Commit Graph

6484 Commits

Author SHA1 Message Date
Guo Xiang Tan 16215f9d3b DEV: Correct spec added in cfd507822f.
Remove stub.
2019-04-01 10:32:25 +08:00
Guo Xiang Tan cfd507822f
PERF: Improve quality of `PostSearchData#raw_data`. (#7275)
This commit fixes the follow quality issue with `PostSearchData#raw_data`:

1. URLs are being tokenized and links with similar href and characters
are being duplicated in the raw data.

`Post#cooked`:

```
<p><a href=\"https://meta.discourse.org/some.png\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener\">https://meta.discourse.org/some.png</a></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png discourse org/some png https://meta.discourse.org/some.png discourse org/some png
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png meta discourse org
```

2. Ligthbox being included in search pollutes the
`PostSearchData#raw_data` unncessarily.

From 28 March 2018 to 28 March 2019, searches for the term `image` on
`meta.discourse.org` had a click through rate of 2.1%. Non-lightboxed images are not included in indexing for search yet we were indexing content within a lightbox. Also, search for terms like `image` was affected we were using `Pasted image` as the filename for
uploads that were pasted.

`Post#cooked`

```
<p>Let me see how I can fix this image<br>\n<div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://meta.discourse.org/some.png\" title=\"some.png\" rel=\"nofollow noopener\"><img src=\"https://meta.discourse.org/some.png\" width=\"275\" height=\"299\"><div class=\"meta\">\n<svg class=\"fa d-icon d-icon-far-image svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#far-image\"></use></svg><span class=\"filename\">some.png</span><span class=\"informations\">1750×2000</span><svg class=\"fa d-icon d-icon-discourse-expand svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#discourse-expand\"></use></svg>\n</div></a></div></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image some.png png https://meta.discourse.org/some.png discourse org/some png some.png png 1750×2000
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image
```

In terms of indexing performance, we now have to parse the given HTML
through nokogiri twice. However performance is not a huge worry here since a string length of 194170 takes only 30ms
to scrub plus the indexing takes place in a background job.
2019-04-01 10:14:29 +08:00
Guo Xiang Tan 7ac76fe935 DEV: Remove warning.
Library has already been loaded in application.rb.
2019-04-01 10:11:08 +08:00
Guo Xiang Tan daeda80ada
FIX: Don't index posts with empty `Post#raw` for search. (#7263)
* DEV: Remove unnecessary join in `Jobs::ReindexSearch`.

* FIX: Don't index posts with empty `Post#raw` for search.
2019-04-01 10:06:27 +08:00
Guo Xiang Tan 730ebdfcba DEV: Refactor `Jobs::EmitWebHookEvent` specs. 2019-04-01 09:46:39 +08:00
Vinoth Kannan 904ba266cf SPEC: Add test case in emit_web_hook_event_spec for commit 4c6bfb9 2019-03-31 16:28:40 +05:30
Bianca Nenciu 034b8a7ecc FIX: Let users delete topics.
Follow-up to 31053f30de.
2019-03-29 22:00:36 +02:00
Robin Ward 370355d754 FIX: Allow users with posts to be rejected 2019-03-29 13:53:46 -04:00
Bianca Nenciu 31053f30de FEATURE: Let users delete their own topics. (#7267) 2019-03-29 17:10:05 +01:00
Maja Komel 4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Roman Rizzi 7740b1570b FIX: Avoid the deleted_at scope when recovering a topic from a recently recovered post 2019-03-29 09:40:15 -04:00
Tarek Khalil b1cb95fc23
FEATURE: Introduce ignore duration selection (#7266)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-29 10:14:53 +00:00
Guo Xiang Tan f458cba4cb FIX: Admin search logs should filter by date instead of timestamp.
The client side filters by date so it is confusion when the data changes as each second passes.
2019-03-29 11:50:25 +08:00
Guo Xiang Tan d8faf5f79e FIX: `SearcLog.term_details` generating incorrect data because of case.
Also match on equality rather than "LIKE ?" which is quite strange.
2019-03-29 11:31:01 +08:00
Guo Xiang Tan 8c2fa99f78 FIX: Remove `:term` from `admin/search_logs/term/:term` route.
Search log terms is a string that can contain characters like `/` which
messes with the route.
2019-03-29 09:48:20 +08:00
Robin Ward 118f98b6ed Linting error 2019-03-28 12:52:46 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Sam Saffron 9ebabc1de8 FEATURE: unconditionally update Topic updated_at when posts change in topic
Previously we would bypass touching `Topic.updated_at` for whispers and post
recovery / deletions.

This meant that certain types of caching can not be done where we rely on
this information for cache accuracy.

For example if we know we have zero unread topics as of yesterday and whisper
is made I need to bump this date so the cache remains accurate

This is only half of a larger change but provides the groundwork.

Confirmed none of our serializers leak out Topic.updated_at so this is safe
spot for this info

At the moment edits still do not change this but it is not relevant for the
unread cache.

