Commit Graph

42639 Commits

Author SHA1 Message Date
Roman Rizzi
044de6d670
DEV: Give callback listeners access to the request object. (#13965)
Plugins listening on the `before_auth` callback can interact with the request object and access data like the user agent or the remote IP address. We'll later store this data in the user record, but it might not exist at this point if we're authenticating a new account.
2021-08-06 11:26:11 -03:00
Joffrey JAFFEUX
bf43d8eb40
DEV: uses vanilla js and DOM to replace link mentions (#13959)
- uses DOM apis
- do not concat strings
- ensures string is set as innerText and not HTML
- do not work on jquery objects
2021-08-06 09:26:54 +02:00
dependabot[bot]
86f1f82f7b Build(deps-dev): Bump webmock from 3.13.0 to 3.14.0
Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-06 09:35:54 +08:00
Robin Ward
844c05b70b DEV: New Plugin API method for delegating an app event 2021-08-05 14:44:26 -04:00
Andrei Prigorshnev
2ec0a17bef
DEV: clarify the slow mode specs names (#13962) 2021-08-05 22:07:29 +04:00
Bianca Nenciu
38199424bc
SECURITY: Sanitize d-popover attributes (#13958) 2021-08-05 16:39:17 +03:00
Arpit Jalan
bb2c48b065
FIX: update iframe url for simplecast onebox (#13957)
https://meta.discourse.org/t/onebox-regression-simplecast-com/187911
2021-08-05 18:29:04 +05:30
Robin Ward
18c5e9338f DEV: Allow us to use Ember CLI assets in production
This adds an optional ENV variable, `EMBER_CLI_PROD_ASSETS`. If truthy,
compiling production assets will be done via Ember CLI and will replace
the assets Rails would otherwise use.
2021-08-05 08:32:33 -04:00
Arpit Jalan
a341dba5d9
FIX: update oEmbed URL for simplecast onebox (#13956) 2021-08-05 17:42:38 +05:30
Andrei Prigorshnev
0c0a11b66a
FEATURE: Disallow putting urls in the title for TL-0 users (#13947)
This disallows putting URLs in topic titles for TL0 users, which means that:

If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings)
Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users
TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected.

Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 13:38:39 +04:00
Alan Guo Xiang Tan
0bf27242ec FIX: Group inbox new filter not accounting for dismissed topics.
Follow-up to 2c046cc670
2021-08-05 16:53:12 +08:00
Alan Guo Xiang Tan
3f59ccefd7 FIX: Remove limit on dismissing unread and new messages.
Follow-up to 2c046cc670
2021-08-05 14:55:38 +08:00
Alan Guo Xiang Tan
bfe24f74e1 FIX: Restore server side route for tag messages filter.
Follow-up to 016efeadf6
2021-08-05 13:05:42 +08:00
Alan Guo Xiang Tan
2c046cc670 FEATURE: Dismiss new and unread for PM inboxes. 2021-08-05 12:56:15 +08:00
Martin Brennan
d3779d4cf7
FIX: Wrong default notification level shown for group (#13952)
In the group interaction UI, if the default_notification_level for
a group was set to 0 (muted) it incorrectly showed as Watching in
the UI because of the ember or() helper, using JS comparison, considered
0 to be a falsey value and always showed 3 (watching) instead.
2021-08-05 13:17:36 +10:00
Krzysztof Kotlarek
7063933755
FEATURE: send user-card:show event (#13910)
Send user-card:show event when card is opened. Other parts may listen, for example, for analytic purpose.
2021-08-05 11:52:28 +10:00
Joffrey JAFFEUX
2ebe900914
DEV: resets post menu extra buttons between tests (#13939)
This ensures we do not leak buttons in acceptance tests
2021-08-05 11:47:49 +10:00
Krzysztof Kotlarek
354c939656
FIX: remove Nokogumbo references (#13951)
Specs broken after f4720205c0
2021-08-05 11:46:25 +10:00
dependabot[bot]
4c041eb9f5
Build(deps): Bump nokogiri from 1.12.1 to 1.12.2 (#13948)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 10:53:13 +10:00
dependabot[bot]
f4720205c0
Build(deps): Bump sanitize from 5.2.3 to 6.0.0 (#13949)
Bumps [sanitize](https://github.com/rgrove/sanitize) from 5.2.3 to 6.0.0.
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](https://github.com/rgrove/sanitize/compare/v5.2.3...v6.0.0)

