Dan Ungureanu
ff93c4b2f4
DEV: Fix tests
2020-01-15 15:57:37 +02:00
Dan Ungureanu
31701b7549
DEV: Fix failing 2FA tests
2020-01-15 15:27:21 +02:00
Dan Ungureanu
c2d051315d
FIX: Create post notices only for public posts ( #8708 )
...
This also ensures only public posts are considered when creating post
notices for new and returning users.
2020-01-15 11:40:19 +01:00
Régis Hanol
c4817e9ee9
DEV: lint 💅
2020-01-15 11:36:33 +01:00
Martin Brennan
66f2db4ea4
SECURITY: 2FA with U2F / TOTP
2020-01-15 11:27:12 +01:00
Martin Brennan
c3cd2389fe
SECURITY: use strict JSON parsing when parsing backup metadata
2020-01-15 11:24:41 +01:00
Régis Hanol
5d75f90b27
FIX: group membership leak
...
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
Joffrey JAFFEUX
ac865112a3
FIX: ensures group-navigation states changes when route changes ( #8724 )
2020-01-15 10:13:07 +01:00
Joffrey JAFFEUX
f4744193bd
FEATURE: allows to define a dissmiss duration on global notices ( #8715 )
...
This commit also adds more documentation to various options and defines a 1 week duration for IE global notice dismiss duration.
2020-01-15 09:02:28 +01:00
Joffrey JAFFEUX
ec1aeb8a55
FIX: ensures secondary menu of user notifications mobile nav reloads ( #8716 )
2020-01-15 09:01:44 +01:00
Kris
b1508a6f44
UX: Improve appearance of lists and user fields in mobile bios
2020-01-14 16:33:50 -05:00
Mark VanLandingham
5df0ef1e98
FIX: Update user-selector excluded usernames after insert ( #8711 )
2020-01-14 10:28:35 -06:00
Gerhard Schlager
c351ffe580
FEATURE: Add hidden setting to disable configuration of inventory bucket
2020-01-14 17:23:12 +01:00
David Taylor
12d2fe7ff6
UX: Ensure all generated backup codes are displayed on the screen
2020-01-14 15:33:27 +00:00
David Taylor
4fdfc2665d
FIX: Update featured badge ranking when mass-awarding badges
...
Follow-up to cff6e941de
2020-01-14 14:39:20 +00:00
David Taylor
cff6e941de
PERF: Cache ranks for featured badges, to simplify user serialization ( #8698 )
2020-01-14 14:26:49 +00:00
Gerhard Schlager
e474cda321
REFACTOR: Restoring of backups and migration of uploads to S3
2020-01-14 11:41:35 +01:00
Joffrey JAFFEUX
f10078eab4
FIX: moves back padStart/padEnd to core polyfills ( #8714 )
...
Multiple users are on chrome 56 when this is only supported on chrome 57. Given it's only few lines of code, it makes sense to keep supporting this.
2020-01-14 10:54:39 +01:00
Rimian Perkins
609625fa18
Make version the same as install docs ( #8713 )
...
https://github.com/techAPJ/install-rails/blob/master/mac
2020-01-14 12:33:37 +11:00
romanrizzi
d3091edcea
UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view
2020-01-13 15:53:41 -03:00
Robin Ward
e4a85e2a80
Minor tweaks to badge CSV upload
2020-01-13 12:44:22 -05:00
David Taylor
4e8aaacce8
UX: Update IE11 deprecation warning, and enable by default
2020-01-13 17:01:28 +00:00
dependabot-preview[bot]
4773cf2933
Build(deps): Bump onebox from 1.9.24 to 1.9.25 ( #8707 )
...
Bumps [onebox](https://github.com/discourse/onebox ) from 1.9.24 to 1.9.25.
- [Release notes](https://github.com/discourse/onebox/releases )
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md )
- [Commits](https://github.com/discourse/onebox/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-13 19:57:16 +05:30
Roman Rizzi
d69c5eebcf
Feature: Mass award badge ( #8694 )
...
* UI: Mass grant a badge from the admin ui
* Send the uploaded CSV and badge ID to the backend
* Read the CSV and grant badge in batches
* UX: Communicate the result to the user
* Don't award if badge is disabled
* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.
* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Sam Saffron
eb105ba79d
DEV: revert upgrade of rack to version 2.0.8
...
We can not upgrade rack cause it breaks Sidekiq web.
I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.
We need to figure out how to reuse sessions with our Rails application in
Sidekiq.
This gets extra complex cause we use a special cookie store for sessions.
9e399b42b9/lib/discourse_cookie_store.rb (L3-L21)
2020-01-13 18:07:16 +11:00
Martin Brennan
9e399b42b9
DEV: Remove redundant admin_login route, share with email_login
2020-01-13 12:10:07 +10:00
dependabot-preview[bot]
d50eb82d51
DEV: Bump rack from 2.0.8 to 2.1.1 ( #8702 )
...
Bumps [rack](https://github.com/rack/rack ) from 2.0.8 to 2.1.1.
- [Release notes](https://github.com/rack/rack/releases )
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rack/rack/compare/2.0.8...2.1.1 )
On a cursory look none of the changes should impact Discourse, we want to be on latest rack so we can benefit from all the latest bug fixes.
2020-01-13 12:09:50 +11:00
dependabot-preview[bot]
33a9d60569
DEV: Bump shoulda-matchers from 4.1.2 to 4.2.0 ( #8689 )
...
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers ) from 4.1.2 to 4.2.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases )
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/master/NEWS.md )
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v4.1.2...v4.2.0 )
Mostly about updating gem dependencies, only used in dev, very safe upgrade.
