Commit Graph

42780 Commits

Author SHA1 Message Date
dependabot[bot]
d43c538b58
Build(deps): Bump loofah from 2.10.0 to 2.11.0 (#13909)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-02 00:46:25 +02:00
Kris
00820f0fad
UX: History controls should use nav-pill styles (#13904) 2021-07-30 19:52:15 -04:00
Rafael dos Santos Silva
d2ab5ab53f
FIX: Better composer placeholder handling during media optimization (#13907) 2021-07-30 18:46:55 -03:00
1resu
c640eee512 Update .ruby-version.sample
...to match the recommended Ruby version
2021-07-30 14:42:14 -04:00
Jean
ac777440fd
FIX: Validate value of custom dropdown user fields - dropdowns and multiple selects (#13890) 2021-07-30 13:50:47 -04:00
jbrw
2f28ba318c
FEATURE: Onebox can match engines based on the content_type (#13876)
* FEATURE: Onebox can match engines based on the content_type

`FinalDestination` now returns the `content_type` of a resolved URL.

`Oneboxer` passes this value to `Onebox` itself. Onebox engines can now specify a `matches_content_type` regex of content_types that the engine can handle, regardless of the URL.

`ImageOnebox` will match URLs with a content type of `image/png`, `jpg`, `gif`, `bmp`, `tif`, etc.

This will allow images that exist at a URL without a file type extension to be correctly rendered, assuming a valid `content_type` is returned.
2021-07-30 13:36:30 -04:00
Andrei Prigorshnev
f0d048b42a
DEV: don't swallow a promise from group.findMembers method and switch to using async/await (#13888) 2021-07-30 21:00:34 +04:00
Jarek Radosz
f740c1a952
DEV: Clear all navItem information between tests (#13903)
Expands the original `clearCustomNavItemHref` from #13025. Fixes issues with discourse-assign tests.
2021-07-30 18:05:04 +02:00
David Taylor
0ac2cfa68c
DEV: Add GeoList2-ASN.mmdb and .bundle to .gitignore (#13902)
- `GeoList2-ASN.mmdb` is one of the MaxMind databases we use for geolocation
- `.bundle/` is created when you run something like `bundle config set --local ...`
2021-07-30 16:17:55 +01:00
David Taylor
ccf1cd0ca6
UX: Improve copy when a group member search returns no results (#13899)
Previously it would say "There are no members in this group". Now it says "No members match that search."

https://meta.discourse.org/t/group-username-search-empty-search-message-is-wrong/198609
2021-07-30 11:40:21 +01:00
Discourse Translator Bot
0c422cff1e
Update translations (#13898) 2021-07-30 11:30:10 +02:00
Gerhard Schlager
a37b5b177b
FIX: Remapping of uploads could fail during restore of backup (#13897)
Sidekiq should be paused until the end of the restore, otherwise it might interfere (deadlock) with the remap of upload URLs in posts.
2021-07-30 11:25:28 +02:00
Bianca Nenciu
531dbc5e6a
FIX: Do not offer to save draft if invalid (#13863)
An invalid draft is the draft of a topic with a short title or body.
The client does not save these, but it will ask the client if they want
to save it. Even if the answer is 'yes', the draft is discarded. This
commit skips Save button for small drafts.
2021-07-30 10:43:09 +03:00
Alan Guo Xiang Tan
849827841f Revert "DEV: Move private message topic tracking state publish into sidekiq."
This reverts commit c51c80466c.

There is a conditional in post jobs enqueuer that only enqueues the job
for non-PM posts.
2021-07-30 11:36:01 +08:00
Alan Guo Xiang Tan
5633c40e50 DEV: Bump client side plugin-api version.
Follow-up to  91456ad2cb
2021-07-30 10:12:16 +08:00
Alan Guo Xiang Tan
5a47b351ac DEV: Remove ember export which has long been deprecated. 2021-07-30 09:39:31 +08:00
dependabot[bot]
4cd388e84f Build(deps): Bump puma from 5.3.2 to 5.4.0
Bumps [puma](https://github.com/puma/puma) from 5.3.2 to 5.4.0.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.3.2...v5.4.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-30 09:34:31 +08:00
Blake Erickson
1c60be7658
DEV: Document anonymize user api endpoint (#13893)
Adding the anonymize user endpoint to the api docs.

