Commit Graph

942 Commits

Author SHA1 Message Date
Joffrey JAFFEUX
a6f986b50f
FEATURE: allows to to style published page with themes/plugins (#9570) 2020-04-28 18:24:24 +02:00
Blake Erickson
a93ef2926d
DEV: Add rswag to aid in api documention (#9546)
Adding in rswag will allow us to write spec files to document and test
our api.
2020-04-27 16:40:07 -06:00
Roman Rizzi
394babcae3
FIX: Only show the review page to users that can see it. Do not publish the reviewable count update message to everyone. (#9556) 2020-04-27 14:51:25 -03:00
Benno
6e01acb3cb
FIX: Apply category priority for empty query (#9516) 2020-04-27 10:35:27 -04:00
Vinoth Kannan
df0c386f8a
UX: drop the automatic_membership_retroactive column from groups model. (#9430) 2020-04-22 22:07:39 +05:30
Robin Ward
13f2723dcb FIX: Don't log an error to logster if a topic could not be updated.
If for some reason an update did not go through (for example,
concurrently updating the same topic twice), we were logging something
like:

```
create_errors_json called with unrecognized type: #<Topic
```

This happened because we knew an error occurred but the active record
object had no errors attached.

This patch fixes the issue by attaching a proper error message in the
event that this happens.
2020-04-22 11:56:04 -04:00
Vinoth Kannan
a511bea4cc
FEATURE: admin UI to merge two users. (#9509) 2020-04-22 14:07:51 +05:30
Martin Brennan
628ba9d1e2
FEATURE: Promote bookmarks with reminders to core functionality (#9369)
The main thrust of this PR is to take all the conditional checks based on the `enable_bookmarks_with_reminders` away and only keep the code from the `true` path, making bookmarks with reminders the core bookmarks feature. There is also a migration to create `Bookmark` records out of `PostAction` bookmarks for a site.

### Summary

* Remove logic based on whether enable_bookmarks_with_reminders is true. This site setting is now obsolete, the old bookmark functionality is being removed. Retain the setting and set the value to `true` in a migration.
* Use the code from the rake task to create a database migration that creates bookmarks from post actions.
* Change the bookmark report to read from the new table.
* Get rid of old endpoints for bookmarks
* Link to the new bookmarks list from the user summary page
2020-04-22 13:44:19 +10:00
Jarek Radosz
a781ef7662
FIX: Reject invalid Category slugs (#9473)
Previously it would sanitize given slug and then save the resulting empty slug.
2020-04-21 03:50:50 +02:00
Jarek Radosz
17cf300b71
DEV: Use more specific error responses (#9472)
* DEV: Use `render_json_error` (Adds specs for Admin::GroupsController)
* DEV: Use a specific error on blank category slug (Fixes a `render_json_error` warning)
* DEV: Use a specific error on reviewable claim conflict (Fixes a `render_json_error` warning)
* DEV: Use specific errors in Admin::UsersController (Fixes `render_json_error` warnings)
* FIX: PublishedPages error responses
* FIX: TopicsController error responses (There was an issue of two separate `Topic` instances for the same record. This makes sure there's only one up-to-date instance.)
2020-04-21 03:50:20 +02:00
Sam Saffron
ee36382640
FEATURE: improve rendering of RSS feeds
- Eliminate superfluous "author wrote" block
- Eliminate block-quote for all posts
- Move participant count and reply count to 1 line
- Prioritize name over username if forum requests
- Use fabrication in list controller spec to speed up spec
2020-04-20 16:08:24 +10:00
Martin Brennan
344ef5226c
FEATURE: Edit bookmark reminders from post and explicit delete button (#9455)
There is now an explicit "Delete Bookmark" button in the edit modal. A confirmation is shown before deleting.

Along with this, when the bookmarked post icon is clicked the modal is now shown instead of just deleting the bookmark. Also, the "Delete Bookmark" button from the user bookmark list now confirms the action.

