Commit Graph

54653 Commits

Author SHA1 Message Date
Martin Brennan
83361b2fc5
FEATURE: Introduce site settings which require confirmation (#27315)
Many site settings can be distructive or have huge side-effects
for a site that the admin may not be aware of when changing it.

This commit introduces a `requires_confirmation` attribute that
can be added to any site setting. When it is true, a confirmation
dialog will open if that setting is changed in the admin UI,
optionally with a custom message that is defined in client.en.yml.

If the admin does not confirm, we reset the setting to its previous
clean value and do not save the new value.
2024-06-19 16:01:24 +10:00
Ted Johansson
3ff7ce78e7
FEATURE: Add hidden site setting to list 'unsafe-none' COOP referrers (#27510)
Some tooling may rely on an unsafe-none cross origin opener policy to work. This change adds a hidden site setting that can be used to list referrers where we add this header instead of the default one configured in cross_origin_opener_policy_header.
2024-06-19 11:11:35 +08:00
Natalie Tay
489aac3fdd
FIX: Disallow table cells to be weighted actual articles can be main content (#27508)
For Topic Embeds, we would prefer <article> to be the main article in a topic, rather than a table cell <td> with potentially a lot of data. However, in an example URL like here, the table cell (the very large code snippet) is seen as the Topic Embed's article due to the determined content weight by the Readability library we use.

In the newly released 0.7.1 cantino/ruby-readability#94, the library has a new option to exclude the library's default <td> element into content weighting. This is more in line with the original library where they only weighted <p>. So this PR excludes the td, as seen in the tests, to allow the actual article to be seen as the article. This PR also adds the details tag into the allow-list.
2024-06-19 09:50:49 +08:00
Martin Brennan
ebdbb199a5
FIX: Rejection email sent even if reject reason too long (#27529)
Followup 6b872c4c53

Even though we were showing a validation error for a reject
reason that was too long, we were still sending an email and
doing other operations on the user which we are rejecting.

This commit fixes this by validating the reviewable model
before attempting to do anything else after the reason is set.
2024-06-19 11:07:23 +10:00
Krzysztof Kotlarek
cc4c199680
FEATURE: optional 2FA enforcement (#27506)
A new admin setting called `enforce_second_factor_on_external_auth`. It allows users to authenticate using external providers even when 2FA is forced with `enforce_second_factor` site setting.
2024-06-19 09:32:30 +10:00
Jarek Radosz
9568a7e542
DEV: Remove repeated sign_in calls (#27521)
There's already a `before { sign_in }` in this spec file
2024-06-19 07:21:38 +08:00
dependabot[bot]
6b12bfe3a5
Build(deps-dev): Bump puppeteer-core from 22.11.1 to 22.11.2 (#27528)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.11.1 to 22.11.2.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.11.1...puppeteer-core-v22.11.2)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-19 00:54:56 +02:00
dependabot[bot]
3e54a1a6ad
Build(deps): Bump memory_profiler from 1.0.1 to 1.0.2 (#27526)
Bumps [memory_profiler](https://github.com/SamSaffron/memory_profiler) from 1.0.1 to 1.0.2.
- [Changelog](https://github.com/SamSaffron/memory_profiler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SamSaffron/memory_profiler/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: memory_profiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-19 00:42:27 +02:00
dependabot[bot]
818bbf7018
Build(deps): Bump jwt from 2.8.1 to 2.8.2 (#27524)
Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: jwt
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-19 00:41:26 +02:00
dependabot[bot]
c76da4cae4
Build(deps): Bump faraday from 2.9.1 to 2.9.2 (#27525)
Bumps [faraday](https://github.com/lostisland/faraday) from 2.9.1 to 2.9.2.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.9.1...v2.9.2)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-19 00:35:54 +02:00
JimmyJammyDodger
709509f8f5
UX: Add new preview links to Popular Themes (#27518)
* UX: Add new preview links to Popular Themes

Replace previews for 'Discourse' based ones

* prettier

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-19 08:12:36 +10:00
Kris
e81b84c66e
UX: add min-height to preview image wrapper to give controls space (#27523) 2024-06-18 17:52:50 -04:00
Jarek Radosz
5cb84f8dcf
DEV: Revert rails 7.1 upgrade (#27522)
* Revert "FIX: Set `override_level` on Logster loggers (#27519)"

This reverts commit c1b0488c54.

