Commit Graph

6495 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan 63b7f7c85c
UX: `More...` -> `More` in Sidebar (#18482)
We already have an icon so `...` is redundant
2022-10-05 12:50:30 +08:00
Bianca Nenciu cf646b2061
FIX: Count resulting bulk invites correctly (#18461)
Skipped invites were not counted at all and some invites could generate
more than one error and resulted in a grand total that was not equal to
the count of bulk invites.
2022-10-04 18:41:06 +03:00
Alan Guo Xiang Tan de071fc1e8
DEV: Convert messages user page nav to experimental redesign (#18456)
No tests are written for now as we're still in a highly iterative stage
2022-10-04 12:05:09 +08:00
Bianca Nenciu 35a90b6a3f
FIX: Add better and more strict invite validators (#18399)
* FIX: Add validator for email xor domain

* FIX: Add validator for max_redemptions_allowed

* FIX: Add validator for redemption_count
2022-09-30 13:35:00 +03:00
Bianca Nenciu f60e6837c6
FEATURE: Add setting to always confirm old email (#18417)
By default, only staff members have to confirm their old email when
changing it. This commit adds a site setting that when enabled will
always ask the user to confirm old email.
2022-09-30 00:49:17 +03:00
Martin Brennan 8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Alan Guo Xiang Tan 4b561277a9
FEATURE: Add review link to community section for logged in user (#18374)
When there are pending reviewables, the review section link is displayed
in the main section. When there are no pending reviewables, the review
section link is displayed under the more links drawer.

Internal ref: /t/74210
2022-09-28 09:58:07 +08:00
Discourse Translator Bot 5dea425ee9
Update translations (#18381) 2022-09-27 19:07:56 +02:00
Arpit Jalan 2ee721f8aa
FEATURE: add composer warning when user haven't been seen in a long time (#18340)
* FEATURE: add composer warning when user haven't been seen in a long time

When a user creates a PM and adds a recipient that hasn't been seen in a
long time then we'll now show a warning in composer indicating that the
user hasn't been seen in a long time.
2022-09-27 22:06:40 +05:30
Penar Musaraj 250c0bccbd
A11Y: Add aria label to composer messages `Esc` button (#18372) 2022-09-27 08:52:09 -04:00
Daniel Waterworth 69d74ae508
DEV: Differentiate staff-writes-only banner (#18364) 2022-09-26 13:16:29 -05:00
Andrei Prigorshnev 4c4cc20c61
FEATURE: make user status a public experimental feature (#18352) 2022-09-26 17:44:31 +04:00
Pixlz a142460f35
FIX: Incorrect casing for CTA (#18350) 2022-09-26 14:33:04 +08:00
Martin Brennan e62e93f83a
FEATURE: Introduce personal_message_enabled_groups setting (#18042)
This will replace `enable_personal_messages` and
`min_trust_to_send_messages`, this commit introduces
the setting `personal_message_enabled_groups`
and uses it in all places that `enable_personal_messages`
and `min_trust_to_send_messages` currently apply.

A migration is included to set `personal_message_enabled_groups`
based on the following rules:

* If `enable_personal_messages` was false, then set
  `personal_message_enabled_groups` to `3`, which is
  the staff auto group
* If `min_trust_to_send_messages` is not default (1)
  and the above condition is false, then set the
  `personal_message_enabled_groups` setting to
  the appropriate auto group based on the trust level
* Otherwise just set `personal_message_enabled_groups` to
  11 which is the TL1 auto group

After follow-up PRs to plugins using these old settings, we will be
able to drop the old settings from core, in the meantime I've added
 DEPRECATED notices to their descriptions and added them
to the deprecated site settings list.

This commit also introduces a `_map` shortcut method definition
for all `group_list` site settings, e.g. `SiteSetting.personal_message_enabled_groups`
also has `SiteSetting.personal_message_enabled_groups_map` available,
which automatically splits the setting by `|` and converts it into
an array of integers.
2022-09-26 13:58:40 +10:00
Vinoth Kannan 998bd191a5
FEATURE: site setting to disable usernames in share links. (#18315)
https://meta.discourse.org/t/share-a-link-for-a-post-should-not-leak-username/66489/22?u=vinothkannans
2022-09-22 23:12:39 +05:30
Alan Guo Xiang Tan b066955838
DEV: Mobile layout support for experimental user nav (#18308) 2022-09-22 09:45:50 +08:00
Alan Guo Xiang Tan c73ca74585
DEV: Make enable_new_user_profile_nav_groups site setting unhidden (#18307)
This improves the usability of the feature flag. Previously, the only
way was to add the right environment variable.
2022-09-21 13:23:51 +08:00
Alan Guo Xiang Tan 1413de2809
UX: Add short site description for anonymous user in sidebar (#18084)
Displays the `short_site_description` site setting in the community
section when the site setting is set
2022-09-21 11:38:29 +08:00
Osama Sayegh 3d2de7ca03
FIX: Add missing string for reviewables in user menu when reviewable post is deleted (#18295) 2022-09-21 09:05:08 +10:00
Osama Sayegh 496f910f03
DEV: Various A11Y improvements for the new user menu (#18288)
This commit includes various accessibility improvements for the new user menu:

* Add `title` attributes to the user menu tabs
* Properly label lists (by adding `aria-labelledby` to `<ul>` elements) for screen readers
* Change the user menu structure so that the tabs come before the content panel in the DOM, but use CSS to reverse them visually.
  Normally, changing the order of elements via CSS is bad for accessibility, but I believe this is one of the rare scenarios where it [makes sense](https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Flexible_Box_Layout/Ordering_Flex_Items#use_cases_for_order). Prior to this change, if you want to reach the first notification item after you select a tab using the keyboard, you have to hit <kbd>ctrl</kbd>+<kbd>tab</kbd> because the notifications list is before the tabs list. However, with this change, <kbd>tab</kbd> will move you to the first item in the list after you select a tab using your keyboard.
* Aria-hide the unread notifications badge/count on the tabs because the `title` attribute on the tab indicates the unread count.
* Add some tests.
2022-09-20 19:31:56 +03:00
Discourse Translator Bot 59071a13f4
Update translations (#18287) 2022-09-20 16:03:15 +02:00
Osama Sayegh 0414bd00ae
DEV: Tone down copy in experimental user menu for pending users (#18277)
The experimental user menu has a tab that displays recent reviewables and at the moment when a new signs up for the site and they need to be approved, admins see a very scary "suspicious user" copy in the reviewables tab in the user menu. We don't need the copy to be very scary because when a user needs to be approved, it's because the site operator has configured the site to force all new users to go through the review queue and it's not some kind of spam detector flagging the user.
2022-09-19 19:32:34 +03:00
Alan Guo Xiang Tan 754ad42344
UX: Use the same text for linking to more categories and tags in sidebar (#18275)
Before this change, anonymous user and a logged in user used different
text for the links to the categories and tags routes.

Follow-up to 321aa4b4b4
2022-09-19 12:01:08 +08:00
David Taylor 3679c081a9
Improve Safari 13 warning copy (#18269) 2022-09-16 14:21:54 +01:00
David Taylor 3904c23121
Introduce warning message for Safari 13 and below (#18258)
Discourse will be dropping support for these browsers in early 2023. https://meta.discourse.org/t/224747
2022-09-16 11:17:49 +01:00
Penar Musaraj 86ecb6c58b
DEV: update yes/no confirmation dialogs (#18181) 2022-09-14 11:06:56 -04:00
Discourse Translator Bot d00cd3295e
Update translations (#18183) 2022-09-13 16:04:18 +02:00
Kris 321aa4b4b4
UX: sidebar more link for categories & tags (#18199) 2022-09-12 13:25:25 -04:00
Penar Musaraj 7547878cde
FIX: Regression with admin user delete dialog buttons (#18179)
This also adds a test to prevent regressions and refactors the very similar delete dialog in the user summary screen.
2022-09-05 09:31:17 +02:00
Bianca Nenciu 19ed9dd183
FIX: Keep private theme key secret from user (#18106)
The generate RSA key and import theme routes worked separate from each
other. The RSA key returned both the public and private key and it was
the frontend which posted the private key back to the server. With this
commit, only the public key is necessary as the server keeps a map of
public and private keys that is used to get the private key back from
a public key.
2022-09-01 13:15:23 +03:00
Discourse Translator Bot 1ed4442c10
Update translations (#18134) 2022-08-30 20:17:57 +02:00
Blake Erickson eba8b8d34d
FEATURE: Replace Lounge with General Category (#18097)
- Seed the General category so that the general chat channel will have
  a home
- Do not seed the Lounge category anymore
- Move the "Welcome to Site" topic to the General category
2022-08-29 13:05:41 -06:00
Penar Musaraj 4116bce902
DEV: Add A11Y-friendly dialog addon (#18028)
This adds a new framework for accessible dialogs that will eventually replace bootbox. Under the hood, it uses the a11y-dialog package and an in-repo Ember addon. See PR for usage details.
2022-08-29 13:59:57 -04:00
Andrei Prigorshnev b6e0219a74
DEV: extract until date formatting in a library function (#18003) 2022-08-29 15:45:36 +04:00
Kris 000c4e1084
UX: fix styles for the wizard congrats step (#18105) 2022-08-26 12:29:40 -04:00
Discourse Translator Bot 62b87b2df9
Update translations (#18093) 2022-08-26 11:04:49 +02:00
Gerhard Schlager ec93bca99e
UX: Remove confusing fallback locale warning (#18096) 2022-08-26 01:22:04 +02:00
Alan Guo Xiang Tan 7f198bd975 DEV: Add dedicated translations for links in sidebar
We do not want to depend on existing translations which are used
elsewhere and can break the sidebar experience when changed.
2022-08-25 09:34:36 +08:00
Discourse Translator Bot d7ce2d40dd
Update translations (#18053) 2022-08-23 17:24:36 +02:00
Krzysztof Kotlarek caab916569
FEATURE: default sidebar categories and tags (#17939)
Ability to set up default sidebar categories and tags for authenticated users
2022-08-22 08:46:20 +10:00
Andrei Prigorshnev 21d5904d7c UX: fix typo in a blank page copy 2022-08-19 09:36:51 +08:00
Bianca Nenciu b082f459c9
FEATURE: Limit maximum recipients for group emails (#17971)
New maximum_recipients_per_new_group_email site setting can be used to
prevent spam group emails with many recipients.
2022-08-18 18:18:58 +03:00
Andrei Prigorshnev e49167b311
UX: Improve empty state copy on the activity/replies page (#17784) 2022-08-18 18:00:15 +04:00
Andrei Prigorshnev d7c1ff3116
UX: show blank page placeholder instead of the blue panel that says "No Activity" (#16293) 2022-08-18 17:24:52 +04:00
Alan Guo Xiang Tan 5990842dd9 UX: Revamp styling of sidebar
The following changes are made in this commit:

