Commit Graph

7086 Commits

Author SHA1 Message Date
Mark VanLandingham 4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Leo McArdle e7ff6809a3 FEATURE: add SES spam header to recognised spam headers (#8254) 2019-10-28 12:46:53 -04:00
David Taylor 6de49b88df FIX: Respond to user search correctly when category_id is blank
Previously it would search for category_id=0, which does not exist. With the new permission checks, this returns a 404
2019-10-28 13:18:47 +00:00
David Taylor f0617f96ed DEV: Update users controller spec following user_search update 2019-10-28 12:32:56 +00:00
David Taylor eec464d8d1 SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
Sam Saffron 3d85cc1e69 PERF: run expensive clean up uploads less frequently
Previously every hour we would run a full scan of the entire DB searching
for expired uploads that need to be moved to the tombstone folder.

This commit amends it so we only run the job 2 times per clean_orpha_uploads_grace_period_hours

There is a upper bound of 7 days so even if the grace period is set really
high it will still run at least once a week.

By default we have a 48 grace period so this amends it to run this cleanup
daily instead of hourly. This eliminates 23 times we run this ultra expensive
query.
2019-10-28 11:14:52 +11:00
Neil Lalonde 4c2d6e19ba PERF: cache new users counts in summary emails
The query to count how many new users there are since a given date
is expensive. It's the least personalized stat and the one we fallback
to last when no better number can be found for the target user.
Give up accuracy so we can aggressively cache the user counts
that appear in this email.
2019-10-25 16:33:36 -04:00
Roman Rizzi 070a3dcf9b
FIX: When running the wizard and using a custom theme, fallback to the color_scheme name if the base_scheme_id is nil (#8236) 2019-10-25 09:29:51 -03:00
David Taylor f5d6236ad2 DEV: Use `before_all` to run code before prefabrication
Followup to e9897d295f
2019-10-24 12:27:40 +01:00
David Taylor e9897d295f DEV: Refactor user search spec to use prefabrication
Break up single large example into multiple examples, using fab! to maintain performance. On my machine, this speeds up the test slightly, and also makes it more readable.
2019-10-24 11:58:33 +01:00
Krzysztof Kotlarek b8688c4af7
FIX: Rubocop rule on restorer spec (#8238) 2019-10-24 12:03:27 +11:00
Krzysztof Kotlarek f530378df3 FIX: Restore for non-multisite is not raising an error on reconnect step (#8237)
That commit introduced a bug to the system: f69dacf979

Restore works fine for multisite, however, stopped working for non-multisite.

Reason for that was that `establish_connection` method got a check if the multisite instance is available:
```
    def self.instance
      @instance
    end

    def self.establish_connection(opts)
      @instance.establish_connection(opts) if @instance
    end
```
However, the reload method don't have that check
```
    def self.reload
      @instance = new(instance.config_filename)
    end
```

To solve it, let's ensure we are in a multisite environment before call reload
2019-10-24 11:46:22 +11:00
Neil Lalonde cfe26eb301 FIX: backwards compatibility for uncompiled email style css 2019-10-23 19:22:33 -04:00
Neil Lalonde f061aee818 FEATURE: support SCSS in custom email style
In the CSS tab of Admin > Customize > Email Style, SCSS can now be used.
2019-10-23 15:42:37 -04:00
Vinoth Kannan 726bf37a12 FEATURE: wiki editors are allowed edit tags for wiki topics.
If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 23:50:10 +05:30
Vinoth Kannan 31577b2131 FEATURE: wiki editors are allowed edit tags for wiki topics.
If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 23:35:38 +05:30
Daniel Waterworth 1a72a61822 FIX: Fixed testsuite
The backup restorer tests weren't cleaning up after themselves and
playing poorly with prefabrication.
2019-10-23 09:43:05 +01:00
Krzysztof Kotlarek f69dacf979 FIX: Reconnect in restore process connects to correct DB (#8218)
Simplified flow of restore is like that
```
migrate_database
reconnect
extract_uploads
```

Problem with incorrect current database started with this fix https://github.com/discourse/discourse/commit/025d4ee91f4

Dump task is reconnecting to default database https://github.com/rails/rails/blob/master/activerecord/lib/active_record/railties/databases.rake#L429

And then, we are trying to reconnect to the original database with that code:
```
def reconnect_database
  log "Reconnecting to the database..."
  RailsMultisite::ConnectionManagement::establish_connection(db: @current_db)
end
```

This reconnect is not switching us back to correct database because of that check
https://github.com/discourse/rails_multisite/blob/master/lib/rails_multisite/connection_management.rb#L181
Basically, it finds existing handler and it thinks that we are connected to correct DB and this step can be skipped.

