Commit Graph

158 Commits

Author SHA1 Message Date
David Taylor 4e010382cc REFACTOR: Initialize auth providers after `plugin.activate!`
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor 052bf37578 FIX: Use `Discourse.deprecate` instead of `Rails.logger.warn`
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Bianca Nenciu d408073fc2 DEV: Update official plugins list
canned replies is now named discourse-canned-replies which keeps our naming consistent
2018-10-15 13:53:21 +11:00
Joshua Rosenfeld aba4dec27f
Update official plugin list
* Remove duplicate entry
* Add missing plugins
* Update list for new names
2018-10-12 10:12:31 -04:00
Guo Xiang Tan 1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Rishabh Nambiar 943f017a17 Mark discourse-perspective-api as an official plugin 2018-10-04 14:34:22 +05:30
Joshua Rosenfeld afaa722c32
sort official plugin list, remove duplicate entry
`discourse-sitemap` was listed twice, sorted list to help avoid duplication
2018-09-09 13:41:26 -04:00
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Dax74 5f51ef27e7
Added sitemap plugin in the official list 2018-08-29 10:58:26 +02:00
Sam 47e6b8b318 discourse etiquette is an official plugin 2018-08-27 10:03:49 +10:00
Sam 8fa5dd4a1f FEATURE: discourse-checklist is now an official plugin 2018-08-21 10:44:40 +10:00
Robin Ward 5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam 4b000f5d12 FIX: do not use `lib` for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Jeff Wong 059862ed46 Mark discord auth plugin official 2018-08-01 09:33:14 -07:00
David Taylor 8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor 467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor 88241f57a3
FEATURE: allow auth plugins to have a site setting for full screen login 2018-07-26 11:11:16 +01:00
Nick Shearer def2c977ce allow auth plugins to have a site setting for if they should be full screen vs popup window 2018-07-25 19:20:11 -05:00
David Taylor 0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joshua Rosenfeld 212f518cd1
Add invite tokens to official plugins list 2018-06-30 17:24:45 -04:00
Robin Ward 6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX 24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Blake Erickson 9963078dd1 Add to offical plugins list 2018-06-18 10:20:49 -06:00
Robin Ward e5c156b226 Add `characters-required` to official plugins list 2018-06-18 10:30:46 -04:00
Régis Hanol 4d75535f9e Revert "Revert "Revert "Add discourse-group-tracker to official plugin list."""
This reverts commit d1dc8e4226.
2018-06-11 15:52:20 +02:00
Régis Hanol d1dc8e4226 Revert "Revert "Add discourse-group-tracker to official plugin list.""
This reverts commit 1a00aaa825.
2018-06-11 14:30:16 +02:00
Guo Xiang Tan 1a00aaa825 Revert "Add discourse-group-tracker to official plugin list."
This reverts commit e262cb07d4.
2018-06-08 10:51:16 +08:00
Guo Xiang Tan e262cb07d4 Add discourse-group-tracker to official plugin list. 2018-06-08 09:55:26 +08:00
Dax74 5bd38e3a29
Add Github Linkback plugin 2018-05-31 01:02:35 +02:00
Joshua Rosenfeld 4ad924bcf5
Add discourse-policy as official plugin 2018-05-29 16:57:05 -04:00
jomaxro be01491c04 Revert "Correct BBCode plugin name"
This reverts commit 10dfdd7d2a.
2018-05-19 20:03:49 -04:00
Joshua Rosenfeld 10dfdd7d2a
Correct BBCode plugin name 2018-05-19 19:53:39 -04:00
Guo Xiang Tan c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan 8cf0f51eb2 UX: Display site settings shortcut for `poll` and `discourse-nginx-performance-report`.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Sam c81854ad14 FEATURE: Rename discourse-cronos to discourse-local-dates 2018-05-04 16:11:50 +10:00
Joffrey JAFFEUX 78435833a5
FEATURE: discourse-cronos is now a core plugin 2018-05-03 20:15:57 +02:00
Robin Ward 93b40d5e59 Don't use `puts` here since it happens in tests 2018-04-30 12:26:43 -04:00
Neil Lalonde e52d914c08 add discourse-user-card-badges to official plugins 2018-04-26 15:28:06 -04:00
Sam 98d142b1c1 also causes test failure, removing 2018-04-26 13:48:44 +10:00
Sam 0a82d739f9 unofficialize plugin 2018-04-26 13:23:14 +10:00
Sam 4ded5e18e6 add more official plugins 2018-04-26 12:33:07 +10:00
Gerhard Schlager afe1a2793d Mark discourse-signatures plugin as official 2018-04-25 11:58:39 +02:00
Guo Xiang Tan 0e38481d6d Add docker_manager to official plugin list. 2018-04-25 13:02:50 +08:00