Commit Graph

47191 Commits

Author SHA1 Message Date
Martin Brennan
73803cf8f7
Revert "Version bump to v2.9.0.beta13 (#19210)" (#19211)
This reverts commit a71f6cf09b.

The github UI had an error I didn't notice which resulted
in a security commit being merged _after_ the bump, now
I have to redo the bump.
2022-11-28 10:57:06 +10:00
Martin Brennan
3de765c895
SECURITY: Limit chat message char length (#19207)
Only allow maximum of 6000 characters for chat messages when they
are created or edited. A hidden setting can control this limit,
6000 is the default.

There is also a migration here to truncate any existing messages to
6000 characters if the message is already over that and if the
chat_messages table exists. We also set cooked_version to NULL
for those messages so we can identify them for rebake.
2022-11-28 10:48:30 +10:00
Martin Brennan
a71f6cf09b
Version bump to v2.9.0.beta13 (#19210) 2022-11-28 10:44:25 +10:00
Martin Brennan
c6ee28ec75
SECURITY: Hide notifications for inaccessible topics (#19208)
Filter notifications the user cannot see anymore
via guardian.can_see_topic_ids
2022-11-28 10:41:57 +10:00
dependabot[bot]
6335b2c7ba
Build(deps): Bump parser from 3.1.2.1 to 3.1.3.0 (#19206)
Bumps [parser](https://github.com/whitequark/parser) from 3.1.2.1 to 3.1.3.0.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v3.1.2.1...v3.1.3.0)

---
updated-dependencies:
- dependency-name: parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-28 08:08:47 +08:00
dependabot[bot]
3b87825235
Build(deps): Bump bootsnap from 1.14.0 to 1.15.0 (#19203)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-28 05:46:11 +08:00
dependabot[bot]
b0065e2873
Build(deps): Bump jmespath from 1.6.1 to 1.6.2 (#19205)
Bumps [jmespath](https://github.com/trevorrowe/jmespath.rb) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/trevorrowe/jmespath.rb/releases)
- [Changelog](https://github.com/jmespath/jmespath.rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trevorrowe/jmespath.rb/compare/v1.6.1...v1.6.2)

---
updated-dependencies:
- dependency-name: jmespath
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-27 22:37:17 +01:00
dependabot[bot]
a4e1b644d7
Build(deps): Bump image_optim from 0.31.1 to 0.31.2 (#19204)
Bumps [image_optim](https://github.com/toy/image_optim) from 0.31.1 to 0.31.2.
- [Release notes](https://github.com/toy/image_optim/releases)
- [Changelog](https://github.com/toy/image_optim/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/image_optim/compare/v0.31.1...v0.31.2)

---
updated-dependencies:
- dependency-name: image_optim
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-27 22:22:04 +01:00
Joffrey JAFFEUX
b032115506
DEV: removes select-kit deprecation (#19200) 2022-11-26 15:17:43 +01:00
Joffrey JAFFEUX
637fb9831b
FIX: ensures chat sidebar is present when core sidebar is disabled (#19197) 2022-11-25 19:28:10 +01:00
Joffrey JAFFEUX
34f4d51238
FIX: prevents drawer error when resizing core composer (#19195)
The drawer is registering events which are expecting the drawer to always be present which was not the case anymore. A previous refactor also changed this component to be tagless.
2022-11-25 18:33:54 +01:00
Joffrey JAFFEUX
9ade68233c
UX: alters chat icon behavior on drawer and mobile (#19192)
Refines the behavior of clicking the chat icon in mobile and when in drawer mode as follows: If chat is open, clicking the icon takes you to the index.
2022-11-25 15:12:32 +01:00
Rafael dos Santos Silva
90411540c7
FIX: Use correct Regexp flag to ignore case (#19184)
Ruby 3.2 started enforcing valid string flags in Regexp constructor.
2022-11-25 10:56:59 -03:00
Joffrey JAFFEUX
84c1cc70d6
REFACTOR: naming and state refactor (#19187)
- better handling of drawer state using chat state manager
- removes various float and topic occurrences to use drawer
- ensures user can chat before doing a lot of chat setup
- fixes a bug which was creating presence errors in tests
- removes dead code
2022-11-25 14:15:38 +01:00
Martin Brennan
cad2fe6089
FIX: Push category hashtag slug match to top (#19174)
When searching for categories it is possible for
a child category to have a slug that matches the term
exactly, but will not be found by .lookup since we
don't return these categories unless the ref matches
parent:child.

