Commit Graph

803 Commits

Author SHA1 Message Date
Gerhard Schlager
7311eeed39 FIX: Use default locale for flag reasons 2019-07-12 12:04:23 +02:00
Régis Hanol
155cad8b85 FIX: only add image size when with & height are in pixels 2019-07-05 20:34:11 +02:00
Ralph Rooding
1318e0b288 FEATURE: Rake themes installer ()
* Delete remote_theme when deleting the theme

* Install themes and theme components through rake

* Removed unnecessary test
2019-07-04 14:33:05 -04:00
Osama Sayegh
3d64532273 FEATURE: allow disabling theme components ()
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Penar Musaraj
27387b0859 Do not collapse quote notifications
This prevents an issue where edits to a post with a quote would trigger push notifications indefinitely.
2019-06-27 18:20:43 -04:00
Jeff Wong
6de254f642 FIX: iterate when clearing watched words cache 2019-06-24 17:17:56 -07:00
Penar Musaraj
e51de4cc25
FEATURE: Add endpoint to individually update a theme setting ()
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
2019-06-21 13:49:14 -04:00
Guo Xiang Tan
7c86f16aa3 FIX: Support carriage return in InlineUploads.
Follow up to 8deaef3872.
2019-06-21 14:07:06 +08:00
Guo Xiang Tan
8deaef3872 FIX: Don't replace img tags within anchor tags with markdown format.
Follow up to 9a25b0d614.
2019-06-21 12:32:02 +08:00
Guo Xiang Tan
9a25b0d614 FIX: Edge case with anchor tag in InlineUploads. 2019-06-21 09:55:56 +08:00
Guo Xiang Tan
53efb7bd24 FIX: BBcode edge case for InlineUploads. 2019-06-20 11:47:51 +08:00
Guo Xiang Tan
34f382b758 FIX: InlineUploads should replace attachment links with markdown text. 2019-06-19 11:15:02 +08:00
Guo Xiang Tan
77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
Guo Xiang Tan
befb074c98 DEV: InlineUploads should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Guo Xiang Tan
41abebcbce DEV: Support both http and https for InlineUploads. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan
9daed05ad0 Fix the build. 2019-06-13 13:53:43 +08:00
Guo Xiang Tan
7a0d031bc4 FIX: InlineUploads matching on external bbcode img url. 2019-06-13 13:47:36 +08:00
Guo Xiang Tan
782e583844 FIX: Edge cases with markdown references for InlineUploads. 2019-06-13 12:08:01 +08:00
Guo Xiang Tan
93c552afda FIX: InlineUploads does not correct urls with uppercase extension. 2019-06-13 11:19:33 +08:00
Guo Xiang Tan
641521896c FIX: Cover more edge cases in InlineUploads. 2019-06-12 17:06:58 +08:00
Guo Xiang Tan
73bf880f74 FIX: Correct more edge cases with InlineUploads. 2019-06-12 10:44:25 +08:00
Guo Xiang Tan
ff48fbdfda FIX: InlineUploads raises an error when img tag is invalid. 2019-06-12 10:31:00 +08:00
Guo Xiang Tan
ee142c2173 DEV: More improvements to InlineUploads.
* Convert inline links to short path

```
<link> <link>
<link>
```

to

```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
Neil Lalonde
1f73a3ba6d FIX: round the calculated heat values
Views heats like 12135 will become 12000, like ratios like
1.666666666667 will become 1.67.
2019-06-06 15:44:55 -04:00
Guo Xiang Tan
95db609586 DEV: Support more formats of inline images. 2019-06-06 15:50:56 +08:00
Neil Lalonde
ecc9c76692
FEATURE: dynamically update the topic heat settings monthly ()
The site settings beginning with "topic views heat" and "topic post like
heat" are set to defaults when installing Discourse, but there has not
been a process or guidance for updating these values based on
community activity.

This feature will update them once a month. The low, medium, and
high settings will be based on the minimums of the 45th, 25th, and
10th percentile topics respectively, so that 45% of topics will have
some "heat".

Disable automatic changes with the automatic_topic_heat_values setting.
