Commit Graph

171 Commits

Author SHA1 Message Date
MatusMak
5a1bf08d3f
#2492 - Groups filtering & retrieve single endpoint (#3084)
Fixes #2492

* Added api/groups/{id} endpoint for retrieving a single group by its id
* Fixed GroupRepository incorrectly opening query to User instead of Group model
* Added filtering & paging abilities to GET api/groups endpoint
* Added test for sorting for GET api/groups endpoint

Co-authored-by: Alexander Skvortsov <38059171+askvortsov1@users.noreply.github.com>
2021-10-25 11:48:25 -04:00
Alexander Skvortsov
60f0ef0bd5
Handle post rendering errors to avoid bricking (#3061)
Whether it's due to corrupted content, missing tags, caching issues, or other assorted reasons, post content can't be rendered. Currently, this results in an exception that crashes the entire forum and is hard to debug. Instead, we should log the error and show an indicator message that rendering has failed.

Co-authored-by: Sami Mazouz <sychocouldy@gmail.com>
Co-authored-by: David Wheatley <hi@davwheat.dev>
2021-10-14 14:30:18 -04:00
David Wheatley
88724bb4cb
performance(frontend): Preload FontAwesome, JS and CSS (#3057)
* Add preloads support to Document class

* Add frontend extender for asset preloading

* Provide default preloads for FontAwesome

* Add tests for preload extender and default preloads

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Fix typo

* Fix two more typos 🙃

* Preload core JS and CSS

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Reorder preloads

* Remove singular preloads method

* Use filesystem disk driver for getting FA font paths

* Update test to use full URL

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Address review comment

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Fix typo

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Correct callback wrapping

* Update src/Extend/Frontend.php

Co-authored-by: Sami Mazouz <sychocouldy@gmail.com>

* Update src/Extend/Frontend.php

Co-authored-by: Sami Mazouz <sychocouldy@gmail.com>

* Update src/Extend/Frontend.php

* Fix preload extender logic

* Convert base FontAwesome preloads into a Singleton

* Apply fixes from StyleCI

[ci skip] [skip ci]

Co-authored-by: luceos <luceos@users.noreply.github.com>
Co-authored-by: Sami Mazouz <sychocouldy@gmail.com>
Co-authored-by: Alexander Skvortsov <38059171+askvortsov1@users.noreply.github.com>
Co-authored-by: Alexander Skvortsov <sasha.skvortsov109@gmail.com>
2021-09-20 23:12:09 +01:00
Sami Mazouz
f56fc11af9
[1.x] Theme Extender to Allow overriding LESS files (#3008)
This PR introduces the ability to just override a LESS file's contents through an extender.
This is mainly useful for theme development, as there are times in extensively customized themes where overriding the actual file makes a huge difference vs overriding CSS styles which can turn into a maintenance hell real fast.

Overriding styles is more tedious than overriding files. When you're designing an element, you would normally rather start from a blank canvas, than a styled element. With an already styled element you have to first override and undo the styles you do not wish to have, only then can you start shaping it, but even then you'd always end up constantly undoing default styles. This mostly applies for more advanced themes. (example: 851c55516d/less/forum/DiscussionList.less)
2021-09-10 13:45:18 -04:00
Daniël Klabbers
a0152ffb18
Dw/huntr fix path traversal (#2931)
* Fix Huntr vuln with possible directory traversal
* Use `active_url` in Laravel validator
2021-06-21 10:14:15 +02:00
Alexander Skvortsov
2075c7319f Typehint event in console scheduling test case 2021-05-11 23:55:34 -04:00
Alexander Skvortsov
d64750b3eb
Rename viewDiscussions => viewForum, viewUserList => searchUsers (#2854)
This naming is clearer as to the intended effect. Changes include:

- A migration to rename all permissions
- Updating the seed migration to use the original naming from the start
- Replacing usage of the old names with new names in code
- Throwing warnings when the old names are used.
2021-05-11 15:15:27 -04:00
Alexander Skvortsov
104a31ba30
Run API Client requests through middleware (#2783)
- Add integration tests for login and registration
- Use URL instead of controller
- Add fluent API
- Allow setting parent request, user, session
2021-05-10 17:41:38 -04:00
Matt Kilgore
7eea2476ca
Harden Headers (#2721)
* Basic security headers

* Remove XSS Header (not relevent)

* Fix config name

* Use Arr::get()