---
updated-dependencies:
- dependency-name: sanitize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 10:49:07 +10:00
jbrw
fb14e50741
SECURITY: Destroy EmailToken when EmailChangeRequest is destroyed (#13950) 2021-08-04 19:14:56 -04:00
Martin Brennan
d8a0d2262c
DEV: Update pretender and fake-xml-http-request (#13937)
We are still on a version of pretender since 2017
https://github.com/pretenderjs/pretender/releases/tag/v1.6.1

Since then many changes have been made, including adding support
for xhr.upload. Upgrading will let us write proper acceptance
tests for uppy, which uses XmlHTTPRequest internally including
xhr.upload.

Updates pretender to 3.4.7 and fake-xml-http-request to 2.1.2.

Note: There have been no breaking changes in the releases that would
affect us, mainly dropping support for old node versions.
2021-08-05 08:23:01 +10:00
Robin Ward
17f28d4018 DEV: Add a widget API for injecting services
When declaring your widget you can now add an option like: `services: ['cool']`

And your widget instances will automatically get a `this.cool` property
which will resolve to the service. This saves having to look it up
yourself.
2021-08-04 16:27:19 -04:00
Jarek Radosz
07c6b720bc
DEV: Remove PostProcessed trigger option (#13916)
It was deprecated 5 years ago in e55e2aff94

I've seen it still being used in the wild, even though it doesn't do anything anymore as I understand it.
2021-08-04 22:24:47 +02:00
Jarek Radosz
fbd1cd5fe1
DEV: Prevent npm usage (#13945)
We rely on yarn workspaces so we don't want people using npm in the repo by accident.

Also updated the required node version to 12+.

~~Not sure about the min yarn version – the latest one could be missing in various CI-like envs, so I might change it yet.~~
Downgraded yarn to ">= 1.21.1" (the oldest of "current" versions, tagged "legacy")
2021-08-04 22:04:58 +02:00
Joffrey JAFFEUX
5b85b254db
DEV: do not process composer preview when collapsed (#13941) 2021-08-04 16:40:31 +02:00
Joffrey JAFFEUX
11668ee85b
PERF: generates dates tooltip on demand (#13944) 2021-08-04 16:28:07 +02:00
Discourse Translator Bot
6b87ae3d4c
Update translations (#13929) 2021-08-04 14:14:52 +02:00
Arpit Jalan
ff994234ee
UX: append ellipsis to actions that have follow-up screen (#13943) 2021-08-04 17:26:12 +05:30
Bianca Nenciu
d9843d757a
FIX: Update draft count when sequence is increased (#13940)
* FIX: Update draft count when sequence is increased

Sometimes users ended up having a draft count higher than the actual
number of drafts.

* FIX: Do not update draft count twice

The call to DraftSequence.next! above already does it.
2021-08-04 13:30:37 +03:00
Bianca Nenciu
e2af2a2219
FIX: Make rake site:export_structure export uploads (#13938)
It failed because of an undefined variable.
2021-08-04 11:14:30 +03:00
Arpit Jalan
4122affc0f
FIX: use search message context on group message page (#13936) 2021-08-04 13:42:17 +05:30
Joffrey JAFFEUX
d23c0c06c3
PERF: reduces rendering time of local-dates (#13931)
- prefers insertAdjacentHTML over innerHTML as it's much faster in this case (about 5x)
- memoizes tz.guess()
- memoizes list of timezones
- inlines template
- applies main element class in one pass

