Commit Graph

55009 Commits

Author SHA1 Message Date
Loïc Guitaut
232503b3df FIX: Render a 404 error on a bad redirect in list controller
When bad data is provided in the URI for redirecting to a category,
Rails raises an `ActionController::Redirecting::UnsafeRedirectError`
error, leading to a 500 error.

This patch catches the exception to render a 404 instead.
2024-06-28 10:42:10 +02:00
Loïc Guitaut
a442eeb0f4 FIX: Don’t raise an error on permalinks with external URL
Currently redirecting to an external URL through a permalink doesn’t
work because Rails raises a
`ActionController::Redirecting::UnsafeRedirectError` error.

This wasn’t the case before we upgraded to Rails 7.0.

This patch fixes the issue by using `allow_other_host: true` on the
redirect.
2024-06-28 10:09:37 +02:00
dependabot[bot]
b9ade92856
Build(deps-dev): Bump sqlite3 from 1.7.3 to 2.0.2 (#27160)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.3 to 2.0.2.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.3...v2.0.2)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 09:32:01 +10:00
dependabot[bot]
e6487aa6c3
Build(deps-dev): Bump qunit-dom from 3.1.2 to 3.2.0 (#27637)
Bumps [qunit-dom](https://github.com/mainmatter/qunit-dom) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/mainmatter/qunit-dom/releases)
- [Commits](https://github.com/mainmatter/qunit-dom/compare/v3.1.2...v3.2.0)

---
updated-dependencies:
- dependency-name: qunit-dom
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 01:10:46 +02:00
Jay Pfaffman
6a5ee0693d
FIX: rescue mmdb download failure (#27556)
* rescue mmdb download failure

If mmdb database fails to download a bootstrap fails. This is a trivial fix for that problem. A more elegant solution might check whether the dataabase was downloaded and provide a helpful error message.

* linting

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-06-28 05:10:14 +08:00
Kris
9ab18ed2e3
UX: fix featured link alignment, hide participants wrapper outside of PMs (#27636) 2024-06-27 13:47:12 -04:00
Jarek Radosz
3ce618e57a
DEV: Update plugin-outlet tests (#27630)
qunit-dom, reformat hbs blocks, use `<template>` where possible
2024-06-27 19:36:55 +02:00
Régis Hanol
57eecbef4b FIX: invalid user locale when accepting group membership
If, for whatever reasons, the user's locale is "blank" and an admin is accepting their group membership request, there will be an error because we're generating posts with the locale of recipient.

In order to fix this, we now use the `user.effective_locale` which takes care of multiple things, including returning the default locale when the user's locale is blank.

Internal ref - t/132347
2024-06-27 19:22:55 +02:00
Régis Hanol
a56321efb5 FIX: topic search order
When using the full page search and filtering down to a specific topic, the sort order was overwritten to by by "post_number".

This was confusing because we allow different type of sort order in the full search page.

This fixes it by only sorting by post_number when there's no "global" sort order defined.

Since the "new topic map" uses the search endpoint behind the scene, this also fixes the "most likes" popup.

Context - https://meta.discourse.org/t/searching-order-seems-to-be-broken-when-searching-in-topic/312303
2024-06-27 18:13:26 +02:00
Kelv
4b111626cb
DEV: Remove invalid content_security_policy_script_src site setting values from DB (#27588)
* DEV: add db migration to filter out invalid csp script source values

* DEV: insert UserHistory row during data migration to track old value for content_security_policy_script_src site setting
2024-06-27 22:17:56 +08:00
Gabriel Grubba
8d28038666
FEATURE: Add WebHookEventsDailyAggregate report page (#27573)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* FEATURE: Add WebHookEventsDailyAggregate report page

Add locales for the new report page
Reorder imports in the report.rb

* DEV: Remove logger line

* FEATURE: Add `auto_insert_none_item` option to `report-filters` components

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-27 10:26:42 -03:00
David Battersby
580bad3c02
FIX: only show relevent chat channel mentions in summary email (#27631)
Chat summary email should only contain mentions that are relevant to the current user.
2024-06-27 15:53:40 +04:00
Régis Hanol
4a6b79dead
FIX: "in posts by" user search (#27628)
When visiting a user profile, and then opening the search, there's an option to filter down by posts made by that user.

When clicking that option, it used to pre-fill the "search bar" with "@<username>" to filter down the search.

This restore this behaviour and add a system spec to ensure it doesn't regress.

Context - https://meta.discourse.org/t/in-posts-by-search-option-does-not-work-when-clicked/312916
2024-06-27 14:20:18 +10:00
Dylan Yang
e92a82aa1d
FIX: update id types in API docs to integers (#27412) 2024-06-26 20:44:39 -06:00
Martin Brennan
cada172981
FIX: Do not capture OAuth user on 2FA page (#27617)
If the `enforce_second_factor_on_external_auth` setting
is disabled and a user logs in with an OAuth method,
they don't automatically get redirected to /preferences/second-factor
on login. However, they can get there manually, and once there
they cannot leave.

