Commit Graph

50140 Commits

Author SHA1 Message Date
Martin Brennan 4ae26bcaac
FIX: Render excerpt HTML for chat replies and edit (#22559)
It is now safe to render the message excerpt as HTML since
it is no longer using text_entities: true in the server
PrettyText.excerpt call when creating the message excerpt
from the cooked HTML.

This will fix the issue of things like mentions showing
HTML code instead of the actual mention when replying,
and cannot be used to inject improper HTML like style tags
via XSS.
2023-07-13 09:44:56 +10:00
Krzysztof Kotlarek bdecd697b9
FIX: more performance improvement for PostAlert job (#22487)
Simplified query based on SiteSettings to join only relevant user_options rows.
In addition, index was added to 'watched_precedence_over_muted` column in `user_options` table to speed up query
2023-07-13 09:02:23 +10:00
Alan Guo Xiang Tan 4d5f9b8a21
UX: Move group mentions notifications into the reply tab (#22562)
Why this change?

Group mention notifications are currently placed in the "Others" tab
of the user menu which is odd considering that mentioned notifications
are in the reply tab. This commit changes it such that group mention
notifications are displayed in the reply tab as well.
2023-07-13 06:52:03 +08:00
dependabot[bot] b697cf9dc2
Build(deps): Bump rspec-mocks from 3.12.5 to 3.12.6 (#22576)
Bumps [rspec-mocks](https://github.com/rspec/rspec-mocks) from 3.12.5 to 3.12.6.
- [Release notes](https://github.com/rspec/rspec-mocks/releases)
- [Changelog](https://github.com/rspec/rspec-mocks/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-mocks/compare/v3.12.5...v3.12.6)

---
updated-dependencies:
- dependency-name: rspec-mocks
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-13 06:49:43 +08:00
Kris 7b23010c4a
UX: fix icon warning position in sidebar modal (#22572) 2023-07-12 13:57:11 -04:00
Roman Rizzi 6892324767
FIX: Display the whole summary when it consists of multiple <p> tags. (#22568) 2023-07-12 13:48:29 -03:00
Joffrey JAFFEUX 10f6395545
Revert "FIX: correctly respects full name settings in channel title (#22566)" (#22569)
This reverts commit aa9c7dc924.
2023-07-12 18:46:19 +02:00
Joffrey JAFFEUX aa9c7dc924
FIX: correctly respects full name settings in channel title (#22566) 2023-07-12 16:59:47 +02:00
Andrei Prigorshnev fbe0e4c78c
DEV: make sure we don't load all data into memory when exporting chat messages (#22276)
This commit makes sure we don't load all data into memory when doing CSV exports. 
The most important change here made to the recently introduced export of chat 
messages (3ea31f4). We were loading all data into memory in the first version, with 
this commit it's not the case anymore.

Speaking of old exports. Some of them already use find_each, and it worked as 
expected, without loading all data into memory. And it will proceed working as 
expected after this commit.

In general, I made sure this change didn't break other CSV exports, first manually, and 
then by writing system specs for them. Sadly, I haven't managed yet to make those 
specs stable, they work fine locally, but flaky in GitHub actions, so I've disabled them 
for now.

I'll be making more changes to the CSV exports code soon, those system specs will be 
very helpful. I'll be running them locally, and I hope I'll manage to make them stable 
while doing that work.
2023-07-12 18:52:18 +04:00
Daniel Waterworth b7404373cf
FIX: Always clear caches after committing the current transaction (#22550)
Instead of having to remember every time, just always wait until the
current transaction (if it exists) has committed before clearing any
DistributedCache.

The only exception to this is caches that aren't caching things from
postgres.

This means we have to do the test setup after setting the test
transaction, because doing the test setup involves clearing caches.

Reapplying this - it now doesn't use after_commit if skip_db is set
2023-07-12 09:49:28 -05:00
Roman Rizzi 61aeb2da90
FEATURE: Inline topic summary. Cached version accessible to everyone. (#22551)
* FEATURE:  Inline topic summary. Cached version accessible to everyone.

Anons and non-members of the `custom_summarization_allowed_groups_map` groups can see cached summaries for any accessible topic. After the first 12 hours and if the posts to summarize have changed, allowed users clicking on the button will automatically re-generate it.

