Commit Graph

8105 Commits

Author SHA1 Message Date
Tobias Eigen
cc2eb6e7b3
Change to no_messages_body copy (#12587)
The original copy I proposed was too scary, so here's a simplified educational message.
2021-04-01 15:00:20 -07:00
Arpit Jalan
61860098d9
UX: move logs/watched_words to customize/watched_words in admin section (#12571)
https://meta.discourse.org/t/where-is-auto-tag-and-auto-replace/184261
2021-04-01 11:44:17 +05:30
Arpit Jalan
c478ffc662
FIX: post merging was failing silently (#12566)
https://meta.discourse.org/t/merging-very-long-posts-removes-them/183597
2021-04-01 06:46:18 +05:30
Martin Brennan
28d67b4583
FEATURE: Show an educational message in the quick access menu for personal messages when there are none (#12564)
If the user has not been sent any messages, show a message in the quick access menu with an educational message. If the user can send private messages, also show a link to open the "new message" composer:

This also adds a general improvement to the quick-access-panel, to be able to show an `emptyStateWidget` instead of just a message if there is nothing to show in the panel, as well as initial general styles for empty state.
2021-04-01 10:22:40 +10:00
jbrw
68d0916eb5
FEATURE: Oneboxer cache response body (#12562)
* FEATURE: Cache successful HTTP GET requests during Oneboxing

Some oneboxes may fail if when making excessive and/or odd requests against the target domains. This change provides a simple mechanism to cache the results of succesful GET requests as part of the oneboxing process, with the goal of reducing repeated requests and ultimately improving the rate of successful oneboxing.

To enable:

Set `SiteSetting.cache_onebox_response_body` to `true`

Add the domains you’re interesting in caching to `SiteSetting. cache_onebox_response_body_domains` e.g. `example.com|example.org|example.net`

Optionally set `SiteSetting.cache_onebox_user_agent` to a user agent string of your choice to use when making requests against domains in the above list.

* FIX: Swap order of duration and value in redis call

The correct order for `setex` arguments is `key`, `duration`, and `value`.

Duration and value had been flipped, however the code would not have thrown an error because we were caching the value of `1.day.to_i` for a period of 1 seconds… The intention appears to be to set a value of 1 (purely as a flag) for a period of 1 day.
2021-03-31 13:19:34 -04:00
Kris
9c8ec372f1
UX: remove reference to contact form in settings (#12554) 2021-03-30 14:18:06 -04:00
Kris
6d65320aae
UX: login modal adjustments (#12552) 2021-03-30 14:16:50 -04:00
Discourse Translator Bot
598718a19d
Update translations (#12556) 2021-03-30 15:44:13 +02:00
Bianca Nenciu
52a5c7e438
FIX: Improve error messages if user cannot send PM emails (#12547) 2021-03-30 12:18:57 +03:00
tison
21b4fef175
DEV: Correct the ruby version check (#12551)
Makes it Ruby 3 compatible.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-03-30 09:44:53 +02:00
Bianca Nenciu
013b4f353b
FIX: Replace 'Chromebook' with 'Chrome OS' (#12508)
There are many Chrome OS devices and no way to determine the exact device.
2021-03-25 17:09:32 +02:00
Roman Rizzi
4505951d32
UX: Display a tooltip when trying to delete an automatic group. (#12493) 2021-03-25 11:07:38 -03:00
Jarek Radosz
6ff888bd2c
DEV: Retry-after header values should be strings (#12475)
Fixes `Rack::Lint::LintError: a header value must be a String, but the value of 'Retry-After' is a Integer`. (see: 14a236b4f0/lib/rack/lint.rb (L676))

I found it when I got flooded by those warning a while back in a test-related accident 😉 (ember CLI tests were hitting a local rails server at a fast rate)
2021-03-23 20:32:36 +01:00
Discourse Translator Bot
e477a9a47d
Update translations (#12490) 2021-03-23 16:12:04 +01:00
Rafael dos Santos Silva
fb4486d5f1
FEATURE: Add CSP frame-ancestors support (#12404) 2021-03-22 16:00:25 -03:00
Roman Rizzi
706ea6692d
UI: Rename button with a duplicated name. (#12480)
There're two buttons name "Flag Post". Rename one of them to avoid confusion.
2021-03-22 15:50:44 -03:00
Dan Ungureanu
4e46732346
FEATURE: Implement browser update in crawler view (#12448)
browser-update script does not work correctly in some very old browsers
because the contents of <noscript> is not accessible in JavaScript.
For these browsers, the server can display the crawler page and add the
browser update notice.

Simply loading the browser-update script in the crawler view is not a
solution because that means all crawlers will also see it.
2021-03-22 19:41:42 +02:00
Bianca Nenciu
ec7415ff49
FEATURE: Check email availability in signup form (#12328)
* FEATURE: Check email availability on focus out

* FIX: Properly debounce username availability
2021-03-22 17:46:03 +02:00
Jarek Radosz
695288f8ff
FIX: Restore client.zh_TW.yml (#12470)
Accidentally removed in b7556fca80
2021-03-22 10:58:46 +01:00
lhkjacky
b7556fca80
DEV: Add ap-east-1 S3 region (#12457)
Asia Pacific (Hong Kong) ap-east-1
2021-03-22 10:22:29 +01:00
Martin Brennan
49f4c548ef
FEATURE: Bookmark pinning (#12431)
Users can now pin bookmarks from their bookmark list. This will anchor the bookmark to the top of the list, and show a pin icon next to it. This also applies in the nav bookmarks panel. If there are multiple pinned bookmarks they sort by last updated order.
2021-03-22 09:50:22 +10:00
David Taylor
374ab82dd6
FIX: Ensure 100-logster initializer is run before 101-lograge (#12455)
The logster initializer tries to adds RailsMultisite::Formatter to the STDOUT logger. In production, the lograge initializer then removes the RailsMultisite:Formatter because the JSON log will include the database.

e10a74694a used `Rails.application.reloader.to_prepare` to defer running the 100-logster initializer, which meant it ran **after** 101-lograge. This meant that we were writing JSON logs with a non-json text prefix.

The `to_prepare` was added because our freedom-patches are now deferred using `to_prepare`, and some initializers were relying on the freedom patches. However, following 1533cbb38b, we decided to load the RailsMultisite freedom patch without `to_prepare`. Therefore, `005-site_settings` and `100-logster` no longer need to use `to_prepare`. Removing it means that these initializers are back to running in sequential order, and the logging issue will be resolved.

The only remaining initializer which depends on freedom patches is `100-i18n`. I've added a comment to explain why.
2021-03-19 19:51:13 +00:00
Penar Musaraj
d470e4fade
FEATURE: Allow users to save draft and close composer (#12439)
We previously included this option conditionally when users were replying
or creating a new topic while they had content already in the composer.

This makes the dialog always include three buttons:
  - Close and discard
  - Close and save draft for later
  - Keed editing

This also changes how the backend notifies the frontend when there is
a current draft topic. This is now sent via the `has_topic_draft`
property in the current user serializer.
2021-03-19 09:19:15 -04:00
Martin Brennan
355d51afde
FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic.

The invitation methods that are supported include:

* Inviting people to groups via email address
* Inviting people to topics via email address
* Using invitation links generated by the Invite Users UI in the /my/invited/pending route

The flow works like this:

1. User visits an invite URL
2. The normal invitation validations (redemptions/expiry) happen at that point
3. We store the invite key in a secure session
4. The user clicks "Accept Invitation and Continue" (see below)
5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login
6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email
7. If the invite is OK we create the user via the normal SSO methods
8. We redeem the invite and activate the user. We clear the invite key in secure session.
9. If the invite had a topic we redirect the user there, otherwise we redirect to /

Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case.

Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
2021-03-19 10:20:10 +10:00
Dan Ungureanu
5024ea72d2
UX: Show first unique letters in invite link (#12434) 2021-03-18 19:05:38 +02:00
Blake Erickson
44153cde18
FIX: Be able to handle long file extensions (#12375)
* FIX: Be able to handle long file extensions

Some applications have really long file extensions, but if we truncate
them weird behavior ensues.

This commit changes the file extension size from 10 characters to 255
characters instead.

See:

https://meta.discourse.org/t/182824

* Keep truncation at 10, but allow uppercase and dashes
2021-03-17 12:01:29 -06:00
Gerhard Schlager
38dd81d38a
DEV: Remove deprecated Sidekiq config (#12427)
> WARNING: Sidekiq::Web.sessions= is no longer relevant and will be removed in Sidekiq 7.0.
2021-03-17 16:29:10 +01:00
Osama Sayegh
a23d0f9961
UX: Add image uploader widget for uploading badge images (#12377)
Currently the process of adding a custom image to badge is quite clunky; you have to upload your image to a topic, and then copy the image URL and pasting it in a text field. Besides being clucky, if the topic or post that contains the image is deleted, the image will be garbage-collected in a few days and the badge will lose the image because the application is not that the image is referenced by a badge.

This commit improves that by adding a proper image uploader widget for badge images.
2021-03-17 08:55:23 +03:00
Discourse Translator Bot
bc88ea5976
Update translations (#12412) 2021-03-16 15:49:29 +01:00
Dan Ungureanu
eda8a839d4
UX: Show Topic column in invites pending tab (#12413) 2021-03-16 16:29:41 +02:00
Krzysztof Kotlarek
e10a74694a
FIX: deprecation warning - initialization autoloaded the constant (#12400)
Get rid of deprecation related to Zeitwerk autoloader.

Original PR was reverted because of multisite bug #12381 - thank you @davidtaylorhq for fixing it.

I added the last commit to fix that multisite problem.
2021-03-16 09:47:57 +11:00
Dan Ungureanu
790c4ad4a7
FEATURE: Improve expired invites tab (#12392)
This commit extends functionality of the expired invites tab, making
it more similar to the pending tab. It also implements a different
layout for mobile.
2021-03-15 11:52:58 +02:00
David Taylor
7970d1d99f
FEATURE: Allow a cluster_name to be configured and used for /srv/status (#12365)
The cluster name can be configured by setting the `DISCOURSE_CLUSTER_NAME` environment variable. If set, you can then call /srv/status with a `?cluster=` parameter. If the cluster does not match, an error will be returned. This is useful if you need a load balancer to be able to verify the identity, as well as the presence, of an application container.
2021-03-15 15:41:59 +11:00
Vinoth Kannan
1c672c97d3
DEV: mount DiscourseDev engine routes at /dev path. (#12376) 2021-03-13 00:17:06 +05:30
Roman Rizzi
9a779ca99a
FIX: Show a proper error message when trying to bulk award a disabled badge. (#12384) 2021-03-12 14:28:27 -03:00
David Taylor
1533cbb38b
Revert "FIX: deprecation warning - initialization autoloaded the constant (#12347)" (#12381)
This reverts commit 9a5a38a529.

This change was preventing `rake multisite:migrate` from working
2021-03-12 13:48:46 +00:00
Krzysztof Kotlarek
9a5a38a529
FIX: deprecation warning - initialization autoloaded the constant (#12347)
Get rid of deprecation related to Zeitwerk autoloader.
2021-03-12 08:42:53 +11:00
Roman Rizzi
8fcad73b36
FEATURE: Admins can flag posts so they can review them later. (#12311)
Staff can send a post to the review queue by clicking the "Flag Post" button next to "Take Action...". Clicking it flags the post using the "Notify moderators" score type and hides it. A custom message will be sent to the user.
2021-03-11 08:21:24 -03:00
David Taylor
0902e56162
FEATURE: Flag to disable DiscourseConnect CSRF protection (#12356)
This is not recommended. But if you have other protections in place for CSRF mitigation, you may wish to disable Discourse's implementation. This site setting is not visible in the UI, and must be changed via the console.
2021-03-11 10:38:34 +00:00
Kris
83519e7f3a
FEATURE: Always show tag dropdown when tagging is enabled (#12209) 2021-03-10 21:13:15 -05:00
Penar Musaraj
10780d2448
DEV: support json_schema in theme settings (#12294) 2021-03-10 20:15:04 -05:00
Jeff Atwood
ec00482027
UX: add bell emoji for better unread education (#12348) 2021-03-11 10:07:53 +11:00
Simon Cossar
1a0cca5539
Update disable mailing list mode setting description (#12346) 2021-03-10 14:32:40 -08:00
Bianca Nenciu
c0421e4586
FEATURE: Implement bulk operations for PMs (#12286) 2021-03-10 14:49:38 +02:00
Bianca Nenciu
990a26d14b
FIX: Add translation string for clear all watched words (#12336) 2021-03-10 14:48:13 +02:00
Dan Ungureanu
687e09c885
UX: Minor improvements to invites (#12324)
* FIX: Show resend button only if an email was sent

Otherwise, show the "save and send email" button.

* UX: Copy change

* UX: Show feedback when link was copied
2021-03-09 16:56:18 +02:00
Discourse Translator Bot
d1cf773730
Update translations (#12323) 2021-03-09 15:19:02 +01:00
Alan Guo Xiang Tan
ce04db8610 FEATURE: Allow invites redemption with Omniauth providers. 2021-03-09 09:27:18 +08:00
Alan Guo Xiang Tan
ebe4896e48 FEATURE: Change very high/low search priority to rank at absolute ends.
Prior to this change, we had weights for very_high, high, low and
very_low. This means there were 4 weights to tweak and what weights to
use for `very_high/high` and `very_low/low` pair was hard to explain.
This change makes it such that `very_high` search priority will always
ensure that the posts are ranked at the top while `very_low` search
priority will ensure that the posts are ranked at the very bottom.
2021-03-09 09:20:37 +08:00
Dan Ungureanu
7f3240ea31
FEATURE: Various improvements to invite system (#12298)
* FIX: Do not show expired invites under Pending tab

* DEV: Controller action was renamed in previous commit

* FEATURE: Add 'Expired' tab to invites

* FEATURE: Refresh model after removing expired invites

* FEATURE: Do not immediately add invite to the list

Opening the 'create-invite' modal used to automatically generate an
invite to reserve an invite link. If the user did not save it and
closed the modal, the invite would be destroyed. This operations caused
the invite list to change in the background and confuse users.

* FEATURE: Sort redeemed users by creation time

* UX: Improve show / hide advanced options link

* FIX: Show redeemed users even if invites were trashed

* UX: Change modal title when editing invite

* UX: Remove Get Link button

Users can get it from the edit modal

* FEATURE: Add limit for invite links generated by regular users

* FEATURE: Add option to skip email

* UX: Show better error messages

* FIX: Show "Invited by" even if invite was trashed

Follow up to 1fdfa13a099d8e46edd0c481b3aaaafe40455ced.

* FEATURE: Add button to save without sending email

Follow up to c86379a465f28a3cc64a4a8c939cf32cf2931659.

* DEV: Use a buffer to hold all changed data

* FEATURE: Close modal after save

* FEATURE: Rate limit resend invite email

* FEATURE: Make the save buttons smarter

* FEATURE: Do not always send email even for new invites
2021-03-06 13:29:35 +02:00
Tobias Eigen
ce34a46669 clarify copy "this site was just updated" popup
as per: https://meta.discourse.org/t/this-site-was-just-updated-popups-are-annoying/181125?u=tobiaseigen
2021-03-05 15:57:33 +08:00
Rafael dos Santos Silva
4af3c42904
FEATURE: Add opt-in screenshots to the web app manifest (#12288)
This will be used by Chrome on Android on the install prompt,
as show in https://twitter.com/alexey_rodionov/status/1349612958754762753

Follows the spec at https://www.w3.org/TR/manifest-app-info/
2021-03-04 18:39:58 -03:00
Joshua Rosenfeld
75dc01627d
FEATURE: Mailing list mode default disabled (#11091)
Mailing list mode can generate significant email volume, especially on sites with a large user base. Disable mailing list mode via site settings by default so sites don't experience an unexpectedly large cost from outgoing email.
2021-03-04 15:24:37 -05:00
Tobias Eigen
9cb72e1895
copy changes to new invite system (#12277)
I made some adjustments to the invite system copy, to reflect the mockups at https://meta.discourse.org/t/improve-invite-system/173756 - the goal is to try to reduce the number of words and make it as simple as possible, similar to discord.
2021-03-03 09:42:50 -08:00
Dan Ungureanu
c047640ad4
FEATURE: Various improvements to invite system (#12023)
The user interface has been reorganized to show email and link invites
in the same screen. Staff has more control over creating and updating
invites. Bulk invite has also been improved with better explanations.

