Commit Graph

6837 Commits

Author SHA1 Message Date
Guo Xiang Tan
e453539e1e DEV: Refactor test to assert for the actual output.
Also, generatnig the same json multiple times.
2019-01-12 08:00:22 +08:00
Arpit Jalan
5e0f9eadb8
FIX: show user avatar on User summary page (#6872) 2019-01-11 23:39:06 +05:30
Robin Ward
dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Vinoth Kannan
f94c0283b2
FIX: Use correct version when generating file path for optimized image (#6871) 2019-01-11 18:35:38 +05:30
Guo Xiang Tan
2956c52e57 FIX: Show title as home logo if title has been set and logo is blank.
https://meta.discourse.org/t/default-text-logo-not-working/103936
2019-01-11 15:46:58 +08:00
Saurabh Patel
99856478d6 FIX: use discourse route_for function to check url route
it takes care if there is a relative url root
2019-01-11 14:58:45 +08:00
Guo Xiang Tan
d10694150e Revert "FIX: Partial reply key search in email sent logs."
This reverts commit e9b2018bc8.
2019-01-10 10:05:56 +08:00
Saurabh Patel
b63b399799 DEV: remove uploaded_meta_id column from category (#6725)
* DEV: remove uploaded_meta_id column from category

* remove uploaded_meta part
2019-01-10 09:37:21 +08:00
Guo Xiang Tan
e9b2018bc8 FIX: Partial reply key search in email sent logs.
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Sam
35b59cfa78 SECURITY: escape title HTML for inline onebox 2019-01-10 12:02:05 +11:00
Penar Musaraj
e11c6ffa89 FEATURE: allow extending CSP base-uri and object-src
Plus, ensure :none is stripped, it cannot be combined with other sources
2019-01-09 15:34:14 -05:00
Robin Ward
9ba8bfb1aa FIX: Multisite DB was leaving old data in test mode
This commit introduces a new helper to enable transactional fixtures
when testing multisite. This would show up as tests that passed the
first time then failed the second time due to stale data being leftover.
2019-01-09 15:20:37 -05:00
Kyle Zhao
dec8e5879a FEATURE: set CSP base-uri and object-src to none (#6863) 2019-01-09 15:04:50 -05:00
Guo Xiang Tan
4ddd8fad20 DEV: Raise error with stats. 2019-01-09 10:54:02 +08:00
Rafael dos Santos Silva
f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Sam
824c3420e9 DEV: make Jobs.enqueue tests less fragile
Previously we depended on non Sidekiq specific mocking which is not the
official way of testing Sidekiq, this made these tests very fragile

New testing is more robust and complete
2019-01-09 09:51:11 +11:00
Sam
e08a3f719c FEATURE: push post rebake regular task to low priority queue
This allows us to run regular rebakes without starving the normal queue.

It additionally adds the ability to specify queue with `Jobs.enqueue` so
we can specifically queue a job with lower priority using the `queue` arg.
2019-01-09 08:57:20 +11:00
Rishabh
733a60e888 FIX: Remove trailing whitespace to fix build 2019-01-08 17:37:43 +05:30
Vinoth Kannan
8f602be2fe FEATURE: keep the topic in closed status until the community flags are handled 2019-01-08 16:13:10 +05:30
Sam
f947e3c6cc FIX: always serve new avatar for previous version
Previously we killed caching on old avatars cause we kept serving blank
this meant we would front many more avatar requests after a version change

This change ensures all old avatars do not cause a flood of requests on the
server
2019-01-08 19:51:33 +11:00
Guo Xiang Tan
ec27db78be FIX: Set unique post key for a user outside of transaction.
Previously, the Redis key was set within the transaction and the key
isn't deleted if the transaction is not successful.

Note that this isn't tested because we don't have a repro of what can
raise an error within the transaction.

https://meta.discourse.org/t/body-is-too-similar-to-what-you-previously-posted-even-when-previous-post-didnt-go-through/105436
2019-01-08 15:22:22 +08:00
Arpit Jalan
05c015d252 DEV: add a spec for "accept invite" log_on_user behaviour 2019-01-08 12:41:21 +05:30
Arpit Jalan
e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
Robin Ward
5eaf3cb104 Adjusts the minimum_flag_threshold for TL3/TL4 actions
Before this patch, a high trust level user could flag something
and have an action be taken, as well as skipping the flag queue.

Now, if a TL3/TL4 cause an action, the flag will skip the minimum
visibility check and allow staff to review it.
2019-01-04 13:16:44 -05:00
Gerhard Schlager
c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
Régis Hanol
88e861e895 FIX: prevent error when badge has already been awarded 2019-01-04 15:17:54 +01:00
David Taylor
5bf16d7d10 FEATURE: Topic timer for bumping a topic in the future 2019-01-04 13:08:04 +00:00
Vinoth Kannan
75dbb98cca FEATURE: Add S3 etag value to uploads table (#6795) 2019-01-04 14:16:22 +08:00
cfitz
19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Guo Xiang Tan
5f0f7f909d FIX: Incorrect CDN URL for site setting uploads when s3 is enabled. 2019-01-04 07:52:13 +08:00
Sam
70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Vinoth Kannan
385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Gerhard Schlager
b089ac1537 FIX: Posting without bump raised an error for TL4 2019-01-03 14:14:02 +01:00
Arpit Jalan
d1597683f3 Revert "FIX: trim trailing slash from topic links"
This reverts commit 993f847a2c.

There is an edge case where the link click redirect fails when the URL has trailing slash. Need to figure out a better fix for this.
2019-01-03 17:29:22 +05:30
Guo Xiang Tan
c666ef556d Fix the build.
Ref 570877da3c
2019-01-03 15:34:39 +08:00
Arpit Jalan
993f847a2c FIX: trim trailing slash from topic links 2019-01-03 12:38:36 +05:30
Sam
570877da3c FEATURE: store thumbnail algorithm version in optimized image table
Previously we had no idea what algorithm generated thumbnails, this starts tracking the version.

We also bumped up the version to force all optimized images to be generated. This is important cause we recently introduced pngquant which results in much smaller images.
2019-01-03 17:07:30 +11:00
Arpit Jalan
bea7a8a4d1 FIX: show accurate error message based on invite token validity 2019-01-03 07:46:05 +05:30
Neil Lalonde
3236f2668f add note to specs about ImageMagick 7 requirement 2019-01-02 12:03:57 -05:00
Gerhard Schlager
8cb5ed3a7c DEV: Fix random build error 2019-01-02 17:27:08 +01:00
Gerhard Schlager
c30996129f FEATURE: Allow TL4 users to reset bump date 2019-01-02 16:57:05 +01:00
Guo Xiang Tan
38ded77e16 FIX: Make test less fragile. 2019-01-02 16:33:50 +08:00
Sam
766e67ce57 FEATURE: introduce lossy color optimization on resized pngs
This feature ensures optimized images run via pngquant, this results extreme amounts of savings for resized images. Effectively the only impact is that the color palette on small resized images is reduced to 256.

To ensure safety we only apply this optimisation to images smaller than 500k.

This commit also makes a bunch of image specs less fragile.
2019-01-02 17:20:02 +11:00
Guo Xiang Tan
2feeba0f1c DEV: Remove duplicated assertion. 2019-01-02 05:07:58 +08:00
Jeff Atwood
96aca20fd7 add image optim version note to relevant tests 2019-01-01 01:25:00 -08:00
Arpit Jalan
70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Joffrey JAFFEUX
f1269fa807
FEATURE: Add Top Uploads report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Vinoth Kannan
2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
Régis Hanol
5381096bfd PERF: new 'migrate_to_s3' rake task 2018-12-26 17:34:49 +01:00
Sam Saffron
303a535dba PERF: automatic upload size calculation not persisted
Previously if upload had missing width and height we would calculate
on first use BUT we (me) forgot to save this to the database

This was particularly bad on home page cause category images (when old)
miss dimensions.
2018-12-26 17:19:29 +02:00
Joffrey JAFFEUX
f637286db5
UX: improves flags-status report (#6773)
- link to post
- cover more post action types
2018-12-26 10:29:33 +01:00
Sam Saffron
69aa8f18c2 FEATURE: allow for custom excerpt BBCODE
This allows fidelity in controlling excerpt (text that shows up when you pin a topic or link to it externally):

```
I am some text

[excerpt]
This is some **custom** markdown that should be the excerpt
[/excerpt]

More text
```

Previous solution relied on DIVs, unfortunately DIVs do not play well,
by design with mixing markdown unless you have a preceding newline eg:

```
<div class='hello'>

this will be treated properly as markdown

</div>
```

This extra newline is not desirable.

I am also considering adding

```
[div class=excerpt]
[/div]
```

This would offer lots of flexibility to themes and plugins that do not want the extra annoying newline.
2018-12-25 17:02:28 +02:00
Guo Xiang Tan
2cbb513c98 FIX: Don't use Redis#keys in production.
As per the documentation for KEYS

```
Warning: consider KEYS as a command that should only be used in production environments with extreme care. It may ruin performance when it is executed against large databases. This command is intended for debugging and special operations, such as changing your keyspace layout.
```

Instead SCAN

```
Since these commands allow for incremental iteration, returning only a small number of elements per call, they can be used in production without the downside of commands like KEYS or SMEMBERS that may block the server for a long time (even several seconds) when called against big collections of keys or elements.
```
2018-12-25 15:12:59 +02:00
Kyle Zhao
61dcd7c52c FIX: validate YAML before save to avoid race condition 2018-12-25 15:08:17 +02:00
Arpit Jalan
1e2b81991f fix the build 2018-12-25 10:27:51 +05:30
Vinoth Kannan
a16bb32865 FIX: Do not raise error if most liked user is deleted 2018-12-25 01:04:55 +05:30
David Taylor
7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Vinoth Kannan
2909e7fbdf FIX: Subfolder path is missing in category permalinks after slug update 2018-12-21 09:29:54 +05:30
Vinoth Kannan
e7e4074856 FIX: raises an error if q param is empty in search page 2018-12-20 21:43:14 +05:30
Guo Xiang Tan
b64d760bb3 DEV: Improve tests to assert that the right HTML is generated. 2018-12-20 07:14:32 +08:00
Maja Komel
0ce5f05b2a FIX: hide emails on admin user list for moderators (#6781) 2018-12-19 10:24:57 +01:00
Maja Komel
2fcbbead45 FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 10:22:10 +01:00
Bianca Nenciu
2eefe6d5d6 FIX: Use CDN for logos and icons. (#6698) 2018-12-19 10:20:48 +01:00
Arpit Jalan
1ab91f0474 FIX: preserve github fragment URL 2018-12-19 12:34:47 +05:30
Rishabh
cae5ba7356 FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769)
* FIX: Ensure that multisite uploads are tombstoned into the correct paths

* Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 13:32:32 +08:00
Neil Lalonde
6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Vinoth Kannan
9c6f77f9da DEV: Remove the unique_searches column from select query 2018-12-19 02:45:48 +05:30
Robin Ward
6080e3a2c0 FIX: Broken spec 2018-12-18 14:55:09 -05:00
Robin Ward
662cfc416b FEATURE: Show a blurry preview when lazy loading images
This generates a 10x10 PNG thumbnail for each lightboxed image.
If Image Lazy Loading is enabled (IntersectionObserver API) then
we'll load the low res version when offscreen. As the image scrolls
in we'll swap it for the high res version.

