Commit Graph

1936 Commits

Author SHA1 Message Date
Penar Musaraj
30cda1761d
UX: Better composer hyperlink modal (#8160) 2019-10-08 16:19:07 -04:00
Dan Ungureanu
fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor
d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Robin Ward
f5d391a48a
REFACTOR: Move app-events:main to service:app-events (#8152)
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.

In the future we should also deprecate `this.appEvents` without an
explicit injection too.
2019-10-04 10:06:08 -04:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Joffrey JAFFEUX
0b93f1239b
DEV: attempts to make date-time-input-range test more reliable (#8126) 2019-10-02 02:12:36 +02:00
Joffrey JAFFEUX
b4d42d1151
DEV: removes memory profiling from qunit tests (#8120)
Most of the work on it has been done and it's un-necessary work for now.
2019-10-01 22:17:53 +02:00
Joffrey JAFFEUX
4aefe589de
DEV: rake qunit:test was crashing on macOS due to a flag (#8119)
flag: --disable-software-rasterizer
2019-10-01 20:40:48 +02:00
Kyle Zhao
fb200e3055 FIX: Escape $ in translations before interpolating (#8100)
The dollar sign (`$`) is a special replace pattern, and `$&` inserts the
matched string. Thus dollars signs need to be escaped with the special
pattern `$$`, which inserts a single `$`.
2019-09-16 13:52:49 -04:00
Penar Musaraj
1de5d10f61 DEV: Fix Prettier 2019-09-16 11:36:27 -04:00
Penar Musaraj
6debd72c6c DEV: Add qunit test for emojis in search blurbs
Followup to cf230163
2019-09-16 11:25:55 -04:00
Kyle Zhao
f0f03acb2c FIX: Do not escape fancy_title again. (#8095)
`fancy_title` is already escaped by Rails. Escaping it again would print
the HTML entity as-is, e.g. `"` instead of `"`.

This fixes the issue by introducing a new `escapedContent` attribute on
the `QuickAccessItem` widget.
2019-09-13 10:04:14 -04:00
Jarek Radosz
1dcdcb5c31
FIX: Cast all numerical values in reports (#8087)
* FIX: Cast all numerical values in reports

The backend can return some numerical values in report as strings. That results in unexpected order of values when sorting report tables.

* Create `toNumber()` helper

The `typeof` and `parseFloat` seem to be the fastest path: https://jsperf.com/number-vs-typeof-vs-parsefloat#results
2019-09-12 15:17:34 +02:00
Dan Ungureanu
8b2c272f04
UX: Use medium format for displaying time in post notices. (#8074) 2019-09-11 13:00:53 +03:00
Kyle Zhao
9b10a78d82 FEATURE: Quick access panels in user menu (#8073)
* Extract QuickAccessPanel from UserNotifications.

* FEATURE: Quick access panels in user menu.

This feature adds quick access panels for bookmarks and personal
messages. It allows uses to browse recent items directly in the user
menu, without being redirected to the full pages.

* REFACTOR: Use QuickAccessItem for messages.

Reusing `DefaultNotificationItem` feels nice but it actually requires a
lot of extra work that is not needed for a quick access item.

Also, `DefaultNotificationItem` shows an incorrect tooptip ("unread
private message"), and it is not trivial to remove / override that.

* Use a plain JS object instead.

An Ember object was required when `DefaultNotificationItem` was used.

* Prefix instead suffix `_` for private helpers.

* Set to null instead of deleting object keys.

JavaScript engines can optimize object property access based on the
object’s shape. https://mathiasbynens.be/notes/shapes-ics

* Change trivial try/catch to one-liners.

* Return the promise in case needs to be waited on.

* Refactor showAll to a link with href

* Store `emptyStatePlaceholderItemText` in state.

* Store items in Session singleton instead.

We can drop `staleItems` (and `findStaleItems`) altogether. Because
`(old) items === staleItems` when switching back to a quick access
panel.

* Add `limit` parameter to the `user_actions` API.

* Explicitly import Session instead.
2019-09-09 11:03:57 -04:00
Penar Musaraj
4d6eacac5c FIX: close user card after clicking Message button
This was primarily an issue on mobile, where after clicking the "Messsage" button in the user card, the composer would load behind the user card overlay.
2019-08-30 13:40:12 -04:00
David Taylor
f2331ef07f
DEV: Stop serializing user_auth_token_logs (#8043)
These are no longer used in the user interface
2019-08-27 13:07:03 +01:00
Joffrey JAFFEUX
08e7211d7d
DEV: attempts to fix an heisentest in date-time-input-range (#8017) 2019-08-19 12:39:30 +02:00
Joffrey JAFFEUX
936d4ce17a
FEATURE: favorites emojis will also show in composer autocomplete (#8011) 2019-08-16 11:47:03 +02:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Bianca Nenciu
ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
Bianca Nenciu
37e7998a82
FEATURE: Send notification when member was accepted to group. (#7614) 2019-08-06 13:29:46 +03:00
Sam Saffron
f780920759 FEATURE: mention in secure category to prioritize groups
This feature allows @ mentions to prioritize showing members of a group who
have explicit permission to a category.

