Commit Graph

53080 Commits

Author SHA1 Message Date
Joffrey JAFFEUX
84cd621bdc
FIX: allows to query a username made of integers (#25815)
If a user had `123456789` as username, it could be passed to the query as a number and the query would fail as it expects a string.

Also applies the same fix to groups.
2024-02-22 14:53:47 +01:00
Joffrey JAFFEUX
5ea1882e17
FIX: followRedirects when changing sidebar panel (#25814)
It was necessary in chat as we will for example:

- transition to `/chat`
- and then attempt to transition to ideal first channel, eg: `/chat/-/1`
- and then redirect to `/chat/browse` if no channels exist

Prior to this fix, clicking on `chat` button in the sidebar from the homepage would work but generate an error in the console:

```
Uncaught (in promise) TransitionAborted: TransitionAborted
    at buildTransitionAborted (http://127.0.0.1:4200/assets/vendor.js:42895:17)
    at logAbort (http://127.0.0.1:4200/assets/vendor.js:43345:12)
    at PrivateRouter.transitionDidError (http://127.0.0.1:4200/assets/vendor.js:24561:44)
    at http://127.0.0.1:4200/assets/vendor.js:43129:35
    at invokeCallback (http://127.0.0.1:4200/assets/vendor.js:45239:17)
    at publish (http://127.0.0.1:4200/assets/vendor.js:45225:9)
    at publishRejection (http://127.0.0.1:4200/assets/vendor.js:45174:5)
    at http://127.0.0.1:4200/assets/vendor.js:40914:52
    at invoke (http://127.0.0.1:4200/assets/vendor.js:39539:16)
    at Queue.flush (http://127.0.0.1:4200/assets/vendor.js:39455:13)
    at DeferredActionQueues.flush (http://127.0.0.1:4200/assets/vendor.js:39611:21)
    at Backburner._end (http://127.0.0.1:4200/assets/vendor.js:40040:34)
    at Backburner._boundAutorunEnd (http://127.0.0.1:4200/assets/vendor.js:39776:14)
```

As explained above, this was only redproducible when no channels are present.
2024-02-22 14:19:32 +01:00
David Taylor
502eceb570
DEV: Replace add-archetype-class mixin with body-class helper (#25813) 2024-02-22 13:11:24 +00:00
chapoi
13eabff739
UX: allow fullscreen composer on mobile (#25787) 2024-02-22 13:01:27 +01:00
chapoi
64a41729f7
UX: chat composer design update (mobile) (#25789) 2024-02-22 12:42:07 +01:00
Alan Guo Xiang Tan
6e9fbb5bab
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?

We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.

I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.

In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.

To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:

```
  def self.find_v1_auth_cookie(env)
    return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)

    env[DECRYPTED_AUTH_COOKIE] = begin
      request = ActionDispatch::Request.new(env)
      cookie = request.cookies[TOKEN_COOKIE]

      # don't even initialize a cookie jar if we don't have a cookie at all
      if cookie&.valid_encoding? && cookie.present?
        puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
      end
    end
  end
```

After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`

It takes a few tries but the last spec should fail and you should see something like this:

```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
    redirects to existing chat channel
    redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
  with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
 ```
 
 Note how the `/presence/get` request is using a token from the previous example. 

Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
Alan Guo Xiang Tan
c56c3adfde
DEV: Fix invalid test in 5dba5c4208 (#25810)
Why this change?

The previous test setup did not actually act as a regression test
because the test will still pass even when the fix is removed. This
commit uses a rendering test instead to ensure that Ember is tracking
the property change.
2024-02-22 19:10:23 +08:00
Keegan George
3b87a174e7
FIX: Customize form template view modal footer buttons (#25804) 2024-02-21 22:20:56 -08:00
Alan Guo Xiang Tan
867c2989d7
FEATURE: Add plugin-outlet before/after sidebar sections (#25807)
Why this change?

We have been getting customisation requests about adding stuff
before/after the sidebar sections so we are adding plugin outlets to
support those requests.
2024-02-22 12:58:13 +08:00
Blake Erickson
368bd2697a
DEV: Add more bulk-select-dropdown options (#25574)
This change updates the experimental bulk-select-dropdown (that is
currently feature-flagged) with more options.
2024-02-21 20:56:27 -07:00
Alan Guo Xiang Tan
5dba5c4208
DEV: Set ExtraNavItem count property to be a tracked property (#25806)
Why this change?