This commit also cleans up some specs to use the new `eq_time` matcher for
millisecond fidelity comparison of times

Previously `freeze_time` would fudge this which is not that clean.
2019-03-28 17:28:01 +11:00
David Taylor 95d5819218 FIX: Re-download hotlinked optimized images (#7249)
* FIX: Download local images, even if download remote is disabled
2019-03-27 21:31:12 +01:00
Tim Lange 12181599db FIX: Staff action records now also accepts action_name as filter (#7256) 2019-03-27 21:29:15 +01:00
Bianca Nenciu a9798f0c47
FEATURE: Add page for all group membership requests. (#6909) 2019-03-27 13:30:59 +02:00
Tarek Khalil ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels (#7248)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Gerhard Schlager 4f04ae5692 FIX: Failed to show details about some bounced emails
Bounces sent to reply_by_email_address could not be found.
2019-03-26 18:00:27 +01:00
Tarek Khalil 41563ba6b2
FIX: flaky test in reports (#7255)
* FIX: flaky test in reports
2019-03-26 13:23:57 +00:00
Guo Xiang Tan 4774633dac DEV: Remove `StatsSocket`.
Removed in favor of https://github.com/discourse/discourse-prometheus.
2019-03-26 18:16:58 +08:00
Gerhard Schlager dc90133d29 FIX: Forcing permissions of seeded categories shouldn't fail
Less restrictive permissions of subcategories could make the seeding of categories fail.
2019-03-26 10:39:07 +01:00
Guo Xiang Tan dae0bb4c67 FIX: Post blurb incorrect when search contains a phrase match.
If the blurb generated is not around the search term, we will not be
able to highlight it on the client side.
2019-03-26 17:01:52 +08:00
Guo Xiang Tan 1799820256 DEV: Improve search phrase spec to show that it actually works. 2019-03-26 16:31:15 +08:00
Guo Xiang Tan bf57f39353 DEV: Remove code that is not used. 2019-03-26 15:36:26 +08:00
Tim Lange 5a9dd923cc FIX: Onebox discourse user not respecting enable names (#7245) 2019-03-25 12:50:14 +05:30
Guo Xiang Tan ac661e856a
FEATURE: Allow categories to be prioritized/deprioritized in search. (#7209) 2019-03-25 10:59:55 +08:00
Vinoth Kannan b8bd031648 FIX: Always include custom fields in CategorySerializer
even if it is empty
2019-03-25 07:59:56 +05:30
Sam Saffron 40ac895ef7 SECURITY: properly validate return URL for SSO
Previously carefully crafted URLs could redirect off site
2019-03-25 09:02:42 +11:00
David Taylor bb3f8e32e5 DEV: Run pull_hotlinked_images onebox specs without synchronous jobs
This was changed in fa5a1586, and caused a mutex to lock up, adding 60 seconds to the test suite.
2019-03-22 19:27:37 +00:00
Neil Lalonde 399e937a38 FIX: prevent sending multiple summary emails due to Sidekiq delays 2019-03-22 12:34:34 -04:00
Penar Musaraj 51e08feb7e DEV: Refactor icons used in lightbox HTML
Uses <svg> elements instead of hacky CSS pseudoelements

Adds a migration to mark posts with lightboxes as needing a rebake
2019-03-22 11:52:06 -04:00
David Taylor a9d5ffbe3d FIX: Prevent critical emails bypassing disable, and improve email test logic
- The test_email job is removed, because it was always being run synchronously (not in sidekiq)
- 34b29f62 added a bypass for critical emails, to match the spec. This removes the bypass, and removes the spec.
- This adapts the specs for 72ffabf6, so that they check for emails being sent
- This reimplements c2797921, allowing test emails to be sent even when emails are disabled
2019-03-22 17:28:43 +08:00
Guo Xiang Tan 839a54b97b FIX: Destroy `OptimizedImage` record even if `Upload` record is invalid. 2019-03-22 16:47:06 +08:00
Guo Xiang Tan 19c3c25db1 FIX: Handle BBCode in `migrate_to_s3` task as well. 2019-03-22 16:47:06 +08:00
David Taylor 3f9e7eb326 FIX: Respect the disable_emails=non-staff site setting correctly
This reverts commit c279792130.

This commit inadvertently removed all of the non-staff email logic, rather than just for the 'test email' button. 

