Commit Graph

54587 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
952f69ce60
FIX: User can't reset password with backup codes when only security key is enabled (#27368)
This commit fixes a problem where the user will not be able to reset
their password when they only have security keys and backup codes
configured.

This commit also makes the following changes/fixes:

1. Splits password reset system tests to
   `spec/system/forgot_password_spec.rb` instead of missing the system
   tests in `spec/system/login_spec.rb` which is mainly used to test
   the login flow.

2. Fixes a UX issue where the `Use backup codes` or `Use authenticator
   app` text is shown on the reset password form when the user does
   not have either backup codes or an authenticator app configured.
2024-06-06 14:30:42 +08:00
Krzysztof Kotlarek
4b1e017722
FIX: move something else flag to the bottom (#27366)
The mistake was made when flags were moved to the database. The `notify_moderators` (something else) flag should be the last position on the list.

This commit contains 3 changes:
- update fixtures order;
- remove position and enable from fixtures (they can be overridden by admin and we don't want seed to restore them);
- migration to fix data if the order was not changed by admin.
2024-06-06 15:45:30 +10:00
dependabot[bot]
4a1048f541
Build(deps): Bump the babel group with 2 updates (#27361)
Bumps the babel group with 2 updates: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone).


Updates `@babel/core` from 7.24.6 to 7.24.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-core)

Updates `@babel/standalone` from 7.24.6 to 7.24.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: babel
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: babel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 01:46:03 +02:00
Krzysztof Kotlarek
593a9b05cd
DEV: flaky flags specs (#27362)
When flags are modified, we always need to reset the state to the original values.
2024-06-06 09:40:14 +10:00
Jan Cernik
343430fe77
FIX: password reset with security key (#27358)
This regressed in 0434112.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-06-05 20:26:22 -03:00
dependabot[bot]
f66d317ee0
Build(deps): Bump faraday from 2.9.0 to 2.9.1 (#27356)
Bumps [faraday](https://github.com/lostisland/faraday) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.9.0...v2.9.1)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 00:48:50 +02:00
Jarek Radosz
e7b844b79c
Build(deps): Bump ffi from 1.16.3 to 1.17.0 (#27349)
This reverts commit a50a5cd157. Should be safe to land now, after b618d08d36
2024-06-05 23:25:10 +02:00
Joffrey JAFFEUX
729063e485
FIX: ensures invalid OTP blocks submit (#27352) 2024-06-05 14:45:16 -04:00
Jarek Radosz
12661ece97
DEV: Run flake check only on discourse/discourse (#27350)
script/get_github_workflow_run_job_id.rb would fail on forks anyway
2024-06-05 18:30:37 +02:00
Jarek Radosz
b618d08d36
DEV: Search for -gnu gem variants (#27347)
> Platform names with a *-linux suffix are aliases for *-linux-gnu

Should fix the ffi upgrade issue
2024-06-05 14:58:02 +02:00
Jarek Radosz
fb812a48ab
DEV: Fix invalid hbs syntax in tests (#27348)
Followup to 26198fb328

also removes superfluous whitespace
2024-06-05 14:08:15 +02:00
Jarek Radosz
da162639fa
DEV: Update browserslist (#27344)
(and do the yarn deduplication dance)
2024-06-05 13:30:50 +02:00
Jarek Radosz
26198fb328
DEV: Fix incorrect hbs syntax in tests (#27345) 2024-06-05 13:28:22 +02:00
Selase Krakani
f2c4474c1e
DEV: Improve user generic bulk importer anonymization (#27307)
* DEV: Improve user generic bulk importer anonymization

Add support for properly anonymizing:
 - email
 - date_of_birth
 - location
 - website
 - bio

* DEV: Remove uneeded anon username check in `import_user_emails`
2024-06-05 11:25:17 +00:00
dependabot[bot]
c67f810a4b Build(deps): Bump rails_failover from 2.0.1 to 2.1.0
Bumps [rails_failover](https://github.com/discourse/rails_failover) from 2.0.1 to 2.1.0.
- [Changelog](https://github.com/discourse/rails_failover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/rails_failover/compare/v2.0.1...v2.1.0)

