Commit Graph

22019 Commits

Author SHA1 Message Date
Zdravko Curic
d0d5f0c912
DEV: Add Ember.PromiseProxyMixin to ember modules (#9312) 2020-03-30 11:37:14 -04:00
Joffrey JAFFEUX
2b78bd01ab
FIX: allows adapters to define a custom primaryKey (#9254) 2020-03-30 15:23:59 +02:00
Penar Musaraj
92e81d2ae5 UX: Fix composer position on iPads with a hardware keyboard
Adds padding to the composer when the keyboard accessory bar is shown (i.e. submit button no longer hides behind said bar)
2020-03-30 09:23:00 -04:00
Arpit Jalan
435fe8ac6e FIX: allow invite email field to be blank for invite tokens 2020-03-30 10:35:49 +05:30
Vinoth Kannan
7a32a99595 FIX: Quoting a nested quote should preserve original post info. 2020-03-28 22:24:43 +05:30
Penar Musaraj
a3d47f1aad UX: Better spacing for icons in select-kit labels
Followup to c14e3adac5
2020-03-27 16:06:40 -04:00
Michael Brown
9026c55fe4
FIX: custom SQL with a trailing comment might break BadgeGranter SQL (#9285)
For example given a custom badge with SQL:
```
SELECT 1
-- I am a comment
```

You end up with

```
FROM (SELECT 1
-- I am a comment) q
```

This fix adds newlines so you end up with the now-valid:

```
FROM (
  SELECT 1
-- I am a comment
) q
```
2020-03-27 14:16:14 -04:00
Arpit Jalan
702879cbda FIX: check for presence of name before normalizing 2020-03-27 23:01:48 +05:30
Joffrey JAFFEUX
38e347aee6
DEV: allows to decorate topic list item (#9294)
Co-authored-by: David Taylor <david@taylorhq.com>
2020-03-27 16:50:31 +01:00
Mark VanLandingham
c721bdb300
DEV: Add build_plugin_html to wizard head (#9293) 2020-03-27 10:02:48 -05:00
Joffrey JAFFEUX
eda8f319a2
FIX: keep date object (#9292) 2020-03-27 14:15:14 +01:00
Joffrey JAFFEUX
1b09a0cd17
UX: improves date-time-input on mobile (#9291) 2020-03-27 13:29:58 +01:00
David Taylor
e6e6d20912
Revert "DEV: Enable and fix link-href-attributes lint"
Introducing an href attribute on the upload button caused the page to reload when clicked

This reverts commit a17fa222af.
2020-03-27 11:43:00 +00:00
Kris
33350c31c0
UX: Align bulk select menu toggle relative to main wrapper when possible 2020-03-26 19:15:33 -04:00
Sam Saffron
bed3f7f69a
DEV: long poll for 20 extra minutes when user stops interacting
We have no way of detecting if a browser window is behind another window
or off screen on a virtual desktop.

In some cases we may want events to be delivered quicker to the browser.
Specifically a user may still have a window in view but is not interacting.

This gives users 20 minutes of extra "long polling time" prior to shifting
to short polling.
2020-03-27 10:14:13 +11:00
Vinoth Kannan
257f59f366 FEATURE: option to update child theme components via theme CLI.
423ce44112
2020-03-27 03:41:56 +05:30
Jarek Radosz
67b34600d5
DEV: Use type instead of method in ajax calls (#8974)
Even though `type` is an alias for `method`, we have custom logic in `/discourse/lib/ajax` that checks only `type`, and ~200 other ajax calls in the codebase already use `type` param.
2020-03-26 21:00:10 +01:00
Kane York
17211b940f DEV: Enable and fix the 'no-duplicate-attributes' lint 2020-03-26 12:31:34 -07:00
Kane York
07dc8d20c4 DEV: Enable and fix the 'require-iframe-title' lint 2020-03-26 12:31:34 -07:00
Kane York
a17fa222af DEV: Enable and fix link-href-attributes lint 2020-03-26 12:31:34 -07:00
Joffrey JAFFEUX
ef3d6d6580
FIX: groups filtering input was causing a full page reload (#9282) 2020-03-26 15:46:31 +01:00
Bianca Nenciu
7952cbb9a2
FIX: Perform crop using user-specified image sizes (#9224)
* FIX: Perform crop using user-specified image sizes

It used to resize the images to max width and height first and then
perform the crop operation. This is wrong because it ignored the user
specified image sizes from the Markdown.

* DEV: Use real images in test
2020-03-26 16:40:00 +02:00
Roman Rizzi
6bceb1d15a
FIX: Display small post actions when embedding a topic (#9278) 2020-03-26 09:07:41 -03:00
Sam Saffron
e62071830d
DEV: prefer Date.now() over new Date().getTime()
`New Date().getTime()` is both uglier and slower than `Date.now()`

`Date.now()` is available on all the browsers we support.
2020-03-26 17:36:53 +11:00
Sam Saffron
25f1f23288
FEATURE: Stricter rules for user presence
Previously we would consider a user "present" and "last seen" if the
browser window was visible.

This has many edge cases, you could be considered present and around for
days just by having a window open and no screensaver on.

Instead we now also check that you either clicked, transitioned around app
or scrolled the page in the last minute in combination with window
visibility

This will lead to more reliable notifications via email and reduce load of
message bus for cases where a user walks away from the terminal
2020-03-26 17:36:52 +11:00
Sam Saffron
ecbccab159
FEATURE: invite_code is case-insensitive
Previously we required exact casing for invite code, this can cause a lot
of confusion. Relax the requirement.
2020-03-26 13:44:02 +11:00
Kris
b2aa203e67
Add additional classes to topic-map stats 2020-03-25 21:40:51 -04:00
Martin Brennan
097851c135
FIX: Change secure media to encompass attachments as well (#9271)
If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”.

This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-26 07:16:02 +10:00
Robin Ward
a12c7fcb2f Revert "FIX: Allow JS transpilation"
This reverts commit 6d1263812f.
2020-03-25 16:13:01 -04:00
Robin Ward
6d1263812f FIX: Allow JS transpilation 2020-03-25 16:05:16 -04:00
Kane York
6a1fe9ff87
FIX: Use 1 column instead of 4 for permalink destination (#9260) 2020-03-25 11:30:39 -07:00
Vinoth Kannan
b09f79366e UX: disallow tag creation in "default tags" site setting choosers. 2020-03-25 23:37:46 +05:30
Joffrey JAFFEUX
6acbd1bedf
DEV: allows time-input to be clearable (#9277) 2020-03-25 19:05:11 +01:00
Vinoth Kannan
dbc323e12a Fix the typo. 2020-03-25 23:32:32 +05:30
Joffrey JAFFEUX
105cc5505c
FIX: ensures we have a date object in date-time-input (#9276) 2020-03-25 17:57:43 +01:00
Robin Ward
f2f8ede22c Last ES6 files in our app/assets/javascripts 2020-03-25 12:30:20 -04:00
romanrizzi
55b8620b43 FIX: TopicEmbed#absolutize_urls was trying to modify a frozen string 2020-03-25 12:57:54 -03:00
Dan Ungureanu
3ae26c6c59
FEATURE: List search menu shortcuts in instructions modal (#9273) 2020-03-25 17:11:33 +02:00
Joffrey JAFFEUX
7d7c5641b4
DEV: allows to use routeAction from components/widgets (#9267)
ATM this is only usable as a helper in templates.
2020-03-25 15:51:30 +01:00
David Taylor
d62d258fe5
Revert "FIX: word boundary regex (\b) not working in Unicode languages. (#9163)"
Lookbehind regex is not supported in Firefox or IE11

