Commit Graph

34595 Commits

Author SHA1 Message Date
Sam Saffron 926bd712bf DEV: improve flaky spec
This handles a lot of date calculations, keep the baseline time consistent
so it is not prone to issues when running out UTC threshold
2019-10-04 11:11:03 +10:00
Sam Saffron a49e484519 DEV: correct flaky test testing message content
This test was expecting user id ordering which is not really required.
Order of users does not matter
2019-10-04 09:56:28 +10:00
Sam Saffron 6471fbd453 FIX: maxminddb:get task no longer working
Following our zeitwerk upgrade we needed to be more explicit about the
require
2019-10-04 09:47:33 +10:00
Sam Saffron 1d5c2b36f6 DEV: improve diagnostics on mem leak checker
This adds mwrap logging to each iteration so we can see how much
leaks per iteration and where it is coming from
2019-10-04 09:47:33 +10:00
tshenry df02930c67
Correct filename typo 2019-10-03 15:08:56 -07:00
Osama Sayegh e27f332318
PERF: speed up about page render time and limit category mods (#8112)
* PERF: speed up about page render time and limit category mods

* Remove return

* Remove widgets

* Convert admins and mods lists

* Rename component

* Apply Joffrey's patch

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Make limit 100
2019-10-03 21:48:56 +03:00
Jeff Wong d6b39dc01d REFACTOR: use const rather than var 2019-10-03 11:45:03 -07:00
Kris 0744e70022 UX: restrict tall modal height to viewport % 2019-10-03 13:16:28 -04:00
Robin Ward a404cab509 The generated plugin should also freeze strings 2019-10-03 11:43:36 -04:00
Robin Ward 32a11a93ac Update the template for plugin generator to be rubocop compliant 2019-10-03 11:41:53 -04:00
Roman Rizzi 10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Joffrey JAFFEUX aaf15944f8
FIX: errors due to confusion between trustLevel and trust_level (#8149) 2019-10-03 08:52:07 -04:00
Mark VanLandingham 1e2aa263a9 FIX: update user vote count on topic trash/recover (#8144) 2019-10-03 07:53:48 -04:00
Penar Musaraj fa1ed9799c UX: Fix composer layout in Android
Viewport-relative height causes title to be below address bar in Android
2019-10-03 07:43:54 -04:00
Sam Saffron 038a38ae1c DEV: add debugging scripts for memory leaks
These scripts are somewhat rough but I needed them to help debug a memory
leak we have noticed in rails 6.

The biggest object script finds all the biggest objects we have in memory
after boot.

The test memory leak runs a very simple iteration through all multisites
and observed memory.
2019-10-03 16:36:31 +10:00
Penar Musaraj 45a55a3abf FIX: Correct position of topic progress in iOS when composer is visible
This fix is needed due to what feels like an iOS Safari bug. The CSS rule `margin-bottom: env(safe-area-inset-bottom);` should not apply to the topic progress element when the composer is visible, because the element is not near the bottom of the viewport.
2019-10-02 20:54:11 -04:00
Penar Musaraj 1051a95160 UX: Trigger composer resize when dismissing keyboard in iPad 2019-10-02 20:20:50 -04:00
Krzysztof Kotlarek 31e7a93414
FIX: broken rubocop by empty line in application.rb (#8148) 2019-10-03 10:10:36 +10:00
Krzysztof Kotlarek 8c7568bd0c FIX: autoload lib/ path for Sidekiq (#8147)
Discussed here: https://meta.discourse.org/t/sidekiq-fails-to-start-after-zeitwerk-on-docker-dev/130031/13
2019-10-03 09:54:35 +10:00
Sam Saffron 1c3cbbe883 UX: bypass chrome autocomplete when editing admin text fields
Same issue as: 918a0ea3

off is ignored in chrome per: https://bugs.chromium.org/p/chromium/issues/detail?id=587466
2019-10-03 09:01:55 +10:00
Martin Brennan 61868e50cb Check webauthn support when registering security keys (#8146) 2019-10-03 08:26:26 +10:00
Joffrey JAFFEUX 91dd6aacfb
FIX: ensures chart parent element is still present before render (#8145) 2019-10-02 17:54:30 -04:00
Joffrey JAFFEUX 29659ef31e
DEV: updates emojis images to latest version available on unicode site (#8143) 2019-10-02 17:50:53 -04:00
Joffrey JAFFEUX 4cec575ad8
FIX: EmojiOne is now JoyPixels (#8142) 2019-10-02 16:01:22 -04:00
Justin DiRose 63fabdb6f2 FIX: first post true if user creates topic first (#8139)
Reported here: https://meta.discourse.org/t/user-was-banned-for-posting-a-reply-within-3-seconds/128823/12
The problem here is the user could create a topic, then reply and get
silenced on the second time (though technically their first post) for being below the
min_first_post_typing_time threshold.
2019-10-02 15:51:40 -04:00
Jeff Wong dbb33f08a9 REFACTOR: clean-up webauthn mobile view 2019-10-02 11:49:36 -07:00
Martin Brennan 9f5ec7154d [FIX] Webauthn security key fixes after real-world usage (#8135)
* Fix broken security key 2FA on mobile login.hbs

* Show nicer error message when a security key already exists

* [COPY] Disable -> Delete for security key editing

* Standardize UI elements in 2FA prefs password confirmation

* Minor fixes to label location for resetPasswordProgress
2019-10-02 11:47:29 -07:00
Penar Musaraj eeea016f23 FIX: Show composer above DiscourseHub app nav on iPad 2019-10-02 14:13:33 -04:00
Penar Musaraj ea4e9dba8e FIX: Apply Visual Viewport composer height calc in iOS only 2019-10-02 13:37:41 -04:00
Joffrey JAFFEUX d0390fba3e
UX: displays reads/likes in the same order that post menu buttons (#8140) 2019-10-02 13:00:47 -04:00
Penar Musaraj ceb29d3eea UX: Full viewport composer layout on iPad
Partially reverts 94ab48c by using Safari hacks on iPad again.

