Commit Graph

49060 Commits

Author SHA1 Message Date
Ted Johansson
f3f30d6865
SECURITY: Encode embed url (#21133)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:29 +08:00
chapoi
0f7eeb5500
FIX: apply clear-transition class to correct wrapper for chat drawer (#21129) 2023-04-18 08:37:13 +02:00
Ted Johansson
437b73e322
SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
Martin Brennan
180e3e11d1
FEATURE: Better thread reply counter cache (#21108)
This commit introduces a redis cache over the top of the thread
replies_count DB cache, so that we can quickly and accurately
increment/decrement the reply count for all users and not have
to constantly update the database-level count. This is done so
the UI can have a count that is displayed to the users on each
thread indicator, that appears to live update on each chat
message create/trash/recover inside the thread.

This commit also introduces the `Chat::RestoreMessage` service
and moves the restore endpoint into the `Api::ChannelMessages`
controller as part of incremental migrations to move things out
of ChatController.

Finally, this commit refactors `Chat::Publisher` to be less repetitive
with its `MessageBus` sending code.
2023-04-18 14:01:01 +10:00
chapoi
b8583f274d
UX: prevent overflow in description (#21124) 2023-04-18 04:20:25 +02:00
Martin Brennan
1e85de36e2
FEATURE: Hook up chat bulk delete for threads (#21109)
Followup to bd5c5c4b5f,
this commit hooks up the bulk delete events for chat
messages inside the thread panel, by fanning out the
deleted message IDs based on whether they belong to
a thread or not.

Also adds a system spec to cover this case, as previously
the bulk delete event would have been broken with an incorrect
`typ` rather than `type` hash key.
2023-04-18 08:28:20 +10:00
Penar Musaraj
b869d35f94
FIX: Dismiss modal when "Keep Editing" is used (#21117)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-04-17 17:44:21 -04:00
Keegan George
d3f3914ade
DEV: Add an offset mobile devices (#21119) 2023-04-17 13:35:11 -07:00
Arpit Jalan
8405ae7733
FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110)
* FEATURE: add a setting to allowlist DiscourseConnect return path domains

This commit adds a site setting to allowlist DiscourseConnect return
path domains. The setting needs supports exact domain or wildcard
character (*) to allow for any domain as return path.

* Add more specs to clarify what is allowed in site setting

* Update setting description to explain what is allowed
2023-04-17 22:53:50 +05:30
Meghna
68549fe54e
UX: Vertical alignment issues on mobile (#21118)
Vertical alignment fixes for topic closed small message and poll info.
2023-04-17 22:51:13 +05:30
Joffrey JAFFEUX
5b187ad25e
FIX: error when quoting message into topic (#21114)
This error was only happening on mobile, note we also already have a (mobile) test (plugins/chat/spec/system/transcript_spec.rb:184) for this which was passing as it's only happening at a specific speed. I don't want to complicate the test too much for this case, will reconsider if it regresses again.
2023-04-17 17:14:51 +02:00
Loïc Guitaut
430d6308a8 FIX: Render links with subfolders properly in Discobot
Currently, some links aren’t properly built in Discobot when Discourse
is hosted in a subfolder. This is because we’re providing
`Discourse.base_url` to the Rails helpers which contains the base URL
*with* the prefix. But Rails helpers already handle this prefix so the
resulting link gets the prefix twice.

The fix is quite simple: use `Discourse.base_url_no_prefix` instead of
`Discourse.base_url`.
2023-04-17 16:53:00 +02:00
Loïc Guitaut
a5235f7d16
DEV: Refactor STI/polymorphic associations in chat (#20789) 2023-04-17 15:41:56 +02:00
Kris
87515b1aa0
FIX: composer collapse position while uploading (#21101) 2023-04-17 09:21:32 -04:00
chapoi
9e269f993b
FIX: overflow of channel title in preview card (#21112) 2023-04-17 15:05:59 +02:00
Mark VanLandingham
ae5aa0c79f
DEV: Plugin API addQuickAccessProfileItem adds to revamped user menu (#21084) 2023-04-17 06:15:16 -05:00
Joffrey JAFFEUX
2535381f44
FIX: ensures tag notification level is changed (#21106)
Following a change in e9f7262813 which prevents the notification level to be returned from the update endpoint, the model couldn't update itself. This commit makes the update manually and adds a test to prevent future regressions.