This reverts commit 572bb5988f.
2020-03-25 14:34:45 +00:00
Jordan Vidrine
9521a88984 UI: Fix 'lock' icon spacing in category dropdown 2020-03-25 08:59:00 -05:00
Vinoth Kannan
572bb5988f
FIX: word boundary regex (\b) not working in Unicode languages. (#9163) 2020-03-25 18:39:19 +05:30
Joffrey JAFFEUX
cff9d4726c
FIX: ensures search-menu is not briefly showing previous results (#9272) 2020-03-25 10:00:48 +01:00
Dan Ungureanu
70012f2027
FEATURE: Navigate through search results using J/K (#9264) 2020-03-25 15:45:35 +11:00
Jeff Wong
7282435e17 FEATURE: Unassign the review queue topic when a flag is handled 2020-03-24 14:57:44 -07:00
Joffrey JAFFEUX
2501c0cd0f
FIX: user-selector was not excluding currentUser (#9266)
concat doesn't mutate the variable so it has to be assigned.
2020-03-24 22:17:26 +01:00
Robin Ward
a11938d58d Rename more es6 files to js 2020-03-24 16:32:56 -04:00
Robin Ward
4876884fd1 More JS files 2020-03-24 16:18:56 -04:00
Robin Ward
0fd0a04019 This should be js 2020-03-24 16:13:30 -04:00
Robin Ward
4d190c93b6 Migrate ember-addons from ES6 -> JS 2020-03-24 16:11:56 -04:00
Jordan Vidrine
9659da1044
UI: Update margin select kit category name 2020-03-24 12:40:11 -05:00
David Taylor
c939001876
DEV: Bump theme compiler version for CSP change
We need to regenerate cached themes, so that the JS paths are updated to include the subfolder prefix

Followup to 8e98f39d9f
2020-03-24 15:52:14 +00:00
Joffrey JAFFEUX
58ced428ee
FIX: race conditions in search menu (#9262)
Race conditions could lead the previous query search term to be used in the next query. This commit also attempts to simplify code.
2020-03-24 15:16:42 +01:00
Bianca Nenciu
61c1af0124 SECURITY: Ensure user can see group and group members 2020-03-24 11:59:41 +02:00
Bianca Nenciu
d8640fd042
DEV: Move requested_group_id custom field from post to topic (#9127)
Follow-up-to accbbded15
2020-03-24 11:12:52 +02:00
Sam Saffron
46a9622246
FIX: prevent scheduled publishing to deleted category
We missed a dependency which left timers firing on missing categories.

Co-authored-by: tshenry
2020-03-24 16:59:42 +11:00
Martin Brennan
b8b29e79ad
FIX: Improve user timezone saving (#9230)
Based on issues identified in https://meta.discourse.org/t/improved-bookmarks-with-reminders/144542/20

* Implement the resolvedTimezone() function on the user model where we return the user's timezone if it has been set, or we guess it using moment and save it to the user using an update call if it has not yet been set. This covers the cases of users who do not log out/in often who will not get their timezone set via login. This also makes sure the guess + save is done in a non-obtrusive way not on every page -- only when it is needed.

* Before if a user's timezone was blank when they visited their profile page we were autofilling the dropdown with the guessed timezone from moment. However this was confusing as it would appear you have that timezone saved in the DB when you really didn't. Now we do not autofill the dropdown and added a button to automatically guess the current timezone to make everything more explicit.
2020-03-24 11:39:09 +10:00
Kane York
4b8acce92b FIX: Check for permalinks before showing the 404 page
Limitations: the user profile "open external links in new tab setting" is
slightly broken for "External URL" permalinks.

Remove the copy from the admin permalinks page stating that this doesn't work.
2020-03-23 16:31:07 -07:00
Vinoth Kannan
dc1836573d
UX: display avatar flair in categories route topic list items (#9197) 2020-03-24 01:13:25 +05:30
Robin Ward
27641f21e4 Migrate discourse-common from es6 -> js 2020-03-23 15:05:58 -04:00
Robin Ward
7f3bb06ac7 FIX: Wizard tests were missing 2020-03-23 14:25:25 -04:00
Robin Ward
1ac0242201 Convert wizard es6 files to js 2020-03-23 14:15:16 -04:00
Kris
39dde33cbb UX: Larger tap areas for profile panel in user menu on mobile devices 2020-03-23 13:25:33 -04:00
Joffrey JAFFEUX
48c1de4836
DEV: adds afterCreate/beforeUpdate hooks to rest models (#9253)
We already have beforeCreate and afterUpdate and it seems these hooks can be useful and it's also unexpected to not have parity on this.
2020-03-23 16:58:40 +01:00
Arpit Jalan
e58f0adfcc FIX: respect prioritize_username_in_ux setting on /about page 2020-03-23 20:28:01 +05:30
Dan Ungureanu
5715f0ad01
UX: Hotkey K can select partial posts
When no post is selected, K selects first partial post and J selects
first full post.
2020-03-23 14:05:29 +02:00
David Taylor
5db41cd578
SECURITY: Respect topic permissions when loading bookmark metadata
Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:48 +00:00
David Taylor
5ff505cea6
SECURITY: Respect topic permissions when loading draft metadata
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:40 +00:00
Joffrey JAFFEUX
3f9b922d20
FIX: middle click was reading every notifications (#9252) 2020-03-23 13:28:16 +02:00
Roman Rizzi
c4bc734b11
FIX: Backfill topic timer duration (#9249) 2020-03-23 09:38:18 +05:30
Jeff Wong
3189dab622 FIX: correctly remove authentication_data cookie on oauth login flow
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-21 14:34:25 -07:00
Blake Erickson
c97244ca11 FIX: post edited webhook does not reflect updated topic title
This fix ensures that when a topic title is edited the new title shows
up in the post webhook instead of the old title.

Rather than passing in the old topic object to the PostRevisor the
PostRevisor initializer will load the updated topic object inside of the
initializer if you don't pass it in. This will allow the post_edited
webhook to have the correct topic values.

Original bug reported at:

https://meta.discourse.org/t/post-edited-webhook-does-not-reflect-updated-topic-title/144722
2020-03-21 07:43:11 -06:00
David Taylor
3215f2b6ee
FIX: Permalinks should redirect to category URL including the ID
This is a temporary fix. Urls for third-level categories should function without the id. Once that is fixed, this change can be reverted
2020-03-20 22:06:20 +00:00
Jeff Wong
4ecc0a25ae Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)"
This reverts commit beaeb0c4b2.
2020-03-20 14:37:55 -07:00
Jeff Wong
beaeb0c4b2
FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)
Attempt 2, with more test.

Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

Setting the cookie for the correct path, and not having it on root
Correctly removing the cookie on first login
2020-03-20 14:03:38 -07:00
Robin Ward
0d3386d255 Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238)"
This reverts commit a1f9b1a7fc.

This might have caused a problem with social logins. We are confirming
via this revert and will follow up.
2020-03-20 15:25:10 -04:00
Robin Ward
07813c4a91
Convert select-kit from es6 to js (#9246)
* Convert select-kit from es6 to js

* Hide more git blames
2020-03-20 12:40:32 -04:00
Kris
69df19a663 UX: Disable highlight animation on deleted posts 2020-03-20 12:15:58 -04:00
romanrizzi
cfec10a568 FIX: Moderators should be able to review flagged PMs since this has always been like this 2020-03-20 12:28:36 -03:00
Robin Ward
c150566506
Migrate pretty-text to .js extensions (#9243) 2020-03-20 09:55:42 -04:00
Daniel Waterworth
1b24a7b993 FIX: Include entire slug path in permalinks
This is a temporary fix since these URLs should contain the id as well.
2020-03-20 10:43:13 +00:00
Vinoth Kannan
f3ddc36ac6 FIX: update email_digests user option when default_email_digest_frequency updated. 2020-03-20 00:55:47 +05:30
Roman Rizzi
080960a15e
FIX: Show the envelope icon when the flagged post is a PM. Flagged PM must be exclusively reviewed by admins (#9232) 2020-03-19 15:12:42 -03:00
Rafael dos Santos Silva
226d81fcc5 FIX: Fix a PostgreSQL error when a draft was concurrently created
Moves the new draft creation concurrency handling to PostgreSQL
so the database doesn't error out when the draft is being created
by multiple backends.

Also removes `retry_not_unique` parameter from Draft#set` which is
not called anywhere.

