Commit Graph

44467 Commits

Author SHA1 Message Date
Kris
cd616900e5
FEATURE: allow moderators to bulk change ownership (#15997) 2022-02-18 14:28:27 -05:00
Jarek Radosz
efb7e19325
PERF: Load all common passwords in one go (#15986)
Revert "BUGFIX: use a more widely compatible version of sadd"

This reverts commit aa577f11fd.

I think the compatibility might not be a problem anymore, after 8 years? 😃
2022-02-18 19:47:15 +01:00
Jarek Radosz
45cc16098d
DEV: Move spec/components to spec/lib (#15987)
Lib specs were inexplicably split into two directories (`lib` and `components`)

This moves them all into `lib`.
2022-02-18 19:41:54 +01:00
jbrw
cf545be338
FIX: Increase FinalDestination MAX_REQUEST_SIZE_BYTES (#15998)
The default of 1Mb was preventing some valid Onebox requests from successfully completing.

Increasing this to 5Mb should reduce the number of unexpected failures.
2022-02-18 13:37:31 -05:00
Jarek Radosz
32087be531
DEV: Remove DiscourseRedis.namespace (#15993)
It was soft-deprecated 7 years ago.
2022-02-18 18:44:22 +01:00
Bianca Nenciu
38cbca3f67
FIX: Count clicks on links with query params (#15969)
This did not work sometimes if a topic had the same URL with and without
query params because it did not try to select the best matching URL.
2022-02-18 14:47:56 +02:00
Bianca Nenciu
53f9a1a469
FEATURE: Add settings to scale daily flags limit (#15983)
Similar site settings exist for likes and edits and the new ones work
in a similar way.

By default, users below TL2 have a limit of 20, the limit is increased
by 1.5 for TL2 users up to 30, by 2 for TL3 users up to 40 and by 3 for
TL4 users up to 60.
2022-02-18 14:44:32 +02:00
David Taylor
f2762114e0
PERF: Reduce anon_polling_interval to match long_polling_interval (#15992)
The 5s difference was causing anon clients to have ~5s gaps between their long-polling requests. On busy sites, this could be enough time for them to build up a backlog, which then becomes much more expensive for us on the server-side.
2022-02-18 10:53:14 +00:00
Vinoth Kannan
b9d943220d
UX: display post count badge even when user has only two posts. (#15990)
Previously, it only displayed the badge when a user has 3 or more posts.
2022-02-18 09:03:32 +05:30
Michael Brown
a312b9ae88 FIX: ReplyByEmailAddressValidator should leverage EmailAddressValidator
Since we already have perfectly sensible logic for validating email addresses,
let's leverage that and simplify the logic while we're at it.

Emails with spaces are no longer permitted (why were they?)
2022-02-17 21:49:22 -05:00
Michael Brown
3bf3b9a4a5 DEV: pull email address validation out to a new EmailAddressValidator
We validate the *format* of email addresses in many places with a match against
a regex, often with very slightly different syntax.

Adding a separate EmailAddressValidator simplifies the code in a few spots and
feels cleaner.

Deprecated the old location in case someone is using it in a plugin.

No functionality change is in this commit.

Note: the regex used at the moment does not support using address literals, e.g.:
* localpart@[192.168.0.1]
* localpart@[2001:db8::1]
2022-02-17 21:49:22 -05:00
Jarek Radosz
e54b70460e
UX: Fix alignment on full page search (#15988)
Also removed the max-width, because it unnecessarily wrapped the topic title at an earlier point than the snippet below it.
2022-02-18 02:12:47 +01:00
Jarek Radosz
aaf432df86
DEV: Remove mock_redis (#15985)
Was used just in one spec file. And we prefer to run specs against a real redis server.
2022-02-18 01:14:38 +01:00
Martin Brennan
6a5ef27eaa
DEV: Move text area surround code out of d-editor (#15950)
This commit moves _getMultilineContents and _applySurround into
TextareaTextManipulation, so other text area components using
that mixin can benefit from them (such as the chat composer).