* Ensure chat summaries work and prevent model hallucinations when there are no messages.
2023-07-12 11:21:51 -03:00
David Taylor 0b8fcb7c72
DEV: Update chat avatarUrl import to resolve deprecation (#22564) 2023-07-12 13:55:42 +01:00
chapoi ab67b2bda9
UX: more border-radius removal from chat (#22542) 2023-07-12 14:30:06 +02:00
chapoi 9576aab391
UX: z-index for for tippy box in chat (#22541) 2023-07-12 14:29:44 +02:00
David Taylor a68448d5cf
DEV: Automatically re-render widget when arguments change (#22548)
In the past, widget implementors would have to subclass the MountWidget component and wire up `didUpdateAttrs` or an observer to trigger a re-render. If that wasn't done, then it could lead to weird behaviors, especially now that page transitions in Discourse do not de-render/re-render components by default.

This commit updates MountWidget so that it re-renders whenever any input arguments change.
2023-07-12 10:22:42 +01:00
David Taylor fb9948c79c
DEV: Make capabilities available outside of application instance (#22516)
Browser capabilities are inherently unconnected to the lifecycle of our app. Making them formally available outside of the service means that they can safely be used in non-app-linked functions without needing risky hacks like `helperContext()` or `discourse-common/lib/get-owner`.

One example of where the old hacks were problematic is the `translateModKey()` utility function. This is called in the root of the `discourse/components/modal/keyboard-shortcuts-help` es6 module. If anything (e.g. a theme/plugin) caused that es6 module to be `require()`d before the application was booted, a fatal error would occur.

Following this commit, `translateModKey()` can safely import and access `capabilities` without needing to worry about the app lifecycle.

The only potential downside to this approach is that the capabilities data now persists across tests. If any tests need to 'stub' capabilities, they will need to revert their changes at the end of the test (e.g. by using Sinon to stub a property).

This commit also updates some legacy references from `capabilities:main` to `service:capabilities`.
2023-07-12 09:38:25 +01:00
David Taylor 2fde58def4
DEV: Move avatar-utils into dedicated discourse-common module (#22517)
These avatar-related helper functions are used in pretty-text, which currently means we load the entire `discourse/lib/utilities` module into the mini-racer when running pretty-text on the server side. This stops us adding any logic or imports to discourse/lib/utilities which may depend on other `discourse/` namespace features.

This commit moves the avatar-related utils into a dedicated module in the `discourse-common` namespace, adds backwards-compatibility shims, and updates the pretty-text config accordingly.
2023-07-12 09:06:16 +01:00
Joffrey JAFFEUX aca0bf69ef
WIP: threads list pagination (#22502)
This implementation will need more work in the future. For simplification of tracking and other events (new thread, delete/restore OM...) we used the threads from `threadsManager` which makes pagination more complicated as we already have some results when we start.

Note this commit also simplify `Collection` to only have one `load` method which can be called repeatedly.
2023-07-12 09:38:44 +02:00
liushuyu 8e63244e72
DEV: allow using CDN URL for all s3 uploads (#20755)
This adds an option to allow non-image s3 files to be downloaded through CDN URL.

Addresses the issues in:

* meta.discourse.org/t/s3-cdn-url-not-being-used-on-non-image-uploads/175332
* meta.discourse.org/t/s3-uploads-using-cdn-for-pdfs/213218
2023-07-12 12:06:49 +08:00
Ted Johansson ad78d28b66
DEV: Remove deprecated target_usernames param from PostsController#create (#22561)
The parameter target_usernames was replaced by target_recipients a while back, and was marked for removal in 2.9.0. This change removes it.
2023-07-12 11:31:24 +08:00
Alan Guo Xiang Tan 0106c9b4ca
DEV: Fix flaky chat navigation specs on CI (#22560)
Why this change?

The specs are flaky on CI and we've unable to figure out why so we've
decided to skip them only on CI for now. The tests are still ran in our
internal build so we still have some protection in place.
2023-07-12 09:16:35 +08:00
dependabot[bot] df579ab708
Build(deps-dev): Bump patch-package from 7.0.0 to 7.0.1 in /app/assets/javascripts (#22557)
Bumps [patch-package](https://github.com/ds300/patch-package) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/ds300/patch-package/releases)
- [Changelog](https://github.com/ds300/patch-package/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ds300/patch-package/commits)

---
updated-dependencies:
- dependency-name: patch-package
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-12 07:40:02 +08:00
dependabot[bot] d477f8aaad
Build(deps-dev): Bump terser from 5.18.2 to 5.19.0 in /app/assets/javascripts (#22558)
Bumps [terser](https://github.com/terser/terser) from 5.18.2 to 5.19.0.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.18.2...v5.19.0)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-12 07:37:34 +08:00
dependabot[bot] 409437c6d3
Build(deps): Bump public_suffix from 5.0.1 to 5.0.3 (#22554)
Bumps [public_suffix](https://github.com/weppos/publicsuffix-ruby) from 5.0.1 to 5.0.3.
- [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-ruby/compare/v5.0.1...v5.0.3)