This commit fixes the issue and allows them to leave
and also does some refactors to indicate to the client
what login method is used as a followup to
0e1102b332
2024-06-27 10:27:49 +10:00
dependabot[bot]
89df5761ff
Build(deps-dev): Bump puppeteer-core from 22.12.0 to 22.12.1 (#27629)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.12.0 to 22.12.1.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.12.0...puppeteer-core-v22.12.1)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:46:48 +02:00
dependabot[bot]
d99ea68282
Build(deps): Bump google-protobuf from 4.27.1 to 4.27.2 (#27627)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.1 to 4.27.2.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:41:16 +02:00
Jarek Radosz
964f47e795
FIX: Correctly highlight new topic-list-items in glimmer (#27623) 2024-06-26 20:04:33 +02:00
Loïc Guitaut
f58b844f45
Revert "DEV: Upgrade Rails to version 7.1" (#27625)
This reverts commit ce00f83173.
2024-06-26 18:55:05 +02:00
Jean
099cf71bcc
FIX: Topic embedding importer should accept string tags (#27624)
* FIX: Embedding importer should accept string tags
2024-06-26 12:34:55 -04:00
Joffrey JAFFEUX
01e36cbb47
FIX: correctly show validation errors in automation (#27622)
A previous refactor has prevented errors to show correctly. The guilt of the issue is that we were not calling the error variable correctly in the templates.

This commit also adds a spec for this case, and removes the need for `I18n.backend.store_translations` in specs so we don't have to write too much boilerplate each time we write a spec.
2024-06-26 14:09:26 +02:00
Régis Hanol
54a59be617 FEATURE: new 'should_add_email_attachments' plugin modifier
That can be used by plugins to control whether email attachments should be sent.

Internal ref - t/132149
2024-06-26 12:36:35 +02:00
dependabot[bot]
8cfae168d1
Build(deps-dev): Bump @floating-ui/dom from 1.6.5 to 1.6.6 (#27616)
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.5 to 1.6.6.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.6/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 10:34:55 +02:00
Ted Johansson
d892092151
DEV: Add Lefthook command to auto-correct staged files (#27620)
Often when the pre-commit hook is run and reports a problem, I want to follow up by running the auto-correct command of the respective linter, but that means I need to remember what to run. "Let's see. Did prettier need a double-dash before write or not?"

This change adds a lefthook run fix-staged command that runs linter auto-corrects on any staged files.
2024-06-26 16:08:47 +08:00
Ted Johansson
2d41fece43
DEV: Fix flaky system spec with hardcoded username (#27619)
The auto-generated username has a sequence number after it that may be different from the hard-coded one. Use user.username instead.
2024-06-26 16:49:34 +10:00
dependabot[bot]
8be2f0ab70
Build(deps): Bump ember-auto-import from 2.7.3 to 2.7.4 (#27615)
Bumps [ember-auto-import](https://github.com/ef4/ember-auto-import/tree/HEAD/packages/ember-auto-import) from 2.7.3 to 2.7.4.
- [Release notes](https://github.com/ef4/ember-auto-import/releases)
- [Changelog](https://github.com/embroider-build/ember-auto-import/blob/main/packages/ember-auto-import/CHANGELOG.md)
- [Commits](https://github.com/ef4/ember-auto-import/commits/HEAD/packages/ember-auto-import)

---
updated-dependencies:
- dependency-name: ember-auto-import
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 01:35:06 +02:00
dependabot[bot]
adabff2e45
Build(deps-dev): Bump the embroider group with 4 updates (#27614)
Bumps the embroider group with 4 updates: [@embroider/compat](https://github.com/embroider-build/embroider/tree/HEAD/packages/compat), [@embroider/core](https://github.com/embroider-build/embroider/tree/HEAD/packages/core), [@embroider/macros](https://github.com/embroider-build/embroider/tree/HEAD/packages/macros) and [@embroider/webpack](https://github.com/embroider-build/embroider/tree/HEAD/packages/webpack).


Updates `@embroider/compat` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/compat)

Updates `@embroider/core` from 3.4.13 to 3.4.14
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/core)

Updates `@embroider/macros` from 1.16.4 to 1.16.5
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/macros)

Updates `@embroider/webpack` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/webpack)

---
updated-dependencies:
- dependency-name: "@embroider/compat"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/macros"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/webpack"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 01:34:47 +02:00
dependabot[bot]
138e80968e
Build(deps): Bump rexml from 3.3.0 to 3.3.1 (#27613)
Bumps [rexml](https://github.com/ruby/rexml) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: rexml
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 01:00:43 +02:00
Kris
e505a5a1d5
UX: improve categories page subcategory layout (#27612) 2024-06-25 17:37:35 -04:00
PangBo
4e42dc8d60
FIX: invalid path (#27611)
As mentioned here: 
https://meta.discourse.org/t/unable-to-clone-discourses-repo-on-windows/313638/2

