Commit Graph

44331 Commits

Author SHA1 Message Date
Bianca Nenciu
48e5d1af03
FIX: Improve top links section from user summary (#15675)
* Do not extract links for hotlinked images
* Include only links that have been clicked at least once in user
summary
2022-01-24 11:33:23 +11:00
Andrei Prigorshnev
cd68279f5c
DEV: use query() instead of queryAll() in tests (#15681) 2022-01-24 11:27:58 +11:00
Penar Musaraj
1f2226270e
FIX: Restore outlet in mobile views (#15683) 2022-01-23 18:41:01 +01:00
Discourse Translator Bot
f0435ca1a7
Update translations (#15673) 2022-01-23 11:14:20 +01:00
Blake Erickson
4bf6789bd7
DEV: Do not use hard-coded everyone group id (#15679)
Follow up to: 12f041de5d

Probably best to lookup the "everyone" group_id instead of hard-coding
it to `0`. Also now its more clear what this `0` means.
2022-01-21 15:56:45 -07:00
Robin Ward
78852e9754 FIX: Tests should never cloak posts
Depending on the load order of modules, the post cloaking code might
not be disabled properly in test mode, which results in flakey failures.
2022-01-21 14:32:26 -05:00
David Taylor
6c3df84a93
DEV: In themes:update, only update themes which are out-of-date (#15676)
Running `update_from_remote` and `save!` cause a number of side-effects, including instructing all clients to reload CSS files. If there are no changes, then this is wasteful, and can even cause a 'flicker' effect on clients as they reload CSS.

This commit checks if any updates are available before triggering `update_from_remote` / `save!`. This should be much faster, and stop the 'flickering' UX from happening on every themes:update run.

It also improves the output of the command to include the from/to commit hashes, which may be useful for debugging issues. For example:

```
Checking 'Alien Night | A Dark Discourse Theme' for 'default'... already up to date
Checking 'Star Wars' for 'default'... updating from d8a170dd to 66b9756f
Checking 'Media Overlay' for 'default'... already up to date
```
2022-01-21 18:23:26 +00:00
Bianca Nenciu
3bb1cd5c4d
FIX: Select topics instead of posts (#15674)
A code error caused post objects to be added to the selected array.
2022-01-21 19:52:09 +02:00
Dan Ungureanu
984089c94a
DEV: Add test for avatar-uploader (#15633)
Follow up to 64b089072a.
2022-01-21 19:51:24 +02:00
Dan Ungureanu
d0f4f408af
DEV: Simplify emoji-uploader tests (#15672)
Removes one layer of indirection in the tests. `emoji-uploader`'s
`uploadDone` can call the test handler directly without going through
an additional action method.
2022-01-21 19:51:04 +02:00
Bianca Nenciu
a0c040060a
FIX: Select best link from Atom feed (#15663)
Some Atom feeds can contain more than one link and it used to return
only the first link.
2022-01-21 17:54:18 +02:00
Martin Brennan
70af45055a
DEV: Clear custom field preload proxy on preload_custom_fields (#15671)
If a model class calls preload_custom_fields twice then
we have to clear this otherwise the fields are cached inside the
already existing proxy and no new ones are added, so when we check
for custom_fields[KEY] an error is likely to occur
2022-01-21 14:29:51 +10:00
Martin Brennan
c1ae214c7b
DEV: Add more info to N1 custom field error (#15670)
This commit makes a more specific N1NotPreLoadedError from
StandardError to raise when a custom field is loaded before
being preloaded, so it is easier to test that this does
not happen from plugins. Also adds the name of the class
trying to load the custom field to the error message.
2022-01-21 13:21:13 +10:00
Alan Guo Xiang Tan
e4e37257cc FIX: Handle malformed URLs in TopicEmbed.absolutize_urls. 2022-01-21 11:18:54 +08:00
Robin Ward
d28808e866 FIX: The service observer was using this incorrectly
It was pointing at nothing due to context.
2022-01-20 16:51:36 -05:00
Bianca Nenciu
847c77de65
FIX: Add another method to check binary file (#15648)
This method looks for a NULL byte that is not usually contained in text
files. Follow up to 376799b1a4.
2022-01-20 23:47:18 +02:00
Régis Hanol
a582c49601
FIX: possible ReDOS in markdown newline rule (#15646)
Backport ffc49ab46b
2022-01-20 22:32:01 +01:00
Robin Ward
224f0a2655 DEV: This ensures that teardowns are executed if initializers are run
It does this by creating a new initializer that runs every time the app
is booted to track the current test. Then after each test, we see if the
app needs to be torn down.
2022-01-20 16:23:54 -05:00
Osama Sayegh
688be607c9
FIX: Allowed URLs for API scopes added by plugins (#15662) 2022-01-20 22:29:03 +03:00
Robin Ward
2dc0f36e07 DEV: A bunch of tests (like controller) weren't cleaning up
This creates a helper function with all the cleanup tasks we need to do
after tests, then makes sure to call it after tests that previously
weren't.

