Commit Graph

40718 Commits

Author SHA1 Message Date
Kris
4f588a0569
UX: fix button alignment on log-in required page (#11965) 2021-02-04 14:38:58 +11:00
Kris
615a091707
UX: ensure category breadcrumbs have consistent height (#11966) 2021-02-04 14:38:12 +11:00
Krzysztof Kotlarek
f39e7fe81d
FEATURE: New way to dismiss new topics (#11927)
This is a try to simplify logic around dismiss new topics to have one solution to work in all places - dismiss all-new, dismiss new in a specific category or even in a specific tag.
2021-02-04 11:27:34 +11:00
Blake Erickson
151193bb11
document api endpoints (#11958)
* DEV: Documented several group endpoints

* documented some more endpoints

* document more api endpoints

* Document backup endpoints

* remove puts
2021-02-03 17:12:35 -07:00
Martin Brennan
e58f9f7a55
DEV: Move logic for rate limiting user second factor to one place (#11941)
This moves all the rate limiting for user second factor (based on `params[:second_factor_token]` existing) to the one place, which rate limits by IP and also by username if a user is found.
2021-02-04 09:03:30 +10:00
Robin Ward
61f5d501cb
DEV: Migrate to Ember CLI (#11932)
This encompasses a lot of work done over the last year, much of which
has already been merged into master. This is the final set of changes
required to get Ember CLI running locally for development.

From here on it will be bug fixes / enhancements.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
2021-02-03 14:22:20 -05:00
Jarek Radosz
8ad5284cf7
FIX: Don't create email invites when SSO is on or local logins are off (#11951)
A more general, lower-level change in addition to #11950.

Most code paths already check if SSO is enabled or if local logins are disabled before trying to create an email invite.
This is a safety net to ensure no invalid invites sneak by. 

Also includes:
FIX: Don't allow to bulk invite when SSO is on (or when local logins are disabled)
This mirrors can_invite_to_forum? and other email invite code paths.
2021-02-03 19:01:23 +01:00
Jarek Radosz
704778f448
FIX: Don't invite new users via group with SSO on or local logins off (#11950)
Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339

Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on.

We already prevent that in most places. This adds required checks to `GroupsController`.
2021-02-03 18:13:00 +01:00
Jarek Radosz
45931f86be
DEV: Remove bulk group admin endpoints (#11949)
Originally added in 47e25648df. Looks like all related code was removed in c82b2dcc24 and b76731d722.
2021-02-03 18:12:22 +01:00
Penar Musaraj
2dc48fd6c1
UX: Uniformize styles for focus states (#11933) 2021-02-03 11:45:54 -05:00
Penar Musaraj
04dd4a75af
UX: Always show confirmation dialog when converting themes/components (#11953) 2021-02-03 11:45:25 -05:00
Robin Ward
93c25070fa
FIX: In FastImage 2.2.2 an error is raised with a nil path (#11954)
* FIX: In FastImage 2.2.2 an error is raised with a `nil` path

Sometimes Discourse.store.path_for would return `nil`, which the job
handled gracefully before, but raises an error with the new version of
the gem.

Note the logic of this job is a bit awkward since it depends on `nil`
being a string, but at least now it's no longer filling logs with
errors.

* Update app/jobs/onceoff/fix_invalid_gravatar_uploads.rb

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>
2021-02-03 11:45:12 -05:00
Jarek Radosz
155ae06f62
DEV: Remove group-members-dropdown (#11948)
It was introduced in c82b2dcc24, but since b76731d722 and 58ee947b35 it's a single-option dropdown, so there's no need to show it (and keep it) instead of a button. We use a button for non-admins already.
2021-02-03 17:42:12 +01:00
Jarek Radosz
39a9651847
DEV: Remove update_mail_receiver and deprecated_api_usage (#11947)
`update_mail_receiver`-related code was removed in 269ec70ba8 and `deprecated_api_usage`-related code was removed in d04ba4b3b2.
2021-02-03 17:41:47 +01:00
Arpit Jalan
7f86a310ef
FEATURE: check blocked_onebox_domains setting for inline oneboxes (#11944) 2021-02-03 21:45:22 +05:30
Penar Musaraj
2309032e68
FIX: Include extra SCSS in child theme (#11952) 2021-02-03 11:02:53 -05:00
Osama Sayegh
db7b7eed9d
FIX: Restore support for pasting multiple PM recipients (#11945)
This is a regression from 98201ecc24.

Meta topic: https://meta.discourse.org/t/-/178167?u=osama.

Signed-off-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2021-02-03 18:06:16 +03:00
Vinoth Kannan
024f2720f3
DEV: apply cdn headers to public javascripts endpoint too. (#11942)
It will add CORS header `Access-Control-Allow-Origin: '*'` to the files inside `public/javascripts` folder.
2021-02-03 20:15:52 +05:30
dependabot[bot]
aa09373813
Build(deps): Bump i18n from 1.8.7 to 1.8.8 (#11940)
Bumps [i18n](https://github.com/ruby-i18n/i18n) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/ruby-i18n/i18n/releases)
- [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-i18n/i18n/compare/v1.8.7...v1.8.8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-03 09:34:30 -05:00
David Taylor
6ca3b6d32c
DEV: Move vscode config files to .vscode-sample directory (#11943)
We want to allow developers to customize their own vscode environment.
Including launch.json/tasks.json files in the repository makes this very
difficult.

