Commit Graph

24160 Commits

Author SHA1 Message Date
Martin Brennan e58f9f7a55
DEV: Move logic for rate limiting user second factor to one place (#11941)
This moves all the rate limiting for user second factor (based on `params[:second_factor_token]` existing) to the one place, which rate limits by IP and also by username if a user is found.
2021-02-04 09:03:30 +10:00
Robin Ward 61f5d501cb
DEV: Migrate to Ember CLI (#11932)
This encompasses a lot of work done over the last year, much of which
has already been merged into master. This is the final set of changes
required to get Ember CLI running locally for development.

From here on it will be bug fixes / enhancements.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
2021-02-03 14:22:20 -05:00
Jarek Radosz 8ad5284cf7
FIX: Don't create email invites when SSO is on or local logins are off (#11951)
A more general, lower-level change in addition to #11950.

Most code paths already check if SSO is enabled or if local logins are disabled before trying to create an email invite.
This is a safety net to ensure no invalid invites sneak by. 

Also includes:
FIX: Don't allow to bulk invite when SSO is on (or when local logins are disabled)
This mirrors can_invite_to_forum? and other email invite code paths.
2021-02-03 19:01:23 +01:00
Jarek Radosz 704778f448
FIX: Don't invite new users via group with SSO on or local logins off (#11950)
Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339

Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on.

We already prevent that in most places. This adds required checks to `GroupsController`.
2021-02-03 18:13:00 +01:00
Jarek Radosz 45931f86be
DEV: Remove bulk group admin endpoints (#11949)
Originally added in 47e25648df. Looks like all related code was removed in c82b2dcc24 and b76731d722.
2021-02-03 18:12:22 +01:00
Penar Musaraj 2dc48fd6c1
UX: Uniformize styles for focus states (#11933) 2021-02-03 11:45:54 -05:00
Penar Musaraj 04dd4a75af
UX: Always show confirmation dialog when converting themes/components (#11953) 2021-02-03 11:45:25 -05:00
Robin Ward 93c25070fa
FIX: In FastImage 2.2.2 an error is raised with a `nil` path (#11954)
* FIX: In FastImage 2.2.2 an error is raised with a `nil` path

Sometimes Discourse.store.path_for would return `nil`, which the job
handled gracefully before, but raises an error with the new version of
the gem.

Note the logic of this job is a bit awkward since it depends on `nil`
being a string, but at least now it's no longer filling logs with
errors.

* Update app/jobs/onceoff/fix_invalid_gravatar_uploads.rb

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>
2021-02-03 11:45:12 -05:00
Jarek Radosz 155ae06f62
DEV: Remove `group-members-dropdown` (#11948)
It was introduced in c82b2dcc24, but since b76731d722 and 58ee947b35 it's a single-option dropdown, so there's no need to show it (and keep it) instead of a button. We use a button for non-admins already.
2021-02-03 17:42:12 +01:00
Jarek Radosz 39a9651847
DEV: Remove `update_mail_receiver` and `deprecated_api_usage` (#11947)
`update_mail_receiver`-related code was removed in 269ec70ba8 and `deprecated_api_usage`-related code was removed in d04ba4b3b2.
2021-02-03 17:41:47 +01:00
Osama Sayegh db7b7eed9d
FIX: Restore support for pasting multiple PM recipients (#11945)
This is a regression from 98201ecc24.

Meta topic: https://meta.discourse.org/t/-/178167?u=osama.

Signed-off-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2021-02-03 18:06:16 +03:00
Bianca Nenciu 901cee55cd
FEATURE: Improve group settings and members management (#11878)
This pull requests contains a series of improvements to groups
settings and member management such as:

- Showing which users have set a group as primary
- Moving similar settings together under Effects
- Adding bulk select and actions to members page
2021-02-03 16:11:08 +02:00
Alan Guo Xiang Tan 0cc178d58b
FIX: Avoid pulling hotlinked images of post that have been deleted. (#11913) 2021-02-03 16:45:07 +11:00
Bianca Nenciu 3744e49190
FIX: Refresh category order after save (#11936)
The changes were not visible immediately after saving reordered
categories.
2021-02-03 16:44:13 +11:00
Martin Brennan 6d72c8ab19
FEATURE: Topic timer UI revamp (#11912)
This PR revamps the topic timer UI, using the time shortcut selector from the bookmark modal.

* Fixes an issue where the duration of hours/days after last reply or auto delete replies was not enforced to be > 0
* Fixed an issue where the timer dropdown options were not reloaded correctly if the topic status changes in the background (use `MessageBus` to publish topic state in the open/close timer jobs)
* Moved the duration input and the "based on last post" option from the `future-date-input` component, as it was only used for topic timers. Also moved out the notice that is displayed which was also only relevant for topic timers.
2021-02-03 10:13:32 +10:00
Robin Ward f39ae8a903
SECURITY: Rate limit MFA by login if possible (#11938)
This ensures we rate limit on logins where possible, we also normalize logins for the rate limiters centrally.
2021-02-03 10:26:28 +11:00
Vinoth Kannan e6a02469ad
DEV: refresh all CDN endpoint URLs except the S3 uploads & assets. (#11937)
Using this added a temporary query param to force browsers to redownload all CDN endpoints.
2021-02-03 02:22:01 +05:30
Kris 2ee63a6a83
DEV: Update icon structure in bootbox buttons (#11925) 2021-02-02 15:47:10 -05:00
Kris 75d766499f
Update a couple buttons to use correct markup (#11926) 2021-02-02 15:46:48 -05:00
Penar Musaraj e8b82724fd
DEV: Refactor theme SCSS compilation (#11919) 2021-02-02 13:09:41 -05:00
Joffrey JAFFEUX 12a4fefef6
FIX: ensures rects is present before using it (#11930)
I don't have a clear reproduction ATM, but I imagine that in fast tests element can get destroyed before we get to use it.
2021-02-02 14:43:13 +01:00
Gerhard Schlager d055552994
Fix i18n issues reported on Crowdin (#11747)
* Pluralize `groups.errors.adding_too_many_users`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#53882