This fixes a lot of flakey tests.
2022-01-20 11:58:58 -05:00
Jarek Radosz
23aceedbd5
FIX: Display composer popovers over dropdowns (#15659) 2022-01-20 17:55:55 +01:00
Joffrey JAFFEUX
2426e3510d
FIX: correctly access last poster username (#15661)
Testing this is kinda complicated ATM (especially mobile template with hbr) , this is a component we should definitely aim to test very extensively when we move away from hbr templates.
2022-01-20 17:27:14 +01:00
Kris
1d02b9728d
A11Y: tag should be "role" not "aria-role" (#15653) 2022-01-20 09:58:32 -05:00
Dan Ungureanu
f0c1a4fab8
FIX: Create email token with correct scope (#15658)
`account_created` email contains a URL to `/u/password-reset/TOKEN`
which means that the correct scope for the email token is
`password_reset`, not `signup`.
2022-01-20 16:38:56 +02:00
Kris
6a48106ed4
A11Y: do not use duplicate IDs (#15654) 2022-01-20 08:58:08 -05:00
Jarek Radosz
b9f650e55e
UX: Fix composer popup placement (#15660) 2022-01-20 14:21:13 +01:00
David Taylor
820564826e
FIX: Ensure that login does not fail for users with invite records (#15647)
In the unlikely, but possible, scenario where a user has no email_tokens, and has an invite record for their email address, login would fail. This commit fixes the `Invite` `user_doesnt_already_exist` validation so that it only applies to new invites, or when changing the email address.

This regressed in d8fe0f4199 (based on `git bisect`)
2022-01-20 10:54:38 +00:00
Dan Ungureanu
5b7bddf966
FIX: Prefer email when resetting password (#15650)
The UI used to request a password reset by username when the user was
logged in. This did not work when hide_email_already_taken site setting
was enabled, which disables the lookup-by-username functionality.

This commit also introduces a check to ensure that the parameter is an
email when hide_email_already_taken is enabled as the single allowed
type is email (no usernames are allowed).
2022-01-20 10:04:45 +02:00
Natalie Tay
f5ea00c73f
FIX: Respect blocked domains list when redirecting (#15656)
Our previous implementation used a simple `blocked_domain_array.include?(hostname)`
so some values were not matching. Additionally, in some configurations like ours, we'd used
"cat.*.dog.com" with the assumption we'd support globbing.

This change implicitly allows globbing by blocking "http://a.b.com" if "b.com" is a blocked 
domain but does not actively do anything for "*".

