Commit Graph

11975 Commits

Author SHA1 Message Date
Loïc Guitaut 160011793a Revert "DEV: Upgrade Rails to version 7.1 (#27539)"
This reverts commit ca4af53be8.
2024-06-21 11:20:40 +02:00
Kelv 60d5170587
DEV: add validation on content_security_policy_script_src site setting (#27564)
* DEV: add validation on content_security_policy_script_src site setting
2024-06-21 17:00:22 +08:00
Loïc Guitaut ca4af53be8 DEV: Upgrade Rails to version 7.1 (#27539)
* DEV: Upgrade Rails to 7.1

* FIX: Remove references to `Rails.logger.chained`

`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.

* DEV: Make parameters optional to all FakeLogger methods

* FIX: Set `override_level` on Logster loggers (#27519)

A followup to f595d599dd

* FIX: Don’t duplicate Rack response

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-21 09:44:06 +02:00
Régis Hanol 22128ff1ab
FIX: post revision serializer when tags is a string (#27499)
In some instances, the `modifications` of `tags` hasn't been properly serialized as a Ruby array but rather as a string (I've seen `""`, `"[]"`, and `"[\"\"]"`).

This generates an error when we try to `filter_tags` and remove `hidden_tags` (which is an array) from `tags` which might be a string.

Internal ref - t/131126

I wasn't able to figure out the root cause of this so I reverted the behavior that was introduced ~6 years ago in f2c060bdf2
2024-06-21 08:09:21 +10:00
Penar Musaraj 33de5abb6e
DEV: Extract theme resolution to a helper (#27426)
This ensures that the theme id is resolved as early as possible in the
request cycle. This is necessary for the custom homepage to skip
preloading the wrong data.
2024-06-20 11:33:46 -04:00
Sam d29160131d
FEATURE: enable list keyboard shortcuts on filter route (#27551)
Previously filter route was not setting topic list, this meant that
keyboard navigation using "G" "J" was not functioning.

This amends it by ensuring the list is set after looking up the model.
2024-06-20 21:28:52 +10:00
Loïc Guitaut 982c005979 Revert "DEV: Upgrade Rails to version 7.1 (#27539)"
This reverts commit 2301dddcff.
2024-06-20 11:43:35 +02:00
Loïc Guitaut 2301dddcff
DEV: Upgrade Rails to version 7.1 (#27539)
* DEV: Upgrade Rails to 7.1

* FIX: Remove references to `Rails.logger.chained`

`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.

* DEV: Make parameters optional to all FakeLogger methods

* FIX: Set `override_level` on Logster loggers (#27519)

A followup to f595d599dd

* FIX: Don’t duplicate Rack response

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-06-20 10:33:01 +02:00
Krzysztof Kotlarek 0e1102b332
FIX: do not force configure 2FA when OAuth and not enforced (#27547)
In this PR we introduced `enforce_second_factor_on_external_auth` setting https://github.com/discourse/discourse/pull/27506

When it is set to false and the user is authenticated via OAuth, then we should not enforce the 2fa configuration.
2024-06-20 11:49:46 +10:00
Rafael dos Santos Silva b2a9676f0b
FEATURE: Support Spotify Onebox (#27540) 2024-06-19 13:27:27 -03:00
Jarek Radosz e29dfe1380
FIX: Restore user-cards in composer preview (#27514)
The ability to display them was lost in 91456ad2cb
2024-06-19 14:41:32 +02:00
Ted Johansson 96a0781bc1
FIX: Avoid duplicating e-mail body in summary e-mail (#27535)
We recently fixed a problem where secure upload images weren't re-attached when sending the activity summary e-mail.

This fix contained a bug that would lead to n copies of the e-mail body being included, n being the number of duplicates. This is because #fix_parts_after_attachments! was called once per attachment, and adding more parts to the multipart e-mail.

This PR fixes that by:

Adding a failing test case for the above.
Moving the looping over multiple posts into #fix_parts_after_attachments! itself.
2024-06-19 20:11:47 +08:00
Bianca Nenciu 2ce83b4d2e
FIX: Do not extract links for hotlinked images (#27538)
When a post is cooked the links are extracted and `TopicLink` instances
are created for each of them. These links are used in various places,
including the topic view, user summary page, etc.

In previous commit 48e5d1a, hotlinked images from Oneboxes have been
ignored from the texts, but hotlinked images turned into Lightboxes
were still extracted.
2024-06-19 14:25:29 +03:00
Ted Johansson 9468e0c0f2
DEV: More robust referrer host parsing (#27534) 2024-06-19 16:30:40 +08:00
Ted Johansson 9cc030fe8d
DEV: Ensure digest e-mail secure image test uses actual digest e-mail (#27532)
The test that checks that securely uploaded images are re-attached to the digest e-mail wasn't rendering the actual digest e-mail template. This change fixes that.
2024-06-19 14:33:57 +08:00
Martin Brennan 83361b2fc5
FEATURE: Introduce site settings which require confirmation (#27315)
Many site settings can be distructive or have huge side-effects
for a site that the admin may not be aware of when changing it.

This commit introduces a `requires_confirmation` attribute that
can be added to any site setting. When it is true, a confirmation
dialog will open if that setting is changed in the admin UI,
optionally with a custom message that is defined in client.en.yml.

If the admin does not confirm, we reset the setting to its previous
clean value and do not save the new value.
2024-06-19 16:01:24 +10:00
Ted Johansson 3ff7ce78e7
FEATURE: Add hidden site setting to list 'unsafe-none' COOP referrers (#27510)
Some tooling may rely on an unsafe-none cross origin opener policy to work. This change adds a hidden site setting that can be used to list referrers where we add this header instead of the default one configured in cross_origin_opener_policy_header.
2024-06-19 11:11:35 +08:00
Natalie Tay 489aac3fdd
FIX: Disallow table cells to be weighted actual articles can be main content (#27508)
For Topic Embeds, we would prefer <article> to be the main article in a topic, rather than a table cell <td> with potentially a lot of data. However, in an example URL like here, the table cell (the very large code snippet) is seen as the Topic Embed's article due to the determined content weight by the Readability library we use.

In the newly released 0.7.1 cantino/ruby-readability#94, the library has a new option to exclude the library's default <td> element into content weighting. This is more in line with the original library where they only weighted <p>. So this PR excludes the td, as seen in the tests, to allow the actual article to be seen as the article. This PR also adds the details tag into the allow-list.
2024-06-19 09:50:49 +08:00
Martin Brennan ebdbb199a5
FIX: Rejection email sent even if reject reason too long (#27529)
Followup 6b872c4c53

Even though we were showing a validation error for a reject
reason that was too long, we were still sending an email and
doing other operations on the user which we are rejecting.

This commit fixes this by validating the reviewable model
before attempting to do anything else after the reason is set.
2024-06-19 11:07:23 +10:00
Krzysztof Kotlarek cc4c199680
FEATURE: optional 2FA enforcement (#27506)
A new admin setting called `enforce_second_factor_on_external_auth`. It allows users to authenticate using external providers even when 2FA is forced with `enforce_second_factor` site setting.
2024-06-19 09:32:30 +10:00
Jarek Radosz 9568a7e542
DEV: Remove repeated `sign_in` calls (#27521)
There's already a `before { sign_in }` in this spec file
2024-06-19 07:21:38 +08:00
Jarek Radosz 5cb84f8dcf
DEV: Revert rails 7.1 upgrade (#27522)
* Revert "FIX: Set `override_level` on Logster loggers (#27519)"

This reverts commit c1b0488c54.