---
updated-dependencies:
- dependency-name: public_suffix
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-12 07:37:03 +08:00
Martin Brennan 0f9e4da4ef
FIX: Chat thread race condition issues (#22533)
Trying to fix two issues:

1. Sometimes the publish_new! event for update_thread_original_message
   finishes running on the UI before the one for thread_created, in this
   case we just want to do nothing because thread_created will fetch the
   new thread along with its preview from the server if needed
2. Sometimes the thread GET and /read events were erroring because
   last_reply on the thread was nil, this was potentially occuring because
   the thread_created event was coming through to the UI before the rest
   of MessageCreator was done, so we just move that after the big update
   to set thread_id for the new and existing messages in the reply
   chain
2023-07-12 09:15:16 +10:00
Blake Erickson 78b009aafe
Version bump to v3.1.0.beta6 (#22555) 2023-07-11 16:25:44 -06:00
Blake Erickson 52b003d915
SECURITY: limit amount of links in custom sidebar section (#22543)
Custom sidebar section can have maximum of 50 links

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
2023-07-11 15:25:01 -06:00
Blake Erickson eed7d86601
SECURITY: Don't reuse CSP nonce between requests (#22544)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-07-11 15:24:36 -06:00
Blake Erickson 0718289574
SECURITY: ensure topic is valid before updating category (#22545)
Co-authored-by: David Battersby <info@davidbattersby.com>
2023-07-11 15:24:13 -06:00
Godfrey Chan cfa2f1fea8
DEV: Refactor deprecation silencer (#22526)
- Unify the silencing methods, use a WeakMap to remember the seen objects
- Export a proper plugin and use the absolute path in the config, instead
  of the proprietary config from `broccoli-babel-transpiler`

The latter causes problems in Embroider which doesn't use the broccoli
based babel pipeline.
2023-07-11 17:01:51 +01:00
Bianca Nenciu bdb9ee8507
UX: Improve user tips (#22518)
- Add an icon to the bootstrap user tip to draw attention
- Remove the second "don't show user tip" button from every user tip
2023-07-11 18:22:40 +03:00
David Taylor 5a30583174
DEV: Add backwards-compatibility following i18n export change (#22540)
Some themes were doing `require("i18n").t()`, which was never recommended, but did work prior to f8483295. This commit restores that functionality with a deprecation notice.
2023-07-11 16:15:30 +01:00
Jordan Vidrine b45df10056
CSS: Add background color to signin header (#22539) 2023-07-11 10:04:55 -05:00
chapoi 83352e93ff
UX: double scroll fix for keyboard shortcuts modal (#22535) 2023-07-11 16:30:53 +02:00
Discourse Translator Bot 3d231de12a
Update translations (#22537) 2023-07-11 16:20:52 +02:00
Selase Krakani 69e0c23f41
FIX: Conditionally hide `Add Alternate Email` button based on site setting (#22525)
Hide button in UI if `max_allowed_secondary_emails` site setting is 0.
2023-07-11 12:17:40 +00:00
dependabot[bot] 3136f6766b
Build(deps): Bump semver from 5.7.1 to 5.7.2 in /app/assets/javascripts (#22530)
Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 13:49:27 +08:00
Alan Guo Xiang Tan 91588cf938
DEV: Improve composer-messages implementation for PMs (#22529)
What does this commit do??

This commit introduces two changes:

1. As a follow up review comment to
   cc463c3e9b, we remove the top level
recipientNames cache in composer message to be a property of the
`ComposerMessage` component instead. Across components, we're more
likely to get a cache miss than a hit since we're caching the entire
recipient array so we can just drop it. If we really need this
optimisation, we should probably use a map and cache the information for
each user instead. However, the request is fairly cheap so we avoid that
optimisation for now.

2. This commit adds a debounce to `_typeReply` as well since we were not
   debouncing and the method was being called each time we received the
event.
2023-07-11 10:49:27 +08:00
Alan Guo Xiang Tan 433cb7092d
DEV: Use documentation format for core specs on CI (#22531)
The documentation format makes it easier to link a failing test to the
process it was launched in.
2023-07-11 10:12:51 +08:00
Alan Guo Xiang Tan ab053ac669
UX: Remove section heading for community section (#22405)
Why is this change being made?

We've decided that the previous "community" section should look more
like a primary section that holds the most important navigation links
for the site and the word "community" doesn't quite fit that
description. Therefore, we've made the decision to drop the
section heading for the community section. 

