Commit Graph

43541 Commits

Author SHA1 Message Date
Dan Ungureanu
fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
Natalie Tay
4c46c7e334
DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
Jordan Vidrine
09260148b1
DEV: Add cta app event (#15051)
Add app event for when CTA is triggered for anon users
2021-11-25 15:10:26 +11:00
Alan Guo Xiang Tan
db5edc713b
DEV: Make it clear that plugin-api on the client side follows semver. (#15070) 2021-11-25 09:26:28 +08:00
Jarek Radosz
704974da6a
DEV: Allow using incorrect headers with ember-cli (#15085)
Makes it possible to pass-through invalid headers, e.g. `Content-Type: multipart/form-data;;`

That ability regressed with the latest changes.
2021-11-25 00:45:55 +01:00
dependabot[bot]
7ce927eaa8
Build(deps): Bump bootsnap from 1.9.1 to 1.9.3 (#15084)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.9.1...v1.9.3)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-24 22:30:43 +01:00
Robin Ward
c27e324bd1 FEATURE: Support i18n in Ember CLI plugin tests 2021-11-24 15:19:36 -05:00
Jarek Radosz
de3680eb5c
DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
Jarek Radosz
e41f98bf96
DEV: Fix set-after-destroy issues (#15078)
Fixes broken tests on the legacy ember env.
2021-11-24 20:13:52 +01:00
Jarek Radosz
9380c1273e
DEV: Fix another form of sending data in ember-cli (#15079) 2021-11-24 18:54:15 +01:00
Osama Sayegh
8fd10e6414
FIX: Don't crash the browser when tapping autocomplete suggestions on Android/Gboard (#15076)
This is a workaround for an annoying bug that crashes the browser when an autocomplete suggestion is selected on Android if the virtual keyboard is Gboard. It's specific to Gboard because it sometimes sends `keydown` and `keyup` events twice for a single key press, more details can be found here: https://meta.discourse.org/t/emoji-selector-crashes-the-message-editor-in-android-chrome/187009/24?u=osama.
2021-11-24 20:44:46 +03:00
Kerry Liu
ded9fe950a UX: add additional tests for pasting a link on a selection 2021-11-24 12:33:22 -05:00
Kerry Liu
f37bffdf6c UX: when pasting a link use linkify rules 2021-11-24 12:33:22 -05:00
Kerry Liu
0009498901 UX: pasting links on a selection will apply a link format 2021-11-24 12:33:22 -05:00
Jarek Radosz
c75224e3d9
DEV: Update supported node versions (#15073)
13 and 15 are no longer supported by node, and issues with discourse dependencies prevent us from using 17. (for now)
2021-11-24 18:18:35 +01:00
Dan Ungureanu
3f97f884fe
DEV: Fail stop if theme update fails (#15074)
This applies only when a single site exists. If a theme update fails
when there are multiple sites, then it will continue updating the
remaining themes.
2021-11-24 19:12:49 +02:00
Bianca Nenciu
59e0ed8820
FEATURE: Highlight changed tags in post revisions (#15072) 2021-11-24 18:51:25 +02:00
Jarek Radosz
1ab4b1a4a8
DEV: Minor cleanup of create-account tests (#14989) 2021-11-24 16:43:25 +01:00
janzenisaac
8c7cc426b7
FEATURE: Notify responders of post removal (#15049)
- Notify users whose posts were cascade deleted due to a flagged post
2021-11-24 09:28:20 -06:00
Jarek Radosz
9105163882
DEV: Fix the /tests path in ember-cli server (#15075) 2021-11-24 15:34:04 +01:00
Jarek Radosz
e217364a46
DEV: Fix ember-cli proxy issues (#15071)
* DEV: Fix ember-cli proxy compat with node < 16
* DEV: Fix uploading via ember-cli
* DEV: Fix proxying /logs & other CSP-enabled pages
2021-11-24 12:52:25 +01:00
Bianca Nenciu
3ea8937157
FEATURE: Add email normalization rules setting (#14593)
When this setting is turned on, it will check that normalized emails
are unique. Normalized emails are emails without any dots or plus
aliases.

This setting can be used to block use of aliases of the same email
address.
2021-11-24 11:30:06 +02:00
Alan Guo Xiang Tan
a6aff40e4b
DEV: Allow default scope to be configurable per topic. (#15018)
Not exposing this as a plugin API yet as we're testing it out with a
plugin.
2021-11-24 16:40:58 +08:00
Alan Guo Xiang Tan
057ef55684
DEV: Allow callback to be registered to remove post menu button. (#15061)
This will allow buttons in the post menu to be remove based on a post's
attributes or site settings.
2021-11-24 13:26:52 +08:00
Martin Brennan
44be79f095
FIX: Strip Auto-Submitted email header from group SMTP emails (#15057)
Remove Auto-Submitted header for group private message emails, it does
not make sense there and may hurt deliverability.