* Revert "DEV: Make parameters optional to all FakeLogger methods"

This reverts commit 3318dad7b4.

* Revert "FIX: Remove references to `Rails.logger.chained`"

This reverts commit f595d599dd.

* Revert "DEV: Upgrade Rails to 7.1"

This reverts commit 081b00391e.
2024-06-18 23:48:30 +02:00
Loïc Guitaut 3318dad7b4 DEV: Make parameters optional to all FakeLogger methods 2024-06-18 19:06:24 +02:00
Loïc Guitaut f595d599dd FIX: Remove references to `Rails.logger.chained`
`Rails.logger.chained` was provided by Logster before Rails 7.1
introduced their broadcast logger. Now all the loggers are added to
`Rails.logger.broadcasts`.

Some code in our initializers was still using `chained` instead of
`broadcasts`.
2024-06-18 17:46:40 +02:00
Loïc Guitaut 081b00391e DEV: Upgrade Rails to 7.1 2024-06-18 15:58:05 +02:00
Loïc Guitaut 2a22a3b51d FIX: Treat corrupt cache as cache miss
Currently when a cache entry is corrupt, we log the event without doing
anything else. It means the cache is still corrupt, and the proper value
isn’t computed again.

Normally, it’s very rare the cache becomes corrupt, but it can happen
when upgrading Rails for example and the cache format changes. This is
normally handled automatically by Rails but since we’re using a custom
cache class, we have to do it ourselves.

This patch takes the same approach the Rails team did, when a cache
entry is corrupt, we treat it as a miss, recomputing the proper value
and caching it in the new format.
2024-06-18 14:47:33 +02:00
Régis Hanol 53b3d2f0dc FIX: BBCode tag parser
Wasn't quite handling the cases where a closing bracket `]` was used in the value of one of the attributes.

```markdown
[chat quote=user channel="[broken]"]
```

Would not be correctly parsed because we would _greedily_ use the first `]` as the end of the tag even though it might be a valid character when inside proper quotes.

c39a4de139/app/assets/javascripts/discourse-markdown-it/src/features/bbcode-block.js (L62)

Re-wrote the `parseBBCodeTag` to properly handle the following cases

- A closing tag (aka `[/name]`) which are easy since they don't have any attributes
- An old `[quote=...]` format we used that doesn't uses quotes but still has various attributes of the form `key:value`
- All three valid BBCode opening tag formats we support
  - `[name]` without any attributes
  - `[name=foo]` with a default value
  - `[name foo=bar]` with some attributes

Ended up having to fix/rewrite the few bbcode rules that were using the `parseBBCodeTag` function, namely `d-wrap` and `discourse-local-dates`.

While working on this, I think I also found a way to get rid the of shims we had in place so that plugins could use the `parseBBCodeTag` function.

Reference - https://meta.discourse.org/t/having-a-right-bracket-in-a-channel-name-breaks-all-quotes-from-that-channel/308439
2024-06-18 10:47:18 +02:00
Kelv 2393234be5
DEV: remove legacy CSP implementation to make strict-dynamic only accepted behaviour (#27486)
* DEV: remove legacy CSP implementation that allowed for non-strict-dynamic behaviour
2024-06-18 16:40:53 +08:00
Martin Brennan 6b872c4c53
FIX: Bump reject_reason limit for reviewables to 2000 characters (#27507)
Followup 783c935dcb

Some admins were finding that the limit introduced above was
too short especially when sending an email to rejected users.
This commit bumps the limit from 500 to 2000 and also fixes
an issue where the friendly error message was not shown in
the browser.

c.f. https://meta.discourse.org/t/500-character-reject-reason-is-too-small-a-limit/291884
2024-06-18 15:49:58 +10:00
Daniel Waterworth 0a881a59d3
DEV: Don't enforce per ip rate limits for admin api requests (#27500) 2024-06-17 13:21:11 -05:00
Daniel Waterworth 63e8c79e2f
FIX: Make edit categories sidebar modal work more intuitively (#27111)
* Load search results in displayed order so that when more categories are loaded on scroll, they appear at the end,
 * Limit the number of subcategories that are shown per category and display 'show more' links,
2024-06-14 11:37:32 -05:00
Renato Atilio 49fdccbb1d
FIX: restrict a href protocols on form template description (#27472) 2024-06-14 11:39:43 -03:00
Osama Sayegh 4aea12fdcb
DEV: Allow fetching specific site settings and introduce a service for updating site settings (#27481)
This commit adds ability to fetch a subset of site settings from the `/admin/site_settings` endpoint so that it can be used in all places where the client app needs access to a subset of the site settings.

Additionally, this commit also introduces a new service class called `UpdateSiteSetting` that encapsulates all the logic that surrounds updating a site setting so that it can be used to update site setting(s) anywhere in the backend. This service comes in handy with, for example, the controller for the flags admin config area which may need to update some site settings related to flags.

Internal topic: t/130713.
2024-06-14 13:07:27 +03:00
Daniel Waterworth a1d881f625
DEV: Add test to ensure /categories/search doesn't return secret categories (#27469) 2024-06-13 12:17:15 -05:00
Gabriel Grubba 93c2ae585c
FEATURE: Add tag_group option in `/filter` (#27427)
* FEATURE: Add tag_group option in `/filter`

* DEV: Update tag_group_filter in `/filter` to use SQL

* DEV: Add guardian to `/filter` by tag_group

* DEV: remove unused code

* DEV: Update tag_group filter implementation

* DEV: Add tests to tag_group filter
2024-06-13 14:03:49 -03:00
Loïc Guitaut c790c57415 DEV: Show parameters on a service contract failure
Now, when calling `StepsInspector#error` on a contract failure, the
output will contain the parameters provided to the contract.
2024-06-13 12:19:26 +02:00
Alan Guo Xiang Tan ae1d8c50da
DEV: Add ability to log a warning when Sidekiq job runs for too long (#27446)
This commits introduces the `sidekiq_report_long_running_jobs_minutes`
global setting which allows a site administrator to log a warning in the
Rails log when a Sidekiq job has been running for too long.

The warning is logged with the backtrace of the thread that is
processing the Sidekiq job to make it easier to figure out what a
sidekiq job is stuck on.
2024-06-13 14:24:44 +08:00
Martin Brennan e94ab11477
DEV: Allow for setting a message with SiteSetting.set_and_log (#27447)
When we turn on settings automatically for customers,
we sometimes use `.set_and_log` which will make a staff
action log for the site setting change. This is fine, but
there is no context for customers.

This change allows setting a message with `.set_and_log`, which
will be stored in the `details` column of the staff action log
created, which will show up on `/admin/logs/staff_action_logs`

---------

Co-authored-by: Kelv <kelv@discourse.org>
2024-06-13 14:59:49 +10:00
Ted Johansson a5df029be3
FIX: Email::Sender expects type to be a string (#27463)
In #26642 we introduced a change that re-attaches securely uploaded images in the digest e-mail. However, this change assumed that the type argument to the Email::Sender constructor would be a symbol, but when it is coming from the UserEmail job it is a string. This PR fixes that.
2024-06-13 11:53:25 +08:00
Alan Guo Xiang Tan 1f4aa343d8
DEV: Move spec file to right folder (#27449)
Spec file is not being run because it was in the wrong folder.
2024-06-13 06:38:03 +08:00
Loïc Guitaut ed49f41d92 FIX: Use the proper i18n argument name 2024-06-12 11:11:02 +02:00
Sam dc8249c08a
FEATURE: align with /filter and allow multiple category search (#27440)
This introduces the syntax of

`category:a,b,c` which will search across multiple categories.

