Commit Graph

47911 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
f31f0b70f8
SECURITY: Hide PM count for tags by default (#20061)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-01-31 12:08:23 +08:00
Sam
07679888c8
FEATURE: allow restricting duplication in search index (#20062)
* FEATURE: allow restricting duplication in search index

This introduces the site setting `max_duplicate_search_index_terms`.
Using this number we limit the amount of duplication in our search index.

This allows us to more correctly weight title searches, so bloated posts
don't unfairly bump to the top of search results.

This feature is completely disabled by default and behind a site setting

We will experiment with it first. Note entire search index must be rebuilt
for it to take effect.


---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2023-01-31 12:41:31 +11:00
Alan Guo Xiang Tan
c5c72a74b7
DEV: Fix flaky test due to a lack of deterministic ordering (#20087) 2023-01-31 08:57:34 +08:00
Alan Guo Xiang Tan
6934edd97c
DEV: Add hidden site setting to configure search ranking weights (#20086)
This site setting is mostly experimental at this point.
2023-01-31 08:57:13 +08:00
Jan Cernik
bb35274984
FIX: Error calling LazyYT from chat when disabled (#20085) 2023-01-30 21:19:04 -03:00
Martin Brennan
33e6140179
FIX: Update bookmark topic copy (#20059)
The topic-level bookmark button copy was inaccurate
since we changed to allow topic-level bookmarks.
2023-01-31 10:05:44 +10:00
Martin Brennan
8c4c00b211
DEV: Start threading for chat (#20060)
Adds hidden `enable_experimental_chat_threaded_discussions`
setting which will control whether threads show in the UI,
alongside the `ChatChannel.threading_enabled` boolean column,
which does the same. The former is a global switch for this
feature, while the latter can be used to allow single channels
to show this new functionality if the site setting is true.

Neither setting impacts whether `ChatThread` records (which will
be added in a future PR) will be created, they will always be
made regardless.
2023-01-31 10:01:47 +10:00
Sam
5d669d8aa2
Revert "FEATURE: hidden site setting to disable search prefix matching (#20058)" (#20073)
This reverts commit 64f7b97d08.

Too many side effects for this setting, we have decided to remove it
2023-01-31 07:39:23 +08:00
David Taylor
4d12bdfdcb
DEV: Fix user_status_controller_spec flakiness (#20083)
In some situations, these HTTP calls would cause some cache to warmup and send a `/distributed_hash` message-bus message. We can avoid tracking those by passing a specific channel name to `track_publish`.
2023-01-30 22:42:47 +00:00
Jarek Radosz
7c1e1ef72b
DEV: Convert presence service tests to actual unit tests (#20076) 2023-01-30 23:31:39 +01:00
dependabot[bot]
2c81b70b01
Build(deps): Bump deepmerge in /app/assets/javascripts (#20082)
Bumps [deepmerge](https://github.com/TehShrike/deepmerge) from 4.2.2 to 4.3.0.
- [Release notes](https://github.com/TehShrike/deepmerge/releases)
- [Changelog](https://github.com/TehShrike/deepmerge/blob/master/changelog.md)
- [Commits](https://github.com/TehShrike/deepmerge/compare/v4.2.2...v4.3.0)

---
updated-dependencies:
- dependency-name: deepmerge
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:42 +01:00
dependabot[bot]
90ba62597a
Build(deps): Bump terser in /app/assets/javascripts (#20081)
Bumps [terser](https://github.com/terser/terser) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.1...v5.16.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 23:00:11 +01:00
dependabot[bot]
10408b39fe
Build(deps): Bump logster from 2.11.3 to 2.11.4 (#20080)
Bumps [logster](https://github.com/discourse/logster) from 2.11.3 to 2.11.4.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.11.3...v2.11.4)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 22:59:09 +01:00
dependabot[bot]
45a08c2adf
Build(deps): Bump nokogiri from 1.14.0 to 1.14.1 (#20079)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.0 to 1.14.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 22:58:59 +01:00
Jan Cernik
aecd8b1eff
FIX: Add support for multiple TikTok aspect ratios (#20064) 2023-01-30 18:12:01 -03:00
Joffrey JAFFEUX
06ad13b517
DEV: makes test more deterministic (#20078)
`last_message_sent_at` could be equal and as a result the order would be random causing random spec failures in plugins/chat/spec/mailers/user_notifications_spec.rb:182
2023-01-30 22:02:32 +01:00
Joffrey JAFFEUX
a4c32e3970
DEV: attempts to fix flakey spec (#20075) 2023-01-30 21:47:44 +01:00
Joffrey JAFFEUX
137f28e0d6
DEV: skip spec failing on CI (#20077) 2023-01-30 21:47:31 +01:00
Joffrey JAFFEUX
73488f2f33
FIX: uses popper for cards 2023-01-30 21:12:30 +01:00
Natalie Tay
fda834d01c
Revert "DEV: uses popperjs for positioning user and group card (#20063)" (#20072)
This reverts commit 335c3f4621.
2023-01-31 02:51:05 +08:00
Natalie Tay
58234246ff
DEV: Remove elder from codebase and also update 'regular' to 'member' (#20065)
A while back the definition of TL was changed but many
areas in the codebase still use the term 'Regular user'
despite it having some implicit meaning (TL2).