This regressed in b797434376 where
the count property in `ExtraNavItem` needs to be tracked as plugins can
be updating the count property directly.
2024-02-22 11:52:49 +08:00
Alan Guo Xiang Tan
31e44cfa82
DEV: Fix flaky "Changing email" system tests (#25805)
Why this change?

`current_url` does not rely on Capybara waiters so opt to use
`have_current_path` matcher instead. Also assert for email against
element displayed on the page instead of querying the database for it
which isn't really what system tests are meant for.
2024-02-22 10:46:37 +08:00
Kris
94199715cd
UX: fix sidebar section modal styles (#25803) 2024-02-21 18:22:03 -05:00
Jarek Radosz
43583772d5
DEV: Remove a duplicated file (#25802) 2024-02-21 23:50:36 +01:00
dependabot[bot]
a0a18b5b4a
Build(deps-dev): Bump @ember/optional-features from 2.0.0 to 2.1.0 in /app/assets/javascripts (#25799)
* Build(deps-dev): Bump @ember/optional-features

Bumps [@ember/optional-features](https://github.com/emberjs/ember-optional-features) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/emberjs/ember-optional-features/releases)
- [Changelog](https://github.com/emberjs/ember-optional-features/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-optional-features/commits)

---
updated-dependencies:
- dependency-name: "@ember/optional-features"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-21 23:17:02 +01:00
dependabot[bot]
54eb7ae561
Build(deps-dev): Bump sass from 1.71.0 to 1.71.1 in /app/assets/javascripts (#25800)
* Build(deps-dev): Bump sass in /app/assets/javascripts

Bumps [sass](https://github.com/sass/dart-sass) from 1.71.0 to 1.71.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.71.0...1.71.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-21 23:16:35 +01:00
dependabot[bot]
0ada48c4e3
Build(deps-dev): Bump webmock from 3.21.2 to 3.22.0 (#25798) 2024-02-21 22:36:54 +01:00
dependabot[bot]
7f41e61fe3
Build(deps): Bump sass-embedded from 1.71.0 to 1.71.1 (#25797) 2024-02-21 22:36:16 +01:00
dependabot[bot]
caadd65499
Build(deps): Bump rack from 2.2.8 to 2.2.8.1 (#25796) 2024-02-21 22:35:49 +01:00
Daniel Waterworth
9db009bf96
DEV: Reorder categories in sidebar edit modal (#25792)
Sort categories by relevance instead of alphabetically.
2024-02-21 14:35:04 -06:00
Daniel Waterworth
087712c1a6
DEV: Reduce duplication with DistributedMutex#clear_regex (#25795) 2024-02-21 14:19:04 -06:00
Daniel Waterworth
bf7470e93b
FIX: Make /categories/search order deterministic (#25793) 2024-02-21 12:20:40 -06:00
Bianca Nenciu
47623e1214
FIX: Ensure model properties are set (#25790)
New models do not have all properties set yet which caused issues when
trying to access them.
2024-02-21 20:08:47 +02:00
Daniel Waterworth
13291dc5ef
FIX: Cache keys should be strings (#25791)
* FIX: Cache keys should be strings

Otherwise, there are subtle bugs that don't show up with a single
process.
2024-02-21 10:55:48 -06:00
Jarek Radosz
428db40deb
DEV: Minor refactor of screen-track service (#25699)
Set/Map, async/await, inline vars, updated tests
2024-02-21 17:17:10 +01:00
Bianca Nenciu
9199c52e5e
FIX: Load categories with search topic results (#25700)
Add categories to the serialized search results together with the topics
when lazy load categories is enabled. This is necessary in order for the
results to be rendered correctly and display the category information.
2024-02-21 17:29:47 +02:00
Bianca Nenciu
d8c3924213
FIX: Category results should be ordered by term (#25771)
The two criteria used to order the results are if the category name
starts with the term and if the category is a top level category or not.
2024-02-21 16:32:58 +02:00
chapoi
a9f8009801
UX: Modal mobile fixes (#25788)
* UX: remove discourse-touch class wrapper