Introduces a search_sort method to each hashtag data
source so they can provide their custom sort logic of
results, in category's case putting all matching slugs
to the top regardless of parent/child relationship
then sorting by text.
2022-11-25 15:28:49 +10:00
Krzysztof Kotlarek
5b6604f5a7
FEATURE: sidebar for narrow desktop screen (#19160)
When desktop screen is narrow like < 1100px, sidebar should behave similarly to mobile version.
2022-11-25 15:33:26 +11:00
Alan Guo Xiang Tan
20715cd7f0
DEV: Refactor messages code to use user.groupsWithMessages function (#19189)
Simplifies the template since we have one less conditional and one less
level of nesting
2022-11-25 11:23:50 +08:00
Martin Brennan
bbcb69461f
FIX: Existing users were mistakenly unable to redeem invite (#19191)
Follow up to 40e8912395

In this previous commit I introduced a bug that prevented
a legitimate case for an existing user to redeem an invite,
where the email/domain were both blank and the invite was
still redeemable by the user. Fixes the issue and adds more
specs for that case.
2022-11-25 11:57:04 +10:00
Sam
755ca0fcbb
PERF: stop downloading images from post processor and lean on uploads
Previously we would unconditionally fetch all images via HTTP to grab
original sizing from cooked post processor in 2 different spots.

This was wasteful as we already calculate and cache this info in upload records.

This also simplifies some specs and reduces use of mocks.
2022-11-25 12:40:31 +11:00
Alan Guo Xiang Tan
45f3e9f19e
DEV: Publish reviewable claimed topic message to groups instead of users (#19188)
I'm hesitant to call this a performance improvement since claiming a
reviewable is probably rare. However, this commit cuts out two DB
queries each time we have to publish a reviewable claimed message. More
importantly, publishing to groups scales much better than publishing to
users because we esstentially cap the number ids we have to load into
memory.
2022-11-25 08:07:29 +08:00
Osama Sayegh
498fa14347
UX: Show educational messages for the likes tab when it's empty (#19180)
This commit adds some content to educate the user about the likes tab in the user menu when it's blank.
Internal topic: t/76879.
2022-11-24 22:13:21 +03:00
David Taylor
abe2813789
DEV: Add useful error message for hbs register_asset (#19185)
This hasn't been necessary for many years, and is no longer supported following 84bec1cb. Only extremely old plugins might be trying to do this. All the affected open-source plugins I can find have already been updated.
2022-11-24 19:03:06 +00:00
dependabot[bot]
c4fdc48164
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#19170)
Bumps [@embroider/test-setup](https://github.com/embroider-build/embroider/tree/HEAD/packages/test-setup) from 1.8.3 to 2.0.0.
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/test-setup)

---
updated-dependencies:
- dependency-name: "@embroider/test-setup"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-24 17:59:18 +01:00
dependabot[bot]
38123228fc
Build(deps): Bump terser in /app/assets/javascripts (#19183)
Bumps [terser](https://github.com/terser/terser) from 5.15.1 to 5.16.0.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/commits)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-24 17:32:18 +01:00
Jarek Radosz
57a573eee3
DEV: Update terser (#19109)
The `decodedMap` prop comes from https://github.com/terser/terser/pull/1190

> This also exposes a new `decodedMap` property on the result object. Decoded maps are free to create (it's a shallow clone of the `GenMapping` instance), and passing them to `@jridgewell/trace-mapping` is copy-free. With Babel [recently](https://github.com/babel/babel/pull/14497) adding a `decodedMap` field, a dev could pass from the Babel transpilation to Terser without any added memory use for sourcemaps.
2022-11-24 17:15:46 +01:00
Selase Krakani
767e8ec730
FIX: Pass period filter to plugin outlet (#19182)
Pass period filter to `admin-dashboard-moderation-bottom` plugin outlet.

