Commit Graph

44268 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
e4e37257cc FIX: Handle malformed URLs in TopicEmbed.absolutize_urls. 2022-01-21 11:18:54 +08:00
Robin Ward
d28808e866 FIX: The service observer was using this incorrectly
It was pointing at nothing due to context.
2022-01-20 16:51:36 -05:00
Bianca Nenciu
847c77de65
FIX: Add another method to check binary file (#15648)
This method looks for a NULL byte that is not usually contained in text
files. Follow up to 376799b1a4.
2022-01-20 23:47:18 +02:00
Régis Hanol
a582c49601
FIX: possible ReDOS in markdown newline rule (#15646)
Backport ffc49ab46b
2022-01-20 22:32:01 +01:00
Robin Ward
224f0a2655 DEV: This ensures that teardowns are executed if initializers are run
It does this by creating a new initializer that runs every time the app
is booted to track the current test. Then after each test, we see if the
app needs to be torn down.
2022-01-20 16:23:54 -05:00
Osama Sayegh
688be607c9
FIX: Allowed URLs for API scopes added by plugins (#15662) 2022-01-20 22:29:03 +03:00
Robin Ward
2dc0f36e07 DEV: A bunch of tests (like controller) weren't cleaning up
This creates a helper function with all the cleanup tasks we need to do
after tests, then makes sure to call it after tests that previously
weren't.

This fixes a lot of flakey tests.
2022-01-20 11:58:58 -05:00
Jarek Radosz
23aceedbd5
FIX: Display composer popovers over dropdowns (#15659) 2022-01-20 17:55:55 +01:00
Joffrey JAFFEUX
2426e3510d
FIX: correctly access last poster username (#15661)
Testing this is kinda complicated ATM (especially mobile template with hbr) , this is a component we should definitely aim to test very extensively when we move away from hbr templates.
2022-01-20 17:27:14 +01:00
Kris
1d02b9728d
A11Y: tag should be "role" not "aria-role" (#15653) 2022-01-20 09:58:32 -05:00
Dan Ungureanu
f0c1a4fab8
FIX: Create email token with correct scope (#15658)
`account_created` email contains a URL to `/u/password-reset/TOKEN`
which means that the correct scope for the email token is
`password_reset`, not `signup`.
2022-01-20 16:38:56 +02:00
Kris
6a48106ed4
A11Y: do not use duplicate IDs (#15654) 2022-01-20 08:58:08 -05:00
Jarek Radosz
b9f650e55e
UX: Fix composer popup placement (#15660) 2022-01-20 14:21:13 +01:00
David Taylor
820564826e
FIX: Ensure that login does not fail for users with invite records (#15647)
In the unlikely, but possible, scenario where a user has no email_tokens, and has an invite record for their email address, login would fail. This commit fixes the `Invite` `user_doesnt_already_exist` validation so that it only applies to new invites, or when changing the email address.

This regressed in d8fe0f4199 (based on `git bisect`)
2022-01-20 10:54:38 +00:00
Dan Ungureanu
5b7bddf966
FIX: Prefer email when resetting password (#15650)
The UI used to request a password reset by username when the user was
logged in. This did not work when hide_email_already_taken site setting
was enabled, which disables the lookup-by-username functionality.

This commit also introduces a check to ensure that the parameter is an
email when hide_email_already_taken is enabled as the single allowed
type is email (no usernames are allowed).
2022-01-20 10:04:45 +02:00
Natalie Tay
f5ea00c73f
FIX: Respect blocked domains list when redirecting (#15656)
Our previous implementation used a simple `blocked_domain_array.include?(hostname)`
so some values were not matching. Additionally, in some configurations like ours, we'd used
"cat.*.dog.com" with the assumption we'd support globbing.

This change implicitly allows globbing by blocking "http://a.b.com" if "b.com" is a blocked 
domain but does not actively do anything for "*".

An upcoming change might include frontend validation for values that can be inserted.
2022-01-20 14:12:34 +08:00
dependabot[bot]
191bdac4f0
Build(deps-dev): Bump fabrication from 2.23.1 to 2.24.0 (#15652)
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/commits)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 22:41:31 +01:00
Bianca Nenciu
4951900bbc
FEATURE: Store dismissed state of topic nav popups (#15570)
The dismissed state will be stored between sessions if popupId
attribute is present.
2022-01-19 16:20:05 +02:00
Bianca Nenciu
376799b1a4
FIX: Hide excerpt of binary files in GitHub onebox (#15639)
Oneboxer did not know if a file is binary or not and always tried to
show an excerpt of the file.
2022-01-19 14:45:36 +02:00
David Taylor
ffd0f5b500
DEV: Update GitHub actions config (#15636)
- Move ember-cli tests into the main test workflow, so they're listed alongside other tests
- Remove the 'experimental' label
- Add the 'legacy' label to old-style qunit tests
- Add core-plugin EmberCLI tests
- Add scaffolding for all-plugin EmberCLI tests, but disable in matrix for now
2022-01-19 10:41:52 +00:00
Gerhard Schlager
27f1630b01
DEV: Try to download missing uploads from origin URL (#15629) 2022-01-19 11:05:58 +01:00
Natalie Tay
3050fe893b
DEV: Quick fix to flaky test (#15644)
We know that the real problem has got to do with cloaking (/t/10298), but while we find out precisely why, here's a quick fix.