Previously there was no way to allow search across a wide selection of
categories.
2024-06-12 16:06:04 +10:00
Guhyoun Nam 30f369fffe
FIX: fix Webhook events filter 'loadMore' not taking params (#27403)
After working on the Webhook events filter by Status, I noticed that the 'Delivered' and 'Failed' options do not take the status param when loading more than fifty Webhook events. It causes to load all Webhook events regardless of its status after the first load.

This PR is adding webhook events status for the filter to the param when loading more than fifty Webhook events.
2024-06-11 20:17:47 -05:00
Alan Guo Xiang Tan 0b8e6e7d1d
DEV: Fix broken `discourse_ip_info_spec` (#27439)
This is a follow-up to 781a5f60ea
2024-06-12 07:51:45 +08:00
Alan Guo Xiang Tan 781a5f60ea
DEV: Move RSpec test file into test folder (#27437)
Test was not being run because it was in the wrong folder
2024-06-12 06:58:44 +08:00
Arkshine 1fffb236b2 FIX: crawler requests exceptions for non UTF-8 user agents with invalid bytes 2024-06-11 14:02:46 +02:00
Alan Guo Xiang Tan 27efa2d8b7
DEV: Increment attempts for ce91767b90 (#27413)
If we don't increment attempts, we will retry forever.
2024-06-11 16:05:38 +08:00
Alan Guo Xiang Tan ce91767b90
DEV: Try another workaround for `getaddrinfo: Temporary failure in name resolution` (#27410)
This commit tries another work around for the `Socket::ResolutionError: getaddrinfo: Temporary failure in name resolution`
error we are seeing on CI.

The problem with the previous workaround is that `Capybara.using_session` will attempt to resolve `localhost`
before yielding the block which means our retry code is not hit.

This problem may be related to https://bugs.ruby-lang.org/issues/20172
which hints at us potentially not being able to spin up threads on CI so
I'm adding a debugging statement when stuff fails.
2024-06-11 14:49:01 +08:00
David Taylor 565c753dd2
DEV: `@babel/plugin-proposal-decorators` -> `decorator-transforms` (#27260)
decorator-transforms (https://github.com/ef4/decorator-transforms) is a modern replacement for babel's plugin-proposal-decorators. It provides a decorator implementation using modern browser features, without needing to enable babel's full suite of class feature transformations. This improves the developer experience and performance.

In local testing with Google's 'tachometer' tool, this reduces Discourse's 'init-to-render' time by around 3-4% (230ms -> 222ms).

It reduces our initial gzip'd JS payloads by 3.2% (2.43MB -> 2.35MB), or 7.5% (14.5MB -> 13.4MB) uncompressed.

This was previously reverted in 97847f6. This version includes a babel transformation which works around the bug in Safari <= 15.

For Cloudflare compatibility issues, check https://meta.discourse.org/t/311390
2024-06-10 15:51:48 +01:00
Gerhard Schlager 7bdf47b864 FIX: `HtmlToMarkdown` should keep HTML entities for <, > and & within HTML elements
Not all HTML elements are converted into Markdown. Some are kept as HTML.
Without this fix XML/HTML entities that are formatted as text instead of code are swallowed by Discourse.
This also fixes quotes in the `title` attribute of the `<abbr>` tag.
2024-06-10 16:03:30 +02:00
Gerhard Schlager 3c9d61d302 FIX: `HtmlToMarkdown` didn't keep text from within `<center>` tag
It should ignore the `<center>` tag, but keep the text from within the element.
2024-06-10 16:03:30 +02:00
Gerhard Schlager b01905c724 FIX: `HtmlToMarkdown` didn't support `tfoot` in tables 2024-06-10 16:03:30 +02:00
Gerhard Schlager 52e81582b4 FEATURE: Use basic HTML table if it can't be converted to Markdown
Previously `HtmlToMarkdown` always converted HTML tables into Markdown tables. That lead to some badly formatted Markdown tables, e.g. when the table contained `rowspan` or `colspan`. This solves the issue by using very basic HTML tables in those cases.
2024-06-10 16:03:30 +02:00
Gerhard Schlager b8f2cbf41c DEV: Add `additional_allowed_tags` to `HtmlToMarkdown`
Import script often use subclasses of `HtmlToMarkdown` and might need to allow additional tags that can be used within the custom class.
2024-06-10 16:03:30 +02:00
Jan Cernik 1a42249bd8
UX: Show message and chat buttons on hidden profiles (#27326) 2024-06-10 10:38:22 -03:00
Alan Guo Xiang Tan adc824a9bc
FIX: `Jobs::EnsureS3UploadsExistence` broken for multisite (#27401)
This is a follow-up to 8cf4ed5f88.
2024-06-10 16:26:39 +08:00
Alan Guo Xiang Tan 95ed8d05bf
DEV: Fix missing require in `spec/support/fake_s3` (#27399)
When running ` rspec spec/services/external_upload_manager_spec.rb`
in the development environment, tests were failing with the following
error:

```
NameError:
  uninitialized constant FakeS3::Aws
```
2024-06-10 14:02:48 +08:00
Alan Guo Xiang Tan 8cf4ed5f88
DEV: Introduce hidden `s3_inventory_bucket` site setting (#27304)
This commit introduces a hidden `s3_inventory_bucket` site setting which
replaces the `enable_s3_inventory` and `s3_configure_inventory_policy`
site setting.

The reason `enable_s3_inventory` and `s3_configure_inventory_policy`
site settings are removed is because this feature has technically been
broken since it was introduced. When the `enable_s3_inventory` feature
is turned on, the app will because configure a daily inventory policy for the
`s3_upload_bucket` bucket and store the inventories under a prefix in
the bucket. The problem here is that once the inventories are created,
there is nothing cleaning up all these inventories so whoever that has
enabled this feature would have been paying the cost of storing a whole
bunch of inventory files which are never used. Given that we have not
received any complains about inventory files inflating S3 storage costs,
we think that it is very likely that this feature is no longer being
used and we are looking to drop support for this feature in the not too
distance future.

For now, we will still support a hidden `s3_inventory_bucket` site
setting which site administrators can configure via the
`DISCOURSE_S3_INVENTORY_BUCKET` env.
2024-06-10 13:16:00 +08:00
Alan Guo Xiang Tan 3bff633ce0
DEV: Monkey patch `Capybara.using_session` to resolve `localhost` in CI (#27398)
This is a follow up to 9ff0805a1d. We
noticed that `localhost` can fail to resolve in other spots of the app
and not just in selenium-webdriver.

