Commit Graph

38421 Commits

Author SHA1 Message Date
Dan Ungureanu
c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
Dan Ungureanu
e88b17c044
FIX: Sync client and server side behavior for category hashtag lookup
Category.query_from_hashtag_slug is the only source of truth.
2020-07-10 10:45:39 +03:00
Martin Brennan
56f42d89c5
FIX: Post menu bookmark icon and attributes not refreshing on notification click (#10214)
When creating a bookmark reminder that deletes the bookmark on reminder, if the user clicked on the notification and got taken to the post in the topic the bookmark icon still showed as blue with the reminder clock indicator. This was because the response JSON for reloading a topic post was not including the bookmark attributes, not even the bookmarked boolean.

We now return the correct attributes in the serializer, and if bookmarked is false we clear all the bookmark related attributes on the post for the notification to make sure nothing of the old bookmark remains in the UI.

This was only a problem if the user did not refresh the app completely inbetween setting the reminder and receiving the notification.
2020-07-10 14:35:53 +10:00
Martin Brennan
9a2955d471
FIX: Migrate topic_users.bookmarked to false when it is incorrectly true (#10211)
Follow up to https://github.com/discourse/discourse/pull/10188/files

There are still TopicUser records where bookmarked is true even though there are no Bookmark or PostAction records with the type of bookmark for the associated topic and user. This migration corrects this issue by setting bookmarked to false for these cases.
2020-07-10 12:22:15 +10:00
Penar Musaraj
37f7e41e60
DEV: Remove Google+ icon from sprite 2020-07-09 21:29:39 -04:00
Kris
706f1a6294
DEV: Remove text-ellipsis component and use CSS line-clamp instead (#10196) 2020-07-09 20:51:43 -04:00
Rafael dos Santos Silva
831f3cab56
DEV: Fix search rate limit tests 2020-07-09 20:44:17 -03:00
Blake Erickson
e74817cbb9 DEV: Document set notification level endpoint
Another commit using rswag to document the api so that the api docs can
be automatically generated.
2020-07-09 17:41:11 -06:00
Rafael dos Santos Silva
e866e3d609
FEATURE: Add global rate limit for anon searches (#10208) 2020-07-10 09:08:34 +10:00
Kane York
79b52b1e9a
DEV: Add SVG tests for 31e31ef44 (#10205) 2020-07-09 14:02:25 -07:00
Mark VanLandingham
bfde665e76
DEV: Classes and plugin-outlet in admin user-list nav (#10204) 2020-07-09 15:10:25 -05:00
Robin Ward
5b276af921
Remove Discourse.SiteSettings from tests (#10193)
* Remove unused Discourse.SiteSettings

* Remove `Discourse.SiteSettings` from many tests

* REFACTOR: `lib:formatter` was using a lot of leaky state

* Remove more `Discourse.SiteSettings` from tests

* More SiteSettings removed from tests
2020-07-09 15:54:53 -04:00
Robin Ward
b1c6ff9e1c FIX: Test output related to Discourse::VERSION
It's a little awkward to test constants by re-assigning them so
I've added a new parameter to `Discourse.find_compatible_resource`
which can be used by tests.
2020-07-09 14:57:27 -04:00
Robin Ward
c2ce7f2673 FIX: Flaky test
The previous solution was not always working, I believe this one
will be consistent.
2020-07-09 14:48:49 -04:00
dependabot-preview[bot]
dadf08fb3b
Build(deps): Bump cose from 1.0.0 to 1.1.0 (#10203)
Bumps [cose](https://github.com/cedarcode/cose-ruby) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases)
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-09 14:13:32 -04:00
Robin Ward
10384bcdf4 FIX: Flaky tests
Locally I was getting a lot of failures from discourse-encrypt due to
leaky state in composer actions. This fixes it.
2020-07-09 12:58:57 -04:00
Mark VanLandingham
52f8eecbb9
FIX: Incorrect fix for invites breaking when no group is selected (#10202) 2020-07-09 11:58:29 -05:00
Mark VanLandingham
9d74cf6a63
FIX: Invites when no group is selected (#10201) 2020-07-09 11:41:17 -05:00
David Taylor
cb1f891392
Revert "FIX: Incorrect search blurb when advanced search filters are used."
This change was causing advanced search filters to disappear from the search input

This reverts commit 2e1eafae06.
2020-07-09 16:19:18 +01:00
Daniel Waterworth
8d5750d90a FIX: Catch all kinds of exceptions when processing email 2020-07-09 13:41:51 +01:00
Daniel Waterworth
3b368a48d1 Revert "DEV: Add logging for stack level too deep exception in HtmlToMarkdown"
We can do this in a better way by storing an IncomingEmail record.