On the server side, many code paths for email and link invites have
been merged to avoid duplicated logic. The API returns better responses
with more appropriate HTTP status codes.
2021-03-03 11:45:29 +02:00
Bianca Nenciu
039d0d3641
FEATURE: Move security related user preferences to different tab (#12264) 2021-03-03 11:09:22 +02:00
Bianca Nenciu
b49b455e47
FEATURE: Autotag watched words (#12244)
New topics with be matched against a set of watched words and be
tagged accordingly.
2021-03-03 10:53:38 +02:00
Martin Brennan
8d38438725
FIX: Sort topic timer and bookmark time options (#12270)
remove 3 month option for topic timer
move relative time input inside the custom
date and time shortcut
make sure special options are always at the bottom
2021-03-03 13:33:47 +10:00
Martin Brennan
31fab3f84d
FEATURE: Add year to relative time picker (#12268)
Add a new year interval option to relative time picker, and also fix some rounding issues (Math.floor is not ideal because it gets rid of half days etc.)

Also adding some component tests here for relative-time-picker.
2021-03-03 11:41:07 +10:00
Rafael dos Santos Silva
83f332b5a5
FEATURE: Add a site setting to allow emojis to come from an external URL (#12180) 2021-03-02 16:04:16 -03:00
David Taylor
8fd46c04ea
Drop flash video onebox (#12261)
Flash was discontinued by Adobe at the end of 2020. There is no need to continue OneBox support for it
2021-03-02 17:11:14 +00:00
Discourse Translator Bot
c21cba70f6
Update translations (#12258) 2021-03-02 15:28:30 +01:00
Martin Brennan
6b4d066834
FIX: Skip sending PM email for user silence (#12240)
We were sending 2 emails for user silencing if a message was provided in the UI. Also always send email for user silence and user suspend with reason regardless of whether message provided.
2021-03-02 09:18:09 +10:00
Penar Musaraj
6809cccd88
DEV: Add experimental json_scheme site setting type (#12226) 2021-03-01 09:15:17 -05:00
1resu
feaf3cb97e
remove daemonize setting (#12232)
This configuration setting was [removed](https://github.com/puma/puma/blob/master/docs/deployment.md#should-i-daemonize) with Puma 5
2021-03-01 16:42:50 +11:00
Bianca Nenciu
4b0496b2fc
FIX: Reintroduce auto_silence_first_post_regex (#12223)
Follow-up to 533800a87b.
2021-02-26 15:07:04 +02:00
Penar Musaraj
45c5fd2172
DEV: Remove JoyPixels emoji option (#12197)
- removes the option from site settings
- deletes the site setting on existing sites that have it
- marks posts using emojis as requiring a rebake

Note that the actual image files are not removed here, the plan is to
remove them in a few weeks/months (when presumably the rebaking of old
posts has been completed).
2021-02-26 07:44:52 -05:00
Arpit Jalan
93a0a906b5
FIX: allow adding user to PM when inviter is in allowed list (even (#12212)
though other participants are not in allowed list)

If you create an allowlist of users who can PM you, and use the function
“Only specific users can send me private messages”, then you can’t be
added to group messages unless everyone in that message is already in
your allow list.

This commit allows user to be added to a group message even when other
participants are not in allowed list
2021-02-25 22:56:49 +05:30
Bianca Nenciu
533800a87b
Add watched words of type "replace" (#12020)
This commit includes other various improvements to watched words.

auto_silence_first_post_regex site setting was removed because it overlapped
with 'require approval' watched words.
2021-02-25 14:00:58 +02:00
Martin Brennan
13c2a4886f
FEATURE: Add disable_onebox_media_download_controls hidden site setting (#12208)
Uses discourse/onebox@ff9ec90

Adds a hidden site setting called disable_onebox_media_download_controls which will add controlslist="nodownload" to video and audio oneboxes, and also to the local video and audio oneboxes within Discourse.
2021-02-25 12:39:15 +10:00
Kris
362dd798ae
UX: add link for email login below username, remove button (#12118) 2021-02-24 16:30:08 -05:00
Vinoth Kannan
437c348598
DEV: add CORS header for all nginx rules of public folder files. (#12205)
* DEV: add CORS header for all nginx rules of public folder files.

This reverts commit d628c65af0 and adding CORS header in two more places individually.
2021-02-25 02:57:37 +05:30
Bianca Nenciu
dc7e3fab50
FIX: Pass ajax function to loadOneboxes (#12199)
When enable_diffhtml_preview is true, oneboxes failed to load because a
wrong parameter was passed.

This commit also unhides enable_diffhtml_preview.
2021-02-24 21:42:09 +02:00
Bianca Nenciu
845987ce23
FIX: Improve error message when login_required sites are under load
Previously a confusing message would pop up making private communities thing that anonymous access is granted.
2021-02-24 13:25:55 +11:00
Sam
c9256b717f
DEV: hide the site setting rebake_old_posts_count (#12181)
This setting is confusing admins, it is now hidden by default

It only applies to major updates of the rendering engine or imports and
very infrequently needs tweaking
2021-02-24 09:45:26 +11:00
Roman Rizzi
4bc3a64982
A11Y: Improve the header menu "view all" title. (#12175)
* A11Y: Improve the header menu "view all" title.

The title attribute has been used to attempt to provide the link with an accessible name, but the value of the title attribute is “view all” for the link in each of the tabs, and so their purpose is not uniquely identified.
2021-02-23 12:24:42 -03:00
Discourse Translator Bot
2757003ef1
Update translations (#12186) 2021-02-23 15:10:04 +01:00
David Taylor
3787bbc223
DEV: Remove unused max_api_keys_per_user site setting (#12185)
This was added in fc095acaaa, but a check was never implemented
2021-02-23 13:07:42 +00:00
Penar Musaraj
7fb4633b5a
DEV: Remove very old mocha deprecation workaround (#12151) 2021-02-22 20:26:49 -05:00
Penar Musaraj
0620f6298e
UX: Remove emoji step in wizard (#12169) 2021-02-22 12:14:18 -05:00
Arpit Jalan
f75e1867ff
FIX: do not send rejection emails to auto-deleted reviewable users (#12160)
FIX: add context when user is deleted via auto handle queued reviewable
FIX: do not delete email_log when a user is deleted
2021-02-22 18:37:47 +05:30
Joffrey JAFFEUX
0b14eb6ab1
A11Y: makes edit username and avatar accessible (#12162)
This commit also adds name as a bindable attribute of link-to
2021-02-22 12:10:44 +01:00
Penar Musaraj
916e1d85cf
FEATURE: Quick theme installs via query parameters (#12128) 2021-02-18 12:51:44 -05:00
Bianca Nenciu
08acf51be0
FEATURE: Use diffhtml to update composer preview (#11237)
Displaying videos, animated GIFs or any kind of rich content in preview
used to refresh on every keystroke, which could cause performance
problems.
2021-02-18 16:07:26 +02:00
Vinoth Kannan
d628c65af0
DEV: add CORS header for all files served from public folder. (#12119)
It's required when we enable cors mod in service worker.
2021-02-18 08:41:13 +05:30
Martin Brennan
e0f0fe5624
FIX: Bump max topic timer duration to 20 years (#12107)
This way it has some sort of cap, even if it seems pretty
high, and we don't have to worry about requests for increasing
it from 2 to 5 to 10 etc.
2021-02-18 11:52:30 +10:00
Arpit Jalan
a174c8b8d4
FIX: hide sso payload behind a button click and log views (#12110) 2021-02-17 21:27:51 +05:30
Penar Musaraj
431c6de480
UX: Add editing guidance for remote themes (#12111) 2021-02-17 10:24:34 -05:00
Simon Cossar
71904277e2
Add bad_destination_address template to email_templates_controller (#12102)
Add bad_destination_address template to email_templates_controller;
Update bad_destination_address email copy
2021-02-17 09:57:38 +01:00
Discourse Translator Bot
f283bde25a
Update translations (#12097) 2021-02-16 15:24:37 +01:00
Martin Brennan
c0c7c237aa
FIX: Clean up topic-timer-info CSS classes, add edit button, and improve UI (#12080)
This PR adds an edit button to the topic timer info message which opens the modal.

Also, I have cleaned up a few more places where we were referencing "topic status update" which is what these were called prior to being called topic timers.

The category settings for auto-close topic hours has now also been modified to use the new relative-time-picker component.

Finally, the relative-time-picker input step and min is dynamic based on mins/other intervals selected, see https://review.discourse.org/t/feature-relative-time-input-for-timers-and-bookmarks-and-promote-auto-close-after-last-post-timer-12063/19204/7?u=martin
2021-02-16 12:07:30 +10:00
Gerhard Schlager
f71ff2c34b
UX: relative-time-picker should use pluralized strings (#12086) 2021-02-15 14:15:22 +01:00
David Taylor
d8705ee0ad
UX: Fix local-dates styling (#12085)
Renames the new `relative-time` component to `relative-time-picker` to
avoid CSS class conflict with local-dates.
2021-02-15 10:44:30 +00:00
Martin Brennan
84c7b2c404
FEATURE: Relative time input for timers and bookmarks and promote auto-close after last post timer (#12063)
This PR adds a new relative-time component, that is an input box with a SK dropdown of minutes, hours, days, and months which outputs the duration selected in minutes. This new component is used in the time shortcuts list (used by bookmarks and topic timers) as a new Relative Time shortcut.

Also in this PR, I have made the "Auto-Close After Last Post" timer into a top level timer type in the UI, and removed the "based on last post" custom time shortcut.
2021-02-15 12:49:57 +10:00
Vinoth Kannan
cc1c4265c1
DEV: add allow origin header to public javascript files. (#12059) 2021-02-12 19:37:57 +05:30
Discourse Translator Bot
a3c363c8f0
Update translations (#12065) 2021-02-12 13:18:05 +01:00
Vinoth Kannan
5a11e72c51
UX: remove pluralization in single category notification types. (#12061) 2021-02-12 14:26:44 +05:30
Martin Brennan
ff1ac57feb
FIX: Validate duration minutes values for topic timer (#12040)
Add server and client side validations to ensure topic timer durations cannot exceed 2 years and cannot be less than or equal to 0.
2021-02-12 09:05:14 +10:00
Blake Erickson
395a903cf6
DEV: Show warning message when using ember css selectors (#12036)
* DEV: Show warning message when using ember css selectors

When editing the theme css via the admin UI a warning message
will be displayed if it detects that the `#emberXXX` or `.ember-view`
css selectors are being used. These are dynamic selectors that ember
generates, but they can change so they should not be used.

* Update error message text to be more helpful

* Display a warning instead of erroring out

This allows the theme to still be saved, but a warning is displayed.

Updated the tests to check for the error message.

Updated the pre tags css so that it wraps for long messages.
2021-02-11 13:48:57 -07:00
Arpit Jalan
12b57c0dee
FEATURE: Add "Recently read topics" tab to user activity page (#12047) 2021-02-11 22:36:50 +05:30
Jordan Vidrine
5e1c8111d3
UI: Adjust gradient, icon hover, capitalizations (#12045)
This commit adjusts the scroll gradient on the login modal, changes `email / username` to `Email / Username` and adjusts the color of social button icons on hover in the login modal.
2021-02-11 10:08:01 -06:00
Jarek Radosz
956f849250 DEV: Enable unicorn logger in test environment 2021-02-11 15:24:15 +01:00
Jordan Vidrine
4580595bd8
Login signup zazz (#11957)
This PR re-styles the login and create account modals.
2021-02-10 14:53:18 -06:00
Discourse Translator Bot
b3fa521bf4
Update translations (#12019) 2021-02-09 14:56:15 +01:00
Joffrey JAFFEUX
6d31ead050
A11Y: correctly sets a name on combo-boxes for single selects (#12009) 2021-02-08 11:24:42 +01:00
David Taylor
821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
Kris
ded0f5b4e5
UX: Remove Helvetica from our font stack (#11876)
Arial is more consistently available across operating systems and aligns better.
2021-02-05 17:01:21 -05:00
Vinoth Kannan
a6e3877b8a
DEV: use request_path instead of script_name to find static file requests. (#11986)
`script_name` env variable would be empty for public static assets.
2021-02-05 09:09:55 +05:30
tshenry
2695f7dae8
FIX: The invite success email translation variable was renamed (#11988)
`emailOrUsername` was renamed to `invitee` in a recent change to app/assets/javascripts/discourse/app/components/invite-panel.js and needed to be updated in client.en.yml
2021-02-04 19:10:34 -08:00
Kris
6d6436e9e7
UX: Fix & clarify bulk notification change modal (#11969) 2021-02-04 14:35:47 -05:00
Arpit Jalan
309adb82ba
UX: add a confirmation modal to "Remove All Tags" action (#11973)
UX: update label for "Remove Tags" action
2021-02-04 18:30:01 +05:30
Jarek Radosz
704778f448
FIX: Don't invite new users via group with SSO on or local logins off (#11950)
Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339

Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on.

We already prevent that in most places. This adds required checks to `GroupsController`.
2021-02-03 18:13:00 +01:00
Jarek Radosz
45931f86be
DEV: Remove bulk group admin endpoints (#11949)
Originally added in 47e25648df. Looks like all related code was removed in c82b2dcc24 and b76731d722.
2021-02-03 18:12:22 +01:00
Penar Musaraj
04dd4a75af
UX: Always show confirmation dialog when converting themes/components (#11953) 2021-02-03 11:45:25 -05:00
Jarek Radosz
39a9651847
DEV: Remove update_mail_receiver and deprecated_api_usage (#11947)
`update_mail_receiver`-related code was removed in 269ec70ba8 and `deprecated_api_usage`-related code was removed in d04ba4b3b2.
2021-02-03 17:41:47 +01:00
Vinoth Kannan
024f2720f3
DEV: apply cdn headers to public javascripts endpoint too. (#11942)
It will add CORS header `Access-Control-Allow-Origin: '*'` to the files inside `public/javascripts` folder.
2021-02-03 20:15:52 +05:30
Bianca Nenciu
901cee55cd
FEATURE: Improve group settings and members management (#11878)
This pull requests contains a series of improvements to groups
settings and member management such as:

- Showing which users have set a group as primary
- Moving similar settings together under Effects
- Adding bulk select and actions to members page
2021-02-03 16:11:08 +02:00
Martin Brennan
6d72c8ab19
FEATURE: Topic timer UI revamp (#11912)
This PR revamps the topic timer UI, using the time shortcut selector from the bookmark modal.

