Commit Graph

43319 Commits

Author SHA1 Message Date
Penar Musaraj
689a3711c0
DEV: Remove a few unused icons (#14696) 2021-10-22 12:03:58 -04:00
David Taylor
00c6d16dce
DEV: Make PresenceChannel timeout configurable per-channel (#14697) 2021-10-22 16:24:55 +01:00
Joffrey JAFFEUX
76a9ca99a8
DEV: removes jquery usage from onebox (#14683) 2021-10-22 13:15:46 +02:00
Alan Guo Xiang Tan
6544e3b02a
DEV: Remove useless ordering when searching within a topic. (#14676)
Searching within a topic currently does not make use of PG search and
we're simply doing an `ilike` against the post raw. Furthermore,
`Post#post_number` is already unique within a topic so the other
ordering will never ever be used. This change simply makes the query
cleaner to read.
2021-10-22 10:38:21 +08:00
Alan Guo Xiang Tan
d1201d6188
DEV: Pass topic to TopicView.add_post_custom_fields_allowlister (#14678)
Allows custom fields to be loaded based on the attributes of a topic.
2021-10-22 10:22:09 +08:00
dependabot[bot]
c7703cec2f
Build(deps): Bump zeitwerk from 2.5.0 to 2.5.1 (#14688)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.5.0...v2.5.1)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-22 10:21:50 +08:00
dependabot[bot]
fbced6cd85
Build(deps): Bump image_optim from 0.31.0 to 0.31.1 (#14689)
Bumps [image_optim](https://github.com/toy/image_optim) from 0.31.0 to 0.31.1.
- [Release notes](https://github.com/toy/image_optim/releases)
- [Changelog](https://github.com/toy/image_optim/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/image_optim/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: image_optim
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-22 10:21:33 +08:00
Martin Brennan
fffbb69606
DEV: Remove enable_experimental_image_uploader site setting (#14691)
This setting was already removed in the UI and the DB in
2364626ded,
but I forgot to remove the actual setting from yml.
2021-10-22 09:39:49 +10:00
Martin Brennan
7290a74aa6
DEV: Add new bookmarks:changed app event (#14674)
This new app event will fire whenever a bookmark is created,
edited, or deleted for a post or topic, and replaces these old
app events which had inconsistent APIs:

* page:bookmark-post-toggled
* topic:bookmark-toggled

When the event is triggered, the arguments are in this order:

1. bookmark - The bookmark record created or changed. Will be null
              if the bookmark was deleted.
2. target   - Object with target (post or topic) and targetId (post ID
              or topic ID)
2021-10-22 09:38:02 +10:00
Martin Brennan
2b40049abb
FIX: Remove superfluous topic allowed users on group invite (#14656)
When inviting a group to a topic, there may be members of
the group already in the topic as topic allowed users. These
can be safely removed from the topic, because they are implicitly
allowed in the topic based on their group membership.

Also, this prevents issues with group SMTP emails, which rely
on the topic_allowed_users of the topic to send to and cc's
for emails, and if there are members of the group as topic_allowed_users
then that complicates things and causes odd behaviour.

We also ensure that the OP of the topic is not removed from
the topic_allowed_users when a group they belong to is added,
as it will make it harder to add them back later.
2021-10-22 08:57:51 +10:00
Jeff Wong
6192189fd2
DEV: allow composer option to skip jumping to a post on save (#14675)
* DEV: allow composer option to skip jumping to a post on save

* DEV: refactor js safe access in jump logic

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-10-21 13:46:04 -07:00
Joshua Rosenfeld
61a7fbdd9e
FIX: Correct site setting name (#14686) 2021-10-21 16:32:27 -04:00
Simon Cossar
7eea58ca9e
Update copy of the max_new_accounts_per_registration_ip description to indicate that the setting can be disabled (#14687) 2021-10-21 13:15:04 -07:00
Jarek Radosz
451cd4ec3f
DEV: Fix thor deprecation warning (#14680)
```
Deprecation warning: Thor exit with status 0 on errors. To keep this behavior, you must define `exit_on_failure?` in `DiscourseCLI`
```
2021-10-21 21:01:05 +02:00
Osama Sayegh
70fa67a9e1
FIX: Don't leak unhashed user API keys to redis (#14682)
User API keys (not the same thing as admin API keys) are currently
leaked to redis when rate limits are applied to them since redis is the
backend for rate limits in Discourse and the API keys are included in
the redis keys that are used to track usage of user API keys in the last
24 hours.

