Commit Graph

53289 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan b64a58071d
DEV: Ensure that `BlockRequestsMiddleware` cookie is always set (#25826)
Why this change?

This reverts 725561cf4b as it did not
address the root cause of the problem even though it fixed the failing tests we were seeing 
when running `bundle exec rspec --tag ~type:multisite --order random:776 spec/system/admin_customize_form_templates_spec.rb spec/system/admin_sidebar_navigation_spec.rb spec/system/admin_site_setting_search_spec.rb spec/system/composer/dont_feed_the_trolls_popup_spec.rb spec/system/composer/review_media_unless_trust_level_spec.rb spec/system/create_account_spec.rb spec/system/editing_sidebar_tags_navigation_spec.rb spec/system/email_change_spec.rb spec/system/emojis/emoji_deny_list_spec.rb spec/system/group_activity_spec.rb spec/system/hashtag_autocomplete_spec.rb spec/system/network_disconnected_spec.rb spec/system/post_menu_spec.rb spec/system/post_small_action_spec.rb spec/system/tags_intersection_spec.rb spec/system/topic_list_focus_spec.rb spec/system/topic_page_spec.rb spec/system/user_page/user_profile_info_panel_spec.rb spec/system/viewing_group_members_spec.rb spec/system/viewing_navigation_menu_preferences_spec.rb`.

The root cause here is that `before_action`s added to a controller is
order dependent. As such, some requests were not setting the cookie
because the `before_action` callback was not even hit as a prior
`before_action` callbacks has raised an error such as the `check_xhr`
`before_action` callback.

To resolve the problem, we need to add the `prepend: true` option in
our monkey patch of `ApplicationController` to ensure that the
`before_action` callback which we have added is always run first.

This change also makes a couple of changes:

1. Improve the response body when a request is blocked by the `BlockRequestsMiddleware` middleware
   so that it makes debugging easier.

2. Only set the cookies for non-xhr HTML format requests. Setting it for
   other formats is kind of pointless.
2024-02-23 07:51:51 +08:00
Kris 59fccfc4a1
UX: group names shouldn't always be capitalized (#25820) 2024-02-22 15:56:40 -05:00
Kris 9005a14508
UX: fix topic map link expansion hover (#25822) 2024-02-22 15:47:38 -05:00
Selase Krakani 725561cf4b
DEV: Ensure `rspec_current_example_location` is actually present before blocking request (#25818) 2024-02-22 20:44:15 +00:00
Keegan George 10c83a80aa
FIX: Regression with `onFilesPicked` action (#25819) 2024-02-22 12:03:05 -08:00
Bianca Nenciu 35adf6046e
FIX: Make category-drop search subcategories (#25817)
Subcategories were not returned when lazy loaded categories are enabled.
This commit implements the old behavior which displayed only top level
categories when there was no search term, but when there was one, it
searched subcategories too.

This commit also removes the client-side ordering of categories, because
the results are already ordered on the server-side.
2024-02-22 21:35:35 +02:00
Sérgio Saquetim 57ab42d4ca
FEATURE: Add automatic `before` and `after` outlets to wrapper plugin outlets (#24254)
Recently, Discourse introduced the concept of wrapper plugin outlets, which enables plugins and theme-components lo replace the wrapped content:

```
        <PluginOutlet @name="wrapper-outlet-example" @outletArgs={{hash model=@model}}>
          <div>Overridable content</div>
        </PluginOutlet>
```

This commit adds automatic outlets that are placed `before` and `after wrapper plugin outlets. Connectors them can leverage these new automatic outlets to mount content at these positions, which greatly enhances the use case of the wrapper outlets.

These new auto outlets can be used in two ways:

- Using the standard folder base structure: the folder name that identifies the outlet in which the connector must be mounted must add the suffixes `__before`or `__after` to the outlet name. For the outlet in the example above, the connector should be placed into the `.../connectors/wrapper-outlet-example__before`or `.../connectors/wrapper-outlet-example__after`folders.

- Using API calls: this commit also introduces two new plugin APIs, `api.renderBeforeWrapperOutlet` and `renderAfterWrapperOutlet`. These new APIs can be used in the same way as `api.renderInOutlet`but will only work for wrapper outlets.