* Fixes an issue where the duration of hours/days after last reply or auto delete replies was not enforced to be > 0
* Fixed an issue where the timer dropdown options were not reloaded correctly if the topic status changes in the background (use `MessageBus` to publish topic state in the open/close timer jobs)
* Moved the duration input and the "based on last post" option from the `future-date-input` component, as it was only used for topic timers. Also moved out the notice that is displayed which was also only relevant for topic timers.
2021-02-03 10:13:32 +10:00
Gerhard Schlager
fa33e4863d
DEV: Remove deprecated bootsnap options (#11929)
Bootsnap started printing these warnings:

```
[DEPRECATED] Bootsnap's `autoload_paths_cache:` option is deprecated and will be removed. If you use Zeitwerk this option is useless, and if you are still using the classic autoloader upgrading is recommended.
[DEPRECATED] Bootsnap's `disable_trace:` option is deprecated and will be removed. If you use Ruby 2.5 or newer this option is useless, if not upgrading is recommended.
```
2021-02-02 14:39:51 +01:00
Discourse Translator Bot
4860c7c6ee
Update translations (#11928) 2021-02-02 14:37:52 +01:00
Gerhard Schlager
d055552994
Fix i18n issues reported on Crowdin (#11747)
* Pluralize `groups.errors.adding_too_many_users`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#53882

* Pluralize `js.composer.error.title_too_short`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41172

* Pluralize `js.composer.error.title_too_long`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41174

* Pluralize `js.composer.error.post_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41178

* Pluralize `js.topic.progress.jump_prompt_of`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41958

* Use translations to join strings about posters
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#49334
  It also makes some changes to the crawler view:
    * Removes `poster.moreCount` which is only available on the client for PMs
    * CSS class names are actually stored in `poster.extras` instead of `poster.extraClasses`

* Stop concatenating category stats
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40740

* Pluralize `js.summary.description`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40782

* Pluralize `js.summary.description_time_MF`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40784

* Use translation to join list of tags
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43372

* Pluralize `admin_js.admin.groups.manage.membership.automatic_membership_user_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43720

* Pluralize `js.post.controls.delete_topic_confirm_modal`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#54804

* Stop concatenating `js.post.last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42358

* Stop concatenating `js.post.wiki_last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42356
  It also fixes a regression because `js.post.wiki_last_edited_on` wasn't used anymore since 2017.
2021-02-02 10:50:04 +01:00
Penar Musaraj
0f31a221c9
DEV: Performance fixes to filtered replies (#11916) 2021-02-01 11:53:13 -05:00
Dan Ungureanu
dd175537f3
FIX: Existing shared drafts should be accessible (#11915)
Disabling shared drafts used to leave topics in an inconsistent state
where they were not displayed as shared drafts and thus there was no
way of publishing them. Moreover, they were accessible just to users
who have permissions to create shared drafts.

This commit adds another permission check that is used for most
operations and the old can_create_shared_draft? remains used just when
creating a new shared draft.
2021-02-01 16:16:34 +02:00
Osama Sayegh
98201ecc24
DEV: {{user-selector}} replacement (#11726)
This PR is the first step towards replacing our `{{user-selector}}` and eventually deprecating and removing it from our codebase. Some of `{{user-selector}}` problems are:

1. It's called `{{user-selector}}`, but in reality in can also select groups and emails.
2. It's an Ember component, yet it doesn't have a handlebars template and uses jQuery to render itself and modify the DOM. An example of this problem is when you want to clear the selected users programmatically, see [this](6c155dba77/app/assets/javascripts/discourse/app/components/user-selector.js (L179-L185)).
3. We now have select kit which does very similar things but a lot better.

This PR introduces `{{email-group-user-chooser}}` which is meant to replace `{{user-selector}}`. It extends select kit and has the same features that `{{user-selector}}` has. `{{user-selector}}` is still used in a few places in core, but they'll all be replaced with the new component in a separate commit. 

Once `{{user-selector}}` is not used anywhere in core, it'll be deprecated and then removed after the 2.7 release.
2021-02-01 13:07:11 +03:00
Martin Brennan
3e3f3f7b7e
DEV: Add time shortcut picker component and libs and refactor bookmark modal controller into component which uses time shortcut picker (#11802)
This PR moves all of the time picking functionality from the bookmark modal and controller into a reusable time-shortcut-picker component, which will be used for the topic timer UI revamp. All of the utility JS for getting dates like tomorrow/next week/next month etc. have also been moved into a separate utility lib.

The time-shortcut-picker has a couple of options that can be passed in:

* prefilledDatetime - The date and time to parse and prefill into the custom date and time section, useful for editing interfaces.
* onTimeSelected (callback) - Called when one of the time shortcuts is clicked, and passes the type of the shortcut (e.g. tomorrow) and the datetime selected.
* additionalOptionsToShow - An array of option ids to show (by default `later_today` and `later_this_week` are hidden)
* hiddenOptions - An array of option ids to hide
* customOptions - An array of custom options to display (e.g. the option to select a post date for the bookmarks modal). The options should have the below properties:
    * id
    * icon
    * label (I18n key)
    * time (moment datetime object)
    * timeFormatted
    * hidden

The other major work in this PR is moving all of the bookmark functionality out of the bookmark modal controller and into its own component, where it makes more sense to be able to access elements on the page via `document`. Tests have been added to accompany this move, and existing acceptance tests for bookmark are all passing.
2021-02-01 09:03:41 +10:00
Simon Cossar
ba2f4f3393
Improve invite to forum modal description (#11903) 2021-01-29 16:59:39 -08:00
Jeff Atwood
39ba3f8291
remove hidden area in flagged removed post msg (#11901)
because users were having trouble figuring out how to expand the hidden post to determine "what post of mine was removed??", per customer reports
2021-01-29 15:42:04 -08:00
Vinoth Kannan
a5923ad603
DEV: apply allow origin response header for CDN requests. (#11893)
Currently, it creates a CORS error while accessing those static files.
2021-01-29 07:44:49 +05:30
Martin Brennan
4af4d36175
FIX: IMAP allow unknown senders to reply to group topics via email (#11877)
Adds a new column/setting to groups, allow_unknown_sender_topic_replies, which is default false. When enabled, this scenario is allowed via IMAP:

* OP sends an email to the support email address which is synced to a group inbox via IMAP, creating a group topic
* Group user replies to the group topic
* An email notification is sent to the OP of the topic via GroupSMTPMailer
* The OP has several email accounts and the reply is sent to all of them, or they forward their reply to another email account
* The OP replies from a different email address than the OP (gloria@gmail.com instead of gloria@hey.com for example)
* The a new staged user is created, the new reply is accepted and added to the topic, and the staged user is added to the topic allowed users

Without allow_unknown_sender_topic_replies enabled the new reply creates an entirely new topic (because the email address it is sent from is not previously part of the topic email chain).
2021-01-29 09:59:10 +10:00
Jarek Radosz
8881ae4af4
DEV: Remove dead code (latestTopicOnly) (#11833)
Background: I wanted to see `categories.latest_by` translation in context in a live app but couldn't find it, so I traced it throughout the code.

My step-by-step reasoning for the removal is:

1. `categories-only` does not use `latestTopicOnly`, so there's no need to call it with that argument
2. `parent-category-row` is never called with `latestTopicOnly` argument, so the reference to that arg can be removed from its template
3. after that, `featured-topic` is now no longer ever called with `latestTopicOnly` argument (except in the `ghost` theme, but that's because its override of `categories-only` template 4e2fba963c/common/header.html (L119) is based on the old version of that template from core), so it seems safe to remove it there too (`categories.latest_by` i18n string is also no longer needed)
4. then, nothing is using `latestTopicOnly` anymore so it can be removed from `categories` hbs/js

I checked in each step that there are no plugins or themes (in all-the-plugins/all-the-themes) using those properties/arguments/strings.
2021-01-28 11:48:51 +01:00
David Taylor
60515547bc
DEV: Use $upstream for logging performance headers in NGINX (#11856)
This ensures that the logs will still work, even if the headers are
hidden with `proxy_hide_header`
2021-01-26 21:03:20 +00:00
Discourse Translator Bot
3c028cb67f
Update translations (#11848) 2021-01-26 14:52:35 +01:00
David Taylor
67db5e97f8
FEATURE: Add extra response headers to nginx log format (#11840)
These headers are useful for debugging and performance analysis
2021-01-26 11:32:43 +00:00
Vinoth Kannan
c7781f1139
UX: respect email_editable site setting in user activation page. (#11835)
Previously, when both `enable_local_logins` and `email_editable` are disabled still user can change the email in  user activation page.
2021-01-25 22:19:26 +05:30
Penar Musaraj
4f01ca87e3
FEATURE: Add new features section in admin dashboard (#11731) 2021-01-22 10:09:02 -05:00
Gerhard Schlager
71656d2c37
UX: Makes the theme editor display placeholder correctly for RTL languages (#11800)
This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-he#53834
2021-01-22 16:03:43 +01:00
Kris
e031679f99
A11Y: Add aria-label to input clear button (#11803) 2021-01-21 21:58:34 -05:00
Vinoth Kannan
872f3e6934
UX: warn about messages to be orphaned while deleting a group. (#11727)
Currently, after destroying a group its messages are inaccessible to everyone. Only admins can access using direct URLs.
2021-01-22 03:29:34 +05:30
Jarek Radosz
b6afcf98b9
DEV: Remove an unused i18n string (#11783)
Originally added in 95ad4f9077. The only usage removed in 3bbd8b1258.
2021-01-21 12:32:44 +01:00
Discourse Translator Bot
0e8c155b70
Update translations (#11779) 2021-01-20 22:58:26 +01:00
Roman Rizzi
1e28d2900e
UX: Fallback locale warning improvements. (#11775)
- Improve warning message.
- Only display the warning if the language has a fallback and either "allow_user_locale", or "set_locale_from_accept_language_header" are enabled.
2021-01-20 18:08:02 -03:00
Gerhard Schlager
3b2f6e129a
FEATURE: Add English (UK) as locale (#11768)
* "English" gets renamed into "English (US)"
* "English (UK)" replaces "English"

@discourse-translator-bot keep_translations_and_approvals
2021-01-20 21:32:22 +01:00
Mark VanLandingham
1a7922bea2
FEATURE: Create notification schedule to automatically set do not disturb time (#11665)
This adds a new table UserNotificationSchedules which stores monday-friday start and ends times that each user would like to receive notifications (with a Boolean enabled to remove the use of the schedule). There is then a background job that runs every day and creates do_not_disturb_timings for each user with an enabled notification schedule. The job schedules timings 2 days in advance. The job is designed so that it can be run at any point in time, and it will not create duplicate records.

When a users saves their notification schedule, the schedule processing service will run and schedule do_not_disturb_timings. If the user should be in DND due to their schedule, the user will immediately be put in DND (message bus publishes this state).

The UI for a user's notification schedule is in user -> preferences -> notifications. By default every day is 8am - 5pm when first enabled.
2021-01-20 10:31:52 -06:00
Jarek Radosz
6667f1a008
FIX: Polish lang label (#11767)
Absolutely no need for "language" prefix…
2021-01-20 15:09:18 +01:00
Discourse Translator Bot
7f7bae1262
Update translations (#11764) 2021-01-20 12:43:57 +01:00
Krzysztof Kotlarek
8b10fc2f8c
FIX: remove rendering UX from ember models (#11724)
Fix for `admin-user.js` and `backup.js` models.
2021-01-20 16:04:21 +11:00
Kris
e968af6dd4
A11Y: Add aria-labels to search inputs and search button (#11752) 2021-01-19 14:32:32 -05:00
Discourse Translator Bot
440b63e833
Update translations (#11756) 2021-01-19 16:14:59 +01:00
Martin Brennan
be145ccf2f
FIX: Add bookmark limits (#11725)
Adds a bookmark search per page limit, a total bookmark creation limit, and a rate limit per day for bookmark creation.
2021-01-19 08:53:49 +10:00
Roman Rizzi
ea8b5c18db
UX: Text customization for different languages. (#11729)
Admins can now edit translations in different languages without having to change their locale. We display a warning when there's a fallback language set.
2021-01-18 14:53:45 -03:00
Roman Rizzi
7ac9a4d2ec
FIX: Allow users to opt-out of using the site's small logo as the system user avatar. (#11744) 2021-01-18 14:09:07 -03:00
godmar
9aeece465f
FEATURE: support DISCOURSE_SMTP_FORCE_TLS option (#11733)
Background: RFC 8314 3.3 asks that:

clients and servers SHOULD implement both STARTTLS on
port 587 and Implicit TLS on port 465

Discourse currently cannot be configured this way.
With this patch, it's possible to set
DISCOURSE_SMTP_FORCE_TLS=true to use implicit TLS on port 465
2021-01-18 11:56:18 -05:00
Roman Rizzi
19b2011601
UX: Show a warning on the category edit page when category style is none and colors are disabled. (#11742) 2021-01-18 13:13:38 -03:00
Krzysztof Kotlarek
06b7c44593
FEATURE: reason to reject user signup (#11700)
Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user.

Meta: https://meta.discourse.org/t/account-rejection-email/103112/8
2021-01-15 09:43:26 +11:00
Roman Rizzi
1ad378f5c5
FEATURE: Log when a group is deleted. (#11706)
We include the group "name" and "granted_trust_level" attributes.
2021-01-13 15:53:18 -03:00
Discourse Translator Bot
0e8e3f4813
Update translations (#11689) 2021-01-12 14:29:05 +01:00
Arpit Jalan
25b4e82601
FEATURE: allow disabling self-deletions of posts (#11668)
https://meta.discourse.org/t/restoring-deleted-messages/173647/6?u=techapj
2021-01-08 20:35:13 +05:30
Michael Brown
e63a9facc7
UI: remove extra word from approval_not_required client string (#11627) 2021-01-08 12:59:23 +11:00
Osama Sayegh
2e3b3ec2de
FEATURE: Warn admins when installing a theme that's already installed (#11651)
Installing multiple copies of the same theme/component is possible, but you rarely need to actually have multiple copies installed. We've seen many times new admins installing duplicates of components because they were unaware it was already installed. This PR makes the theme installer modal loop through the existing themes when you click on 'install', and if there is a theme with a URL that matches the URL you entered, a warning will show up and you will need to click 'install' again to proceed.
2021-01-07 21:03:35 +03:00
Penar Musaraj
c819284660
UX: Improve color scheme choices in user prefs (#11656) 2021-01-07 11:15:38 -05:00
tshenry
d8b015e3be
Minor copyedit on flag stat popup (#11655) 2021-01-06 20:49:35 -08:00
Roman Rizzi
690f1a257a
FEATURE: Disable post deletions by setting max_post_deletions to zero. (#11645)
Allow admins to set "max_post_deletions_per_minute" and "max_post_deletions_per_day" to prevent users from deleting their posts.
2021-01-06 15:58:07 -03:00
Discourse Translator Bot
45671276bf
Update translations (#11635) 2021-01-05 14:27:00 +01:00
Jeff Atwood
3a0ea9ef22
remove anon download attachment warning (#11632)
.. as it is no longer applicable for the most part
2021-01-05 08:02:41 +05:30
Jeff Atwood
762eadb9b8
Update server.en.yml -- minor copyedit (#11631)
* Update server.en.yml

* Fix the build

Co-authored-by: Arpit Jalan <arpit@techapj.com>
2021-01-05 08:02:02 +05:30
Gerhard Schlager
fc9155f3ee
DEV: Lint MessageFormat strings to prevent usage of "one {foo 1 bar}" (#11608)
Follow-up to 6b53f26f
2021-01-04 12:29:20 +01:00
Gerhard Schlager
6b53f26fc0
DEV: Lint MessageFormat strings to prevent usage of "one {1 foo}" (#11605) 2020-12-29 21:42:47 +01:00
Discourse Translator Bot
09f9d4b281
Update translations (#11601) 2020-12-29 19:44:53 +01:00
Sam
c3fedae73a
DEV: update rack-mini-profiler (#11597)
Included support for flamegraphs using speedscope!
2020-12-29 13:54:41 +11:00
Rafael dos Santos Silva
330ef3700f
FEATURE: Add dash warning for using S3 without CDN (#11561)
Over the years we had some admins complaining that most of their costs
running Discourse is on S3 uploads.

That only happens when they are using S3 without a CDN, which is widely
considered a bad pratice for public websites, as egress bandwidth can
get expensive quite fast.