This commit stops the leak by using a SHA-256 representation of the user
API key instead of the key itself to form the redis key.

We don't need to manually delete the existing redis keys that contain
unhashed user API keys because they're not long-lived and will be
automatically deleted within 48 hours after this commit is deployed to
your Discourse instance.
2021-10-21 19:43:26 +03:00
Jarek Radosz
3b90d7de66
FIX: 2N+1 sql in admin /api/keys endpoint (#14679) 2021-10-21 17:00:17 +02:00
Penar Musaraj
db53c6b248
UX: Add special case for user search when in a topic (#14669) 2021-10-21 10:34:50 -04:00
Robin Ward
e15bd194fd UX: Sometimes the footer would show up while refreshing a list route
This happens because the state of `canLoadMore` is not cleared as the
refresh occurs, which is enough to make the page think a footer should
be displayed.

No tests here because it's tricky to test refreshing and none of our
existing acceptance tests seem to.
2021-10-21 09:04:27 -04:00
David Taylor
b57b079ff2
DEV: Update discourse-presence plugin to use new PresenceChannel system (#14519)
This removes all custom controllers and redis/messagebus logic from discourse-presence, and replaces it with core's new PresenceChannel system.

All functionality should be retained. This implementation should scale much better to large numbers of users, reduce the number of HTTP requests made by clients, and reduce the volume of messages on the MessageBus.

For more information on PresenceChannel, see 31db8352
2021-10-21 12:42:46 +01:00
Joffrey JAFFEUX
80ec6f09d3
DEV: removes unnecessary caret position code (#14665)
We don't support any browser needing this for very long: https://caniuse.com/?search=selectionStart

I'm keeping some protection so It doesn’t crash but ultimately `element.selectionStart` should be enough.

Im not removing this in the commit, but the `caret_position.js` file seems barely used.
2021-10-21 10:06:31 +02:00
Alan Guo Xiang Tan
a9d6b23802
DEV: Remove code that is no longer valid. (#14657)
The vote post action type was removed in 96aca6d7e6

Follow-up to 96aca6d7e6.
2021-10-21 10:47:22 +08:00
Gavin
f60711488f
UPDATE: correct path to messages (#14668) 2021-10-21 10:47:06 +08:00
dependabot[bot]
f00053e414
Build(deps): Bump zeitwerk from 2.4.2 to 2.5.0 (#14670)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.4.2 to 2.5.0.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.4.2...v2.5.0)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-21 10:46:32 +08:00
Martin Brennan
0f03884375
DEV: Refactor bookmark modal code (#14654)
We had code to open the bookmark modal in two places -- the bookmark
list and also from within a topic. This caused the two code paths to
drift, as in the bookmark list we were not passing in the forTopic or
autoDeletePreferences data into the modal, and we were also not refreshing
the bookmark list when the bookmark was deleted from within the modal.