Follow-up-to: 4a9ee25c56
2020-07-09 13:41:33 +01:00
Jarek Radosz
32ee9fae40
FIX: Short URL resolution in cook-text (#10200)
Regressed in 3b51e05de2. Thanks to @romanrizzi for reporting!
2020-07-09 14:39:13 +02:00
Daniel Waterworth
4a9ee25c56 DEV: Add logging for stack level too deep exception in HtmlToMarkdown 2020-07-09 12:25:00 +01:00
Martin Brennan
e0713455ca
PERF: Load topic bookmarks for the user in user_post_bookmarks (#10197)
Instead of loading all of the user bookmarks using all the post IDs in a topic, load all the bookmarks for a user using the topic ID. This eliminates a costly WHERE ID IN query.
2020-07-09 15:46:52 +10:00
Guo Xiang Tan
d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan
31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan
fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan
f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Guo Xiang Tan
cbe1dd8ec7
Revert "FIX: Delete related search data when record has been deleted."
This reverts commit ecc799ab56.

This commit does not fix anything because we've always been deleting
records in `Searchable`.
2020-07-09 10:08:35 +08:00
Jordan Vidrine
9eedc83e00
UI: Markdown Code Wrapping (#10195) 2020-07-08 20:50:42 -04:00
Blake Erickson
abb01148fa DEV: Rubocop fixes
Follow up to: 3314654ab3
2020-07-08 18:27:19 -06:00
Blake Erickson
3314654ab3 DEV: Add API Doc specs for topic endpoints
Added some more specs that will be used to auto generate the api docs.
2020-07-08 18:08:14 -06:00
romanrizzi
720a7f88e2 Revert "Add License"
This reverts commit ba1c4b3ee9.
2020-07-08 15:11:04 -03:00
Roman Rizzi
ba1c4b3ee9
Add License 2020-07-08 15:09:42 -03:00
Penar Musaraj
bd511c004c
UX: Fix missing icon when merging selected posts 2020-07-08 13:57:05 -04:00
Penar Musaraj
67582e7d27
FIX: Do not send system emails to suspended users (#10192) 2020-07-08 13:30:32 -04:00
Mark VanLandingham
90512d723c
UX: Use group-chooser in invite modal (#10186) 2020-07-08 12:02:26 -05:00
Robin Ward
f3ff9d5625 FIX: getURL deprecation 2020-07-08 11:40:53 -04:00
Arpit Jalan
78beb4368a FIX: 'resend all invite' button was not working as expected 2020-07-08 15:52:44 +05:30
marielaSAG
e45307a105
DEV: Added before-create-topic-button plugin-outlet (#10109) 2020-07-08 18:21:30 +10:00
Mark VanLandingham
a9292086f4
DEV: Add classes to quick-access-profile items (#10185) 2020-07-08 17:30:12 +10:00
Martin Brennan
6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names (#10189)
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.

This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron
bac25e6dd7
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron
8af5194e39
DEV: upgrade rails to version 6.0.3.2
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu
bd842cd2b0
FEATURE: Parse images in email signatures (#10137)
* FEATURE: Parse images in email signatures

* DEV: Fix tests

* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan
07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache (#10188)
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan
2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used. 2020-07-08 11:59:49 +08:00
dependabot-preview[bot]
26dc981285 Build(deps): Bump rubocop from 0.86.0 to 0.87.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00
dependabot-preview[bot]
b973ffe8e0 Build(deps): Bump onebox from 1.9.29 to 1.9.30
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.29 to 1.9.30.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.29...v1.9.30)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:20 +08:00
Kane York
c86b1ee9d1
FIX: Disable security keys at same time as TOTP 2FA (#10144)
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.

* FIX: Only offer disabling 2FA to admins
2020-07-07 12:19:30 -07:00