It also creates a public function wrapper for many TextareaTextManipulation
functions that should not have underscore prefixes because they are
used outside the file. Will make follow-up PRs for each plugin/theme using
those functions then a final follow-up core PR to fix these up.
2022-02-18 08:56:37 +10:00
Jordan Vidrine
c92e62a271
UX: Styleguide changes & color variable additions (#15984) 2022-02-17 14:39:29 -06:00
Vinoth Kannan
45c404a6c7
FIX: update can_see_members attribute after leaving a group. (#15982)
After leaving a group, it is trying to reload its member list. Previously, when the members_visibility_level attribute has a value of 2 or higher, it displayed an error popup since the can_see_members attribute was not updated.
2022-02-17 23:07:59 +05:30
Penar Musaraj
9249e98697
UX: Change styling of admin bulk invite button (#15981) 2022-02-17 17:10:08 +01:00
dependabot[bot]
bf46a4ac54
Build(deps): Bump faraday from 1.9.3 to 1.10.0 (#15976)
Bumps [faraday](https://github.com/lostisland/faraday) from 1.9.3 to 1.10.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v1.9.3...v1.10.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 16:50:37 +01:00
dependabot[bot]
1939c2e07f
Build(deps): Bump stackprof from 0.2.17 to 0.2.18 (#15975)
Bumps [stackprof](https://github.com/tmm1/stackprof) from 0.2.17 to 0.2.18.
- [Release notes](https://github.com/tmm1/stackprof/releases)
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.17...v0.2.18)

---
updated-dependencies:
- dependency-name: stackprof
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 16:49:10 +01:00
David Taylor
ffcd2e9faf
FIX: Handle nil values in DistributedCache#defer_get_set (#15978)
Themes often cache `nil` values in a DistributedCache. This bug meant that we were re-calculating some values on every request, AND triggering message-bus publishing on every request.

This fix should provide a significant performance improvement for busy sites.
2022-02-17 14:52:14 +00:00
David Taylor
df96374700
UX: Add 'update' to theme error message (#15977) 2022-02-17 14:21:18 +00:00
David Taylor
d2de058ff5
PERF: Bump message_bus to 4.1 (#15973)
This includes significant upstream performance improvements. For details, see 984009119e
2022-02-17 10:26:55 +00:00
Osama Sayegh
dd6ec65061
FEATURE: Centralized 2FA page (#15377)
2FA support in Discourse was added and grown gradually over the years: we first
added support for TOTP for logins, then we implemented backup codes, and last
but not least, security keys. 2FA usage was initially limited to logging in,
but it has been expanded and we now require 2FA for risky actions such as
adding a new admin to the site.

As a result of this gradual growth of the 2FA system, technical debt has
accumulated to the point where it has become difficult to require 2FA for more
actions. We now have 5 different 2FA UI implementations and each one has to
support all 3 2FA methods (TOTP, backup codes, and security keys) which makes
it difficult to maintain a consistent UX for these different implementations.
Moreover, there is a lot of repeated logic in the server-side code behind these
5 UI implementations which hinders maintainability even more.

This commit is the first step towards repaying the technical debt: it builds a
system that centralizes as much as possible of the 2FA server-side logic and
UI. The 2 main components of this system are:

1. A dedicated page for 2FA with support for all 3 methods.
2. A reusable server-side class that centralizes the 2FA logic (the
`SecondFactor::AuthManager` class).

From a top-level view, the 2FA flow in this new system looks like this:

1. User initiates an action that requires 2FA;

2. Server is aware that 2FA is required for this action, so it redirects the
user to the 2FA page if the user has a 2FA method, otherwise the action is
performed.

3. User submits the 2FA form on the page;

4. Server validates the 2FA and if it's successful, the action is performed and
the user is redirected to the previous page.

A more technically-detailed explanation/documentation of the new system is
available as a comment at the top of the `lib/second_factor/auth_manager.rb`
file. Please note that the details are not set in stone and will likely change
in the future, so please don't use the system in your plugins yet.

Since this is a new system that needs to be tested, we've decided to migrate
only the 2FA for adding a new admin to the new system at this time (in this
commit). Our plan is to gradually migrate the remaining 2FA implementations to
the new system.

For screenshots of the 2FA page, see PR #15377 on GitHub.
2022-02-17 12:12:59 +03:00
megothss
c71c107649
FIX: Don't accept accents in slug if generation_method == 'ascii' (#15702)
* FIX: Don't accept accents in slug if generation_method == 'ascii'

Fixes bug reported in:
- https://meta.discourse.org/t/404-when-trying-to-edit-category-with-accent-in-slug/214762
- https://meta.discourse.org/t/formatting-and-accents-in-urls/215734/5

Assuming `SiteSetting.slug_generation_method == 'ascii'.