The correct filename should be `config-flags-index.hbs`
2024-06-25 22:06:53 +02:00
Kris
be16f2f143
UX: move composer image controls below image (#27610) 2024-06-25 15:51:52 -04:00
Daniel Waterworth
0d6bd5207d
DEV: Indicate whether categories are missing on categories page (#27608) 2024-06-25 13:15:40 -05:00
Gabriel Grubba
f3a89620a1
FEATURE: Add WebHookEventsDailyAggregate (#27542)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* DEV: add test case for job and change job query

* DEV: Change AggregateWebHooksEvents job test name

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-25 13:56:47 -03:00
Jarek Radosz
d7a5defe3c
DEV: Convert topic-dismiss-buttons to glimmer/gjs (#27606) 2024-06-25 16:17:47 +02:00
Discourse Translator Bot
7d4ff77a14
Update translations (#27604) 2024-06-25 15:40:08 +02:00
Jarek Radosz
24d0c3aadf
DEV: Add/use two topic fabricators (#27603)
```rb
Fabricate(:new_reply_topic, count: 1, current_user:)
```

and

```rb
Fabricate(:read_topic, current_user:)
```
2024-06-25 13:47:53 +02:00
Ted Johansson
d63f1826fe
FEATURE: User fields required for existing users - Part 2 (#27172)
We want to allow admins to make new required fields apply to existing users. In order for this to work we need to have a way to make those users fill up the fields on their next page load. This is very similar to how adding a 2FA requirement post-fact works. Users will be redirected to a page where they can fill up the remaining required fields, and until they do that they won't be able to do anything else.
2024-06-25 19:32:18 +08:00
Jan Cernik
867b3822f3
UX: Redirect /faq, /rules, /conduct to /guidelines (#27592) 2024-06-25 08:11:54 -03:00
Jarek Radosz
fd2713e904
FIX: Display new-new selector on glimmer topic list (#27602) 2024-06-25 13:00:13 +02:00
Jan Cernik
a07ddf4ec0
UX: Show chat and message buttons on your own profile (#27600) 2024-06-25 07:52:17 -03:00
pangbo13
c8e65fa673 fix linting 2024-06-25 12:17:22 +02:00
pangbo13
98f7430480 fix: allow staff and direct message enabled groups to create personal chats 2024-06-25 12:17:22 +02:00
Régis Hanol
8ff1efa100 Update app/assets/javascripts/discourse/tests/acceptance/user-status-test.js
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-25 11:55:50 +02:00
Régis Hanol
66fc9bfdda FIX: properly escape user status's title
We didn't escape the "user status" before inserting in in the title of the "user status badge" next to the current user avatar.

This only affects the current user.

Internal ref - t/130332
2024-06-25 11:55:50 +02:00
dependabot[bot]
3e0f36ba5c
Build(deps): Bump irb from 1.13.1 to 1.13.2 (#27596)
Bumps [irb](https://github.com/ruby/irb) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/ruby/irb/releases)
- [Commits](https://github.com/ruby/irb/compare/v1.13.1...v1.13.2)

---
updated-dependencies:
- dependency-name: irb
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 09:45:22 +02:00
dependabot[bot]
79f0924907
Build(deps): Bump reline from 0.5.8 to 0.5.9 (#27597)
Bumps [reline](https://github.com/ruby/reline) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/ruby/reline/releases)
- [Commits](https://github.com/ruby/reline/compare/v0.5.8...v0.5.9)

---
updated-dependencies:
- dependency-name: reline
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 09:45:10 +02:00
dependabot[bot]
44fc93c48f
Build(deps): Bump stringio from 3.1.0 to 3.1.1 (#27595)
Bumps [stringio](https://github.com/ruby/stringio) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ruby/stringio/releases)
- [Changelog](https://github.com/ruby/stringio/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/stringio/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: stringio
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 09:44:44 +02:00
Martin Brennan
a128ce5c4c
FIX: Missing multipart/mixed boundary on emails (#27599)
Followup 96a0781bc1

When sending emails where secure uploads is enabled
and secure_uploads_allow_embed_images_in_emails is
true, we attach the images to the email, and we
do some munging with the final email so the structure
of the MIME parts looks like this:

```
multipart/mixed
  multipart/alternative
    text/plain
    text/html
  image/jpeg
  image/jpeg
  image/png
```

However, we were not specifying the `boundary` of the
`multipart/mixed` main content-type of the email, so
sometimes the email would come through appearing to
have an empty body with the entire thing attached as
one attachment, and some mail parsers considered the
entire email as the "epilogue" and/or "preamble".

This commit fixes the issue by specifying the boundary
in the content-type header per https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html
2024-06-25 13:43:10 +10:00
Ella E
aa8773e659
UX: Use 'moderators' instead of 'staff' (#27572) 2024-06-24 19:21:08 -06:00
Kris
f60a26247e
UX: improve alignment of extra PM info in header (#27594) 2024-06-24 17:50:18 -04:00