All in all for a very edge case of about 80 dates it should be faster of about 15/20ms.
2021-08-04 08:27:22 +02:00
Vinoth Kannan
1da0aa838f
FIX: use update_attribute method to trigger callbacks. (#13930)
Group flair is not removed while removing a user from the group since the `before_save` callback methods are not triggered while using the `update_columns` method.
2021-08-04 11:54:46 +05:30
dependabot[bot]
fc5194e515
Build(deps): Bump nokogiri from 1.12.0 to 1.12.1 (#13932)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.0 to 1.12.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 11:00:36 +08:00
dependabot[bot]
bd70de5c07
Build(deps): Bump nio4r from 2.5.7 to 2.5.8 (#13933)
Bumps [nio4r](https://github.com/socketry/nio4r) from 2.5.7 to 2.5.8.
- [Release notes](https://github.com/socketry/nio4r/releases)
- [Changelog](https://github.com/socketry/nio4r/blob/master/CHANGES.md)
- [Commits](https://github.com/socketry/nio4r/compare/v2.5.7...v2.5.8)

---
updated-dependencies:
- dependency-name: nio4r
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 10:59:22 +08:00
dependabot[bot]
fe2fbe1a38
Build(deps): Bump oj from 3.12.2 to 3.12.3 (#13934)
Bumps [oj](https://github.com/ohler55/oj) from 3.12.2 to 3.12.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.12.2...v3.12.3)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 10:59:06 +08:00
Bianca Nenciu
54e2b95539
FIX: Remove 'reply above line' marker (#13927)
This marker is automatically added by Discourse's group SMTP mailer.
When user responded to emails sent by it, Discourse did not trim this
marker.
2021-08-03 20:08:19 +03:00
Bianca Nenciu
e2c415457c
FEATURE: Attach backup log as upload (#13849)
Discourse automatically sends a private message after backup or
restore finished. The private message used to contain the log inline
even when it was very long. A very long log can create issues because
the length of the post will be over the maximum allowed length of a
post. When that happens, Discourse will try to create an upload with
the logs. If that fails, it will trim the log and inline it.
2021-08-03 20:06:50 +03:00
Osama Sayegh
e67670c1e4
FIX: Consistently show history modal when clicking edit notifications (#13912)
Currently when a user clicks on an edit notification, we use `appEvents` to
notify the topics controller that it should open up the history modal for the
edited post and the appEvents callback opens up the history modal in the next
Ember runloop (by scheduling an `afterRender` callback).

There are 2 problems with this implementation:

1) the callbacks are fired/executed too early and if the post has never been
loaded from the server (i.e. not in cache), we will not get a modal history
because the method that shows the modal `return`s if it can't find the post:

016efeadf6/app/assets/javascripts/discourse/app/controllers/topic.js (L145-L152)

2) when clicking an edit notification from a non-topic page, you're redirected
to the topic page that contains the edited post and you'll see the history
modal briefly and it'll be closed immediately. The reason for this is because
we attempt to show the history modal before the route transition finishes
completely, and we have cleanup code in `initializers/page-tracking.js` that's
called after every transition and it does several things one of which is
closing any open modals.