We use a WeakMap to track the old image attributes. It's much less
memory than storing them as `data-*` attributes and swapping them
back and forth all the time.
2018-12-19 01:57:30 +08:00
Rishabh
c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Bianca Nenciu
825ae86857 FEATURE: Remove full quote only if first paragraph. (#6793) 2018-12-18 15:46:20 +01:00
Vinoth Kannan
a313b01148 DEV: raise error if search term length is less than required 2018-12-18 20:06:59 +05:30
Vinoth Kannan
341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Gerhard Schlager
577af81e76 FIX: Font tag resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Gerhard Schlager
37461a6398 FIX: Weird mixture of line breaks resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Maja Komel
98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Guo Xiang Tan
1590387bd1 SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:57:54 +08:00
Sam
69bc8f526a SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-12-18 13:57:49 +08:00
Guo Xiang Tan
5c2e194d01 SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
Guo Xiang Tan
899caf35ba Revert "SECURITY: User could non-avatar uploads."
This reverts commit 89581fa301.
2018-12-18 13:37:31 +08:00
Guo Xiang Tan
89581fa301 SECURITY: User could non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
Guo Xiang Tan
d7660dfe40 FIX: Enabling readonly mode should clear anon cache as well. 2018-12-18 11:56:25 +08:00
Vinoth Kannan
efcea148eb DEV: Use destroy! method to raise error if any (#0d3c1cde) 2018-12-18 03:05:43 +05:30
Gerhard Schlager
2bdbca3801 DEV: Remove unnecessary to_not raise_error from specs
Follow-up to 01cdbd3a13
2018-12-17 16:10:10 +01:00
Bianca Nenciu
1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Gerhard Schlager
01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager
1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan
c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Guo Xiang Tan
e9ea0102a5 FIX: Consistency about our response for invalid user id in Admin::UsersController. 2018-12-15 08:01:35 +08:00
Neil Lalonde
ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Vinoth Kannan
0d3c1cde90 FIX: Use find_by_id method to prevent record not found exception 2018-12-15 03:19:45 +05:30
David Taylor
1960236822
FIX: Suspicious login detection (#6772) 2018-12-14 16:30:34 +00:00
David Taylor
62ec0f92ea FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:49:05 +00:00
David Taylor
9f3e2a9e34
FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:47:00 +00:00
Kyle Zhao
b0c2e9bb05
minor changes to default script-src (#6770)
- add report-sample to force require a sample of the violating code
- do not whitelist GA/GTM's entire domain
2018-12-14 08:17:31 -05:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Maja Komel
73c776d881 Update wizard updater spec (dbbadb5c follow-up) 2018-12-13 11:20:01 +01:00
Sam
59c56bd20f DEV: anonymizing should not delete uploads
We have another job for upload deletion cause uploads may be shared
2018-12-13 16:43:48 +11:00
Sam
7ee9a6a7ec SECURITY: do not delete avatars uploads when deleting accounts
We rely on the clean up uploads job to do this safely
2018-12-13 16:26:07 +11:00
Sam
1b34a8b48a FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 16:14:37 +11:00
Sam
94b8ba4f8f FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 13:57:05 +11:00
Neil Lalonde
3b76f19668 FIX: invalidating inactive admin emails should mark them as not active 2018-12-12 17:07:49 -05:00
Neil Lalonde
a1db15fead FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-12 15:32:38 -05:00
Bianca Nenciu
7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel
dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
David Taylor
0f734e2ae2 FIX: Return authenticated=true when reconnecting
This prevents a registration popup on the client
2018-12-11 17:40:02 +00:00
Gerhard Schlager
688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor
c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754)
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.

Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
David Taylor
3fedb2ad20 DEV: Style and performance improvements
Follow-up from 9db8291
2018-12-11 09:58:20 +00:00
Sam
671469bcc7 FIX: URLs containing two # would fail to work
Some URLs in browsers are non compliant and contain twos `#` this commit adds
special handling for this edge case by auto encoding any fragments containing `#`
2018-12-11 18:03:13 +11:00
Gerhard Schlager
7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
David Taylor
9db829134c
FIX: Use database to persist metadata during social registration (#6750)
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 15:10:06 +00:00
Rishabh
da41a515cd Add test to check if posts are auto rebaked by PeriodicalUpdates job when gravatar download is disabled
follow-up for 8e307e633e
2018-12-10 11:10:57 +11:00
Sam
502a0fe778 FIX: support connecting GitHub with existing accounts 2018-12-10 09:27:00 +11:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Saurabh Patel
9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
David Taylor
86f8734bc0 FIX: Prioritize explicit 'connect' over matching by email
This is an edge case that was previously handled by TwitterAuthenticator, but not FacebookAuthenticator.
2018-12-07 15:05:51 +00:00
David Taylor
3cad3f9df1 DEV: Add profile fetching support to ManagedAuthenticator 2018-12-07 15:05:51 +00:00
David Taylor
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
David Taylor
6c71395bf6
FIX: Only hide shared draft topics from latest (#6737)
Previously we were hiding them from all topic lists, which can result in
topics being "stuck" in an unread state with no easy way to clear them.
2018-12-07 12:44:23 +00:00
Bianca Nenciu
41e184280d FEATURE: Remove full quotes of direct replies. (#6729) 2018-12-07 13:07:11 +01:00
David Taylor
7828c1156c FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 11:08:59 +00:00
David Taylor
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 10:57:28 +00:00
Guo Xiang Tan
cffb3d7976 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-07 15:54:53 +08:00
David Taylor
0b1d660876
UX: Make shared drafts behaviour consistent for non-staff users (#6734)
This makes it easier to diagnose the problem when a public category
is set as the 'shared drafts category'. Doing this is not recommended.
2018-12-06 18:59:29 +00:00
David Taylor
e8f32dd3ba DEV: Fix extremely rare test failure
If this was the first test to run, the Fabricate(:user) would be given
the same ID as the Fabricate.build(:user, id: 1). This works around it.
2018-12-06 13:32:56 +00:00
Xiao Guan
7ec124fc89 FEATURE: Improved deprecation warnings (#6722)
* FEATURE: Discourse.deprecate can report version

* Ember counterpart for deprecation
2018-12-06 11:38:01 +00:00
Gerhard Schlager
43cfdb1cb9 FIX: Wizard tries harder to find existing Welcome Topic
The wizard searches for:

* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic

It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Guo Xiang Tan
27c793a192 FIX: `UserNotificationsHelper#logo_url' to work with S3 based uploads.
https://meta.discourse.org/t/digest-logo-not-working/103255
2018-12-06 09:39:08 +08:00
Bianca Nenciu
b585f7f336 DEV: Apply code review. 2018-12-05 21:56:18 +01:00
Bianca Nenciu
1a4f592749 FIX: Always allow admins upload selectable avatars. 2018-12-05 21:55:23 +01:00
David Taylor
37249c9a32 FIX: Do not reset link counts when post is rebaked
This was an indentation mistake introduced in 44eba0b. Pretty understandable, considering we are indented 8 levels deep in this method. Will follow-up with a refactor to improve this.
2018-12-05 18:54:30 +01:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Sam
82e45f5485 FIX: method extraction caused push notifications to include incorrect post
Previously the push notification code path was not tested for notification
collapsing. This happens if you get multiple replies to a topic you are
watching.
2018-12-05 16:40:10 +11:00
Gerhard Schlager
99117d664c FEATURE: Multisite support for S3 backup store (#6700) 2018-12-05 10:10:39 +08:00
David Taylor
e117deb2ba FIX: Improve avatar loading, and add tests
Follow-up from 4e2cc9c
2018-12-04 15:09:32 +00:00
David Taylor
22001b3c50
DEV: Run tests with default value for max_consecutive_replies (#6723) 2018-12-04 12:07:27 +00:00
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Sam
aa97f6fdba FEATURE: disable notifications for small actions that are whispers
Previously we would notify on small actions if they were whispers
this inconsistently lead to all sorts of problems including

- collapsed "N replies" after assign
- empty push notifications

New behavior adds an api to explicitly send push notifications as well
if needed: create_notification_alert
2018-12-04 17:54:42 +11:00
Sam
5c17e46274 FEATURE: allow advanced specification of excerpts for posts
Previously users could control excerpt with `<span class='excerpt'>`
in Markdown, this is somewhat limited for plugins that need to define this
across a section. This adds support for DIV as well
2018-12-04 15:13:34 +11:00
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Bianca Nenciu
1a4676c6e0 FIX: Fixed tests. (#6716) 2018-12-03 17:03:11 +01:00
Penar Musaraj
f8e6a37858 FIX: raise exception when getting dimensions of missing image
- follow-up on 0eacd45ab1
2018-12-03 10:19:49 -05:00
Bianca Nenciu
3f8fa4ad4e FEATURE: Do not check consecutive replies for original poster. (#6714) 2018-12-03 02:32:29 -08:00
Rishabh
503ae1829f FIX: All multisite upload paths should start with /uploads/default/.. (#6707) 2018-12-03 12:04:14 +08:00
Maja Komel
6121d11187 FIX: make staff_edit_locks_post work with download_remote_images_to_local 2018-12-03 14:14:59 +11:00
Sam
f555582eb2 DEV: add extra diagnostics for intermittent test fail 2018-12-03 11:46:31 +11:00
Maja Komel
1073634271 FIX: show generic title when quoting off-topic secure category posts 2018-12-03 09:42:32 +11:00
Sam
236c755d62 FIX: do not store key tracking last seen time indefinitely
UserStat has some special logic to keep adding time read if repeat calls
are made in intervals less than 100 seconds. This is called regularly
when we update read timings on a topic.

We only need to cache this key in redis for 100 seconds, however previously
we would keep it forever, 1 key per user. This has potential of bloating
a very large amount of keys for no longer active users in redis.
2018-12-03 08:35:26 +11:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Arpit Jalan
059e36a6ff FIX: log name changes only when the name is actually updated 2018-11-30 15:30:46 +05:30
Vinoth Kannan
fc0b7c9e26 FIX: incoming email matches the wrong user if null bounce key available in db 2018-11-30 12:29:51 +05:30
Sam
c6adf7f032 DEV: correct heisentest
After you visit a page in Rails an INFO is logged, this depending on
timing could land in the string or not

This changes the level to WARN which avoids the issue
2018-11-30 15:03:41 +11:00
Guo Xiang Tan
eecd1a7d8c FIX: Jobs::CleanUpUploads fails when value of upload data_type is an empty string. 2018-11-30 10:46:39 +08:00
Penar Musaraj
ad665b901a FIX: Refactor commit a8c3ca, add test 2018-11-29 19:12:00 -05:00
Penar Musaraj
0eacd45ab1 FIX: refactor ImageSizer.resize
reverts 140d9c2
2018-11-29 15:28:45 -05:00
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Maja Komel
4a8f21d387 FIX: prevent minimum_required_tags on category being set to null (#6703)
* FIX: prevent minimum_required_tags on category being set to null

* add migration for NOT_NULL constraint for minimum_required_tags

* add specs
2018-11-29 18:10:14 +01:00
Bianca Nenciu
ddd260941e FIX: Fix query selecting users not accepting PMs. 2018-11-29 15:59:30 +08:00
Guo Xiang Tan
56034c733a UX: Strip class when link is not oneboxed due to site setting limits. 2018-11-29 14:33:01 +08:00
Rishabh
05a4f3fb51 FEATURE: Multisite support for S3 image stores (#6689)
* FEATURE: Multisite support for S3 image stores

