely be fixed, but this commit provides the quickest route to get things working again. Note that despite the Gemfile.lock update, no gem versions have changed.
2021-03-22 18:54:17 +00:00
Roman Rizzi
706ea6692d
UI: Rename button with a duplicated name. (#12480)
There're two buttons name "Flag Post". Rename one of them to avoid confusion.
2021-03-22 15:50:44 -03:00
Roman Rizzi
ccc44baa10
FEATURE: Add a typographer rule to replace (pa) with ¶. (#12478) 2021-03-22 15:04:08 -03:00
Dan Ungureanu
4e46732346
FEATURE: Implement browser update in crawler view (#12448)
browser-update script does not work correctly in some very old browsers
because the contents of <noscript> is not accessible in JavaScript.
For these browsers, the server can display the crawler page and add the
browser update notice.

Simply loading the browser-update script in the crawler view is not a
solution because that means all crawlers will also see it.
2021-03-22 19:41:42 +02:00
Jarek Radosz
3e586ab25a
FIX: Don't attempt to delete non-existent bookmark (#12473)
Could happen when using the keyboard shortcut. ("d d")
2021-03-22 18:25:34 +01:00
Roman Rizzi
e4ec0da714
FIX: Anons should see the Topic slow mode notice. (#12460) 2021-03-22 13:55:45 -03:00
Bianca Nenciu
ec7415ff49
FEATURE: Check email availability in signup form (#12328)
* FEATURE: Check email availability on focus out

* FIX: Properly debounce username availability
2021-03-22 17:46:03 +02:00
Joffrey JAFFEUX
4fb2d397a4
FIX: ensures popper's autocomplete instance is destroyed (#12476) 2021-03-22 16:19:36 +01:00
Bianca Nenciu
129aeb8c2f
FIX: Improvements to email styles (#12451) 2021-03-22 14:09:38 +02:00
Joffrey JAFFEUX
15a9a85f0a
FIX: ensures invisible link is not interfering with UI/tab order (#12472) 2021-03-22 12:51:18 +01:00
Jarek Radosz
695288f8ff
FIX: Restore client.zh_TW.yml (#12470)
Accidentally removed in b7556fca80
2021-03-22 10:58:46 +01:00
lhkjacky
b7556fca80
DEV: Add ap-east-1 S3 region (#12457)
Asia Pacific (Hong Kong) ap-east-1
2021-03-22 10:22:29 +01:00
Joffrey JAFFEUX
2b5046af19
FIX: a never created listener was removed (#12469) 2021-03-22 09:58:59 +01:00
Joffrey JAFFEUX
c3e76da90a
DOC: document addShortcut click option (#12467) 2021-03-22 09:51:45 +01:00
Joffrey JAFFEUX
4857891ecf
DEV: correctly defines focusComposer shortcut as shift+c (#12468) 2021-03-22 09:46:38 +01:00
dependabot[bot]
9250d93b34
Build(deps): Bump oauth2 from 1.4.4 to 1.4.7 (#12462)
Bumps [oauth2](https://github.com/oauth-xx/oauth2) from 1.4.4 to 1.4.7.
- [Release notes](https://github.com/oauth-xx/oauth2/releases)
- [Changelog](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 09:24:34 +01:00
Martin Brennan
3ef594b1f1
SECURITY: Fix is_private_ip for RateLimiter to cover all cases (#12464)
The regular expression to detect private IP addresses did not always detect them successfully.
Changed to use ruby's in-built IPAddr.new(ip_address).private? method instead
which does the same thing but covers all cases.
2021-03-22 14:04:55 +10:00
Martin Brennan
6eb0d0c38d
SECURITY: Fix is_private_ip for RateLimiter to cover all cases (#12464)
The regular expression to detect private IP addresses did not always detect them successfully.
Changed to use ruby's in-built IPAddr.new(ip_address).private? method instead
which does the same thing but covers all cases.
2021-03-22 13:56:32 +10:00
Kris
9526c1a27b
FEATURE: Add admin-area class to HTML tag (#12459) 2021-03-22 11:36:26 +11:00
Robin Ward
942ee1e218
FIX: Tests were broken in Firefox (#12456)
There are a lot of little fixes to tests here, but the biggest issue was
too much recursion because we kept replacing the helpers over and over
again. I assume Chrome has tail recursion or something to speed this up
but Firefox hated it.