These were originally added for GitHub codespaces. Once codespaces is
more widely available, we can look into automatically copying the
`.vscode-sample` directory to `.vscode` when the codespace boots.
2021-02-03 14:14:39 +00:00
Bianca Nenciu
901cee55cd
FEATURE: Improve group settings and members management (#11878)
This pull requests contains a series of improvements to groups
settings and member management such as:

- Showing which users have set a group as primary
- Moving similar settings together under Effects
- Adding bulk select and actions to members page
2021-02-03 16:11:08 +02:00
Alan Guo Xiang Tan
0cc178d58b
FIX: Avoid pulling hotlinked images of post that have been deleted. (#11913) 2021-02-03 16:45:07 +11:00
Bianca Nenciu
3744e49190
FIX: Refresh category order after save (#11936)
The changes were not visible immediately after saving reordered
categories.
2021-02-03 16:44:13 +11:00
Martin Brennan
6d72c8ab19
FEATURE: Topic timer UI revamp (#11912)
This PR revamps the topic timer UI, using the time shortcut selector from the bookmark modal.

* Fixes an issue where the duration of hours/days after last reply or auto delete replies was not enforced to be > 0
* Fixed an issue where the timer dropdown options were not reloaded correctly if the topic status changes in the background (use `MessageBus` to publish topic state in the open/close timer jobs)
* Moved the duration input and the "based on last post" option from the `future-date-input` component, as it was only used for topic timers. Also moved out the notice that is displayed which was also only relevant for topic timers.
2021-02-03 10:13:32 +10:00
Robin Ward
f39ae8a903
SECURITY: Rate limit MFA by login if possible (#11938)
This ensures we rate limit on logins where possible, we also normalize logins for the rate limiters centrally.
2021-02-03 10:26:28 +11:00
Rafael dos Santos Silva
78c775c39e
UX: Remove border from certificate due to iframe (#11935) 2021-02-02 20:05:26 -03:00
dependabot[bot]
1945daf46e
Build(deps): Bump rubocop-rspec from 2.1.0 to 2.2.0 (#11939)
Bumps [rubocop-rspec](https://github.com/rubocop-hq/rubocop-rspec) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rspec/compare/v2.1.0...v2.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-02 22:51:10 +01:00
Vinoth Kannan
e6a02469ad
DEV: refresh all CDN endpoint URLs except the S3 uploads & assets. (#11937)
Using this added a temporary query param to force browsers to redownload all CDN endpoints.
2021-02-03 02:22:01 +05:30
Kris
2ee63a6a83
DEV: Update icon structure in bootbox buttons (#11925) 2021-02-02 15:47:10 -05:00
Kris
75d766499f
Update a couple buttons to use correct markup (#11926) 2021-02-02 15:46:48 -05:00
Penar Musaraj
e8b82724fd
DEV: Refactor theme SCSS compilation (#11919) 2021-02-02 13:09:41 -05:00
Gerhard Schlager
f88def5f5b
PERF: Avoid lookbehinds when replacing links in imported emails (#11931)
Follow-up to 3c678df942
2021-02-02 17:34:00 +01:00
Joffrey JAFFEUX
12a4fefef6
FIX: ensures rects is present before using it (#11930)
I don't have a clear reproduction ATM, but I imagine that in fast tests element can get destroyed before we get to use it.
2021-02-02 14:43:13 +01:00
Gerhard Schlager
fa33e4863d
DEV: Remove deprecated bootsnap options (#11929)
Bootsnap started printing these warnings:

```
[DEPRECATED] Bootsnap's `autoload_paths_cache:` option is deprecated and will be removed. If you use Zeitwerk this option is useless, and if you are still using the classic autoloader upgrading is recommended.
[DEPRECATED] Bootsnap's `disable_trace:` option is deprecated and will be removed. If you use Ruby 2.5 or newer this option is useless, if not upgrading is recommended.
```
2021-02-02 14:39:51 +01:00
Discourse Translator Bot
4860c7c6ee
Update translations (#11928) 2021-02-02 14:37:52 +01:00
Gerhard Schlager
d055552994
Fix i18n issues reported on Crowdin (#11747)
* Pluralize `groups.errors.adding_too_many_users`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#53882

* Pluralize `js.composer.error.title_too_short`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41172

* Pluralize `js.composer.error.title_too_long`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41174

* Pluralize `js.composer.error.post_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41178

* Pluralize `js.topic.progress.jump_prompt_of`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41958

* Use translations to join strings about posters
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#49334
  It also makes some changes to the crawler view:
    * Removes `poster.moreCount` which is only available on the client for PMs
    * CSS class names are actually stored in `poster.extras` instead of `poster.extraClasses`

* Stop concatenating category stats
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40740

* Pluralize `js.summary.description`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40782

* Pluralize `js.summary.description_time_MF`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40784

* Use translation to join list of tags
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43372

