Commit Graph

39821 Commits

Author SHA1 Message Date
David Taylor
a7adf30357
FEATURE: Allow /u/by-external to work for all managed authenticators (#11168)
Previously, `/u/by-external/{id}` would only work for 'Discourse SSO' systems. This commit adds a new 'provider' parameter to the URL: `/u/by-external/{provider}/{id}`

This is compatible with all auth methods which have migrated to the 'ManagedAuthenticator' pattern. That includes all core providers, and also popular plugins such as discourse-oauth2-basic and discourse-openid-connect.

The new route is admin-only, since some authenticators use sensitive information like email addresses as the external id.
2020-11-10 10:41:46 +00:00
Sam
ffc3da35a6
FIX: handle rapid concurrent SSO attempts more gracefully (#11180)
Rapid concurrent SSO attempts is something that happens quite frequently
in the wild at large enough scale.

When this happens conditions such as adding a user to a group could possibly
fire concurrently causing a user to be added to the same group twice and
erroring out.

To avoid all concurrency issues here we protect with a coarse distributed
mutex. This heavily mitigates the risk around concurrent group additions and
concurrent updates to user related records.
2020-11-10 10:40:41 +00:00
David Taylor
cf21de0e7a
DEV: Migrate Github authentication to ManagedAuthenticator (#11170)
This commit adds an additional find_user_by_email hook to ManagedAuthenticator so that GitHub login can continue to support secondary email addresses

The github_user_infos table will be dropped in a follow-up commit.

This is the last core authenticator to be migrated to ManagedAuthenticator 🎉
2020-11-10 10:09:15 +00:00
Krzysztof Kotlarek
586c8efbd8
FEATURE: the ability to permanently destroy the private message (#11115)
PostDestroyer should accept the option to permanently destroy post from the database. In addition, when the first post is destroyed it destroys the whole topic.

Currently, that feature is limited to private messages and creator of the post. It will be used by discourse-encrypt to explode encrypted private messages.
2020-11-10 15:40:48 +11:00
Martin Brennan
27e94f2f98
FIX: Make secure image onebox check more robust (#11179)
When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge.

This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 12:55:18 +10:00
Kris
694c7f2c98
reduce min-width for better spacing, follow-up to 1455421 (#11177) 2020-11-09 17:05:09 -06:00
Arpit Jalan
394f37cf66
FIX: do not use "max_tags_in_filter_list" setting for showing PM tags (#11146)
Ensure we do not respect max_tags_in_filter_list when showing the list of PM tags.

This filter is used on a full page view and there is not point limiting it to a small number.

The expectation is that PM tags are very rarely used, so a hard limit of 1000 should be safe for now.
2020-11-10 08:09:59 +11:00
Penar Musaraj
bfc3bc0733
FIX: Small copy change in wizard (#11174) 2020-11-09 12:19:58 -08:00
Penar Musaraj
57bd85af31
UX: Minor cosmetic fixes to the wizard (#11172)
- Does not force users to type a description or a welcome topic
- Adds * marker for required text fields (site title and email)
2020-11-09 15:14:57 -05:00
Dan Ungureanu
0c2956dd2e
HACK: Redirect /tags/:tag_id to /tag/:tag_id (#11145) 2020-11-09 17:01:33 +00:00
Daniel Waterworth
ec4c2a58ea
FIX: Paths with categories and tags were being generated incorrectly (#11167)
Paths prefixed with /tag/ are exclusively for when the tag name is the
next string in the path. Therefore, when a category is being used as
context, the path should start with /tags/ instead.
2020-11-09 12:34:52 +00:00
David Taylor
a0095d6e52
UX: Show theme git branch for private repositories (#11166) 2020-11-09 11:33:38 +00:00
Joe
3414566466
UX: Remove label and add danger class to remove draft button (#11165) 2020-11-09 15:28:39 +08:00
Guo Xiang Tan
f70b330e7a DEV: Fix the build.
Follow-up to 650da7b626
2020-11-09 14:25:14 +08:00
Guo Xiang Tan
650da7b626 PERF: Update index for category in a background job.
Search indexing can get expensive and there is no need for us to block
the entire request just to wait for index to finish.
2020-11-09 13:51:26 +08:00
Sam
94cd5ac0b1
FIX: global setting needs to be coerced to float (#11162)
disable_search_queue_threshold needs to be coerced to a float so it is not
treated as a string when sub second values are provided.

