Commit Graph

42998 Commits

Author SHA1 Message Date
dependabot[bot]
0ff6bc93dd
Build(deps): Bump rails-html-sanitizer from 1.4.1 to 1.4.2 (#14135)
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-25 09:35:31 +08:00
Martin Brennan
d66b258b0e
DEV: Do not destroy external upload stub on error in debug mode (#14139)
We do not want to destroy the external upload stub records
in debug mode because they allow for investigation of problems
occuring.
2021-08-25 11:11:19 +10:00
Martin Brennan
e0102a533a
FIX: Restructure temp/ folders for direct S3 uploads (#14137)
Previously we had temp/ in the middle of the S3 key path like so

* /uploads/default/temp/randomstring/test.png (normal site)
* /sitename/uploads/default/temp/randomstring/test.png (s3 folder path site)
* /standard10/uploads/sitename/temp/randomstring/test.png (multisite site)

However this necessitates making a lifecycle rule to clean up incomplete
S3 multipart uploads for every site, something which we cannot do. It makes
much more sense to have a structure with /temp at the start of the key,
which is what this commit does:

* /temp/uploads/default/randomstring/test.png (normal site)
* /temp/sitename/uploads/default/randomstring/test.png (s3 folder path site)
* /temp/standard10/uploads/sitename/randomstring/test.png (multisite site)
2021-08-25 09:22:36 +10:00
Martin Brennan
d295a16dab
FEATURE: Uppy direct S3 multipart uploads in composer (#14051)
This pull request introduces the endpoints required, and the JavaScript functionality in the `ComposerUppyUpload` mixin, for direct S3 multipart uploads. There are four new endpoints in the uploads controller:

* `create-multipart.json` - Creates the multipart upload in S3 along with an `ExternalUploadStub` record, storing information about the file in the same way as `generate-presigned-put.json` does for regular direct S3 uploads
* `batch-presign-multipart-parts.json` - Takes a list of part numbers and the unique identifier for an `ExternalUploadStub` record, and generates the presigned URLs for those parts if the multipart upload still exists and if the user has permission to access that upload
* `complete-multipart.json` - Completes the multipart upload in S3. Needs the full list of part numbers and their associated ETags which are returned when the part is uploaded to the presigned URL above. Only works if the user has permission to access the associated `ExternalUploadStub` record and the multipart upload still exists.

  After we confirm the upload is complete in S3, we go through the regular `UploadCreator` flow, the same as `complete-external-upload.json`, and promote the temporary upload S3 into a full `Upload` record, moving it to its final destination.
* `abort-multipart.json` - Aborts the multipart upload on S3 and destroys the `ExternalUploadStub` record if the user has permission to access that upload.

Also added are a few new columns to `ExternalUploadStub`:

* multipart - Whether or not this is a multipart upload
* external_upload_identifier - The "upload ID" for an S3 multipart upload
* filesize - The size of the file when the `create-multipart.json` or `generate-presigned-put.json` is called. This is used for validation.

When the user completes a direct S3 upload, either regular or multipart, we take the `filesize` that was captured when the `ExternalUploadStub` was first created and compare it with the final `Content-Length` size of the file where it is stored in S3. Then, if the two do not match, we throw an error, delete the file on S3, and ban the user from uploading files for N (default 5) minutes. This would only happen if the user uploads a different file than what they first specified, or in the case of multipart uploads uploaded larger chunks than needed. This is done to prevent abuse of S3 storage by bad actors.

Also included in this PR is an update to vendor/uppy.js. This has been built locally from the latest uppy source at d613b849a6. This must be done so that I can get my multipart upload changes into Discourse. When the Uppy team cuts a proper release, we can bump the package.json versions instead.
2021-08-25 08:46:54 +10:00
Kris
fdc9de3443
minor wording fix for get a room message (#14130) 2021-08-24 15:53:35 -04:00
Andrei Prigorshnev
4d5f5a67c1
FIX: the empty state message was appearing in wrong moments on the user bookmarks stage (#14127)
Steps to reproduce:

1. Go to activity/bookmarks
2. Search for something that isn’t in your bookmarks, so you get no results
3. Navigate away and then click "Bookmarked" on the sidebar or open the user menu and click the View All Bookmarks button on the bottom of the bookmarks tab, and you get the message "You haven't bookmarked anything yet". 