From the failing tests we have seen, the `getaddrinfo: Temporary failure in name resolution` error is only
seen from within the `Capybara.using_session` block. This commit aims to
ensure that `localhost` can be resolve after the new session is started.
2024-06-10 13:14:50 +08:00
Guhyoun Nam c13f64d35b
FEATURE: Add Filter for Webhook Events by Status (#27332)
* FEATURE: Add Filter for Webhook Events by Status

* Fixing multiple issues

* Lint

* Fixing multiple issues

* Change the range of the status for webhook events
2024-06-07 10:26:00 -05:00
Krzysztof Kotlarek 35792ea18c
FIX: flaky specs related to flags (#27380)
Because the flag was not reloaded and contained old values, `update! `was not triggered and didn't clean flags to the original state.
2024-06-07 13:53:40 +10:00
Martin Brennan 36dbf06fe9
FEATURE: Use new topic bulk actions dropdown on search page (#27303)
We want to get rid of the old topic bulk actions modal
and use the new dropdown (currently gated behind
experimental_topic_bulk_actions_enabled_groups). To do
this we need to use the new dropdown in all places in the
UI.

This commit changes the full page search UI to use the new
topic bulk actions dropdown if experimental_topic_bulk_actions_enabled_groups
is enabled, and makes some minor refactors to make this work.
Also add a spec for both the old and new functionality.
2024-06-07 10:41:42 +10:00
Alan Guo Xiang Tan 6e56a76b20
DEV: Fix flaky login and activate account system test (#27371)
After clicking activate, we cannot manually visit "/" and instead need
to wait for the response from the server in order for the user to be
signed in.
2024-06-06 15:09:50 +08:00
Alan Guo Xiang Tan 952f69ce60
FIX: User can't reset password with backup codes when only security key is enabled (#27368)
This commit fixes a problem where the user will not be able to reset
their password when they only have security keys and backup codes
configured.

This commit also makes the following changes/fixes:

1. Splits password reset system tests to
   `spec/system/forgot_password_spec.rb` instead of missing the system
   tests in `spec/system/login_spec.rb` which is mainly used to test
   the login flow.

2. Fixes a UX issue where the `Use backup codes` or `Use authenticator
   app` text is shown on the reset password form when the user does
   not have either backup codes or an authenticator app configured.
2024-06-06 14:30:42 +08:00
Krzysztof Kotlarek 4b1e017722
FIX: move something else flag to the bottom (#27366)
The mistake was made when flags were moved to the database. The `notify_moderators` (something else) flag should be the last position on the list.

This commit contains 3 changes:
- update fixtures order;
- remove position and enable from fixtures (they can be overridden by admin and we don't want seed to restore them);
- migration to fix data if the order was not changed by admin.
2024-06-06 15:45:30 +10:00
Krzysztof Kotlarek 593a9b05cd
DEV: flaky flags specs (#27362)
When flags are modified, we always need to reset the state to the original values.
2024-06-06 09:40:14 +10:00
Jan Cernik 343430fe77
FIX: password reset with security key (#27358)
This regressed in 0434112.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-06-05 20:26:22 -03:00
Joffrey JAFFEUX 729063e485
FIX: ensures invalid OTP blocks submit (#27352) 2024-06-05 14:45:16 -04:00
Alan Guo Xiang Tan 82383ea776
DEV: Avoid unique validation in `UserPasswordExpirer.expire_user_password` (#27343)
This commit updates the `UserPasswordExpirer.expire_user_password`
method to update `UserPassword#password_expired_at` when an existing
`UserPassword` record exists with the same `password_salt`,
`password_hash` and `password_algorithm`. This is to prevent the unique
validation error on `UserPassword#user_id` and
`UserPassword#password_hash` from being raised when the method is called
twice for a user that has not changed its password.
2024-06-05 15:22:40 +08:00
Martin Brennan 0434112aa7
UX: Streamline reset password page (#27341)
This commit includes various UX improvements to the reset
password page:

* Introduce a `hide-application-header-buttons` helper to do the following:
  * Hide Sign Up and Log In buttons, they are not necessary on this flow
  * Hide the sidebar, it is a distraction on this flow
* Improve messaging when a 2FA confirmation is required first
* Improve display of server-side ActiveRecord model validation errors
  in password form, e.g. instead of "is the same as your current password"
  we do "The password is the same as your current password"
* Move password tip to next line below input and move caps lock hint
  inline with Show/Hide password toggle
* Add system specs for 2FA flow on reset password page
* Fixes a computed property conflict issue on the password reset
   page when toggling 2FA methods
2024-06-05 15:22:59 +10:00
Krzysztof Kotlarek aa88b07640
FEATURE: the ability to change the order of flags (#27269)
Continued work on moderate flags UI.
In this PR admins are allowed to change the order of flags. The notify user flag is always on top but all other flags can be moved.
2024-06-05 13:27:06 +10:00
Krzysztof Kotlarek c1ecbb8d28
UX: move users link to the top of the admin sidebar (#27339)
Before, users link was in the community section.
2024-06-05 12:49:46 +10:00
Alan Guo Xiang Tan 9ff0805a1d
DEV: Monkey patch `Selenium::WebDriver::Platform.localhost` to retry (#27335)
On Github Actions, system tests which uses `Capybara#using_session` are
failing intermittently with the error "Socket::ResolutionError: getaddrinfo: Temporary failure in name resolution"
when `Selenium::WebDriver::Platform.localhost` tries to resolve
`localhost`.

Too much time has been spent trying to figure out why so we are giving
up here and just retrying the resolution of `localhost` on Github
Actions.
2024-06-05 07:54:15 +08:00
Jarek Radosz c972a31819
DEV: Fix typos and formatting (#27320) 2024-06-04 15:16:24 +02:00
David Taylor aa37be3323
UX: Use regular reset-password flow for expired passwords (#27316)
This makes it more obvious what's happening, and makes it much less likely that users will send repeated reset emails (and thereby hit the rate limit)

Followup to e97ef7e9af
2024-06-04 12:47:33 +01:00
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314)
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00
Krzysztof Kotlarek eebf332025
FEATURE: expand the admin sidebar when filtering (#27312)
Even when the admin sidebar sections are collapsed, they should expand while filtering. When the filter is removed, sections should go back to the previous state.

In addition, trim whitespace from the filter section.
2024-06-04 12:23:21 +10:00
Gerhard Schlager 602ef2c819 FIX: Store special characters in permalink URL as encoded characters
see https://meta.discourse.org/t/permalink-not-working-with-cyrilics-symbols/301130
2024-06-03 13:20:24 +02:00
Gerhard Schlager 9061282515 FIX: Permalinks with external URL didn't work with subfolders 2024-06-03 13:20:24 +02:00
Gerhard Schlager 387e906610 REFACTOR: All kinds of permalinks should return relative URLs
Mixing relative and absolute URLs is unnecessary and confusing.
2024-06-03 13:20:24 +02:00
Joffrey JAFFEUX 82cccf89e1
DEV: attempts to remove using_session patch (#27292)
I suspect it's not useful anymore, if it ever was, and might cause more harm than good.
2024-06-03 09:38:03 +02:00
Alan Guo Xiang Tan d68983e060
DEV: Use same `Socket.getaddrinfo` arguments as selenium-webdriver (#27301)
Follow up to c408b53689. We need better
debugging information
2024-06-03 13:11:40 +08:00
Martin Brennan 4b2bd4d682
FEATURE: Allow "move to inbox" and "move to archive" for private messages using new bulk topic dropdown (#27236)
This commit re-introduces the "Move to Inbox" and "Move to Archive"
bulk topic actions, which we had in the old modal but had not yet added
to the new "experimental" dropdown, which isn't really experimental at
this point.