2019-06-04 10:34:07 -04:00
Guo Xiang Tan
1991af2abb DEV: Switch InlineUploads to a regexp based implementation. 2019-06-04 15:54:25 +08:00
Guo Xiang Tan
d93e5fb00d DEV: Class that converts MD with old attachment links to new MD. 2019-06-04 15:54:25 +08:00
Sam Saffron
6428aa5b1f FIX: search indexer had various cases where it could fail
Previous to this fix is a post had the test www.test.com/abc it would fail
to index.

This also simplifies the rules to avoid full url parsing which can be
expensive
2019-06-04 16:21:03 +10:00
Sam Saffron
3b8819f0ab FEATURE: add support for defer topic functionality
This feature allows end users to "defer" topics by marking them unread

The functionality is default disabled. This also introduces the new site
setting default_other_enable_defer: to enable this by default on new user
accounts.
2019-05-31 15:44:35 +10:00
Sam Saffron
5c524ea8a4 FEATURE: introduce dedicated storage and DB constraints for anon users
Previously we used custom fields to denote a user was anonymous, this was
risky in that custom fields are prone to race conditions and are not
properly dedicated, missing constraints and so on.

The new table `anonymous_users` is properly protected. There is only one
possible shadow account per user, which is enforced using a constraint.

Every anonymous user will have a unique row in the new table.
2019-05-29 14:26:24 +10:00
Dan Ungureanu
7a08e23b4b FIX: Bump search index version. 2019-05-29 08:20:59 +08:00
Ralph Rooding
0d9fdbf8fe FEATURE: Allow import of hidden site settings ()
* Allow optional import of hidden site settings

* Always import hidden settings
2019-05-28 16:20:18 +10:00
Robin Ward
89b84651c3 Migrate score settings to use sensitivities
We hide scores so these settings no longer made sense.
2019-05-24 15:44:24 -04:00
Guo Xiang Tan
a36fe019bb DEV: Fix race condition when enqueuing edit wiki-ed notification. 2019-05-16 13:48:46 +08:00
Penar Musaraj
fc5bb39096 FIX: Do not send duplicate alerts for the same post () 2019-05-15 18:47:36 +02:00
Arpit Jalan
a2b1789c3e FIX: do not log username change if the save process was unsuccessful 2019-05-13 22:20:27 +05:30
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
f04518fdf9 DEV: Reduce number of jobs enqueued.
Apply code review suggestion from
405ba00c08.
2019-05-08 15:58:08 +08:00
Guo Xiang Tan
405ba00c08 FEATURE: Create notifications on wiki edits for watching users.
* Moves creation of notification into background job.
2019-05-08 15:31:10 +08:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Guo Xiang Tan
d252dad4f0 FIX: Can't remove user profile uploads.
Follow up to 24347ace10.
2019-05-02 16:54:10 +08:00
Guo Xiang Tan
24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Gerhard Schlager
876c4f20b3 FIX: Remove duplicate Emoji names from blurb
The blurb contained the value of the alt and title attribute of Emojis. Both values are always the same.
2019-04-29 17:26:39 +02:00
Gerhard Schlager
71d19f6e1f FIX: Reduce mentions in blurbs to @username or @groupname
The link to the user profile or group is useless and the URL encoded username or group name looks awful for Unicode names
2019-04-29 17:26:39 +02:00
Sam Saffron
45285f1477 DEV: remove update_attributes which is deprecated in Rails 6
See: https://github.com/rails/rails/pull/31998

update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Tarek Khalil
6e46197bc8
FIX: Disable webhooks on 410 and 404 HTTP responses ()
FIX: Disable webhooks on 410 and 404 HTTP responses ()
2019-04-18 12:36:37 +01:00
Robin Ward
14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Penar Musaraj
6bbdf5b56e DEV: add "pre_notification_alert" event
Allows plugins to modify payload before sending a notification alert
2019-04-15 10:17:15 -04:00
Penar Musaraj
24fd710f04 Revert "FIX: strip spoilers in notification excerpts"
This reverts commit 55942224ed.