An upcoming change might include frontend validation for values that can be inserted.
2022-01-20 14:12:34 +08:00
dependabot[bot]
191bdac4f0
Build(deps-dev): Bump fabrication from 2.23.1 to 2.24.0 (#15652)
Bumps [fabrication](https://github.com/paulelliott/fabrication) from 2.23.1 to 2.24.0.
- [Release notes](https://github.com/paulelliott/fabrication/releases)
- [Changelog](https://github.com/paulelliott/fabrication/blob/master/Changelog.markdown)
- [Commits](https://github.com/paulelliott/fabrication/commits)

---
updated-dependencies:
- dependency-name: fabrication
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-19 22:41:31 +01:00
Bianca Nenciu
4951900bbc
FEATURE: Store dismissed state of topic nav popups (#15570)
The dismissed state will be stored between sessions if popupId
attribute is present.
2022-01-19 16:20:05 +02:00
Bianca Nenciu
376799b1a4
FIX: Hide excerpt of binary files in GitHub onebox (#15639)
Oneboxer did not know if a file is binary or not and always tried to
show an excerpt of the file.
2022-01-19 14:45:36 +02:00
David Taylor
ffd0f5b500
DEV: Update GitHub actions config (#15636)
- Move ember-cli tests into the main test workflow, so they're listed alongside other tests
- Remove the 'experimental' label
- Add the 'legacy' label to old-style qunit tests
- Add core-plugin EmberCLI tests
- Add scaffolding for all-plugin EmberCLI tests, but disable in matrix for now
2022-01-19 10:41:52 +00:00
Gerhard Schlager
27f1630b01
DEV: Try to download missing uploads from origin URL (#15629) 2022-01-19 11:05:58 +01:00
Natalie Tay
3050fe893b
DEV: Quick fix to flaky test (#15644)
We know that the real problem has got to do with cloaking (/t/10298), but while we find out precisely why, here's a quick fix.

Similar to #15627
2022-01-19 11:23:35 +08:00
Blake Erickson
12f041de5d
FIX: Tag watching for everyone tag groups (#15622)
* FIX: Tag watching for everyone tag groups

Tags in tag groups that have permissions set to everyone were not able
to be saved correctly. A user on their preferences page would mark the
tags that they wanted to save, but the watched_tags in the response
would be empty. This did not apply to admins, just regular users. Even
though the watched tags were being saved in the db, the user serializer
response was filtering them out. When a user refreshed their preferences
pages it would show zero watched tags.

This appears to be a regression introduced by:

0f598ca51e

The issue that needed to be fixed is that we don't track the "everyone"
group (which has an id of 0) in the group_users table. This is because
everyone has access to it, so why fill a row for every single user, that
would be a lot. The fix was to update the query to include tag groups
that had permissions set to the "everyone" group (group_id 0).

I also added another check to the existing spec for updating
watched tags for tags that aren't in a tag group so that it checks the
response body. I then added a new spec which updates watched tags for
tags in a tag group which has permissions set to everyone.

* Resolve failing tests

Improve SQL query syntax for including the "everyone" group with the id
of 0.

This commit also fixes a few failing tests that were introduced. It
turns out that the Fabrication of the Tag Group Permissions was faulty.
What happens when creating the tag groups without any permissions is
that it sets the permission to "everyone". If we then follow up with
fabricating a tag group permission on the tag group instead of having a
single permission it will have 2 (everyone + the group specified)! We
don't want this. To fix it I removed the fabrication of tag group
permissions and just set the permissions directly when creating the tag
group.