If the user provides a slug containing non-ascii characters while
creating the category, the user will receive a 404 error just
after saving the category since the slug will be escaped anyway but
Category.find_by_slug_path won't escape the category slug
causing the Edit Page of the category to be inaccessible.

This commit checks the provided slug and raises an error if the
provided slugcontains non-ascii characters ensuring that the
provided value is consistent with the site settings.

It also changes Category.find_by_slug_path to always escape the slug,
since if present, it is escaped anyway in Category.ensure_slug to
prevent the 404 in the Edit Category Page in case the user already
have some category with a non-ascii slug.

* Removed trailing whitespace
2022-02-17 13:46:06 +11:00
Krzysztof Kotlarek
a7d43cf1ec
FEATURE: mute subcategory when parent category is muted (#15966)
When parent category or grandparent category is muted, then category should be muted as well.

Still, it can be overridden by setting individual subcategory notification level.

CategoryUser record is not created, mute for subcategories is purely virtual.
2022-02-17 00:42:02 +01:00
Dan Ungureanu
effbd6d3e4
FEATURE: Show error if invite to topic is invalid (#15959)
This can happen if the topic to which a user is invited is in a private
category and the user was not invited to one of the groups that can see
that specific category.

This used to be a warning and this commit makes it an error.
2022-02-16 18:35:02 +02:00
Kris
34e2ed6d76
Revert "A11Y: Use dynamic type scaling on iOS devices (#15967)"
This reverts commit 9be2717e3b.
2022-02-16 10:01:58 -05:00
Kris
9be2717e3b
A11Y: Use dynamic type scaling on iOS devices (#15967) 2022-02-16 09:06:08 -05:00
Gerhard Schlager
6394d7cddf
DEV: Improve phpBB3 import script (#15956)
* Optional import of custom user fields from phpBB 3.1+
* Optional import of likes from phpBB3
  Requires the phpBB "Thanks for posts" extension
* Fix import of bookmarks from phpBB3
* Update `created_at` of existing user
* Support mapping of phpBB forums to existing Discourse categories
  This is in addition to the ability of merging phpBB forums and importing into newly created Discourse categories.
2022-02-16 13:04:31 +01:00
David Taylor
e945f301d1
PERF: Skip running 'auto_leave' during every PresenceChannel method (#15970)
These calls were originally introduced to ensure that any stale users were cleaned up regularly. This is quite an expensive process to run on every `GET /presence/get` call, and will also cause errors during readonly mode.

Since the original introduction of this logic, we added the `Jobs::PresenceChannelAutoLeave` which runs every minute. That should be enough to clean up any stale users.

Note that users which explicitly `leave` a channel are still removed immediately. This auto_leave logic just takes care of clients which have disappeared without leaving.
2022-02-16 11:18:13 +00:00
David Taylor
a170c8e708
DEV: Allow access to ember-computed-decorators under ember-cli (#15945)
This was deprecated in Discourse 2.4, but no end version was put on the deprecation. Many plugins/themes are still using it. This commit restores it under ember-cli so that it does not block the Ember CLI rollout, and can be removed in a future commit.
2022-02-16 11:16:28 +00:00
Bianca Nenciu
5eaf214594
FEATURE: New plugin API to check if upload is used (#15545)
This commit introduces two new APIs for handling unused uploads, one
can be used to exclude uploads in bulk when the data model allow and
the other one excludes uploads one by one.
2022-02-16 09:00:30 +02:00
Bianca Nenciu
add4b74e08
FIX: Load short upload URLs only once (#15918)
Loading did not work when it was used for multiple posts. Only the
short URLs from the first post were loaded.
2022-02-16 08:57:20 +02:00
Martin Brennan
2d30dd439f
DEV: Add chat_quoted notification type (#15968)
This is needed for the notification sent when quoting
chat messages inside a post.
2022-02-16 15:22:08 +10:00
Vinoth Kannan
1ea19a4d51
FIX: unable to filter user directory when sorted by user field. (#15951)
Since the "users" table is already added in the "includes" method it gives unexpected results while using it again in the "joins" method.
2022-02-16 07:57:35 +05:30
Alan Guo Xiang Tan
6c374cf158
DEV: Improve ArgumenError raised in PostOwnerChanger. (#15907)
Currently, it doesn't provide any context about the arguement which
caused the error.
2022-02-16 12:52:20 +11:00
Martin Brennan
f9ec2b90a0
DEV: Drop user_stats count column constraints (#15949)
We added this constraint in 5bd55acf83
but it is causing problems in hosted sites and is catching the
issue too far down the line. This commit removes the constraint
for now, and also fixes an issue found with PostDestroyer
which wasn't using the UserStatCountUpdater when updating post_count
and thus was causing negative numbers to occur.
2022-02-16 12:49:11 +11:00
Sam
33a0ad1b69
PERF: introduce site/global emoji cache (#15899)
Previously calls such as `Emoji["smile"]` would force a full dehydration of
objects from Redis.