---
updated-dependencies:
- dependency-name: rails_failover
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-05 09:54:58 +02:00
Alan Guo Xiang Tan
82383ea776
DEV: Avoid unique validation in UserPasswordExpirer.expire_user_password (#27343)
This commit updates the `UserPasswordExpirer.expire_user_password`
method to update `UserPassword#password_expired_at` when an existing
`UserPassword` record exists with the same `password_salt`,
`password_hash` and `password_algorithm`. This is to prevent the unique
validation error on `UserPassword#user_id` and
`UserPassword#password_hash` from being raised when the method is called
twice for a user that has not changed its password.
2024-06-05 15:22:40 +08:00
Martin Brennan
748240ce3b
FIX: Pluralisation for short password count (#27342)
Followup 0434112aa7,
when I introduced the pluralisation for the
password.too_short message I didn't change the
key name to `count`, which is necessary.
2024-06-05 16:20:48 +10:00
Martin Brennan
0434112aa7
UX: Streamline reset password page (#27341)
This commit includes various UX improvements to the reset
password page:

* Introduce a `hide-application-header-buttons` helper to do the following:
  * Hide Sign Up and Log In buttons, they are not necessary on this flow
  * Hide the sidebar, it is a distraction on this flow
* Improve messaging when a 2FA confirmation is required first
* Improve display of server-side ActiveRecord model validation errors
  in password form, e.g. instead of "is the same as your current password"
  we do "The password is the same as your current password"
* Move password tip to next line below input and move caps lock hint
  inline with Show/Hide password toggle
* Add system specs for 2FA flow on reset password page
* Fixes a computed property conflict issue on the password reset
   page when toggling 2FA methods
2024-06-05 15:22:59 +10:00
Krzysztof Kotlarek
aa88b07640
FEATURE: the ability to change the order of flags (#27269)
Continued work on moderate flags UI.
In this PR admins are allowed to change the order of flags. The notify user flag is always on top but all other flags can be moved.
2024-06-05 13:27:06 +10:00
Krzysztof Kotlarek
c1ecbb8d28
UX: move users link to the top of the admin sidebar (#27339)
Before, users link was in the community section.
2024-06-05 12:49:46 +10:00
Alan Guo Xiang Tan
9ff0805a1d
DEV: Monkey patch Selenium::WebDriver::Platform.localhost to retry (#27335)
On Github Actions, system tests which uses `Capybara#using_session` are
failing intermittently with the error "Socket::ResolutionError: getaddrinfo: Temporary failure in name resolution"
when `Selenium::WebDriver::Platform.localhost` tries to resolve
`localhost`.

Too much time has been spent trying to figure out why so we are giving
up here and just retrying the resolution of `localhost` on Github
Actions.
2024-06-05 07:54:15 +08:00
Alan Guo Xiang Tan
9705bd6cbe
DEV: Update Rails to 7.0.8.4 (#27337)
Resolves 2 CVEs that has been determined to not affect us but upgrading
anyway.
2024-06-05 07:53:45 +08:00
Kris
9404459188
UX: prevent twitter like/retweet counts from wrapping (#27333) 2024-06-04 16:55:50 -04:00
Discourse Translator Bot
a5c06f0b2c
Update translations (#27321) 2024-06-04 21:44:04 +02:00
Kris
a4001548d8
UX: fix only-emoji size in user-stream excerpts (#27330) 2024-06-04 14:59:43 -04:00
Jarek Radosz
a50a5cd157
Revert "Build(deps): Bump ffi from 1.16.3 to 1.17.0 (#27310)" (#27331)
This reverts commit 8789b19aed.

Temporary revert as we work out compatibility issues with a private plugin that uses ffi
2024-06-04 20:46:59 +02:00
Jarek Radosz
e57fe1e994
DEV: Remove uses of @on from native classes (#27327)
Fixes a deprecation warning introduced in a64f021f49 and removes all uses of `@on` in native classes. (those are unnecessary)
2024-06-04 20:16:05 +02:00
Jarek Radosz
bbdf14828b
DEV: Check lifecycle props in Presence service (#27328)
This may or may not fix flakes in `Unit | Service | presence` tests
2024-06-04 20:15:27 +02:00
Kris
4236aa0851
UX: add space between revision avatar and username (#27329) 2024-06-04 12:48:16 -04:00
Kris
14f81490ec
UX: fix mobile read state alignment (#27323) 2024-06-04 09:40:41 -04:00
Jarek Radosz
0b7563b804
DEV: Fix the order of operations in themes-frontend (#27317)
Previously "themes frontend" CI job would:

1. pull compatible versions of themes that happened to be in the base image
2. clone all official themes (overriding the compatible versions from 1.)
3. run tests
2024-06-04 15:16:44 +02:00
Jarek Radosz
c972a31819
DEV: Fix typos and formatting (#27320) 2024-06-04 15:16:24 +02:00
Mark VanLandingham
d42a1c8885
DEV: Pass recipient email address to message_builder modifiers (#27308) 2024-06-04 08:00:30 -05:00
David Taylor
0ddad8fc64
Revert "DEV: Update action syntax for routes/application.js (#27282)" (#27318)
This reverts commit 0b10e335ae.

I realised that some of these actions are overridden in themes/plugins, so this is going to cause problems (especially because modifyClass doesn't currently work well with the `@action` decorator)
2024-06-04 13:44:19 +01:00
David Taylor
0b10e335ae
DEV: Update action syntax for routes/application.js (#27282) 2024-06-04 13:38:24 +01:00
David Taylor
d02e40e989
DEV: Update action syntax for routes/discourse.js (#27283) 2024-06-04 13:37:18 +01:00
David Taylor
aa37be3323
UX: Use regular reset-password flow for expired passwords (#27316)
This makes it more obvious what's happening, and makes it much less likely that users will send repeated reset emails (and thereby hit the rate limit)

Followup to e97ef7e9af
2024-06-04 12:47:33 +01:00
dependabot[bot]
f0539afb02
Build(deps-dev): Bump rubocop-rspec from 2.29.2 to 2.30.0 (#27311)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.29.2 to 2.30.0.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.29.2...v2.30.0)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 12:02:42 +02:00
dependabot[bot]
8789b19aed
Build(deps): Bump ffi from 1.16.3 to 1.17.0 (#27310)
Bumps [ffi](https://github.com/ffi/ffi) from 1.16.3 to 1.17.0.
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ffi/ffi/compare/v1.16.3...v1.17.0)

---
updated-dependencies:
- dependency-name: ffi
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 12:02:30 +02:00
Alan Guo Xiang Tan
e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314)
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00
Kris
30f55cd64b
UX: improve search result consistency (#27289) 2024-06-04 15:34:21 +10:00
Krzysztof Kotlarek
eebf332025
FEATURE: expand the admin sidebar when filtering (#27312)
Even when the admin sidebar sections are collapsed, they should expand while filtering. When the filter is removed, sections should go back to the previous state.

In addition, trim whitespace from the filter section.
2024-06-04 12:23:21 +10:00
dependabot[bot]
472c02bda8
Build(deps-dev): Bump lefthook from 1.6.14 to 1.6.15 (#27309)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.14 to 1.6.15.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.14...v1.6.15)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 06:47:40 +08:00
Jan Cernik
625c715856
FIX: Lazy TikTok embeds height in chat (#27306) 2024-06-03 11:20:47 -03:00
David Taylor
a64f021f49
DEV: Convert user-posts-stream to native class syntax (#27278)
This is the final model in Discourse core to be converted
2024-06-03 15:03:50 +01:00
Jarek Radosz
adeda6c6a5
FIX: Restore cmd+click ability in topic-info (#27305) 2024-06-03 16:01:20 +02:00
David Taylor
29b826c8f7
DEV: Convert DiscourseURL to native class syntax (#27284) 2024-06-03 14:59:05 +01:00
David Taylor
a3d0a9edbb
DEV: Convert almost all routes to native class syntax (#27281)
Only remaining ones are `routes/discourse.js` and `routes/application.js`. Those two both contain legacy `actions: {}` hashes which need to be updated before being converted to native class syntax.
2024-06-03 14:58:53 +01:00
Gerhard Schlager
602ef2c819 FIX: Store special characters in permalink URL as encoded characters
see https://meta.discourse.org/t/permalink-not-working-with-cyrilics-symbols/301130
2024-06-03 13:20:24 +02:00
Gerhard Schlager
9061282515 FIX: Permalinks with external URL didn't work with subfolders 2024-06-03 13:20:24 +02:00