2019-04-15 10:15:17 -04:00
Penar Musaraj
55942224ed FIX: strip spoilers in notification excerpts 2019-04-12 12:00:49 -04:00
David Taylor
24ef4f7b2b Remove support for disable_jump_reply user setting () 2019-04-12 09:03:06 +10:00
David Taylor
dc703adad7 FEATURE: Add user preference for title counter mode () 2019-04-12 09:02:18 +10:00
Robin Ward
5d99346740 FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:39 -04:00
Robin Ward
a4ff593506 UX: Slightly improved reviewable user display, plus link to admin if possible 2019-04-03 17:07:48 -04:00
Robin Ward
111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward
1bce97a596 FIX: Allow queued posts from deleted users to be rejected 2019-04-03 11:40:46 -04:00
Guo Xiang Tan
d8704c11ca PERF: Better use of index when queueing a topci for search reindex.
Also move `Search::INDEX_VERSION` to `SearchIndexer` which is where the
version is actually being used.
2019-04-02 09:53:37 +08:00
Guo Xiang Tan
3cba10b9ca DEV: Don't warn when trying to reindex a post with a deleted topic. 2019-04-01 17:04:32 +08:00
Guo Xiang Tan
2a69ab4a4c FIX: Keep alt and title in lightbox when indexing for search.
Follow up to cfd507822f
2019-04-01 16:20:33 +08:00
Guo Xiang Tan
cfd507822f
PERF: Improve quality of PostSearchData#raw_data. ()
This commit fixes the follow quality issue with `PostSearchData#raw_data`:

1. URLs are being tokenized and links with similar href and characters
are being duplicated in the raw data.

`Post#cooked`:

```
<p><a href=\"https://meta.discourse.org/some.png\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener\">https://meta.discourse.org/some.png</a></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png discourse org/some png https://meta.discourse.org/some.png discourse org/some png
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png meta discourse org
```

2. Ligthbox being included in search pollutes the
`PostSearchData#raw_data` unncessarily.

From 28 March 2018 to 28 March 2019, searches for the term `image` on
`meta.discourse.org` had a click through rate of 2.1%. Non-lightboxed images are not included in indexing for search yet we were indexing content within a lightbox. Also, search for terms like `image` was affected we were using `Pasted image` as the filename for
uploads that were pasted.

`Post#cooked`

```
<p>Let me see how I can fix this image<br>\n<div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://meta.discourse.org/some.png\" title=\"some.png\" rel=\"nofollow noopener\"><img src=\"https://meta.discourse.org/some.png\" width=\"275\" height=\"299\"><div class=\"meta\">\n<svg class=\"fa d-icon d-icon-far-image svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#far-image\"></use></svg><span class=\"filename\">some.png</span><span class=\"informations\">1750×2000</span><svg class=\"fa d-icon d-icon-discourse-expand svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#discourse-expand\"></use></svg>\n</div></a></div></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image some.png png https://meta.discourse.org/some.png discourse org/some png some.png png 1750×2000
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image
```

In terms of indexing performance, we now have to parse the given HTML
through nokogiri twice. However performance is not a huge worry here since a string length of 194170 takes only 30ms
to scrub plus the indexing takes place in a background job.
2019-04-01 10:14:29 +08:00
Guo Xiang Tan
daeda80ada
FIX: Don't index posts with empty Post#raw for search. ()
* DEV: Remove unnecessary join in `Jobs::ReindexSearch`.

* FIX: Don't index posts with empty `Post#raw` for search.
2019-04-01 10:06:27 +08:00
Maja Komel
4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes () 2019-03-29 17:05:51 +01:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel
34730a0b16 UX: show if webhook is disabled ()
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil
a31a35b334 FEATURE: Ignored user notification behaviour should be as a muted user () 2019-03-21 12:15:34 +01:00
Tarek Khalil
1dd0fa0c4e
REFACTOR: Move redundant ignored user check into guardian ()
* REFACTOR: Move redundant ignored user check into guardian
2019-03-20 19:55:46 +00:00
Tarek Khalil
5852e86226 FEATURE: Only allow TL2 Users to ignore other users () 2019-03-20 15:02:33 +01:00
Tarek Khalil
3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users () 2019-03-20 11:18:46 +01:00
Guo Xiang Tan
d808f36fc4 FIX: Reindex post for search when post is moved to a different topic.
* This is causing certain posts to appear in searches incorrectly as `PostSearchData#raw_data` contains the outdated title, category name and tag names.