Longer term fix is to possibly provide hints in the config so we do the
coersion automatically. However this would be a far more complex change.
2020-11-09 16:46:52 +11:00
Kris
1455421433
UX: truncate long usernames in multi-username notifications (#11153)
* UX: truncate long usernames in multi-username notifications

* remove extra class, clarify comments
2020-11-09 16:06:52 +11:00
Kris
8be04ff7f7
UX: Give furigana and other top-overflowing elements a little space (#11154) 2020-11-09 16:03:36 +11:00
Kris
4c0d027a5a
UX: truncate long nav items in dropdown menu (#11156) 2020-11-09 16:02:40 +11:00
jbrw
caead1bd35
DEV: update AWS and onebox gems
onebox update contains ab2f9a8cda which correct onebox behavior for instagram
2020-11-09 16:01:20 +11:00
Alan Guo Xiang Tan
0e4d966a74
DEV: Remove stale ignored_columns. (#11160) 2020-11-09 15:57:59 +11:00
dependabot-preview[bot]
43df3348b7 Create Dependabot config file 2020-11-09 12:57:35 +08:00
dependabot-preview[bot]
f8e48a413c Build(deps): Bump parallel from 1.19.2 to 1.20.0
Bumps [parallel](https://github.com/grosser/parallel) from 1.19.2 to 1.20.0.
- [Release notes](https://github.com/grosser/parallel/releases)
- [Commits](https://github.com/grosser/parallel/compare/v1.19.2...v1.20.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-09 12:53:03 +08:00
dependabot-preview[bot]
ee9d879794 Build(deps): Bump onebox from 2.1.4 to 2.1.5
Bumps [onebox](https://github.com/discourse/onebox) from 2.1.4 to 2.1.5.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v2.1.4...v2.1.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-09 12:52:45 +08:00
dependabot-preview[bot]
1a4cdf120e
Build(deps): Bump tzinfo from 1.2.7 to 1.2.8 (#11157)
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.7 to 1.2.8.
- [Release notes](https://github.com/tzinfo/tzinfo/releases)
- [Changelog](https://github.com/tzinfo/tzinfo/blob/v1.2.8/CHANGES.md)
- [Commits](https://github.com/tzinfo/tzinfo/compare/v1.2.7...v1.2.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-08 13:58:50 +01:00
tshenry
6060f32970
Improve max_personal_messages_per_day description copy (#11155) 2020-11-06 17:42:26 -08:00
Justin DiRose
09b8a61f65
FEATURE: Add Google Universal Analytics v4 as an option (#11123)
Per Google, sites are encouraged to upgrade from Universal Analytics v3 `analytics.js` to v4 `gtag.js` for Google Analytics tracking. We're giving admins the option to stay on the v3 API or migrate to v4. Admins can change the implementation they're using via the `ga_version` site setting. Eventually Google will deprecate v3, but our implementation gives admins the choice on what to use for now.

We chose this implementation to make the change less error prone, as many site admins are using custom events via the v3 UA API. With the site stetting defaulted to `v3_analytics`, site analytics won't break until the admin is ready to make the migration.

Additionally, in the v4 implementation, we do not enable automatic pageview tracking (on by default in the v4 API). Instead we rely on Discourse's page change API to report pageviews on transition to avoid double-tracking.
2020-11-06 14:15:36 -06:00
dependabot-preview[bot]
8f7e4f87ec
Build(deps-dev): Bump rubocop-discourse from 2.4.0 to 2.4.1 (#11151)
Bumps [rubocop-discourse](https://github.com/discourse/rubocop-discourse) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/discourse/rubocop-discourse/releases)
- [Commits](https://github.com/discourse/rubocop-discourse/compare/v2.4.0...v2.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-06 20:54:21 +01:00
Mark VanLandingham
95c871be3e
DEV: Move popups left if application.hbs wrapper is moved by theme
We have a div that is inside #main because of the history of Ember explained here. Once we have Ember cli, we can use optional feature flags and disable creating this div with application-template-wrapper: false, and refactor this code and any plugins that rely on that div being present (some plugin regarding remote collaboration??).
2020-11-06 09:46:26 -06:00
Bianca Nenciu
0863c36221
FIX: Improve errors when invite to topic fails (#11133)
It used to simply say "not allowed" without giving any hint what the
problem could be. This commit refactors the code and tries to improve
readability.
2020-11-06 16:58:10 +02:00
dependabot-preview[bot]
75a893fd61
Build(deps): Bump rails_failover from 0.5.8 to 0.5.9 (#11143)
Bumps rails_failover from 0.5.8 to 0.5.9.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-06 01:09:40 +00:00
Martin Brennan
00c8f520e9
FIX: Do not enable published page if secure media enabled (#11131)
There are issues around displaying images on published pages when secure media is enabled. This PR temporarily makes it appear as if published pages are enabled if secure media is also enabled.
2020-11-06 10:33:19 +10:00
Sam
2d4455161b
FIX: Correct "no tags" route in tag drop-down (#11142)
We refactored routes and removed /tags/none... instead is should be /tag/none
2020-11-06 10:28:57 +11:00
Jarek Radosz
1ca6434d40
DEV: Remove i18n-patches (#11139)
* DEV: Move toHumanSize patch into I18n proper
  The patch wasn't loaded in Ember CLI environment causing translation discrepancies.