* Revert "DEV: Make parameters optional to all FakeLogger methods"

This reverts commit 3318dad7b4.

* Revert "FIX: Remove references to `Rails.logger.chained`"

This reverts commit f595d599dd.

* Revert "DEV: Upgrade Rails to 7.1"

This reverts commit 081b00391e.
2024-06-18 23:48:30 +02:00
Kris
3fdf279bb2
UX: vertical alignment for lighbox-wrapper (#27520) 2024-06-18 16:00:41 -04:00
Jarek Radosz
c1b0488c54
FIX: Set override_level on Logster loggers (#27519)
A followup to f595d599dd
2024-06-18 21:53:51 +02:00
Tobias Eigen
6ac7d02a8f
Update server.en.yml (#27490)
made explicit in description that ` default_sidebar_switch_panel_position` admin setting is about the position of the button on the sidebar for switching to chat.
2024-06-18 14:58:03 -04:00
Loïc Guitaut
3318dad7b4 DEV: Make parameters optional to all FakeLogger methods 2024-06-18 19:06:24 +02:00
Penar Musaraj
80149b3396
UX: Fix user bookmark list keyboard focus state (#27515) 2024-06-18 12:04:48 -04:00
Loïc Guitaut
f595d599dd FIX: Remove references to Rails.logger.chained
`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.
2024-06-18 17:46:40 +02:00
Loïc Guitaut
081b00391e DEV: Upgrade Rails to 7.1 2024-06-18 15:58:05 +02:00
Discourse Translator Bot
69c99a82dd
Update translations (#27511) 2024-06-18 15:39:31 +02:00
Jarek Radosz
1defb9449b
UX: Move user-cards above composer (#27491)
There is currently only one scenario when both the composer and a user card would be present at the same time:

if you have the composer open and then you click on something outside it that triggers a card. Which implies intent to see the card (unobstructed by the composer 😉)

The reverse doesn't happen because opening the composer would close an existing user card.

In theory there's also displaying a user card by clicking on a mention in composer's preview but that functionality is currently broken (and this PR is a prerequisite 😉)

---

I changed `.user-card, .group-card` to `.fk-d-menu[data-identifier="card"]` because that regressed when we moved user cards to float-kit – they are nested inside `.fk-d-menu` so its `z-index` is now important (effectively the cards had `z-index: z("dropdown")` instead of `z("usercard")`)
2024-06-18 15:12:41 +02:00
Loïc Guitaut
2a22a3b51d FIX: Treat corrupt cache as cache miss
Currently when a cache entry is corrupt, we log the event without doing
anything else. It means the cache is still corrupt, and the proper value
isn’t computed again.

Normally, it’s very rare the cache becomes corrupt, but it can happen
when upgrading Rails for example and the cache format changes. This is
normally handled automatically by Rails but since we’re using a custom
cache class, we have to do it ourselves.

This patch takes the same approach the Rails team did, when a cache
entry is corrupt, we treat it as a miss, recomputing the proper value
and caching it in the new format.
2024-06-18 14:47:33 +02:00
Jarek Radosz
f904acbc85
DEV: Fix a presence-test flake (#27501) 2024-06-18 12:11:40 +02:00
Régis Hanol
53b3d2f0dc FIX: BBCode tag parser
Wasn't quite handling the cases where a closing bracket `]` was used in the value of one of the attributes.

```markdown
[chat quote=user channel="[broken]"]
```

Would not be correctly parsed because we would _greedily_ use the first `]` as the end of the tag even though it might be a valid character when inside proper quotes.

c39a4de139/app/assets/javascripts/discourse-markdown-it/src/features/bbcode-block.js (L62)

Re-wrote the `parseBBCodeTag` to properly handle the following cases

- A closing tag (aka `[/name]`) which are easy since they don't have any attributes
- An old `[quote=...]` format we used that doesn't uses quotes but still has various attributes of the form `key:value`
- All three valid BBCode opening tag formats we support
  - `[name]` without any attributes
  - `[name=foo]` with a default value
  - `[name foo=bar]` with some attributes

Ended up having to fix/rewrite the few bbcode rules that were using the `parseBBCodeTag` function, namely `d-wrap` and `discourse-local-dates`.