From https://www.iana.org/assignments/auto-submitted-keywords/auto-submitted-keywords.xhtml:

> Indicates that a message was generated by an automatic process, and is not a direct response to another message.
2021-11-24 10:54:01 +10:00
Jarek Radosz
d40e56272f
DEV: Remove unnecessary requires (#15067)
`auth/*` one was causing warnings (the file was loaded twice)

and `sha1` isn't used anymore here
2021-11-23 23:42:24 +01:00
Jarek Radosz
1c0dcbfd47
DEV: Remove build_test_topic task (#15068)
I don't think anyone is using it anymore
2021-11-23 23:41:49 +01:00
Jarek Radosz
3172e08b6d
DEV: Fix ember-cli proxying to production sites (#15042) 2021-11-23 23:31:54 +01:00
Bianca Nenciu
73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Vinoth Kannan
0ededb1454
UX: timestamp should not hide handle of topic timeline in mobile. (#15066)
Previously, since the space of the timestamp is big in some locales, it blocked the visibility of topic timeline handle in mobile view.
2021-11-23 23:24:58 +05:30
Discourse Translator Bot
563b27b763
Update translations (#15065) 2021-11-23 17:29:39 +01:00
Arpit Jalan
34354353ff
Update email deliverability mail template (#15064) 2021-11-23 18:07:36 +05:30
Dan Ungureanu
fa2fd7fff8
FIX: Do not fail-stop if theme update fails (#15063) 2021-11-23 13:55:09 +02:00
Dan Ungureanu
ff7acc9828
FIX: Git should not prompt for credentials (#15062)
When cloning a public remote repository (no key), git should not prompt
for credentials.
2021-11-23 13:54:51 +02:00
David Taylor
c749b41163
UX: Fallback to regular title if screen-reader title is unavailable (#15048)
c401d641 introduced a new translation key for auth providers, and provided new strings for core providers. However, not all plugins have added this string. This commit makes the screenreader title fallback to the regular title in those cases.
2021-11-23 11:12:54 +00:00
Dan Ungureanu
948a1523ea
FIX: Keep existent tags when editing tag topics (#15050)
Allow current user to keep existent tags when adding or removing a tag.
For example, a user could not remove a tag from a topic if the topic
had another tag that was restricted to a different category.
2021-11-23 13:00:45 +02:00
Alan Guo Xiang Tan
c0f278d358
DEV: Fix flaky specs due to 8226ab1099. (#15060)
The users all shared the same `User#last_seen_at` column so depending on
how the database returned the records, the user that we're interested in
may be excluded from the update query.

Follow-up to 8226ab1099
2021-11-23 15:26:55 +08:00
Natalie Tay
adf6498fe2
FEATURE: Show browser search tip when discourse search shows up in a topic (#15055) 2021-11-23 13:11:17 +08:00
Alan Guo Xiang Tan
8226ab1099
PERF: Updating first unread PM for user not respecting limits. (#15056)
In b8c8909a9d, we introduced a regression
where users may have had their `UserStat.first_unread_pm_at` set
incorrectly. This commit introduces a migration to reset `UserStat.first_unread_pm_at` back to
`User#created_at`.

Follow-up to b8c8909a9d.
2021-11-23 12:51:54 +08:00
Martin Brennan
db4c52ca26
DEV: Add single file progress and cancel for uppy in composer (#15053)
This commit adds handlers for the composer uppy mixin to allow
for cancelling individual file uploads, not just all of them
at once. This is also combined with better tracking of in progress
uploads along with their progress percentage, for UI that needs
to be able to display the progress for individual files and
also cancel individual files.

To use this, a cancel button in the UI should call a function like this:

```javascript
cancelSingleUpload(fileId) {
  this.appEvents.trigger(`${this.eventPrefix}:cancel-upload`, {
    fileId,
  });
},
```

Additionally, the `inProgressUploads` can be shown in the UI. It is an array of objects with the file name, ID, and the progress percentage. We can add more data to this if needed down the line.
2021-11-23 14:00:23 +10:00
Kris
52532758f7
DEV: add plugin outlet before topic list views (#15054) 2021-11-22 22:52:46 -05:00
Natalie Tay
340901c913
DEV: Add if a user is using an Apple device in widget capabilities (#15021)
* Consolidate device capability sniffing in caps
2021-11-23 11:21:31 +08:00
Martin Brennan
49c49e8ae0
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
This takes the uppy chunking algorithm and combines it with some
form submission from resumable.js for parity with the current
backup controller to make local backup uploads work with uppy.
We can then use this to replace the resumable-upload component
and the resumable.js library from our codebase, once stable.

This is disabled by default, so people using local backups will not
be affected. The enable_experimental_backup_uploader site setting
must be enabled for this to work.
2021-11-23 08:45:42 +10:00
dependabot[bot]
377c8d9c8b
Build(deps): Bump sprockets-rails from 3.4.0 to 3.4.1 (#15052)
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.4.0...v3.4.1)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-22 22:25:42 +01:00
Mark VanLandingham
4da23e811b
DEV: Create CookedProcessMixin to process generic cooked (#15029) 2021-11-22 13:32:12 -06:00
Jarek Radosz
68b0fdd2b3
DEV: Fix silence user context message (#15040) 2021-11-22 19:44:20 +01:00
Jarek Radosz
bd2e1a8c38
FIX: Don't hit permalink-check if not authorized (#15039) 2021-11-22 19:44:00 +01:00
Jarek Radosz
ceed48f321
UX: Make banner full-width (#15038) 2021-11-22 19:43:45 +01:00
Dan Ungureanu
d420a7b2c8
DEV: Reuse code for TrustLevelAndStaffSetting (#15044)
The code that checked this permission was duplicated everytime a new
settings of this type was added. This commit changes the behavior of
some functionality because some feature checks were bypassed for staff
members.
2021-11-22 20:18:53 +02:00
RogerBW
fd66df5997
FEATURE: adds uploads scope for API keys (#14941)
* FEATURE: adds uploads scope for API keys

* Add basic test, change "image" to "file"
2021-11-22 10:49:08 -07:00