This commit fixes the problem. We have a controller with a query parameter q that contains a search query. And we also have a property searchTerm that is bound to the search box on the page and mirrors the value in q. We were using a value from searchTerm when querying the server, but ember controllers are singletons so the searchTerm value persisted between page visits and leaded to this bug.

To make things work properly, we should be using the value from q everywhere except two places when we copy a value from q to searchTerm and vice versa.
2021-08-24 23:40:08 +04:00
Discourse Translator Bot
c995b20ca4
Update translations (#14063) 2021-08-24 15:25:44 +02:00
Joffrey JAFFEUX
eb52abf076
DEV: adds server:after-body-open (#14106)
This change is to allow to add a node at the top of body. This is currently done through DOM in a plugin which is causing a full Recalculate Style.
2021-08-24 14:35:44 +02:00
Bianca Nenciu
ff367e22fb
FEATURE: Make allow_uploaded_avatars accept TL (#14091)
This gives admins more control over who can upload custom profile
pictures.
2021-08-24 10:46:28 +03:00
Bianca Nenciu
eb6d66fe6f
FIX: Do not allow negative values for LIMIT (#14122)
Negative values generated invalid SQL queries.
2021-08-24 10:45:26 +03:00
dependabot[bot]
f03f0866e7
Build(deps): Bump sidekiq from 6.2.1 to 6.2.2 (#14124)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-24 10:20:45 +08:00
dependabot[bot]
e0caa78fb0
Build(deps): Bump mini_mime from 1.1.0 to 1.1.1 (#14125)
Bumps [mini_mime](https://github.com/discourse/mini_mime) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/discourse/mini_mime/releases)
- [Changelog](https://github.com/discourse/mini_mime/blob/master/CHANGELOG)
- [Commits](https://github.com/discourse/mini_mime/compare/v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: mini_mime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-24 10:20:30 +08:00
dependabot[bot]
697a699e83
Build(deps-dev): Bump faker from 2.18.0 to 2.19.0 (#14126)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-24 10:20:15 +08:00
Martin Brennan
2ac9fd9dff
FIX: Use original from address when forwarding to group inbox (#14114)
When emails were forwarded to a group inbox by the email address
of the group, for example when an email ends up in spam and must
be manually forwarded to the group+site@discoursemail.com address,
the OP of the topic ended up being the group's email address instead
of the sender who originally sent the email to the group inbox.

This commit detects that an email has been forwarded using existing
tools, and if the from address matches one of the group incoming
email addresses, then we look at the forwarded email's from address
and use that instead for the incoming email from address as well as
the staged/regular user used for the Topic.user.

This will make it much cleaner to forward emails into a group inbox,
and will prevent issues with PostAlerter where the OP is double-notified
for these emails.
2021-08-24 08:57:28 +10:00
Kris
bde6f7e9b0
UX: Update "get a room" composer message (#14104) 2021-08-23 18:34:23 -04:00
Penar Musaraj
8fa4849abc
FIX: minor SK3 styling issues in Safari (#14121) 2021-08-23 15:42:11 -04:00
Osama Sayegh
19632ecfbb
FIX: Discard old search results if search term changes when moving posts to a different topic (#14117)
This also fixes an incorrect usage of `debounce`.

Meta topic: https://meta.discourse.org/t/odd-search-behaviour-when-moving-messages-as-a-staff-member/201261?u=osama.
2021-08-23 21:03:52 +03:00
Joffrey JAFFEUX
a230362f65
FIX: sk3 wizard regressions (#14120) 2021-08-23 19:57:42 +02:00
Penar Musaraj
3d6cbb5ab3
DEV: Watch for changes in wizard.scss (#14119)
This ensures the stylesheet is recompiled. Devs still need to refresh
the page manually, since we don't include the message bus in the wizard
app.
2021-08-23 13:39:53 -04:00
Joffrey JAFFEUX
691d1bde54
FIX: do not focus after search if dropdown is collapsed (#14118) 2021-08-23 19:33:50 +02:00
Joffrey JAFFEUX
6c0efd50bc
linting (#14115) 2021-08-23 14:21:58 +02:00
Joffrey JAFFEUX
d7c185bf3d
DEV: updates chart.js to 3.5.1 (#14107) 2021-08-23 13:49:49 +02:00
Joffrey JAFFEUX
cb59681d86
DEV: select-kit third major update with focus on accessibility (#13303)
Major changes included:
- better support for screen readers
- trapping focus in modals
- better tabbing order in composer
- alerts on no content found/number of items found
- better autofocus in modals
- mini-tag-chooser is now a multi-select component
- each multi-select-component will now display selection on one row
2021-08-23 10:44:19 +02:00
Sam
f1701764a6
Revert "FIX: Close emoji autocomplete when the opening colon : is removed (#14102)" (#14112)
This reverts commit c74f116a48.