1. Move caret icon in sidebar section header to the right.
1. Each row in sidebar takes the full width which enables us to do a
full width highlight on hover and when sidebar link is active.
1. Ensure each row in Sidebar is of the same height.

Internal refs: /t/70546, /t/72196, /t/71820
2022-08-18 16:14:49 +08:00
Discourse Translator Bot 563036a862
Update translations (#17947) 2022-08-16 16:12:43 +02:00
David Taylor 3ffc213fa9
FEATURE: Add safe-mode toggle to `/u/admin-login` (#17930)
Previously, this would require manually adding `?safe_mode=...` multiple times during the email-based login flow. `/u/admin-login` is often used when debugging a site, so it makes sense for this to be easier.

This commit introduces a new checkbox on the `/u/admin-login` screen. When checked, it'll set the safe_mode parameter on the `/email-login` link, and then pass it all the way through to the homepage redirect.
2022-08-15 15:30:07 +01:00
David Taylor 64a66cf82b
UX: Improve safe-mode usability (#17929)
- `no_custom` -> `no_themes` (history: before themes existed, we had a similar tool called 'customizations')
- `only_official` -> `no_unofficial_plugins` (matches format of `no_themes` and `no_plugins`, and makes it clear that this doesn't affect themes)
- `?safe_mode=no_themes%2C%no_plugins` -> `?safe_mode=no_themes,no_plugins` (the query portion of a URL does not require commas to be encoded. This is much nicer to read)
- If `no_plugins` is chosen from `/safe-mode` the URL generated will omit the superfluous `no_unofficial_plugins` flag
- Some tweaks to copy on `/safe-mode`
2022-08-15 15:15:15 +01:00
Alan Guo Xiang Tan abd9f461ea
DEV: Make experimental sidebar site settings public (#17921)
This commits makes the `enable_experimental_sidebar_hamburger` and
`enable_sidebar` site settings public for site admins to enable. While
the site settings are public, do note that the features are still under
heavy development and are subjected to rapid changes
2022-08-15 14:29:55 +08:00
Joe c85921a548
FEATURE: Adds full screen composer submit button and prompt (#17839)
Context: https://meta.discourse.org/t/still-display-the-reply-create-topic-button-when-using-full-screen-composition/123597/6?u=johani

Right now, we don't show the submit buttons when you enter the full-screen composer. The reasons for that are described in the context link above.

This PR adds the improvements highlighted here: https://meta.discourse.org/t/still-display-the-reply-create-topic-button-when-using-full-screen-composition/123597/12?u=johani

Here's a list of the changes this PR introduces:

1. When you enter full-screen mode, we will now add a prompt that matches the browser fullscreen <kbd>F11</kbd> function. It looks like so

    <img width="500" src="https://user-images.githubusercontent.com/33972521/183529813-71a20167-a661-466c-b9ef-c4d34e231000.png">
    
    The prompt fades away after a couple of seconds.
    
2. This PR adds the submit buttons to the full-screen composer mode. The submit buttons should work like normal if the post has no errors. If the post has errors (title too short, body too short, required categories/tags), then the button will make the composer exit the full-screen mode so that users will see the errors and fix them. The error logic is based on what we currently have; this PR doesn't add any new validation. Here's a video of what that looks like:

    https://meta.discourse.org/t/-/127948/14?u=johani
2022-08-11 14:38:56 +08:00
Bianca Nenciu e029a9b36c
FEATURE: Allow private themes to be partially installed (#17644)
A public key must be added to GitHub when installing private themes.
When the process happens asynchronously (for example if the admin does
not have admin permissions to the GitHub repository), installing
private themes becomes very difficult.

In this case, the Discourse admin can partially install the theme by
letting Discourse save the private key, create a placeholder theme and
give the admin a public key to be used as a deploy key. After the key
is installed, the admin can finish theme installation by pressing a
button on the theme page.
2022-08-10 13:30:18 +03:00
Osama Sayegh 473695ee4d
DEV: Add messages tab to the new user menu (#17850)
Some of the changes in this PR are extracted from https://github.com/discourse/discourse/pull/17379.

Similar to the bookmarks tab in the new user menu, the messages tab also displays a mix of notifications and messages. When there are unread message notifications, the tab displays all of these notifications at the top and fills the remaining space in the menu with a list of the user's messages. The bubble/badge count on the messages tab indicates how many unread message notifications there are.
2022-08-10 08:25:39 +03:00
Discourse Translator Bot 5773260ca2
Update translations (#17849) 2022-08-09 20:39:59 -04:00
Arpit Jalan 10a1b6b0a9
FEATURE: update bootstrap mode notice to add invite and wizard links (#17822)
* FEATURE: update bootstrap mode notice to add invite and wizard links

* Updates per feedback on PR

* Fix the wizard link not showing

* Remove unneeded function

* Remove router service injection
2022-08-10 00:13:42 +05:30
Arpit Jalan d57bea4de3
FEATURE: add welcome topic cta banner (#17821) 2022-08-09 21:52:39 +05:30
Discourse Translator Bot 5138347e48
Update translations (#17845) 2022-08-09 16:58:34 +02:00
Osama Sayegh 4fdb275683
DEV: Add bookmarks tab to the new user menu (#17814)
Some of the changes in this commit are extracted from https://github.com/discourse/discourse/pull/17379.

The bookmarks tab in the new user menu is different from the other tabs in that it can display a mixture of notifications and bookmarks. When there are unread bookmark reminder notifications, the tab displays all of these notifications at the top and fills the remaining space in the menu with the rest of the bookmarks. The bubble/badge count on the bookmarks tab indicates how many unread bookmark reminder notifications there are.

On the technical aspect, since this commit introduces a new `bookmark-item` component, we've done some refactoring so that all 3 "item" components (`notification-item`, `reviewable-item` and the new `bookmark-item`) inherit from a base component and get identical HTML structure so they all look consistent.

Internal tickets: t70584 and t65045.
2022-08-08 17:24:04 +03:00
Blake Erickson d6641ee9b6
DEV: Improve wording about daily like limits (#17824)
https://meta.discourse.org/t/-/149489

Improving the wording about daily like limits because there might be
some confusion around the word “daily”. This feature is really
just a 24 hour sliding window and has no concept of days.
2022-08-08 12:47:28 +01:00
Andrei Prigorshnev 8f66d57b86
UX: Improve empty state copy on the activity/topics page (#17746) 2022-08-05 18:37:06 +04:00
Ghassan Maslamani 2d6bd30dd8
FEATURE: add image delete button in preview. (#17624)
This commit adds a delete button to the composer preview next to the image scale buttons.

Reference: https://meta.discourse.org/t/image-remover-button-to-composer-preview/233005
2022-08-04 16:33:23 -04:00
Martin Brennan d2ddb140dd
FEATURE: Show SMTP response on admin email sent list and rearrange columns (#17143)
Follow up to 4d3c1ceb44, this commit
shows the SMTP response in the admin email sent list and also moves the
topic/post link into a new column. Reply key is now in its own column.
2022-08-03 08:11:54 +10:00
Discourse Translator Bot f06e586c19
Update translations (#17756) 2022-08-02 16:54:12 +02:00
Selase Krakani 862007fb18
FEATURE: Add support for case-sensitive Watched Words (#17445)
* FEATURE: Add case-sensitivity flag to watched_words

Currently, all watched words are matched case-insensitively. This flag
allows a watched word to be flagged for case-sensitive matching.
To allow allow for backwards compatibility the flag is set to false by
default.

