Commit Graph

112 Commits

Author SHA1 Message Date
Roman Rizzi
835d2be4da
FIX: Rate limit and hijack certificate generation. (#8215)
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-21 13:14:15 -03:00
Robin Ward
74207ef03a Refactor search_answer to be dynamically inserted so it can be changed 2019-10-16 14:37:17 -04:00
Robin Ward
a37dafdd4d FIX: Use the quote generator in the example text
This way if a plugin customizes the quotes the example will match.
2019-10-16 13:40:44 -04:00
Krzysztof Kotlarek
e2f9b7dd6f FIX: Narrative Bot certificates are ERB templates (#8174)
There are at least two ways of rendering templates outside of the controller. The first one is Rails way enabled with Rails 5 https://evilmartians.com/chronicles/new-feature-in-rails-5-render-views-outside-of-actions
The downside of this method is that all variables need to be passed as params (I could find a way to pass the whole context)

Another way is to use instance_eval described in Erubi documentation
https://github.com/jeremyevans/erubi#usage - it works perfectly fine, however, I didn't feel very confident about using eval unless necessary.

An additional benefit of using `ApplicationController.render` is that if Rails would change the ERB engine in the future, this code should still work.

If you want to test it on your local, you need to be signed in and then that two URLs are generating certificates:
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=standard&user_id=1
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=advanced&user_id=1

Dev: https://dev.discourse.org/t/discourse-narrative-bot-should-not-be-storing-giant-strings/17130
2019-10-09 17:45:01 +11:00
Rafael dos Santos Silva
45ff119f27 FIX: Try to match advanced tutorial reset first (#8048)
Advanced trigger is currently broken on:

    ca
    es
    et
    fr
    he
    it
    pt_BR

And that is because the translation levels for the plugin are kinda low, so I would guess it's broken for half the languages.

Since we have only two tracks for a while now, a quick fix to me is inverting the selectors.

This patch works because the advanced key is "larger" than the new user one.
2019-10-02 11:55:47 +10:00
Guo Xiang Tan
636b6c3a5a FIX: Wrong discobot tutorial started for certain locales.
If a locale has triggers that start with the same word, our regexp will
always end up matching the first trigger. For example,

`start tutorial` and `start tutorial advanced`

To support the change, we have to make the match on triggers more
restrictive. `@discobot quote here` will no longer work like `@discobot
quote`.
2019-08-08 10:53:58 +08:00
Guo Xiang Tan
1267185a07 DEV: Remove unused option.
Follow up to 18ed03e044.
2019-07-30 21:12:13 +08:00
Gerhard Schlager
b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Guo Xiang Tan
c00dab89e4 Fix the build take 2. 2019-05-13 11:22:48 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
c72f16d927 Follow up to 329969ea20. 2019-05-08 15:36:12 +08:00
Guo Xiang Tan
329969ea20 FIX: Discobot mention tutorial should be case insensitive. 2019-05-07 10:54:22 +08:00
Guo Xiang Tan
61cc0f8c5f Follow up to 152238b4cf. 2019-05-07 09:57:27 +08:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Tim Lange
d5d784b9f2 FIX: Narration Bot now gets site setting for automatic post deletion (#7432) 2019-04-25 07:29:20 +08:00
Robin Ward
fd6513b516 FIX: Incorrect API in narrative bot 2019-03-28 14:29:33 -04:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Guo Xiang Tan
6fde58ff90 FIX: Make Discobot image tutorial accept URL that points to images. 2018-11-15 10:52:18 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Vinoth Kannan
9a0e4eec16 REFACTOR: discobot/TL4 :off_topic flag will hide the post 2018-10-11 17:12:35 +05:30
Guo Xiang Tan
b5b4e2602a Formatting fixes. 2018-09-07 10:21:11 +08:00
Guo Xiang Tan
c1c9637b39 Skip Discobot flag tutorial if allow_flagging_staff is disabled.
https://meta.discourse.org/t/interacting-with-discobot/96574
2018-09-07 08:33:27 +08:00
Guo Xiang Tan
ff0979553d Skip discobot mention tutorial if mentions are disabled. 2018-08-23 14:58:07 +08:00
Guo Xiang Tan
038de4e037 FIX: Incorrect title on new user narrative cert. 2018-08-20 11:26:20 +08:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Guo Xiang Tan
9f873fa66c FIX: Invalid setex expire time in DiscourseNarrativeBot::Actions#reset_rate_limits. 2018-05-25 16:02:15 +08:00
Michael Brown
b01a4c0ada lint: fix whitespace 2018-03-27 12:11:17 -04:00
Michael Brown
ed4d7ae1b9 FIX: discobot fails when max_emojis_in_title=0 (#5710)
* If discobot is enabled but max_emojis_in_title==0,
  try to strip emoji from the title when creating a new post
2018-03-27 18:00:29 +02:00
Régis Hanol
0187423c68
FIX: discobot certificate description wasn't escaped 2018-03-27 17:57:53 +02:00
Guo Xiang Tan
2f65393706 REFACTOR: Use Topic#private_message? to reduce duplication. 2018-03-05 15:39:22 +08:00
Guo Xiang Tan
d80aca0484 FIX: Don't start discobot poll tutorial if polls are disabled.
https://meta.discourse.org/t/discobot-dont-take-users-through-the-poll-tutorial-if-its-not-enabled/76604/3
2017-12-22 15:46:46 +08:00
Guo Xiang Tan
32171ad286 FIX: Invalid logo in discobot's certificate when SiteSetting.logo_small_url is blank.
https://meta.discourse.org/t/broken-image-in-discobot-certificate-with-no-logo-small-url/76594/2
2017-12-22 09:36:53 +08:00
Guo Xiang Tan
ee1b90503c FIX: Error when an invalid date is passed to certificate generator.
https://meta.discourse.org/t/broken-image-in-discobot-certificate-with-no-logo-small-url/76594/2
2017-12-22 09:36:52 +08:00
Guo Xiang Tan
6cb29e3e20 Remove custom symlinks in discourse-narrative-bot. 2017-10-10 13:46:58 +08:00
Guo Xiang Tan
950fa9e3a8 FIX: Skip trigger match should be case insensitive.
https://meta.discourse.org/t/discobot-not-skipping-tutorial/68498
2017-08-22 07:45:46 +09:00
Guo Xiang Tan
0eb7159e51 UX: Discobot advanced tutorial certificate does not work with dark theme.
https://meta.discourse.org/t/discobot-assets-certificate-svg/65523/11?u=tgxworld
2017-07-31 15:27:47 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
78bb367b0a FIX: Discobot's certificate shouldn't blow up on non 200 response.
https://meta.discourse.org/t/discobot-assets-certificate-svg/65523/6
2017-07-14 15:16:29 +09:00
Guo Xiang Tan
f1141ee4f6 Revert "Convert emoji keywords in bot narrative to use native characters."
This reverts commit bfc4f15b93.