2019-03-19 17:19:14 +08:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications ()
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Guo Xiang Tan
b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Bianca Nenciu
191e31dccf FEATURE: Log user approvals. () 2019-03-12 19:16:56 +11:00
Dan Ungureanu
32bae48fd3 DEV: Use User#human? User#bot? () 2019-03-12 07:58:14 +08:00
Tarek Khalil
d6eb892b04
FEATURE: Account for ignored_users when merging two users ()
* FEATURE: Account for `ignored_users` when merging two users

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8).
When we merge two users, we need to account for merging their list of `ignored_users` too.
2019-03-11 13:53:59 +00:00
David Taylor
fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator ()
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Tarek Khalil
0a9a11094d
FEATURE: Save ignored usernames in user preferences ()
* FEATURE: Save ignored usernames in user preferences
2019-03-06 11:21:58 +00:00
Davide Porrovecchio
75aaae5d5c FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting () 2019-02-26 17:03:20 +01:00
Vinoth Kannan
d1bad881ea
FEATURE: Allow moderators to change topic timestamps () 2019-02-22 14:33:52 +05:30
Gerhard Schlager
b0862bd15d FIX: Push notifications could fail with UnauthorizedRegistration
The webpush gem by default sets the expiration date of the JWT token to exactly 24 hours in the future. That's not really needed because the token isn't reused. And it might cause UnauthorizedRegistration if the server's clock isn't 100% correct, because the maximum allowed value is 24 hours.
2019-02-15 21:12:09 +01:00
Gerhard Schlager
17f1a76570 FIX: Delete push subscription on MismatchSenderId error
This should prevent repeated MismatchSenderId warnings when the VAPID keys have changed.
2019-02-15 21:12:09 +01:00
Arpit Jalan
99c6db21e6
FEATURE: allow blocking emojis ()
https://meta.discourse.org/t/blocking-emojis-wont-work/105853
2019-02-15 20:55:48 +05:30
Régis Hanol
7aecd3c2f5 Update app/services/user_silencer.rb
Co-Authored-By: eviltrout <robin.ward@gmail.com>
2019-02-08 08:50:50 -05:00
Robin Ward
bc3efab816 FIX: When disagreeing with a flag that silenced a user, unsilence them
Previously it would unhide their post but leave them silenced.

This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)

This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
Gerhard Schlager
1e98929501 FIX: Email domain whitelist prevented user anonymizing
FIX: Secondary email addresses were not deleted during anonymizing
2019-01-30 15:14:36 +01:00
David Taylor
aca0b32fda
FEATURE: Allow overriding text size from a different device ()
This brings the feature in line with the theme selection system
2019-01-28 11:19:50 +00:00
Maja Komel
45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Guo Xiang Tan
aa2cc4ab31 FIX: Liked notification consolidation has to account for user like frequency setting. 2019-01-17 14:33:23 +08:00
Sam
6079a3e4d0 FEATURE: allow calling user destroyer without a transaction
This additional option allows us to destroy a user in "pieces" in cases
where database is very big and stuff tends to time out
2019-01-17 07:56:17 +11:00
Angus McLeod
79eb1b8e16 FIX: Add watching_first_post to NOTIFIABLE_TYPES () 2019-01-16 11:49:15 +00:00
Guo Xiang Tan
e7b49c42c4 FIX: Allow liked notifications consolidation to be disabled. 2019-01-16 16:17:04 +08:00
Guo Xiang Tan
27e2b6575b FIX: Liked notifications should not be consolidated across multiple users. 2019-01-16 15:01:13 +08:00
Guo Xiang Tan
ebe65577ed
FEATURE: Consolidate likes notifications. () 2019-01-16 10:40:16 +08:00
David Taylor
1ebd3dbbd0
FEATURE: Allow the base font size to be changed on a per-user basis () 2019-01-14 13:21:46 +00:00
Gerhard Schlager
978cc0cfca FIX: Remove expired subscription for push notifications
All other errors get logged, but do not stop the system from sending further push notifications.