* FEATURE: Support case-sensitive creation of Watched Words via API

Extend admin creation and upload of Watched Words to support case
sensitive flag. This lays the ground work for supporting
case-insensitive matching of Watched Words.

Support for an extra column has also been introduced for the Watched
Words upload CSV file. The new column structure is as follows:

 word,replacement,case_sentive

* FEATURE: Enable case-sensitive matching of Watched Words

WordWatcher's word_matcher_regexp now returns a list of regular
expressions instead of one case-insensitive regular expression.

With the ability to flag a Watched Word as case-sensitive, an action
can have words of both sensitivities.This makes the use of the global
Regexp::IGNORECASE flag added to all words problematic.

To get around platform limitations around the use of subexpression level
switches/flags, a list of regular expressions is returned instead, one for each
case sensitivity.

Word matching has also been updated to use this list of regular expressions
instead of one.

* FEATURE: Use case-sensitive regular expressions for Watched Words

Update Watched Words regular expressions matching and processing to handle
the extra metadata which comes along with the introduction of
case-sensitive Watched Words.

This allows case-sensitive Watched Words to matched as such.

* DEV: Simplify type casting of case-sensitive flag from uploads

Use builtin semantics instead of a custom method for converting
string case flags in uploaded Watched Words to boolean.

* UX: Add case-sensitivity details to Admin Watched Words UI

Update Watched Word form to include a toggle for case-sensitivity.
This also adds support for, case-sensitive testing and matching of  Watched Word
in the admin UI.

* DEV: Code improvements from review feedback

 - Extract watched word regex creation out to a utility function
 - Make JS array presence check more explicit and readable

* DEV: Extract Watched Word regex creation to utility function

Clean-up work from review feedback. Reduce code duplication.

* DEV: Rename word_matcher_regexp to word_matcher_regexp_list

Since a list is returned now instead of a single regular expression,
change `word_matcher_regexp` to `word_matcher_regexp_list` to better communicate
this change.

* DEV:  Incorporate WordWatcher updates from upstream

Resolve conflicts and ensure apply_to_text does not remove non-word characters in matches
that aren't at the beginning of the line.
2022-08-02 10:06:03 +02:00
Alan Guo Xiang Tan f204538f7c
UX: Remove count from more section links (#17747)
Less is more...
2022-08-02 11:20:55 +08:00
Arpit Jalan cfd0a04965
FIX: wizard last step "corporate" was not saving changes (#17739) 2022-08-01 14:49:09 +05:30
Alan Guo Xiang Tan 9efeaf2ae3
UX: Reduce number of links displayed in Community by default (#17703)
Additional links are hidden by default and can be accessed via the
"more..." link.
2022-07-28 16:46:46 +08:00
Osama Sayegh 988a175e94
DEV: Add reviewables tab to the new user menu (#17630)
This commit is a subset of the changes proposed in https://github.com/discourse/discourse/pull/17379.
2022-07-28 11:16:33 +03:00
Blake Erickson 8b08b9a763
FIX: Rejected emails should not be cleaned up before their logs (#17648)
* FIX: Rejected emails should not be cleaned up before their logs

If we delete the rejected emails before we delete their associated logs
we will receive 404 errors trying to inspect an email message for that
log.

* don't add a blank line

* test for max value as well

* pr cleanup and add migration

* Fix failing test
2022-07-27 07:28:44 +01:00
Arpit Jalan 10f200a5d3
FEATURE: revamped wizard (#17477)
* FEATURE: revamped wizard

* UX: Wizard redesign (#17381)

* UX: Step 1-2

* swap out images

* UX: Finalize all steps

* UX: mobile

* UX: Fix test

* more test

* DEV: remove unneeded wizard components

* DEV: fix wizard tests

* DEV: update rails tests for new wizard

* Remove empty hbs files that were created because of rebase

* Fixes for rebase

* Fix wizard image link

* More rebase fixes

* Fix rails tests

* FIX: Update preview for new color schemes: (#17481)

* UX: make layout more responsive, update images

* fix typo

* DEV: move discourse logo svg to template only component

* DEV: formatting improvements

* Remove unneeded files

* Add tests for privacy step

* Fix banner image height for step "ready"

Co-authored-by: Jordan Vidrine <30537603+jordanvidrine@users.noreply.github.com>
Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2022-07-27 06:53:01 +05:30
Discourse Translator Bot 5894e7d30f
Update translations (#17664) 2022-07-26 19:40:53 +02:00
Jean 424a274c12
FEATURE: add categories page style to order topics by created date (#17500) 2022-07-25 09:41:43 -04:00
Joffrey JAFFEUX 43b8cfeae3
FIX: improves handling of filter with invalid tag chars (#17640)
Tags mixin is already filtering a lot of data from the user submitted filter in `createContentFromInput()` which can lead to sk receiving an empty filter while the input actually has a value.
2022-07-25 12:00:52 +02:00
Joe a6680fce03
UX: Updates sign up CTA copy (#17612)
Before:

<img width="500" src="https://user-images.githubusercontent.com/33972521/180416547-300203d3-b092-4cb6-b65e-720b6a004b47.png">

After

<img width="500" src="https://user-images.githubusercontent.com/33972521/180415992-9f610bf8-ca67-4c69-a9dc-1409c4cb7f3f.png">

Internal topic
/t/-/70417
2022-07-22 18:35:46 +08:00
Alan Guo Xiang Tan 49d4f7c066
FEATURE: Add users and groups links to community section in sidebar (#17609) 2022-07-22 16:00:06 +08:00
Alan Guo Xiang Tan a626b99a50
UX: Remove bookmarks link from community section (#17608)
Product decision to drop it from Sidebar at this moment.
2022-07-22 15:55:13 +08:00
Alan Guo Xiang Tan 4594ce2723
UX: Rename Sidebar 'Topics' section to 'Community' (#17605)
Product decision to rename as not all links under the section falls
under the topics umbrella
2022-07-22 15:20:01 +08:00
Alan Guo Xiang Tan 99073338de
FEATURE: Replace hamburger dropdown with Sidebar when undock (#17600)
When the experimental Sidebar is enabled, the hamburger drop down is replaced by a sidebar drop down. A user is given the ability to dock and undock the sidebar depending on their personal preference.

Do also note that the experimental sidebar is well, considered experimental at this point so I do not intend for the features here to be perfect. What I aim to do here is to ship the changes fast so that it can be used internally by the team to provide feedback. Custom links added by plugins and dark mode toggle has not been implemented as part of this commit as I aim to tackle it in another commit.

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2022-07-22 13:06:47 +08:00
Osama Sayegh 6b8d635943
DEV: Add implementations for various notification types for the new user menu (#17589)
This commit is a subset of the changes proposed in https://github.com/discourse/discourse/pull/17379.
2022-07-22 05:07:32 +03:00
Discourse Translator Bot c58a8b0fe6
Update translations (#17571) 2022-07-19 20:45:57 +02:00
Gerhard Schlager 6e2199cd58
FIX: Correctly pluralize sidebar strings (#17572) 2022-07-19 15:36:14 +02:00
Osama Sayegh fac04f3e73
DEV: Introduce a basic version of the new notifications menu behind a feature flag (#17492) 2022-07-19 10:35:02 +08:00
Bianca Nenciu 9e603e9374
COPY: Change "old" to "unsupported" browser (#17555)
The word choice was inaccurate because new browsers may still not work
well with Discourse because not all required browser features are
present.
2022-07-18 19:32:04 +03:00
Alan Guo Xiang Tan 737c0a7b9f
DEV: Allow sidebar section caret title to be translated (#17491) 2022-07-14 15:27:01 +08:00
Andrei Prigorshnev 43c0bbb6a4
FEATURE: show status in the tooltip on the status bubble on the user menu (#17451) 2022-07-13 16:02:59 +04:00
Discourse Translator Bot 0c269dfd18
Update translations (#17447) 2022-07-12 17:26:04 +02:00
Jordan Vidrine fec3df60cb
DEV: Add more color schemes (#17398) 2022-07-08 16:46:32 -05:00
Discourse Translator Bot ba77c98c5d
Update translations (#17338) 2022-07-06 09:15:02 +02:00
Andrei Prigorshnev c59f1729a6
FEATURE: auto remove user status after predefined period (#17236) 2022-07-05 19:12:22 +04:00
Alan Guo Xiang Tan 3266350e80
FEATURE: Decouple category/tag presence in sidebar from notifi level (#17273) 2022-06-30 14:54:20 +08:00
Krzysztof Kotlarek 09932738e5
FEATURE: whispers available for groups (#17170)
Before, whispers were only available for staff members.

Config has been changed to allow to configure privileged groups with access to whispers. Post migration was added to move from the old setting into the new one.

