Commit Graph

1043 Commits

Author SHA1 Message Date
Robin Ward
afea20953f FIX: Broken certificates 2019-10-24 14:13:27 -03:00
Roman Rizzi
3a73f29928 FIX: Rate limit and hijack certificate generation. (#8215)
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-22 15:39:58 -03:00
Krzysztof Kotlarek
5bcc1c1cd5 FIX: Narrative Bot certificates are ERB templates (#8174)
There are at least two ways of rendering templates outside of the controller. The first one is Rails way enabled with Rails 5 https://evilmartians.com/chronicles/new-feature-in-rails-5-render-views-outside-of-actions
The downside of this method is that all variables need to be passed as params (I could find a way to pass the whole context)

Another way is to use instance_eval described in Erubi documentation
https://github.com/jeremyevans/erubi#usage - it works perfectly fine, however, I didn't feel very confident about using eval unless necessary.

An additional benefit of using `ApplicationController.render` is that if Rails would change the ERB engine in the future, this code should still work.

If you want to test it on your local, you need to be signed in and then that two URLs are generating certificates:
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=standard&user_id=1
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=advanced&user_id=1

Dev: https://dev.discourse.org/t/discourse-narrative-bot-should-not-be-storing-giant-strings/17130
2019-10-22 15:39:42 -03:00
Bianca Nenciu
3503271959 SECURITY: Escape email text for posts containing [details]. 2019-06-26 16:45:25 +02:00
Neil Lalonde
6411810630 Update translations 2019-06-25 11:50:50 -04:00
Neil Lalonde
dbc59cfe61 Update translations 2019-06-17 13:25:37 -04:00
Joffrey JAFFEUX
32cd9ba59b
FIX: ensures local-dates modal is not taking full height on mobile (#7772) 2019-06-16 08:48:07 +02:00
Robin Ward
a8793d0d9a REFACTOR: Test Memory Usage Fixes (#7769)
* Calling `Discourse.reset()` creates a new container
We should run our de-initializers only after acceptance tests,
since initializers are not run outside of acceptance tests anyway,
and the container at this point can be passed properly to the
`teardown()` method.

* Remove `Discourse.reset` from tests
This would cause a new container to be created which leaks many objects.

* `updateCurrentUser` is more accurate than `replaceCurrentUser`
2019-06-14 14:54:20 +02:00
Robin Ward
c322cccd53 FIX: Memory Leaks when decorating posts (#7749)
* Remove long-deprecated method

* FIX: Memory Leaks when decorating posts

Previously we'd keep creating mixins dynamically when decorating the
same class.

This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
Neil Lalonde
5d7e34e0ad Update translations 2019-06-10 10:36:08 -04:00
Régis Hanol
84e5d58a0d DEV: make prettier 💅 happy 2019-06-06 12:28:41 +02:00
Régis Hanol
c131903e56 FIX: clone dateTime before changing timezone 2019-06-06 11:16:58 +02:00
Joffrey JAFFEUX
b339d67401
DEV: refactors select-kit helper to prevent it to leak into global state (#7708) 2019-06-06 10:47:10 +02:00
Guo Xiang Tan
70b73c2159 DEV: Use proper heredoc name. 2019-06-04 16:31:18 +08:00
Bianca Nenciu
63e3d49508 DEV: Add test for poll plugin reduce_excerpt. 2019-06-04 16:30:15 +08:00
Neil Lalonde
dbfdce95c9 Update translations 2019-05-30 10:40:16 -04:00
Jeff Atwood
dc43828905 add trust level blog link to discobot PM welcome 2019-05-29 18:19:35 -07:00
Régis Hanol
0df5349dbf
FIX: ensure the post url is present
Also don't interpolate a string
2019-05-30 00:05:53 +02:00
Régis Hanol
a188d15b08
FIX: reduce poll when post is nil 2019-05-30 00:02:33 +02:00
Bianca Nenciu
227c45107d FEATURE: Implement Onebox for posts including polls. (#7539) 2019-05-29 17:05:52 +02:00
Sam Saffron
1efed6e527 DEV: amend test for anonymous handling to use real data
Previously we relied on fabrication on anonymous, we can not get the
transaction commit pipeline to work as it does in production, cleanly