This introduces a version safe site and global emoji cache so lookups are
cheap. It eliminates iterating through the list of emojis and pulling from
redis.

Distributed cache uses a normalized name as the key and stores an Array tuple
with version and Emoji. Successful hits always confirm version matches.

Interface to Emoji object remains unchanged.

We opted for 2 caches to improve reuse on multisites. misses though will be
stored in both caches. If there is a hit on the global cache we can avoid
looking up in site local cache and storing a miss there.
2022-02-16 12:46:17 +11:00
Kris
c9419b51a3
UX: prevent user menu overflow on tiny screens (#15964) 2022-02-15 20:13:11 -05:00
Kris
af73405958
UX: control whitespace on categories topic list (#15965) 2022-02-15 20:01:23 -05:00
Gerhard Schlager
c6265eec6b
UX: Use autocomplete="off" for date-picker (#15963) 2022-02-16 09:37:51 +11:00
dependabot[bot]
0650b25563
Build(deps): Bump rails_failover from 0.7.3 to 0.8.1 (#15962)
Bumps [rails_failover](https://github.com/discourse/rails_failover) from 0.7.3 to 0.8.1.
- [Release notes](https://github.com/discourse/rails_failover/releases)
- [Changelog](https://github.com/discourse/rails_failover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/rails_failover/compare/v0.7.3...v0.8.1)

---
updated-dependencies:
- dependency-name: rails_failover
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:37:19 +01:00
dependabot[bot]
6c220c18c1
Build(deps): Bump rack-protection from 2.1.0 to 2.2.0 (#15961)
Bumps [rack-protection](https://github.com/sinatra/sinatra) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/sinatra/sinatra/releases)
- [Changelog](https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinatra/sinatra/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: rack-protection
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:31:50 +01:00
dependabot[bot]
4a701cf79e
Build(deps): Bump msgpack from 1.4.4 to 1.4.5 (#15960)
Bumps [msgpack](https://github.com/msgpack/msgpack-ruby) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/msgpack/msgpack-ruby/releases)
- [Changelog](https://github.com/msgpack/msgpack-ruby/blob/master/ChangeLog)
- [Commits](https://github.com/msgpack/msgpack-ruby/compare/v1.4.4...v1.4.5)

---
updated-dependencies:
- dependency-name: msgpack
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:30:48 +01:00
Bianca Nenciu
6b393d62c6
DEV: Update lefthook (#15911)
This version includes binaries for ARM64 used for Apple's M1.
2022-02-15 19:57:13 +02:00
David Taylor
94a47d037f
PERF: Reduce number of EXPIRE calls from CachedCounting (#15958)
Previously we were calling `EXPIRE` every time we incremented a given key. Instead, we can call EXPIRE once when the key is first populated. A LUA script is used to make this as efficient as possible.

Consumers of this Concern use daily keys. Since we're now calling EXPIRE only at the beginning of the day, rather than throughout the day, the expire time has been increased from 3 to 4 days.
2022-02-15 16:55:21 +00:00
David Taylor
11c93342dc
DEV: Consolidate Redis evalsha logic into DiscourseRedis::EvalHelper (#15957) 2022-02-15 16:06:12 +00:00
Dan Ungureanu
dd5373cc4c
FIX: Do not increase invite count for current user (#15952)
The current user could redeem an invite created by themselves.
2022-02-15 17:35:58 +02:00
Rafael dos Santos Silva
d83da596be
FIX: Redis may not be availiable on Redis initializer (#15955) 2022-02-15 15:25:22 +00:00
Mark VanLandingham
2644813c99
FIX: Tag show - hide no topics footer until there are no topics (#15756) 2022-02-15 08:45:55 -06:00