  For the outlet above when using these new APIs alongside the gjs file format, one could define a component to be placed before the content of the outlet like:

  ```
  api.renderBeforeWrapperOutlet('wrapper-outlet-example', <template>Hello from before the content</template>);
  ```

  or after:

  ```
  api.renderAfterWrapperOutlet('wrapper-outlet-example', <template>Hello from after the content</template>);
  ```
2024-02-22 15:25:34 -03:00
Bianca Nenciu 1df473b530
FIX: Show Uncategorized in category-chooser (#25794)
The uncategorized category was not rendered correctly and it was also
sometimes displayed twice. This commit is a similar bug fix to commit
76647d3a34 and is a follow up to commit
63a50b12fd.
2024-02-22 19:30:55 +02:00
chapoi f4848ae989
UX: tweaks for send button (#25816) 2024-02-22 16:39:54 +01:00
Joffrey JAFFEUX 84cd621bdc
FIX: allows to query a username made of integers (#25815)
If a user had `123456789` as username, it could be passed to the query as a number and the query would fail as it expects a string.

Also applies the same fix to groups.
2024-02-22 14:53:47 +01:00
Joffrey JAFFEUX 5ea1882e17
FIX: followRedirects when changing sidebar panel (#25814)
It was necessary in chat as we will for example:

- transition to `/chat`
- and then attempt to transition to ideal first channel, eg: `/chat/-/1`
- and then redirect to `/chat/browse` if no channels exist

Prior to this fix, clicking on `chat` button in the sidebar from the homepage would work but generate an error in the console:

```
Uncaught (in promise) TransitionAborted: TransitionAborted
    at buildTransitionAborted (http://127.0.0.1:4200/assets/vendor.js:42895:17)
    at logAbort (http://127.0.0.1:4200/assets/vendor.js:43345:12)
    at PrivateRouter.transitionDidError (http://127.0.0.1:4200/assets/vendor.js:24561:44)
    at http://127.0.0.1:4200/assets/vendor.js:43129:35
    at invokeCallback (http://127.0.0.1:4200/assets/vendor.js:45239:17)
    at publish (http://127.0.0.1:4200/assets/vendor.js:45225:9)
    at publishRejection (http://127.0.0.1:4200/assets/vendor.js:45174:5)
    at http://127.0.0.1:4200/assets/vendor.js:40914:52
    at invoke (http://127.0.0.1:4200/assets/vendor.js:39539:16)
    at Queue.flush (http://127.0.0.1:4200/assets/vendor.js:39455:13)
    at DeferredActionQueues.flush (http://127.0.0.1:4200/assets/vendor.js:39611:21)
    at Backburner._end (http://127.0.0.1:4200/assets/vendor.js:40040:34)
    at Backburner._boundAutorunEnd (http://127.0.0.1:4200/assets/vendor.js:39776:14)
```

As explained above, this was only redproducible when no channels are present.
2024-02-22 14:19:32 +01:00
David Taylor 502eceb570
DEV: Replace add-archetype-class mixin with body-class helper (#25813) 2024-02-22 13:11:24 +00:00
chapoi 13eabff739
UX: allow fullscreen composer on mobile (#25787) 2024-02-22 13:01:27 +01:00
chapoi 64a41729f7
UX: chat composer design update (mobile) (#25789) 2024-02-22 12:42:07 +01:00
Alan Guo Xiang Tan 6e9fbb5bab
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?

We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.

I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.

In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.

To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:

```
  def self.find_v1_auth_cookie(env)
    return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)

    env[DECRYPTED_AUTH_COOKIE] = begin
      request = ActionDispatch::Request.new(env)
      cookie = request.cookies[TOKEN_COOKIE]

      # don't even initialize a cookie jar if we don't have a cookie at all
      if cookie&.valid_encoding? && cookie.present?
        puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
      end
    end
  end
```

After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`

It takes a few tries but the last spec should fail and you should see something like this:

```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
    redirects to existing chat channel
    redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
  with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
 ```
 
 Note how the `/presence/get` request is using a token from the previous example. 

Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
Alan Guo Xiang Tan c56c3adfde
DEV: Fix invalid test in 5dba5c4208 (#25810)
Why this change?

The previous test setup did not actually act as a regression test
because the test will still pass even when the fix is removed. This
commit uses a rendering test instead to ensure that Ember is tracking
the property change.
2024-02-22 19:10:23 +08:00
Keegan George 3b87a174e7
FIX: Customize form template view modal footer buttons (#25804) 2024-02-21 22:20:56 -08:00
Alan Guo Xiang Tan 867c2989d7
FEATURE: Add plugin-outlet before/after sidebar sections (#25807)
Why this change?

We have been getting customisation requests about adding stuff
before/after the sidebar sections so we are adding plugin outlets to
support those requests.
2024-02-22 12:58:13 +08:00
Blake Erickson 368bd2697a
DEV: Add more bulk-select-dropdown options (#25574)
This change updates the experimental bulk-select-dropdown (that is
currently feature-flagged) with more options.
2024-02-21 20:56:27 -07:00
Alan Guo Xiang Tan 5dba5c4208
DEV: Set `ExtraNavItem` count property to be a tracked property (#25806)
Why this change?

