Commit Graph

41084 Commits

Author SHA1 Message Date
Jarek Radosz
be5ed73f08
UI: Make sure staff logs don't break the layout (#12494)
Prevents accidental layout stretching in `/admin/logs/staff_action_logs`
2021-03-23 22:08:28 +01:00
Jarek Radosz
6ff888bd2c
DEV: Retry-after header values should be strings (#12475)
Fixes `Rack::Lint::LintError: a header value must be a String, but the value of 'Retry-After' is a Integer`. (see: 14a236b4f0/lib/rack/lint.rb (L676))

I found it when I got flooded by those warning a while back in a test-related accident 😉 (ember CLI tests were hitting a local rails server at a fast rate)
2021-03-23 20:32:36 +01:00
Dan Ungureanu
2a4ddc621d
FIX: Add migration to set correct redemption_count (#12491)
Redeeming email invites did not increase the redemption_count which let
those invites in a weird state were they were both pending and redeemed.
2021-03-23 18:57:39 +02:00
Penar Musaraj
066c59d0e3
FIX: Regression in colors used by non-default theme (#12492)
eb7f0ec caused this regression, where a non-default theme set to use
the base color scheme was resolving to the default theme's color scheme.
2021-03-23 12:46:25 -04:00
Arpit Jalan
dc73aadbff
FIX: bulk "archive" and "move to inbox" for group messages was broken (#12488) 2021-03-23 21:34:47 +05:30
Discourse Translator Bot
e477a9a47d
Update translations (#12490) 2021-03-23 16:12:04 +01:00
Bianca Nenciu
d7bd62d9cf
FIX: Replace censored watched word consistently (#12486)
Applying oneboxes and replacing censored watched words does not happen
in a strict order which often lead to inconsistencies. This commit
fixes the behavior and will never censor oneboxes.

To make it always censor oneboxes implies significant changes to the
PrettyText pipeline.
2021-03-23 13:09:24 +02:00
Nacho Caballero
deb9e3cd22
Fix CSS for collapsed table cells when showing insertion in Raw mode (#12489) 2021-03-23 10:43:25 +01:00
Bianca Nenciu
2ad9b3f432
FEATURE: Add anchor links to headings (#12379) 2021-03-23 10:45:06 +02:00
Bianca Nenciu
e48d055232
FIX: Do not show duplicate_link notice for quotes (#12481)
Quoting a link from the topic would show a false duplicate_link notice.
2021-03-23 10:43:55 +02:00
Martin Brennan
bcd6efa98c
FIX: Never display the invite show page form if DiscourseConnect enabled (#12466)
This form does not need to show if discourse connect is enabled
because generally the fields that would be filled in here are
filled in by the SSO provider. There is also an issue right now
where enable_local_logins and enable_discourse_connect can be
true at the same time which is not right.
2021-03-23 09:02:07 +10:00
Sam
e45bca7298
PERF: avoid regex on uploads table (#12485)
In extreme circumstances when the uploads table is huge, the old version of
this migration could take a very long time.

The rewrite extracts the sha1 directly from the badges table and does an index
based match on the uploads table
2021-03-23 09:19:02 +11:00
dependabot[bot]
d453d74ca7
Build(deps): Bump bootsnap from 1.7.2 to 1.7.3 (#12483)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.2...v1.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 22:24:23 +01:00
Bianca Nenciu
437c9a554b
FEATURE: Import and export watched word (#12444)
Find & Replace and Autotag watched words were not completely exported
and import did not work with these either. This commit changes the
input and output format to CSV, which allows for a secondary column.

This change is backwards compatible because a CSV file with only one
column has one value per line.
2021-03-22 22:32:18 +02:00
Rafael dos Santos Silva
fb4486d5f1
FEATURE: Add CSP frame-ancestors support (#12404) 2021-03-22 16:00:25 -03:00
Roman Rizzi
706ea6692d
UI: Rename button with a duplicated name. (#12480)
There're two buttons name "Flag Post". Rename one of them to avoid confusion.
2021-03-22 15:50:44 -03:00
Roman Rizzi
ccc44baa10
FEATURE: Add a typographer rule to replace (pa) with ¶. (#12478) 2021-03-22 15:04:08 -03:00
Dan Ungureanu
4e46732346
FEATURE: Implement browser update in crawler view (#12448)
browser-update script does not work correctly in some very old browsers
because the contents of <noscript> is not accessible in JavaScript.
For these browsers, the server can display the crawler page and add the
browser update notice.