2020-01-13 12:04:31 +11:00
dependabot-preview[bot]
69779f79d9
DEV: Bump pg from 1.2.1 to 1.2.2 ( #8685 )
...
Bumps [pg](https://github.com/ged/ruby-pg ) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/ged/ruby-pg/releases )
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc )
- [Commits](https://github.com/ged/ruby-pg/compare/v1.2.1...v1.2.2 )
Very safe upgrade, Discourse is not impacted by any of the changes.
2020-01-13 12:02:44 +11:00
dependabot-preview[bot]
c9327fce12
Build(deps-dev): Bump minitest from 5.13.0 to 5.14.0 ( #8703 )
...
Bumps [minitest](https://github.com/seattlerb/minitest ) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/seattlerb/minitest/releases )
- [Changelog](https://github.com/seattlerb/minitest/blob/master/History.rdoc )
- [Commits](https://github.com/seattlerb/minitest/compare/v5.13.0...v5.14.0 )
Very safe change only impacts our test framework.
2020-01-13 12:01:40 +11:00
Sam Saffron
d8412f409a
DEV: resolve symlinks in docker dev
...
symlinks where not fully resolved leading to docker not booting when you
had symlinks in the plugins directory pointing at relative paths.
2020-01-13 10:33:34 +11:00
Blake Erickson
1a31a403ce
DEV: Remove buffered-render file
...
This is the last and final commit in a multi-commit refactor to remove
all uses of buffered-render.
Previous commit: fc94b6cb9e
in this
series.
2020-01-10 18:19:23 -07:00
Robin Ward
648a1124eb
FIX: Specs with old filename
2020-01-10 15:29:35 -05:00
Robin Ward
72c3f36e58
Add optional file to precompile list
2020-01-10 15:14:32 -05:00
Robin Ward
556d66a97c
FIX: Use CDN for the discourse-internet-explorer
...
Previously the CDN was skipped because the assets were not in the proper
place to be uploaded.
2020-01-10 15:06:55 -05:00
Penar Musaraj
687c79ca1c
FIX: Remove padding while composer is saving
...
Padding on `#main-outlet` while compooser was in "saving" state was causing posts to bounce after replying.
2020-01-10 12:57:16 -05:00
Mark VanLandingham
7ee09aa0d2
FIX: Ran prettier on user-selector-test ( #8700 )
2020-01-10 09:27:41 -08:00
Mark VanLandingham
5898afaa73
FEATURE: pass in excluded usernames to user-selector ( #8695 )
2020-01-10 09:02:43 -08:00
Rafael dos Santos Silva
5a70f50032
FEATURE: Use new Badging API
...
Now that the spec is finished use the unprefixed API, which was also moved
from window to navigator.
Still uses feature detection so it fail gracefully when not available in
the user agent.
2020-01-10 13:41:35 -03:00
dependabot-preview[bot]
3ddebc61a9
Build(deps): Bump public_suffix from 4.0.2 to 4.0.3 ( #8663 )
...
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby ) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/weppos/publicsuffix-ruby/releases )
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/4.0.2...4.0.3 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-10 10:04:54 -05:00
dependabot-preview[bot]
aa9450646b
Build(deps-dev): Bump test-prof from 0.10.1 to 0.10.2 ( #8676 )
...
Bumps [test-prof](https://github.com/palkan/test-prof ) from 0.10.1 to 0.10.2.
- [Release notes](https://github.com/palkan/test-prof/releases )
- [Changelog](https://github.com/palkan/test-prof/blob/master/CHANGELOG.md )
- [Commits](https://github.com/palkan/test-prof/compare/v0.10.1...v0.10.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-10 10:03:56 -05:00
dependabot-preview[bot]
d0cd08a67c
Build(deps): Bump parser from 2.7.0.1 to 2.7.0.2 ( #8686 )
...
Bumps [parser](https://github.com/whitequark/parser ) from 2.7.0.1 to 2.7.0.2.
- [Release notes](https://github.com/whitequark/parser/releases )
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/whitequark/parser/compare/v2.7.0.1...v2.7.0.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-10 10:03:11 -05:00
Dan Ungureanu
815116f6a2
FIX: Make 'findBySlugPathWithID' when URL ends with a slash ( #8699 )
...
Make URLs such as 'https://discourse/c/foo/bar/ ' work the same way
'https://discourse/c/foo/bar ' does.
2020-01-10 17:02:36 +02:00
dependabot-preview[bot]
6e480392ea
Build(deps): Bump aws-sdk-core from 3.86.0 to 3.87.0 ( #8696 )
...
Bumps [aws-sdk-core](https://github.com/aws/aws-sdk-ruby ) from 3.86.0 to 3.87.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-core/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-10 10:01:57 -05:00
Joffrey JAFFEUX
5ce602ecea
FIX: prevents url of file from being pasted when pasting file on iOS ( #8693 )
2020-01-10 08:39:01 +05:30
Martin Brennan
cb660ef952
SECURITY: Improve second factor auth logic
2020-01-10 10:45:56 +10:00
Kris
dd52291fb7
UX: Center featured topic on mobile profiles
2020-01-09 16:35:34 -05:00
Kris
ef9828b25d
UX: Remove reliance on JS for category box links
2020-01-09 16:25:41 -05:00
Robin Ward
dcbe527a82
FIX: Don't log a claimed topic database error during tests
...
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
Robin Ward
d043a4c6fe
FIX: Stop logging errors in postgres on reviewable conflict
...
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.
This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
2020-01-09 12:04:17 -05:00