* Add tests

* Re-fix the StoreConfig step for fresh installs

Co-authored-by: luceos <luceos@users.noreply.github.com>
Co-authored-by: Alexander Skvortsov <askvortsov1@users.noreply.github.com>
2021-05-03 12:42:06 -04:00
Alexander Skvortsov
9711af42ae Apply fixes from StyleCI
[ci skip] [skip ci]
2021-05-03 05:36:06 +00:00
Alexander Skvortsov
d12d52918b Use latest version of settings package
This allows us to get rid of hacks for configuring settings and config
2021-05-03 01:35:46 -04:00
Alexander Skvortsov
b45519974a
Switch to ICU MessageFormat (#2759) 2021-04-30 12:44:39 -04:00
Alexander Skvortsov
eb4b18a979 Combine search tests
#b62debf031f1d3aec9cb5e92d9df54cb8ab3a3b1 and #b6f0b01307884b11388eff1ae2d814b7f57715aa
 both added/improved searching tests, but did so in separate files. As a result, the tests did not consider each other, and when both were merged, started failing. This commit combines the tests into one file that tests both order and search in titles.
2021-04-20 19:16:59 -04:00
Alexander Skvortsov
1f2411e15e
Fix searching titles in discussions (#2698)
* Fix searching titles in discussions