* UX: keep modal close btn in right position
2024-02-21 13:49:42 +01:00
David Taylor
a30b54be87
DEV: Update deprecation banner to include id and remove Ember 5 link (#25786)
We're starting to use this system for non-ember-5 deprecations, so linking to the Ember 5 topic doesn't make sense. Instead, we can include the deprecation ID to help with identifying the issue.
2024-02-21 10:59:09 +00:00
David Battersby
1d4ef460ac
UX: chat channel title links to channel settings (#25785) 2024-02-21 17:53:04 +08:00
Kelv
0f5d5403ea
dev: add bootbox to deprecation warnings to admins (#25765) 2024-02-21 17:34:02 +08:00
Alan Guo Xiang Tan
3e54351355
DEV: Change shape of errors in ThemeSettingsObjectValidator (#25784)
Why this change?

The current shape of errors returns the error messages after it has been
translated but there are cases where we want to customize the error
messages and the current way return only translated error messages is
making customization of error messages difficult. If we
wish to have the error messages in complete sentences like
"`some_property` property must be present in #link 1", this is not
possible at the moment with the current shape of the errors we return.

What does this change do?

This change introduces the `ThemeSettingsObjectValidator::ThemeSettingsObjectErrors`
and `ThemeSettingsObjectValidator::ThemeSettingsObjectError` classes to
hold the relevant error key and i18n translation options.
2024-02-21 15:27:42 +08:00
Ella E
05f6d9be7b
UX: Change the color of the overriden dot to be slightly visible in dark mode (#25782) 2024-02-21 12:49:20 +08:00
Martin Brennan
ac92cc526d
FIX: Admin sidebar was hiding chat/forum toggle button (#25781)
We have separated and combined modes for sidebar panels.
Separated means the panels show only their own sections,
combined means sections from all panels are shown.

The admin sidebar only shows its own panels, so it must set
the mode to separated; however when we navigate to chat or
home we must revert to the initial mode setttings.
2024-02-21 14:44:09 +10:00
Martin Brennan
95014e9ab8
FIX: Do not duplicate admin sidebar plugin links (#25780)
When hiding/showing the sidebar, as is the case on mobile
and using the toggle in the top left on desktop, we delete
and recreate the ember component on the page. This causes
the `sections` for each sidebar panel to get re-evaluated
every time.

For the admin sidebar, this means that we were constantly
re-adding the plugin links to the sidebar, causing duplication.
This can be fixed by just adding @cached to the getter for
sections.
2024-02-21 12:58:31 +10:00
Ted Johansson
533b91dec6
FEATURE: Add a checkbox for users to confirm before flagging as illegal (#25762)
The Digital Services Act requires a checkbox for any user who's flagging a post as illegal to confirm that they are flagging in good faith. This PR adds that.
2024-02-21 10:49:19 +08:00
Daniel Waterworth
0529d20db4
DEV: Use DistributedCache#defer_get_set instead of getting and setting (#25778)
We use defer_get_set everywhere else, so for consistency and reducing
complexity, this is better.
2024-02-20 18:29:01 -06:00
Alan Guo Xiang Tan
a4305cd69c
Revert "Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.4 in /app/assets/javascripts (#25772)" (#25779)
This reverts commit ec63f2b876.

Broke the build
2024-02-21 08:13:25 +08:00
Alan Guo Xiang Tan
cac60a2c6b
DEV: Support category type in theme setting object schema (#25760)
Why this change?

This change supports a property of `type: category` in the schema that
is declared for a theme setting object. Example:

```
sections:
  type: objects
  schema:
    name: section
    properties:
      category_property:
        type: category
```

The value of a property declared as `type: category` will have to be a
valid id of a row in the `categories` table.

What does this change do?

Adds a property value validation step for `type: category`. Care has
been taken to ensure that we do not spam the database with a ton of
requests if there are alot of category typed properties. This is done by
walking through the entire object and collecting all the values for
properties typed category. After which, a single database query is
executed to validate which values are valid.
2024-02-21 08:11:15 +08:00
Alan Guo Xiang Tan
3e331b1725
DEV: Set a bytesize limit for ThemeSetting#json_value (#25761)
Why this change?