Add a `d d` shortcut in the modal to delete the bookmark.
2020-04-20 13:30:04 +10:00
Mark VanLandingham
0e74dd7d7c
FIX: Set user timezone on password reset login (#9461) 2020-04-17 13:39:04 -05:00
Roman Rizzi
dce46086f4
FIX: Do not raise an error if the post action type is nil (#9458) 2020-04-17 14:23:33 -03:00
Krzysztof Kotlarek
e8e764c064
FIX: flaky groups_controller_spec (#9439)
Sometimes spec which is testing order groups by user count is failing.

My theory is that cause is the randomness of Postgres when the order value is the same for 2 rows.

In spec, we got three groups
`moderator_group` - 0 users
`group` - 1 user
`other_group` - 1 user

And we are expecting that controller will return them in ascending order [moderator, group, other_group]

Because `group` and `other_group` contain the same amount of users, we are dealing with luck

Therefore, I believe that adding one more user to other_group should make that query reliable.

It was not crashing on my local machine, so I am not 100% sure.
2020-04-17 09:04:10 +10:00
Blake Erickson
fec68d3d25 DEV: Confirm email when creating users via the API
This commit is for a frequently requested task on meta so that only 1
API call is needed instead of 3!

In order to create a user via the api and not have them receive an
activation email you can pass in the `active=true` flag. This prevents
sending an email, but it is only half of the solution and puts the db in
a weird state where it has an active user with an unconfirmed email.

This commit fixes that and ensures that if the `active=true` flag is set
the user's email is also marked as confirmed.

This change only applies to admins using the API.

Related topics on meta:

 - https://meta.discourse.org/t/-/68663
 - https://meta.discourse.org/t/-/33133
 - https://meta.discourse.org/t/-/36133
2020-04-14 14:56:32 -06:00
Justin DiRose
5471c065cd
FIX: Missing timezone guess on email session login (#9404)
Timezone is guessed by moment.js if unset upon a normal login, but was not when
logging in via an email link. This adds logic to update a guessed
timezone upon email login so timezones don't end up blank.
2020-04-10 13:19:39 -05:00
Jeff Wong
5ccbc5f3ee
FEATURE: add after-reviewable-post-user plugin outlet (#9397)
FEATURE: add after-reviewable-post-user plugin outlet

Add a plugin outlet after reviewable post user

Add a basic user serializer that includes custom fields.
Allows review queue serializer to include custom fields for its users
2020-04-09 11:32:39 -07:00
Robin Ward
e1f8014acd
FEATURE: Support for publishing topics as pages (#9364)
If the feature is enabled, staff members can construct a URL and publish a
topic for others to browse without the regular Discourse chrome.

This is useful if you want to use Discourse like a CMS and publish
topics as articles, which can then be embedded into other systems.
2020-04-08 12:52:36 -04:00
Sam Saffron
b824898f61
FIX: respect automatic group membership when sso changes email
Previously we were only updating group membership when a user record was
first created in an SSO setting.

This corrects it so we also update it if SSO changes the email
2020-04-08 16:33:50 +10:00
Sam Saffron
0375a5ac0b
DEV: reduce logging when no external id is specified
Previously we were returning an unknown sso error and logging a message
when external id was blank. This noise is not needed.
2020-04-08 12:42:28 +10:00
Rafael dos Santos Silva
3053c6d95e
FEATURE: Enable offline browsing and fullscreen PWA in iOS by default 2020-04-07 16:58:21 -03:00
Dan Ungureanu
0653750fbf
FEATURE: Hash user API keys in the database (#9344)
The 'key' column will be dropped in a future commit.
2020-04-07 16:42:52 +03:00
Blake Erickson
d04ba4b3b2
DEPRECATION: Remove support for api creds in query params (#9106)
* DEPRECATION: Remove support for api creds in query params

This commit removes support for api credentials in query params except
for a few whitelisted routes like rss/json feeds and the handle_mail
route.

Several tests were written to valid these changes, but the bulk of the
spec changes are just switching them over to use header based auth so
that they will pass without changing what they were actually testing.

