Commit Graph

45113 Commits

Author SHA1 Message Date
Roman Rizzi 48417b59d6
FIX: Return a 404 when a sitemap request doesn't have a format (#16506) 2022-04-19 11:07:25 -03:00
David Taylor 90f4e0230e
DEV: Update browser policy to include iOS 12 (#16503) 2022-04-19 14:58:57 +01:00
Discourse Translator Bot 4ec6af064a
Update translations (#16505) 2022-04-19 15:45:09 +02:00
Joe e0c663c20d
UX: Improves select-kit body placement when vertical space is short (#16504)
1. When the select-kit body is rendered, it defaults to being displayed under the triggering select-kit header, unless...

    there isn't enough space between the bottom of the select-kit header and the bottom of the viewport 
    & 
    there's enough space on top of the select-kit header, and in that case, we render it on top.

2. We give it a bit of padding on top, so it never renders below the header on the Z-axis. 

14778ba52e/app/assets/javascripts/select-kit/addon/components/select-kit.js (L877-L884)

3. If there isn't enough space between the bottom of the viewport and the bottom of the select-kit header, and there isn't enough space between its top and the bottom of `d-header`, it renders at the bottom of the select-kit header.

In theory, number 3 above rarely ever happens. However, it can occur in the case of the user preferences page in combination with a large select-kit body (many categories).

The select-kit body then renders below the trigging select-kit header, but it's cut off. Users won't be able to see the entire select-kit body. 

Here's an example 

a719734d92.mp4

This PR adds a "prevent overflow" modifier to Popper. What it does is that it handles the case above.

If there's not enough space below the select-kit header or above it, render the select-kit body below the select-kit header BUT... anchor it to the bottom of the viewport. 

Here's what that looks like

32cd1639bb.mp4

After this fix, even very large select-kit bodies will always be on the screen. 

Please note that this PR has no impact on either number 1 or number 2 above, and those will continue to function as they currently do. 

The only downside here is that the select-kit body might cover the select-kit header if it needs to be anchored at the bottom of the viewport, and it's very large. However, between that and not being able to see all the options, I think it's a fair compromise. There's only so much space in the viewport. 

This PR ignores mobile because we have a different placement strategy. We use `position: absolute`... so, users can scroll the viewport if needed.
2022-04-19 21:13:54 +08:00
Joffrey JAFFEUX 54812992ae
REFACTOR: badge-button (#16500)
- drops jquery
- uses native class syntax
- tagless
- tests
- removes unnecessary alias
2022-04-19 15:01:28 +02:00
Joffrey JAFFEUX 01727da9b0
REFACTOR: admin-user-field-item (#16499)
- drops jquery
- removes a deprecation caused by overriding a computed property (isEditing)
- adds basic tests
- drops observers
- uses @action
- tagless
2022-04-19 13:31:43 +02:00
David Taylor 137e06a316
FIX: Ensure 'crop' always returns requested dimensions (#16437)
Previously, 'crop' would resize the image to have the requested width, then crop the height to the requested value. This works when cropping images vertically, but not when cropping them horizontally.

For example, trying to crop a 500x500 image to 200x500 was actually resulting in a 200x200 image. Having an OptimizedImage with width/height columns mismatching the actual OptimizedImage width/height causes some unusual issues.

This commit ensures that a call to `OptimizedImage.crop(from, to, width, height)` will always return an image of the requested width/height. The `w x h^` syntax defines minimum width/height, while maintaining aspect ratio.
2022-04-19 11:21:24 +01:00
Martin Brennan c841e34b62
FIX: Check if bookmarkable column exists before adding (#16497)
Because in 8040b95e8c we removed
a previous post migrate file, some people may not have had those
original polymorphic bookmark columns removed, and the migration
from this PR running will cause duplicate column errors.

cf. https://meta.discourse.org/t/duplicatecolumn-and-multisite-migrate-failed/224480
2022-04-19 12:01:18 +10:00
Martin Brennan c6c633e041
FIX: Issues with incorrect unread and private message topic tracking state (#16474)
This commit fixes two issues at play. The first was introduced
in f6c852b (or maybe not introduced
but rather revealed). When a user posted a new message in a topic,
they received the unread topic tracking state MessageBus message,
and the Unread (X) indicator was incremented by one, because with the
aforementioned perf commit we "guess" the correct last read post
for the user, because we no longer calculate individual users' read
status there. This meant that every time a user posted in a topic
they tracked, the unread indicator was incremented. To get around
this, we can just exclude the user who created the post from the
target users of the unread state message.