Also fixes a draft update not bumping the `updated_at` column.
2020-03-19 13:31:11 -03:00
Vinoth Kannan
f6d6f1701f FIX: use the new duration attribute in set_or_create_timer method.
New `duration` attribute is introduced for the `set_or_create_timer` method in the commit aad12822b7 for "based on last post" and "auto delete replies" topic timers.
2020-03-19 21:45:05 +05:30
David Taylor
22d5ba0f77
DEV: Load plugin stylesheets before theme stylesheets (#9240)
This is a more logical order, since themes are more lightweight than plugins, and are often used to augment plugin styles
2020-03-19 16:02:12 +00:00
Jeff Wong
a1f9b1a7fc
FIX: correctly remove authentication_data cookie on oauth login flow (#9238)
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:
* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-19 09:00:46 -07:00
Vinoth Kannan
aad12822b7
FEATURE: automatically delete replies on a topic after N days. (#9209) 2020-03-19 21:06:31 +05:30
Martin Brennan
8769ca08bb SECURITY: Prevent access to other user's bookmark lists 2020-03-19 10:59:32 +10:00
Rafael dos Santos Silva
8ae472bc41 FEATURE: Google Calendar doesn't support URL in iCalendar, add fallback description 2020-03-18 17:51:16 -03:00
Rafael dos Santos Silva
d6838608ff FEATURE: iCalendar feed for Bookmark reminders 2020-03-18 17:51:16 -03:00
Blake Erickson
1c7680c568 FIX: Use id instead of elementId in hbs file
I think this issue is caused by a current regression in ember

https://github.com/emberjs/ember.js/issues/18147

but using `id` works just fine in templates. This also appears to be the
only template file we are using `elementId` directly in the template.
2020-03-18 13:44:35 -06:00
Martin Brennan
9b4b690bba FIX: Prevent mobile bookmark modal cutoff 2020-03-18 15:54:50 +10:00
Kane York
ccc9b64a99 FIX: theme-javascripts using incorrect subfolder setting 2020-03-17 19:09:06 -07:00
Martin Brennan
e2ce12d414
FIX: Broken computing of userHasTimezone in bookmark modal and missing tap-tile templates for regular users (#9229)
Based on reports here https://meta.discourse.org/t/improved-bookmarks-with-reminders/144542

* Because the `userHasTimezone` property was computed and we were checking on an (essentially) global object, ember was not aware that the user timezone had changed because it changed in a different place. instead set the timezone as internal state for the modal on show and base the computed property off of that so it mutates correctly
* The tap-tile components were in the admin folder completely unnecessarily, move them out into the main discourse folder otherwise noone else can use the new bookmarks (icon + text is missing)
2020-03-18 11:12:23 +10:00
Vinoth Kannan
48d690ae01 FIX: Remote themes Github link should go to custom branch #9184 2020-03-18 03:57:54 +05:30
Justin DiRose
9101227266
FEATURE: Demote muted categories on category list (#9226) 2020-03-17 15:33:15 -05:00
David Taylor
92e9fa70c7
DEV: Add class to backup restore buttons, for easier targeting 2020-03-17 18:46:17 +00:00
Jeff Wong
8e6be1c353 FIX: consistency to show mute/ignore menu in user profile
Show the mute/ignore menu for another user even when the current user
cannot message them.
2020-03-17 11:22:34 -07:00
Blake Erickson
919e405c48
FIX: Don't display webhooks for inactive plugins (#9206)
* FIX: Don't display webhooks for inactive plugins

This commit ensures that we don't show webhooks for plugins that are not
installed or that are disabled.

Bug report:

https://meta.discourse.org/t/webhookeventtype-and-the-solved-and-assign-plugins/144180

* rename to just 'active', it's cleaner
2020-03-17 10:39:24 -06:00
Jarek Radosz
e950471c0f
DEV: Replace User.unstage and User#unstage API with User#unstage! (#8906)
* DEV: Replace User.unstage and User#unstage API with User#unstage!

Quoting @SamSaffron:

> User.unstage mixes concerns of both unstaging users and updating params which is fragile/surprising.
> u.unstage destroys notifications and raises a user_unstaged event prior to the user becoming unstaged and the user object being saved.

User#unstage! no longer updates user attributes and saves the object before triggering the `user_unstaged` event.

* Update one more spec

* Assign attributes after unstaging
2020-03-17 16:48:24 +01:00
Bianca Nenciu
43b38dbbc2
FIX: Dismiss notifications on middle click (#9098) 2020-03-17 17:48:12 +02:00
David Taylor
e72c0544b0
UX: Refresh group membership list when removing users or changing owners 2020-03-17 11:06:17 +00:00
Martin Brennan
949bb74add FIX: Add basePath to link for "no timezone" in bookmark modal 2020-03-17 16:53:12 +10:00
Martin Brennan
16799da580
FIX: Improve bookmark modal on mobile and bookmark sync rake task (#9221)
* Improve the bookmark mobile on modal so it doesn't go all the way to the edge and the custom datetime input is easier to use
* Improve the rake task for syncing so it does not error for topics that no longer exist and batches 2000 inserts at a time, clearing the array each time
2020-03-17 15:15:22 +10:00
Roman Rizzi
4663304775
FEATURE: Show rejected posts count in user summary (#9204) 2020-03-16 09:52:08 -03:00
Roman Rizzi
c02273eb8b
FIX: Use delete_all_posts_max to improve consistency when using the delete button from the admin view (#9194) 2020-03-16 09:51:28 -03:00
Faizaan Gagan
ef40b46611
DEV: fix "addNavigationBarItem" documentation (#9207)
* the filter should return the boolean result
* custom href should return the relative url value
2020-03-16 13:12:04 +01:00
Arpit Jalan
f861345888 FIX: check for existence of post before creating notification 2020-03-16 14:11:36 +05:30
Martin Brennan
4cce564b35
FIX: Bookmark reminders and improvements changes (#9213)
* Cosmetic fixes for the bookmark modal
* Do not show "later today" when the later time will be > 5pm
* When a custom reminder time is selected, store it in localStorage. The next time the modal is opened, if the last datetime is > now, then a new tile with "Last" will be shown that lets the user reselect that same time.
* Also add an explicit "No Reminder" option that is selected by default
2020-03-16 16:05:44 +10:00
Martin Brennan
a6e9057609
FIX: Ensure show_short URLs handle secure uploads using multisite (#9212)
Meta report: https://meta.discourse.org/t/short-url-secure-uploads-s3/144224
* if the show_short route is hit for an upload that is
  secure, we redirect to the secure presigned URL. however
  this was not taking into account multisite so the db name
  was left off the path which broke the presigned URL
* we now use the correct url_for method if we know the
  upload (like in the show_short case) which takes into
  account multisite
2020-03-16 11:54:14 +10:00
Daniel Waterworth
d4595fbf29 FIX: Fix html response in development after ApplicationController reload
In development, if the ApplicationController is reloaded, then, previous
to this commit we were emitting an instance of the previous RenderEmpty
class, but rescuing from the reloaded instance.

Looking up RenderEmpty by its fully qualified name fixes this.
2020-03-15 21:00:42 +00:00
Penar Musaraj
39a7b93c4a UX: Remove "Live Notifications" user profile section on iOS 2020-03-15 11:09:57 -04:00
Sam Saffron
a1d660d951
FEATURE: optional global invite_code for account registration
On some sites when bootstrapping communities it is helpful to bootstrap
with a "light weight" invite code.

Use the site setting `invite_code` to set a global invite code.

In this case the administrator can share the code with
a community which is very easy to remember and then anyone who has
that code can easily register accounts.

People without the invite code are not allowed account registration.

Global invite codes are less secure than indevidual codes, in that they
tend to leak in the community however in some cases when starting a brand
new community the security guarantees of invites are not needed.
2020-03-15 21:17:28 +11:00
Roman Rizzi
27bc4f51c7
FIX: Ignore suspect users that were migrated or users who were created more than six months ago (#9205) 2020-03-14 08:47:53 -03:00
Robin Ward
e40e06d78c Rename .js.es6 to .js in the admin application 2020-03-13 17:03:08 -04:00
Joffrey JAFFEUX
ac48c4e562
UX: uses mod+p instead of ctrl+p and command+p for printTopic (#9202)
Mousetrap 1.4 introduced a generic mod helper which lets you set cross platform shortcuts.

Mousetrap.bind('mod+p',  _print);
On Mac this ends up mapping to command+p whereas on Windows and Linux it maps to ctrl+p.

