Commit Graph

278 Commits

Author SHA1 Message Date
Rafael dos Santos Silva 39c31a3d76
FEATURE: Protect against replay attacks when using TLS 1.3 0-RTT (#8020) 2019-08-23 11:52:47 -03:00
Vinoth Kannan 839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Sam fa2a5f6f56
FEATURE: SKIP_DB_AND_REDIS env var (#7756)
Sometimes we would like to create a base image without any DB access, this
assists in creating custom base images with custom plugins that already
includes `public/assets`

Following this change set you can run:

```
SPROCKETS_CONCURRENT=1 DONT_PRECOMPILE_CSS=1 SKIP_DB_AND_REDIS=1 RAILS_ENV=production bin/rake assets:precompile
```

Then it is straight forward to create a base image without needing a DB or
Redis.
2019-06-13 12:58:27 +10:00
Guo Xiang Tan cf235fbd48 Fix bundler not requiring default group. Follow up to a2babcafd8. 2019-05-02 13:25:17 +08:00
Guo Xiang Tan a2babcafd8 DEV: Don't require non production bundler assets in production. 2019-05-02 10:53:12 +08:00
Sam 15857b900a DEV: explicitly require Rails components
`rails/all` includes too much stuff per: https://github.com/rails/rails/blob/master/railties/lib/rails/all.rb

This commit makes it explicit what pieces of Rails Discourse depends on.

Previously the LoadError was protecting us and we were excluding components,
using the Gemfile, this method ensures that even if we add `rails` meta gem
as a dependency only the parts of Rails Discourse uses will be used.
2019-02-06 17:45:48 +11:00
David Taylor 49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Kyle Zhao 80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao e25b3965a7 do not overwrite hostname in development (#6623) 2018-11-20 14:34:02 +11:00
Kyle Zhao 5f754b43f1
extract inline `onpopstate` handler on 404 page (#6613) 2018-11-15 13:35:38 -05:00
Sam e7001f879a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Sam 173408d72f DEV: correctly force Ruby version 2.5.2 and up 2018-11-09 18:36:18 +11:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Kyle Zhao acba7d2a5d Extract `discourse_javascript.html.erb` to a scrip include
* extract omniauth auth complete inline JS

* extract Ember error logging inline JS

* transpile `authentication-complete`

This is CSP related work
2018-10-09 16:50:45 +11:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao f666d72606 extract inline JS for google tag manager 2018-09-17 09:56:00 +10:00
Guo Xiang Tan d788555994 DEV: Manage pretender with yarn. 2018-09-07 16:01:49 +08:00
Sam f3549291a3 DEV: use unicorn in development
This commit also cleans up a bunch of pointless noise each time we boot app

- narrative was loading i18n cause redefinition of consts
- discourse.rb was loaded twice as was auth
- bin/unicorn now does all the smart things and boots unicron in dev
- bin/rails s will boot unicorn with no params
- remove bin/puma which only causes confusion
2018-08-07 17:13:47 +10:00
Robin Ward c08c725c54 Allow plugins to omit base locales if they want 2018-06-22 09:46:23 -04:00
Sam 66982c7800 FIX: stop using Rails connection reaper in multisite
The Rails 5.2 connection reaper appears to be leaking threads
this is a quick fix to stop it, though we need to make sure we
never leak connection pools as well.
2018-06-14 12:49:30 +10:00
Guo Xiang Tan 8a2c5fbebb Remove unused lines. 2018-06-11 08:44:41 +08:00
Sam 39bfd836c6 FEATURE: do not boot Ruby if not on 2.4 or up 2018-05-22 09:21:47 +10:00
Sam 54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Sam 12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Neil Lalonde 5b356e446a FIX: subfolder support was broken 2018-01-15 15:42:31 -05:00
Sam 2113266e51 Simplify complex conditional, add frozen strings 2018-01-15 12:44:54 +11:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Guo Xiang Tan 7b8699f3be FIX: Can't load `service-worker.js` in production. 2017-11-28 15:40:57 +08:00
Sam 7ca08216bd FIX: ensure we have no dangling db connections on threads
This correct 10 second timeouts in dev mode, when reloader kicks in
2017-10-30 14:24:15 +11:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward 954d753d5d FIX: Sidekiq wouldn't start up in development mode 2017-08-18 10:04:52 -04:00
Robin Ward 39cfffce2d Reload lib in development mode only 2017-08-16 11:14:49 -04:00
Robin Ward f200d52324 Revert "Autoload lib folder to pick up more changes in development mode"
This reverts commit 156347ea7a.
2017-08-13 14:31:13 -04:00
Robin Ward 156347ea7a Autoload lib folder to pick up more changes in development mode 2017-08-13 14:17:53 -04:00
Régis Hanol 6b13d74868 FIX: ensure we always reload TopicView and TopicList in dev 2017-08-12 04:22:22 +02:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward ad04d188ae FIX: Precompile errors for wizard tests 2017-07-27 12:08:10 -04:00
Robin Ward 6a8f5d497e Revert "FIX: We need to precompile the wizard test helper"
This reverts commit 39e394de15.
2017-07-27 11:51:04 -04:00
Robin Ward 39e394de15 FIX: We need to precompile the wizard test helper 2017-07-27 11:42:11 -04:00
Sam 234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
Sam cfef100ed7 FIX: ignore loose .es6 files during precompile
also corrects precompile statement to include preload store
2017-04-17 11:04:00 -04:00
Sam 0bb96e2536 FIX: stop double compiling all hbs files 2017-04-14 15:53:17 -04:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Guo Xiang Tan bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Robin Ward b60bc47a4c Plugins can register providers for global settings 2017-01-09 17:18:58 -05:00
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam 019f1a1d06 UserEmailObserver is now removed
no big surprises here was pretty straightforward