Firstly, note that this is not a security commit because this feature is
still in development and should not be used anywhere.

The reason we want to set a limit here is to greatly reduce the
possibility of a DoS attack in the future via `ThemeSetting` where
someone would set an arbituary large json string in
`ThemeSetting#json_value` and causing the server to run out of resources
trying to serialize/deserialize the value.

What does this change do?

Adds an ActiveRecord validation to ensure that the bytesize of the json
string being stored is smaller than or equal to 0.5mb. We believe 0.5mb
is a decent limit for now but we can review the limit in the future if
we believe it is too small.
2024-02-21 08:09:37 +08:00
Alan Guo Xiang Tan
6ca2396b12
DEV: Centralise logic for validating a theme setting value (#25764)
Why this change?

The logic for validating a theme setting's value and default value was
not consistent as each part of the code would implement its own logic.
This is not ideal as the default value may be validated differently than
when we are setting a new value. Therefore, this commit seeks to
refactor all the validation logic for a theme setting's value into a
single service class.

What does this change do?

Introduce the `ThemeSettingsValidator` service class which holds all the
necessary helper methods required to validate a theme setting's value
2024-02-21 08:08:26 +08:00
dependabot[bot]
ec63f2b876
Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.4 in /app/assets/javascripts (#25772)
* Build(deps): Bump @uppy/drop-target in /app/assets/javascripts

Bumps [@uppy/drop-target](https://github.com/transloadit/uppy) from 2.0.1 to 2.0.4.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/drop-target@2.0.1...@uppy/drop-target@2.0.4)

---
updated-dependencies:
- dependency-name: "@uppy/drop-target"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-21 08:04:38 +08:00
dependabot[bot]
2a02fff860
Build(deps-dev): Bump selenium-devtools from 0.121.0 to 0.122.0 (#25776)
Bumps [selenium-devtools](https://github.com/SeleniumHQ/selenium) from 0.121.0 to 0.122.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

---
updated-dependencies:
- dependency-name: selenium-devtools
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-21 00:07:49 +01:00
dependabot[bot]
c986670db4
Build(deps): Bump ip from 1.1.8 to 1.1.9 (#25777)
Bumps [ip](https://github.com/indutny/node-ip) from 1.1.8 to 1.1.9.
- [Commits](https://github.com/indutny/node-ip/compare/v1.1.8...v1.1.9)

---
updated-dependencies:
- dependency-name: ip
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-21 00:04:47 +01:00
dependabot[bot]
1924469693
Build(deps-dev): Bump webmock from 3.21.0 to 3.21.2 (#25773)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.21.0 to 3.21.2.
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.21.0...v3.21.2)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-20 23:35:09 +01:00
dependabot[bot]
8e2c44deb7
Build(deps-dev): Bump selenium-webdriver from 4.18.0 to 4.18.1 (#25775)
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.18.0 to 4.18.1.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.18.0...selenium-4.18.1)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-20 23:33:40 +01:00
Krzysztof Kotlarek
ee393a7953
UX: hide the draggable icon in the sidebar form on mobile (#25738)
Drag and drop link works only on desktop. Therefore, the drag icon should be hidden on mobile.
2024-02-21 09:16:49 +11:00
Martin Brennan
ed47b55026
DEV: Increase default SMTP read timeout to 30s (#25763)
A while ago we increased group SMTP read and open timeouts
to address issues we were seeing with Gmail sometimes giving
really long timeouts for these values. The commit was:

3e639e4aa7

Now, we want to increase all SMTP read timeouts to 30s,
since the 5s is too low sometimes, and the ruby Net::SMTP
stdlib also defaults to 30s.

Also, we want to slightly tweak the group smtp email job
not to fail if the IncomingEmail log fails to create, or if
a ReadTimeout is encountered, to avoid retrying the job in sidekiq
again and sending the same email out.
2024-02-21 07:13:18 +10:00
Jarek Radosz
5817156499
UX: Fix the video spinner css (#25770)
A followup to 62e36145c5
2024-02-20 20:44:23 +01:00
Daniel Waterworth
13083d03ae
DEV: Async category search for sidebar modal (#25686) 2024-02-20 11:24:30 -06:00