This commit moves the modal opening code into an importable
function from the controllers/bookmark module, and all callers
have to do is pass it an instance of Bookmark and also options
for what to do for the following:

* onAfterSave
* onAfterDelete
* onCloseWithoutSaving
2021-10-21 09:02:35 +10:00
David Taylor
aac3547cc2
DEV: Update AWS API stub following gem version bump (#14673)
The latest version of the gem doesn't send whitespace in this request body, so we need to update the test stub accordingly
2021-10-20 23:04:08 +01:00
Neil Lalonde
ae91818c19
Version bump to v2.8.0.beta7 (#14667) 2021-10-20 17:29:41 -04:00
David Taylor
010309d108
SECURITY: Improve validation of SNS subscription confirm (#14671)
An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
2021-10-20 22:20:52 +01:00
Osama Sayegh
8fb823c30f
FIX: Make the verbose_auth_token_logging setting off by default (#14664)
The `generate`, `rotate` and `suspicious`  auth token logs are now always logged regardless of the `verbose_auth_token_logging` setting because we rely no these to detect suspicious logins.
2021-10-20 17:20:39 +03:00
Penar Musaraj
1f8939c0f1
FIX: Show search context only in topic routes (#14650) 2021-10-20 09:48:26 -04:00
Penar Musaraj
3e86ec3e4e
FIX: Broken quick search on iPadOS (#14663)
This also reverts back to selecting the search input text when reopening
the search panel.
2021-10-20 09:31:53 -04:00
Joffrey JAFFEUX
c2d4638ee1
DEV: drops jquery usage from wizard-canvas (#14662) 2021-10-20 14:42:06 +02:00
Joffrey JAFFEUX
adb302f801
DEV: drops jquery usage un admin-report-chart (#14661) 2021-10-20 14:28:49 +02:00
Bhanu
ae45c5efb5
Simplification of install Guide (#13716)
* [WIP] Simplification of install Guide

Working with @osioke to simplify a few pain areas of the install guide. 

Still a Work in progress, More changes incoming.

* Update install wording and links

To improve how it reads for a non-technical user looking to start their first Discourse community

* Update community install link

Update community install link to point to the Meta marketplace so more community contributors can help installs

* Copyedit for Branch change from master to main

* Some minor copyedits

Changes references from master to main
Changes a few commands from `apt-get` to just `apt` and from `yum` to `dnf` 
Also added first party reference to yum-cron

Added a small note and steps to perform rebuilds

* Copyedits take #2

more refined details

* Revert community install link and copyedits

Revert community install link, fix typo and add a link to the migration guide

* Remove optional info on maxmind

Remove optional info on maxmind to really simplify the guide and reduce the "yet another thing to configure" issue for self hosters

* fix capitalization

Co-authored-by: Osioke Itseuwa <osioke@users.noreply.github.com>
Co-authored-by: Rishabh <rishabhn@protonmail.com>
2021-10-20 17:41:54 +05:30
Arpit Jalan
1b8feae0bc
FIX: reset sso email and payload when user navigates away (#14658) 2021-10-20 17:21:32 +05:30
Joffrey JAFFEUX
d18e3a45b9
FIX: none row doesn’t have a value, use class to target it (#14659) 2021-10-20 13:07:58 +02:00
dependabot[bot]
020ae3e0ff
Build(deps): Bump racc from 1.5.2 to 1.6.0 (#14652)
Bumps [racc](https://github.com/tenderlove/racc) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/tenderlove/racc/releases)
- [Changelog](https://github.com/ruby/racc/blob/master/ChangeLog)
- [Commits](https://github.com/tenderlove/racc/compare/v1.5.2...v1.6.0)

---
updated-dependencies:
- dependency-name: racc
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-20 12:50:37 +08:00
Alan Guo Xiang Tan
e74e3fa043
FIX: Topic timeline not updating in megatopics. (#14645)
Before this fix, jumping to posts using the topic timeline scrollbar
will not update the counts since the topic scrollarea is not rerendered.

Follow-up to db337b10ee
2021-10-20 11:42:22 +08:00
tshenry
9bc68a5502
DEV: Mark discourse-category-experts official (#14655) 2021-10-19 19:04:54 -07:00
Martin Brennan
ecee9d000b
FEATURE: Allow recovery of deleted small action posts (#14643)
Previously when clicking the Delete button for small action posts
there was no way to recover this post if the action was accidental.
Now if canRecover is true on the post, which it is just after it
is deleted and the post is fetched from the server again, we show
an undo button which calls the recover endpoint for the post.