This regressed in b797434376 where
the count property in `ExtraNavItem` needs to be tracked as plugins can
be updating the count property directly.
2024-02-22 11:52:49 +08:00
Alan Guo Xiang Tan 31e44cfa82
DEV: Fix flaky "Changing email" system tests (#25805)
Why this change?

`current_url` does not rely on Capybara waiters so opt to use
`have_current_path` matcher instead. Also assert for email against
element displayed on the page instead of querying the database for it
which isn't really what system tests are meant for.
2024-02-22 10:46:37 +08:00
Kris 94199715cd
UX: fix sidebar section modal styles (#25803) 2024-02-21 18:22:03 -05:00
Jarek Radosz 43583772d5
DEV: Remove a duplicated file (#25802) 2024-02-21 23:50:36 +01:00
dependabot[bot] a0a18b5b4a
Build(deps-dev): Bump @ember/optional-features from 2.0.0 to 2.1.0 in /app/assets/javascripts (#25799)
* Build(deps-dev): Bump @ember/optional-features

Bumps [@ember/optional-features](https://github.com/emberjs/ember-optional-features) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/emberjs/ember-optional-features/releases)
- [Changelog](https://github.com/emberjs/ember-optional-features/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-optional-features/commits)

---
updated-dependencies:
- dependency-name: "@ember/optional-features"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-21 23:17:02 +01:00
dependabot[bot] 54eb7ae561
Build(deps-dev): Bump sass from 1.71.0 to 1.71.1 in /app/assets/javascripts (#25800)
* Build(deps-dev): Bump sass in /app/assets/javascripts

Bumps [sass](https://github.com/sass/dart-sass) from 1.71.0 to 1.71.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.71.0...1.71.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-21 23:16:35 +01:00
dependabot[bot] 0ada48c4e3
Build(deps-dev): Bump webmock from 3.21.2 to 3.22.0 (#25798) 2024-02-21 22:36:54 +01:00
dependabot[bot] 7f41e61fe3
Build(deps): Bump sass-embedded from 1.71.0 to 1.71.1 (#25797) 2024-02-21 22:36:16 +01:00
dependabot[bot] caadd65499
Build(deps): Bump rack from 2.2.8 to 2.2.8.1 (#25796) 2024-02-21 22:35:49 +01:00
Daniel Waterworth 9db009bf96
DEV: Reorder categories in sidebar edit modal (#25792)
Sort categories by relevance instead of alphabetically.
2024-02-21 14:35:04 -06:00
Daniel Waterworth 087712c1a6
DEV: Reduce duplication with DistributedMutex#clear_regex (#25795) 2024-02-21 14:19:04 -06:00
Daniel Waterworth bf7470e93b
FIX: Make /categories/search order deterministic (#25793) 2024-02-21 12:20:40 -06:00
Bianca Nenciu 47623e1214
FIX: Ensure model properties are set (#25790)
New models do not have all properties set yet which caused issues when
trying to access them.
2024-02-21 20:08:47 +02:00
Daniel Waterworth 13291dc5ef
FIX: Cache keys should be strings (#25791)
* FIX: Cache keys should be strings

Otherwise, there are subtle bugs that don't show up with a single
process.
2024-02-21 10:55:48 -06:00
Jarek Radosz 428db40deb
DEV: Minor refactor of screen-track service (#25699)
Set/Map, async/await, inline vars, updated tests
2024-02-21 17:17:10 +01:00
Bianca Nenciu 9199c52e5e
FIX: Load categories with search topic results (#25700)
Add categories to the serialized search results together with the topics
when lazy load categories is enabled. This is necessary in order for the
results to be rendered correctly and display the category information.
2024-02-21 17:29:47 +02:00
Bianca Nenciu d8c3924213
FIX: Category results should be ordered by term (#25771)
The two criteria used to order the results are if the category name
starts with the term and if the category is a top level category or not.
2024-02-21 16:32:58 +02:00
chapoi a9f8009801
UX: Modal mobile fixes (#25788)
* UX: remove discourse-touch class wrapper

* UX: keep modal close btn in right position
2024-02-21 13:49:42 +01:00
David Taylor a30b54be87
DEV: Update deprecation banner to include id and remove Ember 5 link (#25786)
We're starting to use this system for non-ember-5 deprecations, so linking to the Ember 5 topic doesn't make sense. Instead, we can include the deprecation ID to help with identifying the issue.
2024-02-21 10:59:09 +00:00
David Battersby 1d4ef460ac
UX: chat channel title links to channel settings (#25785) 2024-02-21 17:53:04 +08:00
Kelv 0f5d5403ea
dev: add bootbox to deprecation warnings to admins (#25765) 2024-02-21 17:34:02 +08:00
Alan Guo Xiang Tan 3e54351355
DEV: Change shape of errors in `ThemeSettingsObjectValidator` (#25784)
Why this change?