To solve it, we can reload RailsMultisite::ConnectionManagement which creates a new instance of that class
https://github.com/discourse/rails_multisite/blob/master/lib/rails_multisite/connection_management.rb#L38
2019-10-23 17:23:50 +11:00
Sam Saffron 950da34826 DEV: waiting for 10ms is hardly enough
tests that test thread behavior and rely on scheduling need to allow for
a wider amount of error margin
2019-10-23 16:18:41 +11:00
Arpit Jalan 1e9d9d9346
FIX: respect `tl3 links no follow` setting (#8232) 2019-10-22 22:41:04 +05:30
Blake Erickson 7d09af7eda
FIX: Prevent null-byte searches causing 500 error (#8226)
This fix ensures that searches that contain a null byte return a 400
error instead of causing a 500 error.

For some reason from rspec we will reach the raise statement inside
of the `rescue_from ArgumentError` block, but outside of rspec it will
not execute the raise statement and so a 500 is thrown instead of
reaching the `rescue_from Discourse::InvalidParameters` block inside of
the application controller.

This fix raises Discourse::InvalidParameters directly from the search
controller instead of relying on `PG::Connection.escape_string` to
raise the `ArgumentError`.
2019-10-22 08:44:52 -06:00
Blake Erickson 3201613f13 FEATURE: Include image url in topic serializer
The `image_url` is already included when fetching a list of topics, and
this commit adds it to the individual topic serializer so that it is
available via the api.

See

https://meta.discourse.org/t/single-topic-api-endpoint-should-contain-image-url/131020

for more details.
2019-10-21 22:02:49 -06:00
Blake Erickson ef0fe51e05
FIX: Include user id in notification webhook (#8195)
The payload when receiving a notification webhook is pointless without
knowing which user the notification is for. This fix adds the user_id to
the notification serializer so that when you receive a notification
webhook you can properly identify which user the notification is for.

See

https://meta.discourse.org/t/getting-the-target-user-for-notification-webhook-events/129052?u=blake

for more details.
2019-10-21 16:24:41 -06:00
Dan Ungureanu ceb74bef8f
DEV: Add test.
Follow-up to 2f54dd5e3d.
2019-10-21 21:33:58 +03:00
Michael Brown 40b0b549ff DEV: update the comments re the encoded slug changes
* followup to 2e73985d
2019-10-21 13:39:45 -04:00
Rafael dos Santos Silva 2e73985d1b FIX: Make category updates slug validation idempotent
Co-authored-by: Michael Brown <supermathie@gmail.com>
2019-10-21 14:33:19 -03:00
Dan Ungureanu 3ad07aacfa
FIX: Reload only notifications when refreshing notification count (#8221)
Previously, we used to reload the whole User instance which discarded
any changes made (for example setting 'unstage' to false).
2019-10-21 20:25:46 +03:00
Vinoth Kannan 5e55e75aed FIX: 'only_hidden_tags_changed?' method returned 'true' even when tags are not changed.
While editing the first post it does't bumped the topic when the new post revision created. Because we wrongly assumed that the hidden tags are changed even when no tags are updated.
2019-10-21 17:57:31 +05:30
Daniel Waterworth 55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Rafael dos Santos Silva 2304dcf993 FIX: Do not truncate encoded slugs
Trying to truncate encoded slugs will mean that we have to keep the URL
valid, which can be tricky as you have to be aware of multibyte
characters.

Since we already have upper bounds for the title, the slug won't grow
for more than title*6 in the worst case. The slug column in the topic
table can store that just fine.

