Commit Graph

34680 Commits

Author SHA1 Message Date
Penar Musaraj 48c1238492 FIX: Do not send notification to empty push_url
Completes e4424d7
2019-10-16 11:27:07 -04:00
Kris d6118c8bc8 Add digest email template classes for popular post section 2019-10-16 11:22:33 -04:00
Penar Musaraj e4424d7c2e FIX: Do not make notification API call if push_url is blank
Followup to 77643931bc
2019-10-16 10:59:06 -04:00
Kris 1c4baadc49 UX: Wrap digest email footer in a table for better alignment options 2019-10-16 10:39:40 -04:00
Penar Musaraj c6e255f4e0 UX: Include metadata in composer link modal search results
Metadata includes topic status (closed, pinned, solved, etc.) as well as category and tags.
2019-10-16 10:17:27 -04:00
Daniel Waterworth 7ba914f1e1 FIX: Add migrations to fix index on category slugs
Slugs can be the empty string, but the added index didn't account for
that. This commit changes the migration, stopping it from being unique
so that it can be applied everywhere and adds another migration that
recreates the index properly.
2019-10-16 14:02:11 +00:00
David Taylor 1b8be069e5
DEV: Disable better_errors when developing with more than one worker (#8201)
From the better_errors README:

> Better Errors works by leaving a lot of context in server process memory. If you're using a web server that runs multiple "workers" it's likely that a second request (as happens when you click on a stack frame) will hit a different worker. That worker won't have the necessary context in memory, and you'll see a Session Expired message.
2019-10-16 14:44:48 +01:00
Joffrey JAFFEUX 02250bd91f
DEV: removes one deprecation with app-events:main 2019-10-16 10:50:43 +02:00
Joffrey JAFFEUX 5a543f8abd
FIX: prevents trash button to get focus when submiting input on profile (#8198)
This is a default behavior for browsers to submit using first button which doesn't have `type="button"` in a form when pressing enter inside an input.
2019-10-16 10:05:46 +02:00
Arpit Jalan c596d7df77 FIX: respect private_email setting for user invited notification email 2019-10-16 12:50:30 +05:30
Arpit Jalan 600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Sam Saffron d5d8db7fa8 FEATURE: improve honeypot and challenge logic
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.

This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.

We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations

Client has been made aware of these changes.

Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293

This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
2019-10-16 16:53:44 +11:00
Kris 645faa847b Follow up fix to c71da3f, class was defined twice 2019-10-15 20:12:50 -04:00
Krzysztof Kotlarek 0bf55fe2ff
Revert "FIX: public_file_server.enabled is false in test (#8192)" (#8196)
This reverts commit 5a8fdd02fe.
2019-10-16 10:39:31 +11:00
David Taylor 061c8874f5 FIX: Correct line count link in GitHub commit onebox
Bump onebox version
2019-10-15 23:52:59 +01:00
Krzysztof Kotlarek 5a8fdd02fe FIX: public_file_server.enabled is false in test (#8192)
After a small conversation, we decided that we can set `public_file_server.enabled` to false in the `test` environment to have the same value as `production`.
2019-10-16 09:18:48 +11:00
David Taylor ac2cd07775 DEV: Add discourse-restricted-replies as official plugin 2019-10-15 22:49:46 +01:00
David Taylor 7332649f1a DEV: Add plugin outlet to category security tab 2019-10-15 22:37:41 +01:00
David Taylor 943d8e0a97 DEV: Update JS test fixtures
- `site.json` now returns a list of group objects, not a `group_names` array (a6714e25)
- `c/1/show.json` now includes `custom_fields: {}`, even if no fields exist (b8bd0316)
2019-10-15 22:37:15 +01:00
Kris 50b618dd44 UX: Add CSS classes to digest email template to allow for easier styling 2019-10-15 16:21:55 -04:00
Daniel Waterworth c71da3f335 FIX: Add unique index to prevent duplicate slugs for categories 2019-10-15 19:44:50 +00:00
Daniel Waterworth 5f5b232cde FIX: Category.find_by_slug
find_by_slug should ensure that the parent actually exists when its
looking for a parent.
2019-10-15 16:44:24 +01:00
Penar Musaraj e83c2488a2 FIX: do not unpin reply box in iOS when selecting Emoji 2019-10-15 10:51:53 -04:00
Vinoth Kannan b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Sam Saffron c3cc96084c FIX: remove hiredis gem which is no longer needed
Previously some local micro-benchmarks revealed it was not giving any perf
benefits.

Now that we upgraded to 2.6.5 we are seeing some segfaults.

