Commit Graph

44903 Commits

Author SHA1 Message Date
David Taylor 0f772bdf5b
FEATURE: Optionally skip using full_name when suggesting usernames (#16592)
This commit introduces a new site setting: `use_name_for_username_suggestions` (default true)

Admins can disable it if they want to stop using Name values when generating usernames for users. This can be useful if you want to keep real names private-by-default or, when used in conjunction with the `use_email_for_username_and_name_suggestions` setting, you would prefer to use email-based username suggestions.
2022-04-29 14:00:13 +01:00
Andrew Schleifer 14f61c5784 DOC: tighten directory permissions in cloud installation
The files in the containers directory may include secrets -- such as
credentials for sending email. Previously, those could be world-
readable depending on umask.
2022-04-29 14:15:15 +08:00
dependabot[bot] bb019aab5d
Build(deps): Bump loofah from 2.16.0 to 2.17.0 (#16589)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.16.0 to 2.17.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.16.0...v2.17.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 00:41:10 +02:00
jbrw cfb6360bdf
UX: Add time_shortcut.now translation (#16588)
When using `future-date-input` with the option of `includeNow=true` we need to have a translation for `time_shortcut.now`.
2022-04-28 16:48:26 -04:00
Penar Musaraj b266a36967
FEATURE: Add `group_messages:` keyword to advanced search (#16584) 2022-04-28 10:47:40 -04:00
Jarek Radosz de19003bad
DEV: Minor workflow updates (#16583) 2022-04-28 15:51:48 +02:00
Andrei Prigorshnev badde13894
UX: improve the list of options on the slow mode modal (#16561) 2022-04-28 17:05:32 +04:00
Vinoth Kannan 1928bb6ac6
FIX: show group in filter only if user can see the members list. (#16580) 2022-04-28 18:27:47 +05:30
Jarek Radosz 9203a421ba
DEV: Remove deprecated Codespace setting (#16582)
And add `search.followSymlinks` so that js/adminjs results aren't duplicated by default (+ fix formatting)
2022-04-28 14:47:11 +02:00
Jarek Radosz bcb22821fb
DEV: Add support for GH Codespaces to ember proxy (#16581) 2022-04-28 14:46:59 +02:00
dependabot[bot] 3c2e94ca59
Build(deps): Bump net-protocol from 0.1.2 to 0.1.3 (#16579)
Bumps [net-protocol](https://github.com/ruby/net-protocol) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/ruby/net-protocol/releases)
- [Commits](https://github.com/ruby/net-protocol/compare/v0.1.2...v0.1.3)

---
updated-dependencies:
- dependency-name: net-protocol
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 13:38:12 +02:00
dependabot[bot] 1ecb099bb2
Build(deps): Bump logster from 2.11.1 to 2.11.2 (#16577)
Bumps [logster](https://github.com/discourse/logster) from 2.11.1 to 2.11.2.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.11.1...v2.11.2)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 11:51:13 +02:00
Loïc Guitaut 008b700a3f DEV: Upgrade to Rails 7
This patch upgrades Rails to version 7.0.2.4.
2022-04-28 11:51:03 +02:00
Alan Guo Xiang Tan 532f9cdb1a
DEV: Partially revert 98c49acad5 (#16578)
Use of glimmer component breaks site not on Ember CLI.
2022-04-28 16:01:58 +08:00
David Taylor 0f7b198ca0
FIX: Ensure values are escaped in select-kit dropdowns (#16576)
The values in Discourse dropdown menus only come from admin-defined strings, not unsanitised end-user input, so this lack of escaping was not exploitable.
2022-04-28 08:52:29 +01:00
dependabot[bot] 8ada093218
Build(deps): Bump logster from 2.11.0 to 2.11.1 (#16550)
Bumps [logster](https://github.com/discourse/logster) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 15:49:29 +08:00
Alan Guo Xiang Tan 98c49acad5
DEV: Setup experimental sidebar skeleton (#16575)
* hidden siteSetting to enable experimental sidebar
* user preference to enable experimental sidebar
* `experimental_sidebar_enabled` attribute for current user
* Empty glimmer component for Sidebar
2022-04-28 15:27:06 +08:00
dependabot[bot] 9f9131efbe
Build(deps): Bump excon from 0.92.2 to 0.92.3 (#16573)
Bumps [excon](https://github.com/excon/excon) from 0.92.2 to 0.92.3.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.92.2...v0.92.3)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-27 17:36:30 +02:00
Bianca Nenciu 14b09c9909
UX: Move post date under title in share-modal (#16455)
The old position was less than ideal on mobile.
2022-04-27 16:36:08 +03:00
dependabot[bot] 616bdeaa9d
Build(deps-dev): Bump mocha from 1.13.0 to 1.14.0 (#16559)
Bumps [mocha](https://github.com/freerange/mocha) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/freerange/mocha/releases)
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-27 14:51:09 +02:00
Discourse Translator Bot adfa4ebed8
Update translations (#16566) 2022-04-27 14:42:11 +02:00
Andrei Prigorshnev c9b2374299
DEV: make API of future-date-input more customizable and aligned with the API of time-shortcut-picker (#16502) 2022-04-27 16:41:15 +04:00
Joffrey JAFFEUX 3e23bd4745
FIX: prepare data before creating chart to avoid side effect (#16570)
Before this change, we were using the labels from the original chartData to the chart builder, and we would then apply our collapse function on each dataset which could change the labels and cause a mismatch.

