Commit Graph

56477 Commits

Author SHA1 Message Date
Ted Johansson
ec7703e622
FIX: Only render admin notice dismiss button for admins (#29103)
Dismissing admin notices is an admin-only action. This is enforced on the back-end both by a routing constraint and a policy in the relevant service.

However, we still unconditionally display the "Dismiss" button to anyone with access to the admin dashboard. When clicked, it results in a 404 modal (due to the routing constraint.)

With this change we only render the dismiss button for admins.
2024-10-07 13:14:01 +08:00
chapoi
8d1867688f
UX: add padding bottom to chat index list (#29096) 2024-10-07 07:09:27 +02:00
Ted Johansson
7ecb258b83
FIX: Support idempotent admin notice dismissal (#29099)
If you have the admin dashboard open, and one of the admin notices listed has already been dismissed (e.g. in another tab, or by another admin) we would show an ugly "FAILED" modal.

This change makes the admin dismiss endpoint idempotent. If the admin notice is already destroyed, then respond with 200. This will also correctly remove it from the list in the front-end.
2024-10-07 12:29:33 +08:00
Alan Guo Xiang Tan
4ba8d3b76b
Bump version to v3.4.0.beta3-dev 2024-10-07 12:14:10 +08:00
Alan Guo Xiang Tan
9cfe725b37
Bump version to v3.4.0.beta2 2024-10-07 12:14:09 +08:00
Penar Musaraj
92ac6be82a
SECURITY: prevent topic list filtering by hidden tags for unathorized users
This fixes an issue where unathorized users were able to filter topics
by tags that are hidden from them.
2024-10-07 11:48:55 +08:00
OsamaSayegh
d7164d57ec
SECURITY: Block registrations for encoded emails that are invalid 2024-10-07 11:48:52 +08:00
Régis Hanol
34d04e7507
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773

FIX: Duplicated parent posts

DEV: Query refactor
2024-10-07 11:48:48 +08:00
Bianca Nenciu
e081cc14fb
SECURITY: Use different anon cache keys for XHR requests
XHR requests are handled differently by the application and the
responses do not have any preloaded data so the cache key needs to
differntiate between those requests.
2024-10-07 11:48:45 +08:00
Jan Cernik
1da97de7f0
SECURITY: Correctly parse URLs in chat excerpts 2024-10-07 11:48:41 +08:00
dependabot[bot]
07f6952beb
Build(deps-dev): Bump rswag-specs from 2.14.0 to 2.15.0 (#29093)
Bumps [rswag-specs](https://github.com/rswag/rswag) from 2.14.0 to 2.15.0.
- [Release notes](https://github.com/rswag/rswag/releases)
- [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rswag/rswag/compare/2.14.0...2.15.0)

---
updated-dependencies:
- dependency-name: rswag-specs
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 10:08:23 +08:00
Jeff Wong
7d441e3782
FIX: skips caching a generated secret key base token if skip_redis is true. (#29029)
Allows for `SKIP_DB_AND_REDIS` env var to be used without a secret key setup in
global setting env.
2024-10-06 06:46:58 -07:00
Jeff Wong
91ac382d83
DEV: update compile steps (#29031)
Remove emoji.clear cache calls as data.js.es6.erb hasn't existed in a while.
Emoji data is now compiled separately via javascript rake tasks.

Skip db and redis precompilation when no db is present
2024-10-05 09:50:33 +10:00
Kris
e75571c401
A11Y: add aria-label to user profile link in topic list (#29088) 2024-10-04 16:02:12 -04:00
Penar Musaraj
d959bfdc61
UX: Improve bottom padding to chat index on mobile (#29086)
Minor adjustment to #29082
2024-10-04 11:33:38 -04:00
David Taylor
7a46baa31c
DEV: Update helper.renderGlimmer example to gjs (#28962) 2024-10-04 16:04:08 +01:00
Loïc Guitaut
8eff922ace DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.
2024-10-04 23:38:27 +09:00
David Taylor
69d2373f77
DEV: Resolve stat registration flaky tests (#29084) 2024-10-04 13:49:22 +01:00
chapoi
c13ca6eb19
UX: chat index mini refactor (#29082) 2024-10-04 08:10:36 -04:00
dependabot[bot]
514c543cd4
Build(deps-dev): Bump lint-to-the-future-eslint from 2.1.2 to 2.1.3 (#29078)
Bumps [lint-to-the-future-eslint](https://github.com/mansona/lint-to-the-future-eslint) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/mansona/lint-to-the-future-eslint/releases)
- [Changelog](https://github.com/mansona/lint-to-the-future-eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mansona/lint-to-the-future-eslint/commits)