Related:

https://meta.discourse.org/t/download-avatars-locally-from-s3-shutting-down-s3-in-my-site/174001/3?u=falco

https://meta.discourse.org/t/use-webtorrent-to-load-media-objects/155873/2?u=falco
2020-12-28 12:43:48 -03:00
Jeff Atwood
c92415d402
enhance TL2 congratulations PM (#11577)
add some detail to the TL2 congratulatory PM
2020-12-24 15:40:45 -08:00
Bianca Nenciu
755627caa5
FEATURE: Introduce skip_auto_delete_reply_likes site setting (#11562)
osts from topics with 'auto delete replies timer' with more than
skip_auto_delete_reply_likes likes will no longer be deleted. If 0,
all posts will be deleted.
2020-12-23 16:30:10 +11:00
Krzysztof Kotlarek
f84ff26aa9
FIX: use Redis replica host and port (#11566)
Introduce Redis `replica` config and deprecate `slave`
2020-12-23 13:14:19 +11:00
Jeff Atwood
53f1811757
simplify copy slightly for new post / topic panel (#11565)
simplify copy slightly for new post / topic advice panel
2020-12-22 13:26:44 -08:00
Discourse Translator Bot
e113ddc73c
Update translations (#11557) 2020-12-22 14:49:40 +01:00
Krzysztof Kotlarek
07bf7a91f4
Revert "FIX: use Redis replica host and port (#11543)" (#11552)
This reverts commit b0e1210b0c.
2020-12-22 16:16:50 +11:00
Krzysztof Kotlarek
b0e1210b0c
FIX: use Redis replica host and port (#11543)
* FIX: use Redis replica host and port

Introduce Redis `replica` config and deprecate `slave`

* FIX: move deprecations to separate file
2020-12-22 15:52:00 +11:00
Rafael dos Santos Silva
32e7ee4867
FEATURE: Adds support for the WEBP image format (#11532)
Adds support for both still and animated webp images.
Animated images won't be optimized or get thumbnails.

Depends on https://github.com/discourse/discourse_docker/pull/506
and https://github.com/discourse/discourse_docker/pull/507
2020-12-21 20:09:00 -03:00
Mark VanLandingham
649ed24bb4
FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
Osama Sayegh
2d667a3bd0
FEATURE: Enable inline onebox for all domains by default (#11523) 2020-12-18 10:27:32 +11:00
Osama Sayegh
6eee731bf9
FEATURE: Include post number in inline Onebox titles (#11515) 2020-12-17 11:19:13 +11:00
David Taylor
1d024f77a6
FEATURE: Allow plugins to register demon processes (#11493)
This allows plugins to call `register_demon_process` with a Class inheriting from Demon::Base. The unicorn master process will take care of spawning, monitoring and restarting the process. This API should be used with extreme caution, but it is significantly cleaner than spawning processes/threads in an `after_initialize` block.

This commit also cleans up the demon spawning logging so that it uses the same format as unicorn worker logging. It also switches to the block form of `fork` to ensure that Demons exit after running, rather than returning execution to where the fork took place.
2020-12-16 09:43:39 +00:00
Penar Musaraj
31fe0e91ad
UX: Tweaks to filtered replies (#11485)
Include the enable_filtered_replies_view site setting in the admin UI
Adds title label to in-reply-to widget
Invokes the filtered UI when using replies_to_post_number as a query
parameter
Replaces the "Show All" button icon
Fixes grammar for "Viewing 1 reply to..." label
2020-12-15 11:23:44 -05:00
Discourse Translator Bot
47fa3cf864
Update translations (#11492) 2020-12-15 15:25:10 +01:00
Roman Rizzi
c7b9f044a4
FEATURE: Automatically disable slow mode. (#11461)
Staff and TL4 users can decide the slow mode duration. We'll internally set a topic timer to disable it.
2020-12-14 14:06:50 -03:00
Penar Musaraj
adda53c462
FEATURE: Optional filtered replies view (#11387)
See PR for details
2020-12-10 12:02:07 -05:00
Vinoth Kannan
eb60fc86dc
PERF: run user merging task in a background job. (#10961)
* PERF: run user merging task in a background job.

Currently, admin page is timing out while merging the users with lots of posts.
2020-12-10 15:52:08 +11:00
Gerhard Schlager
b572ca6da0
FIX: Missing translation (#11444)
Follow-up to 1960fc53
2020-12-09 18:14:33 +01:00
jbrw
4c118e4d7a
FIX: Allow for cateogry edit routes of unknown depth (#11426)
* FIX: Allow for cateogry edit routes of unknown depth

* DEV: remove unused files
2020-12-08 16:50:26 -05:00
tshenry
a446e0fde1
FEATURE: Link to text customization when editing system badges (#11345)
Being that system badges ship with every instance of Discourse, we've opted to define the name, description, and long description in our locales files to promote translation into other languages. When an admin visited the overview page of a system badge in their admin panel, they were met with disabled inputs for these text properties. The problem is that we failed to educate the admin that the text needs to be managed via the site text customization settings. 

This change adds a small "Customize Text" link under theses inputs that takes the admin to the specific site text customization where they can make desired changes.
2020-12-08 11:55:49 -08:00
Discourse Translator Bot
7a079b9e3b
Update translations (#11429) 2020-12-08 16:51:49 +01:00
Roman Rizzi
4d9686c494
FEATURE: Reviewed by filter. (#11405)
New reviewable filter to only display reviewables handled by a specific user.
2020-12-04 14:09:05 -03:00
Roman Rizzi
9fb36290e3
FEATURE: Non-staff users can use shared drafts. (#11329)
You can let non-staff users use shared drafts by modifying the `shared_drafts_min_trust_level` site setting. These users must have access to the shared draft category.
2020-12-03 11:07:57 -03:00
Régis Hanol
d1d87b6fa3
FIX: show/hide ignored users preferences (#11386)
* FIX: show/hide ignored users preferences

based on the current user trust level and the appropriate site setting.

* Allow us to await the `updateCurrentUser` call

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-12-01 18:20:43 +01:00
Discourse Translator Bot
d7bd9aa3d0
Update translations (#11385) 2020-12-01 14:34:25 +01:00
David Taylor
f56c4b78da
FEATURE: Add users:log_out API key scope (#11359) 2020-11-26 10:39:38 +00:00
Discourse Translator Bot
9c901ee978
Update translations (#11336) 2020-11-24 17:25:37 +01:00
David Taylor
0c685a46de
FEATURE: Add user update, anonymize and delete API scopes (#11335) 2020-11-24 12:54:24 +00:00
Dan Ungureanu
123107c28f
UX: Add group name to error message (#11333)
The group name used to be part of the error message, but was removed
in a past commit.
2020-11-24 13:06:52 +02:00
Bianca Nenciu
60bc38e6a8
FIX: Gracefully handle force pushes for remote themes (#11325)
Force pushing a commit to a theme repository used to break the updater,
because the system was not able to count the commits behind the old and
new version. This operation failed because a force push deleted the old
commits.

The user was prompted with a simple "500 server error" message.
2020-11-23 15:29:22 +02:00
Dan Ungureanu
4638c6fc8d
FEATURE: Add 'all subcategories' option in category-selector (#11099) 2020-11-23 10:55:32 +02:00
tshenry
0ec62358d9
FEATURE: Add site setting to restrict ignore feature to trust level (#11297)
This adds a new min_trust_level_to_allow_ignore site setting that enables admins to control the point at which a user is allowed to ignore other users.
2020-11-20 10:05:20 -08:00
Penar Musaraj
7539c2ed7f
UX: Revamp category security tab (#11273) 2020-11-20 10:44:34 -05:00
Martin Brennan
a6f700d4ef
FIX: Show better error if no bookmarks found from search (#11284)
See https://meta.discourse.org/t/no-results-for-bookmarks-search-confusing-message/169763
2020-11-19 09:10:28 +10:00
jbrw
331236d6d7
Onebox improved error handling and support for Instagram Access Tokens (#11253)
* FEATURE: display error if Oneboxing fails due to HTTP error

- display warning if onebox URL is unresolvable
- display warning if attributes are missing

* FEATURE: Use new Instagram oEmbed endpoint if access token is configured

Instagram requires an Access Token to access their oEmbed endpoint. The requirements (from https://developers.facebook.com/docs/instagram/oembed/) are as follows:

- a Facebook Developer account, which you can create at developers.facebook.com
- a registered Facebook app
- the oEmbed Product added to the app
- an Access Token
- The Facebook app must be in Live Mode

The generated Access Token, once added to SiteSetting.facebook_app_access_token, will be passed to onebox. Onebox can then use this token to access the oEmbed endpoint to generate a onebox for Instagram.

* DEV: update user agent string

* DEV: don’t do HEAD requests against news.yahoo.com

* DEV: Bump onebox version from 2.1.5 to 2.1.6

* DEV: Avoid re-reading templates

* DEV: Tweaks to onebox mustache templates

* DEV: simplified error message for missing onebox data

* Apply suggestions from code review
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2020-11-18 12:55:16 -05:00
Arpit Jalan
0a56af49f3
FIX: add missing translation for 'views' key. (#11276) 2020-11-18 16:47:43 +05:30
Discourse Translator Bot
7fecad41db
Update translations (#11264) 2020-11-17 14:49:58 +01:00
Roman Rizzi
afcd5443cc
FIX: Use the correct key for the receive_emails scopes (#11248) 2020-11-16 18:03:34 -03:00
David Taylor
475b4892e3
DEV: Remove 'diff local changes' when updating remote themes (#11247)
Since 65e123498b, it is now impossible to make local changes to remote themes, so this warning is not needed.
2020-11-16 19:28:12 +00:00
Roman Rizzi
689623ffc0
FEATURE: Add an API key scopes for handling incoming email. (#11245)
Admins need to create a global API key if they want to use the mail-receiver. Let's add a scope for that.
2020-11-16 14:14:12 -03:00
Dan Ungureanu
bc8423a1bf
FEATURE: Add auto update field to themes (#11102)
Themes marked for auto update will be automatically updated when
Discourse is updated. This is triggered by discourse_docker or
docker_manager running Rake task 'themes:update'.
2020-11-16 14:44:09 +02:00
Arpit Jalan
915764922d
UX: update the invite button label (#11231) 2020-11-13 17:21:41 +05:30
Arpit Jalan
df003eaf7b
FIX: add a way to cancel initialization of new draft (#11106) 2020-11-12 19:13:52 +05:30
Gerhard Schlager
6ff07bb73f
FEATURE: Create revision when bulk moving topics (#10802)
This behavior can be configured with the new "create_revision_on_bulk_topic_moves" site setting. It's enabled by default.
2020-11-12 13:57:12 +01:00
David Taylor
a4441b3984
FEATURE: Link site setting titles directly to their change log (#11215)
This makes it much easier to check the staff action logs for a specific site setting. A small history icon will appear when hovering over a site setting name. On click, you will be taken to the pre-filtered staff action log for the site setting.
2020-11-12 12:07:36 +00:00
Tobias Eigen
ec49394bd1
DEV: improve text shown when no invitations have been sent out
this copy is also shown when viewing invite tabs of other users, so the instructions don't make sense in all cases. shortened it to just say "No invitations to display on this page." users can discover this on their own.
2020-11-12 16:03:28 +11:00
Roman Rizzi
331517abe6
UI: Blur review queue images. (#11187)
We blur images by default to protect reviewers against NSFW content. To see the image, they'll have to hover over it.
2020-11-11 14:09:42 -03:00
Arpit Jalan
80759c9619
UX: add a confirmation dialog for draft deletion (#11198) 2020-11-11 22:02:52 +05:30
Bianca Nenciu
a48f7ba61c
FEATURE: Improve errors when title is invalid (#11149)
It used to simply say "title is invalid" without giving any hint what
the problem could be. This commit adds different errors messages for
all caps titles, low entropy titles or titles with very long words.
2020-11-11 15:11:36 +02:00
Dan Ungureanu
ab314218d3
FEATURE: Implement edit functionality for post notices (#11140)
All post notice related custom fields were moved to a single one.
2020-11-11 14:49:53 +02:00
David Taylor
5289fc7886
FIX: Improve failover for multisite clusters (#11150)
- Bump rails_failover for new per-backend callback feature
- If the master backend fails over, make all sites readonly. And vice-versa for fallback
- If a single backend fails over, make that individual site readonly. And vice-versa for fallback
- When a single backend fails, also check connection to the master backend
2020-11-11 10:27:24 +00:00
Vinoth Kannan
67de0367ff
UX: add stock suspension reasons to suspend dialog. (#10990) 2020-11-11 01:01:28 +05:30
Arpit Jalan
00b41437b0
FIX: hide sso email behind a button click and log views (#11186) 2020-11-11 00:42:44 +05:30
Discourse Translator Bot
9904a007c5
Update translations (#11182) 2020-11-10 15:23:06 +01:00
David Taylor
a7adf30357
FEATURE: Allow /u/by-external to work for all managed authenticators (#11168)
Previously, `/u/by-external/{id}` would only work for 'Discourse SSO' systems. This commit adds a new 'provider' parameter to the URL: `/u/by-external/{provider}/{id}`

This is compatible with all auth methods which have migrated to the 'ManagedAuthenticator' pattern. That includes all core providers, and also popular plugins such as discourse-oauth2-basic and discourse-openid-connect.

The new route is admin-only, since some authenticators use sensitive information like email addresses as the external id.
2020-11-10 10:41:46 +00:00
Penar Musaraj
bfc3bc0733
FIX: Small copy change in wizard (#11174) 2020-11-09 12:19:58 -08:00
Penar Musaraj
57bd85af31
UX: Minor cosmetic fixes to the wizard (#11172)
- Does not force users to type a description or a welcome topic
- Adds * marker for required text fields (site title and email)
2020-11-09 15:14:57 -05:00
Dan Ungureanu
0c2956dd2e
HACK: Redirect /tags/:tag_id to /tag/:tag_id (#11145) 2020-11-09 17:01:33 +00:00
Kris
1455421433
UX: truncate long usernames in multi-username notifications (#11153)
* UX: truncate long usernames in multi-username notifications

* remove extra class, clarify comments
2020-11-09 16:06:52 +11:00
tshenry
6060f32970
Improve max_personal_messages_per_day description copy (#11155) 2020-11-06 17:42:26 -08:00
Justin DiRose
09b8a61f65
FEATURE: Add Google Universal Analytics v4 as an option (#11123)
Per Google, sites are encouraged to upgrade from Universal Analytics v3 `analytics.js` to v4 `gtag.js` for Google Analytics tracking. We're giving admins the option to stay on the v3 API or migrate to v4. Admins can change the implementation they're using via the `ga_version` site setting. Eventually Google will deprecate v3, but our implementation gives admins the choice on what to use for now.

We chose this implementation to make the change less error prone, as many site admins are using custom events via the v3 UA API. With the site stetting defaulted to `v3_analytics`, site analytics won't break until the admin is ready to make the migration.

Additionally, in the v4 implementation, we do not enable automatic pageview tracking (on by default in the v4 API). Instead we rely on Discourse's page change API to report pageviews on transition to avoid double-tracking.
2020-11-06 14:15:36 -06:00
Bianca Nenciu
0863c36221
FIX: Improve errors when invite to topic fails (#11133)
It used to simply say "not allowed" without giving any hint what the
problem could be. This commit refactors the code and tries to improve
readability.
2020-11-06 16:58:10 +02:00
Martin Brennan
00c8f520e9
FIX: Do not enable published page if secure media enabled (#11131)
There are issues around displaying images on published pages when secure media is enabled. This PR temporarily makes it appear as if published pages are enabled if secure media is also enabled.
2020-11-06 10:33:19 +10:00
Arpit Jalan
436bd48512
UX: update topic small action post to add link for new linked topic URL (#11132)
https://meta.discourse.org/t/linked-topics-splitting-and-managing-megatopics/168992/4?u=techapj
2020-11-05 22:39:21 +05:30
Tobias Eigen
6490fac881
DEV: improved text on invite tabs when nothing to show (#11122) 2020-11-05 15:24:09 +11:00
Sam
1ec76ff8d4
FEATURE: change default so log_out_strict is default disabled (#11126)
Discourse used to break from convention by logging out all sessions on any
specific session logout.