This was very visible when using quarterly periods on consolidated pageviews.
2022-04-27 14:04:09 +02:00
Michael Fitz-Payne 1acc4751ff
FIX: remove refresh seconds override on cache_critical_dns (#16572)
This removes the option to override the sleep time between caching of
DNS records. The override was invalid because `''.to_i` is 0 in Ruby,
causing a tight loop calling the `run` method.
2022-04-27 12:42:35 +08:00
Michael Fitz-Payne 0784c28702 FIX: cache_critical_dns - add TLS support for Redis healthcheck
For Redis connections that operate over TLS, we need to ensure that we
are setting the correct arguments for the Redis client. We can utilise
the existing environment variable `DISCOURSE_REDIS_USE_SSL` to toggle
this behaviour.

No SSL verification is performed for two reasons:
- the Discourse application will perform a verification against any FQDN
  as specified for the Redis host
- the healthcheck is run against the _resolved_ IP address for the Redis
  hostname, and any SSL verification will always fail against a direct
  IP address

If no SSL arguments are provided, the IP address is never cached against
the hostname as no healthy address is ever found in the HealthyCache.
2022-04-27 12:27:58 +10:00
Michael Fitz-Payne c4ea439cc3 DEV: refactor cache_critical_dns for SRV RR awareness
Modify the cache_critical_dns script for SRV RR awareness. The new
behaviour is only enabled when one or more of the following environment
variables are present (and only for a host where the `DISCOURSE_*_HOST_SRV`
variable is present):
- `DISCOURSE_DB_HOST_SRV`
- `DISCOURSE_DB_REPLICA_HOST_SRV`
- `DISCOURSE_REDIS_HOST_SRV`
- `DISCOURSE_REDIS_REPLICA_HOST_SRV`

Some minor changes in refactor to original script behaviour:
- add Name and SRVName classes for storing resolved addresses for a hostname
- pass DNS client into main run loop instead of creating inside the loop
- ensure all times are UTC
- add environment override for system hosts file path and time between DNS
  checks mainly for testing purposes

The environment variable for `BUNDLE_GEMFILE` is set to enables Ruby to
load gems that are installed and vendored via the project's Gemfile.
This script is usually not run from the project directory as it is
configured as a system service (see
71ba9fb7b5/templates/cache-dns.template.yml (L19))
and therefore cannot load gems like `pg` or `redis` from the default
load paths. Setting this environment variable configures bundler to look
in the correct project directory during it's setup phase.

When a `DISCOURSE_*_HOST_SRV` environment variable is present, the
decision for which target to cache is as follows:
- resolve the SRV targets for the provided hostname
- lookup the addresses for all of the resolved SRV targets via the
  A and AAAA RRs for the target's hostname
- perform a protocol-aware healthcheck (PostgreSQL or Redis pings)
- pick the newest target that passes the healthcheck

From there, the resolved address for the SRV target is cached against
the hostname as specified by the original form of the environment
variable.

For example: The hostname specified by the `DISCOURSE_DB_HOST` record
is `database.example.com`, and the `DISCOURSE_DB_HOST_SRV` record is
`database._postgresql._tcp.sd.example.com`. An SRV RR lookup will return
zero or more targets. Each of the targets will be queried for A and AAAA
RRs. For each of the addresses returned, the newest address that passes
a protocol-aware healthcheck will be cached. This address is cached so
that if any newer address for the SRV target appears we can perform a
health check and prefer the newer address if the check passes.

All resolved SRV targets are cached for a minimum of 30 minutes in memory
so that we can prefer newer hosts over older hosts when more than one target
is returned. Any host in the cache that hasn't been seen for more than 30
minutes is purged.

