Commit Graph

897 Commits

Author SHA1 Message Date
Sam
a34bc92e1a DEV: update mini profiler
This provides us with instrumentation missing after rails upgrade

Latest version of rails uses exec_params internally which is no longer
routed to intercepted methods in mini profiler 1.0.0
2018-12-10 14:29:20 +11:00
Sam
fcb3f1e219 DEV: upgrade Rails to version 5.2.2 2018-12-10 11:29:28 +11:00
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Sam
8868cfd2e4 FIX: redis leak when visiting large amounts of topics
Message bus uses a key to keep track of the last id for each channel
this key was never expired even if channel data expired

This change ensures we also expire the tracking key, it means a lot to us
cause each topic has a channel, so if you have 1 million topics that is
1 million keys that may persist forever
2018-11-30 14:41:15 +11:00
Arpit Jalan
597f170995 bump onebox version
- FIX: show Google video preview on iOS devices
- FIX: convert relative image url to absolute url
2018-11-17 13:45:55 +05:30
Sam
296928ec04 FIX: update logster to handle logging of invalid encoding strings
Previously if a string had invalid encoding we would explode and log
to STDERR, this often goes lost, instead logster now scrubs as needed
2018-11-13 16:06:06 +11:00
Osama Sayegh
dd0b4c565b Bump logster version (#6584) 2018-11-12 08:49:00 +08:00
Arpit Jalan
cf0acad1e4 bump onebox version (again)
- Improve google photos album title
2018-11-09 18:31:25 +05:30
Arpit Jalan
1151c093ad bump onebox version
- Better Google Photos oneboxing
2018-11-09 15:44:06 +05:30
Sam
81ccfa5a8a there is a new bundler 2018-11-07 10:05:22 +11:00
Sam
3951e9b528 SECURITY: update rack from 2.0.5 to 2.0.6
This release contains security fixes to the underlying rack library
used by Discourse.

Impact is not too high as we do not use request.scheme in our templates
2018-11-07 10:05:22 +11:00
Kyle Zhao
57ab6bcba1 SECURITY: update loofah for CVE-2018-16468 2018-10-30 10:51:03 -04:00
Arpit Jalan
7fe3491bc0 bump onebox version
- UX: make title on Instagram less redundant
2018-10-25 12:18:16 +05:30
Penar Musaraj
d20fd66286 bump onebox to 1.8.64 2018-10-16 11:10:11 -04:00
Sam
3aceda2dfd Update to latest version of message bus
This includes DistributedCache which we will be using and perf fixes
2018-10-15 13:49:04 +11:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Guo Xiang Tan
893c0e9d5f Don't run the pre-release for bundler. 2018-10-08 09:23:39 +08:00
Grey Baker
6995fd12c6 build(deps): [security] bump nokogiri from 1.8.3 to 1.8.5 (#6455)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.3 to 1.8.5. **This update includes security fixes.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.8.3...v1.8.5)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-10-05 09:43:17 -04:00
Sam
378584fdc0 correct under reporting of memory in memory profiler 2018-10-04 17:02:53 +10:00
Arpit Jalan
420e7bccca bump onebox version (take 2)
- better detection of zero dollar amazon price
2018-10-03 17:54:56 +05:30
Arpit Jalan
b56d0026b9 bump onebox version
- do not display zero dollar price on Amazon onebox
- fix google play store onebox
2018-10-03 17:05:51 +05:30
Sam Saffron
a2b6eed284 FIX: correct compilation issues on clang 10
In MacOS we need different compilation flags now that some are
deprecated in clang 10, this is not specific to mojave which was
the previous fix
2018-09-28 09:42:06 +08:00
Sam Saffron
afd2edabe4 DEV: update mini_racer for Mojave support
MacOS Mojave deprecates some libraries making it a bit
harder to compile Mini Racer, this release adds support
2018-09-26 07:43:34 +08:00
Arpit Jalan
80229668f9 bump onebox version
- FIX: user correct steam placeholder image url
- catch up Ruby 2.6
2018-09-19 10:06:43 +05:30
Gerhard Schlager
fb9e3e6423 Update aws-sdk-s3
In preparation for https://github.com/discourse/discourse/pull/6345
2018-09-17 17:39:46 +02:00
Sam
5bb7cc8710 FIX: update PG gem
We need the newer PG gem to fix issues around rb_wait_for_single_fd that
pop up in rare conditions
2018-09-13 21:57:20 +10:00
Gerhard Schlager
0d8c72d8c4 DEV: Add rake task to check locale files for errors 2018-09-05 00:47:39 +02:00
Arpit Jalan
8ce8edaf40 bump onebox version 2018-08-31 15:10:11 +05:30
Arpit Jalan
6b9aeeea73 bump onebox version 2018-08-31 08:40:36 +05:30
Guo Xiang Tan
a928bf4300 Revert rails_multisite back to 2.0.4. 2018-08-30 15:42:51 +08:00
Arpit Jalan
2872b100dc bump onebox version 2018-08-29 16:55:06 +05:30
Sam
b760f66523 Upgrade PG gem to latest
This unlocks some performance improvements
2018-08-27 10:58:19 +10:00
Guo Xiang Tan
6acba44ed9 Revert "Install mailcatcher in development."
This reverts commit 914ce34e5b.