* Pluralize `js.composer.error.title_too_short`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41172

* Pluralize `js.composer.error.title_too_long`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41174

* Pluralize `js.composer.error.post_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41178

* Pluralize `js.topic.progress.jump_prompt_of`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41958

* Use translations to join strings about posters
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#49334
  It also makes some changes to the crawler view:
    * Removes `poster.moreCount` which is only available on the client for PMs
    * CSS class names are actually stored in `poster.extras` instead of `poster.extraClasses`

* Stop concatenating category stats
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40740

* Pluralize `js.summary.description`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40782

* Pluralize `js.summary.description_time_MF`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40784

* Use translation to join list of tags
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43372

* Pluralize `admin_js.admin.groups.manage.membership.automatic_membership_user_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43720

* Pluralize `js.post.controls.delete_topic_confirm_modal`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#54804

* Stop concatenating `js.post.last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42358

* Stop concatenating `js.post.wiki_last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42356
  It also fixes a regression because `js.post.wiki_last_edited_on` wasn't used anymore since 2017.
2021-02-02 10:50:04 +01:00
Vinoth Kannan 9d2eaec88f
DEV: enable CORS to all CDN get requests from workbox. (#11896)
To prevent opaque cache files, now all the CDN files will be requested in 'cors' mode if the cdn_cors_enabled global setting is enabled. Before enabling the setting, should enable the cors in the CDN server by adding the response header `access-control-allow-origin: *` or `access-control-allow-origin: https://discourse.example.com.`

And other external file requests other than CDN will not be cached if the response type is opaque.
2021-02-02 11:38:29 +05:30
Martin Brennan ea1ffe390b
FIX: Show bookmark name in quick access hover (#11924)
This PR makes it so the bookmark name shows on hover in the quick access menu. A change was necessary to quick-access-item for the title to render for the link.
2021-02-02 15:04:02 +10:00
Roman Rizzi e040de0c2c
DEV: New option to always destroy posts. (#11898) 2021-02-01 16:57:31 -05:00
Dan Ungureanu 4b3d34d3d4
FIX: Skip shared drafts logic if disabled (#11918)
It always showed shared drafts if no category was set.

Follow-up to dd175537f3.
2021-02-01 20:29:04 +02:00
Penar Musaraj 0f31a221c9
DEV: Performance fixes to filtered replies (#11916) 2021-02-01 11:53:13 -05:00
Osama Sayegh 6efdeef461
FIX: Emoji search/autocomplete should respect selected skin tone (#11917)
This commit makes our emoji autocomplete in the composer respect the skin tone you select in the emoji picker.
2021-02-01 19:36:35 +03:00
Dan Ungureanu dd175537f3
FIX: Existing shared drafts should be accessible (#11915)
Disabling shared drafts used to leave topics in an inconsistent state
where they were not displayed as shared drafts and thus there was no
way of publishing them. Moreover, they were accessible just to users
who have permissions to create shared drafts.

This commit adds another permission check that is used for most
operations and the old can_create_shared_draft? remains used just when
creating a new shared draft.
2021-02-01 16:16:34 +02:00
Robin Ward f113648107
DEV: Migrate more tests to our Ember CLI format. (#11899)
This should be fully backwards compatible.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-02-01 09:01:47 -05:00
Osama Sayegh 98201ecc24
DEV: {{user-selector}} replacement (#11726)
This PR is the first step towards replacing our `{{user-selector}}` and eventually deprecating and removing it from our codebase. Some of `{{user-selector}}` problems are:

1. It's called `{{user-selector}}`, but in reality in can also select groups and emails.
2. It's an Ember component, yet it doesn't have a handlebars template and uses jQuery to render itself and modify the DOM. An example of this problem is when you want to clear the selected users programmatically, see [this](6c155dba77/app/assets/javascripts/discourse/app/components/user-selector.js (L179-L185)).
3. We now have select kit which does very similar things but a lot better.

This PR introduces `{{email-group-user-chooser}}` which is meant to replace `{{user-selector}}`. It extends select kit and has the same features that `{{user-selector}}` has. `{{user-selector}}` is still used in a few places in core, but they'll all be replaced with the new component in a separate commit. 