Added a test to ensure that a generated slug is a valid URL too, so we
don't introduce regressions in the future.
2019-10-17 13:38:31 -03:00
Mark VanLandingham bd969332e0 FIX: Display site text overrides for non '_MF' keys (#8189)
FIX: Transform pluralized keys to `.other`, to check valid interpolation
2019-10-17 18:34:07 +02:00
David Taylor 11a9e0fc70 DEV: Add test for creating user with custom fields and user fields 2019-10-17 15:46:23 +01:00
Sam Saffron cb0443792b DEV: correct revision debouncer for backup draft
We were debouncing on update_at which we kept on pushing forward, this
was leading to not enough revisions.
2019-10-17 17:41:28 +11:00
Sam Saffron f5d1aff8dd FEATURE: experimental hidden setting for draft backups
Under exceptional situations the automatic draft feature can fail.

This new **hidden, default off** site setting
`backup_drafts_to_pm_length` will automatically backup any draft that is
saved by the system to a dedicated PM (originating from self)

The body of that PM will contain the text of the reply.

We can enable this feature strategically on sites exhibiting issues to
diagnose issues with the draft system and offer a recourse to users who
appear to lose drafts. We automatically checkpoint these drafts every 5
minutes forcing a new revision each 5 minutes so you can revert to old
content.

Longer term we are considering automatically enabling this kind of feature
for extremely long drafts where the risk is really high one could lose
days of writing.
2019-10-17 16:58:21 +11:00
Daniel Waterworth 7a0c06691c FIX: Account for nil when looking up subcategories 2019-10-16 20:04:54 +01:00
Neil Lalonde 5ef49692e0 FIX: tag cannot be used if it belongs to two tag groups with parent tag
If two tag groups exist with a mandatory parent tag, and one tag is
added to both tag groups, then the tag couldn't be used on any topics.
2019-10-16 14:28:04 -04:00
Neil Lalonde 61f6a6e836 Remove focus from specs 2019-10-16 14:28:04 -04:00
Sam Saffron d5d8db7fa8 FEATURE: improve honeypot and challenge logic
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.

This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.

We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations

Client has been made aware of these changes.

Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293

This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
2019-10-16 16:53:44 +11:00
Krzysztof Kotlarek 0bf55fe2ff
Revert "FIX: public_file_server.enabled is false in test (#8192)" (#8196)
This reverts commit 5a8fdd02fe.
2019-10-16 10:39:31 +11:00
Krzysztof Kotlarek 5a8fdd02fe FIX: public_file_server.enabled is false in test (#8192)
After a small conversation, we decided that we can set `public_file_server.enabled` to false in the `test` environment to have the same value as `production`.
2019-10-16 09:18:48 +11:00
Daniel Waterworth 5f5b232cde FIX: Category.find_by_slug
find_by_slug should ensure that the parent actually exists when its
looking for a parent.
2019-10-15 16:44:24 +01:00
Vinoth Kannan b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Daniel Waterworth 0de7e4339c FIX: Subcategory permissions validation
When a category has a subcategory, we ensure that no one who can see the
subcategory cannot see the parent. However, we don't take into account
the fact that, when no CategoryGroups exist, the default is that
everyone has full permissions.
2019-10-14 21:13:22 +01:00
Daniel Waterworth c49b20a1a2 FIX: Validation of category tree depth
This prevents the creation of sub-sub-categories in multiple tabs
2019-10-14 21:13:22 +01:00
Gerhard Schlager 2c011252f1 FIX: Move notification level only when user posted
Moving posts also moves the read state (`topic_users` table) to the destination topic. This changes that behavior so that only users who posted in the destination topic will have the original notification level (probably "watching") of the original topic. The notification level for all other users will be set to "regular".
2019-10-14 15:06:09 +02:00
Dan Ungureanu 96b8710b39
DEV: Fix heisentest (ensure that user ID really does not exist). 2019-10-14 12:25:43 +03:00
Vinoth Kannan 519fe290e3 SPEC: 'lookup_upload_urls' method should use cdn url if available.
e4fe864c0b
2019-10-14 12:57:33 +05:30
Vinoth Kannan 129e308dac fix the incorrect specs
Previously the 'local_cdn_url' method didn't returned the correct cdn url. So we written few incorrect spec tests too.\n\nf92a6f7ac5228342177bf089d269e2f69a69e2f5
2019-10-14 12:49:11 +05:30
Vinoth Kannan f92a6f7ac5 FIX: 'local_cdn_url' method should work for local relative urls too. 2019-10-14 11:39:16 +05:30
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188)
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 15:40:33 +11:00