https://meta.discourse.org/t/112231/5
2019-03-21 21:44:14 +00:00
Neil Lalonde 1812a38f0a FIX: upload watched words should use UTF-8 2019-03-21 13:46:16 -04:00
Maja Komel 34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil 605530a77f FEATURE: Include muted users count within the ignored users report (#7230) 2019-03-21 14:31:45 +01:00
Tarek Khalil a31a35b334 FEATURE: Ignored user notification behaviour should be as a muted user (#7227) 2019-03-21 12:15:34 +01:00
Tim Lange f7b156ffbd UX: Better emoji escaping for topic title (#7218)
* FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 09:11:33 +01:00
Gerhard Schlager 64bf4d4483 DEV: Add spec for reusing category permalink
Follow-up to f3c76ad482
2019-03-20 23:38:59 +01:00
Tarek Khalil 1dd0fa0c4e
REFACTOR: Move redundant ignored user check into guardian (#7219)
* REFACTOR: Move redundant ignored user check into guardian
2019-03-20 19:55:46 +00:00
Tarek Khalil ed73cc60a9 FIX: Staff should be allowed to ignore users (#7216) 2019-03-20 15:47:13 +01:00
Tarek Khalil 5852e86226 FEATURE: Only allow TL2 Users to ignore other users (#7212) 2019-03-20 15:02:33 +01:00
Tarek Khalil 3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users (#7202) 2019-03-20 11:18:46 +01:00
Tarek Khalil fed2dd9148 FEATURE: Add scheduled job to purge expired ignored users (#7211) 2019-03-20 11:01:43 +01:00
Leo McArdle b084750953 FIX: don't redirect incorrectly after full screen login (#7170)
Fixes two issues:
1. Redirecting to an external origin's path after login did not work
2. User would be erroneously redirected to the external origin after logout

https://meta.discourse.org/t/109755
2019-03-19 12:39:13 +00:00
Régis Hanol 6fb49e74a1
Revert "UX: Better emoji escaping for topic title (#7176)" (#7201)
This reverts commit 0d9bc0aaa6.
2019-03-19 12:02:47 +01:00
Guo Xiang Tan d808f36fc4 FIX: Reindex post for search when post is moved to a different topic.
* This is causing certain posts to appear in searches incorrectly as `PostSearchData#raw_data` contains the outdated title, category name and tag names.
2019-03-19 17:19:14 +08:00
Maja Komel 714a0d87df UX: order categories based on latest activity for all page styles (#7196)
follow up on 32db3ac2
2019-03-19 09:35:32 +01:00
Tim Lange 0d9bc0aaa6 UX: Better emoji escaping for topic title (#7176) 2019-03-19 09:33:10 +01:00
Guo Xiang Tan 64f20e7e7a FIX: Don't ignore category in search when using category filters. 2019-03-19 11:23:14 +08:00
Penar Musaraj dafba62931 DEV: Ignore SVG sprite symbols missing ids 2019-03-18 22:07:19 -04:00
Guo Xiang Tan 4020c87680 DEV: Refactor tests for `Jobs::CleanUpInactiveUsers`.
* Remove use of 0 in favor of `TrustLevel.levels[:newuser]`.
* Consolidate two tests into a single one.
* Test that disabling the feature works.
* Avoid loading full ActiveRecord object in test when we only need to
know the existence of the record.
2019-03-19 09:57:21 +08:00
Gerhard Schlager 3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Bianca Nenciu 2347661a74 FEATURE: Clean up inactive users. (#7172) 2019-03-18 16:25:15 +01:00
Maja Komel 7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Penar Musaraj 2506acae80
FIX: Respect permalinks starting with "/category" (#7171) 2019-03-18 10:24:46 -04:00
Guo Xiang Tan 5e410dc5e0
FEATURE: Ability to exclude category from search results. (#7194)
This commit also adds `Category#search_priority` which sets the ground
work to enable prioritizing of posts for certain categories when searching.
2019-03-18 15:25:45 +08:00
Vinoth Kannan 4477938ea7 DEV: Option to preload category custom fields for site serializer 2019-03-16 17:18:57 +05:30
Bianca Nenciu 5114ef958a FIX: Do not trigger post alerts for empty posts. (#7138) 2019-03-15 17:58:43 +01:00
Joffrey JAFFEUX aa4b84925a FEATURE: updates emoji to latest 12.0 version (#7095)
* improved emoji support

- always optimize images as part of the task
- use the unicode standard ordering/naming for sections

* UX: more height for when there are recently used
2019-03-15 16:12:07 +01:00
Penar Musaraj 9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Bianca Nenciu d352baa1a2
FEATURE: Enforce two-factor authentication. (#6348) 2019-03-15 13:09:37 +02:00
Guo Xiang Tan c5808a8a25 PERF: N+1 queries admin users pages. 2019-03-15 15:09:44 +08:00
Penar Musaraj d6d4a5ba4a FEATURE: support custom icons in themes (#7155)
* First take

* Add support for sprites in themes

Automatically register any custom icons added via themes or plugins

* Fix theme sprite caching

* Simplify test

* Update lib/svg_sprite/svg_sprite.rb

Co-Authored-By: pmusaraj <pmusaraj@gmail.com>

* Fix /svg-sprite/search request
2019-03-15 17:16:15 +11:00
Maja Komel 32db3ac228 UX: order categories based on recent activity when using categories_and_latest_topics layout (#7166) 2019-03-15 17:14:49 +11:00
Tarek Khalil bd6d31c9ec
FEATURE: Add `IgnoredUsersSummary` daily job (#7144)
* FEATURE: Add `IgnoredUsersSummary` daily job

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8).