This allows plugins to render period filtered moderation data/report
2022-11-24 15:40:02 +00:00
David Taylor
aac3f15236
DEV: Add hint about Rails-generated <head> to ember-cli HTML (#19181) 2022-11-24 15:31:10 +00:00
Andrei Prigorshnev
6357a3ce33
FEATURE: User Status API (#19149)
This adds API scope for the user status. This also adds a get method to the user status controller. We didn't need a dedicated method that returns status before because the server returns status with user objects, but I think we need to provide this method for API clients.
2022-11-24 19:16:28 +04:00
Gerhard Schlager
9e42473af4
FEATURE: Allow setting default_enabled for badges (#19178)
Otherwise setting `enabled` in `Badge.seed` will always overwrite changes by admins.
2022-11-24 13:44:26 +01:00
David Taylor
84bec1cbae
DEV: Cleanup legacy asset compilation gems and code (#19177)
We now use Ember CLI (core/plugins) and DiscourseJSProcessor (themes) for all Ember and template compilation. This commit removes the remnants of the legacy Sprockets-based Ember compilation system.

Sprockets, and its DiscourseJSProcess-based Babel transformations, is still in use for a few assets. Ideally that will be removed/replaced in the near future.
2022-11-24 12:13:59 +00:00
David Taylor
174a8b431b
DEV: Support passing relative URLs CSP builder (#19176)
Raw paths like `/test/path` are not supported natively in the CSP. This commit prepends the site's base URL to these paths. This allows plugins to add 'local' assets to the CSP without needing to hardcode the site's hostname.
2022-11-24 11:27:47 +00:00
Martin Brennan
a34838d671
FIX: Minor hashtag autocomplete fixes (#19173)
* Do not search category name when searching channels to avoid
  confusing results
* Overflow text in autocomplete menu with ... if it is too long
* Make autocomplete menu less height
2022-11-24 15:45:13 +11:00
Osama Sayegh
65f57a4d05
DEV: Explicitly define primary_email_verified? method for managed authenticators (#19127)
We're going to change the default return value of the `primary_email_verified?` method of `Auth::ManagedAuthenticator` to false, so we need to explicitly define the method on authenticators to return true where it makes sense to do so.

Internal topic: t/82084.
2022-11-24 06:46:06 +03:00
Martin Brennan
274b21663e
FIX: Experimental hashtag search result matching and limit fixes (#19144)
This changes the hashtag search to first do a lookup to find
results where the slug exactly matches the
search term. Now when we search for hashtags, the
exact matches will be found first and put at the top of
the results.

`ChatChannelFetcher` has also been modified here to allow
for more options for performance -- we do not need to
query DM channels for secured IDs when looking up or searching
channels for hashtags, since they should never show in
results there (they have no slugs). Nor do we need to include
the channel archive records.

Also changes the limit of hashtag results to 20 by default
with a hidden site setting, and makes it so the scroll for the
results is overflowed.
2022-11-24 10:07:59 +10:00
Kris
6b7bdc991d
UX: improve mention styling, simplify (#19169)
* UX: improve mention styling, simplify

* revert default
2022-11-24 09:35:57 +11:00
Alan Guo Xiang Tan
470b8b8984
DEV: Simplifying rendering of secondary nav links for group inbox (#19164)
Also run user private messages page tests against redesign user page nav
2022-11-24 05:07:41 +08:00
Vinoth Kannan
01aa42c4b4
DEV: add spec where missing upload doesn't fail a theme's CSS precompilation (#19075)
In this PR, we're making sure when a theme upload which is used in the theme's CSS is missing it won't break the stylesheet precompilation process. See also: 6ebd2cecda
2022-11-23 14:59:59 -05:00
Bianca Nenciu
eef3532952
DEV: Remove old event preventDefault hack (#19168)
Opening of links in a new tab was difficult because it used a hack to
remove the 'href' attribute and adding it back to prevent the event
taking place instead of calling preventDefault.

This hack is no longer necessary because event handling has been
normalized since it has been implemented (see commit
0221855ba7).
2022-11-23 21:58:40 +02:00
David Taylor
e330a596f5
DEV: Correct plugin-compilation connector template module path (#19165)
Some plugins store their connectors under `{plugin}/assets/javascripts/templates/connectors`, which is read as `templates/connectors` relative to the base of the JS directory. Our connector checking logic was looking for strings including the leading slash (`/templates`), which not be the case here. Instead we can split on `/` and take the last element. This matches the logic we have for themes in https://github.com/discourse/discourse/blob/1dadf4381f/lib/theme_javascript_compiler.rb#L111