2019-01-10 15:41:04 +01:00
Régis Hanol
88e861e895 FIX: prevent error when badge has already been awarded 2019-01-04 15:17:54 +01:00
Régis Hanol
2988d281fc DEV: group all collapsed notifications 2018-12-24 12:44:50 +01:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator ()
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Sam
82e45f5485 FIX: method extraction caused push notifications to include incorrect post
Previously the push notification code path was not tested for notification
collapsing. This happens if you get multiple replies to a topic you are
watching.
2018-12-05 16:40:10 +11:00
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Sam
aa97f6fdba FEATURE: disable notifications for small actions that are whispers
Previously we would notify on small actions if they were whispers
this inconsistently lead to all sorts of problems including

- collapsed "N replies" after assign
- empty push notifications

New behavior adds an api to explicitly send push notifications as well
if needed: create_notification_alert
2018-12-04 17:54:42 +11:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
Arpit Jalan
059e36a6ff FIX: log name changes only when the name is actually updated 2018-11-30 15:30:46 +05:30
Gerhard Schlager
886ef7251d REFACTOR: Simplify extraction of mentions 2018-11-27 12:46:02 +01:00
Gerhard Schlager
5640166b27 FIX: Notify only invited users about mentions in PMs 2018-11-26 22:42:56 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. () 2018-11-14 15:03:02 +08:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Robin Ward
242a5fc5ef Add DiscourseEvents for when users as unsuspended/unsilenced 2018-11-08 16:33:38 -05:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Daniel Hollas
cee51672c9 FIX: Strip accents from search query
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Sam
550e108a8c FEATURE: only export settings that changed via rake task 2018-10-08 11:54:52 +11:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging ()
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Neil Lalonde
dc1e7bb645 UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details 2018-10-02 13:46:54 -04:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Vinoth Kannan
9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Régis Hanol
4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Régis Hanol
30619c244c FIX: don't index urls to local files 2018-09-13 18:53:53 +02:00
David Taylor
84fc7abb73 FIX: Allow rake destroy:topics to delete topics in sub-categories 2018-09-10 12:52:14 +01:00
Sam
9b7cab589a FIX: revert diacritic stripping
See more details in test case and at: https://meta.discourse.org/t/discourse-should-ignore-if-a-character-is-accented-when-doing-a-search/90198/16?u=sam
2018-08-31 11:46:55 +10:00
James Kiesel
a4001c1ea0 FEATURE: Pop revise modal on post edited notification ()
* Add revision number to notification url

* Pop modal on route change

* Add semicolon

* Ensure modal pops even when navigating within a topic

* Ensure modal pops when visiting from other page

* Fix eslint errors

* Fix prettier errors

* Add callback for notification item click

* Remove stray revisionUrl function

* Rename to afterRouteComplete
2018-08-24 09:13:07 -04:00
Sam
ac11f8df52 correct regression searching with diacritics 2018-08-24 10:00:51 +10:00
Régis Hanol
c26de01399 Use NFKD normalization instead of NFD 2018-08-24 00:52:53 +02:00
Régis Hanol
bc7b530b0a FIX: remove diacritics instead of transliterating 2018-08-24 00:38:44 +02:00
Régis Hanol
f4ae53d52b Return immediately when there's no html to scrub 2018-08-23 18:00:07 +02:00
Régis Hanol
2fcf2b899e FIX: remove diacritics when tokenizing html for search 2018-08-23 17:13:52 +02:00
Gerhard Schlager
5ed582551a FIX: SpamRulesEnforcer should use default locale 2018-08-20 15:08:12 +02:00
Bianca Nenciu
975a72ab7a FEATURE: Make links indexable. () 2018-08-20 10:39:19 +10:00
Osama Sayegh
865cb3feb9
FIX: allow selecting site's default theme from preference 2018-08-10 14:12:02 +03:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ()
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Maja Komel
368d4e8eae FIX: notify staff about whispers in watched categories () 2018-07-21 11:20:21 +02:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
2018-06-20 17:53:49 +10:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Arpit Jalan
f1d1207725 FIX: improve context when user deletes self 2018-06-18 11:36:22 +05:30
Gerhard Schlager
150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00
Gerhard Schlager
a26889ada2 FIX: Don't delete profile views during user anonymization
There's no need for that and it can take a lot of time.