As part of removing the section heading, the following changes are made
as well:

1. Button to customize the section has been moved to the "footer" of the
   "More..." section when `navigation_menu` site setting is set to `sidebar`. 
   When `navigation_menu` is set to `header dropdown`, a button to customize 
   the section is shown inline.

2. The section will no longer be collapsable.

3. The title of the section is no longer customisable as it is no longer
   displayed. As a technical note, we have not dropped any previous
   customisations of the section's title previously in case we have to
   bring back the header in the future.

4. The new topic button that was previously present in the header has
   been removed alongside the header. Admins can add a custom section
   link to the `/new-topic` route if there would like to make it easier for
   users to create a new topic in the sidebar.
2023-07-11 09:40:37 +08:00
dependabot[bot] 41c3b42412
Build(deps): Bump semver from 6.3.0 to 6.3.1 (#22527)
Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 09:39:53 +08:00
Alan Guo Xiang Tan cc463c3e9b
DEV: Fix flaky QUnit tests (#22528)
Why this change?

QUnit tests that involves composer messages for user not seen was flaky
because we were caching the recipient names but not clearing them after
the component has been destroyed.

See
https://github.com/discourse/discourse/actions/runs/5513506446/jobs/10051731946
as an example of failure.
2023-07-11 09:15:09 +08:00
Godfrey Chan 3140a4b2ce
DEV: invert pretty-text build logic (#22524)
Generally follows the same pattern as #22520

There are some changes here, notably it uses the addon's babel
settings rather than the app's, and it goes through the same
treatment as the rest of the addon code (which may include more
than just babel).

However, this probably brings us closer to the normal expectations
you have around developing addon code, and in any case, does not
seem to have any effect on the final output:

```
$ diff dist/assets/markdown-it-bundle.js /tmp/dist-before/assets/markdown-it-bundle.js
```
2023-07-10 23:11:49 +01:00
Kris 7d5db385d6
DEV: Remove header floats and clearfixes (#22523) 2023-07-10 17:57:20 -04:00
Sérgio Saquetim 657c1023fd
FIX: Default parameter recipients to create new message via params must be a string (#22455)
* FIX: Default parameter recipients to create new message via params must be a string

The default parameter recipients was defined as an empty array in:
- route:application#createNewMessageViaParams
- mixin:open-composer#openComposerWithMessageParams

However, in model:composer, targetRecipient is handled as a string as can be
verified due to the existence of the #targetRecipientsArray computed property.

Using the default parameter defined as an array was causing issues with
the `discourse-bcc` plugin when opening the composer using the route
/new-message.

* DEV: Added tests for the composer messages for private messages

* Fix test naming

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>

---------

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2023-07-10 18:33:58 -03:00
Godfrey Chan 3d7cca5911
DEV: invert admin/wizard build logic (#22520)
Currently, the admin/wizard build relies on the addon build getting
triggered first, so that its `treeForAddon()` hook will be called,
and then it can stash the result on the app's options, which is
super fragile. In Embroider the timing works differently so the
trees end up being `undefined`.

This inverts the logic so that it will be discourse core's build
calling these hooks at a specific timing and return the result
rather than coordinating through the options bag.

```
$ diff dist/assets/admin.js dist-after/assets/admin.js
$ diff dist/assets/wizard.js dist-after/assets/wizard.js
```
2023-07-10 22:07:21 +01:00
Godfrey Chan f84832957d
DEV: use explicit default export in I18n shim (#22519)
Currently the I18n module shim return an object. Per AMD/loader.js,
the properties on the object becomes named exports of the module,
i.e. `import { t } from 'I18n';`.

However, this is not how we actually consume this module. We always
do `import I18n from 'I18n';`.

The returned object from the shim (`window.I18n`) does NOT have a
`default` property on it. This is only working because loader.js
has a `makeDefaultExport` feature that defaults to true, which we
are relying on to synthesize the default export for us.

That feature has been noted as undesirable and may some day be
deprecated. In Embroider, it specifically disables the feature in
loader.js.

https://github.com/embroider-build/embroider/issues/539
2023-07-10 22:06:18 +01:00
Isaac Janzen 049c4b606a
FIX: Update remaining backup code count after creation (#22475) 2023-07-10 13:37:14 -05:00
Bianca Nenciu 0b16fc8172
FEATURE: Show tooltip for bootstrap mode (#22257)
Improve user tips UX and make them smoother.
2023-07-10 20:42:09 +03:00
chapoi 8c74bb6573
UX: lower border radius for channel cards (#22513) 2023-07-10 19:07:01 +02:00