Commit Graph

35345 Commits

Author SHA1 Message Date
David Taylor
eaf6096890 DEV: Use rubocop-discourse gem to add custom chdir cop
Followup to b27e009655
2019-11-18 15:39:41 +00:00
David Taylor
6f9afde9a8 UX: Allow enter key to submit test email in admin panel 2019-11-18 15:36:06 +00:00
Penar Musaraj
97dad94bfd DEV: Bump eslint-config-discourse to 1.0.6
Also fixes an inconsistency in Prettier version number.
2019-11-18 10:14:21 -05:00
Penar Musaraj
0e759add0f DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
Roman Rizzi
a3df065058
PERF: Do fewer queries when converting posts. (#8358)
- Avoid using User#find and then fetching the user_stat association just to update a counter - We did this for every post in the topic.
- Avoid having to query the topic_allowed_user table everytime we want add a new topic_allowed_user
- Use pluck to fetch just what we need.
2019-11-18 11:04:21 -03:00
David Taylor
172832f353
DEV: Submit forms via type=submit button, not explicit form action (#8368) 2019-11-18 13:26:26 +00:00
Dan Ungureanu
3650c64bca
FIX: Ensure load-more considers current position (#8357)
The loadMore action was not called if user was already at the bottom
of the page.
2019-11-18 15:09:47 +02:00
Dan Ungureanu
352d43b101
FIX: Better handling of Group model state (#8356)
The group card and group members page were affecting each other and were
leaking members list and the query parameters which led to bad UX
experience and sub-optimal performance (client made more queries because
it was loading fewer members).

This commit refactors the group model to make it more consistent, remove
dead code, move error handling outside of model.
2019-11-18 14:59:28 +02:00
romanrizzi
acb8d6f946 Revert "Revert unintended prettier version downgrade"
This reverts commit ee02b7e04d.
2019-11-18 09:32:03 -03:00
romanrizzi
ee02b7e04d Revert unintended prettier version downgrade 2019-11-18 09:30:52 -03:00
David Taylor
1c1c3cae85 FIX: Enter key should submit password reset form, not refresh the page 2019-11-18 11:54:41 +00:00
Joe
84107c61a7
FIX: PM glyph in user-menu should always be shown to staff 2019-11-18 17:25:07 +08:00
Joffrey JAFFEUX
e6442a2d2f
FIX: we don't need to refresh dates so often (#8367) 2019-11-18 10:04:07 +01:00
Joffrey JAFFEUX
45648e46ba
FIX: attempts to be correct about dst when using recurrence (#8366) 2019-11-18 10:02:58 +01:00
Vinoth Kannan
3bb7ad4be1
FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
Vinoth Kannan
4e4844f4db REFACTOR: reduce the number of db queries. 2019-11-18 12:06:13 +05:30
Sam Saffron
79b8c08d45 DEV: give categories-separator class to HR after cateogries
This allows for better styling of the hamburger menu
2019-11-18 17:31:01 +11:00
Martin Brennan
af0cc89b11 Mark upload show paths as is_asset_path (#8365)
* this is to avoid excessive rate limiting, especially
  for secure media on media-heavy topics
2019-11-18 16:56:20 +11:00
Sam Saffron
d28de23ac8 FEATURE: block screaming frog SEO spider by default
This crawler is not respectful and often can make 1000s of reqs a minute.

Block by default, site operators can amend this default if they want to.
2019-11-18 16:48:07 +11:00
Dan Ungureanu
a9704da34c FIX: A pmOnly tag should link to messages (#8361)
isPrivateMessages represents that the tag list is shown in the context
of private messages and pmOnly represents that the tag is used only in
private messages.
2019-11-18 16:44:08 +11:00
Krzysztof Kotlarek
975165f25f
FIX: Don't error CleanUpInactiveUserJob when user is missing (#8362) 2019-11-18 16:14:15 +11:00
Sam Saffron
7d389df5e7 DEV: correct spec to allow for new default
b4bfc27b changes the default so the spec should be changed as well.
2019-11-18 16:05:58 +11:00
Sam Saffron
b4bfc27b19 FEATURE: introduce default application level rate limiting by IP
We have tested rate limiting with admin accounts with block rate limiting for
close to 12 months now on meta.discourse.org.

This has resulted in no degradation of services even to admin accounts that
request a lot of info from the site.

The default of 200 requests a minute and 50 per 10 seconds is very generous.
It simply protects against very aggressive clients.

This setting can be disabled or tweaked using:

DISCOURSE_MAX_REQS_PER_IP_MODE and family.

The only big downside here is in cases when a very large number of users tend
to all come from a single IP.

