Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
31,765 Commits 214 Branches 500 Tags 863 MiB
Commit Graph

461 Commits

Author SHA1 Message Date
Vinoth Kannan e7e4074856 FIX: raises an error if q param is empty in search page 2018-12-20 21:43:14 +05:30
Maja Komel 2fcbbead45 FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 10:22:10 +01:00
Neil Lalonde 6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Rishabh c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Vinoth Kannan a313b01148 DEV: raise error if search term length is less than required 2018-12-18 20:06:59 +05:30
Vinoth Kannan 341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Bianca Nenciu 1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Guo Xiang Tan e9ea0102a5 FIX: Consistency about our response for invalid user id in `Admin::UsersController`. 2018-12-15 08:01:35 +08:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Maja Komel dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
David Taylor 0f734e2ae2 FIX: Return authenticated=true when reconnecting 
This prevents a registration popup on the client
 2018-12-11 17:40:02 +00:00
Gerhard Schlager 688755baf2 DEV: Improve specs and handle invalid email token 
Follow-up to 7977b09025
 2018-12-11 18:04:10 +01:00
David Taylor c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754) 
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.

Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
 2018-12-11 13:19:00 +00:00
Gerhard Schlager 7977b09025 FEATURE: Activate users invited via email when invite is redeemed 
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
 2018-12-11 00:09:53 +01:00
David Taylor 160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739) 
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
 2018-12-07 15:39:06 +00:00
Saurabh Patel 9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
David Taylor f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
Bianca Nenciu b585f7f336 DEV: Apply code review. 2018-12-05 21:56:18 +01:00
Bianca Nenciu 1a4f592749 FIX: Always allow admins upload selectable avatars. 2018-12-05 21:55:23 +01:00
Guo Xiang Tan 978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
David Taylor 9248ad1905 DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Sam f555582eb2 DEV: add extra diagnostics for intermittent test fail 2018-12-03 11:46:31 +11:00
Sam c6adf7f032 DEV: correct heisentest 
After you visit a page in Rails an INFO is logged, this depending on
timing could land in the string or not

This changes the level to WARN which avoids the issue
 2018-11-30 15:03:41 +11:00
Arpit Jalan 40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Maja Komel 4a8f21d387 FIX: prevent minimum_required_tags on category being set to null (#6703) 
* FIX: prevent minimum_required_tags on category being set to null