* Pluralize `admin_js.admin.groups.manage.membership.automatic_membership_user_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43720

* Pluralize `js.post.controls.delete_topic_confirm_modal`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#54804

* Stop concatenating `js.post.last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42358

* Stop concatenating `js.post.wiki_last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42356
  It also fixes a regression because `js.post.wiki_last_edited_on` wasn't used anymore since 2017.
2021-02-02 10:50:04 +01:00
Vinoth Kannan
9d2eaec88f
DEV: enable CORS to all CDN get requests from workbox. (#11896)
To prevent opaque cache files, now all the CDN files will be requested in 'cors' mode if the cdn_cors_enabled global setting is enabled. Before enabling the setting, should enable the cors in the CDN server by adding the response header `access-control-allow-origin: *` or `access-control-allow-origin: https://discourse.example.com.`

And other external file requests other than CDN will not be cached if the response type is opaque.
2021-02-02 11:38:29 +05:30
Martin Brennan
ea1ffe390b
FIX: Show bookmark name in quick access hover (#11924)
This PR makes it so the bookmark name shows on hover in the quick access menu. A change was necessary to quick-access-item for the title to render for the link.
2021-02-02 15:04:02 +10:00
Rafael dos Santos Silva
bf5611f7eb
FIX: Make discobot certificate faster/non blocking (#11344)
This moves the way we add the user avatar and site logo
to the discobot certificates from embeded base64 png to
just using the files urls in the href to the image tag.

This will make generation faster and the certificate
smaller overall, but it can't be used in a  `img` tag
anymore, since SVGs in `img` tags don't load the external images

In order to work around that we will move the certificate
in posts to an iframe, which works fine without any user
visible changes. For this to be possible the plugin automatically
adds the site current domain to the list of allowed iframe origins.
2021-02-01 20:49:32 -03:00
dependabot[bot]
ca4a962766 Build(deps): Bump rubocop from 1.9.0 to 1.9.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v1.9.0...v1.9.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 06:47:02 +08:00
dependabot[bot]
b43a169fc8 Build(deps-dev): Bump webmock from 3.11.1 to 3.11.2
Bumps [webmock](https://github.com/bblimke/webmock) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.11.1...v3.11.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 06:46:53 +08:00
dependabot[bot]
c2e8a43b60 Build(deps): Bump excon from 0.78.1 to 0.79.0
Bumps [excon](https://github.com/excon/excon) from 0.78.1 to 0.79.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.78.1...v0.79.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 06:46:43 +08:00
dependabot[bot]
a2ec617208 Build(deps): Bump bootsnap from 1.6.0 to 1.7.0
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.6.0...v1.7.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 06:39:28 +08:00
Roman Rizzi
e040de0c2c
DEV: New option to always destroy posts. (#11898) 2021-02-01 16:57:31 -05:00
Dan Ungureanu
4b3d34d3d4
FIX: Skip shared drafts logic if disabled (#11918)
It always showed shared drafts if no category was set.

Follow-up to dd175537f3.
2021-02-01 20:29:04 +02:00
Penar Musaraj
0f31a221c9
DEV: Performance fixes to filtered replies (#11916) 2021-02-01 11:53:13 -05:00
Osama Sayegh
6efdeef461
FIX: Emoji search/autocomplete should respect selected skin tone (#11917)
This commit makes our emoji autocomplete in the composer respect the skin tone you select in the emoji picker.
2021-02-01 19:36:35 +03:00
Dan Ungureanu
dd175537f3
FIX: Existing shared drafts should be accessible (#11915)
Disabling shared drafts used to leave topics in an inconsistent state
where they were not displayed as shared drafts and thus there was no
way of publishing them. Moreover, they were accessible just to users
who have permissions to create shared drafts.

This commit adds another permission check that is used for most
operations and the old can_create_shared_draft? remains used just when
creating a new shared draft.
2021-02-01 16:16:34 +02:00
Robin Ward
f113648107
DEV: Migrate more tests to our Ember CLI format. (#11899)
This should be fully backwards compatible.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-02-01 09:01:47 -05:00
Osama Sayegh
98201ecc24
DEV: {{user-selector}} replacement (#11726)
This PR is the first step towards replacing our `{{user-selector}}` and eventually deprecating and removing it from our codebase. Some of `{{user-selector}}` problems are:

1. It's called `{{user-selector}}`, but in reality in can also select groups and emails.
2. It's an Ember component, yet it doesn't have a handlebars template and uses jQuery to render itself and modify the DOM. An example of this problem is when you want to clear the selected users programmatically, see [this](6c155dba77/app/assets/javascripts/discourse/app/components/user-selector.js (L179-L185)).
3. We now have select kit which does very similar things but a lot better.

This PR introduces `{{email-group-user-chooser}}` which is meant to replace `{{user-selector}}`. It extends select kit and has the same features that `{{user-selector}}` has. `{{user-selector}}` is still used in a few places in core, but they'll all be replaced with the new component in a separate commit. 

Once `{{user-selector}}` is not used anywhere in core, it'll be deprecated and then removed after the 2.7 release.
2021-02-01 13:07:11 +03:00