See /t/61485.
2022-04-27 10:14:33 +10:00
Penar Musaraj eebce8f80a
FEATURE: Add in:messages search modifier (#16567)
This adds `in:messages` as a synonym for `in:personal` and sets it up as our default nomenclature (`in:personal` will still work).
2022-04-26 16:47:01 -04:00
Kris 8dd3d6cb97
UX: Larger clickable area for mobile topic list (#16473) 2022-04-26 15:01:43 -04:00
Penar Musaraj 07f975848d
FEATURE: Scope search to PMs when in that context (#16528) 2022-04-26 14:43:09 -04:00
Penar Musaraj 11c5ff5f8e
DEV: Add CI job that audits dependency licenses (#16568) 2022-04-26 14:09:42 -04:00
David Taylor 5e34ce1282
DEV: Ensure theme tests are always loaded in a consistent order (#16569)
If they aren't, then the digest will be different, causing unexpected issues
2022-04-26 17:05:57 +01:00
Kris 144b87b17a
UX: fix topic admin menu layout for short screens (#16565) 2022-04-26 10:27:45 -04:00
Jarek Radosz 020d862baa
UX: Tweak topic-admin-menu alignment/size (#16564)
* Increase the space between icons and labels
* Increase the menu width
2022-04-26 16:02:46 +02:00
Kris 0b9410d96f
DEV: prefix group name when appended as class (#16556) 2022-04-26 08:31:27 -04:00
Kris 329a64969c
UX: prevent group mention from wrapping (#16558) 2022-04-26 08:30:55 -04:00
Joffrey JAFFEUX c8757c9d1d
FIX: prefers computed over discourseComputed (#16562)
We have currently unexpected behaviors when using @discourseComputed in a native class.
2022-04-26 11:43:41 +02:00
Andrei Prigorshnev 3e0cb8ea47
UX: ask for confirmation when deleting a post using shortcut (#16526) 2022-04-25 17:50:54 -04:00
Penar Musaraj c1d9822003
UX: Fix a few WCAG color scheme contrast issues (#16554) 2022-04-25 17:07:35 -04:00
Kris 4157403308
UX: organize topic admin menu into groups (#16489) 2022-04-25 16:02:41 -04:00
Roman Rizzi 2a96bca7a1
FIX: Correctly handle the print param on topics#show. (#16555)
The controller incorrectly sets print to true when passing `print=false`, which causes the rate limit to perform.
2022-04-25 16:04:13 -03:00
Roman Rizzi 068e93534c
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542)
Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around.
2022-04-25 14:49:36 -03:00
Joffrey JAFFEUX 596469a712
REFACTOR: live-development.js (#16548)
- drop jquery
- replaces setTimeout by later
- removes dead code which is not even working today
2022-04-25 19:34:16 +02:00
ValdikSS f7540aa52f
FIX: properly clean Thunderbird emails, don't remove links (#16543)
Mozilla Thunderbird email client add links into HTML as follows:

`<p>The link: <a class="moz-txt-link-freetext" href="https://google.com">https://google.com</a></p>`

Current filtering rules strip out the link, leaving only `<p>The link: </p>`.
Properly strip only unnecessary information: quote prefix, signature, forwarded message header.
2022-04-25 12:57:56 -04:00
David Taylor 922fbe82da
DEV: Ensure `custom_fields_clean?` returns false when values change (#16552)
We were calling `dup` on the hash and using that to check for changes. However, we were not duplicating the values, so changes to arrays or nested hashes would not be detected.
2022-04-25 17:19:39 +01:00
David Taylor 32346f4ba5
FIX: Ensure lazy-load-images does not remove entire `img.style` (#16553)
Other things may have added things to the style attribute (e.g. the `image-aspect-ratio` decorator).

Unfortunately this is difficult to add a test for because `lazy-load-images` leans on the `onload` event. We have no control over image loading in tests, so race conditions would be very likely.
2022-04-25 17:19:25 +01:00
Jarek Radosz 06462631c4
DEV: Fix test hook placement (#16551)
It was incorrectly put inside the pretender block.
2022-04-25 15:07:55 +02:00
Joffrey JAFFEUX 7f55c9c502
REFACTOR: add-archetype-class mixin (#16546) 2022-04-25 13:16:43 +02:00
dependabot[bot] ab1fe24241
Build(deps): Bump rubocop from 1.27.0 to 1.28.2 (#16549)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.27.0 to 1.28.2.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.27.0...v1.28.2)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 11:47:12 +02:00
dependabot[bot] a87b623ad8
Build(deps-dev): Bump rspec-rails from 5.1.1 to 5.1.2 (#16545)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: rspec-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 11:36:03 +02:00
dependabot[bot] 164a61d536
Build(deps): Bump regexp_parser from 2.3.0 to 2.3.1 (#16544)
Bumps [regexp_parser](https://github.com/ammar/regexp_parser) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ammar/regexp_parser/releases)
- [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ammar/regexp_parser/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: regexp_parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 11:35:44 +02:00