Once `{{user-selector}}` is not used anywhere in core, it'll be deprecated and then removed after the 2.7 release.
2021-02-01 13:07:11 +03:00
Robin Ward 184cd766ac Apply suggestions from code review
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-02-01 10:36:02 +08:00
Robin Ward 5546fe609c Add autofocus to the change ownership modal 2021-02-01 10:36:02 +08:00
Penar Musaraj 49e97279c7 FEATURE: Add daily job to check for new features 2021-02-01 10:31:44 +08:00
romanrizzi 736b4137cc FIX: Return the CDN's URL when using the site's small logo as the system's user avatar.
Using "UrlHelper#absolute" returns the S3 URL, which is fine for the client because it modifies it to use the CDN instead. On the other hand, this replacement doesn't happen when the URL is server-side rendered, returning a 403 for the system's avatar.
2021-02-01 10:31:36 +08:00
awesomerobot 2f2dd94217 left align popup-menu button text 2021-02-01 10:30:52 +08:00
Martin Brennan 0fab711e4a
FIX: Stop trying to set values on destroyed bookmark component (#11909)
* sometimes the AJAX promise to create/save the bookmark did
  not come back before the component destroyed, causing an error
  when trying to set the model id afterward. this just eliminates
  the set code and uses the response.id instead
2021-02-01 10:23:06 +10:00
Martin Brennan 3e3f3f7b7e
DEV: Add time shortcut picker component and libs and refactor bookmark modal controller into component which uses time shortcut picker (#11802)
This PR moves all of the time picking functionality from the bookmark modal and controller into a reusable time-shortcut-picker component, which will be used for the topic timer UI revamp. All of the utility JS for getting dates like tomorrow/next week/next month etc. have also been moved into a separate utility lib.

The time-shortcut-picker has a couple of options that can be passed in:

* prefilledDatetime - The date and time to parse and prefill into the custom date and time section, useful for editing interfaces.
* onTimeSelected (callback) - Called when one of the time shortcuts is clicked, and passes the type of the shortcut (e.g. tomorrow) and the datetime selected.
* additionalOptionsToShow - An array of option ids to show (by default `later_today` and `later_this_week` are hidden)
* hiddenOptions - An array of option ids to hide
* customOptions - An array of custom options to display (e.g. the option to select a post date for the bookmarks modal). The options should have the below properties:
    * id
    * icon
    * label (I18n key)
    * time (moment datetime object)
    * timeFormatted
    * hidden

The other major work in this PR is moving all of the bookmark functionality out of the bookmark modal controller and into its own component, where it makes more sense to be able to access elements on the page via `document`. Tests have been added to accompany this move, and existing acceptance tests for bookmark are all passing.
2021-02-01 09:03:41 +10:00
Kris 363170513e
UX: Allow some overflow in composer preview (#11902) 2021-01-29 20:28:56 -05:00
Robin Ward 11c812f042
Quite a few Ember-CLI / Upgrade related changes (#11867)
* Quite a few Ember-CLI / Upgrade related changes

They should all be backwards compatible. This is all to help merge our
branches.

* REFACTOR: DRY up username validation

Also avoids overwriting computed properties for compatibility with newer
Ember releases.
2021-01-29 10:19:54 -05:00
Vinoth Kannan a5923ad603
DEV: apply allow origin response header for CDN requests. (#11893)
Currently, it creates a CORS error while accessing those static files.
2021-01-29 07:44:49 +05:30
Martin Brennan 4af4d36175
FIX: IMAP allow unknown senders to reply to group topics via email (#11877)
Adds a new column/setting to groups, allow_unknown_sender_topic_replies, which is default false. When enabled, this scenario is allowed via IMAP:

* OP sends an email to the support email address which is synced to a group inbox via IMAP, creating a group topic
* Group user replies to the group topic
* An email notification is sent to the OP of the topic via GroupSMTPMailer
* The OP has several email accounts and the reply is sent to all of them, or they forward their reply to another email account
* The OP replies from a different email address than the OP (gloria@gmail.com instead of gloria@hey.com for example)
* The a new staged user is created, the new reply is accepted and added to the topic, and the staged user is added to the topic allowed users

Without allow_unknown_sender_topic_replies enabled the new reply creates an entirely new topic (because the email address it is sent from is not previously part of the topic email chain).
2021-01-29 09:59:10 +10:00
Martin Brennan f49e3e5731
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860)
This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed.

As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 09:03:44 +10:00
Kris 0990112d80
UX: fix bulk select top positioning (#11888) 2021-01-28 16:44:54 -05:00
Kris 598c7d2fcb
fix topic entrance button layout (#11887) 2021-01-28 15:44:01 -05:00
Penar Musaraj ce904dc765
DEV: Remove tabindex property from selected name template (#11882) 2021-01-28 13:42:59 -05:00
Bianca Nenciu 8e53c2a2c3
FIX: Invisible is not the opposite of visible (#11881)
If visible is undefined, then invisible should be too.
2021-01-28 20:17:46 +02:00
Robin Ward a20bcd34da
FIX: Approving a user was not sending an email (#11883)
When we made rejection emails optional we accidentally changed the
default for approval emails from true to false.
2021-01-28 12:41:30 -05:00
Bianca Nenciu 80f85167be
FIX: Allow a single invite per email address (#11855) 2021-01-28 13:38:36 +02:00
Jarek Radosz 8881ae4af4
DEV: Remove dead code (`latestTopicOnly`) (#11833)
Background: I wanted to see `categories.latest_by` translation in context in a live app but couldn't find it, so I traced it throughout the code.