This differs from defining ctrl+p and command+p because both ctrl+p and command+p will trigger print on Mac whereas with the mod helper only command+p will.
2020-03-13 20:58:34 +01:00
Neil Lalonde
7c27f9bba9
FIX: remove parent tag from tag group
Having a tag be a member of a tag group and the group's parent tag at
the same time causes some unexpected behavior. When a tag is assigned
as the parent, remove it from the group.
2020-03-13 12:25:58 -04:00
David Taylor
3d71b68195
DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
Penar Musaraj
c14e3adac5 UX: Better spacing for icon in select-kit label 2020-03-13 09:36:04 -04:00
Joffrey JAFFEUX
b727e39a42
DEV: gives sk components a way to trigger a search manually (#9199) 2020-03-13 12:41:08 +01:00
Martin Brennan
ac8d8e3b62
FEATURE: Add enable_bookmark_at_desktop_reminders site setting (#9198)
Add enable_bookmark_at_desktop_reminders site setting default to false a new hidden site setting to hide the "At Desktop" reminder option so we can restrict this further until it is polished.
2020-03-13 16:29:09 +10:00
Martin Brennan
dc02586d99 Fix error on create bookmark for topic 2020-03-13 13:33:57 +10:00
Martin Brennan
af92444948
FIX: Make sure bookmark serializer works with deleted topics + posts (#9195) 2020-03-13 10:44:39 +10:00
Martin Brennan
2237ba8c9d
FIX: Add topic deleted check to email/sender (#9166)
It already had a deleted post check and log reason, add a topic one too to avoid errors
2020-03-13 10:04:15 +10:00
Robin Ward
3339b91079 Run prettier on a couple of files 2020-03-12 14:07:38 -04:00
Robin Ward
032205e202 Rename many .js.es6 files to .js 2020-03-12 13:29:55 -04:00
David Taylor
ec2d49d48a
DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
Joffrey JAFFEUX
6102c287f7
FIX: prevents i18n helper to return a SafeString (#9191)
For convenience the i18n helper has been made returning a SafeString, but when used with other helpers, a String is expected and will cause unexpected behaviors.

This is the root cause of the initial bug fixed in d2bb127e2c

This commit is kept as it's a better security in case of unexpected behavior.
2020-03-12 16:50:20 +01:00
Stasiek Michalski
1b8793e7a4
FEATURE: Add support for custom gravatar-like services (#9137)
Adds 3 config values that allow to set a custom provider of Gravatar-like API accessible from gravatar_base_url. The gravatar_name is purely cosmetic, but helps with associating name with the service that actually provides the avatars. gravatar_login_url is a link relative to gravatar_base_url, which provides the user with the login to the Gravatar service
2020-03-12 11:23:55 -04:00
Mark VanLandingham
8d90134d0b
FIX: Enter submits form for hyperlink insert modal (#9190) 2020-03-12 09:36:45 -05:00
Joffrey JAFFEUX
d2bb127e2c
FIX: prevents crash when to be unescaped emoji is not a string (#9189)
I couldn't get a repro so this is a shot in the dark and doesn't solve the root issue, but should prevent topic view from crashing.
2020-03-12 13:59:43 +01:00
Joffrey JAFFEUX
8290856a4b
FIX: differentiates flag-modal and flag-modal-body (#9187)
This was causing body styles to be applied on the whole modal.
2020-03-12 13:17:52 +01:00
Bianca Nenciu
b7fb6d0d06
FIX: Show topic progress on iPad when portrait-oriented (#9181) 2020-03-12 13:46:12 +02:00
Arpit Jalan
799613c859 fix the build. 2020-03-12 13:15:32 +05:30
Arpit Jalan
8e36816bde UX: respect prioritize_username_in_ux setting for user avatar title 2020-03-12 12:51:03 +05:30
Joffrey JAFFEUX
11921c4868
DEV: enforces ember-template-lint: no-html-comments (#9183)
https://github.com/ember-template-lint/ember-template-lint/blob/master/docs/rule/no-html-comments.md
2020-03-12 07:51:05 +01:00
Martin Brennan
03c012bd97 Unscope post + topic relation for bookmark
* we want to be able to get these records for the bookmark
  even if they are trashed, for serialization for the bookmark
  list
2020-03-12 16:00:45 +10:00
Martin Brennan
e1eb5fb9b3
FEATURE: MVP Bookmarks with reminders user list changes (#8999)
* This PR changes the user activity bookmarks stream to show a new list of bookmarks based on the Bookmark record.
* If a bookmark has a name or reminder it will be shown as metadata above the topic title in the list
* The categories, tags, topic status, and assigned show for each bookmarked post based on the post topic
* Bookmarks can be deleted from the [...] menu in the list
* As well as this, the list of bookmarks from the quick access panel is now drawn from the Bookmarks table for a user:
* All of this new functionality is gated behind the enable_bookmarks_with_reminders site setting
The /bookmarks/ route now redirects directly to /user/:username/activity/bookmarks-with-reminders
* The structure of the Ember for the list of bookmarks is not ideal, this is an MVP PR so we can start testing this functionality internally. There is a little repeated code from topic.js.es6. There is an ongoing effort to start standardizing these lists that will be addressed in future PRs.
* This PR also fixes issues with feature detection for at_desktop bookmark reminders
2020-03-12 15:20:56 +10:00
Martin Brennan
849631188f
FEATURE: Allow custom date + time for bookmark reminders (#9185)
A custom date and time can now be selected for a bookmark reminder

The reminder will not happen at the exact time but rather at the next 5 minute interval of the bookmark reminder schedule.

This PR also fixes issues with bulk deleting topic bookmarks.
2020-03-12 10:52:15 +10:00
Martin Brennan
793f39139a
FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071)
* This PR implements the scheduling and notification system for bookmark reminders. Every 5 minutes a schedule runs to check any reminders that need to be sent before now, limited to **300** reminders at a time. Any leftover reminders will be sent in the next run. This is to avoid having to deal with fickle sidekiq and reminders in the far-flung future, which would necessitate having a background job anyway to clean up any missing `enqueue_at` reminders.

* If a reminder is sent its `reminder_at` time is cleared and the `reminder_last_sent_at` time is filled in. Notifications are only user-level notifications for now.

* All JavaScript and frontend code related to displaying the bookmark reminder notification is contained here. The reminder functionality is now re-enabled in the bookmark modal as well.

* This PR also implements the "Remind me next time I am at my desktop" bookmark reminder functionality. When the user is on a mobile device they are able to select this option. When they choose this option we set a key in Redis saying they have a pending at desktop reminder. The next time they change devices we check if the new device is desktop, and if it is we send reminders using a DistributedMutex. There is also a job to ensure consistency of these reminders in Redis (in case Redis drops the ball) and the at desktop reminders expire after 20 days.

* Also in this PR is a fix to delete all Bookmarks for a user via `UserDestroyer`
2020-03-12 10:16:00 +10:00
Roman Rizzi
b9aaa9718d
FIX: When must_approve_users is enabled, we don't want to send suspect users to the review queue. Only non-approved users should be sent. Provide a migration to auto-approve every problematic review item (#9179) 2020-03-11 17:05:44 -03:00
Mark VanLandingham
40f1201b39
DEV: Support adding keybindings via plugins (#9177) 2020-03-11 11:13:31 -05:00
Rafael dos Santos Silva
3f9b310beb
FIX: Typo on draft save 2020-03-11 12:12:28 -03:00
Rafael dos Santos Silva
12af95d0dc FIX: ContactPicker was not setting invite input on topics 2020-03-11 11:49:00 -03:00
Joffrey JAFFEUX
d3b53fb551
REFACTOR: removes legacy bootstrap css class (#9174) 2020-03-11 15:31:29 +01:00
Joffrey JAFFEUX
1fca745beb
DEV: applies default modal class to a modal when shown (#9175) 2020-03-11 15:31:08 +01:00
Joffrey JAFFEUX
4a0f36e46c
FIX: featured_topic.fancy_title was rendered without emojis (#9176) 2020-03-11 15:30:47 +01:00
Joffrey JAFFEUX
61a2c3650d
DEV: enforces ember-template-lint: no-partial (#9173)
selected-posts parial is kept and calling the new component to prevent errors with users who would have rewritten topic.hbs

dashboard-problems and version-checks seem less risky and have only been converted to components
2020-03-11 15:30:14 +01:00
Joffrey JAFFEUX
4e0b2ae294
DEV: defines a constant for INPUT_DELAY (#9169) 2020-03-11 15:28:16 +01:00
Robin Ward
a3f0543f99
Support for transpiling .js files (#9160)
* Remove some `.es6` from comments where it does not matter

* Use a post processor for transpilation

This will allow us to eventually use the directory structure to
transpile rather than the extension.

* FIX: Some errors and clean up in confirm-new-email

It would throw an error if the webauthn element wasn't present.
Also I changed things so that no-module is not explicitly
referenced.

* Remove `no-module`

Instead we allow a magic comment: `// discourse-skip-module` to prevent
the asset pipeline from creating a module.