2018-06-08 15:50:07 +02:00
Gerhard Schlager
4ba910ac54 Update username only after successful user anonymization 2018-06-08 15:50:07 +02:00
Gerhard Schlager
2564a8285d REFACTOR: Run some parts of user anonymizing in background job 2018-06-08 15:50:07 +02:00
Gerhard Schlager
cf038cf72a FEATURE: Remove more PII during user anonymizing
Removes
  * invite if the user was invited
  * email tokens
  * incoming emails
  * email log entries
  * raw emails from posts
2018-06-08 15:50:07 +02:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Arpit Jalan
36f9af4fa4 minor optimizations for post rejected logs 2018-06-02 09:44:55 +05:30
Arpit Jalan
89eca87f16 FEATURE: add staff action log for post rejections 2018-06-01 21:48:27 +05:30
Gerhard Schlager
b970b072f6 FIX: User merge should not fail when primary email address is missing
The merge process might move all email addresses of the source user to the target user. Destroying the source user failed in that case.
2018-06-01 16:23:21 +02:00
Régis Hanol
f988fa31aa FIX: ensure 'notifications_state' is up to date after creating a notification 2018-05-26 02:09:48 +02:00
Guo Xiang Tan
9d307a9977 FIX: Destroy notifications and sync notifications count in transaction.
* Seeing errors where the user is destroyed right when the call to
  reload is made.
2018-05-25 12:01:36 +08:00
Guo Xiang Tan
755b511b5c PERF: Destroy collapsed notifications in 1 query instead of 3. 2018-05-25 12:01:36 +08:00
Régis Hanol
bb8f0087f4 Add a warning when PostAlerter isn't running in sidekiq 2018-05-24 17:52:59 +02:00
Régis Hanol
71f66cd679 FIX: ensure PostAlerter is always run in sidekiq 2018-05-24 17:27:43 +02:00
Guo Xiang Tan
2aad91d4a2 PERF: Don't bloat the Sidekiq queue with Jobs::SendPushNotification. 2018-05-24 10:04:09 +08:00
Guo Xiang Tan
be49da9105 FIX: Don't silently fail if notification fails to create. 2018-05-24 10:04:09 +08:00
Guo Xiang Tan
ad9e0d6bea
Merge pull request from OsamaSayegh/fix-social-login-groups
FIX: apply automatic group rules when using social login providers
2018-05-23 08:17:42 +08:00
OsamaSayegh
f6d412465b FIX: apply automatic group rules when using social login providers 2018-05-23 02:26:07 +03:00
Sam
45f65859c9 improve erraticly failing spec 2018-05-23 08:39:15 +10:00
Régis Hanol
53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Guo Xiang Tan
147ea37115 FIX: Missing notification for watching first post users when topic is recategorized.
https://meta.discourse.org/t/not-receiving-notifications-for-announcements/87275/2?u=tgxworld
2018-05-17 16:15:29 +08:00
Régis Hanol
b284464a91 FIX: PostOwnerChange should update 'topic.last_poser' 2018-05-16 19:48:04 +02:00
Gerhard Schlager
3464b05e41 FIX: Allow editing post that belongs to deleted topic 2018-05-15 20:50:31 +02:00
Gerhard Schlager
2e1b5bc8d3 FIX: Transaction in UserAnonymizer prevented avatar from updating 2018-05-15 20:47:58 +02:00
Régis Hanol
93ed8d2522
PERF: defer user notifications () 2018-05-15 09:51:32 +02:00
Gerhard Schlager
49392fb105 FIX: Anonymizing user didn't replace uploaded avatar in posts 2018-05-14 13:20:29 +02:00
Guo Xiang Tan
2eb2f273a8 Refactor of PushSubscriptionPusher. 2018-05-09 08:14:14 +08:00
Jeff Wong
7f1f697e97 FIX: de-duplicate push subscriptions - ensure unique user/key 2018-05-08 15:20:39 -07:00
Gerhard Schlager
2e67998319 Improvements for user renaming ()
* FEATURE: Update avatars in posts and revisions when user gets renamed

* FIX: Replace username in deleted posts when user gets renamed

* FEATURE: Replace username in notifications when user gets renamed

FEATURE: Update mentions and quotes when user gets merged
2018-05-08 10:02:43 -04:00
Guo Xiang Tan
fc4fde453d PERF: Remove N+1 query. 2018-05-07 18:21:48 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android ()
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Robin Ward
05dddcb2fd Add an event that is triggered when a user is anonymized 2018-05-02 12:25:29 -04:00