Note we could also change the backend endpoint, but this should work correctly with minimum risk.
2023-04-17 10:48:41 +02:00
Martin Brennan
a299c61d72
DEV: Remove hardcoded user_id in spec (#21111)
Followup to 08ff6eebad,
we can just test this using the original problem in
https://meta.discourse.org/t/-/172572, which is that
SiteSetting.default_categories_normal had duplicate
IDs.
2023-04-17 16:35:22 +10:00
Martin Brennan
9a15eab3ab
FIX: Do not serialize thread data if threading disabled (#21107)
Followup to ba11cf4767,
this commit makes it so that none of the chat message
thread data is serialized if threading_enabled is false
for the channel or if enable_experimental_chat_threaded_discussions
is false, there is no need to serialize the data in this
case.
2023-04-17 14:29:06 +10:00
Joffrey JAFFEUX
274820d247
FIX: prevents exception when publishing processed (#21104)
This regression happened in bd5c5c4b5f and is due to `message_bus_targets = calculate_publish_targets(chat_channel, chat_message)` expecting a `chat_channel` which was only defined after.

Example exception in logs:

```
Job exception: undefined local variable or method `chat_channel' for Chat::Publisher:Module

/var/www/discourse/plugins/chat/app/services/chat/publisher.rb:91:in `publish_processed!' 
/var/www/discourse/plugins/chat/app/jobs/regular/chat/process_message.rb:21:in `block in execute' 
/var/www/discourse/lib/distributed_mutex.rb:53:in `block in synchronize' 
/var/www/discourse/lib/distributed_mutex.rb:49:in `synchronize' 
/var/www/discourse/lib/distributed_mutex.rb:49:in `synchronize' 
/var/www/discourse/lib/distributed_mutex.rb:34:in `synchronize' 
/var/www/discourse/plugins/chat/app/jobs/regular/chat/process_message.rb:7:in `execute' 
/var/www/discourse/app/jobs/base.rb:249:in `block (2 levels) in perform' 
```

This commit also:
- adds a spec to ensure oneboxing is not regressing anymore
- increment the version on message processed to ensure callbacks are correctly ran

Note we should also have more tests in `Chat::Publisher`, this will be done when we move it to a proper service.

<!-- NOTE: All pull requests should have tests (rspec in Ruby, qunit in JavaScript). If your code does not include test coverage, please include an explanation of why it was omitted. -->
2023-04-16 10:30:33 +02:00
Jarek Radosz
dd98ecb7d1
DEV: Remove unnecessary getURL("/") (#21103)
Our `ajax()` prepends the protocol/host/subfolder path.
2023-04-15 14:34:25 +02:00
Jarek Radosz
b8cf79895e
DEV: Set QUnit per-test timeout (#21102)
60s is a lot, and I'd prefer 15s, but the first test in a suite can take up to 40s. 60s is still better than `Infinity` 😌
2023-04-15 14:34:13 +02:00
Joffrey JAFFEUX
ba11cf4767
FIX: prevents exception if thread is not found (#21099)
It is yet to investigate the exact reasons leading to this, but probably due to some delete operation or migration, it seems possible to have a message with a thread_id leading to a non existing thread row. This is only a temporary solution to prevent the crash. We should also probably be more defensive here and not include any of this if threading is not enabled.
2023-04-14 23:03:09 +02:00
dependabot[bot]
d6b6041ae2
Build(deps): Bump webpack in /app/assets/javascripts (#21089)
Bumps [webpack](https://github.com/webpack/webpack) from 5.78.0 to 5.79.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.78.0...v5.79.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 13:22:33 +02:00
Krzysztof Kotlarek
933d276b7d
FIX: decrease reorder sidebar delay for desktop (#21098)
Delay to reorder links in custom sidebar section doesn't have to be that long for desktop compared to touch screen.
2023-04-14 12:31:21 +10:00
Alan Guo Xiang Tan
1f0207ba06
DEV: Add support for more filters for /filter route (#21097)
* DEV: Support `likes-(min:max):<count>` on `/filter` route

This commit adds support for the following filters: 

1. `likes-min` 
2. `likes-max`
3. `views-min`
4. `views-max`
5. `likes-op-min`
6. `likes-op-max`

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurrence of each filter will be taken into consideration.
2023-04-14 10:21:04 +08:00
Canapin
4b9061ae3f
UX: Remove color attribute from <kbd> tag (#20429)
As a single example, if a `<kbd>` tag is wrapped by a `<a>` link, it doesn't inherit the link color:

`[<kbd> **Support**</kbd>](https://meta.discourse.org)`

It's because the `<kbd>` tag has a `color: var(--primary);` CSS rule which seems superfluous.

If we disable it, the `<kbd>` tag inherits all the normal colors (including the link color 👌).

The direct `<kbd>` parent that assigns the text color is `<html>` (can't go higher!) which has an identical `color: var(--primary);`. 

WCAG palettes don't seem to assign specific colors in this context.