I considered having a boolean column `whisperer` on user model similar to `admin/moderator` for performance reason. Finally, I decided to keep looking for groups as queries are only done for current user and didn't notice any N+1 queries.
2022-06-30 10:18:12 +10:00
Discourse Translator Bot c6b3d3e4b4
Update translations (#17267) 2022-06-28 20:52:09 +02:00
Natalie Tay ff77ad7ac0
UX: Change copy for user-selector placeholder (#17260) 2022-06-28 19:01:16 +08:00
Rafael dos Santos Silva f56c44d1c7
FEATURE: Validate tags in WatchedWords (#17254)
* FEATURE: Validate tags in WatchedWords

We didn't validate watched words automatic tagging, so it was possible
for an admin to created watched words with an empty tag list which would
result in an exception when users tried to create a new topic that
matched the misconfigured watched word.

Bug report: https://meta.discourse.org/t/lib-topic-creator-fails-when-the-word-math-appears-in-the-topic-title-or-text/231018?u=falco
2022-06-27 16:16:33 -03:00
Alan Guo Xiang Tan 0b8e6adabe
FEATURE: New/unread messages count in experimental sidebar (#17117)
* FEATURE: Expand messages filter links when viewing private messages.

* FEATURE: New/unread messages count in experimental sidebar
2022-06-22 11:01:37 +08:00
Joe e82a2ce9ae
UX: Introduces a splash screen behind a hidden site setting (#17094)
This PR introduces a new hidden site setting that allows admins to display a splash screen while site assets load.

The splash screen can be enabled via the `splash_screen` hidden site setting.

This is what the splash screen currently looks like

5ceb72f085.mp4

Once site assets load, the splash screen is automatically removed.

To control the loading text that shows in the splash screen, you can change the preloader_text translation string in admin > customize > text
2022-06-22 04:35:46 +08:00
Discourse Translator Bot 46622be72b
Update translations (#17177) 2022-06-21 15:46:34 +02:00
Régis Hanol 1ad1979e50
FIX: link to "recently used devices" in suspicious_login email notification (#17164)
The link used to point to `/my/preferences/account` but the list of recently used devices now lives in `/my/preferences/security`.
2022-06-20 23:16:34 +02:00
Osama Sayegh 5176c689e9
UX: Change wording for 'regular' categories to 'normal' (#17134)
At some point in the past we decided to rename the 'regular' notification state of topics/categories to 'normal'. However, some UI copy was missed when the initial renaming was done so this commit changes the spots that were missed to the new name.
2022-06-20 06:49:33 +03:00
Discourse Translator Bot 7ac485fb9f
FEATURE: Add Croatian language (#17130)
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2022-06-18 00:18:22 +02:00
Alan Guo Xiang Tan c625dc0adc
FEATURE: Add messages section links to experimental sidebar. (#17096) 2022-06-16 13:33:40 +08:00
Discourse Translator Bot e0364cf228
Update translations (#17087) 2022-06-14 16:57:33 +02:00
Alan Guo Xiang Tan 4a240f6c90
DEV: First pass at messages section experimental sidebar (#17084) 2022-06-14 15:56:20 +08:00
Discourse Translator Bot f38a06f3a5
Update translations (#17022) 2022-06-11 13:20:37 +02:00
Alan Guo Xiang Tan ced9a5ee6d
FEATURE: First pass tags section for experimental sidebar. (#17048)
Counts for the section links will be added in a follow up commit.
2022-06-10 09:49:36 +08:00
Alan Guo Xiang Tan cd8c97debc
FEATURE: Add section links to categories section to exp sidebar (#17035)
This commit adds a section link to the categories section for each
category that is tracked by the user in the experimental sidebar.
2022-06-09 11:14:01 +08:00
David Taylor 5238f6788c
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.

`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

This implementation is purely server-side, and does not impact the composer preview.

Technically, there are two stages to this feature:

1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute

2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 15:23:04 +01:00
Alan Guo Xiang Tan 7da074d591
DEV: Implement "My Posts" section link for experimental sidebar (#17008) 2022-06-07 10:52:54 +08:00
Isaac Janzen 49415de3fa
DEV: Remove reply_as_private_message from composer (#16979)
* Remove 'New Message' option from composer dropdown
* Update Acceptance Tests
2022-06-06 15:10:34 -05:00
Martin Brennan f94682e2c4
FIX: Do not use SVGs for twitter:image metadata (#16973)
Twitter does not allow SVGs to be used for twitter:image
metadata (see https://developer.twitter.com/en/docs/twitter-for-websites/cards/overview/markup)
so we should fall back to the site logo if the image option
provided to `crawlable_meta_data` or SiteSetting.site_twitter_summary_large_image_url
is an SVG, and do not add the meta tag for twitter:image at all
if the site logo is an SVG.
2022-06-03 09:02:57 +10:00
Discourse Translator Bot 41fa278c00
Update translations (#16958) 2022-05-31 16:14:37 +02:00
Andrei Prigorshnev 5c596273a0
FEATURE: user status (#16875) 2022-05-27 13:15:14 +04:00
Martin Brennan 583704f603
FIX: Improve bookmark-icon title (#16908)
This improves the bookmark-icon title to be more like the
post bookmark icons, to include the special formatted date
as well as the name of the bookmark.
2022-05-25 11:32:42 +10:00
Discourse Translator Bot d303466c30
Update translations (#16902) 2022-05-24 16:03:04 +02:00
Osama Sayegh d15867463f
FEATURE: Site setting for blocking onebox of URLs that redirect (#16881)
Meta topic: https://meta.discourse.org/t/prevent-to-linkify-when-there-is-a-redirect/226964/2?u=osama.

This commit adds a new site setting `block_onebox_on_redirect` (default off) for blocking oneboxes (full and inline) of URLs that redirect. Note that an initial http → https redirect is still allowed if the redirect location is identical to the source (minus the scheme of course). For example, if a user includes a link to `http://example.com/page` and the link resolves to `https://example.com/page`, then the link will onebox (assuming it can be oneboxed) even if the setting is enabled. The reason for this is a user may type out a URL (i.e. the URL is short and memorizable) with http and since a lot of sites support TLS with http traffic automatically redirected to https, so we should still allow the URL to onebox.
2022-05-23 13:52:06 +03:00
Johannes Faigle bf987af3ca
FEATURE Add reset bump dates bulk action (#16885) 2022-05-22 12:32:55 -04:00
Bianca Nenciu 985afe1092
FEATURE: Add page title to 404 pages (#16846)
The title had to be added both on the 404 page generated by the server
side, displayed when the user reaches a bad page directly and the 404
page rendered by Ember when a user reaches a missing topic while
navigating the forum.
2022-05-17 18:37:43 +03:00
Discourse Translator Bot ddb5d88158
Update translations (#16852) 2022-05-17 16:51:11 +02:00
Loïc Guitaut 73de203843 FIX: Apply 'hide email account' for invites 2022-05-17 09:56:06 +02:00
Chapoi b65ecf6987
UX: Add back link on taggroup page (#16700)
* Add back button to taggroup page

* Lint update + enclosing tags

* Linting

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-05-16 10:34:09 +02:00
Alan Guo Xiang Tan 2cc9f0e7d9
DEV: Setup categories section in sidebar for future work (#16733) 2022-05-13 09:35:15 +08:00
Alan Guo Xiang Tan 0bc04cb003
DEV: Add missing titles on sidebar buttons. (#16730)
* Also small refactor to reduce magical generation of translation string
key when using `Section` and `SectionLink` components.
2022-05-12 15:10:14 +08:00
Martin Brennan 8e9164fb60
DEV: Minor bookmark tweaks for polymorphism (#16728)
* Make the modal for bookmarks display more consistently
* Make sure bookmark query can handle empty results for certain
  bookmarkable queries
2022-05-12 10:29:01 +10:00
tshenry f38fe53287
COPY: Improve trust level promotion PM copy (#16727)
Previously it wasn't clear which trust level you were promoted to and why.
2022-05-11 16:09:31 -07:00
Alan Guo Xiang Tan 9b420eb6e3
DEV: First pass at side topics section (#16697)
* Implements everything, tracked and bookmarked links
* Implements unread/new count for everything link
2022-05-11 13:43:24 +08:00
Kris 19677ce3f6
UX: fix various login modal issues on mobile (#16708) 2022-05-11 14:36:27 +10:00
Discourse Translator Bot 660227434e
Update translations (#16701) 2022-05-10 21:42:02 +02:00
Isaac Janzen 1a12e4cfc8
FEATURE: Introduce site setting to allow for non staff pm tagging (#16671)
Currently the only way to allow tagging on pms is to use the `allow_staff_to_tag_pms` site setting.  We are removing that site setting and replacing it with `pm_tags_allowed_for_groups` which will allow for non staff tagging. It will be group based permissions instead of requiring the user to be staff.

If the existing value of `allow_staff_to_tag_pms` is `true` then we include the `staff` groups as a default for `pm_tags_allowed_for_groups`.
2022-05-10 10:02:28 -05:00
Ella E 406493660d
add translations for subcategories_with_featured_topics (#16663) 2022-05-05 14:07:52 -06:00
Rafael dos Santos Silva 94cfe98ee4
FEATURE: Validate setting combination between exif strip and img opt (#16662)
Admins won't be able to disable strip_image_metadata if they don't
disable composer_media_optimization_image_enabled first since the later
will strip the same metadata on client during upload, making disabling
the former have no effect.