My step-by-step reasoning for the removal is:

1. `categories-only` does not use `latestTopicOnly`, so there's no need to call it with that argument
2. `parent-category-row` is never called with `latestTopicOnly` argument, so the reference to that arg can be removed from its template
3. after that, `featured-topic` is now no longer ever called with `latestTopicOnly` argument (except in the `ghost` theme, but that's because its override of `categories-only` template 4e2fba963c/common/header.html (L119) is based on the old version of that template from core), so it seems safe to remove it there too (`categories.latest_by` i18n string is also no longer needed)
4. then, nothing is using `latestTopicOnly` anymore so it can be removed from `categories` hbs/js

I checked in each step that there are no plugins or themes (in all-the-plugins/all-the-themes) using those properties/arguments/strings.
2021-01-28 11:48:51 +01:00
Gerhard Schlager 5a6baa7c46
FIX: Translated button title didn't work (#11872)
Follow-up to 6f13d2b039
2021-01-28 08:32:02 +01:00
Kris 9ae067164d
ensure topic footer buttons are the same height (#11875)
follow-up to f1d5d2b
2021-01-27 21:40:45 -05:00
Kris d3febe5e86
Fix post edit icon color (#11873) 2021-01-27 20:38:15 -05:00
Kris d71468a66a
UX: make desktop category page topics match mobile (#11857) 2021-01-27 17:27:54 -05:00
Kris f1d5d2b134
REFACTOR: Convert buttons to flexbox (#11785) 2021-01-27 16:17:08 -05:00
Mark VanLandingham 809274fe0d
DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
David Taylor 1ccb6583b1
FIX: Do not cache translated trust level names in site settings (#11863)
There's no real need to cache these, and the caching can introduce
problems when different sites/users are using different locales.
2021-01-27 14:31:19 +00:00
Penar Musaraj e1c0a003fe
FIX: external auth account creation in iOS app (#11859) 2021-01-27 08:31:27 -05:00
Joffrey JAFFEUX c6a1042950
DEV: prettier 2.2.1 (#11862) 2021-01-27 12:39:20 +01:00
Dan Ungureanu 7be556fc19
FIX: Ensure 'tr' is called on a string. (#11853)
It depends on the route, but sometimes 'id' parameter can contain a
slug-like value and sometimes it is just an ID. This should work in
both cases.
2021-01-27 10:43:33 +02:00
tshenry 65cf3230ee
FIX: Can't remove selection from group chooser in tag group settings (#11822)
This change fixes an issue with the user group chooser of a tag group's settings. It was impossible to clear any selected groups through the UI.

The `setPermissionsGroups` function determines which groups appear selected in the group-chooser based on the passed-in `groupIds` array.

It starts with `updatedPermissions` being set to the group permissions as they were prior to the action that called the function. From there, we were correctly adding a group permission to `updatedPermissions` whenever a group appeared in `groupIds`. This addressed newly added groups and also maintained any group permissions that had been set before. The problem was that there was no logic to remove a group permission when the associated group no longer appeared in `groupIds`. If a group isn't included in `groupIds`, we can simply attempt to delete an associated group permission if it exists.
2021-01-26 10:22:05 -08:00
Roman Rizzi f3cd5dc096
FIX: Restore user summary's delete button behavior. (#11844)
The user summary's delete button UX relied on the "admin-user.js" destroy function, which was called through the "admin-tools" service. After #11724, we no longer put UX behavior on Ember models.
2021-01-26 13:10:46 -03:00
Joffrey JAFFEUX 8417c9829e
A11Y: hamburger menu aria-{expanded,haspopup} and user title (#11852)
User title in the current-user header-dropdown was sometimes `title="null"` if user doesn’t have a name. This is fixed as part of this commit to improve accessibility of this part of the UI.
2021-01-26 16:33:15 +01:00
Andrew Prigorshnev 3bbe87f229
FIX: polls extending in post reply histories (#11837)
* Add an acceptance test

* FIX: polls extending in post reply histories
2021-01-26 10:29:49 -05:00
Régis Hanol cd3d24ed8c
FIX: move post_search_data migration into onceoff job (#11851)
And reduce the size of the batches to 100k.

That should hopefully make the migrations run smoother...
2021-01-26 16:29:00 +01:00
Penar Musaraj 4228c7e7d1
UX: Small tweak to category delete warning (#11799) 2021-01-26 09:43:47 -05:00
Joffrey JAFFEUX 1989a326c9
A11Y: correctly sets role=dialog and aria-labelledby for d-modals (#11850) 2021-01-26 15:26:30 +01:00
Dan Ungureanu 4d70cc379b
DEV: Add test (#11847)
Follow-up to 77c48644eb.
2021-01-26 14:44:00 +02:00
Gerhard Schlager 363dca5ddc
FIX: "Customize text" link was broken on badges admin page (#11842) 2021-01-25 21:45:13 +01:00
Régis Hanol f421d9bdd6
FIX: only de-prioritise exact matches in mentions (#11843)
Not when doing a site-wide search like we do in the Directory.

This solves the following specfailure:

  1) DirectoryItemsController with data finds user by name
     Failure/Error: expect(json['directory_items'].length).to eq(1)

       expected: 1
            got: 0

       (compared using ==)
     # ./spec/requests/directory_items_controller_spec.rb:88:in `block (3 levels) in <main>'
     # ./spec/rails_helper.rb:271:in `block (2 levels) in <top (required)>'
     # ./bundle/ruby/2.7.0/gems/webmock-3.11.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
2021-01-25 21:27:15 +01:00
Régis Hanol 27656f5c84
FIX: un-prioritise inactive users in user search (#11838)
When doing a user search (eg. when mentioning a user) we will not prioritie
users who hasn't been seen in over a year.