* DEV: Enable babel transpilation based on directory

If it's in `app/assets/javascripts/dicourse` it will be transpiled
even without the `.es6` extension.

* REFACTOR: Remove Tilt/ES6ModuleTranspiler
2020-03-11 09:43:55 -04:00
David Taylor
d1474e94a1
FEATURE: Allow themes to specify modifiers in their about.json file (#9097)
There are three modifiers:
- serialize_topic_excerpts (boolean)
- csp_extensions (array of strings)
- svg_icons (array of strings)

When multiple themes are active, the values will be combined. The combination method varies based on the setting. CSP/SVG arrays will be combined. serialize_topic_excerpts will use `Enumerable#any`.
2020-03-11 13:30:45 +00:00
Dan Ungureanu
0754c7c404
FIX: Various fixes to support posts with no user (#8877)
* Do not grant badges for posts with no user
* Ensure instructions are correct in Change Owner modal
* Hide user-dependent actions from posts with no user
* Make PostRevisor work with posts with no user
* Ensure posts with no user can be deleted
* discourse-narrative-bot should ignore posts with no user
* Skip TopicLink creation for posts with no user
2020-03-11 14:03:20 +02:00
Joffrey JAFFEUX
683cb28099
DEV: enforces ember-template-lint: no-triple-curlies (#9165)
This pr replaces `{{{ }}}` usage by a {{html-safe}} helper. While it doesn't solve the underlying issue, it gives us a path forward without risking breaking too much existing behavior.

Also introduces an htmlSafe computed macro:

```
import { htmlSafe } from "discourse/lib/computed";

htmlDescription: htmlSafe("description")
```

Overtime {{html-safe}} usage should be removed and moved to components properties or specialized components/helpers.
2020-03-11 09:23:10 +01:00
Joffrey JAFFEUX
e848d98782
FIX: ensures category exists for hideParent in categoryBadgeHTML (#9161) 2020-03-11 00:58:46 +01:00
Blake Erickson
6fb4c333b0
FIX: Throw error when removing a user from group fails (#9162)
This commit ensures that an error is thrown when a user fails to be
removed from a group instead of silently failing.

This means when using the api you will receive a 400 instead of a 200 if
there is a failure. The remove group endpoint allows the removal of
multiple users, this change means that if you try to delete 10 users,
but 1 of them fails you will receive a 400 instead of 200 even though
the other 9 were removed successfully. Rather than adding a bunch more
complexity I think this is more than adequate for most use cases.
2020-03-10 15:25:00 -06:00
romanrizzi
f795c1b8e8 Revert "DEV: enforces ember-template-lint: no-triple-curlies (#9150)"
This reverts commit d436b600fb.

Triple curlies are still necessary for some raw templates.
2020-03-10 15:00:12 -03:00
Joffrey JAFFEUX
3f2c0b42fe
FIX: throttles topic tracking shortcut and enforces topic id (#9159) 2020-03-10 17:17:54 +01:00
Joffrey JAFFEUX
d436b600fb
DEV: enforces ember-template-lint: no-triple-curlies (#9150)
This pr replaces `{{{ }}}` usage by a {{html-safe}} helper. While it doesn't solve the underlying issue, it gives us a path forward without risking breaking too much existing behavior.

Also introduces an htmlSafe computed macro:

```
import { htmlSafe } from "discourse/lib/computed";

htmlDescription: htmlSafe("description")
```

Overtime {{html-safe}} usage should be removed and moved to components properties or specialized components/helpers.
2020-03-10 16:46:57 +01:00
Penar Musaraj
68328d2d64
DEV: Replace save-button partial with a component (#9066) 2020-03-10 09:37:54 -04:00
Penar Musaraj
e69b6379ad
FEATURE: Broader support for post uploads in video markup (#9152)
Ensures URLs in the following HTML attributes are included in post uploads:
- video poster
- source src
- track src
2020-03-10 09:01:40 -04:00
Roman Rizzi
826b4793c0
FEATURE: Approve suspect users is now true by default. The suspect users list was removed (#9151) 2020-03-10 08:56:42 -03:00
Joffrey JAFFEUX
020c1b9cf3
FIX: correctly checks if component is in modal (#9157) 2020-03-10 12:22:56 +01:00
Joffrey JAFFEUX
78a6b76310
FIX: ensures pinned-options header is showing correct state (#9156) 2020-03-10 09:56:55 +01:00
Martin Brennan
e3bbcb27d0
FIX: Set current user timezone when saving profile timezone (#9155)
If you are changing your own profile timezone, then on save we set the current user timezone, in case this property needs to be accessed again before the user is reloaded.
2020-03-10 16:57:14 +10:00
Kane York
055cb55872 DEV: shutdown_ok parameter to /srv/status
This allows probers to distinguish between liveness and readiness conditions
2020-03-09 14:06:13 -07:00
Robin Ward
ec21a15fa7 FIX: Incorrect message when logging in via email
If `hide email address taken` was true, it would always display a
success message, rather than the non-comittal "maybe we emailed that
user" response.
2020-03-09 12:54:33 -04:00
Mark VanLandingham
3ad5cb0cbc
FIX: Error message for 403 when featuring topic on profile (#9149) 2020-03-09 11:41:07 -05:00
Jarek Radosz
5037b80c9c
Merge imports from the same module (#9144) 2020-03-09 17:38:37 +01:00
Jarek Radosz
85e03a7f68
DEV: Replace Time.new with Time.now (#9142)
(or `Time.zone.now`)
2020-03-09 17:37:49 +01:00
Jarek Radosz
fff0e0980d
FEATURE: Improve keyboard shortcuts help modal (#9143) 2020-03-09 17:37:32 +01:00
David Taylor
ae3220fb88
FIX: Use bio_excerpt when checking for presence (#9148)
When `enable_new_user_card_route` is enabled, only `bio_excerpt` is serialized for user cards. `bio_cooked` is only loaded on the main user route.
2020-03-09 15:20:00 +00:00
Joffrey JAFFEUX
f1bb1db354
DEV: enforces ember-template-lint: no-unbound (#9147)
From ember-template-lint documentation (https://github.com/ember-template-lint/ember-template-lint/blob/master/docs/rule/no-unbound.md):

```
{{unbound}} is a legacy hold over from the days in which Ember's template engine was less performant. Its use today is vestigial, and it no longer offers performance benefits.

It is also a poor practice to use it for rendering only the initial value of a property that may later change.
```

Co-Authored-By: Jarek Radosz <jradosz@gmail.com>
2020-03-09 15:28:31 +01:00
Joffrey JAFFEUX
345ac6cb67
FIX: removes legacy refreshQueryWithoutTransition (#9145)
This was causing the history state from period query params to get messedup when going back.
2020-03-09 15:05:54 +01:00
Joffrey JAFFEUX
4f37233208
DEV: enforces ember-template-lint: simple-unless (#9146) 2020-03-09 13:44:34 +01:00
Gerhard Schlager
edc8d58ac3 FEATURE: Add site setting to disable staged user cleanup
... and disabled the cleanup during imports, otherwise a running Sidekiq might delete users before posts are created
2020-03-09 10:26:41 +01:00
Joffrey JAFFEUX
60b47d622e
UX: adds support for a color setting type (#9016) 2020-03-09 10:07:03 +01:00
Joffrey JAFFEUX
8612bfb152
DEV: enforces ember-template-lint: no-unused-block-params (#9138) 2020-03-09 10:03:46 +01:00
Joffrey JAFFEUX
b850953294
FIX: ensure category and tags can be changed from reviewable (#9139) 2020-03-09 10:01:50 +01:00
Martin Brennan
baea65e4bc
FIX: Embarassing algoriths typo -> algorithms for security keys (#9126) 2020-03-09 09:22:08 +10:00
Bianca Nenciu
20cfa7b810
FIX: Check if auth token exists before revocation (#9095) 2020-03-07 15:04:12 +02:00
Bianca Nenciu
f14dd1f82d
FIX: Prevent race condition when post processing post (#8819)
If a post is being cooked twice (for example after an edit), there is a
chance the 'raw' and 'cooked' column to be inconsistent. This reduces
the chances of that happening.
2020-03-07 14:36:54 +02:00
Joffrey JAFFEUX
e9b6b0194c
DEV: enforce ember-template-lint: no-unnecessary-concat (#9133) 2020-03-07 12:58:48 +01:00
Jarek Radosz
48ba65f406
DEV: Clean up Ember imports (#8979)
Includes:
* Import `computed` helpers
* Import `@ember/application`
* Import `isBlank` from `@ember/utils`
* Import `A` from `@ember/array`
* Import `EmberArray` from `@ember/array`
* Import `ArrayProxy` from `@ember/array/proxy`
* Import `warn` from `@ember/debug`
* Import `EmberObject` from `@ember/object`
* Import `Application` from `@ember/application`
* Import `EmberRouter` from `@ember/routing/router`
* Import `isPresent` from `@ember/utils`
* Import `computed` from `@ember/object`
* Import `guidFor` from `@ember/object`
* Import `isArray` from `@ember/array`
* Import `TextField` from `@ember/component`
* Import `TextArea` from `@ember/component`
* Import `Promise` from `rsvp`
* Import `Evented` from `@ember/object/evented`
* Replace deprecated `ember-addons/ember-computed-decorators` imports
2020-03-06 23:49:28 +01:00
Kane York
26da99a2d2 FIX: Tolerate quotes with no username and no title 2020-03-06 14:05:46 -08:00
Kris
4c3bd50c13 FIX: Prevent avatar flair image from repeating on user/group cards 2020-03-06 16:42:32 -05:00
Joffrey JAFFEUX
bb5990781e
FIX: allows to define placement strategy of select-kit body (#9109) 2020-03-06 20:27:33 +01:00
Joffrey JAFFEUX
29c9d8a133
FIX: uses only global allow_uncategorized_topics for category drop (#9130) 2020-03-06 20:11:21 +01:00
Kane York
f2b95c1918 FIX: Allow quoting from a closed topic while writing a reply
composer.(controller).visible is true as long as state is not 'closed'.
2020-03-06 10:53:01 -08:00
Jeff Wong
86690155b3
FEATURE: prevent accidental canceling when drafting penalties (#9129)
Pop up a confirmation box when there is input. This prevents accidental closing
of the dialog boxes due to clicking outside.