* Use File.join to concatenate all paths & fix linting on multisite/s3_store_spec.rb
2018-11-29 12:11:48 +08:00
Saurabh Patel
55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Drew Stephens
3ae4c9ab6d Suppress tar(1)'s output (#6694) 2018-11-28 17:32:19 +01:00
Vinoth Kannan
bfb3c4d9f9 DEV: create bounce alert earlier if email_log detected from bounce_key 2018-11-28 21:13:06 +05:30
Gerhard Schlager
e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Vinoth Kannan
25253dec56 FIX: Get email address from email_log if bounced with verp
We can not access mail.final_recipient attr if it bounced with verp
2018-11-28 19:04:09 +05:30
Arpit Jalan
851ef14096 Revert "FIX: do not agree flags by default when deleting posts"
This reverts commit cb6fc8057b.
2018-11-28 10:21:11 +05:30
Vinoth Kannan
7dbf709467 FIX: create whisper post in PMs when bounces with verp and user is staged 2018-11-28 08:24:23 +05:30
Arpit Jalan
654d7996ae FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30
Guo Xiang Tan
a1e77aa2ed
FEATURE: Reimplement SiteSetting.max_oneboxes_per_post. (#6668)
Previously, the site setting was only effective on the client side of
things. Once the site setting was been reached, all oneboxes are not
rendered. This commit changes it such that the site setting is respected
both on the client and server side. The first N oneboxes are rendered and
once the limit has been reached, subsequent oneboxes will not be
rendered.
2018-11-27 16:00:31 +08:00
Arpit Jalan
6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
Arpit Jalan
cb6fc8057b FIX: do not agree flags by default when deleting posts 2018-11-27 10:57:20 +05:30
Guo Xiang Tan
68bef91dd6 DEV: Minor clean up of specs. 2018-11-27 13:09:58 +08:00
Vinoth Kannan
1da265db11 UX: category images have no sizes (#6662) 2018-11-27 08:40:06 +08:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Gerhard Schlager
5640166b27 FIX: Notify only invited users about mentions in PMs 2018-11-26 22:42:56 +01:00
Vinoth Kannan
cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply (#6648) 2018-11-27 00:29:37 +05:30
David Taylor
afcf149c34 FIX: Fix mentions for mixed case group names 2018-11-26 15:34:56 +00:00
Guo Xiang Tan
482013a1d4 FIX: Group mentions missing after post processing. 2018-11-26 12:57:07 +08:00
Guo Xiang Tan
57e2f4990d
PERF: Move processing of inline onebox out of V8 context. (#6658) 2018-11-26 09:21:38 +08:00
Arpit Jalan
0ee822c550 remove unneeded variable assignment 2018-11-25 23:36:34 +05:30
Arpit Jalan
b5bf182ad5 FIX: validate topic deletion when acting on a flag 2018-11-25 23:24:03 +05:30
David Taylor
a3ed570124
FIX: Fix routes ending in :username for usernames containing periods (#6660) 2018-11-23 17:41:41 +00:00
Bianca Nenciu
c38f7b240b DEV: Fix build. 2018-11-23 17:34:50 +02:00
Bianca Nenciu
172b3bf4d3 FIX: Fix broken theme field URLs. (#6622) 2018-11-23 16:11:05 +01:00
David Taylor
f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' (#6649) 2018-11-22 19:12:04 +00:00
Gerhard Schlager
2ef16e9f4e FIX: Failed to delete post belonging to non-existent topic 2018-11-22 15:08:37 +01:00
Guo Xiang Tan
a57baeec2a Fix the build. 2018-11-22 16:37:24 +08:00
Guo Xiang Tan
28a6cf8228 FIX: Mention lookup should be case insensitive. 2018-11-22 16:32:56 +08:00
Guo Xiang Tan
3f636b2d19 FIX: Check whether group is mentionable by user when cooking post. 2018-11-22 16:16:33 +08:00
Guo Xiang Tan
672e95bcb4 FIX: Staged users should not be mentionable. 2018-11-22 15:00:46 +08:00
Guo Xiang Tan
c5a70eca6e
PERF: Move mention lookups out of the V8 context. (#6640)
We were looking up each mention one by one without any form of caching and that results
in a problem somewhat similar to an N+1. When we have to do alot of DB
lookups, it also increased the time spent in the V8 context which may
eventually lead to a timeout. The change here makes it such that mention lookups only does a single
DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
Guo Xiang Tan
596e09aaf9 FIX: Wizard icons step fields have incorrect values.
https://meta.discourse.org/t/is-the-wizard-supposed-to-not-let-you-skip-adding-icons/102417
2018-11-22 14:19:36 +08:00
Kyle Zhao
8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Guo Xiang Tan
d298f00046 DEV: Improve specs to be more specific about what has changed. 2018-11-22 10:10:07 +08:00
Gerhard Schlager
c376670bd2 FIX: a search term containing '& could lead to errors
This also makes sure that the search term in front or after special characters isn't ignored.
2018-11-21 22:07:56 +01:00
Arpit Jalan
10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
Sam
20268385a5 FIX: never attempt to log invalid post numbers
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Sam
86255faa08 FEATURE: do not switch to JPEG unless you meet 75k byte savings
This also adjusts the algorithm to expect

- 30% saving for JPEG conversion

AND

- Minimum of 75K bytes saved

The reasoning for increase of saving requirements is cause PNG may have been
uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 11:01:08 +11:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Rishabh
eacbe28f55 FIX: Skip gsub for normalizing whitespaces when text is nil (#6631) 2018-11-20 09:12:32 +01:00
Guo Xiang Tan
1a57be3248 Avoid deprecated site setting logging in SiteSetting.settings_hash. 2018-11-20 11:59:38 +08:00
Guo Xiang Tan
81b3bdaabd FIX: Remove site settings override for deprecated url site settings. 2018-11-20 11:42:39 +08:00
Régis Hanol
4459665dee
REFACTOR: use tables instead of custom fields for polls (#6359)
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
2018-11-19 14:50:00 +01:00
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Guo Xiang Tan
cf21c7f5aa
DEV: Fix typo in specs. 2018-11-19 15:13:54 +08:00
Guo Xiang Tan
fe131c5ea2 Fix missing avatars on topic list page.
Introduced in b50fab2d72
2018-11-19 14:55:41 +08:00
Sam
01dc0abb05 dev, give spec a bit more time waiting on timeout 2018-11-19 16:21:39 +11:00
Guo Xiang Tan
b50fab2d72 PERF: Fix N+1 for non-staff users when tagging is enabled. 2018-11-19 12:53:58 +08:00
Kyle Zhao
962fbd1ec7 include '/plugins/' directory for script-src and blob for worker-src
- plugins may include additional static JS assets
- ACE.js editor register a service worker with a blob for syntax
checking
2018-11-16 16:31:01 -05:00
Guo Xiang Tan
45f299dfdd PERF: Try to match users before groups.
User mentions are more common than group mentions so
this will allow us to avoid an extra query.
2018-11-16 16:41:20 +08:00
Guo Xiang Tan
0ac5126a78 FIX: Clear uploads cache on SiteSetting.refresh!.
This fixes a bug where the return value of uploads site settings
may defer between processes even though we trigger a refresh via
MessageBus.
2018-11-16 11:02:51 +08:00
Guo Xiang Tan
9e86b425bc FIX: Job to clean up old URL settings when new setting has been set.
Related to 44391ee8ab
2018-11-16 09:33:31 +08:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src (#6611) 2018-11-15 12:14:16 -05:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Sam
6b9b73236a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

# Conflicts:
#	config/application.rb
#	spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
Sam
8e55e61a2e Correct spec 2018-11-15 15:42:16 +11:00
Sam
e7001f879a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Sam
6556a87629 FIX: only check for conflict on edit drafts
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Régis Hanol
5852fe7975 FIX: change 'max_consecutive_replies' default to 3 2018-11-14 22:58:05 +01:00
Leo McArdle
7bc121a065 allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
Maja Komel
c701036034 FIX: reset bump date resets bumped_at to the last regular post in topic (#6605) 2018-11-14 18:56:22 +01:00
Régis Hanol
c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu
b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
David Taylor
d003ae45f9 DEV: Correct typo in users_controller_spec 2018-11-14 14:30:44 +00:00
Guo Xiang Tan
df111259fe More URL site settings into a onceoff job.
* Doing it in a post migration was a bad idea
  because the migration will fail if the site
  is down while trying to download uploads
  which points to the instance. This mainly
  affects self-hosters using `discourse_docker`
  where `./launcher rebuild` will take the
  existing container down.
2018-11-14 20:29:20 +08:00
Bianca Nenciu
fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Penar Musaraj
f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Bianca Nenciu
34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan
861b52b6f3 Fix the build take 2. 2018-11-14 18:07:04 +08:00
Guo Xiang Tan
72370b9c36 Add deprecation warnings for url based site settings. 2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Kyle Zhao
38a9bc740d FIX: change title when primary group changes (#6602) 2018-11-14 08:28:41 +08:00
Robin Ward
467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Vinoth Kannan
2374f3e8ac remove unnecessary expectation lines 2018-11-13 16:52:08 +05:30
Guo Xiang Tan
d5df1db3c4 DEV: Improve tests to provide better errors when it fails. 2018-11-13 16:48:04 +08:00
Guo Xiang Tan
e28af0429c DEV: Improve tests to be more specific. 2018-11-13 15:02:46 +08:00
Sam
80ceb57c76 DEV: add API endpoint to destroy_timings only of last post
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Guo Xiang Tan
7b44339529 FIX: Prevent uploads used in site settings from being deleted. 2018-11-13 09:15:16 +08:00
Kyle Zhao
3493ea85cc remove Logster from CSP whitelist (#6593)
Logster 1.3 no longer has inline JS and is now CSP compliant
2018-11-13 09:55:57 +11:00
Robin Ward
0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
Vinoth Kannan
dda1824270 Use hijack in inline onebox controller 2018-11-13 02:39:20 +05:30
Penar Musaraj
4f81bb8303 Disallow revision edits with empty raw content 2018-11-12 15:28:38 -05:00
Vinoth Kannan
44d95ad5ab FIX: Cache url data for failed inline oneboxes 2018-11-13 01:44:20 +05:30
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags (#6587)
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Maja Komel
012da86a07 FIX user directory time period count (#6586) 2018-11-12 15:30:05 +01:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc FEATURE: Better handling of quotation marks in site text search
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Guo Xiang Tan
575d6855ea DEV: Improve specs for Validators::UploadValidator. 2018-11-12 14:11:32 +08:00
Sam
e17a13ce19 FEATURE: additional "related messages" section
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Régis Hanol
6b51d84dc5 FIX: Don't enqueue topics if the user can't create them
Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2018-11-09 18:24:28 +01:00
Sam
64d9be726f the protection I placed was in the wrong path moved to /session/sso
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7 Improve redirect avoidance for /sso paths
e6b3310577 was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
7d52f5869d Revert "FIX: Don't enqueue topics if the user can't create them"
This reverts commit 515e103db6.
2018-11-09 15:25:38 +11:00
Sam
e6b3310577 FIX: never redirect back to /sso it will cause a loop
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Vinoth Kannan
515e103db6 FIX: Don't enqueue topics if the user can't create them 2018-11-09 06:10:23 +05:30
Sam
15991677d4 FIX: ensure we never cache login redirects by mistake 2018-11-09 11:14:35 +11:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan
57f92ac808 Revert "Swtich to regexp for DbHelper.remap."
Regexp is so much slower.

This reverts commit c3f89e3cd7.
2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7 Swtich to regexp for DbHelper.remap. 2018-11-08 14:08:38 +08:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Guo Xiang Tan
9737938a4a Add option to skip tabels when using DbHelper.remap. 2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b Fix several FontAwesome 5 issues
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0 PERF: Reduce number of database queries for DbHelper.remap
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
  reduction from 0.046929135 to 0.032694705.
2018-11-08 10:54:39 +08:00
Gerhard Schlager
0122b8cd8b Fix random build error
Request specs could poison the cache since clear_cache! deletes only today and yesterday from the cache.
2018-11-08 02:51:42 +01:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Guo Xiang Tan
1e64658c25 Fix brittle specs. 2018-11-07 15:02:53 +08:00
Sam
0a442e319c FIX: correct svg handling for images
We regressed and optimized images no longer worked with svg

The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Guo Xiang Tan
bdb8e9efdb DEV: Remove mocks from specs. 2018-11-07 09:55:58 +08:00
Sam
06b9d8223a FIX: search within topic not working correctly in CJK
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711 Enforce disabling flagging hidden posts server-side 2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9 FIX: uses hex to compare images
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a FIX: don't strip eml attachments from received emails 2018-11-05 09:35:22 +01:00
Sam
d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Joffrey JAFFEUX
d37e8e17ef UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
38ad1b96cb FEATURE: adds header text/background color to site (#6462) 2018-11-01 21:29:04 +01:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types (#6553)
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam
aa044623bd FIX: do not create superflous sessions when logged on
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Sam
23423ba112 correct spec and error reporting
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0 FIX: return 400 for missing required params (#6546)
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
9933059426 FEATURE: push related PMs to take first 3 slots
Previously the related PMs were last meaning you would have to work through
all unread to see them.

Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f FIX: don't use srcset on cropped thumbnails 2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd FIX: Do not update last_seen for API access
This regressed in 2dc3a50. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b UX: Use user locale for locations. (#6527)
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296 UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Sam
e955a7b49d Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)""
This reverts commit 322b27b6dc.

Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)"
This reverts commit 63356d883e.

This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523) 2018-10-24 14:34:10 +11:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Daniel Hollas
cee51672c9 FIX: Strip accents from search query
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Sam
b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Sam
adab7a3a48 improve test, also ensure no zero size is generated 2018-10-23 08:50:07 +11:00
Sam
bea8d337b2 DEV: ensure resizing test does not raise bad error
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
2018-10-23 08:45:06 +11:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Bianca Nenciu
99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
David Taylor
3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Arpit Jalan
ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512)
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Guo Xiang Tan
65faff5832 DEV: Improve specs to provide a better error message. 2018-10-19 14:31:17 +08:00
Sam
9bfc939692 cleanup so gravatar download failures are consistent
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Blake Erickson
f1ba981ae9 Improve add user to group spec for uppercase usernames
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf FIX: lowercase username for add/rem group members
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Guo Xiang Tan
bbf542da01 DEV: Prefer <<~ over <<. 2018-10-18 14:17:30 +08:00
Kyle Zhao
0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502)
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor
501ac4dfa6 DEV: Cleanup properly after user_serializer test 2018-10-17 10:54:22 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Sam
19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Penar Musaraj
b06dccac49 FIX: force enable a user's email_private_messages option when user replies via email (#6478)
* Enable user email PM when posting to group or replying to topic via email

* remove extra line

* Add test and fix snake_case

* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Davide Porrovecchio
005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Sam
fc94732f88 avoid looking up badge multiple times in spec 2018-10-16 10:42:16 +11:00
Bianca Nenciu
c68a456baa FIX: Do not award badges for links in restricted categories. (#6492) 2018-10-16 10:38:59 +11:00
Neil Lalonde
0724948878 fix failing spec when HUB_BASE_URL is present 2018-10-15 15:06:02 -04:00
Neil Lalonde
d166c38ab7 REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Guo Xiang Tan
8fa59f0548 FIX: Can't clean a tag if the given string is frozen. 2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan
5ae4cbcf88 DEV: Clear ColorScheme.hex_cache to avoid leaking state. 2018-10-15 11:16:26 +08:00
Guo Xiang Tan
2ce684b134 DEV: Clear hex_cache after each test. 2018-10-15 10:24:46 +08:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Sam
057087e0e8 FEATURE: log long running jobs in the defer queue
If a job in the defer queue takes longer than 90 seconds log an error
2018-10-12 17:03:47 +11:00
Sam
a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06 FEATURE: Allow bulk removing users from a group
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Gerhard Schlager
7a41a783a4 FIX: Don't reply to Unsubscribe email sent to mailing list mirror 2018-10-11 16:09:22 +02:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32 FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user 2018-10-11 17:11:46 +05:30
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Guo Xiang Tan
5039a6c3f1 FIX: Strip null bytes in mail subjects. 2018-10-11 09:46:32 +08:00
Vinoth Kannan
59be289084 FIX: Do not add lightbox to onebox images (#6479) 2018-10-11 08:57:21 +11:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
4e0533a20b FIX: Generate Onebox for posts of type moderator_action. (#6466) 2018-10-10 18:39:03 +08:00
Sam
45f01e637b FIX: when associating Github account disassociate others
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
2018-10-10 15:46:50 +11:00
Guo Xiang Tan
f26804394a DEV: Remove the use of stubs on Rails.logger in our test suite. 2018-10-10 09:34:50 +08:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Bianca Nenciu
1fb1f4c790 FIX: Make error in Discourse Hub more descriptive. (#6438) 2018-10-09 22:05:31 +08:00
David Taylor
ac89a728f8 DEV: Remove autospec hacks for social auth providers
This was causing erratic test failures. Autospec continues to work after
removing, so this 5-year-old code is no longer needed.
2018-10-09 12:42:57 +01:00
Erin Kosewic
51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Gerhard Schlager
2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Gerhard Schlager
4881fb028f FIX: allow_uppercase_posts didn't work for topic titles 2018-10-08 23:50:06 +02:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Guo Xiang Tan
40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Arpit Jalan
c0bb04d89d FIX: convert tag string to array when filtering topic list by tags 2018-10-08 08:56:25 +05:30
Guo Xiang Tan
1b1ef21481 DEV: Improve Jobs::CleanUpEmailLogs specs. 2018-10-08 11:11:20 +08:00
Penar Musaraj
26956bbe1a FIX: Safari issue with some emojis (#6456)
https://meta.discourse.org/t/emojis-selected-on-ios-displaying-additional-rectangles/86132/8
2018-10-08 10:32:25 +08:00
Sam
550e108a8c FEATURE: only export settings that changed via rake task 2018-10-08 11:54:52 +11:00
Vinoth Kannan
4000dddd32
Merge pull request #6458 from vinothkannans/fix-giphy
FIX: Display large/broken image placeholders for image oneboxes
2018-10-07 18:08:54 +05:30
Vinoth Kannan
c499872597 FIX: Display large/broken image placeholders for image oneboxes 2018-10-07 17:42:41 +05:30
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan
8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Sam
5b630f3188 FIX: stop logging every time invalid params are sent
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan
3faa022c6f
Merge pull request #6453 from vinothkannans/sso_provider_redirect
FIX: redirect users to SSO client URL after social login
2018-10-05 00:34:34 +05:30
Vinoth Kannan
ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
David Taylor
5b56a8cd09 DEV: Merge multiple discourse_tagging_spec files 2018-10-04 15:44:29 +01:00
Maja Komel
361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Paul Trippett
b8a1196b6b Add missing fields to Upload Fabricator (#6448) 2018-10-04 22:00:07 +08:00
Guo Xiang Tan
d43ed4afa2 Remove unused variable. 2018-10-04 13:21:37 +08:00
Lucas Nicodemus
1907338834 FIX: No longer educate users who are editing
A user editing a post will no longer get composer messages that are
meant for new users posting replies and threads. These messages don't
make sense in an edit context at all -- they're usually discussing
making salient replies or topics, or adding avatars. They make even less
sense when a user is an admin attempting to change the default topics
for the first time.

Since these messages actually do make sense for a user when they have a
low post count, though, they're still going to occur. They just occur
when a user is creating new content (and thus, more likely to read the
notice), not during edits.

This is in response to this issue:
https://meta.discourse.org/t/education-message-for-editing-wiki-topic/66682
2018-10-04 13:20:13 +08:00
Vinoth Kannan
a651d39b8a
FIX: Display errors in single theme pages (#6449)
Currently the errors are not well handled. So it breaks the whole UI of admin themes list page.
2018-10-04 02:33:06 +05:30
Sam
ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Neil Lalonde
dc1e7bb645 UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details 2018-10-02 13:46:54 -04:00
Penar Musaraj
34516c72bd
FIX: Recover public actions (likes) when recovering a post (#6412) 2018-10-02 11:25:08 -04:00
Joffrey JAFFEUX
a515ba8612 FIX: corrects typo and adds a spec for likes report (#6439)
* FIX: corrects typo and adds a spec for likes report

* save!
2018-10-02 02:27:43 -07:00
Bianca Nenciu
e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Penar Musaraj
da9eee5262 FIX: Force enable user PM emails option when user posts to a group by email. 2018-10-02 12:38:10 +08:00
Gerhard Schlager
e2770bc1c4 FIX: async reload of locales could result in missing translations 2018-10-01 17:14:36 +02:00
Guo Xiang Tan
cf60ae32ea FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 18:31:09 +08:00
Guo Xiang Tan
cfa7173da3 FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 16:26:40 +08:00
Guo Xiang Tan
de85bb0a39 FIX: Don't update user_profile URLs unless upload is persisted. 2018-10-01 14:21:39 +08:00
Guo Xiang Tan
e262a08350 Add UploadRecovery#recover_user_profile_backgrounds. 2018-10-01 10:51:54 +08:00
Robin Ward
02da022c70
PERF: Quit out of the email job quickly if disabled (#6423)
This prevents sidekiq from doing a bunch of queries when email is
disabled.

Critical emails are a special case and will be sent.
2018-10-01 01:15:45 +08:00
Kyle Zhao
819f090d6a move large blobs out of <head> (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Penar Musaraj
70d74f8fc1 FIX: advanced search ordering broken when using tags 2018-09-28 17:27:08 +08:00
Bianca Nenciu
5407036ef9 DEV: Run prettier. (#6420) 2018-09-21 11:02:23 +00:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Guo Xiang Tan
1a64b3a487 FIX: Don't try to recover an invalid sha1. 2018-09-20 14:21:57 +08:00
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan
195bd02fce FIX: Avoid race condition when enqueuing job. 2018-09-20 11:24:01 +08:00
Jeff Wong
d5442fbf08 FIX: do not send tl1 welcome message when a user has the basic user badge 2018-09-19 12:53:36 -07:00
Guo Xiang Tan
767f27929d Rename Jobs::RecoverPostUploads to rerun the job take 2. 2018-09-19 22:40:32 +08:00
Guo Xiang Tan
d403883d16 DEV: Improve specs for 293cf600f0. 2018-09-19 16:03:52 +08:00
Sam
5302709343 FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Sam
abc39c492a FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:49:18 +10:00
Guo Xiang Tan
bc7f58191e FIX: UploadRecovery should look at links too. 2018-09-19 11:52:57 +08:00
Guo Xiang Tan
4a92c5b2d6 UploadRecovery should recover attachments too. 2018-09-19 10:44:36 +08:00
Vinoth Kannan
9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Arpit Jalan
fadcd36f92 FIX: do not treat ignore_redirects domains as blacklisted
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
2018-09-18 10:38:02 +05:30
Guo Xiang Tan
ce6a0a5e9e FIX: Moving upload to tombstone should update modification time.
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
2018-09-18 10:48:29 +08:00
Guo Xiang Tan
f2fbf1fdb0 DEV: Basic specs for TagGroupsController. 2018-09-18 08:22:03 +08:00
Sam
7b70a208ba SECURITY: correct XSS on long topic titles 2018-09-18 08:56:10 +10:00
Sam
7d6b348d0b SECURITY: correct XSS on long topic titles 2018-09-18 08:54:44 +10:00
Régis Hanol
4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao
7b19ed06c1 reworked specs of existing group behavior 2018-09-17 17:46:43 +10:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
33541c4096 FEATURE: unconditionally omit no-follow for staff
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Sam
37c5280f73 correct spec 2018-09-17 11:37:01 +10:00
Rishabh
4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Sam
725d2c0d47 correct spec 2018-09-17 10:54:35 +10:00
Sam
173d0d53d5 correct erratic spec 2018-09-17 10:12:00 +10:00
OsamaSayegh
c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
Neil Lalonde
526ffc4966 FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403 2018-09-14 15:40:20 -04:00
Neil Lalonde
b87a089822 FIX: don't block api requests when whitelisted_crawler_user_agents is set 2018-09-14 15:40:20 -04:00
Guo Xiang Tan
c3f6b4d966 DEV: Test against real Upload#url format. 2018-09-14 13:43:33 +08:00
Sam
419b14e58b FIX: correctly keep stylesheet cache entries
The intent from day one was to keep MAX_TO_KEEP stylesheets per target
however the DELETE statement did not perform target filtering