Bug report at https://meta.discourse.org/t/-/223350
2022-05-05 15:13:17 -03:00
Bianca Nenciu 8695449cfc
FIX: Validate permalink_normalizations setting (#16604)
When an admin enters a badly formed regular expression in the
permalink_normalizations site setting, a RegexpError exception is
generated everytime a URL is normalized (see Permalink.normalize_url).

The new validator validates every regular expression present in the
setting value (delimited by '|').
2022-05-04 14:33:06 +03:00
Discourse Translator Bot 51e29d3ca8
Update translations (#16608) 2022-05-03 15:30:59 +02:00
Angus McLeod 9fc3d46003
Update wordpress scopes and add ``session/scopes`` endpoint (#15366)
* Update wordpress scopes && add ``session/scopes`` endpointt

* Fix failing spec

* Add users#show scope to discourse_connect

* Update app/controllers/session_controller.rb

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>
2022-05-02 12:15:32 -03:00
Andrei Prigorshnev 187922d51c
FEATURE: introduce a sitewide setting for disabling suggesting weekends in time pickers (#16563) 2022-05-02 15:40:23 +04:00
David Taylor 0f772bdf5b
FEATURE: Optionally skip using full_name when suggesting usernames (#16592)
This commit introduces a new site setting: `use_name_for_username_suggestions` (default true)

Admins can disable it if they want to stop using Name values when generating usernames for users. This can be useful if you want to keep real names private-by-default or, when used in conjunction with the `use_email_for_username_and_name_suggestions` setting, you would prefer to use email-based username suggestions.
2022-04-29 14:00:13 +01:00
jbrw cfb6360bdf
UX: Add time_shortcut.now translation (#16588)
When using `future-date-input` with the option of `includeNow=true` we need to have a translation for `time_shortcut.now`.
2022-04-28 16:48:26 -04:00
Andrei Prigorshnev badde13894
UX: improve the list of options on the slow mode modal (#16561) 2022-04-28 17:05:32 +04:00
Alan Guo Xiang Tan 98c49acad5
DEV: Setup experimental sidebar skeleton (#16575)
* hidden siteSetting to enable experimental sidebar
* user preference to enable experimental sidebar
* `experimental_sidebar_enabled` attribute for current user
* Empty glimmer component for Sidebar
2022-04-28 15:27:06 +08:00
Discourse Translator Bot adfa4ebed8
Update translations (#16566) 2022-04-27 14:42:11 +02:00
Penar Musaraj 07f975848d
FEATURE: Scope search to PMs when in that context (#16528) 2022-04-26 14:43:09 -04:00
Andrei Prigorshnev 3e0cb8ea47
UX: ask for confirmation when deleting a post using shortcut (#16526) 2022-04-25 17:50:54 -04:00
Kris 4157403308
UX: organize topic admin menu into groups (#16489) 2022-04-25 16:02:41 -04:00
Roman Rizzi 068e93534c
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542)
Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around.
2022-04-25 14:49:36 -03:00
Martin Brennan 3e4621c2cb
FEATURE: Polymorphic bookmarks pt. 2 (lists, search) (#16335)
This pull request follows on from https://github.com/discourse/discourse/pull/16308. This one does the following:

* Changes `BookmarkQuery` to allow for querying more than just Post and Topic bookmarkables
* Introduces a `Bookmark.register_bookmarkable` method which requires a model, serializer, fields and preload includes for searching. These registered `Bookmarkable` types are then used when validating new bookmarks, and also when determining which serializer to use for the bookmark list. The `Post` and `Topic` bookmarkables are registered by default.
* Adds new specific types for Post and Topic bookmark serializers along with preloading of associations in `UserBookmarkList`
* Changes to the user bookmark list template to allow for more generic bookmarkable types alongside the Post and Topic ones which need to display in a particular way

All of these changes are gated behind the `use_polymorphic_bookmarks` site setting, apart from the .hbs changes where I have updated the original `UserBookmarkSerializer` with some stub methods.

Following this PR will be several plugin PRs (for assign, chat, encrypt) that will register their own bookmarkable types or otherwise alter the bookmark serializers in their own way, also gated behind `use_polymorphic_bookmarks`.

This commit also removes `BookmarkQuery.preloaded_custom_fields` and the functionality surrounding it. It was added in 0cd502a558 but only used by one plugin (discourse-assign) where it has since been removed, and is now used by no plugins. We don't need it anymore.
2022-04-22 08:23:42 +10:00
David Taylor e5fb884695
FEATURE: Show prompt for required tag groups (#16458) 2022-04-21 13:13:52 +01:00
Andrei Prigorshnev 42bb629817
DEV: use the only source for time shortcut options on all date pickers (#16366) 2022-04-21 15:49:11 +04:00
Andrei Prigorshnev 53e484817e
DEV: drop the unused invite-link-panel component and related unused code (#16435) 2022-04-21 14:32:17 +04:00
Gerhard Schlager 1a56ce3674 FEATURE: Site setting to cap the recipient list in notification emails
* Adds a hidden site setting: `max_participant_names`
* Replaces duplicate code in `GroupSmtpMailer` and `UserNotifications`
* Groups are sorted by the number of users (decreasing)
* Replaces the query to count users of each group with `Group#user_count`)
* Users are sorted by their last reply in the topic (most recent first)
* Adds lots of tests
2022-04-21 10:43:13 +02:00
Gerhard Schlager 87c872823b DEV: Remove unused code and rename interpolation key 2022-04-21 10:43:13 +02:00
Bianca Nenciu f3ef69e27d
FIX: Add missing translations for medium format (#16517)
Commit 68497bddf2 implemented a function
to format durations in a medium format, similar to how durationTiny did.
The existent translation strings do not cover all cases and this commit
adds the missing translation strings.
2022-04-20 14:49:08 +03:00
Bianca Nenciu 68497bddf2
UX: Add title to read time stats from user page (#16501)
The title attributes were added to explain the difference between "read
time" and "recent read time" stats from user summary page.
2022-04-19 20:48:08 +03:00
Kris d196ec9680
UX: more descriptive moderator manage setting (#16492) 2022-04-19 11:29:00 -04:00
Discourse Translator Bot 4ec6af064a
Update translations (#16505) 2022-04-19 15:45:09 +02:00
Joshua Rosenfeld 037172beaa
UX: Add more detail to remove full quote site setting description (#16494)
As suggested by https://meta.discourse.org/t/223311
2022-04-18 14:50:49 -04:00
Isaac Janzen ee9daec36f
validate markdown_linkify_tlds setting (#16485)
Prevent adding * as a value to markdown_linkify_tlds site setting
2022-04-15 10:14:28 -05:00
Penar Musaraj 650adbe423
FIX: Href attribute for post-date link (#16471)
This updates the fix in commit eb70ea4.

Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 23:09:39 -04:00
Osama Sayegh eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386)
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
Discourse Translator Bot a1d7e77967
Update translations (#16456) 2022-04-12 21:04:30 +02:00
Roman Rizzi 6f76a12e0a
FEATURE: Let sites add a sitemap.xml file. (#16357)
* FEATURE: Let sites add a sitemap.xml file.

This PR adds the same features discourse-sitemap provides to core. Sitemaps are only added to the robots.txt file if the `enable_sitemap` setting is enabled and `login_required` disabled.

After merging discourse/discourse-sitemap#34, this change will take priority over the sitemap plugin because it will disable itself. We're also using the same sitemaps table, so our migration won't try to create it
again using `if_not_exists: true`.
2022-04-12 10:33:59 -03:00
Jordan Vidrine 09ee9a6be6
UX: Less specific styling for Auth logins (#16393) 2022-04-11 12:33:09 -05:00
Martin Brennan ac672cfcc6
DEV: Improvements to UppyUploadMixin to use ExtendableUploader (#16383)
This PR brings the `UppyUploadMixin` more into line with the `ComposerUppyUpload` mixin, by extending the `ExtendableUploader` . This also adds better tracking of and events for in progress uploads in the `UppyUploadMixin` for better UI interactions, and also opens up the use of `_useUploadPlugin` for the mixin, so anything implementing `UppyUploadMixin` can add extra uppy preprocessor plugins as needed.

This has been done as part of work on extracting uploads out of the chat composer. In future, we might be able to do the same for `ComposerUppyUpload`, getting rid of that mixin to standardise on `UppyUploadMixin` and have a separate `composer-uploads` component that lives alongside `composer-editor` like what we are doing in https://github.com/discourse/discourse-chat/pull/764
2022-04-07 12:59:06 +10:00
David Taylor 68c74e9b93
FEATURE: Allow multiple required tag groups for a category (#16381)
Previously we only supported a single 'required tag group' for a category. This commit allows admins to specify multiple required tag groups, each with their own minimum tag count.