This adds a development hook on modals in the form of a `beforeClose`
function. Modal windows can abort the close if the funtion returns false.

Additionally fixing a few issues with loop and state on the modal popups:

Escape key with bootbox is keyup.
Updating modal to close on keyup as well so escape key is working.
Fixes an issue where pressing esc will loop immediately back to the modal by:
keydown -> bootbox -> keyup -> acts as "cancel", restores modal

Needs a next call to reopenModal otherwise, keyup is handled again by the modal.
Fixes an issue where pressing esc will loop immediately back to the confirm:
esc keyup will be handled and bubble immediately back to the modal.

Additionally, only handle key events when the #discourse-modal is visible.
This resolves issues where escape or enter events were being handled by
a hidden modal window.
2020-03-06 09:36:56 -08:00
Blake Erickson
43b54c631d
DEV: Reserve webhook event types to be used in plugins (#9110)
* DEV: Reserve webhook event types to be used in plugins

Based on feedback on the following PR's:

https://github.com/discourse/discourse-solved/pull/85

https://github.com/discourse/discourse-assign/pull/61

This commit reserves ID's to be used for webhook event types to ensure
that some other webhook or plugin doesn't end up using the same ID.

* Fix broken test

I don't think this test has to test ALL event types to verify that this
feature is working. Now that we added some event types that plugins are
using this test was failing for missing fabricators that exist in the
respective plugins.

* remove loop and just test first record
2020-03-06 10:16:19 -07:00
Jarek Radosz
ef6b7bd776
DEV: Use aliased inject imports (#9086)
This is a common Ember idiom for easier differentiation between controller and service imports.
2020-03-06 11:41:41 -05:00
Joffrey JAFFEUX
a24f51278a
DEV: enforces link-rel-noopener linting rule (#8936)
* DEV: enforces link-rel-noopener linting rule

* oops

* better syntax
2020-03-06 11:35:18 -05:00
David Taylor
ff62911a89
FEATURE: New route for loading multiple user cards simultaneously (#9078)
Introduces `/user-cards.json`

Also allows the client-side user model to be passed an existing promise when loading, so that multiple models can share the same AJAX request
2020-03-06 12:23:22 +00:00
Martin Brennan
29ccdf5d35
FIX: Show a nicer error if name/code missing for TOTP/Security Keys (#9124)
Meta: https://meta.discourse.org/t/improve-error-message-when-not-including-name-setting-up-totp/143339

* when the user creates a TOTP second factor method we want
to show them a nicer error if they forget to add a name
or the code from the app, instead of the param missing error
* also add a client-side check for this and for security key name,
no need to bother the server if we can help it
2020-03-06 14:37:40 +10:00
Jeff Wong
6fe91bbbbb
Revert "FEATURE: prevent accidental canceling when drafting penalties (#9105)" (#9122)
This reverts commit 243284f998.

There are some issues in how the JS tests interact that I will need to figure out here before this can be merged.
2020-03-05 17:29:51 -08:00
Jeff Wong
243284f998
FEATURE: prevent accidental canceling when drafting penalties (#9105)
Pop up a confirmation box when there is input. This prevents accidental closing
of the dialog boxes due to clicking outside.

This adds a development hook on modals in the form of a `beforeClose`
function. Modal windows can abort the close if the funtion returns false.

Additionally fixing a few issues with loop and state on the modal popups:

Escape key with bootbox is keyup.
Updating modal to close on keyup as well so escape key is working.
Fixes an issue where pressing esc will loop immediately back to the modal by:
keydown -> bootbox -> keyup -> acts as "cancel", restores modal

Needs a next call to reopenModal otherwise, keyup is handled again by the modal.
Fixes an issue where pressing esc will loop immediately back to the confirm:
esc keyup will be handled and bubble immediately back to the modal.

Additionally, only handle key events when the #discourse-modal is visible.
This resolves issues where escape or enter events were being handled by
a hidden modal window.
2020-03-05 15:55:35 -08:00
Rafael dos Santos Silva
54f67661ac FEATURE: Option to connect to Redis using SSL 2020-03-05 20:49:05 -03:00
Kane York
d1cceff0e7 DEV: fix formatting 2020-03-05 12:59:16 -08:00
Kane York
670b855f94 FEATURE: Treat /go/ as a server-side route
Ninja superuser implementation of routable permalinks with no UI or
permission changes yet.
2020-03-05 12:24:56 -08:00
Kane York
10ddb8a9c4 FIX: Use destroy_all instead of delete_all for shared drafts
Rails has an odd behavior for calling .delete_all on a has_many relation - the
default behavior is to nullify the foreign key fields instead of actually
'DELETE'ing the records.

Additionally, publishing a shared draft topic creates a PostRevision that the
NotifyPostRevision job picks up which is then promptly deleted.

Use destroy_all when cleaning up the revisions and have the NotifyPostRevision
job tolerate deleted PostRevision records.

This takes a small performance hit (several SQL DELETEs instead of just one)
but shouldn't be too much of an issue (high cardinalities range from 30-100).
2020-03-05 11:13:43 -08:00
Justin DiRose
a46741cbb9
DEV: Clean up selectors on backup modal (#9114) 2020-03-05 12:25:10 -06:00
Robin Ward
e01d5e2adc SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:23:21 -05:00
Robin Ward
79ce7085c2 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:23:21 -05:00
Vinoth Kannan
d953c908d2 FEATURE: add child theme components in theme metadata.
Now theme creators can add an array of child theme components in about.json file for a top level theme.
2020-03-05 18:28:18 +05:30
Arpit Jalan
a157f4aaaa Remove invite_admin route. 2020-03-05 06:45:08 +05:30
Kris
3610709b6c Add classes for second-factor preferences 2020-03-04 16:53:32 -05:00
Kris
6afeb91a4d UX: Input adjustments for category setting modal (tags tab) 2020-03-04 14:48:22 -05:00
Kris
0e3e32f06c Remove some legacy tiger-striping css 2020-03-04 13:50:48 -05:00
Joffrey JAFFEUX
33f77e51b8
FIX: allows to select the action when agreeing with penalty (#9099)
Note this commit also fixes an issue where the edit post actions was trying to focus the edit textarea, but was using jquery functions on a DOM node.