Simply loading the browser-update script in the crawler view is not a
solution because that means all crawlers will also see it.
2021-03-22 19:41:42 +02:00
Jarek Radosz
3e586ab25a
FIX: Don't attempt to delete non-existent bookmark (#12473)
Could happen when using the keyboard shortcut. ("d d")
2021-03-22 18:25:34 +01:00
Roman Rizzi
e4ec0da714
FIX: Anons should see the Topic slow mode notice. (#12460) 2021-03-22 13:55:45 -03:00
Bianca Nenciu
ec7415ff49
FEATURE: Check email availability in signup form (#12328)
* FEATURE: Check email availability on focus out

* FIX: Properly debounce username availability
2021-03-22 17:46:03 +02:00
Joffrey JAFFEUX
4fb2d397a4
FIX: ensures popper's autocomplete instance is destroyed (#12476) 2021-03-22 16:19:36 +01:00
Bianca Nenciu
129aeb8c2f
FIX: Improvements to email styles (#12451) 2021-03-22 14:09:38 +02:00
Joffrey JAFFEUX
15a9a85f0a
FIX: ensures invisible link is not interfering with UI/tab order (#12472) 2021-03-22 12:51:18 +01:00
Jarek Radosz
695288f8ff
FIX: Restore client.zh_TW.yml (#12470)
Accidentally removed in b7556fca80
2021-03-22 10:58:46 +01:00
lhkjacky
b7556fca80
DEV: Add ap-east-1 S3 region (#12457)
Asia Pacific (Hong Kong) ap-east-1
2021-03-22 10:22:29 +01:00
Joffrey JAFFEUX
2b5046af19
FIX: a never created listener was removed (#12469) 2021-03-22 09:58:59 +01:00
Joffrey JAFFEUX
c3e76da90a
DOC: document addShortcut click option (#12467) 2021-03-22 09:51:45 +01:00
Joffrey JAFFEUX
4857891ecf
DEV: correctly defines focusComposer shortcut as shift+c (#12468) 2021-03-22 09:46:38 +01:00
dependabot[bot]
9250d93b34
Build(deps): Bump oauth2 from 1.4.4 to 1.4.7 (#12462)
Bumps [oauth2](https://github.com/oauth-xx/oauth2) from 1.4.4 to 1.4.7.
- [Release notes](https://github.com/oauth-xx/oauth2/releases)
- [Changelog](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 09:24:34 +01:00
Martin Brennan
6eb0d0c38d
SECURITY: Fix is_private_ip for RateLimiter to cover all cases (#12464)
The regular expression to detect private IP addresses did not always detect them successfully.
Changed to use ruby's in-built IPAddr.new(ip_address).private? method instead
which does the same thing but covers all cases.
2021-03-22 13:56:32 +10:00
Kris
9526c1a27b
FEATURE: Add admin-area class to HTML tag (#12459) 2021-03-22 11:36:26 +11:00
Robin Ward
942ee1e218
FIX: Tests were broken in Firefox (#12456)
There are a lot of little fixes to tests here, but the biggest issue was
too much recursion because we kept replacing the helpers over and over
again. I assume Chrome has tail recursion or something to speed this up
but Firefox hated it.

Otherwise, we can't rely on the order of attributes in rendered HTML so
I simplified most of those tests to just look for key strings in the
HTML that are rendered.
2021-03-22 11:35:51 +11:00
Penar Musaraj
d898e00242
FIX: Clear draft modal correctly when switching topics (#12458)
Fixes an issue where the "Keep editing" button in the discard draft
modal wouldn't work when switching to a new topic with an open composer
and clicking Reply.

Followup to d470e4f
2021-03-22 11:32:19 +11:00
dependabot[bot]
4e9d6cb95b
DEV: Bump nokogumbo from 2.0.4 to 2.0.5 (#12461)
Bumps [nokogumbo](https://github.com/rubys/nokogumbo) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/rubys/nokogumbo/releases)
- [Changelog](https://github.com/rubys/nokogumbo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubys/nokogumbo/compare/v2.0.4...v2.0.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-22 11:30:29 +11:00
Martin Brennan
49f4c548ef
FEATURE: Bookmark pinning (#12431)
Users can now pin bookmarks from their bookmark list. This will anchor the bookmark to the top of the list, and show a pin icon next to it. This also applies in the nav bookmarks panel. If there are multiple pinned bookmarks they sort by last updated order.
2021-03-22 09:50:22 +10:00
David Taylor
56a573ab4b
DEV: Remove String#match? and Regexp.match? polyfills (#12454)
This was added in Ruby 2.4. Discourse will no longer run on ruby versions older than that, so we can drop this polyfill
2021-03-19 19:55:44 +00:00
David Taylor
374ab82dd6
FIX: Ensure 100-logster initializer is run before 101-lograge (#12455)
The logster initializer tries to adds RailsMultisite::Formatter to the STDOUT logger. In production, the lograge initializer then removes the RailsMultisite:Formatter because the JSON log will include the database.

e10a74694a used `Rails.application.reloader.to_prepare` to defer running the 100-logster initializer, which meant it ran **after** 101-lograge. This meant that we were writing JSON logs with a non-json text prefix.