Once this is merged we can remove the old modal and only
rely on the new dropdown.
2024-06-03 14:37:28 +10:00
Alan Guo Xiang Tan c408b53689
DEV: puts debugging information when CI encounters resolution errors (#27300)
We have been seeing flaky socket resolution errors on CI and need more
debugging information to figure out why
2024-06-03 10:26:02 +08:00
Joffrey JAFFEUX 510c022131
FIX: ensures bulk-select is correctly working on mobile (#27290)
Prior to this fix we were opening a modal before closing the `DMenu` modal, given `DModal` expects only one modal at a time it was closing the latest modal and instantly closing the one we just opened.
2024-06-03 10:03:57 +10:00
Jan Cernik 96a686c8dc
DEV: Attempt to fix flaky spec (#27270) 2024-05-31 10:57:43 -03:00
Mark VanLandingham 8eec9da0b4
DEV: Plugin modifier application for About admins (#27261) 2024-05-30 10:44:53 -05:00
Sérgio Saquetim 766231b102
FIX: Prevent crash importing topics on a tagged embeddable host (#27254) 2024-05-30 12:04:36 -03:00
Alan Guo Xiang Tan dc55b645b2
DEV: Allow site administrators to mark S3 uploads with a missing status (#27222)
This commit introduces the following changes which allows a site
administrator to mark `Upload` records with the `s3_file_missing`
verification status which will result in the `Upload` record being ignored when
`Discourse.store.list_missing_uploads` is ran on a site where S3 uploads
are enabled and `SiteSetting.enable_s3_inventory` is set to `true`.

1. Introduce `s3_file_missing` to `Upload.verification_statuses`
2. Introduce `Upload.mark_invalid_s3_uploads_as_missing` which updates
   `Upload#verification_status` of all `Upload` records from `invalid_etag` to `s3_file_missing`.
3. Introduce `rake uploads:mark_invalid_s3_uploads_as_missing` Rake task
   which allows a site administrator to change `Upload` records with
`invalid_etag` verification status to the `s3_file_missing`
verificaton_status.
4. Update `S3Inventory` to ignore `Upload` records with the
   `s3_file_missing` verification status.
2024-05-30 08:37:38 +08:00
Blake Erickson f292e645b9
FEATURE: Show video thumbnail in composer (#27233)
When uploading a video, the composer will now show a thumbnail image in
the composer preview instead of just the video placeholder image.

If `enable_diffhtml_preview` is enabled the video will be rendered in
the composer preview and is playable.
2024-05-29 08:24:29 -06:00
Krzysztof Kotlarek 963b9fd157
FEATURE: admin can disable flags (#27171)
UI for admins to disable system flags.
2024-05-29 14:39:58 +10:00
Jan Cernik 76c56c8284
FIX: Bulk clear reminders when the reminder is expired (#27220) 2024-05-28 10:21:33 -03:00
Jan Cernik 30e963be03
DEV: Add spec for x.com onebox url matcher (#27214) 2024-05-28 09:04:20 -03:00
Martin Brennan 9c85ea5945
DEV: Remove old TODOs for message-id formats (#27196)
Introduced back in 2022 in
e3d495850d,
our new more specific message-id format for inbound and
outbound emails has now been in use for a very long time,
we can remove the support for the old formats:

`topic/:topic_id/:post_id.:random@:host`
`topic/:topic_id@:host`
`topic/:topic_id.:random@:host`
2024-05-28 13:57:09 +10:00
Alan Guo Xiang Tan 4d8eca91ef
Revert "DEV: Use `127.0.0.1` instead of `localhost` as Capybara's server host (#27215)" (#27218)
This reverts commit 998b50fdf4.

Ended up making system tests even more unstable
2024-05-28 11:32:22 +08:00
Martin Brennan 73c6bb2593
FIX: Admin sidebar disappeared on some routes for header dropdown (#27216)
When navigation_menu is set to header dropdown, we are
still forcing admin sidebar by checking if the user is an
admin route (c.f. 9bcbfbba43).

However in the initial commit the route check had the
false premise that all admin routes started with `admin.`;
there are others that don't. We need to force admin sidebar
on all routes starting with `admin` (no `.`).

c.f. https://meta.discourse.org/t/feedback-on-admin-sidebar-when-header-dropdown-navigation-selected/309490/3?u=martin
2024-05-28 11:47:54 +10:00
Alan Guo Xiang Tan 998b50fdf4
DEV: Use `127.0.0.1` instead of `localhost` as Capybara's server host (#27215)
We are seeing a weird resolution error on Github actions with the
following backtrace:

```
Failure/Error:
  visit File.join(
          GlobalSetting.relative_url_root || "",
          "/session/#{user.encoded_username}/become.json?redirect=false",
        )

Socket::ResolutionError:
  getaddrinfo: Temporary failure in name resolution

```

Switch to use `127.0.0.1` instead of forcing a name resolution.
2024-05-28 09:47:22 +08:00
Régis Hanol 5f6b6e9818 FIX: correctly compute the window for email summaries
In 958437e7dd we ensured that the email summaries are properly sent based on 'digest_attempted_at' for people who barely/never visit the forum.

This fixed the "frequency" of the email summaries but introduced a bug where the digest would be sent even though there wasn't anything new since for some users.

The logic we use to compute the threshold date for the content to be included in the digest was

```ruby
@since = opts[:since] || user.last_seen_at || user.user_stat&.digest_attempted_at || 1.month.ago
```

It was working as expected for users who haven never been seen but for users who have connected at least once, we would use their "last_seen_at" date as the "threshold date" for the content to be sent in a summary 😬

This fix changes the logic to be the most recent date amongst the `last_seen_at`, `digest_attempted_at` and `1.month.ago` so it's correctly handling cases where

- user has never been seen nor emailed a summary
- user has been seen in a while but has recently been sent a summary
- user has been sent a summary recently but hasn't been seen in a while.
2024-05-27 22:33:51 +02:00
Loïc Guitaut 2a28cda15c DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
Joffrey JAFFEUX 3b6d4c830f
DEV: correctly delete custom scheme (#27203)
We were adding the custom scheme as a symbol, but trying to delete the string. Which would result in the symbol to not be removed.