REFACTOR the user-search specs to be more precise regarding the ordering
2021-01-25 20:33:11 +01:00
Vinoth Kannan c7781f1139
UX: respect `email_editable` site setting in user activation page. (#11835)
Previously, when both `enable_local_logins` and `email_editable` are disabled still user can change the email in  user activation page.
2021-01-25 22:19:26 +05:30
Roman Rizzi afe6db5f33
FIX: Destroy associated user api keys when making a user anonymous. (#11760) 2021-01-25 11:07:22 -03:00
David Taylor 2092152b03
FIX: Cleanup authentication_data cookie after login (#11834)
This cookie is only used during login. Having it persist after that can
cause some unusual behavior, especially for sites with short session
lengths.

We were already deleting the cookie following a new signup, but not for
existing users.

This commit moves the cookie deletion logic out of the erb template, and
adds logic and tests to ensure it is always deleted consistently.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-01-25 13:47:44 +00:00
Dan Ungureanu 77c48644eb
FIX: Dismissing unread topics with a tag (#11832)
This commits add missing router service to the mixin. It did not work
because 'router' was undefined.
2021-01-25 15:16:21 +02:00
Joffrey JAFFEUX bed011feef
A11Y: uses role=button and supports ariaPressed for tapTile (#11827) 2021-01-25 11:31:52 +01:00
Régis Hanol aa1138ff71
FIX: reindex_search job should work on model with no search data (#11819)
Lots of changes but it's mostly a refactoring.

The interesting part that was fix are the 'load_problem_<model>_ids' methods.
They will now return records with no search data associated so they can be properly indexed for the search.
This "bad" state usually happens after a migration.
2021-01-25 11:23:36 +01:00
Krzysztof Kotlarek fcbb6c4143
FIX: remove rendering UX from bookmark model (#11765)
Fix for `bookmark.js` model. Most logic was moved to `topic` controller
2021-01-25 09:35:13 +11:00
Kris 37f7f30640
edit button fix, follow up to 6f13d2b (#11821) 2021-01-22 20:31:01 -05:00
Roman Rizzi 6d30e01d1c
A11Y: Structure user menu as tabs. (#11789)
* A11Y: Structure user menu as tabs.

Although the user menu content has the appearance of tabs and relies on the functionality of tabs to make sense in terms of content and focus order, it is not marked up correctly as tabs and tab panels. See [WAI-ARIA Authoring Practices 1.1](https://www.w3.org/TR/wai-aria-practices-1.1/#tabpanel) and the [example](https://www.w3.org/TR/wai-aria-practices-1.1/examples/tabs/tabs-2/tabs.html) for details.

* Make plugin api backwards compatible
2021-01-22 19:05:14 -03:00
Penar Musaraj 73cb083b7b
FIX: Cannot find currentThemeColorSchemeId when no themeId is present (#11817) 2021-01-22 16:27:19 -05:00
David Taylor cd11689446
FIX: Check the confirmation result before deleting SSO record (#11816) 2021-01-22 19:16:43 +00:00
Mark VanLandingham 56294b4fba
FIX: Remove scheduled DND timings when schedule is disabed (#11814) 2021-01-22 13:02:11 -06:00
Joffrey JAFFEUX 6f13d2b039
A11Y: makes post-edits-indicator a button instead of a link (#11811) 2021-01-22 17:09:39 +01:00
Robin Ward dc268822a4
FIX: It seems sometimes shims are evaluated by older JS engines (#11813)
This gives us backwards compatibility with those.
2021-01-22 10:41:01 -05:00
Penar Musaraj 4f01ca87e3
FEATURE: Add new features section in admin dashboard (#11731) 2021-01-22 10:09:02 -05:00
Gerhard Schlager 71656d2c37
UX: Makes the theme editor display placeholder correctly for RTL languages (#11800)
This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-he#53834
2021-01-22 16:03:43 +01:00
Arpit Jalan 15b5bd4e14
UX: show onebox error preview image as favicon (#11810) 2021-01-22 20:05:28 +05:30
Joffrey JAFFEUX 314e7be2b1
A11Y: improves search-in-options filter accessibility (#11809) 2021-01-22 14:39:16 +01:00
Joffrey JAFFEUX 7521cb51c4
A11y: makes advanced search and html heading (#11808) 2021-01-22 14:35:17 +01:00
Arpit Jalan e81d93cf26
UX: specify width and height for onebox preview error image (#11807) 2021-01-22 19:02:23 +05:30
Bianca Nenciu d2cf43a7d5
FIX: Update categories without full page refresh (#11793)
Creating or moving a category required a full page refresh until it
showed up correctly.
2021-01-22 10:21:09 +02:00
Kris 9e6ff9cc67
A11Y: associate search controls with their labels (#11806) 2021-01-21 22:24:15 -05:00
Kris e031679f99
A11Y: Add aria-label to input clear button (#11803) 2021-01-21 21:58:34 -05:00
Kris ff095e7249
A11Y: Update selected name role to button (#11804) 2021-01-21 21:58:06 -05:00
Vinoth Kannan 872f3e6934
UX: warn about messages to be orphaned while deleting a group. (#11727)
Currently, after destroying a group its messages are inaccessible to everyone. Only admins can access using direct URLs.
2021-01-22 03:29:34 +05:30
Krzysztof Kotlarek 5cbb522c41
FIX: broken URL when username contains subfolder. (#11786)
The bug was mentioned on [meta](https://meta.discourse.org/t/two-bugs-with-usernames-starting-with-subfolder-name/169505)

When discourse is installed on `/subfolder` and username is containing subfolder name like for example `subfolderadmin` - user URLs were incorrect.