See: https://meta.discourse.org/t/158704/7
2021-07-29 17:40:41 -06:00
Kris
200a75e4b6
re-show excerpts on bookmark page (#13892) 2021-07-29 18:50:58 -04:00
Kris
668272387d
UX: use share modal in dominating topic msg (#13837) 2021-07-29 16:36:02 -04:00
Mark VanLandingham
c51b39302c
FIX: Typu in intercept-click (#13889) 2021-07-29 15:15:10 -05:00
Mark VanLandingham
91456ad2cb
DEV: Plugin API to add card listener elements (#13887) 2021-07-29 14:25:10 -05:00
Kris
a049b8f596
UX: User bookmark page style adjustments (#13869) 2021-07-29 12:11:15 -04:00
David Taylor
1e66e4602f
UX: Update styling of readonly values in signup form (#13886)
During some authentication flows (e.g. external auth with validated emails), some fields on the signup form are readonly. Previously, they were rendered in a simple `<span>`, with no associated label. This commit makes them render in a disabled `<input>` field, so that the styling matches the rest of the form.

A subtle background is added to the disabled input to distinguish them from editable inputs.
2021-07-29 09:19:44 -05:00
Bianca Nenciu
300db3d3fa
FIX: Update draft count after creating a post (#13884)
When a post is created, the draft sequence is increased and then older
drafts are automatically executing a raw SQL query. This skipped the
Draft model callbacks and did not update user's draft count.

I fixed another problem related to a raw SQL query from Draft.cleanup!
method.
2021-07-29 17:06:11 +03:00
David Taylor
9b8c4d4790
FIX: Add users-directory-controls outlet to mobile template (#13883)
This outlet was added to the desktop template in e1175f9f
2021-07-29 14:40:36 +01:00
Joffrey JAFFEUX
74f0631acd
FIX: allows authentication data to be present in bootstrap (#13885) 2021-07-29 15:01:11 +02:00
Alan Guo Xiang Tan
2b5625bbf0
FIX: Avoid creating a post revision when topic tags have not changed. (#13881)
Co-authored-by: jmperez127 <jmperez127@gmail.com>
2021-07-29 08:14:25 -04:00
David Taylor
c94879ea43 DEV: Remove incorrect method descriptions
These do not accurately describe the methods. They were likely copy/pasted from another controller.
2021-07-29 18:23:56 +08:00
Alan Guo Xiang Tan
c51c80466c DEV: Move private message topic tracking state publish into sidekiq.
Same intend as b1f32f2f57.
2021-07-29 14:57:19 +08:00
Alan Guo Xiang Tan
543a2d70b2 FIX: PM tags route should work for usernames with a period. 2021-07-29 13:54:29 +08:00
dependabot[bot]
4dc5452682 Build(deps): Bump redis from 4.3.1 to 4.4.0
Bumps [redis](https://github.com/redis/redis-rb) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/redis/redis-rb/releases)
- [Changelog](https://github.com/redis/redis-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/redis-rb/compare/v4.3.1...v4.4.0)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-29 13:29:30 +08:00
Alan Guo Xiang Tan
8775191cf3 Revert "DEV: suppress assets logs from qunit tests (#13871)"
This reverts commit 1b649016d9.

Test is failing with the following message:

```
navigate to  http://localhost:60099/qunit?hidepassed=1&seed=312984199721107128645754962579661839397&qunit_disable_auto_start=1
2021-07-29T02:57:13.303Z - (type: network/error) message: Failed to load resource: the server responded with a status of 403 (Forbidden), url: http://localhost:60099/extra-locales/admin?v=eeeea38a700966a1a7fb600b23f3a222
2021-07-29T02:57:43.823Z - (type: network/error) message: Failed to load resource: net::ERR_EMPTY_RESPONSE, url: http://localhost:60099/assets/discourse/tests/test_helper.js
ReferenceError: define is not defined
    at eval (discourse/tests/acceptance/about-test:1:1)
    at http://localhost:60099/assets/discourse/tests/core_plugins_tests.js:1:1
ReferenceError: require is not defined
    at eval (discourse/tests/test_starter:5:24)
    at http://localhost:60099/assets/discourse/tests/test_starter.js:1:1
2021-07-29T02:57:43.891Z - (type: network/error) message: Failed to load resource: the server responded with a status of 403 (Forbidden), url: http://localhost:60099/extra-locales/admin?v=eeeea38a700966a1a7fb600b23f3a222

Tests timed out
```
2021-07-29 13:28:24 +08:00
Dan Ungureanu
823c3f09d4
FIX: Reduce input of to_tsvector to follow limits (#13806)
Long posts may have `cooked` fields that produce tsvectors longer than
the maximum size of 1MiB (1,048,576 bytes). This commit uses just the
first million characters of the scrubbed cooked text for indexing.