See 20140905055251_rename_trust_level_badges.rb
2023-01-31 01:41:25 +08:00
Andrei Prigorshnev
b334f0070d
DEV: dry up the Do Not Disturb widget (#19494) 2023-01-30 21:23:06 +04:00
Rafael dos Santos Silva
587e9ed9ba
FEATURE: Enable service worker for Apple devices (#19643)
This is necessary so MacOS Ventura (and in 2023 iOS) can use our new
default push notifications.

We still disable caching of dynamic routes on Apple devices due to it's
always being buggy there.
2023-01-30 13:23:19 -03:00
David Taylor
a6b680f4fe
DEV: Fix GitHub CI permissions issues (#20069)
The `git` version in our discourse_test docker image was recently updated to include a permissions check before running any git commands. For this to pass, the owner of the discourse directory needs to match the user running any git commands.

Under GitHub actions, by default the working directory is created with uid=1000 as the owner. We run all our tests as `root`, so this mismatch causes git to raise the permissions error. We can't switch to run the entire workflow as the `discourse (uid=1000)` user because our discourse_test image is not configured to allow `discourse` access to postgres/redis directories. For now, this commit updates the working directory's owner to match the user running the workflow.
2023-01-30 15:39:43 +00:00
David Taylor
fa7f8d8e1b
DEV: Update user-status test to assert message-bus channels (#20068)
This test appears to be flaky. This assertion should help us track down the reason.
2023-01-30 13:54:44 +00:00
Bianca Nenciu
9a196ced08
FEATURE: Move metadata user results to list bottom (#18977)
Partial username or name matches were shown together with metadata
matched results. This created a bad user experience because results
that look unrelated were before even partial or exact group matches.
2023-01-30 15:38:41 +02:00
Joffrey JAFFEUX
335c3f4621
DEV: uses popperjs for positioning user and group card (#20063)
Behavior should be very similar but the code is simplified and it should fix various bugs where the card was showing out of screen even if we had available space.
2023-01-30 14:15:10 +01:00
chapoi
18f7b47ecb
UX: improve emoji alignment for text (#19815)
* UX: improve emoji alignment for text

* UX: emoji exception for titles
2023-01-30 14:07:08 +01:00
chapoi
d0780eacdc
FIX: preserves avatar size inside onebox (#20066)
* UX: Wrap chat one-box avatars

* UX: restrict onebox image css to non-avatar
2023-01-30 13:59:25 +01:00
David Taylor
79bea9464c
PERF: Move user-tips and narrative to per-user messagebus channels (#19773)
Using a shared channel with per-message permissions means that every client is updated with the channel's 'last_id', even if there are no messages available to them. Per-user channel names avoid this problem - the last_id will only be incremented when there is a message for the given user.
2023-01-30 11:48:09 +00:00
Joffrey JAFFEUX
939c2a7371
FIX: correct various mistakes in chat-notification-manager (#20050)
* FIX: correct various mistakes in chat-notification-manager

- The code was still handling global chat through its own variable instead of relying on `ChatStateManager`
- There was a typo were the code was using `this` instead of `opts`

Note notifications are a future big work of this year and this should be heavily reworked and tested.

* linting
2023-01-30 10:48:10 +01:00
Bianca Nenciu
23a74ecf8f
FIX: Truncate existing user status to 100 chars (#20044)
This commits adds a database migration to limit the user status to 100
characters, limits the user status in the UI and makes sure that the
emoji is valid.

Follow up to commit b6f75e231c.
2023-01-30 10:49:08 +02:00
Ayke Halder
9f14d643a5
DEV: use structured data in crawler-linkback-list for referencing only (#16237)
This simplifies the crawler-linkback-list to only be a point of reference to the actual DiscussionForumPosting objects.