This would leave users confused about why mobile is logged out when the user
logged out of desktop.

log_out_strict is too conservative for most and not the pattern the industry
has adopted (google/twitter/facebook all perform no strict logouts)
2020-11-05 09:30:05 +11:00
Arpit Jalan
24d1b1f159
UX: when creating linked topic use URL and let onebox work its magic (#11118)
When the linked topic is created we'll not hardcode the topic title and
let onebox work its magic instead so that the title can be updated
automatically.
2020-11-04 17:19:09 +05:30
Discourse Translator Bot
886d619d3f
Update translations (#11108) 2020-11-03 18:08:07 +01:00
Bianca Nenciu
d2116f0029
FIX: Show error message if user is already silenced or suspended (#10988)
Users could be silenced or suspended by two staff members at the same time and
would not be aware of it. This commit shows an error message if another penalty
has been applied.
2020-11-03 17:38:56 +02:00
Dan Ungureanu
3c51647872
DEV: Remove legacy tag and category routes (#10338)
* DEV: Remove client-side legacy tag and category routes

* DEV: Remove server-side legacy tag routes

* DEV: Refactor ListController#set_category

* FIX: Remove reference to discovery.parentCategory

* FIX: Refactor TagsController#set_category_from_params

* FIX: Build correct canonical URL for tags and categories

* DEV: Fix deprecation notice in Ruby 2.7

* DEV: Replace use of removed legacy tag route

* DEV: Add deprecation notices for old routes and controllers
2020-11-03 16:57:58 +02:00
Gerhard Schlager
b73234b75c
FIX: Show an example username in Review Settings (#11097)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2020-11-02 11:13:30 +01:00
Arpit Jalan
1476e17c35
FEATURE: new setting to create a linked topic on autoclosing mega topics (#11001)
This commit adds a site setting `auto_close_topics_create_linked_topic`
which when enabled works in conjunction with `auto_close_topics_post_count`
setting and creates a new linked topic for the topic just closed.

The auto-created new topic contains a link for all the previous topics
and the topic titles are appended with `(Part {n})`.

The setting is enabled by default.
2020-11-02 12:18:48 +05:30
Arpit Jalan
b6aaff74be
UX: update labels to indicate that invite link will be generated (not copied) (#11077) 2020-10-31 07:10:13 +05:30
Osama Sayegh
84a1f15791
DEV: Track redis calls count in mini profiler (#11088) 2020-10-30 19:11:22 +03:00
Discourse Translator Bot
0a74322589
Update translations (#11087) 2020-10-30 16:06:32 +01:00
Roman Rizzi
7912ce4002
UI: Slow mode tweaks. (#11081)
We remove the slow mode composer message and provide better messages when rejecting new posts and edits. The client now validates if the user tries to post again immediately. Finally, we replaced the `hourglass-end` icon with the `hourglass-start` one.
2020-10-30 11:22:56 -03:00
Vinoth Kannan
af4938baf1
Revert "DEV: enable cors to all cdn get requests from workbox. (#10684)" (#11076)
This reverts commit e3de45359f.

We need to improve out strategy by adding a cache breaker with this change ... some assets on CDNs and clients may have incorrect CORS headers which can cause stuff to break.
2020-10-30 16:05:35 +11:00
Vinoth Kannan
347423007a
DEV: remove instagram login site settings and auth classes. (#11073)
Instagram removed the support for login and should use Facebook login instead.
2020-10-30 09:09:56 +05:30
Arpit Jalan
8f7f5204db
UX: inform staff users that new users will be auto-approved on invite (#11062)
When `must_approve_users` is enabled then staff users assume that all
users will have to be approved manually. But in case of invite we
auto-approve users if they are invited by users. This commit adds an
info on the bottom of invite modal informing staff users that new users
will be auto-approved as soon as they accept invite.
2020-10-30 08:41:14 +05:30
Gerhard Schlager
cc74c3f9ab
FEATURE: Batch process topic bulk actions (#10980)
Topics are processed in chunks of 30 in order to prevent timeouts.
2020-10-30 12:02:35 +11:00
Jeff Atwood
7c1c34d9c1
minor copyedit (#11075) 2020-10-29 16:21:36 -07:00
Neil Lalonde
c5eba3f9ee
FIX: support new Google Analytics id format (#11067)
They start with UA- or G- now.
2020-10-29 12:06:20 -04:00
Sam
d10b6dc498
FEATURE: Allow admins to opt out of chunked encoding (#11060)
Most proxies out there will work with chunked encoding transfer. However
some proxies buffer, causing large delays which in turn force the message
bus client to disable chunked encoding. This wastes a request to the message
bus causing superfluous load on the server.

Also

- enableLongPolling is already default true in the client, no need to set it
- remove confusing comment about zepto
2020-10-29 16:25:46 +11:00
Krzysztof Kotlarek
8e7c746e56
FEATURE: Ask user to confirm topic deletion when views exceed a certain amount (#11006)
Before deleting a topic that has a high number of views (default of 5000), the user will be prompted with a confirmation popup. This works for all delete buttons on the topic located in: topic-timeline, topic-admin-menu, topic-footer-buttons, and post-menu if the post's ID is 1.

The delete button will be disabled while deletion is in progress, to prevent any unwanted behavior.

A site setting is also available to change the minimum amount of views required to display the confirmation popup.

All kudos are going to @RickyC0626. I only rebased with master and added few qunit tests to ensure that this feature works as expected.

Original PR: #10459
2020-10-29 14:18:43 +11:00
Vinoth Kannan
72810853ea
FIX: strip the trailing slash (/) of cors origins. (#10996)
Strips trailing `/` from global settings
Provides a validation for site settings to ensure a trailing `/` is not added
2020-10-29 13:01:06 +11:00
Roman Rizzi
2f32336081
FIX: Staff can create and edit posts even if a topic is in slow mode. (#11057)
Additionally, ninja edits are no longer restricted.
2020-10-28 16:47:50 -03:00
Vinoth Kannan
e3de45359f
DEV: enable cors to all cdn get requests from workbox. (#10685)
Now all external requests from the service worker will be in CORS mode without credentials.
2020-10-28 23:36:19 +05:30
Penar Musaraj
ab6894ea36
Add routing for category edit screens (#11027)
Also fixes category editing for instances with slug generation set to "none".
2020-10-28 09:59:38 -04:00
Discourse Translator Bot
9648122b51
Update translations (#11042) 2020-10-27 15:36:21 +01:00
Prayag Verma
66402abe9a Fix typos
occured ---> occurred
embeded ---> embedded
2020-10-27 09:55:57 -04:00
Sam
e630ba7483
FEATURE: disable default bing throttle (#11035)
See: https://meta.discourse.org/t/bingbot-is-default-throttled/84620

It appears bing is behaving in a more reasonable way, disabling the default
throttle.
2020-10-27 12:35:42 +11:00
Arpit Jalan
5ce006aea1
UX: prioritize "invite by link" option (for staff users) (#11028)
UX: update locale for single/multiple invites tab
2020-10-26 21:59:17 +05:30
ValdikSS
1031915b75 FIX: ignore PGP data in emails by MIME type
New version of Thunderbird email client reimplemented PGP support. Now the following attachments are added by default, if email signatures are enabled:

* OpenPGP_0x(pgp key id).asc
* OpenPGP_signature(.asc)

The last one has `name="OpenPGP_signature.asc"` in `Content-Type` but `filename="OpenPGP_signature"` (without extension) in `Content-Disposition: attachment`.

Since both the key and the signature have proper MIME types, filter them by default.
2020-10-26 12:15:31 -04:00
Vinoth Kannan
8d3837c824
DEV: include cors header to public file server in dev environment. (#11007)
While enabling CORS header in localhost we should include it in public file server too. Else it will return the errors.
2020-10-26 17:45:35 +05:30
Arpit Jalan
9aa2723d57
UX: improve error message for already logged in users (#11020) 2020-10-24 21:21:01 +05:30
Penar Musaraj
6f5d8cad51
UX: Move category editing/creation to its own page (#10973)
* Move new/edit category modals to its own page

* Fix JS tests

* Minor fixes to new-category UI

* Add mobile toggle

* Use global pretender endpoint so plugins can benefit too

* Alignment fix

* Minor review fixes

* Styling refactor

* Move some SCSS out of the modal
2020-10-23 12:49:02 -04:00
jbrw
2bcca46cc5
FEATURE - ImageMagick jpeg quality (#11004)
* FEATURE - Add SiteSettings to control JPEG image quality

`recompress_original_jpg_quality` - the maximum quality of a newly
uploaded file.

`image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-23 12:38:28 -04:00
Jahan Gagan
500d22bf32 minor changes in site settings 2020-10-22 10:42:17 -04:00
Jahan Gagan
cce03de616 EDIT: specs and translation updated 2020-10-22 10:42:17 -04:00
Jahan Gagan
fab67fafc1 FIX: invite users with sufficient trust level 2020-10-22 10:42:17 -04:00
David Taylor
85f827ee1c
UX: Remove forgot password button from login-preferences (#10998)
Showing this button is confusing for sites which are using external authentication. Clicking 'log in' already pops up the login modal, which includes a forgot password link when appropriate.
2020-10-22 14:34:10 +01:00
Martin Brennan
0d63eb4124
FEATURE: Add detection of post date to use in bookmark modal (#10981)
This PR introduces a feature that will detect a date inside the post that a user is bookmarking, and offer that date as an option in the bookmark modal.

The logic is that we get the first date/time detected in the post. If it does not have a time, just a date, then we default to 8:00am for the time.
2020-10-22 16:23:46 +10:00
Osama Sayegh
a04c300495
DEV: Add optional ENV variables for MiniProfiler snapshots transporter (#10985) 2020-10-21 19:37:28 +03:00
Martin Brennan
3ae1f98dc8
DEV: Add env var to disable ActiveRecord logging in development (#10979)
If RAILS_DISABLE_ACTIVERECORD_LOGS=1 is passed when starting Rails, none of the query log output will show. This is very useful for debugging with breakpoints because logs are not flooding in constantly.
2020-10-21 12:06:12 +10:00
Discourse Translator Bot
b5933e2b49
Update translations (#10970) 2020-10-20 15:34:57 +02:00
Roman Rizzi
fbb1fb9270
FIX: Ensure slow mode duration is correctly edited and displayed. (#10945)
* FIX: Ensure slow mode duration is correctly edited and displayed.

This commit fixes a bug where you were forced to set hours, minutes, and seconds or you won't be able to set the slow mode. Also, the duration was not displayed correctly due to the seconds not being truncated.

Additionally, we'll always display the hours, minutes, and seconds inputs for clarity and remove the blue banner.

* Set slow mode modal tweaks.

Uses labels instead of placeholders.
Input fields only visible when custom option selected.
Replace "Custom Duration" with "Pick Duration".

Additionally, place the `Set slow mode` button at the bottom of the topic actions menu.

* Perform the slow_mode validation also on the client-side before saving trying to save the post. This way, the post won't be staged.
2020-10-20 06:52:03 -03:00
jbrw
a74805d3f8
FIX: moderators can add/remove group owners (#10960)
If `SiteSetting.moderators_manage_categories_and_groups` is enabled, a moderator shoud be able to add/remove group owners.
2020-10-19 16:30:21 -04:00
Daniel Waterworth
48c3172913
DEV: Remove preserve_email_structure_when_styling setting (#10956)
This was made adjustable to allow rolling back quickly if problems came
up. The new behaviour was made default in 93137066 and no problems with
this have been reported.
2020-10-19 12:19:30 +01:00
David Taylor
23e5c605f6 DEV: Add support for allowed parameters in user api key scopes
Initially, this feature is only intended for use in core/plugins, so there is no API for requesting a parameter-scoped key. That may change in future.
2020-10-19 10:40:55 +01:00
Discourse Translator Bot
7eef10c6d7
Update translations (#10944) 2020-10-17 00:07:21 +02:00
Roman Rizzi
21c53ed249
FEATURE: Topic slow mode. (#10904)
Adds a new slow mode for topics that are heating up. Users will have to wait for a period of time before being able to post again.

We store this interval inside the topics table and track the last time a user posted using the last_posted_at datetime in the TopicUser relation.
2020-10-16 16:24:38 -03:00
Gerhard Schlager
7adf71a203
Fix i18n issues reported on Crowdin (#10925)
* Pluralize `discourse_narrative_bot.dice.not_enough_dice`
  The number of dice requires a pluralized string.
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/278/en-ar#51346

* Always use "two-factor" instead of "second factor" or "two factor"
  Using different terms for the same thing is quite confusing.
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#40096

* Remove whitespace before ellipsis for consistency
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#53978

* Remove unused strings from locale file

* Correct grammar in `site_settings.review_media_unless_trust_level`
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54018

* Correct grammar in `reviewables.reasons.contains_media`
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54020

* Correct grammar in user notifications
  It also adds a link to the /about page in order to give the user a clue who the site admins are.
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54084

* Use "log in" instead of "login" when it's a verb
  This fixes multiple issues:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#40940
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#47858
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#49458

* Replace "Github" with "GitHub"

* Remove "discourse.org" from title of 503 error page

* Replace weirdly formatted multi line string

* Pluralize `js.composer.group_mentioned_limit`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41158

* Remove unused string and pluralize `js.topic.feature_topic.confirm_pin_globally`
  This kinda fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42114 as `js.topic.feature_topic.confirm_pin` wasn't used anymore.

* Pluralize `js.user.second_factor_backup.remaining_codes`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40054

* Pluralize `js.composer.error.tags_missing`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41184

* Pluralize `js.post.errors.too_many_dragged_and_dropped_files`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42408

* Remove unused `js.posts_long` and `js.likes_long`
  This fixes the following issues in an unexpected way:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42974
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42994

* Pluralize `js.bootstrap_mode_enabled`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#38726

* Remove unused `long_form` from `post_action_types`
  This more or less fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#47158

* Pluralize `js.presence.replying` and `js.presence.replying`
  This fixes the following issues:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/282/en-ar#51588
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/282/en-ar#51590

* Pluralize `js.user.second_factor_backup.manage`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40044

* Stop using concatenated strings for "Recently Used Devices"
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40308

* Pluralize `js.category_row.topic_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41056

* Pluralize `js.select_kit.invalid_selection_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41072

* Pluralize `js.notifications.membership_request_consolidated`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41416
2020-10-16 15:24:58 +02:00
Bianca Nenciu
43e52a7dc1
DEV: Remove gifsicle dependency (#10357)
Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails
site settings were all removed. Animated GIF images are still allowed, but
the generated optimized images are no longer animated for those (which were
used for avatars and thumbnails).

The added 'animated' is populated by extracting information using FastImage.
This field was used to selectively reoptimize old animations. This process
happens in the background.
2020-10-16 13:41:27 +03:00
Penar Musaraj
5763309953
FEATURE: WCAG compliant color schemes (#10882)
Co-authored-by: Kris <kris.aubuchon@discourse.org>
2020-10-15 14:05:48 -04:00
Jeff Wong
d68ad82a9e
FEATURE: add penalty options for take action (#10926)
* FEATURE: add penalty options for take action

Add the ability to silence or suspend users from the "take action"
button when moderators are flagging posts. This allows for a more streamlined
active moderation workflow, when moderating against a topic directly.
2020-10-15 10:48:52 -07:00
jbrw
099bf97dca
Tag groups can belong to groups (#10854) 2020-10-14 13:15:54 -04:00
Penar Musaraj
74de7a49f5
Simplify theme and color scheme seeding (#10872)
Now that we have support for user-selectable color schemes, it makes sense
to simplify seeding and theme updates in the wizard. 

We now:

- seed only one theme, named "Default" (previously "Light")
- seed a user-selectable Dark color scheme
- rename the "Themes" wizard step to "Colors"
- update the default theme's color scheme if a default is set
(a new theme is created if there is no default)
2020-10-14 10:18:02 -04:00
Justin DiRose
8c77b84aac
Revert "FEATURE: Upgrade analytics.js to gtag.js (#10893)" (#10910)
Reverting due to a few unforseen issues with customizations.
2020-10-13 12:20:41 -05:00
Justin DiRose
f4034226c2
FEATURE: Upgrade analytics.js to gtag.js (#10893)
Per Google, sites are encouraged to upgrade from `analytics.js` to `gtag.js` for Google Analytics tracking. This commit updates core Discourse to use the new `gtag.js` API Google is asking sites to use. This API has feature parity with `analytics.js` but does not use trackers.
2020-10-13 11:24:06 -05:00
Jordan Vidrine
95a142741c
UX: New Topics Will Appear Here display changes (#10895)
* UI: No new topics changes
This commit changes the way the 'new topics will appear here' message displays.
2020-10-13 10:29:27 -05:00
Discourse Translator Bot
85894537b1 Update translations 2020-10-13 15:40:37 +02:00
Bianca Nenciu
25b8ed740b
DEV: Make site setting type uploaded_image_list use upload IDs (#10401)
It used to be a list of concatenated upload URLs which was prone to
break.
2020-10-13 16:17:06 +03:00
Sam
32393f72b1
PERF: backoff background requests when overloaded (#10888)
When the server gets overloaded and lots of requests start queuing server
will attempt to shed load by returning 429 errors on background requests.