* Apply fixes from StyleCI

* Fix tests

* Distinct by discussion ID

* Replace distinct with groupBy

Co-authored-by: Alexander Skvortsov <askvortsov1@users.noreply.github.com>
2021-04-20 18:52:14 -04:00
Alexander Skvortsov
5e2340bf10
Fix registering custom searchers, allow searchers without fulltext (#2755) 2021-04-19 16:59:53 -04:00
Alexander Skvortsov
c84939b19c
Filesystem Extender and Tests (#2732) 2021-04-19 16:25:08 -04:00
Sami Mazouz
39a6106854
Add unparse to Formatter extender (#2780) 2021-04-14 11:34:49 +01:00
Alexander Skvortsov
b6f0b01307
Fix relevance sort (#2773)
- Adds a field to QueryCriteria that determines whether the sort provided is the controller's default sort
- Set this field to true iff sort not in query params. Default it to false
- Override $sort if a new default sort has been set on search state, and the param is true.
- Add tests!
2021-04-11 22:21:56 -04:00
Sami Mazouz
548f1321f1
Require unique route names (#2771) 2021-04-10 20:38:25 +01:00
Alexander Skvortsov
40dc6d0feb
Preloaded API document Improvements (#2754)
* Invalidate preloadedApiDocument if URL has changed
* Revert to using `getRouteData()[0]`
2021-04-07 23:25:01 +01:00
Sami Mazouz
1c4817a0b3
Eager loading extender (#2724)
* Eager loading extender
* Add tests for the eager loading extender
2021-03-25 15:36:39 +01:00
Sami Mazouz
d642fb531c
Improve ApiSerializer tests (#2733)
The ApiSerializerTest was added before the ApiController extender, so I used a workaround at the time to check for the existence of the relationships on the serializer.
2021-03-23 17:33:51 -04:00
Alexander Skvortsov
8dd57ffed2 Include task scheduler in core 2021-03-19 18:01:38 -04:00
Alexander Skvortsov
908d087e00
Remove deprecated code from beta 16 (#2705) 2021-03-19 19:13:50 +01:00
Alexander Skvortsov
db0d8e89c7 Make filter mutator API consistent with search mutator API.
This is inline with the docblock for the Filter extender, and is much more sensible.
2021-03-11 23:12:49 -05:00
Alexander Skvortsov
91e8b56961 Add deprecated "user" filter for posts
In the filterer refactor for ListPostsController, the filter key was changed to `author` for consistency with the AuthorFilterGambit used in discussions. This commit adds a deprecated `user` filter back in for a release to allow for a graceful transition
2021-03-08 16:20:26 -05:00
Alexander Skvortsov
2c3e1f9923
Use flarum/testing for test infrastructure (#2545) 2021-03-07 16:32:41 -05:00
Daniël Klabbers
84ded0ce50
Laravel components v8 (#2576)
- update actions ci
- include json for 4 spaces tab
- provide output int for process code exit
- adhere to parent type hint of builder
- mailer instance now needs a name, multiple can be instantiated
- getOriginal now uses mutators in the model
- Temporarily loosen MailableInterface requirements. This avoids an immediate BC break for classes in extensions that implement this interface.
- Temporarily provide (and autoload) old symfony translator interface
- make queue exception handler compatible with the contract of L8
- Update phpunit schema for newer version
- Update phpunit assert calls for newer version
2021-03-05 09:43:35 -05:00
Clark Winkelmann
08ba2599d7
Refactor Access Tokens (#2651)
- Make session token-based instead of user-based
- Clear current session access tokens on logout
- Introduce increment ID so we can show tokens to moderators in the future without exposing secrets
- Switch to type classes to manage the different token types. New implementation fixes #2075
- Drop ability to customize lifetime per-token
- Add developer access keys that don't expire. These must be created from the database for now
- Add title in preparation for the developer token UI
- Add IP and user agent logging
- Delete all non-remember tokens in migration
2021-03-04 16:50:38 -05:00
Blake Payne
8eef7230e9
Updated GroupFilterGambit to prevent hidden groups being visible wher… (#2657)
Updated GroupFilterGambit to prevent hidden groups being visible where they shouldn't be and to ensure that only the selected groups are returned on a search. Fixes #2559
2021-03-04 10:08:12 -05:00
Clark Winkelmann
6e01c47c11
Restrict who can use the lastSeenAt user sort (#2634) 2021-03-02 09:59:14 -05:00
Alexander Skvortsov
a9526917b8
Query Namespace (#2645)
Move shared classes in search and filter namespaces to a new query namespace
2021-03-02 09:57:40 -05:00
Matt Kilgore
9627eb73f1
User edit permission tightening (#2620)
- Split user edit permision into edit attributes, edit credentials, and edit groups
- Only Admins can edit Admin Credentials
- Only Admins can Promote/Demote to/from Admin
2021-03-01 15:52:29 -05:00
Alexander Skvortsov
458a5cc6be
Use filterer for ListPostsController (#2479) 2021-02-28 14:06:07 -05:00
Sami Mazouz
ea840ba594
Allow overriding routes (#2577) 2021-02-28 14:01:30 -05:00
Alexander Skvortsov
023871ef86
Search Filter Split, Use Same Controller (#2454) 2021-02-24 11:17:40 -05:00
Alexander Skvortsov
509adf228a
Refactor password checker, add extender (#2176) 2021-02-22 17:08:36 -05:00
Robert Korulczyk
c4ebebe48e
Move locale files from language pack to core (#2408) 2021-02-17 16:23:13 -05:00
Alexander Skvortsov
76d6442557
Simple Flarum Search Extender and tests (#2483) 2021-02-10 09:59:23 -05:00
Sami Mazouz
0595aba76a
Rename ApiSerializer's mutate to attributes (#2578) 2021-02-05 13:21:36 -05:00
Alexander Skvortsov
8366ec720e
Deprecate GetModelIsPrivate, replace with extender (#2587) 2021-02-04 10:56:10 -05:00
Daniël Klabbers
65b5c2043c
PHP 8 support, cookie unit tests (#2507) 2021-01-26 17:53:28 -05:00
Alexander Skvortsov
40b918e139 Remove deprecated API events 2021-01-23 16:48:22 -05:00
Alexander Skvortsov
e2335e867d Remove deprecated policy and visibility scoping events 2021-01-20 15:21:30 -05:00
Alexander Skvortsov
a10da427ff Remove deprecated CSRF wildcard path match 2021-01-20 12:01:52 -05:00
Alexander Skvortsov
9493e6230d NotificationTest: Rely on adminUser from installation 2021-01-19 17:05:53 -05:00
Sami Mazouz
927ea4eec5
Add Notification extender beforeSending method (#2533) 2021-01-19 14:40:19 -05:00
Alexander Skvortsov
9b2d7856d1
Add subscribe method to event extender (#2535)
Historically, extensions using subscribers has caused problems because subscribers were constructed/applied at extension boot. This caused some classes (e.g. UrlGenerator) to be resolved early, breaking parts of Flarum. For this reason, subscriber support wasn't included in the initial version of the Event extender.

However, updating extensions has shown that there is a legitimate use case for subscribers in organizing clean code; for instance, core's own `DiscussionMetadataUpdater`.

This commit introduces support for subscribers, but only applies them after the app has booted, which avoids the early resolution issues. Since event listeners/subscribers are only intended to be used with domain events, which would never be dispatched during app boot, the late activation of subscribers should not cause issue.
2021-01-15 20:33:29 -05:00
Alexander Skvortsov
e5f277e640 Apply fixes from StyleCI
[ci skip] [skip ci]
2021-01-09 00:36:07 -05:00
Alexander Skvortsov
4bac667dfd Fix fulltext search tests
Under InnoDB, database entries created in transactions are not processed by fulltext indexes until the transaction is committed. To work around this, cases that test fulltext search have been split off into a separate class that adds and removes seed discussions/posts outside of transactions during setUp/tearDown.
2021-01-09 00:35:55 -05:00