Gerhard Schlager
3be3c50c7e FEATURE: Rename user in mentions and quotes
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2018-05-01 13:49:14 -04:00
Robin Ward
e21a4ce1dd FEATURE: Support anonymizing a user's IP addresses 2018-04-30 14:09:03 -04:00
Neil Lalonde
f7c4c71409 FIX: title selector needs to flag whether title comes from badge or not 2018-04-26 16:51:11 -04:00
Neil Lalonde
bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Sam
6676bbd38b FEATURE: index YouTube titles in search
Previously we omitted the titles for videos that YouTube provided
2018-04-26 15:46:52 +10:00
Gerhard Schlager
ec29869350 FIX: Merging users failed when PM was sent to source and target user 2018-04-24 11:08:29 -04:00
Arpit Jalan
0a442977b3 FEATURE: add staff action log for post approvals 2018-04-23 11:28:44 +05:30
Maja Komel
3d99726981 FIX: set notification level when changing post owner ()
FIX: do not notify last post editor if they mention themself
2018-04-16 11:48:06 +02:00
Gerhard Schlager
f042a9529b FIX: users shouldn't get notifications about mentions from system users
(unless the mentioned users are participants in a PM with the system user)
2018-04-12 16:19:44 +02:00
Gerhard Schlager
62aacce8f4 FEATURE: Notify flaggers when flagged post is edited by author 2018-04-09 16:45:33 +02:00
Guo Xiang Tan
e4a9242ada FIX: Can't upload backup.
* Regression introduced in 142571bba0
2018-04-06 10:14:17 +08:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Blake Erickson
31ce955487 Add destroy rake task
Adds several rake tasks to delete users, topics, pm's and site stats so
that you can have a fresh site but maintain site settings and category
structure.
2018-03-30 18:32:21 -06:00
Robin Ward
e4298a91b8 Pass silenced_by through to DiscourseEvent 2018-03-29 16:44:18 -04:00
Neil Lalonde
73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Blake Erickson
9fdf139235 Add tests for Site Settings import/export
- extracted out site settings rake task to a class
- added tests for import and export of site settings
2018-03-23 14:55:17 -06:00
Arpit Jalan
d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Robin Ward
135195363b FIX: Not logging old post contents properly 2018-03-14 15:01:36 -04:00
Robin Ward
65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Gerhard Schlager
dc77cce8d9 FIX: Create notifications for mentions in PMs 2018-03-09 11:04:29 +01:00
Gerhard Schlager
07649cd42d FIX: email_domains_whitelist prevented creation of anonymous users 2018-03-06 18:14:53 +01:00
Robin Ward
0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
Guo Xiang Tan
2f65393706 REFACTOR: Use Topic#private_message? to reduce duplication. 2018-03-05 15:39:22 +08:00
Régis Hanol
25d80aabce remove 'puts' 2018-03-02 01:50:24 +01:00
Gerhard Schlager
80e85e0d8f FIX: Sidekiq job has wrong data when post owner changes within transaction 2018-03-01 18:00:18 +01:00
Gerhard Schlager
79590e4bec FIX: Merging users shouldn't add more than 1 secondary email 2018-03-01 17:50:13 +01:00
Gerhard Schlager
a7c50039de FIX: Allow changing post owner even when topic validations fail 2018-03-01 17:31:58 +01:00
Gerhard Schlager
7a2183e8ab FEATURE: rake task for merging users 2018-03-01 12:28:12 +01:00
Gerhard Schlager
fffd1a6602 FIX: Associated Instagram account was missing at some places 2018-03-01 12:26:40 +01:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Sam
86d12bd44b FEATURE: search within title using in:title
Also

- Significantly improved search ranking, title is treated most strongly
- Adds tag names to the index
- Run search re-indexer more aggressively
- Re-index topic and all posts on category change
2018-02-20 14:41:21 +11:00
Robin Ward
7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Maja Komel
1c27d93dcf anonymous shadow users are approved on creation if must_approve_users is enabled () 2018-02-13 01:58:38 -05:00
Arpit Jalan
7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan
1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Sam
060e78e884 PERF: reduce memory usage for post alerter 2018-01-22 17:11:52 +11:00
Robin Ward
a8b46df4bd More extensibility for custom silence/suspend messages 2018-01-19 11:35:19 -05:00
Neil Lalonde
ec65ae76b9 FIX: don't create new like notifications for deleted topics 2018-01-17 14:36:32 -05:00
Sam
eaca2cb049 bypass loud logging 2018-01-16 15:41:45 +11:00
Sam
38c018a84b FIX: invalid cache for parent category with limit_suggested_to_category 2018-01-15 16:13:29 +11:00
Sam
5bf116e719 warn if missing user option record 2018-01-12 15:43:56 +11:00
Robin Ward
dd33050e10 Add discourse events for when a user is suspended/silenced 2018-01-11 12:56:45 -05:00
Sam
57a1190b07 FIX: correct issue with search omitting words with multiple dots
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
Régis Hanol
62a5b174e1 FIX: wasn't able to use the same username when taking over a staged account 2017-12-12 11:26:00 +01:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Robin Ward
0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Robin Ward
3785429948 FIX: Missing word boundaries when non-regexp 2017-11-17 14:37:31 -05:00
Robin Ward
d755c9c90f FIX: Allow regular expressions to specify boundaries 2017-11-17 14:13:44 -05:00
Gerhard Schlager
d47fa6653b do not notify staged users about posts withing mailinglist mirror category 2017-11-17 15:29:14 +01:00
Robin Ward
971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde
9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Gerhard Schlager
31e2385316 FEATURE: do not send notification emails to users who are included in the To and CC header of an incoming email 2017-11-10 17:44:20 +01:00
Neil Lalonde
16ff2a4715 FIX: topic counts after converting topic to/from public and private 2017-11-09 15:33:44 -05:00
Michael Howell
38b8d68c68 FEATURE: Allow the user to select a custom home page ()
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Guo Xiang Tan
19f3b81161 Revert "FIX: always trigger the ':user_updated' event"
This reverts commit 519b70ea46.

https://meta.discourse.org/t/creating-a-topic-or-a-post-sends-the-user-updated-webhook/71643
2017-10-23 11:44:22 +08:00
Guo Xiang Tan
e91a631978 REFACTOR: DRY up code and add better test coverage. 2017-10-23 11:16:14 +08:00
Robin Ward
838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Guo Xiang Tan
79de10b212 FEATURE: Allow users to disable new PMs.
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Gerhard Schlager
c0bb97b5cb FIX: delete staged users when the incoming email is rejected 2017-10-11 16:17:01 +02:00
Régis Hanol
3bdd8f57c1 FIX: invited staged users would sometimes not get notified of replies 2017-10-06 16:37:28 +02:00
Neil Lalonde
e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Robin Ward
41c3941c4c FEATURE: Support regular expressions for watched words 2017-09-27 15:48:57 -04:00
Robin Ward
7578d8fc44 Add a DiscourseEvent for when a topic is closed 2017-09-27 14:00:53 -04:00
Robin Ward
09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Guo Xiang Tan
4e5e7dc736 FIX: Fix ActiveRecord API that was removed in Rails 5.1. 2017-09-25 16:16:37 +08:00
Guo Xiang Tan
23b787e0a6 Require dependency otherwise it causes Sidekiq to lock up in development. 2017-09-25 13:48:59 +08:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Gerhard Schlager
87b4246c14 FIX: notify about whispered reply 2017-09-19 15:51:10 +02:00
Robin Ward
9b3b39d8a2 FIX: Users should be able to activate their emails even if unapproved
Note in discourse `active` means "Email is active" - they still can't
login until approved
2017-09-12 15:04:39 -04:00
Guo Xiang Tan
b7ac33464f Reduce number of Redis calls. 2017-09-08 20:12:53 +08:00
Sam
50203794e6 FIX: staged users should get emails on must_approve_users sites 2017-08-28 17:32:07 -04:00
Neil Lalonde
2c56f8df7c FEATURE: show tags in search results 2017-08-25 11:52:59 -04:00