The client can flag a request as background by setting the header:
`Discourse-Background` to `true`

Out-of-the-box we shed load when the queue time goes above 0.5 seconds.

The only request we shed at the moment is the request to load up a new post
when someone posts to a topic.

We can extend this as we go with a more general pattern on the client.

Previous to this change, rate limiting would "break" the post stream which
would make suggested topics vanish and users would have to scroll the page
to see more posts in the topic.

Server needs this protection for cases where tons of clients are navigated
to a topic and a new post is made. This can lead to a self inflicted denial
of service if enough clients are viewing the topic.

Due to the internal security design of Discourse it is hard for a large
number of clients to share a channel where we would pass the full post body
via the message bus.

It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream

This allows us to load a batch of new posts cleanly, so the controller can
keep track of a backlog

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 16:56:03 +11:00
jbrw
ac31fe8321
FEATURE - SiteSetting to disable user option to hide their profiles and presences (#10885)
* FEATURE - SiteSetting to disable user option to hide their profiles and presences
2020-10-09 17:18:44 -04:00
Arpit Jalan
4326827a4e
FIX: second factor cannot be enabled if SSO is enabled (#10880)
* FIX: second factor cannot be enabled if SSO is enabled

If `enable_sso` setting is enabled then admin should not be able to
enable `enforce_second_factor` setting as that will lock users out.

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-09 22:36:38 +05:30
Guo Xiang Tan
cabbc32024 FIX: Scheduled jobs not showing up in /sidekiq/schedule in dev. 2020-10-08 10:24:51 +08:00
Sam
120fa8ad2f
PERF: Introduce absolute limit of digests per 30 minutes (#10845)
To avoid blocking the sidekiq queue a limit of 10,000 digests per 30 minutes
is introduced.

This acts as a safety measure that makes sure we don't keep pouring oil on
a fire.

On multisites it is recommended to set the number way lower so sites do not
dominate the backlog. A reasonable default for multisites may be 100-500.

This can be controlled with the environment var

DISCOURSE_MAX_DIGESTS_ENQUEUED_PER_30_MINS_PER_SITE
2020-10-07 17:30:15 +11:00
Martin Brennan
6e2be3e60b
FIX: When admin changes an email for the user the user must confirm the change (#10830)
See https://meta.discourse.org/t/changing-a-users-email/164512 for additional context.

Previously when an admin user changed a user's email we assumed that they would need a password reset too because they likely did not have access to their account. This proved to be incorrect, as there are other reasons a user needs admin to change their email. This PR:

* Changes the admin change email for user flow so the user is sent an email to confirm the change
* We now record who the email change request was requested by
* If the requested by user is admin and not the user we note this in the email sent to the user
* We also make the confirm change email route open to anonymous users, so it can be clicked by the user even if they do not have access to their account. If there is a logged in user we make sure the confirmation matches the current user.
2020-10-07 13:02:24 +10:00
Arpit Jalan
f4c7c7bff3
FEATURE: bulk remove tags (#10831)
https://meta.discourse.org/t/bulk-actions-remove-tags-in-addition-to-change-tags/52145
2020-10-06 22:41:55 +05:30
Discourse Translator Bot
29a9ae1b50 Update translations 2020-10-06 15:43:13 +02:00
Penar Musaraj
4efbf8dc4f
Remove "further reading" step from wizard (#10825)
Instead, add link to top themes on meta in wizard's last step.
2020-10-05 15:06:05 -04:00
Penar Musaraj
a4356b99af
FEATURE: Separate base and heading font site_settings (#10807)
Allows site administrators to pick different fonts for headings in the wizard and in their site settings. Also correctly displays the header logos in wizard previews.
2020-10-05 13:40:41 -04:00
Robin Ward
80a5482f28 Embedded topics are now unlisted by default
Previously this site setting `embed unlisted` defaulted to false and
empty topics would be generated for embed, but those topics tend to take
up a lot of room on the topic lists.

This new default creates invisible topics by default until they receive
their first reply.
2020-10-05 12:09:20 -04:00
Arpit Jalan
9b45391cf9
FEATURE: explain why invites are disabled to staff users (#10810)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-03 13:05:26 +05:30
Robin Ward
23f24bfb51 REFACTOR: Move javascript tests inside discourse app
This is where they should be as far as ember is concerned. Note this is
a huge commit and we should be really careful everything continues to
work properly.
2020-10-02 11:29:36 -04:00
Krzysztof Kotlarek
5cf411c3ae
FIX: move hp request from /users to /token (#10795)
`hp` is a valid username and we should not prevent users from registering it.
2020-10-02 09:01:40 +10:00
Robin Ward
a3c81a85cd
Update server.en.yml 2020-09-30 14:11:26 -04:00
Robin Ward
e2b9d93556
Update server.en.yml 2020-09-30 14:11:12 -04:00
Jeff Atwood
8fd8114e97 minor copyedit 2020-09-30 10:46:27 -07:00
Penar Musaraj
fb57fe7e36
FIX: Allow .otf fonts to be delivered via cdn (#10787)
The discourse-fonts package includes NotoSansJP (bold and regular), but
it is an OTF font, and it results in 404s in CDN requests.
2020-09-30 11:59:46 -04:00
Arpit Jalan
ff44515a18
FIX: better error message if invite is expired (#10783)
https://meta.discourse.org/t/invite-token-is-invalid/165270/5?u=techapj
2020-09-30 20:32:33 +05:30
Joffrey JAFFEUX
318dadaf37
FIX: correct value of auto and adds nohighlight to the description (#10771) 2020-09-30 15:39:47 +10:00
Jeff Atwood
a0bbc346cb minor copyedit 2020-09-29 16:47:54 -07:00
Arpit Jalan
025490ecb9
FEATURE: composer option to reload page and force save draft (#10773) 2020-09-29 22:29:03 +05:30
Discourse Translator Bot
ecfca965f2 Update translations 2020-09-29 13:01:52 +00:00
Martin Brennan
3cd601dcc9
FIX: Admin change email for user process improvements and fixes (#10755)
See https://meta.discourse.org/t/changing-a-users-email/164512 for context.

When admin changes an email for a user, we were incorrectly sending the password reset email to the user's old address. Also the new email does not come into effect until the reset password process is done, so this PR adds some notes to the admin to make this clearer.
2020-09-29 09:45:45 +10:00
Arpit Jalan
f7940b1d20
FEATURE: advanced search option for max posts count (#10761)
This commit adds an option to search for max posts count and updates
the UI for posts count search to show a min/max range in single line.
2020-09-28 21:34:16 +05:30
Arpit Jalan
4fcb307f84 UX: consistent password label on signup and invites page 2020-09-28 20:45:12 +05:30
Arpit Jalan
50d53508b1 UX: show range for advanced search views filter. 2020-09-28 16:07:44 +05:30
Arpit Jalan
30ffd3a44d Update locale for minimum posts filter on advanced search. 2020-09-25 08:18:03 +05:30
Mark VanLandingham
1a29801e2d
UX: More upbeat message when topic list is empty (#10740) 2020-09-24 12:05:58 -07:00
David Taylor
f1d64bbbe5
FEATURE: Add a site setting to control automatic auth redirect (#10732)
This allows administrators to stop automatic redirect to an external authenticator. It only takes effect when there is a single authentication method, and the site is login_required
2020-09-24 17:06:07 +01:00
Penar Musaraj
f55807922e
UX: Use simple list for settings without choice options (#10737)
It's a more user-friendly alternative to the default select-kit list,
for settings that are simple lists of items (the regular list widget is
better for settings with choice options).
2020-09-24 08:58:45 -04:00
Arpit Jalan
cdf45f4fe6 Update regex for views search filter. 2020-09-24 17:05:55 +05:30
Arpit Jalan
5b0ce25dd7 Update locale for views search filter. 2020-09-24 16:33:53 +05:30
Arpit Jalan
0c5cd0d1ef FEATURE: advanced search filters for view count 2020-09-24 15:22:18 +05:30
Sam Saffron
580383dff3
FEATURE: change default size for search recent posts
The site setting `search_recent_posts_size` controls the window of posts
that we will search through before trying to search through the full index

If this number is too low then the search quality can suffer a lot as recent
posts may dominate search. If the number is too high then performance will
suffer.

This attempts to find a happy medium, 1 million posts will cover the majority
of forums out there and should perform adequately.
2020-09-24 17:04:55 +10:00
Bianca Nenciu
eb891778ff
DEV: Do not translate font names (#10723)
Use the names as provided by discourse-fonts and remove the
translated strings.

It also ensures that the selected font is present in case a font will
be removed in the future.
2020-09-23 12:00:07 +03:00
Vinoth Kannan
1504fe7231 DEV: make it possible to enable cdn in development environment. 2020-09-23 11:52:16 +05:30
Simon Cossar
0f04864da1
Improve staff_like_weight copy to indicate how the value is applied (#10726) 2020-09-22 14:57:56 -07:00
Kris
cba3d3782d
A11Y: Add label to share link input (#10717) 2020-09-22 17:26:03 -04:00
Robin Ward
ce3fe2f4c4 REFACTOR: Support bundling our admin section as an ember addon 2020-09-22 15:14:29 -04:00
Discourse Translator Bot
c86538097d Update translations 2020-09-22 13:04:13 +00:00
Krzysztof Kotlarek
0bb51dcbfa
FIX: TL2 promotion message and advance training (#10679)
This is a little bit of refactoring. Core Discourse should have default promotion message for TL2.

In addition, when the Discobot plugin is enabled, the user is invited to advanced training
2020-09-22 10:17:52 +10:00
Sam Saffron
8867bd4abe
DEV: allow larger recent post size
Limiting to 100,000 is too small, some sites may want a far higher limit.

Low numbers on recent_posts_size can impact search quality
2020-09-22 08:40:19 +10:00
Jarek Radosz
1db8315a8b UX: Remove the post number from a composer label
It didn't provide much value to users as it often didn't match the number visible in the topic timeline. That's because `postNumber` is an implementation detail, while the timeline counts only full visible posts (no whispers, topic action notices, etc.)
2020-09-21 14:47:36 +02:00
Joffrey JAFFEUX
f785b04dc0
FIX: missing / after basePath was causing the URL to be relative (#10708) 2020-09-19 11:27:03 +02:00
Roman Rizzi
f85f73be88
FEATURE: Review posts with media. (#10693)
To check if a post contains any embedded media, we look if the "image_sizes" attribute is present in the new post manager arguments.

We want to see one boxed links, but we only store the raw content of the post. To work around this, I extracted the onebox logic from the composer editor into a module.
2020-09-18 12:45:09 -03:00
David Taylor
ce686a008f
DEV: Refresh site settings on Redis fallback (#10700)
This ensures that all app instances have up-to-date data, even if they missed a message-bus update during the failover
2020-09-18 11:44:25 +01:00
Guo Xiang Tan
d83d9ec408
DEV: Clear all DistributedCache on Redis fallback. 2020-09-18 11:31:49 +08:00
Osama Sayegh
a92d88747e
DEV: Add ENV variable for enabling MiniProfiler snapshots (#10690)
* DEV: Add ENV variable for enabling MiniProfiler snapshots

* MiniProfiler is not loaded in test env
2020-09-17 18:18:35 +03:00
Daniel Waterworth
6e69c25134 FIX: Use asset_hostnames in rails_multisite
We want to respond to the x-forwarded-for host from the CDN too.
2020-09-17 10:32:43 +01:00
Guo Xiang Tan
b47b640598
FEATURE: Hidden SiteSetting.keep_old_ip_address_count to track IP history. 2020-09-17 12:50:39 +08:00
Martin Brennan
49bd066037
FEATURE: Default allow embed secure images in email to true (#10688)
We are making the changes from the PR #10563 the default behaviour. Now, if secure media is enabled, secure images will be embedded in emails by default instead of redacting them and displaying a message. This will be a nicer overall experience by default, and for forums that want to be super strict with redaction this setting can always be disabled.
2020-09-17 14:15:02 +10:00
Discourse Translator Bot
6734a82260 Update translations 2020-09-16 10:17:56 +00:00
Discourse Translator Bot
44aac1b44b Update translations 2020-09-16 04:27:51 +00:00
Penar Musaraj
6610576deb
FIX: Clear stylesheet cache on base font change
Previously, we were not clearing the cache on themes using the default
color scheme.
2020-09-15 13:13:09 -04:00
Daniel Waterworth
19b24e178c SECURITY: __ws shouldn't be able to override every domain in multisite 2020-09-15 17:35:57 +01:00
Penar Musaraj
273db57d6e
FEATURE: Allow admins to delete user SSO records in the UI (#10669)
Also displays the user's last payload in the admin UI to help with debugging SSO issues.
2020-09-15 10:00:10 -04:00
Discourse Translator Bot
5990c71c29 Update translations 2020-09-15 13:04:17 +00:00
Martin Brennan
5268568d23
FEATURE: Remove user topic timers and migrate to bookmarks with reminders (#10474)
This PR removes the user reminder topic timers, because that system has been supplanted and improved by bookmark reminders. The option is removed from the UI and all existing user reminder topic timers are migrated to bookmark reminders.

Migration does this:

* Get all topic_timers with status_type 5 (reminders)
* Gets all bookmarks where the user ID and topic ID match
* Loops through the found topic timers
  * If there is no bookmark for the OP of the topic, then we just create a bookmark with a reminder
  * If there is a bookmark for the OP of the topic and it does **not** have a reminder set, then just 
update it with the topic timer reminder
  * If there is a bookmark for the OP of the topic with a reminder then just discard the topic timer
* Cancels all outstanding user reminder topic timers
* **Trashes (not deletes) all user reminder topic timers**

Notes:

* For now I have left the user reminder topic timer job class in place; this is so the jobs can be cancelled in the migration. It and the specs will be deleted in the next PR.
* At a later date I will write a migration to delete all trashed user topic timers. They are not deleted here in case there are data issues and they need to be recovered.
* A future PR will change the UI of the topic timer modal to make it look more like the bookmark modal.
2020-09-14 11:11:55 +10:00
Sam Saffron
44fba9463b
FEATURE: Add support for not persistent sessions
In some cases Discourse admins may opt for sessions not to persist when a
browser is closed.

This is particularly useful in healthcare and education settings where
computers are shared among multiple workers.

By default `persistent_sessions` site setting is enabled, to opt out you
must disable the site setting.
2020-09-11 15:11:24 +10:00
Vinoth Kannan
9e4ed03b8f FEATURE: moderators allowed to view groups which members can see.
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.

This reverts commit 7fc7090. And fixed the spec test fails.
2020-09-11 08:20:13 +05:30
Guo Xiang Tan
7fc70900d2
Revert "FEATURE: moderators allowed to view groups which members can see."
Build is broken.

This reverts commit 2bf0c4188b.
2020-09-11 10:04:54 +08:00
Vinoth Kannan
2bf0c4188b FEATURE: moderators allowed to view groups which members can see.
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.
2020-09-11 03:33:44 +05:30
Martin Brennan
dede942007
FEATURE: Allow email image embed with secure media (#10563)
This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced:

* `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them.
* `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`.

`Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients.

All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`.

Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions.

![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 09:50:16 +10:00
Marcus Baw
24cd3e2c2c fix typo
Permenantly Delete -> Permanently Delete
2020-09-09 13:10:33 -04:00
Discourse Translator Bot
1c71f81144 Update translations 2020-09-09 14:59:40 +00:00
Joffrey JAFFEUX
8413d27cf2
FIX: handles different cases of canInvite/canRemove states in PM (#10607) 2020-09-08 16:35:59 +02:00
awesomerobot
13c9d7e704 UX: Add missing labels to mobile composer buttons 2020-09-04 22:18:29 -04:00
Bianca Nenciu
58b97ace23
DEV: Use a special import to declare font faces (#10583)
Update discourse-fonts to v0.0.3.