* requires sqlite3 to be installed.
2018-08-21 15:40:50 +08:00
Guo Xiang Tan
914ce34e5b Install mailcatcher in development. 2018-08-21 15:28:02 +08:00
Sam
168ffd8384 FEATURE: group warnings about IP level rate limiting 2018-08-13 14:38:20 +10:00
Neil Lalonde
b829452c75
Merge pull request #6209 from discourse/mini_scheduler
REFACTOR: extract scheduler to the mini_scheduler gem
2018-08-01 10:28:24 -04:00
Gerhard Schlager
a115aae45f Use rchardet instead of charlock_holmes gem 2018-08-01 10:41:20 +02:00
Gerhard Schlager
ff942ed2f3 FIX: Try detecting encoding of RSS feed 2018-08-01 10:41:20 +02:00
Neil Lalonde
4ad7ce70ce REFACTOR: extract scheduler to the mini_scheduler gem 2018-07-31 17:12:55 -04:00
Arpit Jalan
458d9cd17a bump onebox version 2018-07-31 22:52:03 +05:30
Joffrey JAFFEUX
b4a2f3fe2f
DEV: implementing danger for travis 2018-07-24 10:12:15 -04:00
Arpit Jalan
22dad7f0e8 bump onebox version 2018-07-17 13:55:00 +05:30
Arpit Jalan
39299fdd8c bump onebox version 2018-07-16 11:43:32 +05:30
Arpit Jalan
2a5a57a87e bump onebox version 2018-07-12 21:29:34 +05:30
Guo Xiang Tan
72a3457379 Bump discourse_image_optim which uses a global timeout.
Our previous solution has the timeout set at the worker level
which means the total timeout would be X timeout secs * N number of
workers.
2018-07-09 10:30:18 +08:00
Sam
564e7e6898 FEATURE: update libv8 to version 6.7
This has parity with stable Chrome!
2018-07-09 09:08:25 +10:00
Sam
f662d1135e FIX: update mini_racer corrects erratic segfaults
In some conditions mini_racer would segfault causing sidekiq crash or
web crash, this was automatically recovered from but not ideal.
2018-07-06 11:00:07 +10:00
Guo Xiang Tan
3d2f3ef8ae Update discourse_image_optim gem. 2018-07-03 15:22:54 +08:00
Arpit Jalan
55a963252d bump onebox version 2018-07-02 10:36:26 +05:30
Joffrey JAFFEUX
ebd2be9e02
DEV: lower highline requirement 2018-06-27 22:50:00 +02:00
Arpit Jalan
2f5b7beace bump onebox version 2018-06-25 11:22:06 +05:30
Sam
da8c6e9ac0 bump mini_sql for faster/more correct time conversions 2018-06-24 15:17:47 +10:00
Arpit Jalan
a171464a55 bump onebox version 2018-06-20 16:47:55 +05:30
Guo Xiang Tan
bb959e85e6 Pin exifr to 1.2.5. 2018-06-20 17:27:46 +08:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
2018-06-20 17:53:49 +10:00
Guo Xiang Tan
76707eec1b Update rails_multisite. 2018-06-20 15:11:41 +08:00
Arpit Jalan
ccb57e609f bump onebox version 2018-06-20 11:06:56 +05:30
Sam
2a8e7a5d4e upgrade gems 2018-06-20 10:07:56 +10:00
Sam
8ea29c51ae SECURITY: update sprockets for CVE-2018-3760 2018-06-20 09:49:26 +10:00
Sam
b8e5989201 correct rake db:create, which needs a defer DB object 2018-06-19 16:43:50 +10:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Guo Xiang Tan
f4fdcda502 Upgrade to Rails 5.2 take 2. 2018-06-08 09:33:50 +08:00
Gerhard Schlager
c6bf8f6e24 FIX: Uploading JPEG files didn't work anymore 2018-06-07 17:39:27 +02:00
Sam
1834417e2f downgrade rails properly 2018-06-07 20:38:22 +10:00
Sam
d3b8ee761c revert to rails 5.1 for now 2018-06-07 19:47:53 +10:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Guo Xiang Tan
2bd905c632 Revert "Upgrade Rails to 5.1.6."
This reverts commit ab66215f5c.
2018-06-07 09:49:38 +08:00
Guo Xiang Tan
ab66215f5c Upgrade Rails to 5.1.6. 2018-06-07 08:34:36 +08:00
Régis Hanol
685083491e FEATURE: StackOverflow importer 2018-06-04 16:57:12 +02:00
Guo Xiang Tan
2bafd2a355 Don't pin version of Fabrication gem. 2018-05-28 15:09:02 +08:00
Arpit Jalan
1c61117cbc bump onebox version 2018-05-23 17:44:01 +05:30
Régis Hanol
8238097d0f bump email_reply_trimmer 2018-05-17 10:22:53 +02:00
Sam
fc54238726 FIX: message bus had corrupt internal state for first 30 secs
This upgrades message bus to latest and corrects an issue where
it did not track the fact it was polling for the first 30 seconds