Instead of having `/subfolder/u/subfolderadmin/summary/` we were leading to `/subfolder/uadmin/summary`.

The reason for that was incorrect check in `getUrl` helper:

```javascript
  const found = url.indexOf(baseUri);
  if (found >= 0 && found < 3) {
    return url;
  }
  return baseUri + url;
```
baseUri is `/subfolder`, url is `/u/subfolderadmin` and indexOf returned position which in the end returned incorrect URL.

I think that we should check if the URL starts with baseUri and not if contains baseUri.
2021-01-22 08:43:14 +11:00
Robin Ward 83347ac218
DEV: Sync up more Ember CLI features (#11790)
This is mostly changes to acceptance tests to allow them to run in both
versions of Ember.
2021-01-21 15:55:39 -05:00
Osama Sayegh 4c0aa20dae
FIX: Share popup is positioned incorrectly in RTL locales (#11792) 2021-01-21 23:52:24 +03:00
Osama Sayegh 5f410979e2
UX: Make moment.js produce Arabic numerals instead of Hindi numerals in the Arabic locale (#11788)
Signed-off-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2021-01-21 22:11:51 +03:00
Robin Ward 53ab3dda5d
FIX: Embedded comments should only return regular posts (#11773)
There shoudln't be a situation where you'd want to see moderator actions
or small posts.
2021-01-21 12:47:03 -05:00
Roman Rizzi fb9e422bd6
FIX: Show the fallback locale warning when both settings are enabled. (#11787)
We only want to warn admins when both settings are enabled. When "set locale from accept language header" setting is enabled, the user locale will be set based on the header when they register an account on the site, which could be confusing.
2021-01-21 13:09:32 -03:00
Martin Brennan 9ee8a01c3a
FIX: Change default for IncomingEmail#created_via to 0 (unknown) and make NOT NULL (#11782)
Follow up to https://review.discourse.org/t/dev-add-created-via-column-to-incomingemail-pr-11751/18366/6
2021-01-21 12:59:50 +10:00
Martin Brennan f34fa999a2
DEV: IMAP debugging improvements (#11784)
Improvements to make console access to IncomingEmail more pleasant, and stopping certain IMAP logs from landing in the DB because they just create too much noise,
2021-01-21 11:37:47 +10:00
Roman Rizzi 1e28d2900e
UX: Fallback locale warning improvements. (#11775)
- Improve warning message.
- Only display the warning if the language has a fallback and either "allow_user_locale", or "set_locale_from_accept_language_header" are enabled.
2021-01-20 18:08:02 -03:00
Roman Rizzi 82d2284ce6
FIX: I18n couldn't find translations. (#11774)
"I18n.t(key, locale: locale)" fails to find the correct translation in some cases. We should always wrap it with the "I18n.with_locale(locale)" method.

Also, reverting an override wasn't always possible because the serializer always used "I18n.locale" as the locale.
2021-01-20 17:43:00 -03:00
Gerhard Schlager 3b2f6e129a
FEATURE: Add English (UK) as locale (#11768)
* "English" gets renamed into "English (US)"
* "English (UK)" replaces "English"

@discourse-translator-bot keep_translations_and_approvals
2021-01-20 21:32:22 +01:00
Bianca Nenciu 0b07085d72
FIX: Allow max_redemptions_limit to be 1 (#11771) 2021-01-20 20:47:43 +02:00
Roman Rizzi 48f06e56f2
A11Y: Improve the quick access menu accessibility. (#11757)
- The icon for the “view all” controls in the panels have no accessible alternative.
- Because the “Log Out” and "Do Not Disturb" elements in the preferences tab are an <a> element without an href attribute, it is not keyboard focusable and therefore not keyboard focusable. Use a button element instead.
2021-01-20 14:50:36 -03:00
Jordan Vidrine da2ed566e3
A11y: Accessible user menu icons (#11763)
* FEATURE: Give user menu icons alt attributes

This commit gives user menu icons + notifications alt attributes

* UI: Use Translations

This commit refactors the code injecting alt tags to the icons to use translations instead of hard-coded text.

* FIX: Add correct syntax for aria-label + role

This commit adds the correct accessibility syntax to the tab icons + notification icons.
2021-01-20 10:46:57 -06:00
Mark VanLandingham 1a7922bea2
FEATURE: Create notification schedule to automatically set do not disturb time (#11665)
This adds a new table UserNotificationSchedules which stores monday-friday start and ends times that each user would like to receive notifications (with a Boolean enabled to remove the use of the schedule). There is then a background job that runs every day and creates do_not_disturb_timings for each user with an enabled notification schedule. The job schedules timings 2 days in advance. The job is designed so that it can be run at any point in time, and it will not create duplicate records.

When a users saves their notification schedule, the schedule processing service will run and schedule do_not_disturb_timings. If the user should be in DND due to their schedule, the user will immediately be put in DND (message bus publishes this state).