The second issue was related to the private message topic tracking
state, and was somewhat similar. Whenever a user created a new private
message, the New (X) indicator was incremented, and could not be
cleared until the page was refreshed. To solve this, we just don't
update the topic state for the user when the new_topic tracking state
message comes through if the user who created the topic is the
same as the current user.

cf. https://meta.discourse.org/t/bottom-of-topic-shows-there-is-1-unread-remaining-when-there-are-actually-0-unread-topics-remaining/220817
2022-04-19 11:37:01 +10:00
Joshua Rosenfeld 037172beaa
UX: Add more detail to remove full quote site setting description (#16494)
As suggested by https://meta.discourse.org/t/223311
2022-04-18 14:50:49 -04:00
Mark VanLandingham 1e8a666003
DEV: Accept `force_respect_seen_recently` argument in UserEmail job (#16460) 2022-04-18 13:32:11 -05:00
Joffrey JAFFEUX f0d46c3549
FIX: warn_exception expect hash as second arg (#16490) 2022-04-18 18:41:41 +02:00
Natalie Tay 34fba417f1
FIX: Show dismiss all modal in user-notifications page (#16491)
Earlier on when https://github.com/discourse/discourse/pull/14935 was implemented, the "Dismiss all" button in /user-notifications was not catered for. Now, it is!
2022-04-18 22:32:39 +08:00
Kris 6b4f4e5387
UX: minor email group chooser alignment fix (#16487) 2022-04-18 09:39:27 -04:00
Kris 8f7f6280cb
UX: minor adjustment to login/signup close position (#16488) 2022-04-18 09:38:39 -04:00
Bianca Nenciu 234cf65e39
FIX: Do not show visibility topic if visible (#16478)
It used to show the warning that said only members of certain groups
could view the topic even if the group "everyone" was listed in
category's permission list.
2022-04-18 11:16:30 +03:00
Kris c81d4597a7
UX: improve small action button alignment (#16486) 2022-04-15 11:43:32 -04:00
Isaac Janzen ee9daec36f
validate markdown_linkify_tlds setting (#16485)
Prevent adding * as a value to markdown_linkify_tlds site setting
2022-04-15 10:14:28 -05:00
Vinoth Kannan 461936f211
FIX: don't validate and render the polls inside a quoted post. (#15019)
Previously, we had issues while approving posts since we validated the polls inside quotes.
2022-04-15 16:33:07 +05:30
Isaac Janzen 10a4bbfa72
update email dark mode styles (#16484)
Update dark mode styles for:

- secure media
- code blocks (they were too dark and had bad contrast)
2022-04-14 15:08:09 -05:00
Jordan Vidrine 2f3b518920
DEV: Add index to each helper for access within topic-list-items (#16483) 2022-04-14 14:24:07 -05:00
Penar Musaraj e164ff3085
FIX: Email styles for Gmail app dark mode (#16482) 2022-04-14 15:03:06 -04:00
Isaac Janzen 0acbd63320
update dark mode email styles (#16480)
Update dark mode styles for:

secure media borders
code blocks
quote blocks
2022-04-14 12:51:09 -05:00
Penar Musaraj 7c27c839de
Version bump to v2.9.0.beta4 (#16477) 2022-04-14 10:10:23 -04:00
David Taylor 8f786268be
SECURITY: Ensure user-agent-based responses are cached separately (#16475) 2022-04-14 14:25:52 +01:00
Gerhard Schlager b7230d14a3 REFACTOR: Add `full_url` to `Group`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Gerhard Schlager b3cda195b8 REFACTOR: Add `full_url` and `display_name` to `User`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Penar Musaraj 650adbe423
FIX: Href attribute for post-date link (#16471)
This updates the fix in commit eb70ea4.

Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 23:09:39 -04:00
Kris f2468f1093
Revert: UX: Make full topic row clickable on mobile (#16440) (#16472) 2022-04-13 18:35:47 -04:00
Kris 0ff66b3b74
UX: minor mobile topic list alignment adjustments (#16470)
* UX: minor mobile topic list alignment adjustments

* use margin, not padding
2022-04-13 15:47:18 -04:00
Bianca Nenciu eb70ea4478
FIX: Add href to post-date link element (#16469)
The href was removed in commit 08a1f41582,
but it was useful to quick copy the URL to the post.
2022-04-13 18:41:06 +03:00
Vinoth Kannan c863244382
FEATURE: add `user_suspended` attribute in post serialize. (#16413)
This PR will include `suspended` attribute in post serializer to check it in post widget and add a CSS class name.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 19:58:09 +05:30
David Taylor 01107e418e
DEV: Update to Sprockets 4.0 (#16467)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 15:03:50 +01:00
Joffrey JAFFEUX 3e0c8d48e9
FIX: prevents error with emoji autocomplete (#16465)
The error would happen when emoji_autocomplete_min_chars site setting is set to anything superior to 0, in this case until we reach the min chars length, emojiSearch would return "skip" and the code was currently expecting an array.
2022-04-13 15:32:24 +02:00
Osama Sayegh eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386)
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
David Taylor 78f7e8fe2f
Revert "DEV: Update to Sprockets 4.0 (#16459)" (#16466)
This reverts commit ec7efbde1a.