* Use response.parsed_body instead of JSON.parse
2022-01-18 15:02:29 -07:00
dependabot[bot]
bb1eacf184
Build(deps): Bump rubocop from 1.24.1 to 1.25.0 (#15643)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.24.1...v1.25.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 22:31:44 +01:00
David Taylor
2d67315c32
FIX: Disable service worker proxying in chrome 97-97.0.4692 (#15638)
https://bugs.chromium.org/p/chromium/issues/detail?id=1286367
2022-01-18 19:41:25 +00:00
Mark VanLandingham
fcc80137ce
DEV: Add chat_group_mention notification type (#15616) 2022-01-18 08:26:27 -06:00
Andrei Prigorshnev
bcc148556f
DEV: add empty state placeholder to styleguide (#15617) 2022-01-18 17:52:48 +04:00
Discourse Translator Bot
14b8cd5e17
Update translations (#15637) 2022-01-18 14:41:41 +01:00
Roman Rizzi
5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539)
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
David Taylor
7329b766cb
FIX: Ensure floating quote button is not positioned under sidebar (#15634)
If themes/plugins introduce a sidebar on the left of the screen, the quote button would sometimes be positioned underneath. This commit ensures that the positioning logic keeps the floating buttons within the width of `.topic-area`
2022-01-18 12:05:36 +00:00
David Taylor
b725b7f1fa
FIX: Quick-quote on Safari (#15631)
Some safari-specific logic was inadvertently removed during the refactoring in b2d45c59. This commit restores it. The logic requires some state, so the getRangeBoundaryRect helper has to be moved back into the Component class. The functional change in this commit is the three lines enclosed by `if (this.capabilities.isSafari) {`.
2022-01-18 11:44:58 +00:00
Dan Ungureanu
eb4ad958c1
FIX: Ensure method exists before calling (#15632)
`_perFileData` is not always defined and uploads failed when it is not.
2022-01-18 13:44:02 +02:00
David Taylor
235de5dd90
FIX: Add /session/sso service-worker workaround for chrome 97 (#15630)
Followup to 2278c7f82d. Depending on the site's SSO implementation, this route is also used as part of a redirect sequence and needs to be able to set cookies.

Chrome bug reference: https://bugs.chromium.org/p/chromium/issues/detail?id=1286367
2022-01-18 11:27:01 +00:00
Natalie Tay
f2902d3830
FIX: Attempt to fix flaky test by using a shorter topic (#15627)
As part of /t/10298, try to remove the first flaky test in the list.

One finding is that the /t/280 topic has a very long post stream, so that may have caused some delay when rendering the topic. One way is to wait for the first expected element to load, but that doesn't scale well given how many waits we will need to add. So I chose to render a shorter topic instead.
2022-01-18 19:22:49 +08:00
David Taylor
5c23c6cdab DEV: Update rake qunit:test and rake plugin:qunit to use testem
For now this is still gated behind a `QUNIT_EMBER_CLI=1` environment variable, but will eventually become the default so that we can remove `run-qunit.js`.
2022-01-18 10:16:29 +00:00
David Taylor
ff5a6edb71 DEV: Update plugin JS loading in Ember CLI testem environment
Previously we were adding `/assets/discourse/tests/core_plugin_tests.js` to the test html all the time. This works in development mode, but fails silently when using testem via the `ember test` CLI, because there is no proxy running.

This commit makes a few changes to fix this, and make it more useful:

- Only renders the plugin `<script>` when in development mode, or when `LOAD_PLUGINS=1` (matching core's behavior)
- Only loads plugin translations based on the same logic
- When running via testem, and the above conditions are met, testem is configured to proxy `core_plugin_tests.js` through to a rails server. (port based on the `UNICORN_PORT` env variable)
- Adds a descriptive error if the plugin `<script>` fails to load. This can happen if the rails server hasn't been started
- Updates the logic for testem browsers. Ember CLI always launches testem in "CI" mode, and we don't really want 3 browsers opening by default. Our CI explicitly specifies the 3 browsers at runtime
2022-01-18 10:16:29 +00:00
David Taylor
b2d45c592a
UX: Apply new quote-button spacing behavior to all mobile devices (#15608)
This expands cbf99f48 to apply to all mobile devices. It removes the old mobile positioning logic entirely, refactors the new system a little for robustness and readability, and removes some JQuery.

On Andoid, we also need to avoid the start selection handle. Therefore the logic for locating selection boundaries is abstracted into a function for easier re-use.
2022-01-18 10:13:49 +00:00