This meant we often deleted the wrong stylesheets from the cache
2018-09-14 12:54:11 +10:00
Guo Xiang Tan
8ddcb6564e FIX: Onceoff job to recover missing post uploads.
This fixes the regression due to 1f636c445b
2018-09-14 10:52:33 +08:00
Guo Xiang Tan
ea522589cf Accept custom AR relation for UploadRecovery. 2018-09-14 10:51:55 +08:00
Guo Xiang Tan
1d6597c646 FIX: Do not try to recover invalid Upload#short_url in UploadRecovery. 2018-09-14 10:51:36 +08:00
Guo Xiang Tan
692f2aa395 Fix the build. 2018-09-14 10:51:26 +08:00
Guo Xiang Tan
2176605fc4 Add basic test case for UploadRecovery. 2018-09-14 10:51:20 +08:00
Guo Xiang Tan
dffd4fa9e6 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417 FIX: don't index urls to local files 2018-09-14 12:31:35 +10:00
Guo Xiang Tan
6a2589353b
Merge pull request #6394 from tgxworld/recover_broken_uploads
FIX: Onceoff job to recover missing post uploads.
2018-09-13 18:16:56 -07:00
Guo Xiang Tan
aa1af9fc22 FIX: Onceoff job to recover missing post uploads.
This fixes the regression due to 1f636c445b
2018-09-14 09:04:01 +08:00
Gerhard Schlager
fd931b948d Use a more helpful failure message in spec 2018-09-13 21:31:44 +02:00
Régis Hanol
30619c244c FIX: don't index urls to local files 2018-09-13 18:53:53 +02:00
Joffrey JAFFEUX
a6502ce879
FIX: ensures errors in report initialization fail nicely (#6392) 2018-09-13 17:36:55 +02:00
Guo Xiang Tan
2ae7d3a118
Merge pull request #6388 from pmusaraj/drafts-second-user-test
Add test to ensure a user cannot see drafts stream of another user
2018-09-13 06:53:44 -07:00
Arpit Jalan
74eec1849d FIX: ignore and log bad json values for custom fields 2018-09-13 17:42:48 +05:30
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json
FIX: ignore and log bad json values for custom fields
2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7 FIX: ignore and log bad json values for custom fields 2018-09-13 14:26:30 +05:30
Guo Xiang Tan
0a06b3d977 Accept custom AR relation for UploadRecovery. 2018-09-13 16:33:14 +08:00
Guo Xiang Tan
6c65718301 Include response body when raising an error in FileHelper#download. 2018-09-13 15:43:58 +08:00
Guo Xiang Tan
05a57d4f27 DEV: Clear cache after not before.
* Clearing after ensures that state does not leak
  to specs in other files.
2018-09-13 14:23:32 +08:00
Guo Xiang Tan
5eb65ad612 FIX: Do not try to recover invalid Upload#short_url in UploadRecovery. 2018-09-13 13:59:17 +08:00
Guo Xiang Tan
1afe7162e1 Fix the build. 2018-09-13 13:41:38 +08:00
Guo Xiang Tan
d99dd840e4 Add basic test case for UploadRecovery. 2018-09-13 13:26:23 +08:00
pmusaraj
7f05af5995 cleanup 2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec better test name 2018-09-12 11:09:30 -04:00
pmusaraj
11fd18b254 code-styling fixes 2018-09-12 11:06:30 -04:00
pmusaraj
3a00c2adeb add test to ensure that userA cannot see drafts stream of userB 2018-09-12 10:13:20 -04:00
Guo Xiang Tan
3884e99e88 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan
f31758cc70 FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:54:07 -07:00
Guo Xiang Tan
b3469bea2d FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:50:23 -07:00
Sam
d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
71caf7521d Drop tif, tiff, webp and bmp from supported images.
https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-12 09:29:54 +08:00
Osama Sayegh
16bd3f2cf2 FIX: use current user color scheme when filling theme-color attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Robin Ward
3bb4f4c5ef Adds test to make sure moderators can't make master keys
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
Gerhard Schlager
1a01385e88 FIX: "false" didn't work as locale_default 2018-09-11 13:42:10 +02:00
Guo Xiang Tan
85620abb71 DEV: Clear connections after multisite specs. 2018-09-11 10:15:06 +08:00
Neil Lalonde
ea7ee8e9f7 Merge master 2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2 SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:25:19 +10:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Rishabh Nambiar
81c87df18a FIX: don't raise an error on integer usernames 2018-09-10 22:17:56 +05:30
David Taylor
84fc7abb73 FIX: Allow rake destroy:topics to delete topics in sub-categories 2018-09-10 12:52:14 +01:00
Guo Xiang Tan
df04e69cde FIX: S3Helper#list creates incorrect prefix. 2018-09-10 16:34:40 +08:00
Neil Lalonde
9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Sam
879067d000 FIX: check admin theme cookie against user selectable
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process.
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator.
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
2018-09-06 11:18:11 +08:00
Gerhard Schlager
26082688d1 FIX: Zero is a valid value for the page parameter 2018-09-05 20:43:05 +02:00
Guo Xiang Tan
f3aef2cc83 FIX: Incorrect/missing extension in short_url fails to map to upload.
`Hash#invert` causes us to lose keys if the hash contains similar
values.
2018-09-05 21:48:58 +08:00
Gerhard Schlager
2c5d9269a0 FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687 correct prev commit
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42 FIX: correct urls in uploads table to point at dualstack
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table

This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
b8fc699164 FIX: Detect {{foo}} as interpolation key 2018-09-05 00:47:39 +02:00
Vinoth Kannan
d9be4f47e8 SPEC: redirect to original URL after social signup 2018-09-05 03:24:50 +05:30
Vinoth Kannan
d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Guo Xiang Tan
3b337bfc6b Revert "FIX: Don't rate limit admin and staff constraints when matching routes."
This reverts commit 651b50b1a1.
2018-09-04 14:27:21 +08:00
Guo Xiang Tan
19182c0c8f DEV: Skip fragile tests for now. 2018-09-04 13:58:09 +08:00
Guo Xiang Tan
651b50b1a1 FIX: Don't rate limit admin and staff constraints when matching routes.
* When an error is raised when checking route constraints, we
  can only return true/false which either lets the request
  through or return a 404 error. Therefore, we just skip
  rate limiting here and let the controller handle the
  rate limiting.
2018-09-04 13:52:58 +08:00
Guo Xiang Tan
08b268c5bc Be more forceful in disconnecting connections during failover. 2018-09-04 10:32:43 +08:00
Sam
ad70502ab8 FIX: ignore invalid usernames in incoming link tracker
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3 Enable Lint/ShadowingOuterLocalVariable for Rubocop. 2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c FIX: return a 400 error instead of 500 for null injections
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
eeedc3901e FIX: Replying to deleted post via email should create new reply to topic 2018-09-03 23:06:40 +02:00
Vinoth Kannan
24a14af15a FIX: Respect invalidate_oneboxes option for inline oneboxes 2018-09-03 22:33:43 +05:30
Guo Xiang Tan
ecf60c0c33 DEV: More attempts at stablizing specs in Travis.
Re-enable skipped test because it doesn't fail locally
for me to debug it.
2018-09-03 14:52:15 +08:00
Gerhard Schlager
f33433bf9e Validation of params should restrict to max int (#6331)
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
747c9bb47f
Merge pull request #6317 from nbianca/ignore_blacklisted_domains
FIX: Ignore OneBox blacklisted domains.
2018-09-03 11:10:52 +08:00
Guo Xiang Tan
0fac6cdba9 DEV: Better debugging information when test fails. 2018-09-03 10:55:25 +08:00
Maja Komel
182d9a4666 FIX: escape regex chars when searching site texts 2018-09-02 17:25:57 +10:00
Bianca Nenciu
f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Osama Sayegh
60eff9421a FIX: precompile desktop_theme and mobile_theme stylesheets
required for environments that pre stage docker images and keep old image running during the deploy
2018-08-31 21:23:55 +10:00
Guo Xiang Tan
5a214a687c FIX: Exclude UserAuthToken and UserAuthTokenLog in user webhook. 2018-08-31 17:25:56 +08:00
Guo Xiang Tan
ae2f00ee73 DEV: Include the thread in the error message. 2018-08-31 17:14:19 +08:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam
b3aab1770f FIX: set old last modified date for invalid avatars
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Sam
1866a8e8da correct invalid spec 2018-08-31 15:06:30 +10:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Sam
9b7cab589a FIX: revert diacritic stripping
See more details in test case and at: https://meta.discourse.org/t/discourse-should-ignore-if-a-character-is-accented-when-doing-a-search/90198/16?u=sam
2018-08-31 11:46:55 +10:00
Guo Xiang Tan
81b99efc68 DEV: Raise an error if thread doesn't return within expected time. 2018-08-31 09:26:28 +08:00
Vinoth Kannan
297e8aaf2e FIX: Escape regex pattern variable before using it 2018-08-31 03:02:24 +05:30
Blake Erickson
c6f339a0b5 format json better with spaces in my test 2018-08-30 14:39:40 -06:00
Blake Erickson
ae532f8548 FIX: return 422 for an invalid group name on category create 2018-08-30 14:28:55 -06:00
David Taylor
825dee5598 SECURITY: Prevent users from modifying custom fields 2018-08-30 13:00:51 +01:00
David Taylor
103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Osama Sayegh
9efbf2c49f FIX: changing component settings should trigger refresh for parent theme CSS (#6340) 2018-08-30 20:53:03 +10:00
Guo Xiang Tan
9c7e029d01 DEV: Attempt to stablize multisite tests. 2018-08-30 17:31:17 +08:00
Guo Xiang Tan
c4de36624f Skip imagemagick tests on Travis. 2018-08-30 16:07:00 +08:00
David Taylor
f0abb4d09a FIX: Allow user actions to be saved even if the post has nil user
This issue made it impossible to delete users if they had flagged a post with nil user
2018-08-30 01:03:32 +01:00
Sam
e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
Bianca Nenciu
72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Gerhard Schlager
b2cf725700 FIX: Don't try to send invite email when invite was deleted 2018-08-29 12:43:12 +02:00
Sam
44cf3cf975 FIX: queue heartbeats in readonly modes
If sidekiq is paused or Discourse is in readonly continue to queue
heartbeats

If we do not do that then a master process can end up reaping sidekiq
workers and causing various badness

This also impacts restore which can do weird stuff TM in cases like this
2018-08-29 12:36:59 +10:00
Sam
740308675b FEATURE: erode bounce score every time an email is sent
Introduces a hidden setting (default is 0.1) that erodes bounce score
every time we send an email. This means that erratic failures are less
painful cause system auto corrects
2018-08-28 17:02:12 +10:00
Guo Xiang Tan
032f860c86 Fix brittle spec. 2018-08-28 14:29:38 +08:00
Robin Ward
52ca0893e1 FIX: Broken specs 2018-08-28 14:29:38 +08:00
Kyle Zhao
e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Sam
9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Davide Porrovecchio
1826626272 FEATURE: Add Content-Type header to CORS
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
2018-08-28 11:19:38 +10:00
Neil Lalonde
ebe7835316 FIX: links in rss feeds are sometimes wrong on subfolder installs 2018-08-27 18:05:15 -04:00
Bianca Nenciu
b6963b8ffb FIX: Ignore OneBox blacklisted domains. 2018-08-27 20:40:55 +02:00
Sam
dc17ae3b2f correct specs 2018-08-27 14:50:56 +10:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Raul Tambre
2271918be2 FEATURE: Use S3 dualstack endpoints
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
Maja Komel
020eba4623 FIX: find tags with non-latin names (#6312) 2018-08-27 11:05:28 +10:00
Kris
faf09bb8c8 Replacing default brown category color 2018-08-24 14:18:14 -04:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
James Kiesel
a4001c1ea0 FEATURE: Pop revise modal on post edited notification (#6287)
* Add revision number to notification url