We want to:

1. Send an automatic group PM that goes out to moderators
2. When {x} users have Ignored the same user, threshold defined by a site setting, default of 5
3. Only send this message every X days which is defined by another site setting
2019-03-14 22:51:43 +00:00
Arpit Jalan d6d71de855 FIX: allow banner topic posts to be moved to regular topic (and vice versa) 2019-03-14 23:41:23 +05:30
Robin Ward fa5a158683 REFACTOR: Move `queue_jobs` out of `SiteSetting`
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Gerhard Schlager c34a6ba674 REFACTOR: Rename site settings to make them less confusing 2019-03-14 13:40:14 +01:00
David Taylor fc0cf3ecd1
FEATURE: Fetch email from auth provider if current user email is invalid (#7163)
If the existing email address for a user ends in `.invalid`, we should take the email address from an authentication payload, and replace the invalid address. This typically happens when we import users from a system without email addresses.

This commit also adds some extensibility so that plugin authenticators can define `always_update_user_email?`
2019-03-14 11:33:30 +00:00
Guo Xiang Tan 40b03e717b FIX: `Upload#migrate_to_new_scheme` should not migrate system uploads. 2019-03-14 12:45:03 +08:00
Guo Xiang Tan 1bc96177dd DEV: Improve specs for validating a unique post.
Follow up to d2a7f29595 which caused post
edits to fail.
2019-03-14 10:39:51 +08:00
Guo Xiang Tan 1c6a2262b3
FIX: `StaticController#favicon` reads from disk when using local store. (#7160)
Since uploads site settings are now backed by an actual upload, we don't
have to reach over the network just to fetch the favicon. Instead, we
can just read the upload directly from disk.
2019-03-14 04:17:36 +08:00
Maja Komel 65f3ed0689 UX: make name optional for confirmation user field (#7149) 2019-03-13 18:40:43 +01:00
David Taylor 420c6f8102
FEATURE: Skip sending emails to domains on the `.invalid` TLD (#7162)
This is a reserved TLD which we use when importing users without an email address. https://tools.ietf.org/html/rfc2606
2019-03-13 16:17:59 +00:00
Joffrey JAFFEUX d32557ea32 Revert "FIX: Better emoji escaping for topic title"
This reverts commit 35426b5ad6.
2019-03-13 13:02:56 +01:00
Bianca Nenciu 76a14c47ac FEATURE: Add site contact group. (#7152) 2019-03-13 11:34:47 +01:00
Tim Lange 35426b5ad6 FIX: Better emoji escaping for topic title
This commit also puts emojiVersion in its own erb file.
2019-03-13 11:17:59 +01:00
Guo Xiang Tan 243fb8d9ad Fix the build. 2019-03-13 17:39:07 +08:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Blake Erickson 7ac394f51f FIX: prevent mixed api auth headers & query params
When using the api and you provide an http header based api key any other
auth based information (username, external_id, or user_id) passed in as
query params will not be used and vice versa.

Followup to f03b293e6a
2019-03-12 17:33:21 -06:00
Dan Ungureanu 7310ee3ef1 FEATURE: Add more control over post notices. (#7148) 2019-03-13 08:06:28 +11:00
Bianca Nenciu c6ed86220e FIX: Notify on tag change. (#7119) 2019-03-12 18:09:34 +01:00
Tarek Khalil 28384ba62c
FEATURE: Add `Top Ignored Users` report (#7153)
* FEATURE: Add `Top Ignored Users` report

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8), and also part of [this PR](https://github.com/discourse/discourse/pull/7144).

We want to send a System Message daily when a specific count threshold for an ignored is reached. To make this system message informative, we want to link to a report for the Top Ignored Users too.
2019-03-12 16:01:58 +00:00
Guo Xiang Tan 6d0528687d DEV: Remove redundant assertion.
If the post is not present, the test will fail with an error.
2019-03-12 20:56:18 +08:00
Bianca Nenciu e6c2faf186 FIX: Disable 'Create Topic' button if tag is staff-only. (#6984)
* FIX: Disable 'Create Topic' button if tag is staff-only.

* FIX: Staff-only tags should always return 404.
2019-03-12 19:23:36 +11:00
Bianca Nenciu 191e31dccf FEATURE: Log user approvals. (#7121) 2019-03-12 19:16:56 +11:00
Guo Xiang Tan da941840d4 FIX: Advanced search category term should be case insensitive. 2019-03-12 14:11:21 +08:00
Penar Musaraj 95532814df DEV: Make Rubocop happy 2019-03-11 22:33:24 -04:00
Guo Xiang Tan 34b29f62db DEV: Remove the use of stubs and mocks in `Jobs::UserEmail` tests.
We can only be sure that an email is sent when we get a mailer in
`ActionMailer::Deliveries`. A couple of tests were actually incorrect
because it didn't flow through our email sender where there are more
conditions in determining whether an email is sent or not.
2019-03-12 09:39:16 +08:00
Robin Ward d1d9a4f128 Add new `run_jobs_synchronously!` helper for tests
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.