This was causing errors in others test:

```
Error encountered while proccessing /admin/color_schemes.json  I18n::MissingTranslationData: Translation missing: en.color_schemes.baseschemewithnohighlightcolor
```

Reproducible with (probably possible to have a simpler repro):

```
bundle exec rspec --order random:27167 spec/integration/invalid_request_spec.rb spec/integration/spam_rules_spec.rb spec/jobs/bulk_invite_spec.rb spec/jobs/change_display_name_spec.rb spec/jobs/cleanup_imap_sync_log_spec.rb spec/jobs/download_backup_email_spec.rb spec/jobs/fix_primary_emails_for_staged_users_spec.rb spec/jobs/fix_s3_etags_spec.rb spec/jobs/pending_users_reminder_spec.rb spec/jobs/periodical_updates_spec.rb spec/jobs/pull_hotlinked_images_spec.rb spec/jobs/regular/group_smtp_email_spec.rb spec/jobs/reindex_search_spec.rb spec/jobs/update_topic_hot_scores_spec.rb spec/jobs/user_email_spec.rb spec/lib/admin_confirmation_spec.rb spec/lib/backup_restore/database_restorer_multisite_spec.rb spec/lib/backup_restore/system_interface_spec.rb spec/lib/bookmark_reminder_notification_handler_spec.rb spec/lib/color_math_spec.rb spec/lib/content_buffer_spec.rb spec/lib/discourse_spec.rb spec/lib/discourse_tagging_spec.rb spec/lib/discourse_webauthn/registration_service_spec.rb spec/lib/email/renderer_spec.rb spec/lib/email_updater_spec.rb spec/lib/ember_cli_spec.rb spec/lib/feed_element_installer_spec.rb spec/lib/file_helper_spec.rb spec/lib/final_destination/resolver_spec.rb spec/lib/freedom_patches/schema_migration_details_spec.rb spec/lib/guardian/post_guardian_spec.rb spec/lib/guardian/topic_guardian_spec.rb spec/lib/message_id_service_spec.rb spec/lib/onebox/domain_checker_spec.rb spec/lib/onebox/engine/google_maps_onebox_spec.rb spec/lib/onebox/engine/google_play_app_onebox_spec.rb spec/lib/onebox/engine/json_spec.rb spec/lib/onebox/engine/reddit_media_onebox_spec.rb spec/lib/onebox/engine/video_onebox_spec.rb spec/lib/onebox/engine/wikipedia_onebox_spec.rb spec/lib/onebox/engine/wistia_onebox_spec.rb spec/lib/post_destroyer_spec.rb spec/lib/post_locker_spec.rb spec/lib/s3_helper_spec.rb spec/lib/s3_inventory_spec.rb spec/lib/scss_checker_spec.rb spec/lib/site_icon_manager_spec.rb spec/lib/site_setting_extension_multisite_spec.rb spec/lib/summarization/base_spec.rb spec/lib/trashable_spec.rb spec/lib/validators/category_search_priority_weights_validator_spec.rb spec/lib/validators/max_username_length_validator_spec.rb spec/lib/validators/regex_presence_validator_spec.rb spec/lib/validators/regexp_list_validator_spec.rb spec/lib/validators/topic_title_length_validator_spec.rb spec/lib/validators/url_validator_spec.rb spec/lib/work_queue_spec.rb spec/mailers/test_mailer_spec.rb spec/mailers/version_mailer_spec.rb spec/models/badge_grouping_spec.rb spec/models/category_featured_topic_spec.rb spec/models/color_scheme_spec.rb spec/models/flag_spec.rb spec/models/given_daily_like_spec.rb spec/models/plugin_store_spec.rb spec/models/screened_url_spec.rb spec/models/site_setting_spec.rb spec/models/tag_spec.rb spec/models/theme_svg_sprite_spec.rb spec/models/top_menu_item_spec.rb spec/models/topic_allowed_user_spec.rb spec/models/topic_converter_spec.rb spec/models/topic_timer_spec.rb spec/models/translation_override_spec.rb spec/models/user_archived_message_spec.rb spec/models/user_email_spec.rb spec/models/user_search_spec.rb spec/models/user_status_spec.rb spec/models/web_hook_event_spec.rb spec/multisite/pausable_multisite_spec.rb spec/multisite/pausable_spec.rb spec/requests/about_controller_spec.rb spec/requests/admin/backups_controller_spec.rb spec/requests/admin/color_schemes_controller_spec.rb spec/requests/admin/email_templates_controller_spec.rb spec/requests/admin/form_templates_controller_spec.rb spec/requests/admin/screened_ip_addresses_controller_spec.rb spec/requests/admin/site_texts_controller_spec.rb spec/requests/api/categories_spec.rb spec/requests/api/site_spec.rb spec/requests/api/tags_spec.rb spec/requests/api/uploads_spec.rb spec/requests/api/users_spec.rb spec/requests/associate_accounts_controller_spec.rb spec/requests/badges_controller_spec.rb spec/requests/csp_reports_controller_spec.rb spec/requests/edit_directory_columns_controller_spec.rb spec/requests/slugs_controller_spec.rb spec/requests/steps_controller_spec.rb spec/requests/stylesheets_controller_spec.rb spec/requests/topic_view_stats_controller_spec.rb spec/requests/user_avatars_controller_spec.rb spec/requests/users_controller_spec.rb spec/script/import_scripts/vanilla_body_parser_spec.rb spec/serializers/basic_reviewable_queued_post_serializer_spec.rb spec/serializers/found_user_serializer_spec.rb spec/serializers/reviewable_flagged_post_serializer_spec.rb spec/serializers/reviewable_queued_post_serializer_spec.rb spec/serializers/reviewable_user_serializer_spec.rb spec/serializers/theme_objects_setting_metadata_serializer_spec.rb spec/serializers/topic_tracking_state_item_serializer_spec.rb spec/serializers/user_summary_serializer_spec.rb spec/serializers/user_with_custom_fields_serializer_spec.rb spec/services/color_scheme_revisor_spec.rb spec/services/email_settings_exception_handler_spec.rb spec/services/notification_emailer_spec.rb spec/services/problem_check/email_polling_errored_recently_spec.rb spec/services/problem_check/missing_mailgun_api_key_spec.rb spec/services/problem_check/unreachable_themes_spec.rb spec/services/site_settings_spec.rb spec/services/topic_timestamp_changer_spec.rb spec/services/username_changer_spec.rb
```
2024-05-27 16:35:42 +02:00
Osama Sayegh 361992bb74
FIX: Apply crawler rate limits to cached requests (#27174)
This commit moves the logic for crawler rate limits out of the application controller and into the request tracker middleware. The reason for this move is to apply rate limits to all crawler requests instead of just the requests that make it to the application controller. Some requests are served early from the middleware stack without reaching the Rails app for performance reasons (e.g. `AnonymousCache`) which results in crawlers getting 200 responses even though they've reached their limits and should be getting 429 responses.

Internal topic: t/128810.
2024-05-27 16:26:35 +03:00
Krzysztof Kotlarek f5516b8088
DEV: clean after replacing flags spec (#27194)
After flags are replaced, we need to bring the state back to the original. Otherwise, it causes flaky specs.
2024-05-27 19:57:41 +08:00
Gerhard Schlager 5e61d55940
FIX: Updating avatar didn't trigger a rebake of posts with quotes of the user (#27184) 2024-05-27 09:57:48 +02:00
Gerhard Schlager 9aede9c8d8
FIX: "Replace Text" didn't list "Welcome Topic" when "General" category is missing (#27182)
Replacing the text of seeded topics doesn't require categories to exist, so this change removes that requirement for updates.
2024-05-27 09:57:30 +02:00
Sam d1191b7f5f
FEATURE: topic_view_stats table with daily fidelity (#27197)
This gives us daily fidelity of topic view stats

New table stores a row per topic viewed per day tracking
anonymous and logged on views

We also have a new endpoint `/t/ID/views-stats.json` to get the statistics for the topic.
2024-05-27 15:25:32 +10:00
Martin Brennan 3a91a92563
DEV: Remove hashtag deprecations (#27195)
Introduced in
c7860173c1,
they are no longer necessary once https://github.com/discourse/discourse-encrypt/pull/317
is merged
2024-05-27 14:00:36 +10:00
Juan David Martínez Cubillos 581dbca97f
DEV: Update Reviewables agree and edit action test (#27162) 2024-05-24 12:20:30 -07:00
Régis Hanol bc089dc52b FIX: bypass fast edit when selected text isn't editable
When selected some text inside a post, we offer the ability to "fast edit" the selected text without opening the composer.