* Pop modal on route change

* Add semicolon

* Ensure modal pops even when navigating within a topic

* Ensure modal pops when visiting from other page

* Fix eslint errors

* Fix prettier errors

* Add callback for notification item click

* Remove stray revisionUrl function

* Rename to afterRouteComplete
2018-08-24 09:13:07 -04:00
Guo Xiang Tan
932195d828 DEV: Update test case for TopicEmbed. 2018-08-24 09:42:12 +08:00
Guo Xiang Tan
1ba24496ab
Merge pull request #6261 from xrav3nz/fix/topic-embed-import-updates
FIX: update TopicEmbed's title and user correctly
2018-08-24 09:32:03 +08:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Guo Xiang Tan
4a552fb967
Merge pull request #6303 from nbianca/user_serializer_spec
Add spec for UserSerializer and UserApiKey.
2018-08-24 08:16:11 +08:00
Sam
ac11f8df52 correct regression searching with diacritics 2018-08-24 10:00:51 +10:00
Sam
29315b73c2 FIX: improve last_modified date returned for avatars
instead of hard coding a date:

1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Régis Hanol
bc7b530b0a FIX: remove diacritics instead of transliterating 2018-08-24 00:38:44 +02:00
Bianca Nenciu
ff441bc4ca Add spec for UserSerializer and UserApiKey. 2018-08-23 19:01:02 +02:00
Régis Hanol
2fcf2b899e FIX: remove diacritics when tokenizing html for search 2018-08-23 17:13:52 +02:00
Arpit Jalan
7a91df3248
Merge pull request #6290 from techAPJ/latest-full-name
UX: show full name on /latest page
2018-08-23 17:34:54 +05:30
Arpit Jalan
1a7cd6648b UX: show full name on /latest page 2018-08-23 14:41:06 +05:30
Guo Xiang Tan
dd810b8b05
Merge pull request #6304 from tgxworld/create_functions_in_different_schema
FIX: Create `BaseDropper` functions in a different schema.
2018-08-23 15:01:41 +08:00
Guo Xiang Tan
212ee15804 FIX: Create BaseDropper functions in a different schema.
https://meta.discourse.org/t/error-when-restore-db-backup/93145/25?u=tgxworld
2018-08-23 12:52:21 +08:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Guo Xiang Tan
36a7028f19 FEATURE: Clean up PostReplyKey records.
* Default retention of 90 days.
2018-08-23 10:40:02 +08:00
Régis Hanol
f01169d6ff FIX: don't send email when the post was deleted 2018-08-22 13:13:58 +02:00
James Kiesel
cdea969c6a FEATURE: Make initial admins TL1
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
Sam
272de95175 FIX: client duplicate registration should be cleaned up
If for any reason we are unable to correct client id on a user api key
invalidate old keys for client/user
2018-08-22 12:56:49 +10:00
Sam
5d96809abd FIX: improve support for subfolder S3 CDN 2018-08-22 12:31:13 +10:00
Sam
f5142861e5 Revert "Revert "FIX: upload URLs from S3 on subfolder installs""
This reverts commit 26c96e97e5.

We have no choice but to run this code
2018-08-22 11:31:33 +10:00
Sam
26c96e97e5 Revert "FIX: upload URLs from S3 on subfolder installs"
This reverts commit 357df2ff4f.
2018-08-22 10:51:40 +10:00
Neil Lalonde
357df2ff4f FIX: upload URLs from S3 on subfolder installs 2018-08-21 14:58:55 -04:00
Gerhard Schlager
17dc8f2490 UX: Wizard resends activation email when user exists 2018-08-21 19:13:41 +02:00
Régis Hanol
d1607a387a FIX: only allow printable characters in uploads filename 2018-08-21 18:11:01 +02:00
Régis Hanol
3e436e2daf FIX: doesn't translate group permission keys 2018-08-21 12:56:56 +02:00
Kyle Zhao
baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Guo Xiang Tan
7dcc69aef4 DEV: Refactor test to not call private method. 2018-08-21 14:29:58 +08:00
Guo Xiang Tan
48f499b324 DEV: Refactor some mail receiver related specs. 2018-08-21 14:00:45 +08:00
Guo Xiang Tan
d104de2a09 Remove line that is no longer required. 2018-08-21 11:48:58 +08:00
Guo Xiang Tan
8bdf14834b PERF: Restrict number of skipped email log for Jobs::UserEmail. 2018-08-21 11:14:43 +08:00
Guo Xiang Tan
2c70d3f443 Take 2 on ba6f11c521. 2018-08-21 10:06:36 +08:00
Sam
2d96160192 FEATURE: improve API error reporting for invalid records 2018-08-21 11:54:34 +10:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Gerhard Schlager
14af90df5b UX: Stop putting usernames in edit reason when changing post owner 2018-08-20 12:28:04 +02:00
Guo Xiang Tan
b4f92a05b3 FIX: Load more on groups page does not account for params.
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
Sam
f5fe58384f correct regression around file renaming 2018-08-20 16:08:05 +10:00
Sam
ce4b12ae59 FIX: if we have not target available do not redirect 2018-08-20 13:10:59 +10:00
Sam
d7b1919ead correct specs 2018-08-20 12:46:14 +10:00
Sam
8b5e42ea16 FIX: always test and coerce to image on upload
In the past the filename of the origin was used as the source
for the extension of the file when optimizing on upload.

We now use the actual calculated extension based on upload data.
2018-08-20 12:18:59 +10:00
Bianca Nenciu
975a72ab7a FEATURE: Make links indexable. (#6285) 2018-08-20 10:39:19 +10:00
Robin Ward
a83f662492 FIX: Allow silenced users to like / bookmark, just not flag. 2018-08-17 11:06:18 -04:00
Guo Xiang Tan
010fe479cb Fix linting. 2018-08-17 17:34:25 +08:00
Guo Xiang Tan
16c0ebe8a8 Fix the build. 2018-08-17 16:53:07 +08:00
Guo Xiang Tan
a26ef7738f FIX: FileHelper#download should return nil if max size is exceeded. 2018-08-17 16:19:59 +08:00
Guo Xiang Tan
4b7c5ba162 Update UploadCreator specs to include cropping code path. 2018-08-17 15:22:12 +08:00
Guo Xiang Tan
fae8757cd4 FIX: Guardian#post_can_act? shouldn't raise an error if user of post has been deleted. 2018-08-17 15:11:30 +08:00
Guo Xiang Tan
a9e502936f FIX: Converting PNG to JPEG does not set the correct extension. 2018-08-17 13:09:48 +08:00
Régis Hanol
93201d8dbe FIX: don't trigger 'flag_reviewed' when no flags were reviewed 2018-08-16 18:11:29 +02:00
Joffrey JAFFEUX
10a3499d68
uses emoji versions for specs (#6276) 2018-08-16 13:45:30 +02:00
Sam
f62073a22a correct regression uploading images 2018-08-16 18:49:08 +10:00
Gerhard Schlager
937ab3f213 FIX: Validation of min_posts and max_posts didn't work 2018-08-16 10:36:53 +02:00
Sam
796164b58c FIX: automatically correct bad avatars on access
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Guo Xiang Tan
5778c33ee7 FIX: Compatibility with ImageMagick 7.
http://www.imagemagick.org/Usage/misc/

"The "-interpolate" setting of 'Catrom' (generally imprecisely known as 'BiCubic' interpolation)"
2018-08-16 09:49:52 +08:00
Sam
243fc9d0f9 FIX: refreshing auto groups when min_username_length is long 2018-08-15 16:59:56 +10:00
Sam
38c10a3dc2 correct the validator 2018-08-15 14:56:24 +10:00
Sam
91e0a77a60 FEATURE: silenced users should not be allowed to edit posts 2018-08-15 14:29:36 +10:00
Misaka 0x4e21
d4fd19d49a UX: Replace Google search with Discourse search on not found page
* UX: Replace Google search with Discourse search on not found page.

* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Sam
06f82a7d72 correct exception handling, always do to_i in array 2018-08-15 11:31:42 +10:00
Sam
bc47148d35 add validation to exclude_category_ids 2018-08-15 09:53:28 +10:00
Régis Hanol
12bab65167 FIX: going from /categories to /latest on mobile might break infinite scrolling 2018-08-15 01:22:03 +02:00
Gerhard Schlager
ba0e322fd0 FIX: Validation of topic params broke discourse-assign 2018-08-14 18:45:46 +02:00
Robin Ward
87fa26b6c8 FIX: Silenced users shouldn't be able to act on posts 2018-08-14 11:43:39 -04:00
Gerhard Schlager
c358421ca5 FIX: Bulk updating category failed when topic title was too short 2018-08-14 16:37:52 +02:00
Gerhard Schlager
216f4c99b0 Correct flaky spec 2018-08-14 12:43:57 +02:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Sam
ad5f502332 FIX: add a basic validator for topic params
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
Guo Xiang Tan
664186a2a4 DEV: Remove stub to make test more reliable. 2018-08-13 14:48:46 +08:00
Guo Xiang Tan
d10c9d7d75 FIX: Missing extensions for non-image uploads due to 2b57239389. 2018-08-13 10:58:55 +08:00
Gerhard Schlager
b73950692b FIX: Parsing non-existent feed should not fail 2018-08-10 18:37:14 +02:00
Osama Sayegh
865cb3feb9
FIX: allow selecting site's default theme from preference 2018-08-10 14:12:02 +03:00
Sam
2b2612d0f5 correct flaky spec
after(:all) and before(:all) are to be avoided, state can leak
2018-08-10 16:08:07 +10:00
Simon Cossar
093c3510e6 Rework moderators activity query (#6230)
* Order rows in query