A new category_required_tag_groups database table replaces the existing columns on the categories table. Data is automatically migrated.
2022-04-06 14:08:06 +01:00
Discourse Translator Bot fe689115d4
Update translations (#16378) 2022-04-05 15:28:19 +02:00
Dan Ungureanu 7179fbab77
UX: Require a password for invited users (#16291)
Invited users were allowed to accept invites without entering a
password. When this happened, instead of receiving an activation email,
they received a password reset email. Basically, a user could postpone
choosing a password until after registration.

Unfortunately, this led to a confusing user experience and this commit
attempts to fix that by making the client require a password. There is
a single case when users do not need to input a password: when they sign
up using an external authenticator and password field is completely
hidden. In this case, the third party handles the password logic.

Technically, invites can still be redeemed without a password, but that
functionality was kept to preserve backwards compatibility.
2022-04-05 14:57:15 +03:00
Andrei Prigorshnev 71802ba910 Fix the empty page copy on the user activity page 2022-04-04 10:12:35 +08:00
Sam b023d88b09
FIX: Abort theme creation if unable to create uploads (#16336)
Previous to this change if any of the assets were not allowed extensions
they would simply be silently ignored, this could lead to broken themes
that are very hard to debug
2022-04-01 12:03:14 +11:00
OsamaSayegh ca58d80b0c A11Y: Improve accessibility of embedded replies below post
The changes are:

* Add an aria-label for the button that embeds/expand the replies of a
post below it
* Add an aria-label for the button that collapses the embedded replies
* Add an aria-label to describe the embedded replies section when
expanded and an aria-label for each embedded reply
2022-03-31 19:01:40 +03:00
OsamaSayegh fd26facdf3 A11Y: Improve accessibility of likes/read count post buttons
The improvements are:

* Add an aria-label to the like/read count buttons below posts to
indicate what they mean and do.

* Add aria-pressed to the like/read count buttons to make it clear to screen
readers that these buttons are toggleable.

* Add an aria-label to the list of avatars that's shown when post likes
or readers are expanded so that screen reader users can understand what
the list of avatars means.
2022-03-31 19:01:40 +03:00
OsamaSayegh ef66b3fd40 A11Y: Include username in aria-label of post region
I think the author of a post is a critical piece of information that
should be communicated right when the post region is reached.
2022-03-31 19:01:40 +03:00
Penar Musaraj e5bf704c7b
UX: Add details button to admin bounced/rejected lists (#16343) 2022-03-31 11:14:11 -04:00
Discourse Translator Bot 216dfbb895
Update translations (#16314) 2022-03-30 14:52:59 +02:00
Alan Guo Xiang Tan d0c2eb3359
DEV: Drop `enable_long_polling` and `long_polling_interval` settings (#16323)
Scheduled to drop in 2.9.

Co-authored-by: Loïc Guitaut <loic@discourse.org>
2022-03-30 16:32:40 +08:00
Martin Brennan b8828d4a2d
FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308)
This commit introduces a new use_polymorphic_bookmarks site setting
that is default false and hidden, that will be used to help continuous
development of polymorphic bookmarks. This setting **should not** be
enabled anywhere in production yet, it is purely for local development.

This commit uses the setting to enable create/update/delete actions
for polymorphic bookmarks on the server and client side. The bookmark
interactions on topics/posts are all usable. Listing, searching,
sending bookmark reminders, and other edge cases will be handled
in subsequent PRs.

Comprehensive UI tests will be added in the final PR -- we already
have them for regular bookmarks, so it will just be a matter of
changing them to be for polymorphic bookmarks.
2022-03-30 12:43:11 +10:00
Osama Sayegh e40c4bb7f9
FIX: Validate category tag restrictions before sending new topics to review (#16292)
Tags (and tag groups) can be configured so that they can only be used in specific categories and (optionally) restrict topics in these categories to be able to add/use only these tags. These restrictions work as expected when a topic is created without going through the review queue; however, if the topic has to be reviewed by a moderator then these restrictions currently aren't checked before the topic is sent to the review queue, but they're checked later when a moderator tries to approve the topic. This is because if a user manages to submit a topic that doesn't meet the restrictions, moderators won't be able to approve and it'll be stuck in the review queue.

This PR prevents topics that don't meet the tags requirements from being sent to the review queue and shows the poster an error message that indicates which tags that cannot be used.

Internal ticket: t60562.
2022-03-28 21:25:26 +03:00
Mark VanLandingham a3563336db
FIX: Bug setting notification level to muted/ignored on user page (#16268) 2022-03-25 10:51:45 -05:00
Andrei Prigorshnev 5423d46442
UX: cleaner messages for empty state on the user activity topics page (#16267) 2022-03-25 00:20:55 +04:00
OsamaSayegh 771dddb711 A11Y: Make the views column in topics lists tabbable 2022-03-24 13:42:24 +03:00
OsamaSayegh bc54b0055c A11Y: Improve topic entrance modal
Clicking the Replies cell of a topic in a topics list shows a little
modal with 2 buttons that take you to the first and last posts of the
topic. This modal is currently completely inaccessible to
keyboard/screen reader users because it can't be reached using the
keyboard.

This commit improves the modal so that it traps focus when it's shown
and makes it possible to close the modal using the esc key.
2022-03-24 13:42:24 +03:00
OsamaSayegh 0d4fad67db A11Y: Add `aria-label`s to topics list column headers
Topics lists like /latest are ordered by last activity date by default,
but the order can be changed (and reversed) to something else such as
replies count and views count by clicking on the corresponding column
header in the topics list. These column headers are tabbable, but screen
readers announce them as, using the replies column as example, `Replies
toggle button`. This doesn't communicate very well that this the button
changes the order, so this commit adds `aria-label`s to all column
headers to make it clear that they change order. The current copy for
the `aria-label` is `Sort by replies`.
2022-03-24 13:42:24 +03:00
Discourse Translator Bot b8a98708d8
Update translations (#16250) 2022-03-22 16:01:16 +01:00
Ella E 3b8ff1184f
update button label to be more clear (#16205) 2022-03-16 14:54:23 -06:00
Penar Musaraj 593f3e5dd8
UX: Styling changes to global banner (#16191) 2022-03-15 16:19:55 +01:00
Discourse Translator Bot 20a954fa0f
Update translations (#16194) 2022-03-15 14:40:40 +01:00
maiki 8e010aecfb
Remove a few words for clarity (#16162)
Remove extra words from two descriptions for user like reports
2022-03-11 09:33:16 +08:00
Discourse Translator Bot 93407005b5
Update translations (#16132) 2022-03-10 16:51:47 +01:00
Martin Brennan ca93e5e68b
FIX: Allow admins to change user ignore list (#16129)
Previously, if an admin user tried to add/remove
users to another user's ignored list, it would
be added to their own ignore list because the
controller used current_user. Now for admins only
a source_user_id parameter can be passed through,
which will be used to ignore the target user for
that source user.
2022-03-09 14:51:30 +10:00
Bianca Nenciu 6d422a8033
FEATURE: Highlight expired bookmark reminders (#15317)
The user can select what happens with a bookamrk after it expires. New
option allow bookmark's reminder to be kept even after it has expired.
After a bookmark's reminder notification is created, the reminder date
will be highlighted in red until the user resets the reminder date.
User can do that using the new Clear Reminder button from the dropdown.
2022-03-08 19:44:18 +02:00
Bianca Nenciu f5422f91aa
FEATURE: Add link to original image in lightbox (#15640)
Adds a link to the original image next to the download link. It can be
used to view full resolution image in the browser.
2022-03-08 19:39:46 +02:00
Martin Brennan 7af01d88d2
FIX: Better 0 file size detection and logging (#16116)
When creating files with create-multipart, if the file
size was somehow zero we were showing a very unhelpful
error message to the user. Now we show a nicer message,
and proactively don't call the API if we know the file
size is 0 bytes in JS, along with extra console logging
to help with debugging.
2022-03-07 12:39:33 +10:00
Blake Erickson d760fd4074
DEV: Add API scope for categories endpoint (#16105)
This change adds support for the categories endpoint to have an api
scope. Only adds GET scope for listing categories and for fetching a
single category.

See: https://meta.discourse.org/t/218080/4
2022-03-04 14:29:47 -07:00
David Taylor eb2e3b510d
FEATURE: Introduce 'Subcategories with featured topics' view (#16083)
This categories view is designed for sites which make heavy use of subcategories, and use top-level categories mainly for grouping
2022-03-04 21:11:59 +00:00
Blake Erickson 07e80b52ef
DEV: Add api scoping for updating topics. (#16101)
This change adds a new api scope for updating topics.

See: https://meta.discourse.org/t/219805
2022-03-04 10:44:56 -07:00
Osama Sayegh 8c71878ff5
UX: Add description to the 2FA page when adding new admins (#16098)
This PR adds an extra description to the 2FA page when granting a user admin access. It also introduces a general system for adding customized descriptions that can be used by future actions.