See "Summary page": https://developers.google.com/search/docs/advanced/structured-data/carousel?hl=en#summary-page
> [It] defines an ItemList, where each ListItem has only three properties: @type (set to ListItem), position (the position in the list), and url (the URL of a page with full details about that item).
2023-01-30 08:26:55 +01:00
Ayke Halder
137dbaf0dc
DEV: declare post position as simple number in structured data (#16231)
This replaces the position declared as `#123` with the more simple version `123`.

The property position may be of type Integer or Text. A value of type Integer, or more precise of type Text which simply casts to integer, is sufficient here.
See: https://schema.org/position

In category-view the topic-list already uses this notation for the position of topics:
`<meta itemprop="position" content="123">`
2023-01-30 08:07:04 +01:00
Sam
64f7b97d08
FEATURE: hidden site setting to disable search prefix matching (#20058)
Many users seems surprised by prefix matching in search leading to
unexpected results.

Over the years we always would return results starting with a search term
and not expect exact matches.

Meaning a search for `abra` would find `abracadabra`

This introduces the Site Setting `enable_search_prefix_matching` which
defaults to true. (behavior unchanged)

We plan to experiment on select sites with exact matches to see if the
results are less surprising
2023-01-30 12:44:40 +08:00
Martin Brennan
db5ad34508
FEATURE: Allow editing channel slug (#19948)
This commit introduces the ability to edit the channel
slug from the About tab for the chat channel when the user
is admin. Similar to the create channel modal functionality
introduced in 641e94f, if
the slug is left empty then we autogenerate a slug based
on the channel name, and if the user just changes the slug
manually we use that instead.

We do not do any link remapping or anything else of the
sort, when the category slug is changed that does not happen
either.
2023-01-30 13:18:34 +10:00
Alan Guo Xiang Tan
7ec6e6b3d0
PERF: N+1 queries on /tags with multiple categories tags (#19906)
When the `tags_listed_by_group` site setting is disable, we were seeing
the N+1 queries problem when multiple `CategoryTag` records are listed.
This commit fixes that by ensuring that we are not filtering through the
category `tags` association after the association has been eager loaded.
2023-01-30 08:53:17 +08:00
Zachary Huff
0a8387ecd2
FIX: Validate asset url before replacing base url (#16438)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2023-01-30 07:32:48 +08:00
dependabot[bot]
cd55d72b61
Build(deps): Bump excon from 0.97.2 to 0.98.0 (#20053)
Bumps [excon](https://github.com/excon/excon) from 0.97.2 to 0.98.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.97.2...v0.98.0)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 23:00:21 +01:00
dependabot[bot]
88ef450fa1
Build(deps): Bump tzinfo from 2.0.5 to 2.0.6 (#20051)
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/tzinfo/tzinfo/releases)
- [Changelog](https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md)
- [Commits](https://github.com/tzinfo/tzinfo/compare/v2.0.5...v2.0.6)

---
updated-dependencies:
- dependency-name: tzinfo
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:59 +01:00
dependabot[bot]
8410b25f3c
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#20055)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.13 to 7.20.14.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.14/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:40 +01:00
dependabot[bot]
15e854f0f7
Build(deps): Bump eslint in /app/assets/javascripts (#20054)
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-29 22:44:14 +01:00
Penar Musaraj
c43068720f
FIX: Better UX for timezones selector in date modal (#20047)
When expanding the "Advanced mode" of the date modal, the Timezones
picker was at the bottom of the modal, and expanding it would often
overflow the viewport. This PR moves the elment higher up, therefore
avoiding the overflow.

There's a small width change as well, for better consistency.
2023-01-27 16:26:32 -05:00
Roman Rizzi
7441864474
FIX: Intercept old channel URLs in drawer mode (#20043) 2023-01-27 17:46:53 -03:00
Keegan George
a4c68d4a2e
FIX: Failing system spec for rate limited search (#20046) 2023-01-27 12:14:29 -08:00
Kris
39eec37e75
A11Y: post avatars should not be tabbable (#20045) 2023-01-27 14:39:55 -05:00
Sam
2c8dfc3dbc
FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
chapoi
5f90790110
Revert "Select-kit > use new color vars" (#20042)
This reverts commit 8534391044.
2023-01-27 18:09:50 +01:00
Blake Erickson
4ecfac39a6
FEATURE: Add separate api scope for topic status (#19978)
This will allow us more granular control over changing a topic status.
For example you can now force the scope to only allow closing topics in
a specific category. This means that the same scope can't be used to
re-open topics, or close topics in a different category.
2023-01-27 08:05:29 -07:00
chapoi
e03f6057ec
UX: Highlight var refactor (#20026)
* Add new color vars

* Select-kit > use new color vars

* update all color schemes with values for new hover/select vars

* Add variable yml names
2023-01-27 15:50:36 +01:00