This can be the case on sites accessing Discourse from an internal network
all sharing the same IP via NAT. Or a misconfigured Discourse that is unable
to resolve IP addresses of users due to proxy mis-configuration.
2019-11-18 15:54:50 +11:00
Sam Saffron
e2ccb0c608 DEV: remove NGINX performance report
This report is no longer supported or tested, it was moved to:

https://github.com/SamSaffron/discourse-nginx-performance-report

The new home for the performance report means this is no longer an official
Discourse plugin
2019-11-18 15:30:57 +11:00
Martin Brennan
af091c49e9
FIX: Ensure revisions are made to store edit reasons and no reasons get wiped (#8363)
* Fix an issue where if an edit was made to a post with a reason provided, and then another edit was made with no reason, the original edit reason got wiped out
* We now always make a post revision (even with ninja edits) if an edit reason has been provided and it is different from the current edit reason

Co-Authored-By: Sam <sam.saffron@gmail.com>
2019-11-18 13:08:54 +10:00
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Vinoth Kannan
56b19ba740 UX: instead of total user count display only the count of users going to be affected.
edec922803
2019-11-18 00:09:38 +05:30
Robin Ward
397852a9a6 FIX: Support for rake db:rollback with plugins
For this to work we need to overwrite `db:rollback` in our Rakefile like
we do for migrate, so that it removes the load_config dependency. This
allows our custom migration paths to work.
2019-11-15 16:38:46 -05:00
Blake Erickson
eb4d8a43e3 DEV: Improve mail-receiver update instructions 2019-11-15 13:57:43 -07:00
Penar Musaraj
99b4f79a90 FIX: Include 5 participants in topic summary 2019-11-15 15:11:09 -05:00
Roman Rizzi
4cf3c9cccb
FEATURE: Filter reviewables by date range (#8354) 2019-11-15 15:29:59 -03:00
Penar Musaraj
20f5a062f4 Fix Prettier in poll plugin 2019-11-15 11:01:22 -05:00
Penar Musaraj
6e74350f18 Fix Prettier again
Not sure how I missed a few files in the last commit
2019-11-15 10:52:06 -05:00
Penar Musaraj
cc8baa1a7c Fix Prettier using correct version (1.19.1) 2019-11-15 10:34:26 -05:00
Penar Musaraj
655e610357 Fix Prettier 2019-11-15 10:28:46 -05:00
Martin Brennan
abf215a0e4 Bump prettier to 1.19.1 and lock dependency (#8350) 2019-11-15 10:07:45 -05:00
Penar Musaraj
16cdf94001 DEV: Fix files targetted by Lefthook Prettier
The previous glob rule was skipping files in sub-subfolders, causing discrepancies between Travis and Jenkins results.
2019-11-15 09:21:51 -05:00
Daniel Waterworth
676a1c8749 FIX: Use this.content.category instead of this.category on navigation-item
this.category isn't always available.
2019-11-15 13:47:55 +00:00
Daniel Waterworth
337fdccfeb DEV: Make context available to ExtraNavItems
This context is available to other NavItems so this makes things more
consistent.
2019-11-15 13:46:49 +00:00
Martin Brennan
5c59247c3a Block enabling force 2FA if local logins disabled & vice-versa (#8355) 2019-11-15 17:05:10 +11:00
Sam Saffron
e7cf4579a8 DEV: improve usability of subfolder specs
Previously people were not consistent about mocking which left internals in
a fragile state when running subfolder specs.

This introduces a simple helper `set_subfolder` which you can use to set
the subfolder for the spec. It takes care of proper configuration of subfolder
and teardown.

```
# usage
set_subfolder "/my_amazing_subfolder"
```

You should no longer stub base_uri or global_settings
2019-11-15 16:48:24 +11:00
Jeff Wong
40d14ba166 Fix the actual failing test 2019-11-14 16:20:45 -08:00
Jeff Wong
25dd045ba5 Fix failing test 2019-11-14 16:11:42 -08:00
Jeff Wong
786fcceb62 Return full URLs in review serializer for both post and topic
Return full URLs, this fixes reviewable links to support subfolder
2019-11-14 15:58:21 -08:00
Blake Erickson
3b16eb7abb FIX: Confirm new email with backup codes enabled
This is a fix for this bug:

https://meta.discourse.org/t/-/133185?u=blake

where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.

Apparently this feature broke during this commit:

68d35b14f4

when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
2019-11-14 16:27:42 -07:00
romanrizzi
ff355ad204 FIX: Don't show bots as post readers 2019-11-14 17:53:52 -03:00
romanrizzi
f87d38fc7c Use correct variable name 2019-11-14 17:46:20 -03:00
Penar Musaraj
067696df8f DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
Penar Musaraj
be15abcf7f DEV: Add RedundantReturn style check to Rubocop 2019-11-14 14:42:36 -05:00
Penar Musaraj
6c16d5762c No need for return in last statement of method 2019-11-14 14:32:22 -05:00