I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
venarius 411ddbeef0 FIX: Added test for has_more 2019-03-11 12:56:15 -04:00
Joffrey JAFFEUX 7ae1afa7d9
FIX: ensures tag-groups are used to allow category edit on topics (#7141) 2019-03-11 15:02:27 +01:00
Tarek Khalil d6eb892b04
FEATURE: Account for `ignored_users` when merging two users (#7142)
* FEATURE: Account for `ignored_users` when merging two users

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8).
When we merge two users, we need to account for merging their list of `ignored_users` too.
2019-03-11 13:53:59 +00:00
Dan Ungureanu ceec11a153
FIX: Make post notices invisible to poster. 2019-03-11 12:07:19 +02:00
Dan Ungureanu b28b418363
FIX: Various improvements to post notices.
- Notices are visible only by poster and trust level 2+ users.
- Notices are not generated for non-human or staged users.
- Notices are deleted when post is deleted.
2019-03-11 11:19:58 +02:00
Guo Xiang Tan 62579d79d4 DEV: Fix failing tests. 2019-03-11 11:12:11 +08:00
Guo Xiang Tan 8384075184 DEV: Fix incorrect test. 2019-03-11 11:00:47 +08:00
Guo Xiang Tan 9d0698e2a8 Fix `UserProfile` fabricator. 2019-03-11 09:57:42 +08:00
Robin Ward 57ee779b1e FIX: Job exception: undefined method `email' for nil:NilClass
It seems that due to jobs being asynchronous and wrapping code in a
DistributedMutex that by the time we run the
`UserAvatar#update_gravatar!` job that the user/user email might be
destroyed.

This patch checks before a call to `user.email_hash` to make sure
the user and primary email exist to prevent the exception. If not
present, the job exits as there's nothing to do because we are
probably running after the user was destroyed for some reason.
2019-03-08 13:39:56 -05:00
Blake Erickson f03b293e6a
FEATURE: Header based auth for API requests (#7129)
Now you can also make authenticated API requests by passing the
`api_key` and `api_username` in the HTTP header instead of query params.

The new header values are: `Api-key` and `Api-Username`.

Here is an example in cURL:

``` text
curl -i -sS -X POST "http://127.0.0.1:3000/categories" \
  -H "Content-Type: multipart/form-data;" \
  -H "Api-Key: 7aa202bec1ff70563bc0a3d102feac0a7dd2af96b5b772a9feaf27485f9d31a2" \
  -H "Api-Username: system" \
  -F "name=7c1c0ed93583cba7124b745d1bd56b32" \
  -F "color=49d9e9" \
  -F "text_color=f0fcfd"
```

There is also support for `Api-User-Id` and `Api-User-External-Id`
instead of specifying the username along with the key.
2019-03-08 09:13:31 -07:00
Osama Sayegh 5e58cedfbd
FIX: retranspile theme JS when settings YAML changes (#7131) 2019-03-08 17:49:06 +03:00
Dan Ungureanu 3474701146
DEV: Fix build. 2019-03-08 12:45:03 +02:00
David Taylor b101065bad
FIX: Sanitize theme settings properly before injecting into stylesheets (#7031) 2019-03-08 08:58:06 +00:00
Dan Ungureanu 2312caccdc
FEATURE: Skip small actions when counting replies in PMs. (#7108) 2019-03-08 10:49:34 +02:00
Dan Ungureanu 35942f7c7c
FEATURE: Special call-out for new / returning posters. (#7115) 2019-03-08 10:48:35 +02:00
David Taylor fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator (#7120)
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Arpit Jalan 2c8e1d3578 FEATURE: remove all expired invitations by default 2019-03-07 15:28:39 +05:30
Vinoth Kannan 167d85c21f FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 22:52:54 +05:30
Gerhard Schlager 4000978452 FIX: Failed to save email template with pluralized subject 2019-03-06 16:51:04 +01:00
Tim Lange 3ff0800e50 FIX: Fixed custom emoji circumventing "max emojis in topic title" set… (#7116) 2019-03-06 12:49:17 +01:00
Tarek Khalil 0a9a11094d
FEATURE: Save ignored usernames in user preferences (#7117)
* FEATURE: Save ignored usernames in user preferences
2019-03-06 11:21:58 +00:00
Tarek Khalil f7c4d8c8f9
FIX: WebhookPostSerializer spec failure 2019-03-06 09:48:20 +00:00
Arpit Jalan 05ebb52ec4
FEATURE: defer flags when deleting child replies (#7111) 2019-03-06 14:32:25 +05:30
Sam b2187301fd FEATURE: allow users to easily track/watch/mute topics via email
If you reply to an email with the word "mute" a topic will be muted
If you reply to an email with the word "track" a topic will be tracked
If you reply to an email with the word "watch" a topic will be watched

These ninja command can help advanced mailing list ex-users, saves a trip
to the website
2019-03-06 18:38:49 +11:00
Sam 8d7c10f7f2 FIX: allow moderators to create categories setting broken
Mods require visibility to everyone group cause category dialogs need to
know about this.