While working on this, I think I also found a way to get rid the of shims we had in place so that plugins could use the `parseBBCodeTag` function.

Reference - https://meta.discourse.org/t/having-a-right-bracket-in-a-channel-name-breaks-all-quotes-from-that-channel/308439
2024-06-18 10:47:18 +02:00
Kelv
2393234be5
DEV: remove legacy CSP implementation to make strict-dynamic only accepted behaviour (#27486)
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
2024-06-18 16:40:53 +08:00
dependabot[bot]
b9eb746eea
Build(deps-dev): Bump sass from 1.77.5 to 1.77.6 (#27505)
Bumps [sass](https://github.com/sass/dart-sass) from 1.77.5 to 1.77.6.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.77.5...1.77.6)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 10:30:12 +02:00
dependabot[bot]
475568f475
Build(deps-dev): Bump puppeteer-core from 22.11.0 to 22.11.1 (#27504)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.11.0 to 22.11.1.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.11.0...puppeteer-core-v22.11.1)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 10:29:38 +02:00
dependabot[bot]
4f757988f2
Build(deps): Bump public_suffix from 5.1.0 to 5.1.1 (#27503)
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 5.1.0 to 5.1.1.
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: public_suffix
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 10:29:23 +02:00
Martin Brennan
6b872c4c53
FIX: Bump reject_reason limit for reviewables to 2000 characters (#27507)
Followup 783c935dcb

Some admins were finding that the limit introduced above was
too short especially when sending an email to rejected users.
This commit bumps the limit from 500 to 2000 and also fixes
an issue where the friendly error message was not shown in
the browser.

c.f. https://meta.discourse.org/t/500-character-reject-reason-is-too-small-a-limit/291884
2024-06-18 15:49:58 +10:00
Alan Guo Xiang Tan
006169f782
DEV: Remove hostname from DiscourseLogstashLogger output (#27485)
This is a duplicate of the `host` field which means we are bloating the
logs unnecessarily.

Just remove without depreciation for now but we are open to properly
depreciating it if others depend on this field.
2024-06-18 07:24:42 +08:00
Daniel Waterworth
0a881a59d3
DEV: Don't enforce per ip rate limits for admin api requests (#27500) 2024-06-17 13:21:11 -05:00
dependabot[bot]
6764134001
Build(deps): Bump erubi from 1.12.0 to 1.13.0 (#27497)
Bumps [erubi](https://github.com/jeremyevans/erubi) from 1.12.0 to 1.13.0.
- [Changelog](https://github.com/jeremyevans/erubi/blob/master/CHANGELOG)
- [Commits](https://github.com/jeremyevans/erubi/compare/1.12.0...1.13.0)

---
updated-dependencies:
- dependency-name: erubi
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:55:38 +02:00
dependabot[bot]
44701c1da7
Build(deps): Bump public_suffix from 5.0.5 to 5.1.0 (#27496)
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 5.0.5 to 5.1.0.
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v5.0.5...v5.1.0)