---
updated-dependencies:
- dependency-name: lint-to-the-future-eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 01:12:22 +02:00
dependabot[bot]
8132bb9f50
Build(deps-dev): Bump lint-to-the-future from 2.1.0 to 2.2.0 (#29077)
Bumps [lint-to-the-future](https://github.com/mansona/lint-to-the-future) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/mansona/lint-to-the-future/releases)
- [Changelog](https://github.com/mansona/lint-to-the-future/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mansona/lint-to-the-future/commits)

---
updated-dependencies:
- dependency-name: lint-to-the-future
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 01:12:09 +02:00
dependabot[bot]
0d9e0fd23e
Build(deps): Bump jwt from 2.8.2 to 2.9.3 (#29076)
Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.8.2 to 2.9.3.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.8.2...v2.9.3)

---
updated-dependencies:
- dependency-name: jwt
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 01:04:31 +02:00
Penar Musaraj
0cc231f61c
DEV: Do not include passkey metadata needlessly (#29074)
Only current user should see passkey metadata.
2024-10-03 15:44:21 -04:00
dependabot[bot]
0078f0973e
Build(deps): Bump webrick from 1.8.1 to 1.8.2 (#29000)
Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/ruby/webrick/releases)
- [Commits](https://github.com/ruby/webrick/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: webrick
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 19:43:51 +02:00
Natalie Tay
d984646c97
DEV: Update warning when deleting associated accounts (#29053) 2024-10-03 19:50:29 +08:00
Jarek Radosz
cec5e27192
DEV: Update content-tag to 2.0.2 (#29071) 2024-10-03 12:45:11 +02:00
David Battersby
9eaf908e63
DEV: cleanup chat desktop notification data (#28943)
Makes channel_id and is_direct_message_channel consistent across desktop notifications, which also removes the need to lookup the channel from Chat Notification Manager.
2024-10-03 12:43:17 +04:00
Loïc Guitaut
ad8f46f4f1 DEV: Make params explicit for services in controllers 2024-10-03 16:56:39 +09:00
Martin Brennan
3108e3a6b6
DEV: Try fix bookmark flaky (#29069)
I think the check for the bookmark icon is too optimistic,
so the DB might not be updated by the time we check. Using
try_until_success should fix this, we also don't have a
toast to check against via AJAX success, by design.
2024-10-03 14:34:36 +10:00
Jarek Radosz
ef00d6f633
DEV: Remove accidental pgvector addition (#29068) 2024-10-03 03:49:35 +02:00
Jarek Radosz
53e6e32b2d
DEV: Attempt to fix about model flakes (#29057)
My theory is that there were nil entries (that we were filtering out) that then changed and we weren't resetting them properly.

(the failure no longer repro'd in 30 CI runs in this PR)
2024-10-03 03:19:34 +02:00
dependabot[bot]
3252865016
Build(deps-dev): Bump puppeteer-core from 23.4.1 to 23.5.0 (#29064)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 23.4.1 to 23.5.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v23.4.1...puppeteer-core-v23.5.0)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 01:48:49 +02:00
dependabot[bot]
19bf9349fd
Build(deps): Bump @messageformat/core from 3.3.0 to 3.4.0 (#29065)
Bumps [@messageformat/core](https://github.com/messageformat/messageformat/tree/HEAD/packages/core) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/messageformat/messageformat/releases)
- [Changelog](https://github.com/messageformat/messageformat/blob/main/packages/core/CHANGELOG.md)
- [Commits](https://github.com/messageformat/messageformat/commits/@messageformat/core@3.4.0/packages/core)