No need to carry this dependency around anymore.

We can re-evaluate in future if it improves perf and fix the segfaults.
2019-10-15 18:17:14 +11:00
Daniel Waterworth 0de7e4339c FIX: Subcategory permissions validation
When a category has a subcategory, we ensure that no one who can see the
subcategory cannot see the parent. However, we don't take into account
the fact that, when no CategoryGroups exist, the default is that
everyone has full permissions.
2019-10-14 21:13:22 +01:00
Daniel Waterworth c49b20a1a2 FIX: Validation of category tree depth
This prevents the creation of sub-sub-categories in multiple tabs
2019-10-14 21:13:22 +01:00
romanrizzi 9845963105 FEATURE: Use the 'ugc' rel attribute alongside 'nofollow' 2019-10-14 15:21:48 -03:00
David Taylor 392f6cdf33 DEV: Stop overriding computed property on `models/category.js.es6`
This causes an Ember deprecation notice, and is a confusing pattern. We never used the default values, so there is no benefit to including them.
2019-10-14 16:26:48 +01:00
Gerhard Schlager 2c011252f1 FIX: Move notification level only when user posted
Moving posts also moves the read state (`topic_users` table) to the destination topic. This changes that behavior so that only users who posted in the destination topic will have the original notification level (probably "watching") of the original topic. The notification level for all other users will be set to "regular".
2019-10-14 15:06:09 +02:00
Gerhard Schlager f1742617fb PERF: Faster moving of read state
This should improve the performance of moving the read state of lots of posts to a new/existing topic.
2019-10-14 15:06:09 +02:00
Dan Ungureanu 086b46051c
FIX: Zeitwerk-related fixes for jobs. (#8187) 2019-10-14 13:03:22 +03:00
Dan Ungureanu 96b8710b39
DEV: Fix heisentest (ensure that user ID really does not exist). 2019-10-14 12:25:43 +03:00
Dan Ungureanu 5b84307774
FIX: Ensure that scheduled jobs are loaded. (#8183)
In development, the scheduled jobs are loaded lazily and MiniScheduler
cannot discover them (/sidekiq/scheduler does not show any jobs).
2019-10-14 12:14:16 +03:00
Vinoth Kannan 519fe290e3 SPEC: 'lookup_upload_urls' method should use cdn url if available.
e4fe864c0b
2019-10-14 12:57:33 +05:30
Vinoth Kannan 129e308dac fix the incorrect specs
Previously the 'local_cdn_url' method didn't returned the correct cdn url. So we written few incorrect spec tests too.\n\nf92a6f7ac5228342177bf089d269e2f69a69e2f5
2019-10-14 12:49:11 +05:30
Arpit Jalan 815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Vinoth Kannan f92a6f7ac5 FIX: 'local_cdn_url' method should work for local relative urls too. 2019-10-14 11:39:16 +05:30
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188)
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 15:40:33 +11:00
Vinoth Kannan e4fe864c0b FIX: use upload's cdn url in composer preview if available. 2019-10-14 08:47:15 +05:30
Jeff Wong 2b74dc5885 FIX: allow change password with TOTP 2019-10-13 00:53:57 -07:00
Jeff Atwood 16d8e3f872 minor copyedit 2019-10-12 20:05:34 -07:00
Joffrey JAFFEUX 312ecf2a05
FIX: allows scrolling of search menu panel when showing more results (#8186) 2019-10-11 22:25:28 +02:00
Robin Ward de3db0e485 FIX: Remove another broken test 2019-10-11 15:52:14 -04:00
Robin Ward 204cd43861 FIX: This emoji test was broken too 2019-10-11 15:41:19 -04:00
Robin Ward 342bbe66dd FIX: Flaky tests
We had acceptance tests that were testing the contents of the post
stream preview, not the contents of the eventual topic itself.

This became apparent when I introduced a new promise which caused the
tests to finish waiting for work properly. Before that, it was up to the
speed of the execution, very spooky!
2019-10-11 15:33:34 -04:00
Robin Ward c5d03c30ca DEV: Add a plugin API for registering a "beforeSave" on the composer
This allows plugins to perform operations before saves occur, and
perhaps reject the post.
2019-10-11 14:55:27 -04:00
Robin Ward ee4369f972 Hook that allows custom logic before saving the composer 2019-10-11 14:55:09 -04:00
Faizaan Gagan 4d67f2a8ed bumped plugin api version to 0.8.33 (#8185) 2019-10-11 13:56:04 -04:00
Roman Rizzi 01bc465db8
DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00