We also now disallow the editing of the post if it is deleted, and
show the proper deleted red CSS on the small action post when deleted.
2021-10-20 08:13:27 +10:00
Faris Masad
3fbfec06fc Update replit onebox to accept .com 2021-10-19 16:37:33 -04:00
Penar Musaraj
a1daf9fe53
FIX: Do not query backend when searching "in this topic" (#14649) 2021-10-19 13:01:42 -04:00
Discourse Translator Bot
25097fa0af
Update translations (#14648) 2021-10-19 15:23:54 +02:00
Arpit Jalan
d1fc759ac4
FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
Andrei Prigorshnev
b9164d22ee
FEATURE: add a hidden setting that enables using email as a source for username suggestions (#14623)
This is a follow-up to https://github.com/discourse/discourse/pull/14541. This adds a hidden setting for restoring the old behavior for those users who rely on it. We'll likely deprecate this setting at some point in the future.
2021-10-19 14:37:39 +04:00
Joffrey JAFFEUX
a5eba43a65
FIX: only replaces double quotes and uses unicode (#14644)
`’` is actually not converted and doesn’t need to be normalised to `'`
2021-10-19 11:01:46 +02:00
Martin Brennan
d3678f6930
FIX: Do not show recipient user in email participants list (#14642)
This commit removes the recipient's username from the
respond to / participants list that is shown at the bottom
of user notification emails. For example if the recipient's
username was jsmith, and there were participants ljones and
bmiller, we currently show this:

> "reply to this email to respond to jsmith, ljones, bmiller"

or

> "Participants: jsmith, ljones, bmiller"

However this is a bit redundant, as you are not replying to
yourself here if you are the recipient user. So we omit the
recipient user's username from this list, which is only used
in the text of the email and not elsewhere.
2021-10-19 15:26:22 +10:00
Martin Brennan
2364626ded
FEATURE: Change all core to use uppy-image-uploader (#14428)
Instead of using image-uploader, which relies on the old
UploadMixin, we can now use the uppy-image-uploader which
uses the new UppyUploadMixin which is stable enough and
supports both regular XHR uploads and direct S3 uploads,
controlled by a site setting (default to XHR).

At some point it may make sense to rename uppy-image-uploader
back to image-uploader, once we have gone through plugins
etc. and given a bit of deprecation time period.

This commit also fixes `for_private_message`, `for_site_setting`,
and `pasted` flags not being sent via uppy uploads onto the
UploadCreator, both via regular XHR uploads and also through
external/multipart uploads.

The uploaders changed are:

* site setting images
* badge images
* category logo
* category background
* group flair
* profile background
* profile card background
2021-10-19 13:25:42 +10:00
Joshua Rosenfeld
92afa74d92
Mark shared-edits plugin as official (#14639) 2021-10-19 10:38:06 +08:00
Alan Guo Xiang Tan
903a9e1c0d
DEV: Centralize logic for applying order to filtered posts. (#14634)
Instead of leaking ordering of the posts all around the class, we
centralize it in a method making the code easier to understand. In a
future PR, we will also introduce a plugin API to allow custom ordering
and the change in this commit helps to faciliate that.
2021-10-19 10:37:46 +08:00
Martin Brennan
1d131fcaff
FIX: Clarify None Needed option when editing bookmarks (#14633)
This commit makes the following change to the Edit Bookmark
modal window for clarity:

* If the user is editing an existing bookmark without a reminder set,
hide the "none needed" option. This will draw more attention to the
delete button.
* If the user is editing an existing bookmark with a reminder set for the
future, change the "none needed" option to say "remove reminder, keep bookmark"

To do this, I needed to provide an option to override the labels
for time shortcuts in certain cases, so I could keep the NONE shortcut
but have the different wording.
2021-10-19 10:32:20 +10:00