Original commit that notified admins this change was coming was created
over 3 months ago: 2db2003187

* fix tests

* Also allow iCalendar feeds

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2020-04-06 16:55:44 -06:00
Vinoth Kannan
2f9879a9a1 FIX: move total rows count & load more URL inside meta.
We're fetching "total rows count" from root attributes only if meta object not found. 2b78bd01ab/app/assets/javascripts/discourse/models/store.js (L236)
2020-04-03 07:32:50 +05:30
Penar Musaraj
724d2e99de
DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
Martin Brennan
c07dd0d22a
FEATURE: Add lazy loading to user bookmarks list (#9317)
This is so users with huge amount of bookmarks do not have to wait a long time to see results.

* Add a bookmark list and list serializer to server-side to be able to handle paging and load more URL
* Use load-more component to load more bookmark items, 20 at a time in user activity
* Change the way current user is loaded for bookmark ember models because it was breaking/losing resolvedTimezone when loading more items
2020-04-01 14:09:07 +10:00
Arpit Jalan
b2a0d34bb7
FEATURE: add setting auto_approve_email_domains to auto approve users (#9323)
* FEATURE: add setting `auto_approve_email_domains` to auto approve users

This commit adds a new site setting `auto_approve_email_domains` to
auto approve users based on their email address domain.

Note that if a domain already exists in `email_domains_whitelist` then
`auto_approve_email_domains` needs to be duplicated there as well,
since users won’t be able to register with email address that is
not allowed in `email_domains_whitelist`.

* Update config/locales/server.en.yml

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2020-03-31 23:59:15 +05:30
Neil Lalonde
29e733832d
FIX: error when changing a topic's category and creating a tag 2020-03-30 16:43:01 -04:00
Robin Ward
db35baba26 FEATURE: Display "Last Updated At" on user directory 2020-03-30 14:34:48 -04:00
Joffrey JAFFEUX
0996c3b7b3
FEATURE: allows multiple custom emoji groups (#9308)
Note: DBHelper would fail with a sql syntax error on columns like "group".

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2020-03-30 20:16:10 +02:00
Sam Saffron
ecbccab159
FEATURE: invite_code is case-insensitive
Previously we required exact casing for invite code, this can cause a lot
of confusion. Relax the requirement.
2020-03-26 13:44:02 +11:00
Martin Brennan
097851c135
FIX: Change secure media to encompass attachments as well (#9271)
If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”.

This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-26 07:16:02 +10:00
Bianca Nenciu
61c1af0124 SECURITY: Ensure user can see group and group members 2020-03-24 11:59:41 +02:00
Bianca Nenciu
d8640fd042
DEV: Move requested_group_id custom field from post to topic (#9127)
Follow-up-to accbbded15
2020-03-24 11:12:52 +02:00
Sam Saffron
46a9622246
FIX: prevent scheduled publishing to deleted category
We missed a dependency which left timers firing on missing categories.

Co-authored-by: tshenry
2020-03-24 16:59:42 +11:00
David Taylor
5db41cd578
SECURITY: Respect topic permissions when loading bookmark metadata
Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:48 +00:00
David Taylor
5ff505cea6
SECURITY: Respect topic permissions when loading draft metadata
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:40 +00:00
Jeff Wong
3189dab622 FIX: correctly remove authentication_data cookie on oauth login flow
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-21 14:34:25 -07:00
Blake Erickson
c97244ca11 FIX: post edited webhook does not reflect updated topic title
This fix ensures that when a topic title is edited the new title shows
up in the post webhook instead of the old title.

Rather than passing in the old topic object to the PostRevisor the
PostRevisor initializer will load the updated topic object inside of the
initializer if you don't pass it in. This will allow the post_edited
webhook to have the correct topic values.

Original bug reported at:

https://meta.discourse.org/t/post-edited-webhook-does-not-reflect-updated-topic-title/144722
2020-03-21 07:43:11 -06:00
David Taylor
dbfec4b268
DEV: Update spec for category permalink
Followup to 3215f2b6ee
2020-03-20 22:26:45 +00:00
Jeff Wong
4ecc0a25ae Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)"
This reverts commit beaeb0c4b2.
2020-03-20 14:37:55 -07:00
Jeff Wong
beaeb0c4b2
FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)
Attempt 2, with more test.

Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

Setting the cookie for the correct path, and not having it on root
Correctly removing the cookie on first login
2020-03-20 14:03:38 -07:00
Robin Ward
0d3386d255 Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238)"
This reverts commit a1f9b1a7fc.

This might have caused a problem with social logins. We are confirming
via this revert and will follow up.
2020-03-20 15:25:10 -04:00
Jarek Radosz
20f3be1e9c
DEV: Use the type: :multisite spec setting (#9245)
Fixes recent spec flakiness.

Also includes:
DEV: Prevent accidental exit from specs
2020-03-20 16:18:34 +01:00
Vinoth Kannan
f3ddc36ac6 FIX: update email_digests user option when default_email_digest_frequency updated. 2020-03-20 00:55:47 +05:30
Jeff Wong
a1f9b1a7fc
FIX: correctly remove authentication_data cookie on oauth login flow (#9238)
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:
* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-19 09:00:46 -07:00
Vinoth Kannan
aad12822b7
FEATURE: automatically delete replies on a topic after N days. (#9209) 2020-03-19 21:06:31 +05:30
Martin Brennan
8769ca08bb SECURITY: Prevent access to other user's bookmark lists 2020-03-19 10:59:32 +10:00
Martin Brennan
a6e9057609
FIX: Ensure show_short URLs handle secure uploads using multisite (#9212)
Meta report: https://meta.discourse.org/t/short-url-secure-uploads-s3/144224
* if the show_short route is hit for an upload that is
  secure, we redirect to the secure presigned URL. however
  this was not taking into account multisite so the db name
  was left off the path which broke the presigned URL
* we now use the correct url_for method if we know the
  upload (like in the show_short case) which takes into
  account multisite
2020-03-16 11:54:14 +10:00
Sam Saffron
a1d660d951
FEATURE: optional global invite_code for account registration
On some sites when bootstrapping communities it is helpful to bootstrap
with a "light weight" invite code.

Use the site setting `invite_code` to set a global invite code.

In this case the administrator can share the code with
a community which is very easy to remember and then anyone who has
that code can easily register accounts.

People without the invite code are not allowed account registration.

Global invite codes are less secure than indevidual codes, in that they
tend to leak in the community however in some cases when starting a brand
new community the security guarantees of invites are not needed.
2020-03-15 21:17:28 +11:00
Martin Brennan
dc02586d99 Fix error on create bookmark for topic 2020-03-13 13:33:57 +10:00
Martin Brennan
849631188f
FEATURE: Allow custom date + time for bookmark reminders (#9185)
A custom date and time can now be selected for a bookmark reminder

The reminder will not happen at the exact time but rather at the next 5 minute interval of the bookmark reminder schedule.

This PR also fixes issues with bulk deleting topic bookmarks.
2020-03-12 10:52:15 +10:00
Martin Brennan
793f39139a
FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071)
* This PR implements the scheduling and notification system for bookmark reminders. Every 5 minutes a schedule runs to check any reminders that need to be sent before now, limited to **300** reminders at a time. Any leftover reminders will be sent in the next run. This is to avoid having to deal with fickle sidekiq and reminders in the far-flung future, which would necessitate having a background job anyway to clean up any missing `enqueue_at` reminders.

* If a reminder is sent its `reminder_at` time is cleared and the `reminder_last_sent_at` time is filled in. Notifications are only user-level notifications for now.

* All JavaScript and frontend code related to displaying the bookmark reminder notification is contained here. The reminder functionality is now re-enabled in the bookmark modal as well.

* This PR also implements the "Remind me next time I am at my desktop" bookmark reminder functionality. When the user is on a mobile device they are able to select this option. When they choose this option we set a key in Redis saying they have a pending at desktop reminder. The next time they change devices we check if the new device is desktop, and if it is we send reminders using a DistributedMutex. There is also a job to ensure consistency of these reminders in Redis (in case Redis drops the ball) and the at desktop reminders expire after 20 days.