after_commit semantics sure are weird though
2016-12-22 16:46:53 +11:00
Sam 2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Robin Ward e03d5e2140 Reapply Ember 2.10 for good this time!
This reverts commit ddd299f4aa.
2016-12-19 11:19:10 -05:00
Robin Ward ddd299f4aa Revert "Revert "Revert Ember 2.10+ for a short while""
This reverts commit 76bbc481cb.
2016-12-16 10:29:30 -05:00
Robin Ward 76bbc481cb Revert "Revert Ember 2.10+ for a short while"
This reverts commit 21682fd60b.
2016-12-16 09:52:29 -05:00
Robin Ward 21682fd60b Revert Ember 2.10+ for a short while 2016-12-15 16:43:38 -05:00
Robin Ward 28699e66d8 Revert "REVERT: Ember 2.10 -- it's not building properly"
This reverts commit 600541c623.
2016-12-15 10:28:15 -05:00
Robin Ward 600541c623 REVERT: Ember 2.10 -- it's not building properly 2016-12-12 16:19:05 -05:00
Robin Ward a808bcb0b8 Upgrade to Ember 2.10 2016-12-12 14:44:29 -05:00
Guo Xiang Tan ae047c39a4 FIX: Set generators test framework to RSpec. 2016-12-08 14:27:38 +08:00
Sam f4c754b389 FEATURE: split JavaScript application bundle, so plugins live in own file
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Robin Ward 0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Guo Xiang Tan 41a22b8c5a FIX: Don't sanitize API username so that we can potentially identify the source. 2016-08-25 16:32:11 +08:00
Rimian Perkins 50bb2d52c5 filter alpi_username from logs 2016-08-24 12:58:24 +10:00
Rimian Perkins d81344c488 filter out api key 2016-08-23 10:13:15 +10:00
Robin Ward bba0fd0654 REFACTOR: PreloadStore to ES6 2016-07-11 12:57:05 -04:00
Robin Ward a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Guo Xiang Tan 256d7a00e9 Update sprockets. (#4167)
* Update sass-rails.

* FIX: Tilt dependency has been removed from Ember::Handlebars::Template.

* Update `DiscourseIIFE` to new Sprockets API.

* `Rails.application.assets` returns `nil` in production.

* Move sprockets-rails out of the assets group.

* Pin ember-rails to 0.18.5 which works with Sprockets 3.x.

* Update sprockets to 3.6.0.

* Make `DiscourseSassCompiler` work with Sprockets 3.

* Use `Sass::Rails::SassImporterGlobbing` instead of haxxing our own.

* Moneky patch so that we don't add dependencies for our custom css.

* FIX: Missing class.

* Upgrade ember-handlebars-template.

* FIX: require path needs to share the same root as the folder's path.

* Bump discourse-qunit-rails.

* Update ember-template-compiler.js to 1.12.2.

* `prepend` is private in Ruby 2.0.0.
2016-04-18 10:47:52 +08:00
Guo Xiang Tan 90fde5053d FIX: Load Redis patch much earlier. 2016-03-11 17:29:00 +08:00
Sam 5ebffc0c94 remove template compiler, handle it in another way 2015-11-25 15:45:36 +11:00
Sam d6c925600f temporarily add back compiler while figuring out a better system 2015-11-25 15:11:57 +11:00
Sam 0844350308 correct production mode due to ember loading changes 2015-11-25 13:57:10 +11:00
Sam 613761d1cd FEATURE: upgrade to Rails 4.2.4 2015-09-23 15:24:30 +10:00
Sam 5539ea701c disable image optim railstie for now, we run it manually 2015-05-29 13:23:11 +10:00
Sam 90eaad336d FEATURE: allow users to pick a CDN for s3 assets 2015-05-26 11:13:12 +10:00
Régis Hanol bb0c2813ac FEATURE: generate (avatar) thumbnails in a background task
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar

PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Arthur Neves d2b1cc55b9
Disable raise_in_transactional_callbacks for now 2015-04-28 23:20:08 -04:00
Arthur Neves 439d0d2e37
Check Rails.version instead of ENV
Like that we can have code that works on multiple Rails versions, and we
dont need to mix a new method on Kernel.
Also, this makes easier to have multiple versions.
For instance, before master was 4.2, which is not the case anymore, so
on the code we should check versions and not Environment variables
2015-04-28 22:27:47 -04:00
Régis Hanol 4a9587fa23 FIX: auto-load all plugin locales so that they can be used in PrettyText 2015-04-09 17:04:14 +02:00
Sam a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Sam f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Robin Ward 3aa165d3b6 Provides the ability to skip minification of some JS assets. 2015-02-20 15:51:38 -05:00
Hongli Lai (Phusion) 3afda54d22
Run after_fork hooks correctly on Phusion Passenger 2014-12-22 15:59:07 +01:00
Godfrey Chan b1a0cd417d Avoid a deprecation warning by poly-filling #deliver_now and #deliver_now 2014-11-10 01:05:46 -08:00
Robin Ward ff5c4550fb Change default timezone to UTC. 2014-10-27 11:31:36 -04:00
Neil Lalonde 6b41c6b335 add permalinks route constraint 2014-08-29 11:28:16 -04:00
Sam 911b8647cf FIX: Revert permalink support until implemented correctly 2014-08-29 17:06:14 +10:00
Sam c07d76677d Merge pull request #2701 from riking/email-pr-ssl
Rename POP3 settings, fix multisite SSL state leak
2014-08-29 10:02:05 +10:00
Neil Lalonde 14890a6002 FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects. 2014-08-28 15:58:24 -04:00
riking 6d357c9c23 Rename pop3s settings to pop3, remove 'insecure' 2014-08-26 17:03:58 -07:00
Akshay b4e38e5646 updated checks of environment with Rails.env by Rails.env methods 2014-08-18 15:36:47 +05:30
Scott Walkinshaw 7e2aa5acfb Move discourse_plugin to lib 2014-07-23 00:03:48 -04:00
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Sam 6019e3f257 FIX: remove hardcoding from middleware stack so we can control it 2014-07-10 17:01:21 +10:00
Sam 5032c96486 FIX: disable x accl redirect for CDN assets
We need to keep headers in tact
2014-07-10 16:32:46 +10:00
Sam 103e2ebba9 FIX: properly support sendfile on all routes
FIX: disable unused etags
2014-07-10 15:18:51 +10:00
Régis Hanol 6b45b635f8 FIX: properly whitelist <code> classes needed for syntax highlighting 2014-07-09 16:27:47 +02:00
Sam 724b36fe0d We need pry in development 2014-05-27 10:08:03 +10:00
Sam 1aa200788c Monkey patching, not required. 2014-05-14 10:20:23 +10:00
Robin Ward c3ccc3e309 Transpile ES6 even without node, just using rubyracer 2014-05-08 11:35:33 -04:00
Sam 0334179c6e give logster its own redis connection 2014-05-08 06:52:59 +10:00
Sam 4af0aa9cbc logster integration (in production as well) 2014-05-07 08:24:15 +10:00
Sam 692f099807 Remove uneeded hack 2014-05-07 08:24:15 +10:00
Vikhyat Korrapati 33307a50b3 Get rid of plugins.css, inject it using DiscourseSassImporter. 2014-04-09 19:42:43 +05:30
Benjamin Kampmann d22df7731d Allow plugins to ship custom styles only for mobile
- adds another :mobile-flag to register_assets
- adds test for plugin registering of assets
- load plugins when on desktop and plugins_mobile when on mobile
2014-04-07 16:33:35 +02:00
Sam bd7d1e62f6 BUGFIX: we need to precompile plugins.css ... otherwise there be dragons 2014-04-02 11:58:02 +11:00
Robin Ward b0a130db86 Precompile break_string 2014-03-20 14:50:34 -04:00
Stephan Kaag f12925887c Drop Rails3 support 2014-02-17 19:42:08 +01:00
Vikhyat Korrapati 6acc5c19e7 Use LOAD_PLUGINS=1 instead of LOAD_PLUGINS=true for consistency. 2014-02-05 10:50:28 +05:30
Vikhyat Korrapati 102352e205 Add rake task for running plugin tests. 2014-02-02 01:52:53 +05:30
Sam abe814412e Source DB config more cleanly, fixes issues with socket in prd 2014-01-15 12:08:35 +11:00
Régis Hanol 8d73b7f94d BUGFIX: hide sensitive site settings 2014-01-06 13:03:53 +01:00
Sam b703d8c77a BUGFIX: redis-rails has always been a problem child
implemented an ActiveSupport::Cache::Store for our internal use.
* allows for expire by family
* works correctly in multisite
* namespaced correctly