---
updated-dependencies:
- dependency-name: public_suffix
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:55:31 +02:00
Kris
0a99407bfb
UX: always show image preview controls, improve spacing (#27489) 2024-06-17 08:43:43 -04:00
dependabot[bot]
d1f1e93f3f
Build(deps-dev): Bump mocha from 2.3.0 to 2.4.0 (#27495)
Bumps [mocha](https://github.com/freerange/mocha) from 2.3.0 to 2.4.0.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:31:25 +02:00
dependabot[bot]
3a282f4442
Build(deps-dev): Bump rouge from 4.2.1 to 4.3.0 (#27494)
Bumps [rouge](https://github.com/rouge-ruby/rouge) from 4.2.1 to 4.3.0.
- [Release notes](https://github.com/rouge-ruby/rouge/releases)
- [Changelog](https://github.com/rouge-ruby/rouge/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rouge-ruby/rouge/compare/v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: rouge
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:30:57 +02:00
dependabot[bot]
e51ef6ac37
Build(deps): Bump zeitwerk from 2.6.15 to 2.6.16 (#27493)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.6.15 to 2.6.16.
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.6.15...v2.6.16)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:30:38 +02:00
dependabot[bot]
ba27735760
Build(deps): Bump net-imap from 0.4.12 to 0.4.13 (#27498)
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.4.12 to 0.4.13.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.4.12...v0.4.13)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 14:22:02 +02:00
Jarek Radosz
516d14d59b
DEV: Further refactor of card-contents-base (#27487)
* remove `boundCardClickHandler`
* remove jQuery usage
* explicitly pass `event` into `_positionCard()`
* move `_positionCard()` calls into the mixin
* inline variables
* remove `!target` check
* merge nested `if`s
* remove unnecessary `return`
* update the `_showCallback` comment
* move computed props below basic props
* `let` -> `const`
2024-06-14 23:27:29 +02:00
Jarek Radosz
c9f8708c42
DEV: Update Gemfile.lock to include darwin-24 (#27488)
(aka macOS Sequoia)
2024-06-14 22:25:02 +02:00
Kris
3a31c47d37
UX: remove padding to fix mobile thread date pinning (#27470) 2024-06-14 13:50:27 -04:00
Kris
e245bf2a18
UX: highlight "no subcategories" as active dropdown option (#27478) 2024-06-14 13:50:13 -04:00
Daniel Waterworth
63e8c79e2f
FIX: Make edit categories sidebar modal work more intuitively (#27111)
* Load search results in displayed order so that when more categories are loaded on scroll, they appear at the end,
 * Limit the number of subcategories that are shown per category and display 'show more' links,
2024-06-14 11:37:32 -05:00
Jarek Radosz
831b1fee36
DEV: Minor cleanup of user-card code (#27436) 2024-06-14 18:21:17 +02:00
Renato Atilio
49fdccbb1d
FIX: restrict a href protocols on form template description (#27472) 2024-06-14 11:39:43 -03:00
David Taylor
fb259acd52
DEV: Introduce callback-based native class syntax for modifyClass (#27324)
This allows modifyClass to be used like this:

```
api.modifyClass(
  "model:topic",
  (Superclass) =>
    class extends Superclass {
      static someStaticMethod() {
        return `${super.someStaticMethod()} modified`;
      }

      someFunction() {
        return `${super.someFunction()} modified`;
      }

      get someGetter() {
        return `${super.someGetter} modified`;
      }
    }
);
```

One limitation, which is the same as the old object-literal syntax, is that native class fields and constructors cannot be modified.

`@tracked` properties can be overriden, because the decorator turns them into getters/setters.

There is no need to pass a `pluginId` any more. Changes are automatically rolled back as part of test cleanup 🎉
2024-06-14 14:39:23 +01:00
dependabot[bot]
739855b750
Build(deps-dev): Bump the embroider group with 2 updates (#27476)
Bumps the embroider group with 2 updates: [@embroider/compat](https://github.com/embroider-build/embroider/tree/HEAD/packages/compat) and [@embroider/core](https://github.com/embroider-build/embroider/tree/HEAD/packages/core).


Updates `@embroider/compat` from 3.5.2 to 3.5.3
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/compat)

Updates `@embroider/core` from 3.4.11 to 3.4.12
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@embroider/compat"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 15:27:34 +02:00
Osama Sayegh
4aea12fdcb
DEV: Allow fetching specific site settings and introduce a service for updating site settings (#27481)
This commit adds ability to fetch a subset of site settings from the `/admin/site_settings` endpoint so that it can be used in all places where the client app needs access to a subset of the site settings.

Additionally, this commit also introduces a new service class called `UpdateSiteSetting` that encapsulates all the logic that surrounds updating a site setting so that it can be used to update site setting(s) anywhere in the backend. This service comes in handy with, for example, the controller for the flags admin config area which may need to update some site settings related to flags.

Internal topic: t/130713.
2024-06-14 13:07:27 +03:00
dependabot[bot]
86e768f9e9
Build(deps): Bump sanitize from 6.1.0 to 6.1.1 (#27475)
Bumps [sanitize](https://github.com/rgrove/sanitize) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](https://github.com/rgrove/sanitize/compare/v6.1.0...v6.1.1)

---
updated-dependencies:
- dependency-name: sanitize
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 11:00:42 +02:00