Follow-up to 7b7357147e.
2020-09-04 16:25:50 +03:00
Jarek Radosz
4f48304a44 DEV: Remove an unused i18n string
The related code was removed in 86cb5803ba
2020-09-03 16:32:46 +02:00
Bianca Nenciu
803841ca47
FIX: Remove font-famly property in .font- classes 2020-09-02 16:29:09 +03:00
Gerhard Schlager
31c1d57228
FIX: System message wasn't fully translatable 2020-09-02 15:24:25 +02:00
Sam Saffron
7b7357147e
FIX: add cache breaker for fonts
This is a temporary fix since fonts may be cached without CORS

A larger scale change needed.

Our long term solution here is to have the SCSS compilation pipeline take
care of this by introducing some SCSS var that can be consumed in the various
stylesheets.

We do not want to write a file on boot
2020-09-02 12:17:28 +10:00
Sam Saffron
f5051ec833
FIX: Allow fonts to be delivered via CDN
We introduced support for custom fonts which are shipped out of the `/fonts`
directory, however we did not provide a bypass in our NGINX config.
2020-09-02 10:19:19 +10:00
Discourse Translator Bot
71da5e0e27 Update translations 2020-09-01 13:02:16 +00:00
Guo Xiang Tan
069a109cbb
DEV: Require scheduled job in development to avoid loading file twice.
This removes the need to memoize constant in order to avoid the "warning: already initialized constant".
2020-09-01 10:14:40 +08:00
Guo Xiang Tan
09a89cff1a
DEV: Increase log levels for more assets/static paths. 2020-09-01 09:52:50 +08:00
tshenry
2550c5bd03
FIX: Ensure disabling 2FA works as expected (#10485) 2020-08-31 09:56:57 -07:00
Bianca Nenciu
f2e14a3946
FEATURE: Add site setting and wizard step to set base font (#10250)
Co-authored-by: Neil Lalonde <neillalonde@gmail.com>
2020-08-31 13:14:09 +03:00
Guo Xiang Tan
20bd6d9797
DEV: Only eagerload scheduled jobs in a Sidekiq process. 2020-08-31 14:28:38 +08:00
Penar Musaraj
b7cfc9e861
FEATURE: User selectable color schemes (#10544) 2020-08-28 10:36:52 -04:00
David Taylor
a3577435f7
FEATURE: Additional control of iframes in oneboxes (#10523)
This commit adds a new site setting "allowed_onebox_iframes". By default, all onebox iframes are allowed. When the list of domains is restricted, Onebox will automatically skip engines which require those domains, and use a fallback engine.
2020-08-27 20:12:13 +01:00
Vinoth Kannan
a8502ae1c4
FEATURE: add dismiss unread topics button when filtered by tag. (#10547) 2020-08-27 23:04:45 +05:30
Guo Xiang Tan
40c6d90df3 PERF: Create a partial regular post_search_data index on large sites.
With the addition of `PostSearchData#private_message`, a partial
index consisting of only search data from regular posts can be created.
The partial index helps to speed up searches on large sites since PG
will not have to do an index scan on the entire search data index which
has shown to be a bottle neck.
2020-08-27 13:42:00 +08:00
Gerhard Schlager
354014099d Update copy and remove unused strings 2020-08-26 18:08:41 +02:00
jahan-ggn
ae7ff5eb73
FEATURE: Added sort by username for directory items (#10482)
* done-sorting-usernames-on-users-page

* sorted-usernames-on-users-page

* spec written

* specs added
2020-08-26 10:14:20 -04:00
Discourse Translator Bot
6c3b1eb9b9 Update translations 2020-08-26 09:27:35 +00:00
Discourse Translator Bot
d495464ead Update translations 2020-08-25 13:02:37 +00:00
Gerhard Schlager
6c09fd4289 DEV: Remove unused code and translations 2020-08-25 11:41:19 +02:00
Gerhard Schlager
10e6e8d307
Use quotes instead of grave accent 2020-08-25 11:39:11 +02:00
Guo Xiang Tan
f08d440ea0
DEV: Disable migration advisory locks in dev and test environment.
There is a bug in Rails that leaks an idle PG session which will prevent
the dropping of the database.
2020-08-25 14:20:58 +08:00
Krzysztof Kotlarek
7b6f8517bf
FIX: limit number of users addable to group at once (#10510)
When someone wants to add > 1000 users at once they will hit a timeout.
Therefore, we should introduce limit and inform the user when limit is exceeded.
2020-08-25 08:55:21 +10:00
Roman Rizzi
dd13304b81
FEATURE: More API scopes (#10493) 2020-08-24 12:15:08 -03:00
Vinoth Kannan
0b58fee424 minor copyedit on site setting and user option descriptions 2020-08-22 13:11:57 +05:30
Penar Musaraj
1acb2f752b
DEV: Add DISABLE_MINI_PROFILER development ENV variable 2020-08-21 09:33:22 -04:00
Penar Musaraj
8b2c4b07a4
UX: Tweaks to admin color palette dropdown (#10502) 2020-08-21 09:30:11 -04:00
Martin Brennan
2aa1482421
FIX: Bookmark list showing wrong no content message (#10501)
Meta report: https://meta.discourse.org/t/spurious-permissions-error-after-deleting-last-bookmark/161289

When deleting all bookmarks in their list, users were seeing an "access denied" message instead of the regular no content message. This is because when we were calling loadMore and no further results were returned, we were presuming the null response from the resolved promise meant that there was a permissions error. Fixed this and moved the message into a computed property to show the correct message.
2020-08-21 11:01:12 +10:00
Vinoth Kannan
8348a41124
FEATURE: add regular_categories field in site setting & user option. (#10477)
Like "default watching" and "default tracking" categories option now the "regular" categories support is added. It will be useful for sites that are muted by default. The user option will be displayed only if `mute_all_categories_by_default` site setting is enabled.
2020-08-20 00:35:04 +05:30
Mark VanLandingham
a3c0d4a8b5
FIX: Error message when setting enforce 2fa with social logins (#10479) 2020-08-19 13:16:31 -05:00
Neil Lalonde
96511e4548
UX: better wording when there are no unused tags to delete 2020-08-19 12:17:48 -04:00
jbrw
aa1fc01307
FEATURE - Moderators can create and manage groups (#10432)
Enabling the moderators_manage_categories_and_groups site setting will allow moderator users to create/manage groups.

* show New Group form to moderators

* Allow moderators to update groups and read logs, where appropriate

* Rename site setting from create -> manage

* improved tests

* Migration should rename old log entries

* Log group changes, even if those changes mean you can no longer see the group

* Slight reshuffle

* RouteTo /g if they no longer have permissions to view group
2020-08-19 10:41:40 -04:00
Penar Musaraj
328ad921fb
FIX: display label when theme uses default color scheme 2020-08-18 21:11:15 -04:00
Roman Rizzi
390615fbcd
UX: Help users understand the meaning of each scope. (#10468) 2020-08-18 15:12:04 -03:00
Penar Musaraj
882b0aac19
DEV: Let themes extend color definitions (#10429)
Themes can now declare custom colors that get compiled in core's color definitions stylesheet, thus allowing themes to better support dark/light color schemes. 

For example, if you need your theme to use tertiary for an element in a light color scheme and quaternary in a dark scheme, you can add the following SCSS to your theme's `color_definitions.scss` file: 

```
:root {
  --mytheme-tertiary-or-quaternary: #{dark-light-choose($tertiary, $quaternary)};
}
```

And then use the `--mytheme-tertiary-or-quaternary` variable as the color property of that element. You can also use this file to add color variables that use SCSS color transformation functions (lighten, darken, saturate, etc.) without compromising your theme's compatibility with different color schemes.
2020-08-18 13:02:13 -04:00
Discourse Translator Bot
d0faee3bd8 Update translations 2020-08-18 13:02:44 +00:00
Vinoth Kannan
562180dd9a
FEATURE: add option to skip new user tips in first notification. (#10462) 2020-08-18 13:43:40 +05:30
Penar Musaraj
3745f2bb86
FEATURE: Dark mode alternative logos (#10441) 2020-08-17 15:43:20 -04:00
jahan-ggn
65649eaef0
User card settings (#10302)
* settings implemented

* prettier

* settings updated

* rubocop

* prettier

* Revert "rubocop"

This reverts commit 7805145a7d.

* Revert "prettier"

This reverts commit 2c53f4fa12.

* settings updated and changed

* rubocop

* changes applied

* final changes done

* Server side feature added

* spec changed

* changed user_updater and profile file

* Fix user card specs

* web hook serializer solved

* site-setting changed

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2020-08-17 12:37:45 -04:00
Vinoth Kannan
476d26159a
FEATURE: add new user option skip_new_user_tips. (#10437)
And add new site setting `default_other_skip_new_user_tips` in user preferences category.
2020-08-14 19:10:56 +05:30
Neil Lalonde
d65a839577
FEATURE: allow group membership to unmute categories and tags
For sites that are configured to mute some or all categories and tags
for users by default, groups can now be configured to set members'
notification level to normal from the group manage UI.
2020-08-13 17:20:53 -04:00
Martin Brennan
e059677bf7
Reveal IMAP site settings 2020-08-12 13:08:41 +10:00
Discourse Translator Bot
1a78a429b5 Update translations 2020-08-11 13:04:00 +00:00
Blake Erickson
2032c11f78
FIX: Return 422 when creating topics with tags w/out permission (#10400)
The UI prevents users from trying to create tags on topics when they
don't have permission, but if you are trying to add tags to a topic via
the API and you don't have permission before this change it would
silently succeed in creating the topic, but it wouldn't have any tags.

Now a 422 error will be returned with an error message when trying to
create a topic with tags when tagging is disabled or you don't have
enough trust level to add tags to a topic.

Bug report: https://meta.discourse.org/t/-/70525/14
2020-08-10 16:14:15 -06:00
Mark VanLandingham
b7a092bd28
FEATURE: Group category permissions tab (#10388) 2020-08-10 09:49:05 -05:00
Régis Hanol
bc63232d2e
FIX: sync reviewable count when opening the hamburger menu (#10368)
When a tab is open but left unattended for a while, the red, green, and blue
pills tend to go out of sync.

So whevener we open the notifications menu, we sync up the notification count
(eg. blue and green pills) with the server.

However, the reviewable count (eg. the red pill) is not a notification and
is located in the hamburger menu. This commit adds a new route on the server
side to retrieve the reviewable count for the current user and a ping
(refreshReviewableCount) from the client side to sync the reviewable count
whenever they open the hamburger menu.

REFACTOR: I also refactored the hamburger-menu widget code to prevent repetitive uses
of "this.".

PERF: I improved the performance of the 'notify_reviewable' job by doing only 1 query
to the database to retrieve all the pending reviewables and then tallying based on the
various rights.
2020-08-07 18:13:02 +02:00
jbrw
3593e582a3
FIX - limit number of embedded media items in a post (#10391)
* FIX - limit number of embedded media items in a post

* Add renamed settings to DeprecatedSettings
2020-08-07 12:08:59 -04:00
Penar Musaraj
86cb5803ba
Convert HEIC uploads to JPG by default (#10395) 2020-08-07 11:17:50 -04:00
Penar Musaraj
9c9aa21726
Add site setting to pick dark mode color scheme (#10390)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-08-07 08:52:47 -04:00
Guo Xiang Tan
e60c74d3c1
FEATURE: Use PG ts_headline for highlighting topic title in search. 2020-08-07 12:43:09 +08:00
Krzysztof Kotlarek
fb9c2e5f89
FEATURE: notification for vote plugin (#10384)
This must exist in core as we want to see a correct notification after disable of the voting plugin.
2020-08-07 09:51:16 +10:00
Neil Lalonde
1ca81fbb95
FEATURE: set notification levels when added to a group (#10378)
* FEATURE: set notification levels when added to a group

This feature allows admins and group owners to define default
category and tag tracking levels that will be applied to user
preferences automatically at the time when users are added to the
group. Users are free to change those preferences afterwards.
When removed from a group, the user's notification preferences aren't
changed.
2020-08-06 12:27:27 -04:00
Penar Musaraj
6fdc711b4a
FEATURE: Allow users to opt out of automatic dark mode (#10377) 2020-08-06 09:45:37 -04:00
Gerhard Schlager
81247c1f6a DEV: Remove mention of Transifex from locale files 2020-08-06 13:34:00 +02:00
Guo Xiang Tan
2193d02433
PERF: Use PG headlines for blurb generation and highlighting for search. 2020-08-06 14:56:29 +08:00
Discourse Translator Bot
a68533b394 Update translations 2020-08-05 13:55:12 +00:00
Sam Saffron
ee10002e20
FIX: excerpts larger than 999 are not supported
underlying column can only fit 1000 chars.
2020-08-05 16:20:36 +10:00
Mark VanLandingham
b76731d722
FEATURE: Invite emails to groups from add member modal (#10308) 2020-08-04 10:02:01 -05:00
Penar Musaraj
c937afc75e
FEATURE: automatic dark mode (#10341)
A first step to adding automatic dark mode color scheme switching. Adds a new SCSS file at `color_definitions.scss` that serves to output all SCSS color variables as CSS custom properties. And replaces all SCSS color variables with the new CSS custom properties throughout the stylesheets. 

This is an alpha feature at this point, can only be enabled via console using the `default_dark_mode_color_scheme_id` site setting.
2020-08-03 22:57:10 -04:00
Blake Erickson
8de635fe92
DEV: Show message when cannot invite user to PM (#10336)
* DEV: Show message when cannot invite user to PM

When inviting a user to a PM return a message that says, "Sorry, this
user can't be invited." if they have been muted or are not in a users
allowed pm users list.

* Minor refactor & improved some text
2020-07-31 09:52:19 -06:00
Vinoth Kannan
6a1746a0c5
FEATURE: add expandable muted categories ui to /categories page. (#10303)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-30 23:32:51 +05:30
Sam Saffron
dc14d156b6
FEATURE: g,j and g,k to navigate to next and prev topic
After visiting a topic list (by tag / category / top level) we track the list

Once a list is tracked the combo `g` `j` can be used to go to the next topic
in the list and `g` `k` to go to previous topic.

This allows you to quickly work through subsets of topics without having
to navigate back to the top level lists

The shortcut does not work in PM lists yet, or search results, both are
under consideration.
2020-07-30 17:54:47 +10:00
Joffrey JAFFEUX
0c7eaa57b2
FEATURE: allows to display charts by day/week/month (#10325) 2020-07-28 16:14:41 +02:00
Matt Palmer
1ad270965c
FEATURE: Allow the specification of an arbitrary unicorn listen address
Useful if you want to, say, have your unicorn listen on a Unix domain
socket, rather than a TCP port, or you want to be able to bind to a
single address other than 127.0.0.1.
2020-07-28 13:03:17 +10:00
Krzysztof Kotlarek
ce53180c3b
FIX: add a translation for reaction notification (#10316)
Follow https://github.com/discourse/discourse/pull/10315
2020-07-27 14:57:37 +10:00
Krzysztof Kotlarek
e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Martin Brennan
a9905ef7e5
FIX: Add enable_email_sync_demon global variable and disable EmailSync demon by default (#10304)
Demon::EmailSync is used in conjunction with the SiteSetting.enable_imap to sync N IMAP mailboxes with specific groups. It is a process started in unicorn.conf, and it spawns N threads (one for each multisite connection) and for each database spans another N threads (one for each configured group).

We want this off by default so the process is not started when it does not need to be (e.g. development, test, certain hosting tiers)
2020-07-24 17:09:29 +10:00
Martin Brennan
1dd3af20c6
FIX: Do not show Email tab for group settings unless IMAP + SMTP enabled (#10301)
Also hide all the SMTP/IMAP related settings to avoid confusion, as this feature is still not 100% ready to go.
2020-07-24 12:00:36 +10:00
Krzysztof Kotlarek
4b053462c0
FIX: display correct status on unsubscribe page (#10294)
There was a bug that even when `email_digest` was set to false but
`digest_after_minutes` was positive, we were not displaying correct
status.