This amends it so our anonymous user is created using the core APIs

Signed-off-by: Sam Saffron <sam.saffron@gmail.com>
2019-05-29 15:05:37 +10:00
Bianca Nenciu
3a1d99577e FIX: Replace details content with instruction. 2019-05-29 08:36:04 +08:00
Joffrey JAFFEUX
b98b994fe7
apply prettier on plugins (#7605) 2019-05-27 11:06:11 +02:00
Joffrey JAFFEUX
bfea922167
DEV: global s/this.get\("(\w+)"\)/this.$1 (#7592) 2019-05-27 10:15:39 +02:00
Gerhard Schlager
edc6ac0c66 Update translations 2019-05-21 00:04:37 +02:00
Gerhard Schlager
0afcad148a DEV: Always use %{count} in pluralized strings 2019-05-20 23:26:22 +02:00
Gerhard Schlager
b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Gerhard Schlager
a58aa9b4bf Update translations 2019-05-20 13:42:05 +02:00
Sam Saffron
3c1fa3910f DEV: track the correct channel in specs
These tests are erratically failing due to distributed cache messages that
can land between tests

Ensure we are only looking for the correct messages
2019-05-20 18:27:09 +10:00
Sam Saffron
aeb7143aff DEV: correct flaky poll specs
They were relying on a pristine message bus, however current implementation
still uses redis, stuff can get held up and we can end up publishing
distributed cache messages in the middle invalidating the tests
2019-05-17 16:16:02 +10:00
David Taylor
5605dba85c DEV: Automatically annotate plugin models alongside core models 2019-05-13 16:37:47 +01:00
Guo Xiang Tan
c00dab89e4 Fix the build take 2. 2019-05-13 11:22:48 +08:00
Guo Xiang Tan
9059a8ca90 Fix the build. 2019-05-13 10:16:26 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
41f4f9302d UX: Rename discobot tutorial triggers.
We found the previous triggers less straight forward than just calling
it tutorial.

`start new user` -> `start tutorial`
`start new advanced user` -> `start advanced tutorial`
2019-05-10 09:08:16 +08:00
Joffrey JAFFEUX
f3a346464e
FIX: allTimezonesd was mistakenly removed (#7513) 2019-05-09 10:22:54 +02:00
Guo Xiang Tan
c72f16d927 Follow up to 329969ea20. 2019-05-08 15:36:12 +08:00
Guo Xiang Tan
329969ea20 FIX: Discobot mention tutorial should be case insensitive. 2019-05-07 10:54:22 +08:00
Guo Xiang Tan
61cc0f8c5f Follow up to 152238b4cf. 2019-05-07 09:57:27 +08:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Joffrey JAFFEUX
1d784c7a18
FEATURE: adds support for dates in polls (#7450) 2019-04-29 10:01:19 +02:00
Tim Lange
d5d784b9f2 FIX: Narration Bot now gets site setting for automatic post deletion (#7432) 2019-04-25 07:29:20 +08:00
Joffrey JAFFEUX
0284910125
Update translations 2019-04-24 15:02:04 +02:00
Robin Ward
21b975e71a FIX: Broken plugin spec 2019-04-23 15:29:26 -04:00
Kris
99efd12376 FIX: Url in Russian translation 2019-04-18 17:10:58 -04:00
Joffrey JAFFEUX
5c8213ffd3
removes debugging statement (#7362) 2019-04-11 15:02:38 +02:00
Joffrey JAFFEUX
7dd684744c
UX: sets min date on calendar when initial date is set (#7361) 2019-04-11 14:37:39 +02:00
Joffrey JAFFEUX
46dc38e5a5
UX: minor local-dates form improvements (#7360) 2019-04-11 14:03:53 +02:00
Joffrey JAFFEUX
7226240df3
UX: full revamp of local-dates form (#7357) 2019-04-11 11:14:34 +02:00
Joffrey JAFFEUX
ad5edc8bb1
UX: copy and formating improvements to local-dates form (#7343) 2019-04-09 10:33:01 +02:00