* Don't increment revisions when moderator revises their own post
2018-08-10 10:51:31 +10:00
Gerhard Schlager
b9072e8292 FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246) 2018-08-10 10:51:03 +10:00
Misaka 0x4e21
6db623ef6b UX: Improve category filtering and include subcategories
* category_filtering
  1. report_top_referred_topics
  2. report_top_traffic_sources
  3. report_post_edit
* category_filtering with subcategory topics
  1. report_top_referred_topics
  2. report_top_traffic_sources
  3. report_post_edit
  4. report_posts
  5. report_topics
  6. report_topics_with_no_response
* category_filtering tests (without subcategory topics)
  1. report_posts
  2. report_topics_with_no_response
* subcategory topics tests `in_category_and_subcategories` in `topic_spec.rb`
  1. `in_category_and_subcategories` in `topic_spec.rb`
  2. topics, posts, flags and topics_with_no_response in `report_spec.rb`
2018-08-10 10:50:05 +10:00
Gerhard Schlager
ef4b9f98c1 FEATURE: Allow admins to reply without topic bump 2018-08-10 10:48:30 +10:00
Simon Cossar
3cd4dc0f5f Allow users with group_locked_trust_level to be promoted to tl3 (#6249) 2018-08-10 10:42:23 +10:00
Osama Sayegh
0d5ebcb21d fix flaky specs (#6255) 2018-08-10 10:38:36 +10:00
Neil Lalonde
d77dccc636 FIX: user-deleted posts with deferred flags can be destroyed 2018-08-09 14:54:31 -04:00
Neil Lalonde
2c4d7225d8 FIX: permalink redirects with subfolder 2018-08-09 11:05:27 -04:00
Sam
ed4c0f256e FIX: check permalinks for deleted topics
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
Guo Xiang Tan
ba6f11c521 PERF: Only log the first skipped email when user exceeds daily limit.
https://meta.discourse.org/t/cleaning-up-e-mail-logs/39132
2018-08-08 16:25:00 +08:00
Guo Xiang Tan
1ea23b1eae FIX: Wrong order for S3Helper#copy_file. 2018-08-08 15:58:54 +08:00
Sam
a35f2984e9 FIX: support Arrays with Marshal dump in distributed cache
Theme cache uses arrays here
2018-08-08 16:44:56 +10:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Guo Xiang Tan
aafff740d2 Add FileStore::S3Store#copy_file. 2018-08-08 11:30:34 +08:00
Neil Lalonde
4e6e4a83df FIX: subfolder digest emails have incorrect URLs 2018-08-07 16:38:17 -04:00
David Taylor
aa9a9a5a72 FIX: Include auth_providers for anonymous users when login_required 2018-08-07 09:24:16 +01:00
Guo Xiang Tan
2b57239389 FIX: Upload's content is the only source of truth for the file type. 2018-08-07 13:15:00 +08:00
Guo Xiang Tan
d1860a4f7d DEV: Fix test to use an actual PNG instead of a GIF. 2018-08-07 12:02:35 +08:00
Sam
6797395bd0 FIX: staff should be allowed to agree and keep post 2018-08-07 10:05:43 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Guo Xiang Tan
4e11811321 FIX: UserAvatar#update_gravatar! does not update User#uploaded_avatar.
https://meta.discourse.org/t/missing-user-profile-pictures/93844/4
2018-08-06 13:29:44 +08:00
Osama Sayegh
18b396ad56 FEATURE: add link to see new commits when updates are available for themes (#6233)
* FEATURE: add link to see new commits when updates are available for themes

* shorten regexp
2018-08-06 15:29:15 +10:00
Régis Hanol
bf4d98e89d FIX: always store topic links using the upload url 2018-08-04 01:29:32 +02:00
Joffrey JAFFEUX
066010db7d
FEATURE: introduces list/compact_list components 2018-08-03 16:41:37 -04:00
Régis Hanol
ac2513b0f2 FEATURE: automatic PM when a user's email is revoked 2018-08-03 16:39:22 +02:00
Sam
280c318c49 FEATURE: allow ruby tags in Markdown 2018-08-03 11:47:36 +10:00
Osama Sayegh
880462a41c FEATURE: display out of date themes on admin dashboard
* FEATURE: disaply out of date themes on admin dashboard

* Update copy
2018-08-03 09:53:48 +10:00
Jeff Atwood
c81bad3232
Merge pull request #6232 from OsamaSayegh/message-email-short-reply
UX: better rejection message when reply via email is too short
2018-08-02 14:25:04 -07:00
OsamaSayegh
a157dfd418 UX: better rejection message when reply via email is too short 2018-08-02 22:43:53 +03:00
Sam
0b3d51a8bc FEATURE: whitelist lang attribute 2018-08-02 16:53:08 +10:00
Penar Musaraj
4a872823e7 Improvements to user drafts (#6226)
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Dan Ungureanu
1a0ffc5ace FEATURE: Added method to get multiple values at once from PluginStore. (#6225) 2018-08-01 18:42:40 +02:00
Gerhard Schlager
f4ca105498 FIX: Moving posts to existing topic didn't update topic metadata 2018-08-01 18:05:43 +02:00
Neil Lalonde
b829452c75
Merge pull request #6209 from discourse/mini_scheduler
REFACTOR: extract scheduler to the mini_scheduler gem
2018-08-01 10:28:24 -04:00
Joffrey JAFFEUX
499ed469b0
FIX: disk_space refresh is now on demand 2018-08-01 10:06:20 -04:00
Gerhard Schlager
a115aae45f Use rchardet instead of charlock_holmes gem 2018-08-01 10:41:20 +02:00
Gerhard Schlager
5d421fb946 FIX: Try respecting charset in HTTP header of RSS feed 2018-08-01 10:41:20 +02:00
Gerhard Schlager
ff942ed2f3 FIX: Try detecting encoding of RSS feed 2018-08-01 10:41:20 +02:00
Penar Musaraj
1f45215537 FEATURE: Drafts view in user profile
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Joffrey JAFFEUX
849f0d00f6
FEATURE: adds revision_count to moderators_activity (#6218)
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-31 23:40:45 -04:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
Joffrey JAFFEUX
2b2a506a7b
FIX: makes dashboard more resilient to errors (#6217)
This commit is an attempt to limit cases where the dashboard will generate a full exception page and also make it easier to track the error.
2018-07-31 21:23:28 -04:00
Joffrey JAFFEUX
8299fe0947
fix report spec (#6214) 2018-07-31 18:15:14 -04:00
Vinoth Kannan
6aee22b88f FIX: Onebox images are not downloaded locally without css class 2018-08-01 02:51:02 +05:30
Neil Lalonde
4ad7ce70ce REFACTOR: extract scheduler to the mini_scheduler gem 2018-07-31 17:12:55 -04:00
Arpit Jalan
afe3b00c0f FIX: use hidden setting for max export file size 2018-07-31 11:25:28 +05:30
Vinoth Kannan
50df2d7241 FIX: Should not include regular categories in top_category_ids array 2018-07-30 16:06:36 +05:30
Guo Xiang Tan
87537b679c Drop reply_key, skipped and skipped_reason from email_logs. 2018-07-30 11:39:28 +08:00
Guo Xiang Tan
b94633e844 FIX: FileHelper should prioritize response content-type.
Request to a URL with `.png` extension may return a jpg
instead causing us to attach the wrong extension to an
upload.
2018-07-30 10:54:36 +08:00
David Taylor
5f1fd0019b FEATURE: Allow revoke and connect for GitHub logins 2018-07-27 17:18:53 +01:00
David Taylor
6296f63804 FEATURE: Revoke and connect for Yahoo logins 2018-07-27 16:20:47 +01:00
David Taylor
9c72c00206 FEATURE: Revoke and reconnect for Twitter logins 2018-07-27 12:28:51 +01:00
Vinoth Kannan
dac29b5ebc
UX: Display only top categories in hamburger menu (#6146) 2018-07-27 12:11:07 +05:30
Guo Xiang Tan
6f9a91cbd5
Merge pull request #6175 from vinothkannans/post_approval_webhook
FEATURE: Webhook for post approval events
2018-07-27 10:50:49 +08:00
Joffrey JAFFEUX
313cd9940d
starts refactoring report spec 2018-07-26 19:24:18 -04:00
Neil Lalonde
1708ff1808 UX: add a route /rules as an alias for /faq and /guidelines 2018-07-26 15:38:08 -04:00
Neil Lalonde
135c803f49 FIX: don't send PM if flagged post is deleted but flags were deferred or cleared 2018-07-26 15:12:31 -04:00
Vinoth Kannan
af5b88f8e2 Rename approval web hook event type to queued post 2018-07-26 10:29:38 +05:30
Guo Xiang Tan
f8b367cc9c Fix the build. 2018-07-26 10:17:51 +08:00
Guo Xiang Tan
30242972d3 Add spec for 4bf3bf6786. 2018-07-26 09:16:14 +08:00
Régis Hanol
b04b7c366c SECURITY: force IM decoder based on file extension 2018-07-25 22:01:08 +02:00
Régis Hanol
4bf3bf6786 SECURITY: force IM decoder based on file extension 2018-07-25 22:00:04 +02:00
Vinoth Kannan
5059dad8f0 FEATURE: Webhook for post approval events 2018-07-25 23:43:19 +05:30
David Taylor
f38942d121 FIX: Destroy session between omniauth callbacks controller tests 2018-07-25 16:33:42 +01:00
Joffrey JAFFEUX
796639a797
FIX: makes disk_space computation more resilient (#6172) 2018-07-25 11:04:01 -04:00
David Taylor
fa399ce1c5 FEATURE: Add revoke and reconnect functionality for google logins 2018-07-25 16:03:14 +01:00
Gerhard Schlager
84d14fd8a0 FIX: Don't rely on setting data type read from database 2018-07-25 11:40:59 +02:00
Neil Lalonde
417bcf7d2e add checks for staff and system user before sending flags_agreed_and_post_deleted message 2018-07-24 19:25:11 -04:00
Neil Lalonde
fe39cdc90a FEATURE: when a post is deleted because a moderator agreed with flags, send a message to the post author 2018-07-24 17:17:56 -04:00
Robin Ward
7058205f70 FIX: Broken specs 2018-07-24 12:00:34 -04:00
Gerhard Schlager
1ac643d71c FIX: Email template for "Queued Posts Reminder" was not found 2018-07-24 17:26:52 +02:00
Robin Ward
878aee965b SECURITY: Consider 0.0.0.0 a private IP 2018-07-24 11:17:13 -04:00
Robin Ward
236243f38a SECURITY: Consider 0.0.0.0 a private IP 2018-07-24 11:16:27 -04:00
Joffrey JAFFEUX
7a3c541077
UX: Preview multiple color schemes in wizard (#6151)
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.

Theme preview windows are shrinked.

Imported default color schemes.

Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
2018-07-24 09:00:20 -04:00
David Taylor
abddb48260 Rubocop fix 2018-07-24 10:49:20 +01:00
Guo Xiang Tan
fa19d3a53c
Merge pull request #6108 from discourse/transaction-sidekiq-fix
Fix notifications for topics moved between categories
2018-07-24 17:44:03 +08:00
David Taylor
20a21b1240 Move into MiniSQLMultisiteConnection, and add test for rollback 2018-07-24 09:41:55 +01:00
Guo Xiang Tan
7a2bf8e368 Fix invalid query syntax when CategoryCustomField#value is blank. 2018-07-24 14:48:27 +08:00
Guo Xiang Tan
fad9c2b971 PERF: Move EmailLog#reply_key into new post_reply_keys table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
Davide Porrovecchio
dd9d815178 FIX: Add User Api Key headers to CORS
- add User-Api-Key and User-Api-Client-Id to Access-Control-Allow-Headers
- update test
2018-07-24 10:28:23 +10:00
Neil Lalonde
f4b5eccad3 FIX: categories page crawler view had incorrect URLs 2018-07-23 14:54:41 -04:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joffrey JAFFEUX
32062864d3
FIX: removes system from user to user report (#6144) 2018-07-23 10:33:12 -04:00
David Taylor
d7b5a374c2 Fix indentation 2018-07-23 10:42:15 +01:00
Vinoth Kannan
84ab825e41
FEATURE: Webhook for user destroyed event (#6124) 2018-07-23 13:19:49 +05:30
Vinoth Kannan
f8e9190617 FEATURE: Retry web hook when it is failed 2018-07-23 10:12:04 +08:00
Joffrey JAFFEUX
06323f9c89
FIX: takes old dashboard out of caching job 2018-07-21 12:42:03 -04:00
Maja Komel
368d4e8eae FIX: notify staff about whispers in watched categories (#6128) 2018-07-21 11:20:21 +02:00
Guo Xiang Tan
b4ef7dfe9a DEV: Make spec less brittle. 2018-07-21 09:13:11 +08:00
Guo Xiang Tan
7cf6c2825e
Merge pull request #6106 from OsamaSayegh/watch-when-splitting
FIX: topic owner should watch the new topic when moving posts to a new topic
2018-07-20 15:18:59 +08:00
OsamaSayegh
69450750d1 shorter method name and better specs 2018-07-20 10:13:27 +03:00
Joffrey JAFFEUX
1a78e12f4e
FEATURE: part 2 of dashboard improvements
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
Joffrey JAFFEUX
a2281fbb19
FEATURE: allows to jump to a date in a topic 2018-07-19 16:00:13 +02:00
Maja Komel
a9ebad3f6c FIX: do not add a moderator post when post is flagged via direct message (#6100) 2018-07-18 23:18:14 +02:00
David Taylor
32db976156 FIX: Stop race condition when topic notification jobs are scheduled during a database transaction
This was not picked up by tests because scheduled jobs are run immediately
and in the current thread (and therefore the current database transaction).