However, there are certain cases where this isn't working quite a expected, due to the fact that we have some text in the "cooked" version of the post that isn't literally in the "raw" version of the post.

This ensures that whenever someone selects the within

- a quote
- a onebox
- an encrypted message
- a "cooked" date

we directly show the composer instead of showing the fast edit modal and then leaving the user with an invisible error.

Internal ref. t/128400
2024-05-24 18:19:28 +02:00
Mark VanLandingham 971b66e440
DEV: Move webhook event header modifier for redelivery-recalucation (#27177) 2024-05-24 10:37:10 -05:00
Ted Johansson 69205cb1e5
DEV: Catch missing translations during test runs (#26258)
This configuration makes it so that a missing translation will raise an error during test execution. Better discover there than after deploy.
2024-05-24 22:15:53 +08:00
Krzysztof Kotlarek 89401d5fc1
FIX: flaky user_merger_spec.rb (#27169)
Flag guardian spec needs to clean state after evaluation. Each created flag is adding PostActionType.
2024-05-24 15:23:59 +10:00
Krzysztof Kotlarek 99e27c4fd5
FIX: change around to after in flag spec (#27168) 2024-05-24 12:55:21 +10:00
Alan Guo Xiang Tan df16ab0758
FIX: `S3Inventory` to ignore files older than last backup restore date (#27166)
This commit updates `S3Inventory#files` to ignore S3 inventory files
which have a `last_modified` timestamp which are not at least 2 days
older than `BackupMetadata.last_restore_date` timestamp.

This check was previously only in `Jobs::EnsureS3UploadsExistence` but
`S3Inventory` can also be used via Rake tasks so this protection needs
to be in `S3Inventory` and not in the scheduled job.
2024-05-24 10:54:06 +08:00
Krzysztof Kotlarek a4c5f85b10
FIX: flaky post action counts specs (#27165)
After flags were moved to the database, with each save they are changing available PostActionTypes. Therefore, flag specs should clear the state before and after each example not just before.

In addition, we need to clear `nil` counts for dynamically created flags from serializer.
2024-05-24 11:55:32 +10:00
Penar Musaraj f9192835a7
FIX: Do not reset sidebar defaults in wizard (#27156)
We removed the option to enable/disable the sidebar in the wizard in
https://github.com/discourse/discourse/pull/26926, but these lines of
code were resetting it quietly to `header_dropdown`.
2024-05-23 16:45:47 -04:00
Jeff Wong 755f8de6d4
FEATURE: add agree and edit (#27088)
* FEATURE: add agree and edit

adds agree and edit - an alias for agree and keep -- but with a client action to
edit the post in the composer before the flag is agreed with

---------

Co-authored-by: Juan David Martinez <juan@discourse.org>
2024-05-23 11:21:42 -07:00
Jan Cernik ebc3af90eb
DEV: More system specs for signup/login (#27150) 2024-05-23 10:01:05 -03:00
Ted Johansson 7b437c9401
FEATURE: Implement new required options in admin user fields UI (#27079)
We're planning to implement a feature that allows adding required fields for existing users. This PR does some preparatory refactoring to make that possible. There should be no changes to existing behaviour. Just a small update to the admin UI.
2024-05-23 19:18:25 +08:00
Alan Guo Xiang Tan f84eda7c8d
FIX: `Post#each_upload_url` yielding external URLs (#27149)
This commit updates `Post#each_upload_url` to reject URLs that do not
have a host which matches `Discourse.current_hostname` but follows the
`/uploads/short-url` uploads URL format. This situation most commonly
happen when users copy upload URL link between different Discourse
sites.
2024-05-23 15:15:16 +10:00
Krzysztof Kotlarek cfbbfd177c
DEV: move post flags into database (#27125)
This is preparation for a feature that will allow admins to define their custom flags. Current behaviour should stay untouched.
2024-05-23 12:19:07 +10:00
Martin Brennan 312a930ac8
UX: Disable plugin list settings button for some plugins (#27124)
For plugins with only an "enabled" site setting, it doesn't
make sense to take them to the site settings page, since the
toggle switch in the list can be used to change enabled/disabled.

This will not be the case for plugins that have their own custom
config page (like Automation), but we will deal with this when
we actually overhaul this plugin to use the new show page.

Also adds another rspec fixture of a test plugin.
2024-05-23 12:04:26 +10:00
Ted Johansson 3137e60653
DEV: Database backed admin notices (#26192)
This PR introduces a basic AdminNotice model to store these notices. Admin notices are categorized by their source/type (currently only notices from problem check.) They also have a priority.
2024-05-23 09:29:08 +08:00
marstall d75339af76
DEV: let reply_by_email, visit_link_to_respond email strings be modified by plugins (#27133)
* DEV: allow reply_by_email, visit_link_to_respond strings to be modified by plugins

* DEV: separate visit_link_to_respond and reply_by_email modifiers out
2024-05-22 15:33:06 -04:00
Penar Musaraj 9d7f374c0f
DEV: Fix a flakey test, skip another one (#27132) 2024-05-22 11:59:47 -04:00
Amanda Alves Branquinho b0d95c8c78
FEATURE: Add bulk action to bookmark (#26856)
This PR aims to add bulk actions to the user's bookmarks.

After this feature, all users should be able to select multiple bookmarks and perform the actions of "deleting" or "clear reminders"
2024-05-22 12:50:21 -03:00
benj e42ba6e90a
UX: Group membership PMs thread (#26974)
Instead of creating two separate Topics when a user (1) requests to join a group and (2) gets accepted in, this makes the acceptance message into a Post under the origin group request Topic.
2024-05-22 11:47:28 -04:00
Régis Hanol 8f7a3e5b29 FIX: subfolder absolute links in summaries
This fixes the `PrettyText.make_all_links_absolute` to better handle subfolder.

In subfolder, when given the cooked version of a post, links to mentions includes the `Discourse.base_path` prefix. Adding the `Discourse.base_url` was doubling the `Discourse.base_path`.

The issue was hidden behind the specs which was stubbing `Discourse.base_url` instead of relying on `Discourse.base_path`.

This fixes both the "algorithm" used in `PrettyText.make_all_links_absolute` to better handle this case and correct the specs to properly handle subfolder cases.

There are lots of changes in the specs due to a refactoring to use squiggly heredoc strings for easier reading and less escaping.
2024-05-22 15:38:18 +02:00
Régis Hanol 958437e7dd
FIX: send activity summaries based on "last seen" (#27035)
instead of "last emailed" so that people getting email notifications (from a watched topic for example) also get the activity summaries.