It seems fairly safe to remove `color: var(--primary);` from `<kbd>` so it won't interfere anymore with its content.
2023-04-14 10:06:12 +08:00
Canapin
b328ada667
UX: Prevents letters from being partially cut off on the profile summary page (#20715) 2023-04-14 10:04:05 +08:00
Canapin
b9ca4c9031
UX: fix anchor z-index (#21002) 2023-04-14 10:02:57 +08:00
SouthpawKB
033fddd2fb
DEV: Clarify SSL option in INSTALL-cloud.md (#21018)
Instructions in section 10 about optionally enabling free HTTPS / SSL point to the Let's Encrypt guide. The Let's Encrypt guide indicates that following this standard installation guide automatically enables Let's Encrypt.  I'm proposing a slight change to make it more clear that Let's Encrypt is automatically installed, unless the user skipped that configuration.
2023-04-14 10:02:19 +08:00
dependabot[bot]
e411d7a339
Build(deps): Bump google-protobuf from 3.22.2 to 3.22.3 (#21096)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 3.22.2 to 3.22.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py)
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.22.2...v3.22.3)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 10:00:49 +08:00
Alan Guo Xiang Tan
782b26d0eb
DEV: Support posters-(min|max):<count> on /filter route (#21095)
This commit adds support for the `posters-min:<count>` and
`posters-max:<count>` filters for the topics filtering query language.
`posters-min:1` will filter for topics with at least a one poster while
`posters-max:3` will filter for topics with a maximum of 3 posters.

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurence of each filter will be taken into consideration.
2023-04-14 07:48:38 +08:00
Joffrey JAFFEUX
e190c00bc4
DEV: skip flakey chatables controller spec (#21093) 2023-04-14 06:06:57 +08:00
Alan Guo Xiang Tan
bc4a9c50f2
DEV: Support posts-min:<count> and posts-max:<count> on /filter (#21090)
This commit adds support for the `posts-min:<count>` and
`posts-max:<count>` filters for the topics filtering query language.
`posts-min:1` will filter for topics with at least a one post while
`posts-max:3` will filter foor topics with a maximum of 3 posts.

If the filter has an invalid value, i.e string that cannot be converted
into an integer, the filter will be ignored.

If either of each filter is specify multiple times, only the last
occurence of each filter will be taken into consideration.
2023-04-14 06:05:55 +08:00
Joffrey JAFFEUX
9b3408223b
FIX: relies on native focus behavior in chat emoji picker (#21092)
This codepath was responsible to scroll to the first emoji of a section, however `scrollIntoView` was not super reliable and was also causing the whole page to scroll with drawer. This is also simply not necessary code as native focus behavior will scroll to the element.
2023-04-13 20:35:13 +02:00
Martin Brennan
bd5c5c4b5f
FEATURE: Reacting to MessageBus in chat thread panel (#21070)
This commit introduces a ChatChannelPaneSubscriptionsManager
and a ChatChannelThreadPaneSubscriptionsManager that inherits
from the first service that handle MessageBus subscriptions
for the main channel and the thread panel respectively.

This necessitated a change to Chat::Publisher to be able to
send MessageBus messages to multiple channels based on whether
a message was an OM for a thread, a thread reply, or a regular
channel message.

An initial change to update the thread indicator with new replies
has been done too, but that will be improved in future as we have
more data to update on the indicators.

Still remaining is to fully move over the handleSentMessage
functionality which includes scrolling and new message indicator
things.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-04-13 14:45:50 +02:00
David Taylor
e52f322cb5
UX: Use dominant color while loading onebox images (#21091)
When we "pull hotlinked images" on onebox images, they are added to the uploads table and their dominant color is calculated. This commit adds the data to the HTML so that it can be used by the client in the same way as non-onebox images. It also adds specific handling to the new `discourse-lazy-videos` plugin.
2023-04-13 12:04:46 +01:00
Joffrey JAFFEUX
18c81958e5
UX: various tweaks on thread (#21083)
- Back button in drawer will bring you back to channel
- Larger font for thread indicator
- Prevents screen flashing due to clearing messages when they were already loaded
- Fixes a bug where did-update params were inverted causing an error when expanding/collapsing drawer
2023-04-13 10:08:12 +02:00
David Battersby
967010e545
FEATURE: Add an emoji deny list site setting (#20929)
This feature will allow sites to define which emoji are not allowed. Emoji in this list should be excluded from the set we show in the core emoji picker used in the composer for posts when emoji are enabled. And they should not be allowed to be chosen to be added to messages or as reactions in chat.

This feature prevents denied emoji from appearing in the following scenarios:
- topic title and page title
- private messages (topic title and body)
- inserting emojis into a chat
- reacting to chat messages
- using the emoji picker (composer, user status etc)
- using search within emoji picker

It also takes into account the various ways that emojis can be accessed, such as:
- emoji autocomplete suggestions
- emoji favourites (auto populates when adding to emoji deny list for example)
- emoji inline translations
- emoji skintones (ie. for certain hand gestures)
2023-04-13 15:38:54 +08:00
Alan Guo Xiang Tan
5b1306cb54
DEV: Refactor TopicsFilter (#21071)
Why this change?