Otherwise, we can't rely on the order of attributes in rendered HTML so
I simplified most of those tests to just look for key strings in the
HTML that are rendered.
2021-03-22 11:35:51 +11:00
Penar Musaraj
d898e00242
FIX: Clear draft modal correctly when switching topics (#12458)
Fixes an issue where the "Keep editing" button in the discard draft
modal wouldn't work when switching to a new topic with an open composer
and clicking Reply.

Followup to d470e4f
2021-03-22 11:32:19 +11:00
dependabot[bot]
4e9d6cb95b
DEV: Bump nokogumbo from 2.0.4 to 2.0.5 (#12461)
Bumps [nokogumbo](https://github.com/rubys/nokogumbo) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/rubys/nokogumbo/releases)
- [Changelog](https://github.com/rubys/nokogumbo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubys/nokogumbo/compare/v2.0.4...v2.0.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 11:30:29 +11:00
Martin Brennan
49f4c548ef
FEATURE: Bookmark pinning (#12431)
Users can now pin bookmarks from their bookmark list. This will anchor the bookmark to the top of the list, and show a pin icon next to it. This also applies in the nav bookmarks panel. If there are multiple pinned bookmarks they sort by last updated order.
2021-03-22 09:50:22 +10:00
David Taylor
56a573ab4b
DEV: Remove String#match? and Regexp.match? polyfills (#12454)
This was added in Ruby 2.4. Discourse will no longer run on ruby versions older than that, so we can drop this polyfill
2021-03-19 19:55:44 +00:00
David Taylor
374ab82dd6
FIX: Ensure 100-logster initializer is run before 101-lograge (#12455)
The logster initializer tries to adds RailsMultisite::Formatter to the STDOUT logger. In production, the lograge initializer then removes the RailsMultisite:Formatter because the JSON log will include the database.

e10a74694a used `Rails.application.reloader.to_prepare` to defer running the 100-logster initializer, which meant it ran **after** 101-lograge. This meant that we were writing JSON logs with a non-json text prefix.

The `to_prepare` was added because our freedom-patches are now deferred using `to_prepare`, and some initializers were relying on the freedom patches. However, following 1533cbb38b, we decided to load the RailsMultisite freedom patch without `to_prepare`. Therefore, `005-site_settings` and `100-logster` no longer need to use `to_prepare`. Removing it means that these initializers are back to running in sequential order, and the logging issue will be resolved.

The only remaining initializer which depends on freedom patches is `100-i18n`. I've added a comment to explain why.
2021-03-19 19:51:13 +00:00
Roman Rizzi
e3d86c4e35
FIX: Only refresh the review count when the user can see the review queue. (#12453)
We currently make an AJAX request every time someone opens the hamburger menu, resulting in a forbidden response when a user can't see the review queue.
2021-03-19 16:20:41 -03:00
Robin Ward
af5adc440e
DEV: We hadn't enabled object-rest-spread in all contexts (#12452)
See: https://babeljs.io/docs/en/babel-plugin-proposal-object-rest-spread

This fixes Discourse in browsers that don't support this syntax yet.
2021-03-19 13:57:04 -04:00
Dan Ungureanu
534008ba24
FIX: Improve handling when email is obfuscated (#12450)
This commit ensures that email validation is skipped when the email is
obfuscated, that the email is no longer send when it is not an invite
link and no username is suggested if the email is hidden as it may
reveal the first part of the email.

Follow up to commit 033d6b6437.
2021-03-19 17:15:46 +02:00
Osama Sayegh
c9923a3e3e
UX: Composer actions menu header should display the icon of selected action (#12449)
See a video of the change in the PR: https://github.com/discourse/discourse/pull/12449.
2021-03-19 17:48:43 +03:00
Robin Ward
5b02aad9c1
Support for Testem in Ember CLI (#12442)
* DEV: Use custom tags rather than handlebars server side

These will be skipped if they are ever rendered in a document. The
handlebars really messes stuff up.

* DEV: Build our own locale file for testing purposes

We can't practically proxy everything in test mode, but we can
approximate the logic and build our own locale file for testing purposes
that works quite well. This allows us to run tests without a proxy.

* DEV: Support for testem runner for ember cli tests
2021-03-19 09:32:46 -04:00
Gerhard Schlager
2d1b087efc
FIX: Delete invalid web push subscriptions (#12447)
The endpoint as well as the public and private ECDH keys are required to successfully send a push notification.
2021-03-19 14:24:03 +01:00
Penar Musaraj
d470e4fade
FEATURE: Allow users to save draft and close composer (#12439)
We previously included this option conditionally when users were replying
or creating a new topic while they had content already in the composer.