The `to_prepare` was added because our freedom-patches are now deferred using `to_prepare`, and some initializers were relying on the freedom patches. However, following 1533cbb38b, we decided to load the RailsMultisite freedom patch without `to_prepare`. Therefore, `005-site_settings` and `100-logster` no longer need to use `to_prepare`. Removing it means that these initializers are back to running in sequential order, and the logging issue will be resolved.

The only remaining initializer which depends on freedom patches is `100-i18n`. I've added a comment to explain why.
2021-03-19 19:51:13 +00:00
Roman Rizzi
e3d86c4e35
FIX: Only refresh the review count when the user can see the review queue. (#12453)
We currently make an AJAX request every time someone opens the hamburger menu, resulting in a forbidden response when a user can't see the review queue.
2021-03-19 16:20:41 -03:00
Robin Ward
af5adc440e
DEV: We hadn't enabled object-rest-spread in all contexts (#12452)
See: https://babeljs.io/docs/en/babel-plugin-proposal-object-rest-spread

This fixes Discourse in browsers that don't support this syntax yet.
2021-03-19 13:57:04 -04:00
Dan Ungureanu
534008ba24
FIX: Improve handling when email is obfuscated (#12450)
This commit ensures that email validation is skipped when the email is
obfuscated, that the email is no longer send when it is not an invite
link and no username is suggested if the email is hidden as it may
reveal the first part of the email.

Follow up to commit 033d6b6437.
2021-03-19 17:15:46 +02:00
Osama Sayegh
c9923a3e3e
UX: Composer actions menu header should display the icon of selected action (#12449)
See a video of the change in the PR: https://github.com/discourse/discourse/pull/12449.
2021-03-19 17:48:43 +03:00
Robin Ward
5b02aad9c1
Support for Testem in Ember CLI (#12442)
* DEV: Use custom tags rather than handlebars server side

These will be skipped if they are ever rendered in a document. The
handlebars really messes stuff up.

* DEV: Build our own locale file for testing purposes

We can't practically proxy everything in test mode, but we can
approximate the logic and build our own locale file for testing purposes
that works quite well. This allows us to run tests without a proxy.

* DEV: Support for testem runner for ember cli tests
2021-03-19 09:32:46 -04:00
Gerhard Schlager
2d1b087efc
FIX: Delete invalid web push subscriptions (#12447)
The endpoint as well as the public and private ECDH keys are required to successfully send a push notification.
2021-03-19 14:24:03 +01:00
Penar Musaraj
d470e4fade
FEATURE: Allow users to save draft and close composer (#12439)
We previously included this option conditionally when users were replying
or creating a new topic while they had content already in the composer.

This makes the dialog always include three buttons:
  - Close and discard
  - Close and save draft for later
  - Keed editing

This also changes how the backend notifies the frontend when there is
a current draft topic. This is now sent via the `has_topic_draft`
property in the current user serializer.
2021-03-19 09:19:15 -04:00
Bianca Nenciu
6eab1e83c3
FIX: Do not fail if Postgres is not available (#12440)
Follow-up to 50f8782def.
2021-03-19 12:07:39 +02:00
Robert
4dcdbd7801
REFACTOR: break search results in multiple sub components
This change will introduce:
- search-result-entries
- search-result-entry

making the full-page-search template easier and less risky to override.
2021-03-19 10:49:14 +01:00
Martin Brennan
fb0b4e26a9
DEV: Add output_sql_to_stderr! to MethodProfiler (#12445)
This PR adds MethodProfiler.output_sql_to_stderr! for easier debugging of SQL queries and their timings from the console.

This is almost the same as ensure_discourse_instrumentation! but should not
be used in production (save for debugging in the console), and is only instrumenting
PostgresSQL queries.

This is almost the same as ensure_discourse_instrumentation! but should not
be used in production. This logs all SQL queries run and their durations
between start and stop.

It also works for super long running queries. If you interrupt the long-running
query the latest query data will still be logged after stopping the profiler.

Usage:

```
MethodProfiler.output_sql_to_stderr!(filter_transactions: true)
MethodProfiler.start

# some code that runs queries

timings = MethodProfiler.stop
```
2021-03-19 17:48:30 +10:00
dependabot[bot]
b432a4acd8
Build(deps-dev): Bump rspec-rails from 5.0.0 to 5.0.1 (#12443)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-19 01:55:42 +01:00
Martin Brennan
355d51afde
FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic.

The invitation methods that are supported include:

* Inviting people to groups via email address
* Inviting people to topics via email address
* Using invitation links generated by the Invite Users UI in the /my/invited/pending route

The flow works like this:

1. User visits an invite URL
2. The normal invitation validations (redemptions/expiry) happen at that point
3. We store the invite key in a secure session
4. The user clicks "Accept Invitation and Continue" (see below)
5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login
6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email
7. If the invite is OK we create the user via the normal SSO methods
8. We redeem the invite and activate the user. We clear the invite key in secure session.
9. If the invite had a topic we redirect the user there, otherwise we redirect to /

Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case.

Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
2021-03-19 10:20:10 +10:00