Commit Graph

177 Commits

Author SHA1 Message Date
Sam Saffron
a3d42e2c52 FIX: add_to_serializer not correctly accounting for inheritance chains
This is a very long standing bug we had, if a plugin attempted to amend a
serializer core was not "correcting" the situation for all descendant classes
this often only showed up in production cause production eager loads serializers
prior to plugins amending them.

This is a critical fix for various plugins
2019-08-27 18:23:32 +10:00
Penar Musaraj
4182d8638c Remove duplicate entry for discourse-yearly-review 2019-06-13 13:56:38 -04:00
Roman Rizzi
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Guo Xiang Tan
a206da8e18 DEV: Mark discourse-encrypt plugin as official. 2019-05-29 10:20:46 +08:00
Guo Xiang Tan
999fdb95db DEV: Mark discourse-login-with-amazon as official plugin. 2019-05-13 16:13:20 +08:00
Guo Xiang Tan
ba913a24db Add steam login to official plugin list. 2019-05-13 12:39:35 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
451f7842ff DEV: More send -> public_send. 2019-05-07 10:05:58 +08:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Sam Saffron
9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Roman Rizzi
aec457e09a
DEV: Expose a way to extend a method that returns a list 2019-04-08 14:42:36 -03:00
Dax74
c5b76cd138
Add Yearly review plugin
Add Yearly review plugin in the official list
2019-04-03 11:30:49 +02:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Penar Musaraj
9bf11a7c02
FEATURE: Add localized timezone names (#7004)
Uses github.com/discourse/moment-timezone-names-translations to translate timezone names.
Plugins can also provide their own timezone name translations.
2019-02-25 14:40:02 -05:00
Gerhard Schlager
84c56e16f9 REFACTOR: Use keyword argument for fallback_to_english flag 2019-02-19 15:28:47 +01:00
Rishabh
334bd78516 DEV: Mark discourse-code-review and discourse-yearly-review plugins as official 2019-01-24 13:14:50 +05:30
Régis Hanol
95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
David Taylor
23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
David Taylor
ded3639f87 DEV: Add openid-connect as an official plugin 2018-12-06 16:16:47 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor
052bf37578 FIX: Use Discourse.deprecate instead of Rails.logger.warn
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Bianca Nenciu
d408073fc2 DEV: Update official plugins list
canned replies is now named discourse-canned-replies which keeps our naming consistent
2018-10-15 13:53:21 +11:00
Joshua Rosenfeld
aba4dec27f
Update official plugin list
* Remove duplicate entry
* Add missing plugins
* Update list for new names
2018-10-12 10:12:31 -04:00
Guo Xiang Tan
1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Rishabh Nambiar
943f017a17 Mark discourse-perspective-api as an official plugin 2018-10-04 14:34:22 +05:30
Joshua Rosenfeld
afaa722c32
sort official plugin list, remove duplicate entry
`discourse-sitemap` was listed twice, sorted list to help avoid duplication
2018-09-09 13:41:26 -04:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Dax74
5f51ef27e7
Added sitemap plugin in the official list 2018-08-29 10:58:26 +02:00
Sam
47e6b8b318 discourse etiquette is an official plugin 2018-08-27 10:03:49 +10:00
Sam
8fa5dd4a1f FEATURE: discourse-checklist is now an official plugin 2018-08-21 10:44:40 +10:00
Robin Ward
5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam
4b000f5d12 FIX: do not use lib for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Jeff Wong
059862ed46 Mark discord auth plugin official 2018-08-01 09:33:14 -07:00
David Taylor
8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor
467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor
88241f57a3
FEATURE: allow auth plugins to have a site setting for full screen login 2018-07-26 11:11:16 +01:00
Nick Shearer
def2c977ce allow auth plugins to have a site setting for if they should be full screen vs popup window 2018-07-25 19:20:11 -05:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joshua Rosenfeld
212f518cd1
Add invite tokens to official plugins list 2018-06-30 17:24:45 -04:00
Robin Ward
6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX
24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Blake Erickson
9963078dd1 Add to offical plugins list 2018-06-18 10:20:49 -06:00
Robin Ward
e5c156b226 Add characters-required to official plugins list 2018-06-18 10:30:46 -04:00