This makes the dialog always include three buttons:
  - Close and discard
  - Close and save draft for later
  - Keed editing

This also changes how the backend notifies the frontend when there is
a current draft topic. This is now sent via the `has_topic_draft`
property in the current user serializer.
2021-03-19 09:19:15 -04:00
Bianca Nenciu
6eab1e83c3
FIX: Do not fail if Postgres is not available (#12440)
Follow-up to 50f8782def.
2021-03-19 12:07:39 +02:00
Robert
4dcdbd7801
REFACTOR: break search results in multiple sub components
This change will introduce:
- search-result-entries
- search-result-entry

making the full-page-search template easier and less risky to override.
2021-03-19 10:49:14 +01:00
Martin Brennan
fb0b4e26a9
DEV: Add output_sql_to_stderr! to MethodProfiler (#12445)
This PR adds MethodProfiler.output_sql_to_stderr! for easier debugging of SQL queries and their timings from the console.

This is almost the same as ensure_discourse_instrumentation! but should not
be used in production (save for debugging in the console), and is only instrumenting
PostgresSQL queries.

This is almost the same as ensure_discourse_instrumentation! but should not
be used in production. This logs all SQL queries run and their durations
between start and stop.

It also works for super long running queries. If you interrupt the long-running
query the latest query data will still be logged after stopping the profiler.

Usage:

```
MethodProfiler.output_sql_to_stderr!(filter_transactions: true)
MethodProfiler.start

# some code that runs queries

timings = MethodProfiler.stop
```
2021-03-19 17:48:30 +10:00
dependabot[bot]
b432a4acd8
Build(deps-dev): Bump rspec-rails from 5.0.0 to 5.0.1 (#12443)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-19 01:55:42 +01:00
Martin Brennan
355d51afde
FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic.

The invitation methods that are supported include:

* Inviting people to groups via email address
* Inviting people to topics via email address
* Using invitation links generated by the Invite Users UI in the /my/invited/pending route

The flow works like this:

1. User visits an invite URL
2. The normal invitation validations (redemptions/expiry) happen at that point
3. We store the invite key in a secure session
4. The user clicks "Accept Invitation and Continue" (see below)
5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login
6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email
7. If the invite is OK we create the user via the normal SSO methods
8. We redeem the invite and activate the user. We clear the invite key in secure session.
9. If the invite had a topic we redirect the user there, otherwise we redirect to /

Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case.

Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
2021-03-19 10:20:10 +10:00
Penar Musaraj
aee7ef0dc9
DEV: Fix build due to highlight.js branch issue (#12441)
Highlight.js changed their default branch from master to main. This switches to the @highlightjs/cdn-assets package, thus sidestepping the problem. It's a slightly cleaner integration though (no need to build locally anymore).
2021-03-18 18:21:23 -04:00
jbrw
aaf96edee0
FIX: all staff members (regardless of TL) should be able to pin/unpin topics (#12435) 2021-03-18 15:32:42 -04:00
Joffrey JAFFEUX
67e1ae3f7d
A11Y: makes search results count readable by screen reader (#12437) 2021-03-18 18:44:26 +01:00
Dan Ungureanu
033d6b6437
FEATURE: Obfuscate emails on invite show page (#12433)
The email should not be ever displayed in clear text, except the case
when the user authenticates using another service.
2021-03-18 19:09:23 +02:00
Dan Ungureanu
da1e37d2ce
FIX: browser-update should work with old browsers (#12436)
This caused issues in IE10 / IE11 with compatibility mode.
2021-03-18 19:09:01 +02:00
Dan Ungureanu
5024ea72d2
UX: Show first unique letters in invite link (#12434) 2021-03-18 19:05:38 +02:00
Roman Rizzi
da210b6d77
FEATURE: Replace markdown-it replacements rule. (#12417)
We override the default replacements rule to no longer replace "(c)", "(p)", and "(p)". Additionally, we merged the custom arrows rule into the replacement function.
2021-03-18 10:55:41 -03:00
Bianca Nenciu
1a433193d1
FIX: Do not treat code tag as block level element (#12432)
When syncing code elements, the inner text used to be escaped, which
rendered the actual HTML code instead. This commit overwrites default
parser settings to fix the way code tags are handled.
2021-03-18 15:30:15 +02:00
Joffrey JAFFEUX
cf703ccf66
A11Y: improves avatar menu focus/active states (#12422) 2021-03-18 13:29:27 +01:00
dependabot[bot]
06c60b017c
DEV: Bump unicorn from 5.8.0 to 6.0.0 (#12430)
Bumps [unicorn](https://yhbt.net/unicorn/) from 5.8.0 to 6.0.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-18 16:08:51 +11:00