If the site setting `allow moderators to create categories` will not function
without this

Note there is no security expansion of rights here, the group is technically
empty anyway and it always looks exactly the same on all discourse instances
2019-03-06 17:44:18 +11:00
Tarek Khalil dedd5e0e60
FIX: WebhookUserSerializer spec failure 2019-03-05 18:01:25 +00:00
Tim Lange 83f4c4a3f2 FIX: Fixed editing whispers bumps topic (#7106) 2019-03-05 18:02:20 +01:00
Tarek Khalil 7b78a1a2cd
FIX: anonymous user filtering bug in PostView (#7089)
* FIX: anonymous user filtering bug in PostView
2019-03-04 14:29:05 +00:00
Joffrey JAFFEUX 703c724cf3
REFACTOR: Migrate InstagramAuthenticator to use ManagedAuthenticator (#7081) 2019-03-04 14:54:28 +01:00
Arpit Jalan ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Joffrey JAFFEUX dc4001370c
FEATURE: displays groups in menu search (#7090) 2019-03-04 10:30:09 +01:00
Maja Komel fea5d4f3ec FIX: any subcategory permissions are valid if everyone has access to parent category (#7097) 2019-03-04 14:49:26 +11:00
Arpit Jalan 01e2180548 FIX: /signup and /password-reset direct links were broken 2019-03-04 09:02:22 +05:30
Joffrey JAFFEUX 1cd64f68f1
FIX: staff/admin shouldn’t be able to create uncategorized topics (#7077) 2019-02-28 15:51:13 +01:00
Arpit Jalan c02956e29c
FIX: when posts are moved to a message then small action post should not be publicly visible (#7085)
This fix is inspired from what we do in discourse-assigned plugin.
https://github.com/discourse/discourse-assign/blob/master/lib/topic_assigner.rb#L184
https://github.com/discourse/discourse-assign/blob/master/assets/javascripts/discourse-assign/initializers/extend-for-assigns.js.es6#L125-L133
2019-02-28 19:49:26 +05:30
David Taylor b907924c93 FIX: ManagedAuthenticator should automatically update last_used time 2019-02-27 15:29:26 +00:00
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Dan Ungureanu f68a7a16a4 FIX: Use field name to name files in theme export. (#7009) 2019-02-27 10:45:22 +01:00
Maja Komel 6f427589b2 FIX: make it possible to use backup code everywhere where 2FA required (#7010) 2019-02-27 10:37:33 +01:00
Régis Hanol 326d892f5e Aadd 'secondary_emails' field in users export
FIX: escape_comma wasn't working in CSV exports
FIX: group_names field wasn't properly serialized
2019-02-27 10:12:20 +01:00
Davide Porrovecchio 75aaae5d5c FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting (#6779) 2019-02-26 17:03:20 +01:00
David Taylor a8ffc02d06 PERF: Reduce N+1s on theme admin page 2019-02-26 14:22:02 +00:00
Joffrey JAFFEUX 7ccb0b882f
FIX: ensures topic’s category allows topics tags (#7060) 2019-02-26 11:21:55 +01:00
Maja Komel 3d9981ac5c FIX: strip invalid byte sequences 2019-02-26 10:09:51 +01:00
Robin Ward 45db98dd3e FIX: Heisentest - Stored uploads don't always start with 1X
This is a common pattern we see in tests. The `id` of the upload
is used to create the URL and we assume the `id` will always be
in a certain range which depends on the database.
2019-02-25 15:21:33 -05:00
Penar Musaraj 9bf11a7c02
FEATURE: Add localized timezone names (#7004)
Uses github.com/discourse/moment-timezone-names-translations to translate timezone names.
Plugins can also provide their own timezone name translations.
2019-02-25 14:40:02 -05:00
Gerhard Schlager dc961fecb9 FIX: Outgoing emails were not disabled after restoring backup 2019-02-25 16:07:24 +01:00
Joffrey JAFFEUX 900e187627
DEV: removing blank files (#7057) 2019-02-25 09:52:44 +01:00
Sam 4fb9ca3bc9 DEV: correct heisentest, run report at consistent time
`Time.zone.now` can be any time, make this report run on a consistent time
bucket every run instead of changing it each run.
2019-02-25 14:17:52 +11:00
Sam 0a357299b7 FEATURE: add `f` and `t` search shortcuts for first post / title
Previously with had `in:title` and `in:first` search shortcuts for
searching in first post or title only. They are a bit of handful to type.

This add 2 shortcuts (t and f) for searching titles of first posts.

This commit also cleans up all advanced filters, they were not properly
regex terminated allowing for weird clauses like `in:firstinator` acting
the same as `in:first`
2019-02-25 10:55:24 +11:00
Jeff Wong 8be7878656 FEATURE: add ability to clear previously set mobile_view with mobile_view=auto 2019-02-22 10:44:49 -08:00
Vinoth Kannan d1bad881ea
FEATURE: Allow moderators to change topic timestamps (#7053) 2019-02-22 14:33:52 +05:30
Sam 667d3a3fd6 PERF: include content-length header for CDN
Attempt to force NGINX to include content length when doing X-SendFile
This does not seem to be required when bypassing NGINX.