Reducing the size to exactly 1MB (1_048_576) is not sufficient because
sometimes the output tsvector may be longer than the input and this
gives us some breathing room.
2021-07-28 18:25:14 +03:00
Joffrey JAFFEUX
b673fee946
DEV: resets user search cache between tests (#13873)
The current behaviour was producing random tests failures which where consistently reproducible using `seed=32037592518471299633729129648744282271`

The cause of this error, is a previous test not giving any topicId or categoryId resulting in a cache key "undefined-undefined", just like a possibly previous test. Reseting cache between tests, seems the most straightforward and future proof solution
2021-07-28 15:32:49 +02:00
Alan Guo Xiang Tan
2818ebd19f DEV: Avoid duplication of gems in gemfile.
Follow-up to 08c6a7679d
2021-07-28 21:23:15 +08:00
Joffrey JAFFEUX
1b649016d9
DEV: suppress assets logs from qunit tests (#13871)
Partially reverts: 956f849250

Note that this way of running tests will soon be deprecated in favor of `ember test` and this shouldn’t matter anymore.
2021-07-28 14:27:45 +02:00
Andrei Prigorshnev
5a2ad7e386
DEV: remove calls to guardian from GroupActionLogger (#13835)
We shouldn't be checking if a user is allowed to do an action in the logger. We should be checking it just before we perform the action. In fact, guardians in the logger can make things even worse in case of a security bug. Let's say we forgot to check user's permissions before performing some action, but we still have a call to the guardian in the logger. In this case, a user would perform the action anyway, and this action wouldn't even be logged!

I've checked all cases and I confirm that we're safe to delete this calls from the logger.

I've added two calls to guardians in admin/user_controller. We didn't have security bugs there, because regular users can't access admin/... routes at all. But it's good to have calls to guardian in these methods anyway, neighboring methods have them.
2021-07-28 15:04:04 +04:00
Alan Guo Xiang Tan
32951ca2f4 FIX: User can change name when auth_overrides_name is enabled. 2021-07-28 14:40:57 +08:00
awesomerobot
343ea81ac3 UX: Remove theme-specific css, fix space 2021-07-28 09:34:33 +08:00
Martin Brennan
84e77e9078
FIX: Remove additional setting check for uppy-upload (#13867)
Because the enable_s3_uploads setting may be false for
some sites but GlobalSetting.use_s3? is true, we need to
remove this additional check in uppy-upload. The hidden
enable_direct_s3_uploads setting is sufficient.
2021-07-28 11:26:09 +10:00
dependabot[bot]
53b33a3a7c
Build(deps): Bump globalid from 0.4.2 to 0.5.1 (#13866)
Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 0.5.1.
- [Release notes](https://github.com/rails/globalid/releases)
- [Commits](https://github.com/rails/globalid/compare/v0.4.2...v0.5.1)

---
updated-dependencies:
- dependency-name: globalid
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-28 00:44:06 +02:00
dependabot[bot]
dfb5a244cb
Build(deps): Bump css_parser from 1.9.0 to 1.10.0 (#13865)
Bumps [css_parser](https://github.com/premailer/css_parser) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/premailer/css_parser/releases)
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/premailer/css_parser/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: css_parser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-28 00:43:23 +02:00
Martin Brennan
b500949ef6
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)
This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads`  settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader.

A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. 

### Starting a direct S3 upload

When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded.

Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage.

### Completing a direct S3 upload

Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`.

1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this.

2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues.

    We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large.

3. Finally we return the serialized upload record back to the client

There are several errors that could happen that are handled by `UploadsController` as well.

Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-28 08:42:25 +10:00
Gerhard Schlager
4a37612fd5
FIX: Changing the post owner didn't update the reply_to_user_id of replies (#13862) 2021-07-27 20:49:08 +02:00
Andrew Schleifer
461cb96532 use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
Discourse Translator Bot
e951cb9aef
Update translations (#13860) 2021-07-27 15:24:03 +02:00
Joffrey JAFFEUX
8ded33c411
DEV: prevents badges tests to log 404 (#13859) 2021-07-27 14:46:49 +02:00
Joffrey JAFFEUX
cdeaddbbb6
DEV: referencing global exists is deprecated (#13857) 2021-07-27 14:42:36 +02:00
Joffrey JAFFEUX
32d0467881
DEV: avoids using document.write (#13858)
It doesn’t provide much than just avoiding some logs in tests. I didn't change test_starter as it's going to be removed at some point.
2021-07-27 14:42:21 +02:00