* Transifex doesn't like those unicode strings.
2017-07-14 11:27:15 +09:00
Guo Xiang Tan
bfc4f15b93 Convert emoji keywords in bot narrative to use native characters.
* Makes the narrative work even when emoji is disabled.
2017-07-13 16:04:35 +09:00
Guo Xiang Tan
c049e18203 FEATURE: Allow tutorials to declare prerequisite before it starts. 2017-07-13 15:12:45 +09:00
Neil Lalonde
d1d43ff5d9 FIX: report discobot messages as system messages instead of user-to-user 2017-07-12 16:00:18 -04:00
Guo Xiang Tan
e7571d1c5d Merge pull request #4933 from tgxworld/use_username_in_cert
FIX: Use username in bot's certificate.
2017-06-19 07:24:55 +09:00
Guo Xiang Tan
f8a46c510f FIX: Recover post tutorial does not work when SiteSetting.delete_removed_posts_after is 0. 2017-06-16 13:03:34 +09:00
Guo Xiang Tan
716b0235f9 FIX: Use username in bot's certificate.
* The default name generated can be weird sometimes.
2017-06-16 10:32:43 +09:00
Guo Xiang Tan
e888369f51 UX: Don't send emails for discobot notifications. 2017-06-12 17:00:27 +09:00
Guo Xiang Tan
a7ed6bd9e1 Use User#username_lower instead. 2017-06-12 10:58:31 +09:00
Guo Xiang Tan
977bbb1f45 FIX: Bot mentioned check should be case insensitive. 2017-06-08 19:00:07 +09:00
Guo Xiang Tan
17c29c972b Move the constant as well. 2017-06-06 15:38:26 +09:00
Guo Xiang Tan
c1dc6f6cd7 FIX: Track should only continue if user is alone with bot in a PM. 2017-06-06 09:47:00 +09:00
Guo Xiang Tan
30f2758404 FIX: Ensure that we cancel any timeout jobs when terminating a track. 2017-06-05 16:23:25 +09:00
Guo Xiang Tan
3621647fb5 FIX: Bot should only respond to regular posts. 2017-06-05 15:21:19 +09:00
Guo Xiang Tan
cd2869c767 Revert "Skip validations when Discobot creates new posts."
This reverts commit ca7e906774.

Post validations are already skipped for admin users. Skipping
validations cause polls to not work.
2017-06-03 07:18:23 +09:00
Guo Xiang Tan
418cb09713 Ensure that we skip validations when creating a post on behalf of a user. 2017-06-03 07:15:08 +09:00
Neil Lalonde
23dfddbfb4 FIX: narrative bot on subfolder installs 2017-06-01 15:15:34 -04:00
Guo Xiang Tan
ca7e906774 Skip validations when Discobot creates new posts. 2017-05-31 17:51:05 +09:00
Guo Xiang Tan
144b810d0e Missed a spot when redefining a method. 2017-05-26 13:02:41 +08:00
Guo Xiang Tan
18dac4ce9f UX: Remove restrictions on advanced user track. 2017-05-26 11:05:09 +08:00
Guo Xiang Tan
7028bdceed FIX: Allow users to rename discobot without having to rebuild. 2017-05-26 10:09:42 +08:00
Guo Xiang Tan
ee23ce5acc FIX: Allow advanced tutorial to be started if badges are disabled. 2017-05-24 18:34:10 +08:00
Guo Xiang Tan
7f0561b621 Merge discourse-narrative-bot into core plugins. 2017-05-24 15:28:34 +08:00