The UI for a user's notification schedule is in user -> preferences -> notifications. By default every day is 8am - 5pm when first enabled.
2021-01-20 10:31:52 -06:00
Joffrey JAFFEUX 54a01701d7
DEV: makes user-stream an unordered list (#11770)
Note, ideally we would drop tagName usage, but I think it's safer to do it in a separate PR in few weeks.
2021-01-20 15:57:38 +01:00
Joffrey JAFFEUX a8169e93c2
DEV: implements combobox roles for select-kit (#11769)
https://www.w3.org/TR/wai-aria-practices-1.1/#wai-aria-roles-states-and-properties-6
2021-01-20 15:50:53 +01:00
Jarek Radosz d6aadf60bd
FIX: Don't try to focus on a missing element (#11766)
Replacing 3 imports and flawed fragile logic with a single html attribute 💆
2021-01-20 15:02:27 +01:00
Bianca Nenciu 15da528870
FIX: Support for single use invite links (#11719)
The "invite link" checked if the number of uses was greater than 1. This
is not always true as single use invite links are perfectly valid.
2021-01-20 10:50:02 +02:00
Bianca Nenciu 3d7bb15be8
FIX: Always show overriden colors filter (#11755) 2021-01-20 10:40:05 +02:00
Krzysztof Kotlarek 8b10fc2f8c
FIX: remove rendering UX from ember models (#11724)
Fix for `admin-user.js` and `backup.js` models.
2021-01-20 16:04:21 +11:00
Martin Brennan fb184fed06
DEV: Add created_via column to IncomingEmail (#11751)
This should make it easier to track down how the incoming email was created, which is one of four locations:

The POP3 poller (which picks up reply via email replies)
The admin email controller #handle_mail (which is where hosted mail is sent)
The IMAP sync tool
The group SMTP mailer, which sends emails when replying to IMAP topics, pre-emptively creating IncomingEmail records to avoid double syncing
2021-01-20 13:22:41 +10:00
Alan Guo Xiang Tan 05e8c1ebf8 FIX: Unescape emoji when pg headlines is used for search result blurb.
Follow-up to 8336c2235e
2021-01-20 09:31:25 +08:00
Martin Brennan 44f15d4281
FIX: Do not email group user with user_private_message notification (#11754)
There was an issue that occurred with this order of operations:

* An IMAP topic was created by emailing a group
* A second user was invited to the topic (not the OP and not the group)
* A user with access to the group replies to the topic
* The second user receives a user_private_message notification email because of their involvement in the topic
* The second user replies to the email via email

This new reply would then go and notify the other group PM users, except for those who emailed the group topic directly, which is handled via the group SMTP mailer. However because the new post already has an incoming email because it is parsed via the Email::Receiver via POP3 the group SMTP section of the post alerter is skipped, and the group's email address is not ignored for the user_private_message notification.

This PR fixes it so the group is not ever sent an email via the PM notification. This is important because any new emails in the group's IMAP inbox will be picked up by the Imap::Sync code and created as a new topic which is not at all desirable.

Also in this PR I split up the specs a bit more for group SMTP in the post alerter to make them easier to read and they each only test one thing.
2021-01-20 10:53:08 +10:00
Martin Brennan 8d3f803b3f
FIX: Make sure login required skipped for confirm new email routes (#11748)
As per @davidtaylorhq 's comment at 6e2be3e#r46069906, this fixes an oversight where if login_required is enabled and an anon user follows a confirm new email link they are forced to login, which is not what the intent of #10830 was.
2021-01-20 10:52:25 +10:00
Robin Ward cdaa506397
FIX: currentUser was missing `appEvents` (#11758) 2021-01-19 14:37:21 -05:00
Kris e968af6dd4
A11Y: Add aria-labels to search inputs and search button (#11752) 2021-01-19 14:32:32 -05:00
Jordan Vidrine e6bbe9b5df
FEATURE: Give user menu icons alt attributes (#11750)
* FEATURE: Give user menu icons alt attributes

This commit gives user menu icons + notifications alt attributes

* UI: Use Translations

This commit refactors the code injecting alt tags to the icons to use translations instead of hard-coded text.
2021-01-19 15:27:27 -03:00
Martin Brennan 0034cbda8a
DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698)
Moves the topic timer jobs from being scheduled ahead of time with enqueue_at to a 5 minute scheduled run like bookmark reminders, in a new job called Jobs::EnqueueTopicTimers. Backwards compatibility is maintained by checking if an existing topic timer job is enqueued in sidekiq for the timer, and if it is not running it inside the new job.

The functionality to close/open a topic if it is in the opposite state still remains in the after_save block of TopicTimer, with further commentary, which is used for Open/Close Temporarily.

This also removes the ensure_consistency! functionality of topic timers as it is no longer needed; the new job will always pick up the timers because they are not stored in a fragile state of sidekiq.
2021-01-19 13:30:58 +10:00
Martin Brennan 5710d5d771
FIX: Do not process pop3 mails > 1 week old (#11740)
This adds a safe default to not process pop3 emails when the pop3 polling option is set up that are > 1 week old. This is to avoid the situation where an older mailbox is used, which causes us to go and process all emails in that mailbox, sending out error emails to the senders of emails which cannot be parsed successfully.
2021-01-19 09:49:50 +10:00
Martin Brennan be145ccf2f
FIX: Add bookmark limits (#11725)
Adds a bookmark search per page limit, a total bookmark creation limit, and a rate limit per day for bookmark creation.
2021-01-19 08:53:49 +10:00
Robin Ward 7374eeb447
Sync up master and Ember CLI branches again (#11746)
We are getting closer to parity now. These changes should not affect
master but help keep things in sync.
2021-01-18 16:12:45 -05:00
Penar Musaraj b547b8415d
FIX: Check for user presence before granting badge (#11745) 2021-01-18 15:12:38 -05:00
Penar Musaraj 670b438ca5
UX: Use uniform style for tag counts (#11743) 2021-01-18 15:11:23 -05:00
Roman Rizzi ea8b5c18db
UX: Text customization for different languages. (#11729)
Admins can now edit translations in different languages without having to change their locale. We display a warning when there's a fallback language set.
2021-01-18 14:53:45 -03:00
Roman Rizzi 7ac9a4d2ec
FIX: Allow users to opt-out of using the site's small logo as the system user avatar. (#11744) 2021-01-18 14:09:07 -03:00
Roman Rizzi 19b2011601
UX: Show a warning on the category edit page when category style is none and colors are disabled. (#11742) 2021-01-18 13:13:38 -03:00
Joffrey JAFFEUX ce01f9db46
DEV: adds support for lang attribute in select-kit (#11741) 2021-01-18 15:34:18 +01:00
Roman Rizzi 9e25ab2e96
FEATURE: Replace single dash arrows when the typographer is enabled. (#11730) 2021-01-18 09:03:58 -03:00
Martin Brennan d0ef952af2
FIX: acceptance/bookmarks test date issue (#11739)
The post date was not being used in the spec, rather today's date which broke after the first day the test was introduced.
2021-01-18 10:03:17 +10:00
Martin Brennan 39e9e40268
FIX: Make sure current user timezone is used for bookmark reminders from post dates (#11722)
When selecting the "date in post" option from the bookmark reminder modal, it was not converting the date from the post, which may be in a completely different timezone, to the current user's timezone.