* Also in this PR is a fix to delete all Bookmarks for a user via `UserDestroyer`
2020-03-12 10:16:00 +10:00
Jarek Radosz
4e5dd4105c DEV: Fix flaky signed_url_for_path spec
AWS gem uses internally `Time.now` to generate the presigned URLs, so often two consecutive calls with the same params would give different results.
2020-03-10 23:22:26 +01:00
Blake Erickson
6fb4c333b0
FIX: Throw error when removing a user from group fails (#9162)
This commit ensures that an error is thrown when a user fails to be
removed from a group instead of silently failing.

This means when using the api you will receive a 400 instead of a 200 if
there is a failure. The remove group endpoint allows the removal of
multiple users, this change means that if you try to delete 10 users,
but 1 of them fails you will receive a 400 instead of 200 even though
the other 9 were removed successfully. Rather than adding a bunch more
complexity I think this is more than adequate for most use cases.
2020-03-10 15:25:00 -06:00
Jarek Radosz
29b35aa64c
DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
Kane York
218d3f5f44 Add tests for /srv/status behavior 2020-03-09 14:06:13 -07:00
Robin Ward
ec21a15fa7 FIX: Incorrect message when logging in via email
If `hide email address taken` was true, it would always display a
success message, rather than the non-comittal "maybe we emailed that
user" response.
2020-03-09 12:54:33 -04:00
Mark VanLandingham
174764be25
FEATURE: Add embed_set_canonical_url setting (#9134) 2020-03-09 09:31:24 -05:00
Martin Brennan
baea65e4bc
FIX: Embarassing algoriths typo -> algorithms for security keys (#9126) 2020-03-09 09:22:08 +10:00
Bianca Nenciu
20cfa7b810
FIX: Check if auth token exists before revocation (#9095) 2020-03-07 15:04:12 +02:00
David Taylor
ff62911a89
FEATURE: New route for loading multiple user cards simultaneously (#9078)
Introduces `/user-cards.json`

Also allows the client-side user model to be passed an existing promise when loading, so that multiple models can share the same AJAX request
2020-03-06 12:23:22 +00:00
Martin Brennan
29ccdf5d35
FIX: Show a nicer error if name/code missing for TOTP/Security Keys (#9124)
Meta: https://meta.discourse.org/t/improve-error-message-when-not-including-name-setting-up-totp/143339

* when the user creates a TOTP second factor method we want
to show them a nicer error if they forget to add a name
or the code from the app, instead of the param missing error
* also add a client-side check for this and for security key name,
no need to bother the server if we can help it
2020-03-06 14:37:40 +10:00
Robin Ward
e01d5e2adc SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:23:21 -05:00
Robin Ward
79ce7085c2 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:23:21 -05:00
Arpit Jalan
a157f4aaaa Remove invite_admin route. 2020-03-05 06:45:08 +05:30
Martin Brennan
3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
David Taylor
0903aa44bb
FEATURE: Always disable customizations on the /safe-mode route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
romanrizzi
4673f31c75 FIX: Bulk badge awards should work even if the CSV has nil values 2020-02-27 11:08:24 -03:00
Dan Ungureanu
514c22e64b
FIX: Make reviewable claiming work with deleted topics (#9040)
This fixes the case when the reviewed topic is deleted (for example, in
discourse-akismet).
2020-02-25 15:49:23 +02:00
Joffrey JAFFEUX
0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Dan Ungureanu
533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Martin Brennan
97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Robin Ward
fe6fe324c9 FIX: Minor linting issue for future rubocops 2020-02-19 14:04:56 -05:00
Roman Rizzi
9441362c72
FEATURE: Support uploading a csv with either user emails or usernames (#8971) 2020-02-18 10:53:12 -03:00
Robin Ward
d51107e2c9 FIX: If a group is unmentionable, don't render it as mentionable
Now if a group is visible but unmentionable, users can search for it
when composing by typing with `@`, but it will be rendered without the
grey background color.