This makes it far easier to @ mention group member when composing topics in
categories where only the group has access.

For example:

If Sam, Jane an Joan have access to bugs category.

Then `@` will auto complete to (jane,joan,sam) ordered on last seen at

This feature works on new topics and existing topics. There is an explicit
exclusion of trust level 0,1,2 groups cause they get too big.
2019-08-06 17:57:56 +10:00
David Taylor
06e757245f FEATURE: Add a test facility to the watched words admin interface 2019-08-02 15:29:12 +01:00
David Taylor
39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Robin Ward
f57fdee2f6 FIX: Modal onClose was being called repeatedly
This happened because the modal controller was not clearing the `name`
attribute, which is used for looking up the controller to call `onClose`
on.

Every page navigation would call the method over and over, breaking
state in odd ways.
2019-08-01 15:42:43 -04:00
David Taylor
d4acd35466
FEATURE: Sync unread state live to topic lists (#7933) 2019-07-29 10:28:42 +01:00
Guo Xiang Tan
49d9557337 Revert commit that was pushed by mistake.
This reverts commit c7516c42e9.
2019-07-29 11:04:38 +08:00
Guo Xiang Tan
c7516c42e9 Revert "FIX: reverts #18e2816 (#7940)"
This reverts commit c7b146cbdf.
2019-07-29 09:18:53 +08:00
David Taylor
4f1382a54a FIX: Hide live-loaded posts from ignored users 2019-07-25 12:01:29 +01:00
Joffrey JAFFEUX
460d431621
DEV: uses ember-cli recommended chrome flags (#7939) 2019-07-25 11:38:05 +02:00
Joffrey JAFFEUX
c7b146cbdf
FIX: reverts #18e2816 (#7940) 2019-07-25 11:14:23 +02:00
Joffrey JAFFEUX
c1d2fb115c
DEV: prevents staff computed property to be overridden (#7931) 2019-07-24 22:01:08 +02:00
Osama Sayegh
5fc5a7f5ae FEATURE: Add search operator to see all direct messages from a user (#7913)
* FEATURE: Add search operator to see all direct messages from a user

* Only show message if related messages >= 5

* Make "all messages" the hyperlink

* Review
2019-07-22 10:55:49 -04:00
Roman Rizzi
eb26bee046
DEV: group_list site settings should store IDs instead of group names (#7860)
* DEV: group_list site settings should store IDs instead of group names

* Ship site setting to know when we should migrate group_list settings

* Migrate existing group_list site settings

* Bump migration timestamp and don't set null when migrating is not possible.
2019-07-19 15:17:58 -03:00
Robin Ward
8dd3cbfcb9
FEATURE: Allow choice of category when making a PM public (#7907)
* FEATURE: Allow choice of category when making a PM public

Previously it would default to uncategorized, which was not ideal on
some forums. This gives the staff member more choice about what they'd
like to do.

* Make the optional category more explicit

* Joffrey's feedback
2019-07-19 11:52:50 -04:00
Bianca Nenciu
9f500a4ff4
FIX: Show same username or name for post notices. (#7862) 2019-07-19 11:05:48 +03:00
Joffrey JAFFEUX
95ad4f9077
FEATURE: new date/time components (#7898) 2019-07-18 17:29:41 +02:00
Penar Musaraj
a571efba35
FIX: Rename deprecated icons, allow custom icons in badges
- adds a migration renaming FA4 icon names in badges
- allows all icons to be used in badges (previously was limited to icons prefixed with fa-)
- renames remaining FA 4.7 icons equivalents
2019-07-16 11:13:44 -04:00
Vinoth Kannan
839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Guo Xiang Tan
cbb4af124b Fix the build.
Follow up to 4b0cf7f6dd.
2019-07-15 16:38:54 +08:00
Guo Xiang Tan
4b0cf7f6dd SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:55:50 +08:00
Bianca Nenciu
c4d1833588 FIX: Do not show bootbox if post has no replies. (#7866)
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.

If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.

That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
Vinoth Kannan
1bb258ab49 DEV: use upload short-url in html to markdown conversion if 'base62-sha1' data attr available. 2019-07-05 10:06:41 +05:30
Penar Musaraj
c78634284c UI: when in a different topic context, allow dismissing draft without destroying it
This changes the label and behaviour of the "No, keep" button in the confirmation modal when user cancels a draft while on a different topic. The new button label is "No, save draft", and when clicked, the composer will be dismissed without destroying the draft.
2019-07-04 11:45:57 -04:00
Joffrey JAFFEUX
a60ec00f7a
fix tests (#7853) 2019-07-03 16:32:27 +02:00
Joffrey JAFFEUX
d521959768
DEV: simpler report page test (#7851) 2019-07-03 16:08:48 +02:00
Joffrey JAFFEUX
f9f1df7611
DEV: prevents reports key to be time dependant when testing (#7850) 2019-07-03 15:43:01 +02:00
Bianca Nenciu
bfdf740a05 FIX: Show 'Export' button for all tabular reports. (#7838) 2019-07-03 14:47:36 +02:00
Joffrey JAFFEUX
1c6bb8748b
fix tests (#7849) 2019-07-03 13:45:03 +02:00