---
updated-dependencies:
- dependency-name: "@messageformat/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 01:04:40 +02:00
dependabot[bot]
c5b69854dc
Build(deps-dev): Bump jsuites from 5.6.4 to 5.6.5 (#29066)
Bumps [jsuites](https://github.com/jsuites/jsuites) from 5.6.4 to 5.6.5.
- [Release notes](https://github.com/jsuites/jsuites/releases)
- [Changelog](https://github.com/jsuites/jsuites/blob/master/changelog.md)
- [Commits](https://github.com/jsuites/jsuites/commits)

---
updated-dependencies:
- dependency-name: jsuites
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 01:04:21 +02:00
dependabot[bot]
41d3d3e8b4
Build(deps): Bump the babel group with 3 updates (#29063)
Bumps the babel group with 3 updates: [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators), [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone).


Updates `@babel/plugin-proposal-decorators` from 7.24.7 to 7.25.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-plugin-proposal-decorators)

Updates `@babel/core` from 7.25.2 to 7.25.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-core)

Updates `@babel/standalone` from 7.25.6 to 7.25.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: babel
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: babel
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: babel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 01:04:12 +02:00
dependabot[bot]
17326cc144
Build(deps-dev): Bump rspec-mocks from 3.13.1 to 3.13.2 (#29062)
Bumps [rspec-mocks](https://github.com/rspec/rspec-mocks) from 3.13.1 to 3.13.2.
- [Release notes](https://github.com/rspec/rspec-mocks/releases)
- [Changelog](https://github.com/rspec/rspec-mocks/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-mocks/compare/v3.13.1...v3.13.2)

---
updated-dependencies:
- dependency-name: rspec-mocks
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 00:25:19 +02:00
Keegan George
d0c3f3b8fe
DEV: Remove FontAwesome 5 references (#29060)
Recently we updated the icon library from Font Awesome `5` to `6.6.0`. Since we were running Font Awesome 5 for a long time while 6 had already been released, we often specified in the codebase with the text _"FontAwesome 5"_. However, now that we are in the latest version, there is no need for our API's/comments to keep specifying for version 5. This PR updates all instances of FontAwesome 5 or FA5 and removes the version number to be the more generic: "FontAwesome"
2024-10-02 13:41:51 -07:00
Keegan George
53d41d0727
DEV: Add missing x icon to svg_sprite.rb (#29059) 2024-10-02 16:20:24 -04:00
Kris
0aeeb67cac
A11Y: announce "link copied!" confirmation for screen readers (#29058) 2024-10-02 15:54:38 -04:00
Jarek Radosz
488dc1784b
DEV: Use the "new" test waiters (#29055)
In accordance with 2020 [RFC591](https://github.com/emberjs/rfcs/blob/master/text/0581-new-test-waiters.md) 🙂

Next steps: use them in plugins too (d-encrypt) and enable the eslint rule (https://github.com/ember-cli/eslint-plugin-ember/blob/master/docs/rules/no-legacy-test-waiters.md)
2024-10-02 21:09:55 +02:00
marstall
23fbaf7ee3
UX: change twitter share link to X (#29056) 2024-10-02 14:43:40 -04:00
Gerhard Schlager
d4379af7f2
FIX: Import script didn't set public attribute of polls (#28864) 2024-10-02 20:02:13 +02:00
Rafael dos Santos Silva
fd57a64174
FEATURE: Limit client side image compression on Safari to version >= 18 (#28373)
This PR limits this feature:

On all devices:
- Browsers with OffScreenCanvas support
- Browsers with createImageBitmap

On Apple Safari
- At least version 18

It also adds a routine that terminates the worker after 5 uses on all devices to handle any WASM memory leaks. All this together fixes crashes that could occur on iPhones.