Similar to #15627
2022-01-19 11:23:35 +08:00
Blake Erickson
12f041de5d
FIX: Tag watching for everyone tag groups (#15622)
* FIX: Tag watching for everyone tag groups

Tags in tag groups that have permissions set to everyone were not able
to be saved correctly. A user on their preferences page would mark the
tags that they wanted to save, but the watched_tags in the response
would be empty. This did not apply to admins, just regular users. Even
though the watched tags were being saved in the db, the user serializer
response was filtering them out. When a user refreshed their preferences
pages it would show zero watched tags.

This appears to be a regression introduced by:

0f598ca51e

The issue that needed to be fixed is that we don't track the "everyone"
group (which has an id of 0) in the group_users table. This is because
everyone has access to it, so why fill a row for every single user, that
would be a lot. The fix was to update the query to include tag groups
that had permissions set to the "everyone" group (group_id 0).

I also added another check to the existing spec for updating
watched tags for tags that aren't in a tag group so that it checks the
response body. I then added a new spec which updates watched tags for
tags in a tag group which has permissions set to everyone.

* Resolve failing tests

Improve SQL query syntax for including the "everyone" group with the id
of 0.

This commit also fixes a few failing tests that were introduced. It
turns out that the Fabrication of the Tag Group Permissions was faulty.
What happens when creating the tag groups without any permissions is
that it sets the permission to "everyone". If we then follow up with
fabricating a tag group permission on the tag group instead of having a
single permission it will have 2 (everyone + the group specified)! We
don't want this. To fix it I removed the fabrication of tag group
permissions and just set the permissions directly when creating the tag
group.

* Use response.parsed_body instead of JSON.parse
2022-01-18 15:02:29 -07:00
dependabot[bot]
bb1eacf184
Build(deps): Bump rubocop from 1.24.1 to 1.25.0 (#15643)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:31:44 +01:00
David Taylor
2d67315c32
FIX: Disable service worker proxying in chrome 97-97.0.4692 (#15638)
https://bugs.chromium.org/p/chromium/issues/detail?id=1286367
2022-01-18 19:41:25 +00:00
Mark VanLandingham
fcc80137ce
DEV: Add chat_group_mention notification type (#15616) 2022-01-18 08:26:27 -06:00
Andrei Prigorshnev
bcc148556f
DEV: add empty state placeholder to styleguide (#15617) 2022-01-18 17:52:48 +04:00
Discourse Translator Bot
14b8cd5e17
Update translations (#15637) 2022-01-18 14:41:41 +01:00
Roman Rizzi
5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539)
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
David Taylor
7329b766cb
FIX: Ensure floating quote button is not positioned under sidebar (#15634)
If themes/plugins introduce a sidebar on the left of the screen, the quote button would sometimes be positioned underneath. This commit ensures that the positioning logic keeps the floating buttons within the width of `.topic-area`
2022-01-18 12:05:36 +00:00
David Taylor
b725b7f1fa
FIX: Quick-quote on Safari (#15631)
Some safari-specific logic was inadvertently removed during the refactoring in b2d45c59. This commit restores it. The logic requires some state, so the getRangeBoundaryRect helper has to be moved back into the Component class. The functional change in this commit is the three lines enclosed by `if (this.capabilities.isSafari) {`.
2022-01-18 11:44:58 +00:00
Dan Ungureanu
eb4ad958c1
FIX: Ensure method exists before calling (#15632)
`_perFileData` is not always defined and uploads failed when it is not.
2022-01-18 13:44:02 +02:00
David Taylor
235de5dd90
FIX: Add /session/sso service-worker workaround for chrome 97 (#15630)
Followup to 2278c7f82d. Depending on the site's SSO implementation, this route is also used as part of a redirect sequence and needs to be able to set cookies.

Chrome bug reference: https://bugs.chromium.org/p/chromium/issues/detail?id=1286367
2022-01-18 11:27:01 +00:00
Natalie Tay
f2902d3830
FIX: Attempt to fix flaky test by using a shorter topic (#15627)
As part of /t/10298, try to remove the first flaky test in the list.