The current shape of errors returns the error messages after it has been
translated but there are cases where we want to customize the error
messages and the current way return only translated error messages is
making customization of error messages difficult. If we
wish to have the error messages in complete sentences like
"`some_property` property must be present in #link 1", this is not
possible at the moment with the current shape of the errors we return.

What does this change do?

This change introduces the `ThemeSettingsObjectValidator::ThemeSettingsObjectErrors`
and `ThemeSettingsObjectValidator::ThemeSettingsObjectError` classes to
hold the relevant error key and i18n translation options.
2024-02-21 15:27:42 +08:00
Ella E 05f6d9be7b
UX: Change the color of the overriden dot to be slightly visible in dark mode (#25782) 2024-02-21 12:49:20 +08:00
Martin Brennan ac92cc526d
FIX: Admin sidebar was hiding chat/forum toggle button (#25781)
We have separated and combined modes for sidebar panels.
Separated means the panels show only their own sections,
combined means sections from all panels are shown.

The admin sidebar only shows its own panels, so it must set
the mode to separated; however when we navigate to chat or
home we must revert to the initial mode setttings.
2024-02-21 14:44:09 +10:00
Martin Brennan 95014e9ab8
FIX: Do not duplicate admin sidebar plugin links (#25780)
When hiding/showing the sidebar, as is the case on mobile
and using the toggle in the top left on desktop, we delete
and recreate the ember component on the page. This causes
the `sections` for each sidebar panel to get re-evaluated
every time.

For the admin sidebar, this means that we were constantly
re-adding the plugin links to the sidebar, causing duplication.
This can be fixed by just adding @cached to the getter for
sections.
2024-02-21 12:58:31 +10:00
Ted Johansson 533b91dec6
FEATURE: Add a checkbox for users to confirm before flagging as illegal (#25762)
The Digital Services Act requires a checkbox for any user who's flagging a post as illegal to confirm that they are flagging in good faith. This PR adds that.
2024-02-21 10:49:19 +08:00
Daniel Waterworth 0529d20db4
DEV: Use DistributedCache#defer_get_set instead of getting and setting (#25778)
We use defer_get_set everywhere else, so for consistency and reducing
complexity, this is better.
2024-02-20 18:29:01 -06:00
Alan Guo Xiang Tan a4305cd69c
Revert "Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.4 in /app/assets/javascripts (#25772)" (#25779)
This reverts commit ec63f2b876.

Broke the build
2024-02-21 08:13:25 +08:00
Alan Guo Xiang Tan cac60a2c6b
DEV: Support category type in theme setting object schema (#25760)
Why this change?

This change supports a property of `type: category` in the schema that
is declared for a theme setting object. Example:

```
sections:
  type: objects
  schema:
    name: section
    properties:
      category_property:
        type: category
```

The value of a property declared as `type: category` will have to be a
valid id of a row in the `categories` table.

What does this change do?

Adds a property value validation step for `type: category`. Care has
been taken to ensure that we do not spam the database with a ton of
requests if there are alot of category typed properties. This is done by
walking through the entire object and collecting all the values for
properties typed category. After which, a single database query is
executed to validate which values are valid.
2024-02-21 08:11:15 +08:00
Alan Guo Xiang Tan 3e331b1725
DEV: Set a bytesize limit for `ThemeSetting#json_value` (#25761)
Why this change?

Firstly, note that this is not a security commit because this feature is
still in development and should not be used anywhere.

The reason we want to set a limit here is to greatly reduce the
possibility of a DoS attack in the future via `ThemeSetting` where
someone would set an arbituary large json string in
`ThemeSetting#json_value` and causing the server to run out of resources
trying to serialize/deserialize the value.

What does this change do?

Adds an ActiveRecord validation to ensure that the bytesize of the json
string being stored is smaller than or equal to 0.5mb. We believe 0.5mb
is a decent limit for now but we can review the limit in the future if
we believe it is too small.
2024-02-21 08:09:37 +08:00
Alan Guo Xiang Tan 6ca2396b12
DEV: Centralise logic for validating a theme setting value (#25764)
Why this change?

The logic for validating a theme setting's value and default value was
not consistent as each part of the code would implement its own logic.
This is not ideal as the default value may be validated differently than
when we are setting a new value. Therefore, this commit seeks to
refactor all the validation logic for a theme setting's value into a
single service class.

What does this change do?

Introduce the `ThemeSettingsValidator` service class which holds all the
necessary helper methods required to validate a theme setting's value
2024-02-21 08:08:26 +08:00