Without this header some CDNs may have issues caching
2019-02-22 11:21:07 +11:00
Sam 31d41f532e PERF: do not include suggested topics when loading new posts
When a new post is triggered via message bus post stream will attempt to load
it, previously the `/topic/TOPIC_ID/posts.json` would unconditionally include
suggested topics, this caused excessive load on the server.

New pattern defaults to exclude suggested and related topics from this API
unless people explicitly ask for suggested.
2019-02-22 10:37:18 +11:00
Joffrey JAFFEUX c5e952839a
FIX: prevents other tests from leaking modified theme color (#7051) 2019-02-21 15:12:20 +01:00
Guo Xiang Tan 72d14a11ab DEV: Properly flush `DistributedMemoizer` in spec.
- $redis.flushall may hide state leak from other tests.
2019-02-21 15:17:37 +08:00
Guo Xiang Tan 58b0e945bd
UX: Lightbox support for image uploader. (#7034) 2019-02-21 10:13:37 +08:00
Régis Hanol 664e90bd17 FIX: ensure local images use local CDN when uploads are stored on S3
When the S3 store was enabled, we were only applying the S3 CDN.
So all images stored locally, like the emojis, were never put on the local CDN.

Fixed a bunch of CookedPostProcessor test by adding a call to 'optimize_urls'
in order to get final URLs.

I also removed the unnecessary PrettyText.add_s3_cdn method since this is already
handled in the CookedPostProcessor.
2019-02-20 19:24:38 +01:00
Gerhard Schlager 66901f67f6 UX: Moderator post wasn't completely translatable 2019-02-20 16:37:47 +01:00
Sam 33269c4172 FEATURE: do no search for groups unless a term is specified
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.

Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
Dan Ungureanu 10dad7d013 FIX: Use CDN for optimized loading images. (#7006)
We missed a few spots in the cooked post processor where images where not loaded using CDN, causing
uneeded load and requests against the server
2019-02-20 13:55:08 +11:00
Sam 1f4ace4f56 FEATURE: autocomplete usernames early in topic based on participation
Following this change when a user hits `@` and is replying to a topic they
will see usernames of people who were last seen and participated in the topic

This is somewhat experimental, we may tweak this, or make it optional.

Also, a regression in a423a938 where hitting TAB would eat a post you were writing:

Eg this would eat a post:

``` text
@hello, testing 123 <tab>
```
2019-02-20 13:34:43 +11:00
Guo Xiang Tan 4d31b425e3 DEV: Validity of distributed mutex configurable once per instance.
Follow up to 4f9e5e19c8.
2019-02-20 09:29:45 +08:00
Guo Xiang Tan f2efa0da66
DEV: Allow validity of lock to be customizable for `DistributedMutex`. (#7025)
- Allows a user to override the default lock validity of 60 seconds.
- Also clean up test which was leaking a redis key
2019-02-20 09:23:42 +08:00
Gerhard Schlager 5d75bd4831 FIX: Don't try to rename group when username is taken
FIX: Always rename groups with the default locale instead of using the user's locale
2019-02-19 22:31:03 +01:00
Robin Ward 34b2157b8c FIX: Slow test (deadlock)
It was getting caught in a `DistributedMutex` deadlock (twice!), which
meant this test was taking 120s to run.