Unfortunately it appears to be making mention autocomplete fail
2021-08-23 15:25:33 +10:00
Krzysztof Kotlarek
d41aa5e9f5
FEATURE: allow adding small action codes dedicated to groups (#14109)
Plugin API is allowing to add small action codes dedicated to groups.
This will be used by assign-plugin when topic is assigned or unassigned from group.
2021-08-23 15:06:58 +10:00
Osama Sayegh
c74f116a48
FIX: Close emoji autocomplete when the opening colon : is removed (#14102) 2021-08-23 14:19:38 +10:00
Martin Brennan
4dc93a53e4
FIX: Reset preProcessorStatus state correctly for composer-upload-uppy (#14111)
When resetting the preprocessor status states, we weren't using
the same default state as when the preprocessor status state is
first initialized with an associated plugin. This commit brings
the two into alignment, fixing a bug where if you cancelled an
upload then tried a new one the "Processing Upload" message would
never change to "Uploading... X", so any subsequent uploads were
uncancellable.

Since the state was not being reset correctly, the properties that
were supposed to be numbers ended up as `undefined`, so when calling
prop-- or prop++, they turned into NaN.
2021-08-23 13:50:37 +10:00
dependabot[bot]
3ac3a4b55e
Build(deps): Bump image_size from 2.1.1 to 2.1.2 (#14108)
Bumps [image_size](https://github.com/toy/image_size) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/toy/image_size/releases)
- [Changelog](https://github.com/toy/image_size/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/image_size/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: image_size
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 11:36:15 +08:00
Martin Brennan
8989c9e6c9
FIX: Use file.id instead of file.name for media-optimization resolvers (#14110)
This change only applies when uppy is calling the media-optimization-worker.

Since the old way of calling the worker via jQuery file uploader will
be removed soon, there is no point coming up with some random string
to use in place of the file name for the promise resolvers there, we
can live with this for now.
2021-08-23 12:10:33 +10:00
Joe
2ab4f2a126
DEV: adds plugin-outlet before category in /latest on mobile (#14105)
Adding this so themes can avoid template overrides.
2021-08-22 04:06:07 +08:00
Joffrey JAFFEUX
efbc2481d8
DEV: removes plugin generator (#14101)
I don't have the time to maintain this and https://github.com/discourse/discourse-plugin-skeleton is doing 80% of the job very easily.
2021-08-20 11:29:06 +02:00
Alan Guo Xiang Tan
f3f7efd439
DEV: Remove invalid class. (#14100)
There is no CSS class for `noGlyph`.
2021-08-20 16:05:04 +08:00
Martin Brennan
ecb83d0279
FIX: Adding debugging and fixing media-optimization-worker issues (#14099)
When we encountered an error with the media-optimization-worker,
we stopped the worker, which made it so further messages were not
received when optimizing images in parallel. Removed this based
on an option.

Also added more debugging lines to help track down issues.
2021-08-20 14:35:39 +10:00
Alan Guo Xiang Tan
16cfbed89d
DEV: Upgrade Rails to 6.1.4.1. (#14098)
This pulls in a fix for CVE-2021-22942 but we're not tagging it as a
security fix because Discourse is not affected by it in production.
2021-08-20 10:20:08 +08:00
dependabot[bot]
70552a2d43
Build(deps): Bump rubocop from 1.19.0 to 1.19.1 (#14095)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20 08:25:17 +08:00
dependabot[bot]
9f71dee98e
Build(deps-dev): Bump listen from 3.6.0 to 3.7.0 (#14096)
Bumps [listen](https://github.com/guard/listen) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](https://github.com/guard/listen/compare/v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: listen
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-20 08:25:04 +08:00
Andrei Prigorshnev
d1781e4c7d
FEATURE: improve "blank page syndrome" on the user bookmarks page 2021-08-20 00:08:59 +04:00
Joffrey JAFFEUX
2bbc97fda5
DEV: UserOption.user_tzinfo (#14088)
Provides a safe way to retrieve the timezone of a user.