It corrected internal state after, but this caused some odd issues
2018-05-16 12:19:16 +10:00
Guo Xiang Tan
b18e0825b5 Update Gemfile.lock. 2018-05-07 17:10:34 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Arpit Jalan
c718c59b5d bump onebox version 2018-05-03 16:14:16 +05:30
Régis Hanol
ddb092f397 FIX: update mail gem to fix UTF-8 parsing issue 2018-04-25 21:53:37 +02:00
Arpit Jalan
256545ca2c bump onebox version 2018-04-23 15:18:19 +05:30
Sam
050ce48bd0 Update message bus to correct issue where too many reqs are performed 2018-04-20 15:52:24 +10:00
Guo Xiang Tan
9c9fa4537c Update Redis gems. 2018-04-20 12:49:36 +08:00
Guo Xiang Tan
56b3527eb8 Upgrade Sidekiq. 2018-04-20 11:47:40 +08:00
Sam
284c946128 revert puma upgrade for now
it does not work right in dev
2018-04-11 14:36:10 +10:00
dependabot[bot]
a89d7ef851 Bump puma from 3.9.1 to 3.11.3
Bumps [puma](https://github.com/puma/puma) from 3.9.1 to 3.11.3.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.9.1...v3.11.3)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-04-10 16:09:30 +10:00
Guo Xiang Tan
689144b2bf Upgrade Mail gem. 2018-04-04 18:35:40 +08:00
Sam
98faf2878e FEATURE: bump rack-mini-profiler version
This corrects a warning in chrome console and provides better jQuery 3 compatability
2018-03-29 11:12:09 +11:00
Régis Hanol
2c1ede6e5f update email_reply_trimmer 2018-03-28 13:12:50 +02:00
Robin Ward
2ca37602d9 Update rack-protection 2018-03-26 12:49:54 -04:00
Robin Ward
84e1ffd141 Update rails-html-sanitizer 2018-03-26 12:48:28 -04:00
Arpit Jalan
3a62eba299 bump onebox version 2018-03-22 11:38:01 +05:30
Régis Hanol
25284d2340 update loofah gem 2018-03-21 13:32:28 +01:00
Régis Hanol
9c4936ec9c update sanitize gem 2018-03-21 13:27:17 +01:00
Arpit Jalan
3e32ab1523 UX: css for Instagram onebox 2018-03-19 13:32:36 +05:30
Guo Xiang Tan
8027096c09 Partially revert "Upgrade mail gem to remove dependency on mime-types."
Still seeing heap_live_count spikes.

This reverts commit 58b8ea4f41.
2018-03-14 20:21:45 +08:00
Guo Xiang Tan
58b8ea4f41 Upgrade mail gem to remove dependency on mime-types.
* Use a EmailValidator.email_regexp for `Email.is_valid?`
  check as we're seeing an increase in allocation when
  parsing email addresses wih `Mail::Address`.
2018-03-14 14:37:55 +08:00
Sam
685406b1bb try updating rubocop so it does not crash 2018-03-13 17:58:23 +11:00
Sam
39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Guo Xiang Tan
bdb25338e5 Update bootsnap. 2018-03-06 17:37:02 +08:00
Gerhard Schlager
56bacb1c2f Bump onebox 2018-02-27 12:07:16 +01:00
Sam
79e0cd7f52 update onebox 2018-02-26 10:15:14 +11:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00