(Follow-up to dd6ec65061)
2022-03-04 06:43:06 +03:00
David Taylor a7db0ce985
UX: Differentiate 'emails disabled' notice for 'yes' and 'non-staff' (#16096) 2022-03-03 15:49:20 +00:00
Dan Ungureanu e3b4998efc
DEV: Remove notify user topic from share modal (#16085)
This feature was rarely used, could be used for spamming users and was
impossible to add a context to why the user was notified of a topic. A
simple private messages that includes the link and personalized message
can be used instead.
2022-03-03 09:27:45 +11:00
Discourse Translator Bot 9d2c5c489e
Update translations (#16074) 2022-03-01 22:56:34 +01:00
Martin Brennan ff96d541e9
FEATURE: Add fullscreen button for code blocks (#16044)
This commit extends the original copy-codeblocks initializer,
renaming it to codeblock-buttons, and adding another button
to make the code block fullscreen in a modal window. The fullscreen
code is then run through highlight.js.

This commit also moves much of the code out of the initializer
and into a reusable CodeblockButtons class, so it can also be used
in the fullscreen code modal for the copy + paste button.

The fullscreen button will not be shown if there is no scroll overflow
in the code block, nor will it be shown on mobile. This commit also
changes the fullscreen table button to not show on mobile.

This will make long lines of code much easier to read and interact
with. This is gated behind the same `show_copy_button_on_codeblocks`
site setting.
2022-03-01 08:37:24 +10:00
Jeff Wong d1bdb6c65d
FEATURE: upload an avatar option for uploading avatars with selectable avatars (#15878)
* FEATURE: upload an avatar option for uploading avatars with selectable avatars

Allow staff or users at or above a trust level to upload avatars even when the site
has selectable avatars enabled.

Everyone can still pick from the list of avatars. The option to upload is shown
below the selectable avatar list.

refactored boolean site setting into an enum with the following values:

disabled: No selectable avatars enabled (default)
everyone: Show selectable avatars, and allow everyone to upload custom avatars
tl1: Show selectable avatars, but require tl1+ and staff to upload custom avatars
tl2: Show selectable avatars, but require tl2+ and staff to upload custom avatars
tl3: Show selectable avatars, but require tl3+ and staff to upload custom avatars
tl4: Show selectable avatars, but require tl4 and staff to upload custom avatars
staff: Show selectable avatars, but only allow staff to upload custom avatars
no_one: Show selectable avatars. No users can upload custom avatars

Co-authored-by: Régis Hanol <regis@hanol.fr>
2022-02-24 12:57:39 -08:00
Discourse Translator Bot 50da1375ca
Update translations (#16024) 2022-02-22 14:20:23 +01:00
Joffrey JAFFEUX f5ec32bc8c
FEATURE: adds the user_promoted event to webhooks (#15996) 2022-02-22 10:57:18 +01:00
Bianca Nenciu 90c3695ab0
FEATURE: Rename Reset Read bulk action to Defer (#15972)
It is enabled only if defer is enabled in user options too and if the
button shows up in the topic's footer.
2022-02-21 22:45:01 +02:00
Bianca Nenciu ae1d2d957f
FEATURE: Replace share post popup with share modal (#15875)
This uniformizes the topic share modal and the post link popup. It also
introduces a new feature which can notify the user of a post.
2022-02-21 22:14:28 +02:00
Bianca Nenciu 53f9a1a469
FEATURE: Add settings to scale daily flags limit (#15983)
Similar site settings exist for likes and edits and the new ones work
in a similar way.

By default, users below TL2 have a limit of 20, the limit is increased
by 1.5 for TL2 users up to 30, by 2 for TL3 users up to 40 and by 3 for
TL4 users up to 60.
2022-02-18 14:44:32 +02:00
David Taylor df96374700
UX: Add 'update' to theme error message (#15977) 2022-02-17 14:21:18 +00:00
Osama Sayegh dd6ec65061
FEATURE: Centralized 2FA page (#15377)
2FA support in Discourse was added and grown gradually over the years: we first
added support for TOTP for logins, then we implemented backup codes, and last
but not least, security keys. 2FA usage was initially limited to logging in,
but it has been expanded and we now require 2FA for risky actions such as
adding a new admin to the site.

As a result of this gradual growth of the 2FA system, technical debt has
accumulated to the point where it has become difficult to require 2FA for more
actions. We now have 5 different 2FA UI implementations and each one has to
support all 3 2FA methods (TOTP, backup codes, and security keys) which makes
it difficult to maintain a consistent UX for these different implementations.
Moreover, there is a lot of repeated logic in the server-side code behind these
5 UI implementations which hinders maintainability even more.

This commit is the first step towards repaying the technical debt: it builds a
system that centralizes as much as possible of the 2FA server-side logic and
UI. The 2 main components of this system are:

1. A dedicated page for 2FA with support for all 3 methods.
2. A reusable server-side class that centralizes the 2FA logic (the
`SecondFactor::AuthManager` class).

From a top-level view, the 2FA flow in this new system looks like this:

1. User initiates an action that requires 2FA;

2. Server is aware that 2FA is required for this action, so it redirects the
user to the 2FA page if the user has a 2FA method, otherwise the action is
performed.

3. User submits the 2FA form on the page;

4. Server validates the 2FA and if it's successful, the action is performed and
the user is redirected to the previous page.

A more technically-detailed explanation/documentation of the new system is
available as a comment at the top of the `lib/second_factor/auth_manager.rb`
file. Please note that the details are not set in stone and will likely change
in the future, so please don't use the system in your plugins yet.

Since this is a new system that needs to be tested, we've decided to migrate
only the 2FA for adding a new admin to the new system at this time (in this
commit). Our plan is to gradually migrate the remaining 2FA implementations to
the new system.

For screenshots of the 2FA page, see PR #15377 on GitHub.
2022-02-17 12:12:59 +03:00
megothss c71c107649
FIX: Don't accept accents in slug if generation_method == 'ascii' (#15702)
* FIX: Don't accept accents in slug if generation_method == 'ascii'

Fixes bug reported in:
- https://meta.discourse.org/t/404-when-trying-to-edit-category-with-accent-in-slug/214762
- https://meta.discourse.org/t/formatting-and-accents-in-urls/215734/5

Assuming `SiteSetting.slug_generation_method == 'ascii'.

If the user provides a slug containing non-ascii characters while
creating the category, the user will receive a 404 error just
after saving the category since the slug will be escaped anyway but
Category.find_by_slug_path won't escape the category slug
causing the Edit Page of the category to be inaccessible.

This commit checks the provided slug and raises an error if the
provided slugcontains non-ascii characters ensuring that the
provided value is consistent with the site settings.

It also changes Category.find_by_slug_path to always escape the slug,
since if present, it is escaped anyway in Category.ensure_slug to
prevent the 404 in the Edit Category Page in case the user already
have some category with a non-ascii slug.

* Removed trailing whitespace
2022-02-17 13:46:06 +11:00
Dan Ungureanu effbd6d3e4
FEATURE: Show error if invite to topic is invalid (#15959)
This can happen if the topic to which a user is invited is in a private
category and the user was not invited to one of the groups that can see
that specific category.

This used to be a warning and this commit makes it an error.
2022-02-16 18:35:02 +02:00
Discourse Translator Bot 12423b56cb
Update translations (#15928) 2022-02-15 15:10:10 +01:00
David Taylor 3405f66b7e
UX: Improve default_code_lang copy (#15940)
Co-authored-by: Dax74 <Dax74@users.noreply.github.com>
2022-02-14 19:16:09 +00:00
David Taylor af24c10314 DEV: Improve theme error handling UX
- Update UI to improve contrast
- Make it clear that the message is only shown to administrators
- Add theme name and id to the console output
- Parse the error backtrace to identify the theme-id for post-decoration errors
- Improve console output to include the theme name / URL
- Add `?safe_mode=no_custom` to the admin panel link, so that it will work even if the theme is causing the site to break
2022-02-14 10:11:19 +00:00
Régis Hanol 0cda57f236
I18N: improve 'here_mention' site setting's description (#15912)
Inspired by [this suggestion](https://meta.discourse.org/t/what-is-a-here-mention/217878/3) from G Ann Campbell

> I suppose the description of the “here mention” field could be improved to something like:
> "Name used for @here mention to allow a privileged user to notify up to 10 people participating in the thread. Must not…"
2022-02-11 16:21:41 +01:00
Alan Guo Xiang Tan 8e5b945b0f
Revert "DEV: Improve theme error handling UX" (#15900)
`PrettyText.cook` is breaking on some sites. Revert for now while we
investigate.

