Commit Graph

54481 Commits

Author SHA1 Message Date
Penar Musaraj 1b53f3ac21
FIX: password reset with security key
This regressed in 0434112. No fix here yet, this is a draft PR with a
passing test (but it is incomplete).
2024-06-05 15:35:09 -04:00
Joffrey JAFFEUX 729063e485
FIX: ensures invalid OTP blocks submit (#27352) 2024-06-05 14:45:16 -04:00
Jarek Radosz 12661ece97
DEV: Run flake check only on discourse/discourse (#27350)
script/get_github_workflow_run_job_id.rb would fail on forks anyway
2024-06-05 18:30:37 +02:00
Jarek Radosz b618d08d36
DEV: Search for `-gnu` gem variants (#27347)
> Platform names with a *-linux suffix are aliases for *-linux-gnu

Should fix the ffi upgrade issue
2024-06-05 14:58:02 +02:00
Jarek Radosz fb812a48ab
DEV: Fix invalid hbs syntax in tests (#27348)
Followup to 26198fb328

also removes superfluous whitespace
2024-06-05 14:08:15 +02:00
Jarek Radosz da162639fa
DEV: Update browserslist (#27344)
(and do the yarn deduplication dance)
2024-06-05 13:30:50 +02:00
Jarek Radosz 26198fb328
DEV: Fix incorrect hbs syntax in tests (#27345) 2024-06-05 13:28:22 +02:00
Selase Krakani f2c4474c1e
DEV: Improve user generic bulk importer anonymization (#27307)
* DEV: Improve user generic bulk importer anonymization

Add support for properly anonymizing:
 - email
 - date_of_birth
 - location
 - website
 - bio

* DEV: Remove uneeded anon username check in `import_user_emails`
2024-06-05 11:25:17 +00:00
dependabot[bot] c67f810a4b Build(deps): Bump rails_failover from 2.0.1 to 2.1.0
Bumps [rails_failover](https://github.com/discourse/rails_failover) from 2.0.1 to 2.1.0.
- [Changelog](https://github.com/discourse/rails_failover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/rails_failover/compare/v2.0.1...v2.1.0)

---
updated-dependencies:
- dependency-name: rails_failover
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-05 09:54:58 +02:00
Alan Guo Xiang Tan 82383ea776
DEV: Avoid unique validation in `UserPasswordExpirer.expire_user_password` (#27343)
This commit updates the `UserPasswordExpirer.expire_user_password`
method to update `UserPassword#password_expired_at` when an existing
`UserPassword` record exists with the same `password_salt`,
`password_hash` and `password_algorithm`. This is to prevent the unique
validation error on `UserPassword#user_id` and
`UserPassword#password_hash` from being raised when the method is called
twice for a user that has not changed its password.
2024-06-05 15:22:40 +08:00
Martin Brennan 748240ce3b
FIX: Pluralisation for short password count (#27342)
Followup 0434112aa7,
when I introduced the pluralisation for the
password.too_short message I didn't change the
key name to `count`, which is necessary.
2024-06-05 16:20:48 +10:00
Martin Brennan 0434112aa7
UX: Streamline reset password page (#27341)
This commit includes various UX improvements to the reset
password page:

* Introduce a `hide-application-header-buttons` helper to do the following:
  * Hide Sign Up and Log In buttons, they are not necessary on this flow
  * Hide the sidebar, it is a distraction on this flow
* Improve messaging when a 2FA confirmation is required first
* Improve display of server-side ActiveRecord model validation errors
  in password form, e.g. instead of "is the same as your current password"
  we do "The password is the same as your current password"
* Move password tip to next line below input and move caps lock hint
  inline with Show/Hide password toggle
* Add system specs for 2FA flow on reset password page
* Fixes a computed property conflict issue on the password reset
   page when toggling 2FA methods
2024-06-05 15:22:59 +10:00
Krzysztof Kotlarek aa88b07640
FEATURE: the ability to change the order of flags (#27269)
Continued work on moderate flags UI.
In this PR admins are allowed to change the order of flags. The notify user flag is always on top but all other flags can be moved.
2024-06-05 13:27:06 +10:00
Krzysztof Kotlarek c1ecbb8d28
UX: move users link to the top of the admin sidebar (#27339)
Before, users link was in the community section.
2024-06-05 12:49:46 +10:00
Alan Guo Xiang Tan 9ff0805a1d
DEV: Monkey patch `Selenium::WebDriver::Platform.localhost` to retry (#27335)
On Github Actions, system tests which uses `Capybara#using_session` are
failing intermittently with the error "Socket::ResolutionError: getaddrinfo: Temporary failure in name resolution"
when `Selenium::WebDriver::Platform.localhost` tries to resolve
`localhost`.