* add migration for NOT_NULL constraint for minimum_required_tags

* add specs
 2018-11-29 18:10:14 +01:00
Saurabh Patel 55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Gerhard Schlager e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Arpit Jalan 654d7996ae FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673) 
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
 2018-11-26 16:49:57 -05:00
Arpit Jalan 0ee822c550 remove unneeded variable assignment 2018-11-25 23:36:34 +05:30
Arpit Jalan b5bf182ad5 FIX: validate topic deletion when acting on a flag 2018-11-25 23:24:03 +05:30
David Taylor a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods (#6660) 2018-11-23 17:41:41 +00:00
Bianca Nenciu c38f7b240b DEV: Fix build. 2018-11-23 17:34:50 +02:00
David Taylor f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' (#6649) 2018-11-22 19:12:04 +00:00
Kyle Zhao 8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Arpit Jalan 10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
Sam 20268385a5 FIX: never attempt to log invalid post numbers 
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
 2018-11-21 11:58:47 +11:00
Kyle Zhao 055d59373a
CSP: drop 'self' in `script-src` (#6611) 2018-11-15 12:14:16 -05:00
Sam 8e55e61a2e Correct spec 2018-11-15 15:42:16 +11:00
Sam e7001f879a SECURITY: enforce hostname to match discourse hostname 
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
 2018-11-15 15:23:06 +11:00
Sam 6556a87629 FIX: only check for conflict on edit drafts 
In some unknown cases non edit drafts are being checked for conflict
 2018-11-15 13:14:07 +11:00
Leo McArdle 7bc121a065 allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
Régis Hanol c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
David Taylor d003ae45f9 DEV: Correct typo in users_controller_spec 2018-11-14 14:30:44 +00:00
Bianca Nenciu 34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor 17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Robin Ward 467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Guo Xiang Tan d5df1db3c4 DEV: Improve tests to provide better errors when it fails. 2018-11-13 16:48:04 +08:00
Sam 80ceb57c76 DEV: add API endpoint to destroy_timings only of last post 
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
 2018-11-13 16:07:48 +11:00
Kyle Zhao 3493ea85cc remove Logster from CSP whitelist (#6593) 
Logster 1.3 no longer has inline JS and is now CSP compliant
 2018-11-13 09:55:57 +11:00
David Taylor d89ffbeffd
FEATURE: Add button to delete unused tags (#6587) 
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
 2018-11-12 16:24:34 +00:00
Joffrey JAFFEUX 9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Gerhard Schlager 7c4d4331bc FEATURE: Better handling of quotation marks in site text search 
It also matches 3 dots with the ellipsis symbol.
 2018-11-12 13:26:41 +01:00
Sam 64d9be726f the protection I placed was in the wrong path moved to /session/sso 
correct previous commit
 2018-11-09 17:18:01 +11:00
Sam 3ae4fcd1f7 Improve redirect avoidance for /sso paths 
e6b3310577 was missing an ege case
where return url included current_hostname
 2018-11-09 17:03:58 +11:00
Sam e6b3310577 FIX: never redirect back to `/sso` it will cause a loop 
If for any reason our return url is set to `/sso` bypass using it
for login redirect
 2018-11-09 14:27:36 +11:00
Sam 15991677d4 FIX: ensure we never cache login redirects by mistake 2018-11-09 11:14:35 +11:00
Sam d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes 
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
 2018-11-02 16:39:47 +11:00
Robin Ward ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored 
Display the percentage when reviewing flags.
 2018-11-01 09:59:50 -04:00
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam aa044623bd FIX: do not create superflous sessions when logged on 
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
 2018-11-01 12:54:01 +11:00
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Blake Erickson 589e3fcaa0 FIX: return 400 for missing required params (#6546) 
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
 2018-10-31 13:02:48 +11:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482) 
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
 2018-10-30 22:08:57 +00:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX 8e274f7296 UX: bumps the user-api-key version to 3 (#6526) 
* UX: bumps the user-api-key version to 3

* fix spec
 2018-10-25 09:46:34 +00:00
Régis Hanol addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514) 
do not register new MIME type, parse raw body instead
 2018-10-22 13:22:23 -04:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
David Taylor 3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)" 
This reverts commit fb8231077a.
 2018-10-19 11:53:29 -04:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor 7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512) 
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
 2018-10-19 13:44:43 +01:00
Blake Erickson f1ba981ae9 Improve add user to group spec for uppercase usernames 
Oops forgot to check for this. See previous commit for more details.
 2018-10-18 13:32:36 -06:00
Blake Erickson 93485facaf FIX: lowercase username for add/rem group members 
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
 2018-10-18 13:17:24 -06:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Arpit Jalan 42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider 
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
 2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447) 
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
 2018-10-15 15:55:23 +11:00
Guo Xiang Tan aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3. 
This reverts commit 3c59106bac.
 2018-10-15 09:43:31 +08:00
Sam a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu 048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472) 
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
 2018-10-12 10:40:48 +11:00
Blake Erickson 13b3cead06 FEATURE: Allow bulk removing users from a group 
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
 2018-10-11 15:30:54 -06:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3." 
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
 2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile 
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
 2018-10-10 17:34:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335) 
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
 2018-10-09 22:21:41 +08:00
Gerhard Schlager 2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Joffrey JAFFEUX 22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Sam 5b630f3188 FIX: stop logging every time invalid params are sent 
Previously we were logging warning for invalid encoded params, this can
cause a log flood
 2018-10-05 14:33:19 +10:00
Vinoth Kannan ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
Kyle Zhao 819f090d6a move large blobs out of `<head>` (#6428) 
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
 2018-09-28 17:28:33 +08:00
Kyle Zhao 4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417) 
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
 2018-09-19 22:33:10 -07:00