Previously `TopicsFilter` was designed in such a way that we act on a
filter sequentially based on the order it was matched. However, this
made it hard to support filters composition where a similar filter may
be present further in the query string. Because of this limitation, I
previously introduced a private API `TopicsFilter.register_scope` which
allows us to act on a filter only after the entire query string has been
scanned. However, I felt that it made the code complicated and hard to
reason about.

In thie commit, I've changed it such that we scan through the entire
query string and group the values of each filter together. This allows
us to act on the values of a given filter in one go which I find easier
to reason about. This also opens up the possibility for us to ignore
certain filters when it has been specified multiple times.
2023-04-13 13:22:11 +08:00
dependabot[bot]
192f4149db
Build(deps): Bump sass-embedded from 1.61.0 to 1.62.0 (#21086)
Bumps [sass-embedded](https://github.com/ntkme/sass-embedded-host-ruby) from 1.61.0 to 1.62.0.
- [Release notes](https://github.com/ntkme/sass-embedded-host-ruby/releases)
- [Commits](https://github.com/ntkme/sass-embedded-host-ruby/compare/v1.61.0...v1.62.0)

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 08:43:16 +08:00
dependabot[bot]
8b0b2416e7
Build(deps-dev): Bump yard from 0.9.32 to 0.9.34 (#21087)
Bumps [yard](https://github.com/lsegal/yard) from 0.9.32 to 0.9.34.
- [Release notes](https://github.com/lsegal/yard/releases)
- [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lsegal/yard/compare/v0.9.32...v0.9.34)

---
updated-dependencies:
- dependency-name: yard
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 08:42:23 +08:00
dependabot[bot]
5e1b6937a6
Build(deps): Bump rubocop from 1.50.0 to 1.50.1 (#21088)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 08:42:07 +08:00
Jarek Radosz
cb1e95cd3d
FIX: Educational composer messages regressed in 788dc0a (#21082)
Tests coming in another PR
2023-04-12 20:05:52 +02:00
David Taylor
93c33e02f0
PERF: Avoid full posts table scans during anonymisation (#21081)
2e78045a fixed the anonymization job so that it correctly updated self-mentions, which are not logged in the post_actions table. The solution was to scan the entire `posts` table with an `raw ILIKE` query. On sites with many posts, this can take a very long time.

This commit updates the job to take a two-pass approach:

First, we update posts based on the post_actions table. This is much more efficient than a full table scan, and takes care of all 'non-self' mentions.

Then, we make a second pass using the `raw ILIKE` approach. Since we already took care of most posts, we can scope this down to self-mentions only. By filtering the query to a specific posts.user_id, it is significantly more performant than a full table scan.
2023-04-12 18:39:10 +01:00
David Taylor
fa5a423681
Revert "DEV: Support modifyClass for native class fields on EmberObjects (#20987)" (#21080)
This reverts commit a19efc4304.

This is causing issues in production - reverting while we investigate
2023-04-12 17:38:44 +01:00
David Taylor
a19efc4304
DEV: Support modifyClass for native class fields on EmberObjects (#20987)
EmberObject's `reopen` feature allows changes to be made to the prototype of the class, but it does not work with native class fields. Native class field values are set on the instance in the constructor, and therefore override any values from the prototype.

This commit implements a workaround which detects possible field overrides and then sets the values during the `init()` function of the EmberObject. This isn't perfect - old field values will still be present while any constructor function is running. But in the vast majority of cases, it should provide parity with old non-native-class EmberObject properties.

This commit also adds a warning when trying to override fields on non-EmberObject classes. There is no change in behavior here - we're just warning about the fact it doesn't work.
2023-04-12 16:49:57 +01:00
Jarek Radosz
788dc0a096
DEV: Refactor ComposerMessages (#21077)
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-12 17:02:37 +02:00
David Taylor
db16700355
PERF: Memoize element references for dockCheck (#21079)
This is run frequently in a scroll listener. Removing the need for repeated `querySelector` calls makes those scroll handlers much faster.
2023-04-12 14:17:43 +01:00
David Taylor
a328153ec2
DEV: Enable patch-package in production and in javascripts/discourse (#21078)
When running `yarn install` in a yarn workspace, the lifecycle hooks in the root package.json are not triggered. https://github.com/yarnpkg/yarn/issues/5790

As a workaround, we can additionally run `patch-package` from the `javascripts/discourse/package.json` `postinstall` hook. `patch-package` is idempotent, so it doesn't matter if it is triggered multiple times.

Longer term we intend to move to pnpm, which has built-in patch support.
2023-04-12 13:15:53 +01:00