This reverts commit c81d369ab6.
2022-02-11 11:30:36 +08:00
David Taylor c81d369ab6 DEV: Improve theme error handling UX
- Update UI to improve contrast
- Make it clear that the message is only shown to administrators
- Add theme name and id to the console output
- Parse the error backtrace to identify the theme-id for post-decoration errors
- Improve console output to include the theme name / URL
- Add `?safe_mode=no_custom` to the admin panel link, so that it will work even if the theme is causing the site to break
2022-02-10 22:56:11 +00:00
Joffrey JAFFEUX b3ecf00c98
DEV: adds initial support for custom blocks using code fencing (#15743)
Allows to write custom code blocks:

```
   ```mermaid height=200,foo=bar
   test
   ```
```

Which will then get converted to:

```
<pre data-code-wrap="mermaid" data-code-height="200" data-code-foo="bar">
  <code class="lang-nohighlight">
    test
  </code>
</pre>
```
2022-02-09 11:23:44 +01:00
Discourse Translator Bot fa9b2b4f42
Update translations (#15864) 2022-02-08 14:13:14 +01:00
Martin Brennan 0a738bd5bc
FEATURE: Allow sending group SMTP emails with from alias (#15687)
This commit allows group SMTP emails to be sent with a
different from email address that has been set up as an
alias in the email provider. Emails from the alias will
be grouped correctly using Message-IDs in the mail client,
and replies to the alias go into the correct group inbox.
2022-02-07 13:52:01 +10:00
Alan Guo Xiang Tan 930f51e175 FEATURE: Split up text segmentation for Chinese and Japanese.
* Chinese segmenetation will continue to rely on cppjieba
* Japanese segmentation will use our port of TinySegmenter
* Korean currently does not rely on segmentation which was dropped in c677877e4f
* SiteSetting.search_tokenize_chinese_japanese_korean has been split
into SiteSetting.search_tokenize_chinese and
SiteSetting.search_tokenize_japanese respectively
2022-02-07 09:21:14 +08:00
Discourse Translator Bot 0dfaaf49a5
Update translations (#15816) 2022-02-04 16:23:45 +00:00
janzenisaac cffc2836cb
DEV: Don't allow users to immediately reinvite (#15722)
- Limit bulk re-invite to 1 time per day
- Move bulk invite by csv behind a site setting (hidden by default)
- Bump invite expiry from 30 -> 90 days

## Updates to rate_limiter
When limiting reinvites I found that **staff** are never limited in any way. So I updated the **rate_limiter** model to allow for a few things:
- add an optional param of `staff_limit`, which (when included and passed values, and the user passes `.staff?`) will override the default `max` & `secs` values and apply them to the user.
- in the case you **do** pass values to `staff_limit` but the user **does not** pass `staff?` the standard `max` & `secs` values will be applied to the user.

This should give us enough flexibility to 
1. continue to apply a strict rate limit to a standard user
2. but also apply a secondary (less strict) limit to staff
2022-02-03 13:07:40 -06:00
Natalie Tay 23a8341b28
FEATURE: Validate domain settings for blocked_onebox_domain only (#15754)
We want to prevent the user from adding ? or * minimally
when setting domains in sitesettings
2022-02-03 11:26:53 +08:00
Discourse Translator Bot 022480b461
Update translations (#15763) 2022-02-01 16:15:18 +01:00
Andrei Prigorshnev dad2e5e513
FEATURE: make the use_email_for_username_and_name_suggestions setting visible and on by default on existing sites (#15751) 2022-02-01 14:55:17 +04:00
Régis Hanol e1367cdea6
I18N: Improve copy on blocked words error messages (#15741) 2022-01-28 17:12:35 +01:00
Michael Brown 23d7fcf9a1 FIX: remove duplicated word from client strings 2022-01-27 14:03:45 -05:00
Discourse Translator Bot 332266cbee
Update translations (#15731) 2022-01-27 15:18:29 +01:00
Discourse Translator Bot 5fd13380d8
Update translations (#15705) 2022-01-25 14:27:05 +01:00
Discourse Translator Bot a5cb6ab8a0
Update translations (#15696) 2022-01-24 20:13:10 +01:00
Discourse Translator Bot f0435ca1a7
Update translations (#15673) 2022-01-23 11:14:20 +01:00
Discourse Translator Bot 14b8cd5e17
Update translations (#15637) 2022-01-18 14:41:41 +01:00
Martin Brennan 35343e7f91
FIX: Improve emoji upload UI (#15603)
This commit adds a hover effect for drag and drop in
the admin emoji uploader. It also changes the "Add New
Emoji" button to open the file selector; previously it
was useless because it was disabled unless a name was
entered (which is not even a requirement for the emoji)
and also it didn't actually do anything on click even
if it wasn't disabled.

Now we have a way of adding files without having to drag
and drop them, which is nice.

Also in this PR, there was no indication before that the upload was
complete apart from the button becoming enabled again.
This commit adds the highlight class to the emoji list
and removes it once the highlight fade animation is done,
like we do for new posts.
2022-01-17 11:48:49 +10:00
Discourse Translator Bot 2976b63094
Update translations (#15540) 2022-01-11 14:21:34 +01:00
Bianca Nenciu 5d35c38db2
FEATURE: Search screened IP address in blocks (#15461)
An admin could search for all screened ip addresses in a block by
using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16.
This feature allows admins to search for a single IP address in all
screened IP blocks. 192.168.0.1 returns all IP blocks that match it,
for example 192.168.0.0/16.

* FEATURE: Remove roll up button for screened IPs

* FIX: Match more specific screened IP address first
2022-01-11 09:16:51 +02:00
Bianca Nenciu 5a8b8f6f1e
FEATURE: Show warning if user won't be mentioned (#15339)
The new warnings cover more cases and more accurate. Most of the
warnings will be visible only to staff members because otherwise they
would leak information about user's preferences.
2022-01-11 09:16:20 +02:00
Vinoth Kannan 6626089034
UX: change text of public_topic action code in login required sites. (#14764)
The wording "made this topic public" made confusion in login required forums.
2022-01-11 11:35:16 +05:30
Meghna 5c74f048a5
UX: updated "accept invite" error page (#15490) 2022-01-09 10:21:42 +05:30
Jarek Radosz 5b6acea56e DEV: Remove obsolete topic-progress code 2022-01-06 09:04:30 +08:00
janzenisaac 22e8f8af6d
FIX: Clean flagged queue when response to flagged post deleted (#15463) 2022-01-05 12:37:15 -06:00
Tobias Eigen 8d61b2c67d improved copy on "send me email when.." user pref
as discussed: https://dev.discourse.org/t/improve-copy-on-send-me-email-when-user-pref/58401/3?u=tobiaseigen
2022-01-05 10:22:58 +08:00
David Taylor 1f1aa6a0d8
FEATURE: Catch decorateCooked errors from themes/plugins (#15450)
If a theme/plugin raises an error while decorating post content, the decorator will be skipped, and the error reported on the console. Additionally, administrators will be shown a red warning at the top of the screen.

This commit refactors and re-uses some of the logic from the theme-initializer-error-reporting logic. In future, new error reports can be added by doing something like:

```
document.dispatchEvent(
  new CustomEvent("discourse-error", {
    detail: { messageKey: "some.translation.key", error },
  })
);
```
2022-01-04 21:59:52 +00:00
Discourse Translator Bot a82e0db5ba
Update translations (#15446) 2022-01-04 17:39:32 +01:00
Martin Brennan ed83d7573e
FIX: Tone down admin dashboard critical problem messaging (#15442)
Keep the title the same as it used to be and only
show the exclamation icon on the critical problems in
the list.
2022-01-04 13:00:58 +10:00
Martin Brennan 20fe5eceb8
FEATURE: Scheduled group email credential problem check (#15396)
This commit adds a check that runs regularly as per
2d68e5d942 which tests the
credentials of groups with SMTP or IMAP enabled. If any issues
are found with those credentials a high priority problem is added to the
admin dashboard.

This commit also formats the admin dashboard differently if
there are high priority problems, bringing them to the top of
the list and highlighting them.

The problem will be cleared if the issue is fixed before the next
problem check, or if the group's settings are updated with a valid
credential.
2022-01-04 10:14:33 +10:00
Discourse Translator Bot c665003203
Update translations (#15416) 2021-12-28 14:13:58 +01:00
Roman Rizzi c330363e14
Improve translation in pending reviewables reminder. (#15413) 2021-12-27 20:06:01 -03:00
Discourse Translator Bot 8a67be0339
Update translations (#15353) 2021-12-22 18:30:09 +01:00
Roman Rizzi 491f020771
FIX: Use correct argument name in pending reviewables translation (#15371) 2021-12-20 17:35:51 -03:00
Sam b6c3e9aa03
FEATURE: hide_email_address_taken forces use of email in forgot password form (#15362)
* FEATURE: hide_email_address_taken forces use of email in forgot password form

This strengthens this site setting which is meant to be used to harden sites
that are experiencing abuse on forgot password routes.

Previously we would only deny letting people know if forgot password worked on not
New change also bans usage of username for forgot password when enabled
2021-12-20 12:54:10 +11:00
Martin Brennan 4519f3f137
FIX: Add more actions to the uploads API key scope (#15306)
The uploads API key create scope did not cover the
external upload API endpoints, or the direct S3
multipart endpoints, and this commit adds them.

cf. https://meta.discourse.org/t/upload-create-api-key-insufficient/211896
2021-12-15 14:08:11 +10:00
Discourse Translator Bot 38e17ab106
Update translations (#15302) 2021-12-15 10:03:20 +11:00
Discourse Translator Bot 4afd6f0189
Update translations (#15292) 2021-12-14 14:53:35 +01:00
Dan Ungureanu adb6202c94
FIX: Check if invite domain is valid (#15238)
* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
2021-12-13 16:39:14 +11:00