Too much time has been spent trying to figure out why so we are giving
up here and just retrying the resolution of `localhost` on Github
Actions.
2024-06-05 07:54:15 +08:00
Alan Guo Xiang Tan 9705bd6cbe
DEV: Update Rails to 7.0.8.4 (#27337)
Resolves 2 CVEs that has been determined to not affect us but upgrading
anyway.
2024-06-05 07:53:45 +08:00
Kris 9404459188
UX: prevent twitter like/retweet counts from wrapping (#27333) 2024-06-04 16:55:50 -04:00
Discourse Translator Bot a5c06f0b2c
Update translations (#27321) 2024-06-04 21:44:04 +02:00
Kris a4001548d8
UX: fix only-emoji size in user-stream excerpts (#27330) 2024-06-04 14:59:43 -04:00
Jarek Radosz a50a5cd157
Revert "Build(deps): Bump ffi from 1.16.3 to 1.17.0 (#27310)" (#27331)
This reverts commit 8789b19aed.

Temporary revert as we work out compatibility issues with a private plugin that uses ffi
2024-06-04 20:46:59 +02:00
Jarek Radosz e57fe1e994
DEV: Remove uses of `@on` from native classes (#27327)
Fixes a deprecation warning introduced in a64f021f49 and removes all uses of `@on` in native classes. (those are unnecessary)
2024-06-04 20:16:05 +02:00
Jarek Radosz bbdf14828b
DEV: Check lifecycle props in Presence service (#27328)
This may or may not fix flakes in `Unit | Service | presence` tests
2024-06-04 20:15:27 +02:00
Kris 4236aa0851
UX: add space between revision avatar and username (#27329) 2024-06-04 12:48:16 -04:00
Kris 14f81490ec
UX: fix mobile read state alignment (#27323) 2024-06-04 09:40:41 -04:00
Jarek Radosz 0b7563b804
DEV: Fix the order of operations in themes-frontend (#27317)
Previously "themes frontend" CI job would:

1. pull compatible versions of themes that happened to be in the base image
2. clone all official themes (overriding the compatible versions from 1.)
3. run tests
2024-06-04 15:16:44 +02:00
Jarek Radosz c972a31819
DEV: Fix typos and formatting (#27320) 2024-06-04 15:16:24 +02:00
Mark VanLandingham d42a1c8885
DEV: Pass recipient email address to message_builder modifiers (#27308) 2024-06-04 08:00:30 -05:00
David Taylor 0ddad8fc64
Revert "DEV: Update action syntax for routes/application.js (#27282)" (#27318)
This reverts commit 0b10e335ae.

I realised that some of these actions are overridden in themes/plugins, so this is going to cause problems (especially because modifyClass doesn't currently work well with the `@action` decorator)
2024-06-04 13:44:19 +01:00
David Taylor 0b10e335ae
DEV: Update action syntax for routes/application.js (#27282) 2024-06-04 13:38:24 +01:00
David Taylor d02e40e989
DEV: Update action syntax for `routes/discourse.js` (#27283) 2024-06-04 13:37:18 +01:00
David Taylor aa37be3323
UX: Use regular reset-password flow for expired passwords (#27316)
This makes it more obvious what's happening, and makes it much less likely that users will send repeated reset emails (and thereby hit the rate limit)

Followup to e97ef7e9af
2024-06-04 12:47:33 +01:00
dependabot[bot] f0539afb02
Build(deps-dev): Bump rubocop-rspec from 2.29.2 to 2.30.0 (#27311)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.29.2 to 2.30.0.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.29.2...v2.30.0)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 12:02:42 +02:00
dependabot[bot] 8789b19aed
Build(deps): Bump ffi from 1.16.3 to 1.17.0 (#27310)
Bumps [ffi](https://github.com/ffi/ffi) from 1.16.3 to 1.17.0.
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ffi/ffi/compare/v1.16.3...v1.17.0)