This is causing problems in non-ember-cli environments. Reverting for now.
2022-04-13 11:04:13 +01:00
David Taylor ec7efbde1a
DEV: Update to Sprockets 4.0 (#16459)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 10:21:59 +01:00
Alan Guo Xiang Tan 6fc52d95de DEV: Remove scoped order warning in PostDestroyer.
`Scoped order is ignored, it's forced to be batch order.`

`find_each` ignores the `order` scope and triggers a warning in
production which is noisy.

Follow-up to 7a284164ce
2022-04-13 09:34:36 +08:00
awesomerobot a47efcd6ec DEV: user-preference-page class on solo-perference 2022-04-13 09:32:58 +08:00
dependabot[bot] 7f2743b4b8 Build(deps): Bump parser from 3.1.1.0 to 3.1.2.0
Bumps [parser](https://github.com/whitequark/parser) from 3.1.1.0 to 3.1.2.0.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v3.1.1.0...v3.1.2.0)

---
updated-dependencies:
- dependency-name: parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-13 09:30:23 +08:00
dependabot[bot] 55a2bc6b57 Build(deps): Bump public_suffix from 4.0.6 to 4.0.7
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 4.0.6 to 4.0.7.
- [Release notes](https://github.com/weppos/publicsuffix-ruby/releases)
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v4.0.6...v4.0.7)

---
updated-dependencies:
- dependency-name: public_suffix
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-13 09:27:05 +08:00
Discourse Translator Bot a1d7e77967
Update translations (#16456) 2022-04-12 21:04:30 +02:00
Isaac Janzen 5f9c98dfc1
FIX: update dark mode emails styles (#16461)
- divider sometimes is too bright
- lists have dark text on dark copy
- border around the “secure media” message is bright
2022-04-12 13:13:34 -05:00
Bianca Nenciu 86c7e07428
FEATURE: Improve screened IPs roll up and extend for IPv6 (#15585)
This commit improves the logic for rolling up IPv4 screened IP
addresses and extending it for IPv6. IPv4 addresses will roll up only
up to /24. IPv6 can rollup to /48 at most. The log message that is
generated contains the list of original IPs and new subnet.
2022-04-12 21:07:37 +03:00
Penar Musaraj 0bef5af582
DEV: Cleanup `body.scrollTop` usage (#16445)
All current browser treat the HTML document (not the body element) as
the scrollable document element. Hence in all current browsers,
`document.body.scrollTop` returns 0. This commit removes all usage of
this property, because it is effectively 0.

Co-authored-by: David Taylor <david@taylorhq.com>
2022-04-12 13:23:57 -04:00
Kris 0e88cffaf4
UX: Make full topic row clickable on mobile (#16440) 2022-04-12 09:44:20 -04:00
Roman Rizzi 6f76a12e0a
FEATURE: Let sites add a sitemap.xml file. (#16357)
* FEATURE: Let sites add a sitemap.xml file.

This PR adds the same features discourse-sitemap provides to core. Sitemaps are only added to the robots.txt file if the `enable_sitemap` setting is enabled and `login_required` disabled.

After merging discourse/discourse-sitemap#34, this change will take priority over the sitemap plugin because it will disable itself. We're also using the same sitemaps table, so our migration won't try to create it
again using `if_not_exists: true`.
2022-04-12 10:33:59 -03:00
David Taylor 9c33f6de05
FIX: Ensure allowed_tags and allowed_tag_groups can be removed (#16454) 2022-04-12 11:14:29 +01:00
Alan Guo Xiang Tan e7f3702d9b SECURITY: Update Nokogiri to 1.13.4.
Nokogiri 1.13.4 updates zlib to 1.2.12 to address CVE-2018-25032.

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
2022-04-12 12:33:44 +08:00
Martin Brennan 9f2138dc92
FEATURE: Add a sidekiq job for syncing S3 ACLs (#16449)
Sometimes we need to update a _lot_ of ACLs on S3 (such as when secure media
is enabled), and since it takes ~1s per upload to update the ACL, this is
best spread out over many jobs instead of having to do the whole thing serially.

In future, it will be better to have a job that can be run based on
a column on uploads (e.g. acl_stale) so we can track progress, similar
to how we can set the baked_version to nil to rebake posts.
2022-04-12 14:26:42 +10:00