I'm not sure why queue jobs was turned off here, because when I turn it
on the test passes and takes <2s instead.
2019-02-19 12:31:23 -05:00
Vinoth Kannan 563b953224 DEV: Add 'backfill_etags_' to the method name since it also backfilling the etags 2019-02-19 21:54:35 +05:30
David Taylor 7878e5007a
FIX: Refactor to prevent themes affecting core stylesheets (#7029)
If a theme setting contained invalid SCSS, it would cause an error 500 on the site, with no way to recover. This commit stops loading theme settings in the core stylesheets, and instead only loads the color scheme variables. This change also makes `common/foundation/variables.scss` available to themes without an explicit import.
2019-02-19 15:55:59 +00:00
Gerhard Schlager 4799cf2811 FIX: moment_js locale files provided by plugins were ignored 2019-02-19 15:28:47 +01:00
Vinoth Kannan bf2059baf5 SPEC: check enqueued jobs size instead of using mocks 2019-02-19 13:14:06 +05:30
Vinoth Kannan f2c3415548 FIX: Should not generate payload until active webhooks are exist 2019-02-19 12:23:42 +05:30
Guo Xiang Tan bf21ebaecc DEV: Allow custom value when pausing sidekiq to aid in debugging.
Sometimes, it is useful to know what caused Sidekiq to be paused.
2019-02-19 10:55:53 +08:00
Guo Xiang Tan 86a2172bda DEV: Fix heisentest.
Unpause sidekiq before clearning up all threads.
2019-02-19 08:21:51 +08:00
Arpit Jalan a960cbd97f fix the build ❤️ 2019-02-18 10:00:17 +05:30
Arpit Jalan 7cb194f2db Add more specs for word watcher service. 2019-02-18 09:55:16 +05:30
David Taylor f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Arpit Jalan 99c6db21e6
FEATURE: allow blocking emojis (#7011)
https://meta.discourse.org/t/blocking-emojis-wont-work/105853
2019-02-15 20:55:48 +05:30
Sam f8b70f4ca3 FIX: unable to create new categories
Previous attempt at 70adb940 missed the critical "everyone" group from
staff, leading to a case where staff was no longer able to create categories
2019-02-15 10:24:29 +11:00
Vinoth Kannan 0472bd4adc FIX: Remove 'backfill_etags' keyword argument from 'uploads:missing' rake task
And etags backfilling code is optimized
2019-02-15 00:34:35 +05:30
Bianca Nenciu e2b8fbee12 DEV: Improve test. 2019-02-14 17:53:26 +02:00
Bianca Nenciu 7003ea96be FIX: Fix failing test. 2019-02-14 16:56:06 +02:00
Bianca Nenciu 70adb94008 SECURITY: Do not leak private group names. (#7008) 2019-02-14 15:35:58 +01:00
Vinoth Kannan b5fbd7385f FIX: run the rake task only for uploads created before a day from inventory date 2019-02-14 17:53:08 +05:30
Vinoth Kannan f7d03b2406 Stop the automatic creation of inventory 'gz' file in fixtures 2019-02-14 14:25:45 +05:30
Sam f52378ca5f Make rubocop happy
oops I forgot a newline
2019-02-14 18:06:06 +11:00
Sam ebd4140492 FIX: logspam due to 404s on CSS files
We had a missing formats: string on our render partial that caused logs to
spam when CSS files got 404s.

Due to magic discourse_public_exceptions.rb was actually returning the
correct 404 cause it switched format when rendering the error.
2019-02-14 17:58:16 +11:00
Maja Komel 39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Arpit Jalan b651605d6e FIX: tags added while editing a pending approval topic do not show up (#6959) 2019-02-14 15:42:40 +11:00
Sam 74d2d4f658 FEATURE: add APIS for unpausing all sites
This adjusts 53d592ad by @tgxworld

- Adds Sidekiq.upause_all! to unpause all sites
- Adds Sidekiq.paused_dbs to list dbs that are currently paused
- Handles some edge cases where unpause thread could extend expiry on
sites that were unpaused from a different process
- Ensures tests always terminates background thread used for pause
keepalive
2019-02-14 13:34:20 +11:00
Guo Xiang Tan 53d592ad3b FIX: Add multisite support to Sidekiq::Pausable. (#6960)
Having a global Sidekiq pause switch is problematic because a site in
the cluster can pause Sidekiq for the entire cluster.
2019-02-14 12:22:40 +11:00
Vinoth Kannan 484bd82278 FIX: Add onceoff job to remove double quotes from s3 etags 2019-02-14 05:19:41 +05:30
Vinoth Kannan 7b5931013a Update rake task to backfill etags from s3 inventory 2019-02-14 05:18:06 +05:30
Vinoth Kannan 1045bbc35b FIX: S3 inventory data can be splitted into multiple csv files 2019-02-14 03:41:52 +05:30
Sam 641b079c78 FIX: add support for missing verbs in user api key
Previously "write" scope was missing put and delete verbs which should be
allowed.

Also closes: #6982
2019-02-13 15:49:43 +11:00
Penar Musaraj 5cef5b34ef DEV: Yarn-manage moment and moment-timezone libraries 2019-02-12 13:57:52 -05:00
Robin Ward c23411cc69 FIX: Heisentest - suspicious logins report was not ordered by date
The specs needed an order even though none was supplied.
2019-02-12 13:17:29 -05:00
David Taylor 91f0468f4e FIX: Allow unbaked theme fields to be destroyed
The after_commit hook was attempting to re-bake theme_fields after they were destroyed, which caused an exception to be thrown
2019-02-12 16:14:43 +00:00
Dan Ungureanu 90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Robin Ward 12d061a45b Remove stubbing of `auto_close_threshold_reached?` 2019-02-11 15:41:03 -05:00
David Taylor 705c898c21
FEATURE: Calculate CSP based on active themes (#6976) 2019-02-11 12:32:04 +00:00
Arpit Jalan dcd7b92532 FIX: some posters were not getting added to topic_allowed_users when moving posts to a new PM
If a user posted twice in a topic then subsequent posters were not getting added as topic_allowed_users.
2019-02-11 17:05:21 +05:30
Penar Musaraj c50db76f5d FIX: do not treat TIFF, BMP, WEBP as images
Treating TIFF and BMP as images cause us to add them to IMG tags, this is very inconsistent across browsers.

You can still upload these files they will simply not be displayed in IMG tags.
2019-02-11 16:28:43 +11:00