The fix in this commit defers showing the history modal until posts are loaded
(whether fresh or cached). It works by storing some bits of information (topic
id, post number, revision number) whenever the user clicks on an edit
notification, and when the user is redirected to the topic (or scrolled to the
edited post if they're already in the topic), the post stream model checks if
we have stored information of an edit notification and requests the history
modal to be shown by the topics controller.
2021-08-03 19:06:23 +03:00
Bianca Nenciu
52520638ca
FIX: Inline secure images with duplicated names (#13926)
Inlining secure images with the same name was not possible because they
were indexed by filename. If an email contained two files with the same
name, only the first image was used for both of them. The other file
was still attached to the email.
2021-08-03 18:58:34 +03:00
Blake Erickson
413de9361f
DEV: Disable PATCH requests (#13928)
We aren't actually calling any of the PATCH requests, so maybe we should
just stick with PUT unless we explicitly need PATCH for something.
2021-08-03 07:26:48 -06:00
Blake Erickson
5c6e7e3401
DEV: Document some of the badge api endpoints (#13919)
Adding some api documentation for the badge routes.
2021-08-03 06:25:12 -06:00
David Taylor
ab1460e2ca
UX: Ensure external login icons are visible on hover (#13914)
Some authentication buttons (e.g. apple, oidc, oauth2, saml) do not have a specific color specified. Therefore they were taking the default button-with-icon color, and the icons would almost disappear on hover. This commit adds a default of #000 for these buttons, so that the button hover looks similar to core auth buttons.
2021-08-03 12:48:21 +01:00
Martin Brennan
8eabbdae5c
DEV: Move composer-editor upload functions into mixin (#13923)
This PR moves all the upload related functions into a new
ComposerUpload mixin that is extended by the composer-editor
component. This is being done so I can introduce a ComposerUploadUppy
mixin that overrides functions in the regular ComposerUpload mixin,
via a new composer-editor-uppy component that inherits from
ComposerEditor. The proposed structure, which will be in the next PR,
looks like this:

composer-editor-uppy

```javascript
import ComposerEditor from "discourse/components/composer-editor"
import ComposerUploadUppy from "discourse/mixins/composer-upload-uppy"

export default ComposerEditor.extend(ComposerUploadUppy, {
  layoutName: "components/composer-editor"
});
```

This way the new composer-editor is a dumb component purely used for
testing uppy safely, and within the template for composer.hbs we do
this:

```javascript
@discourseComputed
composerComponent() {
  return this.siteSettings.enable_experimental_composer_uploader
    ? "composer-editor-uppy"
    : "composer-editor";
},
```

```handlebars
{{component composerComponent ...}}
```

This is the only way I can think to do it, because it is not possible to
access the site settings when the component is first declared I can't do
something like:

```javascript
const uploaderMixin = this.siteSettings.use_experimental_uploader?
ComposerUploaderUppy : ComposerUploader;

Component.extend(uploaderMixin, {});
```

An additional change in this PR is explicitly passing in these four
plugin data structures to the composer-editor Component, rather
than relying on JS closures which the mixin cannot do:

* uploadMarkdownResolvers
* uploadProcessorActions
* uploadProcessorQueue
* uploadHandlers
2021-08-03 14:46:32 +10:00
Vinoth Kannan
4ec2c1e9a9
DEV: don't merge email address if target user is not human. (#13915)
While merging two user accounts don't merge the source user's email address if the target user is not a human.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-08-03 10:04:35 +05:30
dependabot[bot]
c02c6940bb
Build(deps): Bump nokogiri from 1.11.7 to 1.12.0 (#13920)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.7 to 1.12.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:04:41 +08:00
dependabot[bot]
c70f3e0916
Build(deps): Bump bootsnap from 1.7.6 to 1.7.7 (#13921)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.6 to 1.7.7.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.6...v1.7.7)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:04:10 +08:00
dependabot[bot]
9e8b377978
Build(deps): Bump globalid from 0.5.1 to 0.5.2 (#13922)
Bumps [globalid](https://github.com/rails/globalid) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/rails/globalid/releases)
- [Commits](https://github.com/rails/globalid/compare/v0.5.1...v0.5.2)

---
updated-dependencies:
- dependency-name: globalid
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:03:56 +08:00
Jordan Vidrine
465db1e5b5
FIX: Adjust poll buttons (#13924)
* FIX: Adjust poll buttons

* REFACTOR: Move styles to desktop stylesheet
2021-08-03 10:03:18 +08:00