This brings parity in the composer UI between iPhones and iPads

Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
2019-10-02 12:36:11 -04:00
Joffrey JAFFEUX 7f114ef861
DEV: removes dead code (#8130)
This commit also refactors the new code which did make this dead code
2019-10-02 12:15:11 -04:00
Joffrey JAFFEUX fb66ddf161
DEV: removes dead coded (#8129)
As per sam:

b9ccf4d09c/app/assets/javascripts/discourse.js 1

We used to put (*) topic title for certain cases, something that we totally stopped doing.
2019-10-02 12:13:39 -04:00
Daniel Waterworth 1fdba2c5b2 FIX: Harden DistributedMutex
Threadsafety

  Since we use the same redis connection in multiple threads, a rogue
  transaction in another thread can trample the connection state
  (watched keys) that we need to acquire and release the lock properly.

  This is fixed by preventing other threads from using the connection
  when we are performing these actions.

Off-by-one error

  A distributed mutex is now consistently determined to be expired if
  the current time is strictly greater than the expire time.

Unwatch before transaction

  Since the redis connection is used by so much of the code, it is
  difficult to ensure that any watched keys have been cleared. In order
  to defend against this rogue connection state, an unwatch has been
  added before locking and unlocking.

Logging

  Hopefully this log message is more clear.
2019-10-02 13:00:41 +00:00
Joffrey JAFFEUX ef610af328
FIX: exception with triggerRefresh and subcat listing (#8131)
Clicking fast on the "top", "unread", or "latest" button  when browsing a parent category page with subcategories and the setting `Show subcategory list above topics in this category` enabled would cause an exception:

```
Uncaught Error: Nothing handled the action 'triggerRefresh'. If you did handle the action, this error can be caused by returning true from an action handler in a controller, causing the action to bubble.
```
2019-10-02 07:51:23 -04:00
Krzysztof Kotlarek 302e8f4393 FIX: Use migrations path for post_migrate (#8133)
That is a problem after upgrade to Rails 6. It was partially fixed here: 025d4ee91f
2019-10-02 15:28:38 +10:00
Sam Saffron 34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Michael Brown dbe0111822 FEATURE: allow UploadRecovery to be run on a single post (#8094) 2019-10-02 14:57:36 +10:00
Krzysztof Kotlarek 35b1185a08 FIX: Revert Demon::DemonBase back to Demon::Base (#8132)
I introduced DemonBase because I had got some conflict between `demon/base.rb` and `jobs/base.rb`, however, to not rename base class, it is possible to use regex on absolute path in Zeitwerk custom inflector.
2019-10-02 14:54:08 +10:00
Sam Saffron 55ee9abecb DEV: clean up dependencies in spec
Follow up on zeitwork we needed to be a bit more explicit about a few
dependencies internally.

On certain orders the test suite could fail.
2019-10-02 14:50:54 +10:00
Sam Saffron 3f6af54fe1 DEV: minor fixes related to zeitwerk
A couple of specs stopped working post zeitwerk. Adding missing require
corrected inheritance to avoid a circular ref.
2019-10-02 14:28:18 +10:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Rafael dos Santos Silva 45ff119f27 FIX: Try to match advanced tutorial reset first (#8048)
Advanced trigger is currently broken on:

    ca
    es
    et
    fr
    he
    it
    pt_BR

And that is because the translation levels for the plugin are kinda low, so I would guess it's broken for half the languages.

Since we have only two tracks for a while now, a quick fix to me is inverting the selectors.

This patch works because the advanced key is "larger" than the new user one.
2019-10-02 11:55:47 +10:00
Konrad Borowski 90a8852b63 List dots as a valid character in usernames (#8108) 2019-10-02 11:42:18 +10:00
Ryan Boder b7ebe574df FEATURE: Add topic and category context to post webhook payload (#8110)
Adds additional fields topic_archetype and category_slug to the post
webhook so that handlers have some context about the post event without
having to call back to the API.

Discussed [here](https://meta.discourse.org/t/webhooks-how-best-to-differentiate-a-pm-from-a-public-post/76363/13).
2019-10-02 11:41:33 +10:00
Joffrey JAFFEUX 3ee6e859ec FIX: prevents trigger post read count update on non existing post (#8128) 2019-10-02 10:57:34 +10:00
Joffrey JAFFEUX e5af03be01 DEV: prevents attemps to redefine THEME_TARGETS constant (#8121) 2019-10-02 10:54:31 +10:00
Joffrey JAFFEUX 6e815ba032 DEV: adds discourse:focus-changed app event (#8123) 2019-10-02 10:53:51 +10:00
Krzysztof Kotlarek f331b5eab2 FEATURE: topic title is validated for blocked words (#8127)
Currently, the topic is only validated for censored words and should be validated for blocked words as well.

Blocked word validation is now used by both Post and Topic. To avoid code duplication, I extracted blocked words validation code into separate Validator, and use it in both places.

The only downside is that even if the topic contains blocked words validation message is saying "Your post contains a word that's not allowed: tomato" but I think this is descriptive enough.
2019-10-02 10:38:34 +10:00