It will also no longer pop up a JIT warning saying "You are about to
mention X people" because the group will not be mentioned.
2020-02-14 12:29:56 -05:00
Robin Ward
dafa354d3d FIX: Confirm draft_key is present on GET
Also adds a test for the `show` action which did not exist
2020-02-14 11:06:12 -05:00
Robin Ward
bfdd42c53a FIX: Return a 404 when the draft_key is missing
Previously if `draft_key` was missing you'd get a 500 error in the logs.
2020-02-14 10:48:56 -05:00
Régis Hanol
aad46a1aba DEV: remove unused 'composer/parse_html' route 2020-02-14 16:15:34 +01:00
Martin Brennan
e1e74abd4f
FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954)
### UI Changes

If `SiteSetting.enable_bookmarks_with_reminders` is enabled:

* Clicking "Bookmark" on a topic will create a new Bookmark record instead of a post + user action
* Clicking "Clear Bookmarks" on a topic will delete all the new Bookmark records on a topic
* The topic bookmark buttons control the post bookmark flags correctly and vice-versa
Disabled selecting the "reminder type" for bookmarks in the UI because the backend functionality is not done yet (of sending users notifications etc.)

### Other Changes

* Added delete bookmark route (but no UI yet)
* Added a rake task to sync the old PostAction bookmarks to the new Bookmark table, which can be run as many times as we want for a site (it will not create duplicates).
2020-02-13 16:26:02 +10:00
Blake Erickson
965ac3567b FIX: Handle SSO Provider Parse exception
Prevent unnecessary 500 errors from appearing in the logs and return a
422 response instead.
2020-02-12 16:08:04 -07:00
Dan Ungureanu
3f50481188
Improvements to group mentions (#8927)
* FIX: Avoid highlight mention to groups that are not public
* UX: Composer autocomplete will suggest all visible group names
2020-02-12 10:11:10 +02:00
David Taylor
e32833cf1a
DEV: Make badge test resilient to disabled badges
This can happen when plugins seed disabled badges in the database
2020-02-11 18:01:33 +00:00
Joffrey JAFFEUX
6a7e82c44c
DEV: Apply rubocop (#8926) 2020-02-11 16:21:03 +00:00
Jay Pfaffman
d294e13225
add postmark webhook handling (#8919) 2020-02-11 10:09:07 -05:00
Dan Ungureanu
ecaf2c2f4e
FIX: Make category slug validation less strict (#8915)
This was changed recently and caused issues saving old categories which
already had digits at the beginning of the slug (for example, '30-days').
2020-02-11 17:01:12 +02:00
Jeff Wong
1a1bb7a2c9
FEATURE: Add logging when claiming and unclaiming reviewable flagged posts (#8920) 2020-02-10 15:40:01 -08:00
Neil Lalonde
542e62ccf0 FIX: tag info misleading message saying it's not restricted
When a tag is restricted to a secured category that the user can't see,
the message was saying that it wasn't restricted to any categories.
Now it will say it's restricted to categories you can't access.
2020-02-05 15:23:39 -05:00
Joffrey JAFFEUX
f0fe2ba9ac
UX: introduces icon-picker component for badges (#8844) 2020-02-05 00:41:10 +01:00
Rafael dos Santos Silva
f88fa99b0b
DEV: Fix web manifest short_title tests 2020-02-04 14:46:33 -03:00
Matt Marjanović
ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816)
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
Mark VanLandingham
089d38e9d3
FIX: Disallow featuring hidden topics (#8814) 2020-01-30 10:00:49 -06:00
Dan Ungureanu
09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
Mark VanLandingham
e29fef9e99
FEATURE: Users can feature any public topic on his/her profile (#8809) 2020-01-29 10:10:23 -06:00
David Taylor
25fd2b544a
PERF: Use a separate route for user cards, and split user serializer (#8789)
Adds a new route `/u/{username}/card.json`, which has a reduced number of fields. This change is behind a hidden site setting, so we can test compatibility before rolling out.
2020-01-28 11:55:46 +00:00
Vinoth Kannan
b6765aac4b FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
Régis Hanol
821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
Blake Erickson
e85f4f6cc8 DEV: Add a test for ensure only edited badge titles updates a users
title

Adding a test to make sure we don't regress here in the future.

Follow up to: 8a89b7e108
2020-01-22 16:42:45 -07:00
Dan Ungureanu
89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00