This is not used in core yet, but used in multiple plugins.
2021-08-19 21:56:14 +02:00
Joe
e1815a125d
DEV: adds plugin-outlet before category in /latest (#14092)
Adding this so themes can avoid template overrides.
2021-08-20 03:02:40 +08:00
Bianca Nenciu
a56122f2d3
FIX: Always reload post's raw when editing a post (#14085)
Sometimes the message bus update can be delayed and editing a post when
that happens will automatically result in a draft conflict.
2021-08-19 15:29:48 +03:00
David Taylor
5eb4e642a6
DEV: Rename discourse-presence endpoints and messagebus channels (#14089)
We are working to introduce a general core API for presence, which will clash with this plugin's `/presence` namespace

This commit introduces no functional change. There may be a slight interruption in discourse-presence functionality during a deploy of this commit.
2021-08-19 13:04:31 +01:00
Osama Sayegh
ec352a1969
FEATURE: Order pinned topics by their pinned_at column (#14090)
Currently, pinned topics are ordered by the `bumped_at` column. This behavior is not desired because it gives admins no control over the order of pinned topics. This PR makes pinned topics ordered by the `pinned_at` column. A topic that is pinned last appears first in topic lists. If an admin wants an already pinned topic to appear first in the list of pinned topics, they'll have to unpin that topic and pin it again.

Meta topic: https://meta.discourse.org/t/how-do-i-set-the-order-of-pinned-topics/16935/23?u=osama.
2021-08-19 14:43:58 +03:00
Andrei Prigorshnev
46cdddbac9
FIX: pick-files-button component (#14045)
A file should be accepted if it has supported extension OR supported MIME type.
2021-08-19 14:56:03 +04:00
Dan Ungureanu
c0ec1e931e
FIX: Make themes:update work with multisites (#14082)
Running this Rake task in a multisite cluster updated only the default
site.
2021-08-19 09:41:58 +03:00
Arpit Jalan
c481f2ce16
UX: do not show selected composer education messages on whisper post (#14078)
This commit disables the "sequential_replies" and "duplicate_link"
education message on composer when creating a whipser post.
2021-08-19 09:32:32 +05:30
Roman Rizzi
a50cb61dd5
FIX: Deprecated method should still behave the same. (#14067) 2021-08-19 09:58:26 +08:00
Grayden
64ead3c3a1
FIX: Revoking admin or moderator status doesn't require refresh to delete/anonymize/merge user (#14073)
* FIX: Revoking admin or moderator status doesn't require refresh to delete/anonymize/merge user

On the /admin/users/<id>/<username> page, there are action buttons that are either visible or hidden depending on a few fields from the AdminDetailsSerializer: `can_be_deleted`, `can_be_anonymized`, `can_be_merged`, `can_delete_all_posts`.

These fields are updated when granting/revoking admin or moderator status. However, those updates were not being reflected on the page. E.g. if a user is granted moderation privileges, the 'anonymize user' and 'merge' buttons still appear on the page, which is inconsistent with the backend state of the user. It requires refreshing the page to update the state.

This commit fixes that issue, by syncing the client model state with the server state when handling a successful response from the server. Now, when revoking privileges, the buttons automatically appear without refreshing the page. Similarly, when granting moderator privileges, the buttons automatically disappear without refreshing the page.

* Add detailed user response to spec for changed routes.

Add tests to verify that the revoke_moderation, grant_moderation, and revoke_admin routes return a response formatted according to the AdminDetailedUserSerializer.
2021-08-19 09:57:16 +08:00
dependabot[bot]
617ca563f6
Build(deps): Bump rails-html-sanitizer from 1.3.0 to 1.4.1 (#14086)
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.3.0 to 1.4.1.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.3.0...v1.4.1)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-19 09:21:18 +08:00
Arpit Jalan
cfc280676e
FIX: do not show default locale option on site text customization (#14083) 2021-08-19 05:54:21 +05:30
Martin Brennan
2bf2d799c3
FIX: Bookmark delete button alignment in modal-footer (#14087)
The commit cd38ec2a4d broke
the bookmark delete button alignment in the modal.
2021-08-19 10:15:50 +10:00