Removed redis-rails from the project, no longer needed
2014-01-06 16:50:04 +11:00
Robin Ward cab6a3f339 Don't forget to precompile the embed css 2013-12-31 18:12:07 -05:00
Sam d150bc20cf no need to remove what is not there 2013-12-31 15:12:07 +11:00
Sam b67a3a85dd split js with vendor/application
avoid one huge js bundle and instead break it down
to application and vendor (3rd party) our app changes
a lot, vendor changes a lot less
2013-12-23 10:32:07 +11:00
Sam 7b8d2547d0 globals now implemented and documented 2013-12-20 16:17:21 +11:00
Neil Lalonde c91d1624cf Oops, add browser-update to config.assets.precompile 2013-11-27 14:41:35 -05:00
Sam 7603faa20d add rbtrace for production tracing 2013-11-20 10:10:12 +11:00
Régis Hanol 291acca4fa autoload server/client locales in plugins 2013-11-19 16:42:28 +01:00
Régis Hanol a01b423263 remove empty plugin.rb file 2013-11-13 16:14:22 +01:00
Sam e5202b19c0 fix for emoji precompile 2013-11-06 22:39:28 +11:00
Neil Lalonde adba0c2996 Avoid deprecation warning about whitelist_attributes in rails 4 2013-11-05 15:47:43 -05:00
Sam da62a10b77 work around regression in ruby head 2013-10-28 15:13:10 +11:00
Sam 28a0cb494a rails 4 upgrade
rack lock is trouble, nuke it out of orbit
more aggressive suicide for forked sidekiq
2013-10-10 14:23:24 +11:00
Robin Ward be0ce08cc2 Ember Upgrade: 1.0 2013-10-01 11:16:27 -04:00
Sam f0a122a66c move job files so they live underneath app/ and not in lib/
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
Sam 6af1e12cc1 after_initialize callback for plugins 2013-09-17 10:24:15 +10:00
Sam 6ca6853392 disable XML params, they are just used by malicious bots to determine if we have XML vuls. 2013-09-16 12:58:26 +10:00
Neil Lalonde eb0442159c Precompile the new css files 2013-09-05 17:31:19 -04:00
Sam 818bf1355d PluginStore for plugin specific bits of storage
Amended plugin interfaces so they work with the vk sample
2013-08-26 12:59:17 +10:00
Sam 213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Stephan Kaag a6b4b5dbf2 Replace Clockwork with Sidetiq 2013-08-14 21:39:40 +02:00
Robin Ward 4a0ea7f776 Upgrade jQuery to 2.0.3 2013-08-01 11:58:22 -04:00
Sam 160107a712 working plugin interface for custom openid auth, custom css and custom js 2013-08-01 16:02:43 +10:00
Doug Alcorn 35a2bb7919 Parameterize the PBKDF2 algorithm in application config
http://meta.discourse.org/t/sso-between-discourse-and-xmpp/8567/5
2013-07-22 21:36:01 -04:00
Sam 9e4b0df7ff 69 specs fail in rails 4 now ...not too bad 2013-07-22 15:07:20 +10:00
Robin Ward d466d11e71 Ember RC6 update 2013-07-16 10:35:18 -04:00
Sam 21bfb64a28 added EMBED_CLOCKWORK so users can embed clockwork scheduling inside another process 2013-07-09 11:01:51 +10:00
Robin Ward ad6705cca7 Update Ember to latest master (RC5) 2013-06-10 10:14:42 -04:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Robin Ward a3d62fdf69 Temporarily roll back ember rc5. We identified some things we need to fix. 2013-06-06 01:25:43 -04:00
Robin Ward a0bd51862e Upgrade Ember to RC5. Disabled a deprecation warning that I believe is in error. 2013-06-05 12:07:18 -04:00
Sam 8874c9ea75 Add message format support that can be used on complex localization strings
Add message about new and unread topics at the bottom of topics
move localization helper into lib
2013-05-30 16:49:57 +10:00
Matt Van Horn 806255b3c4 refactor Topic validation
introduce a couple of custom validators
fix minor discrepancies in tests
copy I18n error message keys to default location
clean up validation invocation
move some responsibilities out of validator into class
2013-05-22 22:31:52 -07:00