* DEV: Remove String.prototype.i18n
  I don't think this patch is needed. Let the CI prove me wrong. :P
2020-11-06 00:08:36 +01:00
dependabot-preview[bot]
bfafccacd2
Build(deps-dev): Bump webmock from 3.9.3 to 3.9.4 (#11141)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.9.3 to 3.9.4.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.9.3...v3.9.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-06 00:07:51 +01:00
Krzysztof Kotlarek
9bfce1a8dd
FIX: trim no-break space in to-markdown (#11130)
No-break spaces were the reason for double spaces when pasting text to the composer.

https://meta.discourse.org/t/extra-spaces-added-to-markdown-with-rich-text-pasted/112769
2020-11-06 09:36:36 +11:00
Jarek Radosz
1b52cdedb1
DEV: Move more tests into modules (#11119)
Models, services, mixins, utilities, and most of the controllers
2020-11-05 20:23:28 +01:00
dependabot-preview[bot]
334ca86c9e
Build(deps): Bump rubocop from 1.1.0 to 1.2.0 (#11138)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v1.1.0...v1.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-05 20:22:30 +01:00
dependabot-preview[bot]
c2e48028a8
Build(deps): Bump rails_failover from 0.5.7 to 0.5.8 (#11137)
Bumps rails_failover from 0.5.7 to 0.5.8.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-05 18:33:38 +00:00
dependabot-preview[bot]
122c7406b4
Build(deps): Bump rubocop-ast from 1.1.0 to 1.1.1 (#11135)
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-ast/compare/v1.1.0...v1.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-05 19:00:21 +01:00
jbrw
bba73fc15e
FEATURE: Allow category group moderators to delete topics (#11069)
* FEATURE - allow category group moderators to delete topics

* Allow individual posts to be deleted

* DEV - refactor for new `can_moderate_topic?` method
2020-11-05 12:18:26 -05:00
Arpit Jalan
436bd48512
UX: update topic small action post to add link for new linked topic URL (#11132)
https://meta.discourse.org/t/linked-topics-splitting-and-managing-megatopics/168992/4?u=techapj
2020-11-05 22:39:21 +05:30
Penar Musaraj
707ed01f33
UX: Wider canvas buttons in wizard (#11124) 2020-11-05 09:55:35 -05:00
dependabot-preview[bot]
d508545954
Build(deps-dev): Bump better_errors from 2.9.0 to 2.9.1 (#11134)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.9.0...v2.9.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-05 15:52:51 +01:00
Penar Musaraj
9f6c4ad71a
FIX: inconsistency in S3 inventory config (#11112)
Ensures it matches S3 inventory config generation in our hosting.
2020-11-05 08:39:40 -05:00
Sam
2686d14b9a
PERF: introduce aggressive rate limiting for anonymous (#11129)
Previous to this change our anonymous rate limits acted as a throttle.
New implementation means we now also consider rate limited requests towards
the limit.

This means that if an anonymous user is hammering the server it will not be
able to get any requests through until it subsides with traffic.
2020-11-05 16:36:17 +11:00
Tobias Eigen
6490fac881
DEV: improved text on invite tabs when nothing to show (#11122) 2020-11-05 15:24:09 +11:00
dependabot-preview[bot]
df996c4d10
DEV: Bump better_errors from 2.8.3 to 2.9.0 (#11128)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.8.3...v2.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-05 15:10:21 +11:00
Kris
3ee216c036
FIX: include header offset relative to window (#11114) 2020-11-04 21:14:17 -05:00
Roman Rizzi
fa12302e77
FIX: Update review settings. (#11125)
We didn't update review settings even if the UI says it was successfully saved. After #11097, we started to clone each setting and store the changes there instead, but we still use the original objects when we perform the save action.
2020-11-05 12:26:59 +11:00