scrollTo is not available on IE11 but that shouldn't cause much trouble.
2020-03-04 09:32:15 -05:00
Martin Brennan
3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
David Taylor
65cc61be7a
PERF: Allow preloading 'recent time read' for a user (#9076)
This will be used when serializing multiple user cards
2020-03-03 13:57:46 +00:00
David Taylor
d23f7af3cb
PERF: Allow user serializer to make use of preloaded custom fields (#9074) 2020-03-03 13:56:54 +00:00
Martin Brennan
0df72a51b8
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-03 15:44:01 +11:00
Martin Brennan
0388653a4d
DEV: Upload and secure media retroactive rake task improvements (#9027)
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-03 10:03:58 +11:00
Joffrey JAFFEUX
11425f8adc
FEATURE: alows to add a description link to a report (#9065)
This commit adds a description link to users_per_trust_level report linking to our blog  article on the subject https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
2020-03-02 14:30:51 -05:00
Robin Ward
a653737a66
FIX: Add aria-labels to topic list items (#9048)
* FIX: Add aria-labels to topic list items

Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.

context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539

* Update app/assets/javascripts/discourse/lib/utilities.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Multiline fix

* Fix more tests

Co-authored-by: Régis Hanol <regis@hanol.fr>
2020-03-02 14:28:54 -05:00
Joffrey JAFFEUX
f17459c620
UX: attempts to increate popup menu hitzone on mobile (#9038) 2020-03-02 14:27:50 -05:00
Jarek Radosz
fedd8e3e3a
DEV: Remove uses of deprecated Ember.copy and Copyable (#8978) 2020-03-02 14:24:05 -05:00
Jarek Radosz
76a06dfa03
DEV: Remove the last (defunct) use of Ember.View (#8976)
This codepath has been deprecated 3 years ago in c5687100b0.

Ember.View has been removed in Ember 2.0.
2020-03-02 14:23:46 -05:00
David Taylor
f9cc3dc4b7
PERF: Allow passing an existing list of user field ids when loading (#8970)
* PERF: Allow passing an existing list of user field ids when loading

This avoids the need for running `UserField.pluck(:id)` for each user that is serialized

* Memoize user_fields to avoid rebuilding hash ever time
2020-03-02 14:22:49 -05:00
tshenry
a09e5d12c2
FIX: Topics should honor auto-close when published to category (#8963)
* FIX: Topics should honor auto-close when published to category

* Add test
2020-03-02 14:21:35 -05:00
Gerhard Schlager
5c39e21c18
UX: Allow correct pluralization for "too few topics and posts" notices (#8947) 2020-03-02 14:20:37 -05:00
Joffrey JAFFEUX
ed85cfe141
FIX: prevents click on sk header to bubble (#9084) 2020-03-02 20:06:02 +01:00
Rafael dos Santos Silva
d05142d3f7 FEATURE: Enable service worker on iOS PWA 2020-03-02 15:55:09 -03:00
Rafael dos Santos Silva
fd38ed3631
DEV: Fix lint error introduced in 58f16f2 2020-03-02 13:04:52 -03:00
Rafael dos Santos Silva
58f16f2e2b
FIX: Make FooterNav work with PWAs on iPadOS 2020-03-02 12:56:37 -03:00
Martin Brennan
8123538c94
DEV: Minor review fixes and fix bookmark spec logging (#9045)
As per:

https://review.discourse.org/t/fix-never-allow-custom-emoji-to-be-marked-secure-8965/9072
https://review.discourse.org/t/feature-improving-bookmarks-part-2-topic-bookmarking-8954/9038
2020-03-02 15:40:29 +10:00
Joffrey JAFFEUX
2db8ada222
FIX: ensures category url of category drop is built using slug and id (#9069) 2020-02-28 17:58:22 +01:00
David Taylor
0903aa44bb
FEATURE: Always disable customizations on the /safe-mode route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
Dan Ungureanu
60184a290c
FIX: Sync preload key format for category topic lists
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.

This commit is an addition to 374534f00e.
2020-02-28 11:10:03 +02:00
Sam Saffron
8e5edae093
FEATURE: unconditionally skip indexing on search controller
There are absolutely no actions in search that need indexing

Also no point adding this header on non get requests
2020-02-28 09:21:31 +11:00
Mark VanLandingham
f358114361
FIX: Prettier on iframed-html component (#9062) 2020-02-27 11:56:13 -06:00
Mark VanLandingham
337b823ec6
Merge pull request from GHSA-vw39-6w7q-gfx5
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-27 11:47:15 -06:00
Roman Rizzi
87f15f9ed6
FIX: When appending tags to restricted category posts, we need to pass the category id, or it won't work. (#9020) 2020-02-27 14:10:14 -03:00
Joffrey JAFFEUX
501936f0da
FIX: prevents loading to show during debouncing (#9060)
This will also fix a bug in IE11 where click event would not be triggered on row
2020-02-27 15:20:04 +01:00
romanrizzi
4673f31c75 FIX: Bulk badge awards should work even if the CSV has nil values 2020-02-27 11:08:24 -03:00
adam j hartz
0af2f5db64
UX: Differentiate Between PMs and Topics in Search Results (#8933)
PMs will now display an envelope icon next to the topic title in search results. This is especially useful when searching using `in:all`.

Co-authored-by: adam j hartz <hz@mit.edu>
2020-02-27 13:25:32 +00:00
Joffrey JAFFEUX
56345faf9a
FIX: prevents row click event to be caught by filter input event (#9059)
This was causing some dropdowns to not work under IE11
2020-02-27 14:04:23 +01:00
Dan Ungureanu
60908a94ec
FIX: Skip 'invited' small action if user is in an invited group (#9056)
Inviting a user that is already invited through a group used to generate
a small action and a notification. This commit skips that small action.
2020-02-27 14:45:20 +02:00
Vinoth Kannan
acf337d583
FEATURE: auto archive group message if topic is closed. (#9046)
Co-Authored-By: Régis Hanol <regis@hanol.fr>
2020-02-27 11:09:37 +05:30
Vinoth Kannan
5774107a2d
FIX: downloaded image URLs incorrectly replaced in post raw. (#9014)
Previously, while replacing the downloaded image URL `http://wiki.mozilla.org/images/2/2e/Longcat1.png` similar non-image URL `http://wiki.mozilla.org/images/2` was replaced wrongly.
2020-02-27 10:22:55 +05:30
Dan Ungureanu
3568f296a3
FIX: Another attempt at fixing reviewable claiming
Follow-up to 9314751e5c.
2020-02-26 10:46:10 +02:00
Dan Ungureanu
9314751e5c
FIX: Claim reviewable button did not show up for all topics
Follow-up to 514c22e64b.
2020-02-26 10:36:35 +02:00
Joffrey JAFFEUX
baba1cc02e
FIX: ensures destroying a user with security keys doesn't fail (#9042) 2020-02-25 14:07:57 -05:00
David Taylor
96ac4fc072
FIX: Include .json suffix for email login route (#9041)
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. Adding the `.json` suffix ensures that the cache is not shared. Same root cause as b0211772
2020-02-25 18:01:33 +00:00
Dan Ungureanu
514c22e64b
FIX: Make reviewable claiming work with deleted topics (#9040)
This fixes the case when the reviewed topic is deleted (for example, in
discourse-akismet).
2020-02-25 15:49:23 +02:00
Dan Ungureanu
5905930c32
FIX: Sync Ember and non-Ember layouts (#9028) 2020-02-25 15:31:04 +02:00
Joffrey JAFFEUX
a5c7f0c98d
UX: hides emoji picker from edit category tab topic template (#9036) 2020-02-25 00:49:41 +01:00
Joffrey JAFFEUX
e303b4d181
UX: hides local-date picker when used outside of main composer 2020-02-25 00:17:43 +01:00
Joffrey JAFFEUX
bd49368942
FIX: ensures topic count is correctly showing in box category badges (#9034) 2020-02-24 23:41:36 +01:00
Penar Musaraj
d6a603cc50
FIX: Translate none-tag and all-tags labels in tag filter (#9030)
* FIX: Translate none-tag and all-tags labels in tag filter
* Add test
2020-02-25 07:57:24 +11:00
Joffrey JAFFEUX
f336aeee6f
FIX: ensures scoped search category is searching in all categories (#9031) 2020-02-24 19:19:53 +01:00
Kris
832a0e410a UX: Restrict icon height in btn-small to prevent height inconsistency 2020-02-24 13:18:46 -05:00
Joffrey JAFFEUX
0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Sam Saffron
372f6f4f22
FEATURE: limit number of notifications per user to 10,000
Introduces a new site setting `max_notifications_per_user`.