It still leaves the feature disabled by default on iOS, which will be revisited after testing this changes.
2024-10-02 12:37:41 -03:00
Loïc Guitaut
fc1c5f6a8d DEV: Have contract take a block in services
Currently in services, the `contract` step is only used to define where
the contract will be called in the execution flow. Then, a `Contract`
class has to be defined with validations in it.

This patch allows the `contract` step to take a block containing
validations, attributes, etc. directly. No need to then open a
`Contract` class later in the service.

It also has a nice side effect, as it’s now easy to define multiples
contracts inside the same service. Before, we had the `class_name:`
option, but it wasn’t really useful as you had to redefine a complete
new contract class.
Now, when using a name for the contract other than `default`, a new
contract will be created automatically using the provided name.

Example:
```ruby
contract(:user) do
  attribute :user_id, :integer

  validates :user_id, presence: true
end
```
This will create a `UserContract` class and use it, also putting the
resulting contract in `context[:user_contract]`.
2024-10-02 17:00:01 +09:00
Discourse Translator Bot
76ad581f67 Update translations 2024-10-02 08:55:44 +02:00
Martin Brennan
8fc34e9323
DEV: Add a skeleton for section landing page & items (#28477)
We are going to start making section landing pages
for admin for each sidebar section. This lays the framework
with routes and simple components that can be further
refined by a designer, but I have taken the base CSS from
AI which Kris made.

The initial section landing items will be used in AI to replace
the placeholders added in this commit b8b3c61451
2024-10-02 12:19:38 +10:00
Sam
baeca887d9
FEATURE: improve the suppression for admins when required (#29041)
Previously admins could still click on topics when `suppress_secured_categories_from_admin` was set

This change improves the block so admins without permission will not be allowed to click through till they add themselves to appropriate groups

Keep in mind this setting is a quality of life setting and not a SECURITY
setting, admins have an infinite way of bypassing visiblity limits
2024-10-02 10:52:02 +10:00
dependabot[bot]
50e0558f5b
Build(deps-dev): Bump ember-cli from 5.11.0 to 5.12.0 (#29048)
Bumps [ember-cli](https://github.com/ember-cli/ember-cli) from 5.11.0 to 5.12.0.
- [Release notes](https://github.com/ember-cli/ember-cli/releases)
- [Changelog](https://github.com/ember-cli/ember-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-cli/ember-cli/compare/v5.11.0...v5.12.0)

---
updated-dependencies:
- dependency-name: ember-cli
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 01:56:08 +02:00
dependabot[bot]
e11b411e9f
Build(deps-dev): Bump the embroider group with 4 updates (#29046)
Bumps the embroider group with 4 updates: [@embroider/compat](https://github.com/embroider-build/embroider/tree/HEAD/packages/compat), [@embroider/core](https://github.com/embroider-build/embroider/tree/HEAD/packages/core), [@embroider/macros](https://github.com/embroider-build/embroider/tree/HEAD/packages/macros) and [@embroider/webpack](https://github.com/embroider-build/embroider/tree/HEAD/packages/webpack).


Updates `@embroider/compat` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/compat)

Updates `@embroider/core` from 3.4.16 to 3.4.17
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/core)

Updates `@embroider/macros` from 1.16.6 to 1.16.7
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/macros)

Updates `@embroider/webpack` from 4.0.5 to 4.0.6
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/webpack)

---
updated-dependencies:
- dependency-name: "@embroider/compat"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/macros"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/webpack"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 00:46:03 +02:00
dependabot[bot]
20e5f72292
Build(deps-dev): Bump lint-to-the-future-eslint from 2.1.1 to 2.1.2 (#29047)
Bumps [lint-to-the-future-eslint](https://github.com/mansona/lint-to-the-future-eslint) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/mansona/lint-to-the-future-eslint/releases)
- [Changelog](https://github.com/mansona/lint-to-the-future-eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mansona/lint-to-the-future-eslint/commits)

---
updated-dependencies:
- dependency-name: lint-to-the-future-eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 00:34:36 +02:00