---
updated-dependencies:
- dependency-name: ffi
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 12:02:30 +02:00
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314)
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00
Kris 30f55cd64b
UX: improve search result consistency (#27289) 2024-06-04 15:34:21 +10:00
Krzysztof Kotlarek eebf332025
FEATURE: expand the admin sidebar when filtering (#27312)
Even when the admin sidebar sections are collapsed, they should expand while filtering. When the filter is removed, sections should go back to the previous state.

In addition, trim whitespace from the filter section.
2024-06-04 12:23:21 +10:00
dependabot[bot] 472c02bda8
Build(deps-dev): Bump lefthook from 1.6.14 to 1.6.15 (#27309)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.14 to 1.6.15.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.14...v1.6.15)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 06:47:40 +08:00
Jan Cernik 625c715856
FIX: Lazy TikTok embeds height in chat (#27306) 2024-06-03 11:20:47 -03:00
David Taylor a64f021f49
DEV: Convert user-posts-stream to native class syntax (#27278)
This is the final model in Discourse core to be converted
2024-06-03 15:03:50 +01:00
Jarek Radosz adeda6c6a5
FIX: Restore cmd+click ability in topic-info (#27305) 2024-06-03 16:01:20 +02:00
David Taylor 29b826c8f7
DEV: Convert DiscourseURL to native class syntax (#27284) 2024-06-03 14:59:05 +01:00
David Taylor a3d0a9edbb
DEV: Convert almost all routes to native class syntax (#27281)
Only remaining ones are `routes/discourse.js` and `routes/application.js`. Those two both contain legacy `actions: {}` hashes which need to be updated before being converted to native class syntax.
2024-06-03 14:58:53 +01:00
Gerhard Schlager 602ef2c819 FIX: Store special characters in permalink URL as encoded characters
see https://meta.discourse.org/t/permalink-not-working-with-cyrilics-symbols/301130
2024-06-03 13:20:24 +02:00
Gerhard Schlager 9061282515 FIX: Permalinks with external URL didn't work with subfolders 2024-06-03 13:20:24 +02:00
Gerhard Schlager 387e906610 REFACTOR: All kinds of permalinks should return relative URLs
Mixing relative and absolute URLs is unnecessary and confusing.
2024-06-03 13:20:24 +02:00
David Battersby 4e80c9eb13
FIX: chat direct message group user limit is off by 1 (#27014)
This change allows the correct number of members to be added when creating a group direct message, based on the site setting chat_max_direct_message_users.

Previously we counted the current user within the max user limit and therefore the count was off by 1.
2024-06-03 12:11:49 +04:00
Joffrey JAFFEUX 82cccf89e1
DEV: attempts to remove using_session patch (#27292)
I suspect it's not useful anymore, if it ever was, and might cause more harm than good.
2024-06-03 09:38:03 +02:00
Osama Sayegh fed9055818
DEV: Remove admin-revamp and introduce foundations for admin config (#27293)
This commit removes the `/admin-revamp` routes which were introduced as a part of an experiment to revamp the admin pages. We still want to improve the admin/staff experience, but we're going to do them within the existing `/admin` routes instead of introducing a completely new route.

Our initial efforts to improve the Discourse admin experience is this commit which introduces the foundation for a new subroute `/admin/config` which will house various new pages for configuring Discourse. The first new page (or "config area") will be `/admin/config/about` that will house all the settings and controls for configuring the `/about` page of Discourse.

Internal topic: t/128544
2024-06-03 10:18:14 +03:00
Alan Guo Xiang Tan aec892339e
DEV: Add rspec tests for `SignalTrapLogger` (#27302)
Follow-up to 23c38cbf11
2024-06-03 13:40:21 +08:00
Alan Guo Xiang Tan d68983e060
DEV: Use same `Socket.getaddrinfo` arguments as selenium-webdriver (#27301)
Follow up to c408b53689. We need better
debugging information
2024-06-03 13:11:40 +08:00