Context - https://meta.discourse.org/t/activity-summary-not-sent-if-other-emails-are-sent/293040

Internal Ref - t/125582

Improvement over 95885645d9
2024-05-22 10:23:03 +02:00
Régis Hanol 3d4d21693b
FIX: various revision history modal quirks (#27058)
- FIX: properly scope category changes to what the current user can see
- UX: previous category is now highlighted in "red", new category is highlighted in "green"
- PERF: no need to serialize the categories
- FIX: properly track wiki
- FIX: properly track post_type (aka. Staff Color)
- FIX: properly track making a topic a PM
- FIX: never show the category changes when a topic is made a PM
- PERF: post_revision serializer is now more leaner (never includes title changes when post_number > 1, never includes user changes if there aren't any)
- UX: always sort the tags by name
2024-05-22 10:09:20 +02:00
Sam 322a20a9f4
FIX: paginating posts should allow for deletions and PMs (#27098)
Note this may have performance issues in some cases, will need to be monitored

Previous to this change we were bracketing on 50 id windows. They may end up
having zero posts we are searching for leading to posts.rss and .json returning
no results.

- avoids Post.last.id which is expensive
- order by id desc which is better cause we bracket on id
2024-05-22 15:36:29 +10:00
Jarek Radosz 4b29ab8572
DEV: Fix glimmer suggested topic item badges (#27123) 2024-05-22 03:06:45 +02:00
Jan Cernik 1863ee52e9
DEV: Remove activation part from spec to fix flaky test (#27100)
We already have a test for activation anyways
2024-05-21 17:39:29 -03:00
Jarek Radosz 87769a83c4
DEV: Implement glimmer topic-list (#26743)
(experimental)

The initial implementation of glimmer topic-list and related components. Does not include new APIs and isn't compatible with existing customization. That's gonna come in future PRs.

Enabled by adding groups to `experimental_glimmer_topic_list_groups` setting.
2024-05-21 14:36:15 +02:00
Régis Hanol fe12cfeab2
FIX: shows errors when converting to public is impossible (#27103)
Follow up to e04ac5e2d8 which missed showing the error messages in the "convert to public" modal 🤦‍♂️
2024-05-21 12:14:31 +02:00
Krzysztof Kotlarek 40d65dddf8
Revert "DEV: move post flags into database (#26951)" (#27102)
This reverts commit 7aff9806eb.
2024-05-21 16:21:07 +10:00
Krzysztof Kotlarek 7aff9806eb
DEV: move post flags into database (#26951)
This is preparation for a feature that will allow admins to define their custom flags. Current behaviour should stay untouched.
2024-05-21 13:15:32 +10:00
Ted Johansson 32aaf2e8d3
DEV: Remove deprecated AuthProvider#enabled_setting= (#27081)
AuthProvider#enabled_setting=, used primarily by plugins, has been deprecated since version 2.9, in favour of Authenticator#enabled?. This PR confirms we are seeing no more usage and removes the method.
2024-05-20 18:10:15 +08:00
Régis Hanol bf80688cd3
FIX: group activity's mentions infinite loading (#27070)
In 07ecbb5a3b we ensure the mentions in a group's activity page worked properly but we missed adding proper support for infinite loading.

The client is using the `before` parameter instead of the `before_post_id` to do the pagination.

This adds support for `before` as well as some tests to ensure it doesn't regress.

I also added tests to the group's activity posts as well since those were missing.

Finally I deleted some unused code (`group.messages_for`) which is not used anymore.

Context - https://meta.discourse.org/t/-/308044/9
2024-05-18 00:26:57 +02:00
Isaac Janzen ede0fa5802
DEV: Update bulk-invite logs and PM template (#27057)
# Preview

<img width="754" alt="Screenshot 2024-05-17 at 8 50 03 AM" src="https://github.com/discourse/discourse/assets/50783505/6710234f-0195-42be-b70e-9d57ba48bb4a">


# New Logs

```
[2024-05-17 08:49:54 -0600] Invalid User Field 'backend name' for 'foobarbing@gmail.com'
[2024-05-17 08:49:54 -0600] Invalid Email 'test
[2024-05-17 08:49:54 -0600] Invalid Email 'this@$@**.com
```
2024-05-17 12:21:21 -06:00
Régis Hanol 07ecbb5a3b
FIX: group's mentions was broken (#27066)
In 1deeff2336 we changed the format of the results given by the API but we forgot to update the `#mentions` endpoint as well.

Context - https://meta.discourse.org/t/-/308044
2024-05-17 18:39:05 +02:00
Régis Hanol b908abe35a
FIX: keep topic.word_count in sync (#27065)
Whenever one creates, updates, or deletes a post, we should keep the `topic.word_count` counter in sync.

Context - https://meta.discourse.org/t/-/308062
2024-05-17 17:05:49 +02:00
Jan Cernik 57eff8b760
DEV: Full system specs coverage for signup/login (#26977)
- login with username/password
- login with username/password and 2FA
- login with username/password back up code
- login with magic link
- login with magic link and 2FA
- login with magic link and back up code
- login when 2FA is required
- reset password
---
- signup and activate account
- signup with invite code
- signup with invite link
- signup and approve account
- signup and auto approve account
- signup with blocked domain
---
- basic login with Facebook
- basic login with Google
- basic login with Github
- basic login with Twitter
- basic login with Discord
- basic login with Linkedin
2024-05-17 11:56:43 -03:00
Régis Hanol e04ac5e2d8
FIX: display validation errors when converting topics (#27064)
When converting a PM to a public topic (and vice versa), if there was a validation error (like a topic already used, or a tag required or not allowed) the error message wasn't bubbled up nor shown to the user.

This fix ensures we properly stop the conversion whenever a validation error happens and bubble up the errors back to the user so they can be informed.

Internal ref - t/128795
2024-05-17 16:36:25 +02:00
Mark VanLandingham 9264479c27
DEV: Add modifier for webhook event header generation (#27054) 2024-05-17 09:33:39 -05:00
Martin Brennan a388f41dd4
DEV: Delete bookmark slow connection flaky (#27062)
Not much value in keeping this around
2024-05-17 09:31:51 -04:00
Jean 63b7a36fac
FEATURE: Extend embeddable hosts with Individual tags and author assignments (#26868)
* FEATURE: Extend embeddable hosts with tags and author assignments
2024-05-16 15:47:01 -04:00
Régis Hanol 0e9451e93f
FIX: crawler view with unicode usernames (#27051)
When "unicode_usernames" is enabled, calling the "user_path" helper with a username containing some non ASCII character will break due to the route constraint we have on username.

This fixes the issue by always encoding the username before passing it to the "user_path" helper.

Internal ref - t/127547
2024-05-16 17:11:24 +02:00
Martin Brennan d964709644
DEV: Add more _map extensions for list site settings (#27045)
Following on from eea74e0e32,
this commit adds the automatic _map splitting shorthand
for emoji_list, tag_list site settings.
2024-05-16 13:43:10 +10:00
Alan Guo Xiang Tan e31cf66f11
FIX: `FinalDestination#get` forwarding `Authorization` header on redirects (#27043)
This commits updates `FinalDestination#get` to not forward
`Authorization` header on redirects since most HTTP clients I tested like
curl and wget does not it.

This also fixes a recent problem in `DiscourseIpInfo.mmdb_download`
where we will fail to download the databases when both `GlobalSetting.maxmind_account_id` and
`GlobalSetting.maxmind_license_key` has been set. The failure is due to
the bug above where the redirected URL given by MaxMind does not accept
an `Authorization` header.
2024-05-16 08:37:34 +08:00
Natalie Tay 777b8f6d51
Revert "FIX: send activity summaries based on "last seen"" (#27029)
This reverts commit 95885645d9.
2024-05-15 14:09:29 +08:00