In addition, the message is improved when the user is unsubscribed +
unsubscribe from all is hidden.
2020-07-23 16:20:10 +10:00
Penar Musaraj
7559758e10
FEATURE: Support converting HEIF images to JPEG (#10079) 2020-07-22 21:40:09 -04:00
David Taylor
c09b5807f3
FIX: Include resolved locale in anonymous cache key (#10289)
This only applies when set_locale_from_accept_language_header is enabled
2020-07-22 18:00:07 +01:00
Vinoth Kannan
0884d570b1
FEATURE: add support for top filter in tag page. (#10281)
Currently, tag pages only have the `latest` filter.
2020-07-22 19:26:36 +05:30
jbrw
0ed784b4fc
FEATURE: Create logs for Group Moderator changes (#10271) 2020-07-21 14:29:02 -04:00
Guo Xiang Tan
bb8f1ce8b1
DEV: Consolidate Unicorn error backtraces when logstash is enabled. 2020-07-21 15:35:41 +08:00
Guo Xiang Tan
23778f4bfd
DEV: Avoid logging Redis cannot connect error during failover.
Reduce amount of noise in our logs.
2020-07-21 14:53:46 +08:00
Guo Xiang Tan
df66a559c9
DEV: Pause Sidekiq before readonly mode during PG failover. 2020-07-21 13:51:37 +08:00
Guo Xiang Tan
031a6616a3
DEV: Allow writes to PG even if Redis is readonly mode.
Previously, I thought it was better to drop the site into reading mode
when Redis has failed over to the replica but it created more errors
while Redis is in readonly mode since ActiveRecord would prevent us from
writing to PG even though PG is up.
2020-07-21 12:34:07 +08:00
Martin Brennan
41b43a2a25
FEATURE: Add "delete on owner reply" bookmark functionality (#10231)
This adds an option to "delete on owner reply" to bookmarks. If you select this option in the modal, then reply to the topic the bookmark is in, the bookmark will be deleted on reply.

This PR also changes the checkboxes for these additional bookmark options to an Integer column in the DB with a combobox to select the option you want.

The use cases are:

* Sometimes I will bookmark the topics to read it later. In this case we definitely don’t need to keep the bookmark after I replied to it.
* Sometimes I will read the topic in mobile and I will prefer to reply in PC later. Or I may have to do some research before reply. So I will bookmark it for reply later.
2020-07-21 10:00:39 +10:00
Blake Erickson
690f17bcbe
FEATURE: Allow List for PMs (#10270)
* FEATURE: Allow List for PMs

This feature adds a new user setting that is disabled by default that
allows them to specify a list of users that are allowed to send them
private messages. This way they don't have to maintain a large list of
users they don't want to here from and instead just list the people they
know they do want. Staff will still always be able to send messages to
the user.

* Update PR based on feedback
2020-07-20 15:23:49 -06:00
Daniel Waterworth
0b800d307f SECURITY: Bound the amount of work that embed#topics can do
This commit adds a hidden site setting that limits the maximum number of
topics that can be fetched at once via the embed controller.
2020-07-20 13:25:34 +01:00
Daniel Waterworth
9313706649 DEV: Enable preserve_email_structure_when_styling by default
In 1bd8a075, a hidden site setting was added that causes Email::Styles
to treat its input as a complete document in all cases.

This commit enables that setting by default.

Some tests were removed that were broken by this change. They tested the
behaviour of applying email styles to empty strings. They weren't useful
because:

 * Sending empty email is not something we ever intend to do,
 * They were testing incidental behaviour - there are lots of
   valid ways to process the empty string,
 * Their intent wasn't clear from their descriptions,
2020-07-20 10:21:32 +01:00
Guo Xiang Tan
383537a2fa
DEV: Force ActiveRecord reading role on Redis failover take 2. 2020-07-20 16:11:20 +08:00
Guo Xiang Tan
5adf2ccaca
DEV: Force ActiveRecord reading role on Redis failover. 2020-07-20 15:10:53 +08:00
Penar Musaraj
bf22f7080d
FEATURE: optional quote sharing buttons (#10254) 2020-07-17 14:44:31 -04:00
Martin Brennan
716ccf7fe4
FIX: Bookmark search fixes (#10239)
* Remove unneeded bookmark name index.
* Change bookmark search query to use post_search_data. This allows searching on topic title and post content
* Tweak the style/layout of the bookmark list so the search looks better and the whole page fits better on mobile.
2020-07-17 15:55:07 +10:00
Roman Rizzi
f13ec11c64
FEATURE: Add scopes to API keys (#9844)
* Added scopes UI

* Create scopes when creating a new API key

* Show scopes on the API key show route

* Apply scopes on API requests

* Extend scopes from plugins

* Add missing scopes. A mapping can be associated with multiple controller actions

* Only send scopes if the use global key option is disabled. Use the discourse plugin registry to add new scopes

* Add not null validations and index for api_key_id

* Annotate model

* DEV: Move default mappings to ApiKeyScope

* Remove unused attribute and improve UI for existing keys

* Support multiple parameters separated by a comma
2020-07-16 15:51:24 -03:00
Kane York
fa612fca82
FIX: Off-by-one-slash error in topic.notifications.reasons (#10246) 2020-07-15 14:37:27 -07:00
Robin Ward
72c5a389eb FIX: filterPlaceholder is a computed property
These cannot be overridden.
2020-07-15 13:32:27 -04:00
David Taylor
7d300006a1
Revert "PERF: Move highlightjs to a background worker, and add result cache (#10191)"
This caused a CORS error when used with S3 asset storage

This reverts commit d09f283e91.
2020-07-15 13:52:35 +01:00
David Taylor
d09f283e91
PERF: Move highlightjs to a background worker, and add result cache (#10191)
Syntax highlighting is a CPU-intensive process which we run a lot while rendering posts and while using the composer preview. Moving it to a background worker releases the main thread to the browser, which makes the UX much smoother.
2020-07-15 12:48:07 +01:00
Guo Xiang Tan
6385fbbfbf
FIX: Ignore document length in search when ranking by relevance.
Considering document length in search introduced too much variance in
our search results such that it makes certain searches better but at the
same time made certain searches worst. Instead, we want to have a more
determistic way of ranking search so that it is easier to reason about
why a post is rank higher in search than another.

The long term plan to tackle repeated terms is to restrict the number of
positions for a given lexeme in our search index.
2020-07-15 13:43:14 +08:00
jbrw
06073fe8c6
FEATURE: Allow group moderators to close/archive topics
* FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
Guo Xiang Tan
5c230266d3
FIX: Inject extra lexemes for host lexeme.
```
discourse_development=# SELECT alias, lexemes FROM TS_DEBUG('www.discourse.org');
 alias |       lexemes
-------+---------------------
 host  | {www.discourse.org}

discourse_development=# SELECT TO_TSVECTOR('www.discourse.org');
      to_tsvector
-----------------------
 'www.discourse.org':1
```

Given the above lexeme, we will inject additional lexeme by splitting
the host on `.`. The actual tsvector stored will look something like

```
               tsvector
---------------------------------------
 'discourse':1 'discourse.org':1 'org':1 'www':1 'www.discourse.org':1
```
2020-07-14 15:32:40 +08:00
Martin Brennan
bcc80e0ea8
FEATURE: Add search to user bookmark list (#10230)
User bookmarks can now be searched by name or post raw content. The q querystring param is hooked up from the Ember router as well.
2020-07-14 14:43:41 +10:00
Martin Brennan
f4f3e8c401
FIX: Various improvements to bookmark modal UI (#10225)
* Do not autofocus name input on mobile
* Improve code for formatted reminder type times to not be computed, so the modal times update correctly
* Change wording of "Next Monday" to "Monday" for all days except when today is Monday
2020-07-14 14:02:13 +10:00
Dan Ungureanu
cf02c518b9
DEV: Merge category and tag hashtags code paths (#10216)
Category and tag hashtags used to be handled differently even though
most of the code was very similar. This design was the root cause of
multiple issues related to hashtags.

This commit reduces the number of requests (just one and debounced
better), removes the use of CSS classes which marked resolved hashtags,
simplifies a lot of the code as there is a single source of truth and
previous race condition fixes are now useless.

It also includes a very minor security fix which let unauthorized users
to guess hidden tags.
2020-07-13 19:13:17 +03:00
Arpit Jalan
7532f24668 UX: better error message if moderator is not allowed to invite to group
UX: do not show invite to group option if mod is not owner of any group
2020-07-13 18:09:36 +05:30
Guo Xiang Tan
54d002f7db
DEV: Fix error introduced in d5c56a846. 2020-07-13 10:13:37 +08:00
Bianca Nenciu
275b748016
FIX: Replace links to removed uploads from reviewables with a placeholder (#10180) 2020-07-10 17:57:06 +03:00
Dan Ungureanu
c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
Rafael dos Santos Silva
e866e3d609
FEATURE: Add global rate limit for anon searches (#10208) 2020-07-10 09:08:34 +10:00
Guo Xiang Tan
d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan
31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan
fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan
f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Kris
66257ca8b6 FEATURE: Add "smallest" option to user text size preferences 2020-07-07 13:08:19 -04:00
Bianca Nenciu
6705c45156
FEATURE: Add reply_as_new_group_message composer action (#10168) 2020-07-07 18:30:48 +03:00
Joffrey JAFFEUX
56475f57c5
UX: simplifies editing email templates by always having a default (#10179) 2020-07-07 11:44:13 +02:00
Daniel Waterworth
1bd8a075d8 FIX: Make Email::Styles operate on html documents instead of fragments
`Nokogiri::HTML.fragment` is a huge hack (a comment in the source code
admits this). The current behavior of `Email::Styles` is to try to
emulate `fragment` using nokogumbo, but it misses some edge cases. In
particular, meta tags in a email template don't make it through to the
final email.

Instead of treating the provided HTML as an indeterminate fragment, this
commit makes `Email::Styles` treat the HTML as a complete document. This
means that the generated HTML for an email will now always contain top
level structure (a doctype, html, head and body tags).

This new behavior is behind a hidden site setting for now and defaults
off.
2020-07-06 11:45:39 +01:00
David Taylor
5284d41a8e
FEATURE: Optionally skip the create account popup for external auth 2020-07-06 10:18:57 +01:00
David Taylor
977766e7a8
FEATURE: sso_overrides_(email|username|name) for all auth methods
These settings previously applied only to discourse-sso. Now they work for all external authentication methods.
2020-07-06 10:18:45 +01:00
Sam Saffron
199a53e936
UX: suppress "in reply to" section in emails by default
Previously we would include this section, unfortunately

1. It is usually elided in gmail
2. It can make the emails longer and more confusing
3. Omission is a feature, it means people need to visit site to get context
2020-07-06 10:40:04 +10:00
Guo Xiang Tan
af52df2d96
DEV: Add hidden site setting for PG search ranking normalization. 2020-07-02 14:11:18 +08:00
Guo Xiang Tan
82964265cc
DEV: Remove logster current context config.
Multisite middleware sits at the top of the middleware stack.
2020-07-01 11:44:22 +08:00
Mark VanLandingham
cd5cfc1496
FEATURE: Site setting to always show category definitions (#10124) 2020-06-29 13:22:02 -05:00
Guo Xiang Tan
2c4c953bf8
DEV: Avoid logging errors on bad Redis connection during PG failover. 2020-06-29 11:54:55 +08:00
Sam Saffron
88459e08c9
FEATURE: allow disabling of extra term injection in search
There is a feature in search where we take over from the tokenizer
in postgres and attempt to inject more words into search.

So for example: sam.i.am will inject the words i and am.

This is not ideal cause there are many edge cases and this can
cause extreme index bloat.

This is an opening move commit to make it configurable, over the
next few weeks we will evaluate and decide if we disable this by
default or simply remove.
2020-06-25 13:36:52 +10:00
Guo Xiang Tan
42a6c8a85f
DEV: Rescue from ActiveRecord::Readonly error in lograge. 2020-06-25 10:25:28 +08:00
Neil Lalonde
8e07ee7e36
Update translations
Carefully because permalink.external_url is untranslated in many
locales due to a recent change in client.en.yml in 516a03be09.
2020-06-24 10:47:45 -04:00
Guo Xiang Tan
27b2e335ef
DEV: Retry on distributed mutex timeout error when starting sidekiq.
We need Sidekiq to start `mini_scheduler` no matter what. Timeouts
happen when trying to boot an app with Redis in readonly mode.
2020-06-23 15:43:28 +08:00
Bianca Nenciu
68f767a557
FEATURE: Check if selectable avatars exist before enabling them (#10032) 2020-06-22 16:58:26 +03:00
Bianca Nenciu
685646540a
FIX: Hide PM tags if the site setting is disabled (#10089)
* FIX: Hide PM tags if the site setting is disabled

* Apply code suggestions
2020-06-22 16:48:24 +03:00
Guo Xiang Tan
3370ef188e
FEATURE: Remove deprecated uploads url site settings.
The site settings have been replaced with direct image upload since
Discourse 2.3.
2020-06-22 14:32:29 +08:00
Martin Brennan
516a03be09
FIX: Improve admin permalink UX (#10101)
The admin permalink list was a little tricky to use because the URLs are easily reduced with a ... if they are too long. This adds a copy to clipboard button for the URL and a title on hover so the full text of the URL can be seen.
2020-06-22 13:14:16 +10:00
Gerhard Schlager
390dc5c7a9 Update translations 2020-06-21 11:58:21 +02:00
Robin Ward
4a2871f7f6
FEATURE: Don't display muted/ignored users under "who liked" (#10084)
* FEATURE: Don't display muted/ignored users under "who liked"

Previously, if you clicked on the heart icon below a post
it would show you the avatar for a user even if you ignored or muted
them.

This commit will instead display a (?) icon. The count of likes will
remain correct, but you needn't be reminded of the person you
preferred not to see.

* Use a circle instead of (?) for unknown user
2020-06-19 10:44:21 -04:00
Robin Ward
494a27dc27 FIX: A much nicer error message if you can't ignore/mute a user 2020-06-18 13:41:27 -04:00
Patrick Schleizer
2d63d7d05e
make unix domain sockets listening example match web.socketed.template.yml (#10060) 2020-06-18 11:30:08 -04:00
Bernhard Suttner
e31471585a
DEV: allow to have duplicate topic titles if categegory is different (#10034)
Co-authored-by: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-06-18 11:19:47 -04:00
Jeff Atwood
978aba632e minor copyedit on site setting description 2020-06-17 14:13:52 -07:00
David Taylor
159fc41f40
FIX: Restore missing translation keys
These were accidentally removed/renamed in 5bfe1ee4
2020-06-17 14:24:22 +01:00
Joffrey JAFFEUX
9da3a7f436
FEATURE: allows published pages to be public (#10053) 2020-06-17 12:42:20 +02:00
Samuel Carvalho Santos
ce37561e10
UX: Improve revert label in post history modal (#10038) 2020-06-16 11:31:25 -04:00
Jeff Atwood
2bbb870b11 copyedit on push icon help text 2020-06-15 22:43:55 -07:00
Guo Xiang Tan
def4cd33ea
DEV: Disable Redis warnings. 2020-06-16 12:53:04 +08:00
Guo Xiang Tan
c611f3703c
DEV: Don't use logster when logging in Redis failover. 2020-06-16 11:53:52 +08:00
Guo Xiang Tan
b08a0d15c4
DEV: Fix undefined method due to rails_failover. 2020-06-16 11:03:57 +08:00
Guo Xiang Tan
092ae858af
DEV: Bump rails_failover.
Avoid configuring AR stuff if `replica_host` and `replica_port` hasn't
been provided.
2020-06-16 10:51:21 +08:00
Guo Xiang Tan
402b80f306
DEV: Make rails_failover compatible with SKIP_DB_AND_REDIS env. 2020-06-15 16:23:24 +08:00