This particular case sometimes occurs inside multiple nested transactions,
so simply moving the offending line outside of the transaction is not enough.

Implemented TransactionHelper, which allows us to use `TransactionHelper.after_commit`
to define code to be run after the current transaction has been committed.
2018-07-18 22:04:43 +01:00
Neil Lalonde
afc94ac9e4 FEATURE: add a Top Categories section to the user summary page, showing the categories in which a user has the most activity 2018-07-18 16:39:16 -04:00
David Taylor
2dc3a50dac FIX: Do not update last seen time for suspended users 2018-07-18 16:04:57 +01:00
OsamaSayegh
547b571d84 FIX: topic owner should watch the new topic when moving posts to a new topic 2018-07-18 15:23:32 +03:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Guo Xiang Tan
b068a8a771 Fix the build. 2018-07-18 14:03:27 +08:00
Arpit Jalan
7da22e395b FIX: do not show links with 0 click on topic map 2018-07-18 10:50:01 +05:30
OsamaSayegh
281538ae61 FIX: theme JS should only run when needed global objects exist (#6098) 2018-07-18 15:13:47 +10:00
Sam
0c159f17b7 skip failing spec 2018-07-18 14:43:06 +10:00
Sam
379384ae1e FIX: never block /srv/status which is used for health checks
This route is also very cheap so blocking it is not required

It is still rate limited and so on elsewhere
2018-07-18 12:37:01 +10:00
Guo Xiang Tan
3874d40910 Prepare to drop EmailLog#topic_id. 2018-07-18 10:22:24 +08:00
Sam
02628883d2 FEATURE: adjust autobump system
- We spread out bumping through the day, if you are bumping
 4 topics then a topic will be bumped every 6 hours

- We add a small, bumping action at the bottom of the post to
 denote a topic got bumped
2018-07-18 10:17:33 +10:00
Guo Xiang Tan
202b839208 Fix the build. 2018-07-17 17:20:57 +08:00
Guo Xiang Tan
d839a42bf9 Skip imagemagick tests on Travis. 2018-07-17 17:11:05 +08:00
Guo Xiang Tan
3553375dd2 PERF: Store EmailLog#reply_key as uuid data type. 2018-07-17 17:05:42 +08:00
Guo Xiang Tan
1d74ccaaf8 Add compatibility for ImageMagick7. 2018-07-17 15:50:58 +08:00
Sam
91266cdabb correct auto bump topic logic 2018-07-17 09:33:33 +10:00
Guo Xiang Tan
c0c263405a
PERF: Store EmailLog#bounce_key as uuid data type. (#6093)
PERF: Store `EmailLog#bounce_key` as `uuid` data type.
2018-07-16 20:05:54 +08:00
Sam
ac0053f491 FEATURE: navigate to first post and auto bump category settings
### navigate_to_first_post_after_read setting for categories

When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)

### num_auto_bump_daily

Set a number of topics that will automatically bump daily on a category.

- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day

Also some minor organisation on category settings

Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Arpit Jalan
b1082924b9 FIX: do not validate topic deletions 2018-07-13 22:53:36 +05:30
Guo Xiang Tan
711371e8c8 FIX: Select+below will ask server for post ids on megatopics. 2018-07-13 15:10:39 +08:00
Guo Xiang Tan
c722b07057 FIX: /t/:topic_id/last route did not return any posts. 2018-07-13 14:26:10 +08:00
Kyle Zhao
2901691e87 FEATURE: per-category approval settings (#5778)
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Guo Xiang Tan
79ba418edd DEV: Don't join on a thread forever. 2018-07-12 15:46:07 +08:00
Guo Xiang Tan
258e9e35ca PERF: Make mega topics work without a stream.
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld.
2018-07-12 12:46:12 +08:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Maja Komel
0942e2c795 allow adding tags as a custom subject format for emails (#5846)
allow adding tags as a custom subject format for emails
2018-07-11 12:24:07 +10:00
Guo Xiang Tan
bdf3da8f80 DEV: Raise an error if any test finishes with more than 1 busy AR connection. 2018-07-11 09:54:01 +08:00
OsamaSayegh
f2cc05c6c6 FIX: ignore self-quotes from the same post when saving (#6082) 2018-07-10 16:17:28 +08:00
Guo Xiang Tan
0a28181c62 Fix the build take 2. 2018-07-10 11:27:03 +08:00
Guo Xiang Tan
4163f9e61e DEV: Better clean up for PostgreSQL failover test. 2018-07-10 09:53:25 +08:00
Guo Xiang Tan
5374a0e720 Fix the build. 2018-07-10 09:48:57 +08:00
Jordan Seanor
10bc69a62f FEATURE: Event on topic merge (#6057) 2018-07-10 09:28:57 +08:00
Guo Xiang Tan
4172e1dd52
FIX: Rename User#usernames that clashes with Group#name. (#6069) 2018-07-09 16:54:57 +08:00
Guo Xiang Tan
96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
David Taylor
6f25421a06 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:26:44 +10:00
David Taylor
9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
Guo Xiang Tan
9948f57a99 REFACTOR: Update test to assert for the right objects. 2018-07-09 09:54:14 +08:00
Andrew Schleifer
dba22bbde2 rollback changes
This reverts:
* 1baba84c438e "fix s3 subfolders harder"
* ea5e57938edf "fix test for absolute_base_url change"
2018-07-06 17:16:40 -05:00
Andrew Schleifer
f8b90226cb fix test for absolute_base_url change 2018-07-06 17:08:18 -05:00
Andrew Schleifer
52e9f49ec1 fix s3 subfolders harder
specifically, include the folder in absolute_base_url
2018-07-06 16:28:40 -05:00
Maja Komel
18f5f646b1 FEATURE: allow selecting a tag when moving posts to a new topic (#6072) 2018-07-06 18:21:32 +02:00
Guo Xiang Tan
7163bf9323 FIX: Upload.get_from_url not respective subfolder in s3 bucket names. 2018-07-06 11:37:11 +08:00
Neil Lalonde
211981ef23 add specs for min_trust_to_create_tag set to staff and admin 2018-07-05 11:39:32 -04:00
Patrick Gansterer
28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Sam
0408e87e00 remove uneeded specs 2018-07-05 15:34:58 +10:00
Sam
b54ba4c952 FIX: mentions broken after adding an <abbr> tag
A previous shortcut used was not allowing for <abbr and other tags starting with a

If <abbr> appeared anywhere in the text all mentions would fail to link
2018-07-05 09:27:11 +10:00
Régis Hanol
272646c1df FIX: only show the sequential replies warning for regular posts 2018-07-04 22:51:19 +02:00
Régis Hanol
8a53941fe0 FIX: less aggressive gmail eliding 2018-07-04 20:04:46 +02:00
Neil Lalonde
24882ce1a5 make rubocop happy 2018-07-04 09:42:31 -04:00
Neil Lalonde
f134701c7b FIX: user topic and post counts can become negative when staff deletes posts in personal messages 2018-07-04 09:31:16 -04:00
Sam
e72fd7ae4e FIX: move crawler blocking into anon cache
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
Sam
7f98ed69cd FIX: move crawler blocking to app controller
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
Neil Lalonde
e8a6323bea remove crawler blocking until multisite support 2018-07-03 17:54:45 -04:00
Leo McArdle
c3129444ea FIX: allow multiple secondary emails 2018-07-03 18:21:35 +08:00
Kasia Bułat
b71cf6d422 FEATURE: Add search not operator for tags. 2018-07-03 15:57:34 +08:00
Jeff Wong
d7f6d37a98 refactor: promotion spec 2018-07-02 16:23:45 -07:00
Guo Xiang Tan
969e79d7c6 PERF: Do not calculate gaps for TopicViewPostsSerializer.
The client doesn't use the gaps results when loading new posts.
2018-07-02 14:01:50 +08:00
Arpit Jalan
7550e9ff95 FIX: purge unactivated users with a message from non-human users 2018-06-29 13:03:04 +05:30
hellekin
25cfc98b67 Fix 'asscoiated' typo
I know that **Naming is CRITICAL** and that **Refactoring only NOT welcome**.

But since I spotted this (consistent) typo and the change does not affect any
functionality -- I checked the presence of "asscoiated" in the code base, I
guess the first rule trumps the second one.

It also gave me a false pretext to bypass my reluctance to use Google forms and
sign de CLA. Typos hurt the eye.
2018-06-29 11:10:05 +10:00
Sam
982df3c17b FIX: return status 400 for invalid member params
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
Robin Ward
fd7bb8e656 FIX: Scope the cn to the subfolder 2018-06-28 11:03:36 -04:00
Sam
849b4b5685 SECURITY: category badges should HTML escape names 2018-06-28 18:16:12 +10:00
Sam
db14e10943 SECURITY: category badges should HTML escape names 2018-06-28 18:15:07 +10:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan
cfa7898c2d Rename TopicView#last_read_post_id to TopicView#filtered_post_id. 2018-06-27 12:33:57 +08:00
Guo Xiang Tan
cb69888758 PERF: Don't pluck all the columns just to retrieve a single value. 2018-06-27 11:41:35 +08:00
Arpit Jalan
6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Arpit Jalan
7efdccdbc5 FIX: allow staff to remove tags from queued topics 2018-06-26 17:08:40 +05:30
Guo Xiang Tan
49ffc1eb61 Revert "PERF: Send down gaps as the relevant posts load instead of front loading."
This reverts commit 4c3352528e.
2018-06-26 12:54:14 +08:00
Guo Xiang Tan
4c3352528e PERF: Send down gaps as the relevant posts load instead of front loading. 2018-06-26 12:49:06 +08:00
Guo Xiang Tan
0b6a2e9d1f Remove force summary mode for megatopics for now.
The logic is too hairy and we can't reliably determine
when to force summary mode. Work is underway to improve
perf for megatopics so this will not be required
eventually.
2018-06-26 12:49:06 +08:00
Gerhard Schlager
50192de046 Fix the specs 2018-06-25 16:18:07 +10:00
Ernesto Serrano
93e60a59f5 Added rspec test 2018-06-25 16:18:07 +10:00
David Lee
4644d777bd FEATURE: add website field to SSO 2018-06-25 16:09:39 +10:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Guo Xiang Tan
f69356e628 FIX: Users can't "show all posts" in forced summary topics. 2018-06-22 11:32:45 +08:00
Guo Xiang Tan
bad6a5142c PERF: Don't include entire post stream when we're loading more posts. 2018-06-22 10:49:03 +08:00
Jeff Wong
bc52bdfa12 Feature: unconditionally consider TL0 users as "first day" users 2018-06-21 10:53:08 -07:00
Guo Xiang Tan
9a7a079f4d Force summary mode when user enters at the top of megalodoon topics. 2018-06-21 15:18:52 +08:00
Guo Xiang Tan
f7d22bad90 FEATURE: Forced summary mode for megalodon topics.
This is mainly done for performance reasons and megalodon
topics are usually a byproduct of imports where site setting
limits are not respected.
2018-06-21 14:00:20 +08:00
Guo Xiang Tan
6ddd214476 FIX: Post#summary returning posts from other topics. 2018-06-21 12:00:54 +08:00
Sam
f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Guo Xiang Tan
0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00