One finding is that the /t/280 topic has a very long post stream, so that may have caused some delay when rendering the topic. One way is to wait for the first expected element to load, but that doesn't scale well given how many waits we will need to add. So I chose to render a shorter topic instead.
2022-01-18 19:22:49 +08:00
David Taylor
5c23c6cdab DEV: Update rake qunit:test and rake plugin:qunit to use testem
For now this is still gated behind a `QUNIT_EMBER_CLI=1` environment variable, but will eventually become the default so that we can remove `run-qunit.js`.
2022-01-18 10:16:29 +00:00
David Taylor
ff5a6edb71 DEV: Update plugin JS loading in Ember CLI testem environment
Previously we were adding `/assets/discourse/tests/core_plugin_tests.js` to the test html all the time. This works in development mode, but fails silently when using testem via the `ember test` CLI, because there is no proxy running.

This commit makes a few changes to fix this, and make it more useful:

- Only renders the plugin `<script>` when in development mode, or when `LOAD_PLUGINS=1` (matching core's behavior)
- Only loads plugin translations based on the same logic
- When running via testem, and the above conditions are met, testem is configured to proxy `core_plugin_tests.js` through to a rails server. (port based on the `UNICORN_PORT` env variable)
- Adds a descriptive error if the plugin `<script>` fails to load. This can happen if the rails server hasn't been started
- Updates the logic for testem browsers. Ember CLI always launches testem in "CI" mode, and we don't really want 3 browsers opening by default. Our CI explicitly specifies the 3 browsers at runtime
2022-01-18 10:16:29 +00:00
David Taylor
b2d45c592a
UX: Apply new quote-button spacing behavior to all mobile devices (#15608)
This expands cbf99f48 to apply to all mobile devices. It removes the old mobile positioning logic entirely, refactors the new system a little for robustness and readability, and removes some JQuery.

On Andoid, we also need to avoid the start selection handle. Therefore the logic for locating selection boundaries is abstracted into a function for easier re-use.
2022-01-18 10:13:49 +00:00
Natalie Tay
2bf3f6d549
DEV: Remove duplicate key in fixture (#15625) 2022-01-18 16:42:53 +08:00
Alan Guo Xiang Tan
0aacd63436 FIX: Autocomplete incorrectly replacing text if used mid sentence.
* Adds test to document the behavior we were seeing.
2022-01-18 14:25:39 +08:00
Penar Musaraj
232f840b60
UX: Fix layout issues with long category names (#15604) 2022-01-17 16:05:27 -05:00
Rafael dos Santos Silva
3f91c8835b
FEATURE: Export topics to markdown (#15615)
* FEATURE: Export topics to markdown

The route `/raw/TOPIC_ID` will now export whole topics (paginated to 100
posts) in a markdown format.

See https://meta.discourse.org/t/-/152185/12
2022-01-17 18:05:14 -03:00
jbrw
2909b8b820
FIX: origins_to_regexes should always return an array (#15589)
If the SiteSetting `allowed_onebox_iframes` contains a value of `*`, it will use the values of `all_iframe_origins` during the Oneboxing process. If `all_iframe_origins` itself contains a value of `*`, `origins_to_regexes` will try to return a "catch-all" regex.

Other code assumes `origins_to_regexes`will return an array, so this change ensures the `*` case will return an array containing only the catch-all regex.
2022-01-17 12:48:41 -05:00
David Taylor
ed2f700440
DEV: Wait for initdb to complete in docker.rake (#15614)
On slower hardware it can take a while to init the database. If we don't wait, the `rake db:create` step will fail.
2022-01-17 17:45:39 +00:00
Jarek Radosz
31b27b3712
FIX: Broken GitHub folder onebox logic (#15612)
1. `html_doc.css('.Box.md')` always returns a truthy value (e.g. `[]`) so the second branch of the if-elsif never ran
2. `node&.css('text()')` was invalid code that would raise an error
3. Matching on h3 elements is no longer correct with the current html structure returned by GitHub
2022-01-17 18:32:07 +01:00
Andrei Prigorshnev
59d78dcfcc
DEV: Restore tests for inserting images as separate paragraphs (#15601) 2022-01-17 17:30:38 +04:00
Joffrey JAFFEUX
307742e3aa
FIX: correctly uses the name helper for selected content (#15610) 2022-01-17 12:18:43 +01:00
Joffrey JAFFEUX
655f28ca5e
UX: center emoji picker when limited space (#15607)
Previously the picker would attempt to avoid positioning itself hover textarea and could in limited width screen end up being out of screen.

This behavior would be even more probable on full screen mode where the textarea takes a lot of space.
2022-01-17 12:11:04 +01:00
Jarek Radosz
214bce6fad
UX: No border-radius on textarea (#15594)
We already set border-radius to 0 on all input elements, but we didn't do that for textarea, which resulted in some of those elements appearing rounded on some browsers (iOS Safari)
2022-01-17 08:58:57 +01:00
Jarek Radosz
f2be253b7c
DEV: Fix a computed override in tests (#15596)
Re-lands #11190
2022-01-17 08:58:37 +01:00
Jarek Radosz
f0abad6998
DEV: Use a real image to fix a net::err in tests (#15597) 2022-01-17 08:57:52 +01:00