This PR fixes it so the timezone from the post is used to parse the date then converted to the user's timezone.
2021-01-18 09:45:42 +10:00
Robin Ward 06d318820a
FIX: TopicTrackingState was initialized after Site (#11732) 2021-01-15 13:48:01 -05:00
Robin Ward f772a0beac
More backwards compatible changes to sync with ember-cli-test (#11718)
* More backwards compatible changes to sync with ember-cli-test

* Update app/assets/javascripts/discourse/app/pre-initializers/discourse-bootstrap.js

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

* Various router fixes

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-01-15 12:16:05 -05:00
Neil Lalonde 9057379aac FIX: url:refresh triggered when query params change
Going from /latest?f=tracked to /latest will result in three
different topic list requests because the query params are not
considered when determining if the route is staying the same.
2021-01-15 11:58:48 -05:00
Martin Brennan 6c155dba77
FIX: Stop incorrect emailing of group email from PostAlerter (#11723)
Fixes bug introduced by bd25627198

What happens is we send notifications to everyone involved in the group inbox topic about new posts, however we pass the param `skip_send_email_to: email_addresses`. In the above commit I removed the group email address from this `email_addresses` array. This breaks the IMAP inbox because we email the group with the reply, and the IMAP sync tool finds this email and opens a new unrelated topic with it.
2021-01-15 14:31:59 +10:00
Kane York eeb7aa735a UX: Stop attempts to convert the default theme to a component by removing button
Client-side of the fix.
2021-01-14 17:20:20 -08:00
Kane York e96c373f3a FIX: Prevent users from converting the default theme to a component
This results in some fun disasters if allowed to happen. For now, just issue an oblique error message; a localized message will be added on the client.
2021-01-14 17:20:20 -08:00
Martin Brennan bd25627198
FIX: IMAP post alerter race condition and code improvements (#11711)
This PR fixes a race condition with the IMAP notification code. In the `Email::Receiver` we call the `NewPostManager` to create the post and enqueue jobs and sends alerts via `PostAlerter`. However, if the post alerter reaches the `notify_pm_users` and the `group_notifying_via_smtp` method _before_ the incoming email is updated with the post and topic, we unnecessarily send a notification to the person who just posted. The result of this is that the IMAP syncer re-imports the email sent to the user about their own post, which looks like this in the group inbox:

To fix this, we skip the jobs enqueued by `NewPostManager` and only enqueue them with `PostJobsEnqueuer` manually _after_ the incoming email record has been updated with the post and topic.

Other improvements:

* Moved code to calculate email addresses from `IncomingEmail` records into the topic, with a group passed in, for easier testing and debugging. It is not the responsibility of the post alerter to figure this stuff out.
* Add shortcut methods on `IncomingEmail` to split or provide an empty array for to and cc addresses to avoid repetition.
2021-01-15 10:54:46 +10:00
Mark VanLandingham 23059297b5
UX: Ellipsis hamburger menu link text when overflowing (#11715) 2021-01-14 18:25:19 -05:00
Krzysztof Kotlarek 06b7c44593
FEATURE: reason to reject user signup (#11700)
Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user.

Meta: https://meta.discourse.org/t/account-rejection-email/103112/8
2021-01-15 09:43:26 +11:00
Mark VanLandingham 82af278ae5
FIX: Render fancy title correctly in composer (#11714) 2021-01-14 13:07:06 -06:00
Mark VanLandingham 54d3b37b48
FIX: Render topic fancy title in review queue (#11713) 2021-01-14 12:33:19 -06:00
Robin Ward 4321a55b61
Sync up master with Ember CLI branch where possible (#11707)
These changes should all be safe to live in master even if they're not
being used yet.
2021-01-14 12:52:51 -05:00
Dan Ungureanu c3bab3ef38
FIX: Make category change work with shared drafts (#11705)
It used to change the category of the topic, instead of the destination
category (topic.category_id instead of topic.shared_draft.category_id).

The shared drafts controls were displayed only if the current category
matched the 'shared drafts category', which was not true for shared
drafts that had their categories changed (affected by the previous bug).
2021-01-14 19:20:34 +02:00