Out-of-the-box this is set to 10,000. If a user exceeds this number of
notifications, we will delete the oldest notifications keeping only 10,000.

To disable this safeguard set the setting to 0.

Enforcement happens weekly.

This is in place to protect the system from pathological states where a
single user has enormous amounts of notifications causing various queries
to time out. In practice nobody looks back more than a few hundred notifications.
2020-02-24 11:42:50 +11:00
Kris
e5bc649057 modal footer button height fix 2020-02-21 20:13:23 -05:00
Neil Lalonde
f73ed45de9 FIX: blank popular posts in summary emails due to lightbox images
When looking for the first paragraph with content in a post,
it was matching the lightboxed image paragraph as "<p></p>".
Fix that and other potential empty paragraphs with the
p:not(:empty) selector.
Add a new selector to find the image links in lightboxed
images as valid content for emails.
2020-02-21 16:18:38 -05:00
Joffrey JAFFEUX
69a2ad626b
FIX: ensures group automatic membership dropdown works (#9022)
This commit also fixes a deprecation warning as the previous  component was overriding a computed property from the group model.

Finally a test has been added as this is the only place where we use list-setting outside of the settings, this was highly subject to regressions.
2020-02-21 22:14:24 +01:00
Kris
90e701b470 UX: Eliminate double modal scroll on long mobile create account forms 2020-02-21 16:08:19 -05:00
Kris
5b358a2ca7 Follow up padding fix to de559f3 2020-02-21 15:44:34 -05:00
Joffrey JAFFEUX
0b0290cddb
FIX: muted was not working in topic timeline (#9021) 2020-02-21 21:32:58 +01:00
Dan Ungureanu
533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Dan Ungureanu
cf0c6d5761
FIX: Ensure web hooks are retried at most 5 times 2020-02-21 17:02:40 +02:00
Jarek Radosz
6ba326a9f4
DEV: Deprecate ember module imports (#9011)
Removes remaining `ember` module imports.
2020-02-21 15:56:49 +01:00
Jarek Radosz
c607870f08
DEV: Add more @ember imports (#9012) 2020-02-21 14:27:04 +01:00
Joffrey JAFFEUX
cb69e89d7c
FIX: correctly shows suggested topics label (#9017) 2020-02-21 12:35:49 +01:00
Joffrey JAFFEUX
e807dff6fc
FIX: ensures mini-tag-chooser is respecting max_tags_per_topic (#9018) 2020-02-21 12:16:05 +01:00
Vinoth Kannan
8a031f19dc FIX: use dedicated site attribute in category + tag filtered pages too. 2020-02-21 15:55:17 +05:30
Martin Brennan
3af2670bd5
FIX: Consider webp a supported image format for upload (#9015)
* Also fixes an issue where if webp was a downloaded hotlinked
  image and then secure + sent in an email, it was not being
  redacted because webp was not a supported media format in
  FileHelper
* Webp originally removed as an image format in
  https://github.com/discourse/discourse/pull/6377
  and there was a spec to make sure a .bin webp
  file did not get renamed from its type to webp.

  However we want to support webp images now to make
  sure they are properly redacted if secure media is
  on, so change the example in the spec to use tiff,
  another banned format, instead
2020-02-21 13:08:01 +10:00
Robin Ward
a47e0a3fda FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
2020-02-20 16:35:30 -05:00
David Taylor
19dcc6bb7b
FIX: Restore initState() call within discourse-location for subfolder
d7d4612b2d removed the duplicate call to initState(). However, we are relying on a side effect of the duplicate call for subfolder sites to function correctly when accessed without a trailing slash. To avoid a large refactor before the stable release, this commit restores the old behavior.

Long term we should look at migrating to Ember's built-in location library, rather than maintaining our own (very similar) version

https://github.com/emberjs/ember.js/blob/master/packages/%40ember/-internals/routing/lib/location/history_location.ts
2020-02-20 16:41:50 +00:00
Arpit Jalan
7b92280b97 UX: use same styling for username and user-name 2020-02-20 17:51:37 +05:30
Arpit Jalan
f36719c1f5 FIX: respect prioritize_username_in_ux setting in email
UX: only the first attribute should be hyperlinked
UX: add margin based on attribute position
2020-02-20 17:47:16 +05:30
Martin Brennan
97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Dan Ungureanu
20b90afad9
FIX: Remove broken error dismiss button 2020-02-19 23:03:52 +02:00
Robin Ward
345764565f FIX: Respect muted tags for mailing list mode
If a user has a tag muted, don't send them emails about that tag.
We've done this forever for categories so it makes sense to do it
for tags too.
2020-02-19 15:14:42 -05:00
Kris
2a7f53065d FEATURE: Add plugin outlet below login/create, add outlet to mobile 2020-02-19 14:08:35 -05:00
Kris
5b0025c816 Additional padding follow up to de559f3 2020-02-19 13:50:12 -05:00
Dan Ungureanu
fd1e04ba0a
UX: Improve small buttons appearance (#8990)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Kris  <kris.aubuchon@discourse.org>
2020-02-19 12:38:46 -05:00
David Taylor
8ec2d8a814
FIX: Disable save button for API key creation when invalid (#9005) 2020-02-19 16:33:09 +00:00
Kris
fdb45f2ba1 Follow-up padding fix for de559f3 2020-02-19 11:24:45 -05:00
Kris
de559f3fe3 FIX: Remove border-box from modal-body to avoid iOS fixed position bug 2020-02-19 11:08:15 -05:00
Robin Ward
c954d083df Link website when reviewing users 2020-02-19 10:18:05 -05:00
Joffrey JAFFEUX
74f2d48018
FIX: makes setting-object capable of defining value/name properties itself (#9003) 2020-02-19 10:01:21 +01:00
Joffrey JAFFEUX
30e2867547
FIX: prevents setting default values on setting component to reload page
This would happen when clicking on "add all themes" for example.
2020-02-19 09:04:57 +01:00
jjaffeux
32b3f55ef6 Revert "FIX: enums should be treated as flat arrays (#8995)"
This reverts commit 05be9beefd.
2020-02-19 07:53:29 +01:00
Jarek Radosz
9f8a27a132
DEV: Import makeArray from discourse-common instead using Ember global (#8977) 2020-02-19 00:57:58 +01:00
Joffrey JAFFEUX
25ebfd5998
DEV: allows to import isPresent (#8993) 2020-02-18 23:41:15 +01:00
Joffrey JAFFEUX
8f82d790d4
FIX: prevents notifications button to be cutoff on mobile (#8998) 2020-02-18 23:40:10 +01:00
Joffrey JAFFEUX
05be9beefd
FIX: enums should be treated as flat arrays (#8995) 2020-02-18 23:25:12 +01:00
Joffrey JAFFEUX
67ee79f023
FIX: group members dropdown was broken on mobile (#8994) 2020-02-18 23:23:38 +01:00
Vinoth Kannan
7a054fc142 FIX: remove anchors from banner headings.
Else it will create UX issues when the banner is visible on top of the banner topic.
2020-02-19 02:55:04 +05:30
Robin Ward
53054b41d2 FIX: Mentions updater should work regardless of .notify 2020-02-18 16:02:26 -05:00
Robin Ward
041168c9b6 FIX: Group mentions were not being cooked the same was as previewed
If a group mention could be notified on preview it was given an `<a>`
tag with the `.notify` class. When cooked it would display differently.
This patch makes the server side cooking match the client preview.
2020-02-18 15:45:02 -05:00
Robin Ward
163cbb4aa7 UX: Show mentions properly in small post messages 2020-02-18 14:38:33 -05:00
Penar Musaraj
8a0abafc9d UX: Adjust width for topic notifications dropdown on mobile
Previously, the dropdown was set to 400px wide, which exceeds the available width on many mobile devices.
2020-02-18 14:17:34 -05:00
Joffrey JAFFEUX
99746c2850
FIX: ensures report-filter/category is correctly filtering (#8992) 2020-02-18 17:37:43 +01:00
Roman Rizzi
9441362c72
FEATURE: Support uploading a csv with either user emails or usernames (#8971) 2020-02-18 10:53:12 -03:00
Sam Saffron
64b3512084
DEV: use DiskSpace module for all disk space calculations
This normalizes it so we only carry one place for grabbing disk space size

It also normalizes the command made so it uses Discourse.execute_command
which splits off params in a far cleaner way.
2020-02-18 15:13:19 +11:00