This wasn't actually breaking anything, so this is just a housekeeping commit.
2022-11-23 17:57:59 +00:00
David Taylor
890e4f9854
DEV: Update namespaceModules argument name (#19166)
In 1279966f we started namespacing modules based on the plugin's defined name rather than the directory name. This commit updates the argument name to match what we're passing in. This it just a readability change - there is no change in behaviour.
2022-11-23 17:57:28 +00:00
Roman Rizzi
023333a8e5
DEV: Make summary subject logic more explicit (#19167) 2022-11-23 14:29:41 -03:00
Martin Brennan
1dadf4381f
DEV: Fix chat_allowed_groups migration (#19163)
Follow-up to 0c1e5a76ee
2022-11-23 15:28:12 +10:00
Martin Brennan
c9ab270abd
FEATURE: Add descriptions on hover for hashtag search results (#19162)
Adds the description as a title="" attribute on the hashtag
autocomplete search items for tags, categories, and channels.
These descriptions can be seen by the user since they are
able to see the results that are returned by the search via
Guardian checks.
2022-11-23 14:59:00 +10:00
Martin Brennan
34ce8f9915
FIX: Do not click track .hashtag-cooked (#19159)
This makes it so the new hashtags are not tracked,
same as the old ones. Also slight commenting in click-track
to explain mention clicks rejection mechanics.

Also deleted the single acceptance spec
since everything is covered better by the unit spec.
2022-11-23 14:25:28 +10:00
Martin Brennan
0c1e5a76ee
FIX: Set chat_allowed_groups based on chat_enabled setting (#19146)
Sets the chat_allowed_groups to staff (the old default) in the database for
people who already have chat enabled if they did not already change it.
        
The assumption is that most people who this applies to will be
upgrading from a version that has neither of these two PRs (
the other PR being #19116) to a version that has both of these PRs.

So, for existing site with chat enabled who haven’t set groups, we
want to persist the value which is more likely to match what that are
upgrading from (staff).

People who don’t yet have chat enabled should get the new value (TL1
and staff) when they do enable it.

Follow up to 05b740036e
2022-11-23 14:12:54 +10:00
Alan Guo Xiang Tan
5552e257d8
UX: Styling backwards compatibility for old user page navigation (#19161)
While updating all user pages to use the new horizontal, scrollable user
page navigation, we've inadvertently broken the interface for plugins which rely on the
`user-main-nav` plugin outlet to extend the user profile page. Such
plugins usually add a new user profile page with the following
template structure which is copied from Discourse core before the user
page navigation redesign:

```
{{#d-section pageClass="..." class="user-secondary-navigation" scrollTop=false}}
  {{#mobile-nav class="..." desktopClass="action-list nav-stacked"}}
    ...
  {{/mobile-nav}}
{{/d-section}}

<section class="user-content">
  {{outlet}}
</section>
```

This commit seeks to add backwards compatibility in terms of the styling
of the interface such that even if the old template structure is used,
it would not look completely broken.
2022-11-23 11:53:08 +08:00
Martin Brennan
27b7f28739
FIX: Unescape :emoji: in hashtag search results (#19147)
This commit unescapes the :emoji: and expands into
an image within hashtag autocomplete results, and
also makes some style tweaks to make sure the emoji
is not too big.
2022-11-23 13:52:00 +10:00
Jordan Vidrine
34e21525d0
UX: Style adjustments & addition of login button on admin invite page (#19073)
* user field label move
* more user field edits
* invite page adjustments
* caps lock adjustment


Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-11-23 12:06:19 +11:00
dependabot[bot]
072ff72759
Build(deps): Bump engine.io in /app/assets/javascripts (#19151)
Bumps [engine.io](https://github.com/socketio/engine.io) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/engine.io/compare/6.2.0...6.2.1)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-23 08:49:48 +08:00
dependabot[bot]
9f709e5873
Build(deps): Bump eslint-plugin-qunit in /app/assets/javascripts (#19158)
Bumps [eslint-plugin-qunit](https://github.com/platinumazure/eslint-plugin-qunit) from 7.3.2 to 7.3.3.
- [Release notes](https://github.com/platinumazure/eslint-plugin-qunit/releases)
- [Changelog](https://github.com/platinumazure/eslint-plugin-qunit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/platinumazure/eslint-plugin-qunit/compare/v7.3.2...v7.3.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-qunit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-23 08:46:56 +08:00