Commit Graph

36597 Commits

Author SHA1 Message Date
Joffrey JAFFEUX 58ced428ee
FIX: race conditions in search menu (#9262)
Race conditions could lead the previous query search term to be used in the next query. This commit also attempts to simplify code.
2020-03-24 15:16:42 +01:00
Bianca Nenciu 61c1af0124 SECURITY: Ensure user can see group and group members 2020-03-24 11:59:41 +02:00
Bianca Nenciu d8640fd042
DEV: Move requested_group_id custom field from post to topic (#9127)
Follow-up-to accbbded15
2020-03-24 11:12:52 +02:00
Vinoth Kannan bef8468510 Make qunit test code more clean.
45ce9876cc
2020-03-24 13:04:46 +05:30
Sam Saffron c7151f0fd6
Revert "DEV: upgrade Rails"
This reverts commit 5b3bb4b2f0.

This erratically breaks multisite operation, we need more debugging
2020-03-24 17:11:13 +11:00
Sam Saffron 46a9622246
FIX: prevent scheduled publishing to deleted category
We missed a dependency which left timers firing on missing categories.

Co-authored-by: tshenry
2020-03-24 16:59:42 +11:00
Sam Saffron 5b3bb4b2f0
DEV: upgrade Rails
Latest version of Rails contains compatibility fixes for Ruby 2.7 and some
minor security fixes we would like to have
2020-03-24 16:47:40 +11:00
Kane York 58ae0d4bd9
DEV: Add test case for /srv/status probers (#9259) 2020-03-24 16:28:07 +11:00
dependabot-preview[bot] 4452817ed0
DEV: Bump pg from 1.2.2 to 1.2.3 (#9235)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Pretty safe, adds protection for 2 possible segfaults.
2020-03-24 16:25:52 +11:00
dependabot-preview[bot] ecda9dbf25
DEV: Bump annotate from 3.1.0 to 3.1.1 (#9261)
Bumps [annotate](https://github.com/ctran/annotate_models) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/ctran/annotate_models/releases)
- [Changelog](https://github.com/ctran/annotate_models/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ctran/annotate_models/compare/v3.1.0...v3.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Very safe upgrade, annotate only used in dev
2020-03-24 16:23:16 +11:00
Sam Saffron 9726a0e0b4
DEV: upgrade json gem and add explicit dependency
json is shipped out of sync with Ruby. Even though we use OJ for many things
we still use the json gem sometimes, this ensures we use the latest

b8b29e79ad/config/initializers/100-oj.rb (L9-L9)
2020-03-24 15:21:50 +11:00
Martin Brennan b8b29e79ad
FIX: Improve user timezone saving (#9230)
Based on issues identified in https://meta.discourse.org/t/improved-bookmarks-with-reminders/144542/20

* Implement the resolvedTimezone() function on the user model where we return the user's timezone if it has been set, or we guess it using moment and save it to the user using an update call if it has not yet been set. This covers the cases of users who do not log out/in often who will not get their timezone set via login. This also makes sure the guess + save is done in a non-obtrusive way not on every page -- only when it is needed.

* Before if a user's timezone was blank when they visited their profile page we were autofilling the dropdown with the guessed timezone from moment. However this was confusing as it would appear you have that timezone saved in the DB when you really didn't. Now we do not autofill the dropdown and added a button to automatically guess the current timezone to make everything more explicit.
2020-03-24 11:39:09 +10:00
Kane York 4b8acce92b FIX: Check for permalinks before showing the 404 page
Limitations: the user profile "open external links in new tab setting" is
slightly broken for "External URL" permalinks.

Remove the copy from the admin permalinks page stating that this doesn't work.
2020-03-23 16:31:07 -07:00
Vinoth Kannan dc1836573d
UX: display avatar flair in categories route topic list items (#9197) 2020-03-24 01:13:25 +05:30
Robin Ward 4ecf0be93d Don't blame these renames 2020-03-23 15:05:58 -04:00
Robin Ward 27641f21e4 Migrate `discourse-common` from es6 -> js 2020-03-23 15:05:58 -04:00
dependabot-preview[bot] 8b7dc35e76
Build(deps): Bump sidekiq from 6.0.5 to 6.0.6 (#9258)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.0.5...v6.0.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-23 14:27:51 -04:00
Robin Ward 7f3bb06ac7 FIX: Wizard tests were missing 2020-03-23 14:25:25 -04:00
Robin Ward 37ed6d5a0e Ignore wizard es6 rename 2020-03-23 14:15:53 -04:00
Robin Ward 1ac0242201 Convert wizard es6 files to js 2020-03-23 14:15:16 -04:00
Kris 39dde33cbb UX: Larger tap areas for profile panel in user menu on mobile devices 2020-03-23 13:25:33 -04:00
Joffrey JAFFEUX 48c1de4836
DEV: adds afterCreate/beforeUpdate hooks to rest models (#9253)
We already have beforeCreate and afterUpdate and it seems these hooks can be useful and it's also unexpected to not have parity on this.
2020-03-23 16:58:40 +01:00
Arpit Jalan e58f0adfcc FIX: respect `prioritize_username_in_ux` setting on /about page 2020-03-23 20:28:01 +05:30
dependabot-preview[bot] f413ea6b38
Build(deps): Bump onebox from 1.9.26 to 1.9.27.1 (#9255)
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.26 to 1.9.27.1.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.26...v1.9.27.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-23 10:18:30 -04:00
Dan Ungureanu 5715f0ad01
UX: Hotkey K can select partial posts
When no post is selected, K selects first partial post and J selects
first full post.
2020-03-23 14:05:29 +02:00
David Taylor 5db41cd578
SECURITY: Respect topic permissions when loading bookmark metadata
Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:48 +00:00
David Taylor 5ff505cea6
SECURITY: Respect topic permissions when loading draft metadata
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:40 +00:00
Joffrey JAFFEUX 3f9b922d20
FIX: middle click was reading every notifications (#9252) 2020-03-23 13:28:16 +02:00
Gerhard Schlager 445b35381d Improve Telligent import script
* Detects mostly all attachments and it's a lot faster
* Parses user properties in Ruby instead of the DB, because that's less errorprone
* Imports user avatars
* Imports topic views by users
* Better handling of quotes and YouTube links
2020-03-23 09:18:12 +01:00
Roman Rizzi c4bc734b11
FIX: Backfill topic timer duration (#9249) 2020-03-23 09:38:18 +05:30
Jeff Wong 3189dab622 FIX: correctly remove authentication_data cookie on oauth login flow
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-21 14:34:25 -07:00
Blake Erickson c97244ca11 FIX: post edited webhook does not reflect updated topic title
This fix ensures that when a topic title is edited the new title shows
up in the post webhook instead of the old title.

Rather than passing in the old topic object to the PostRevisor the
PostRevisor initializer will load the updated topic object inside of the
initializer if you don't pass it in. This will allow the post_edited
webhook to have the correct topic values.

Original bug reported at:

https://meta.discourse.org/t/post-edited-webhook-does-not-reflect-updated-topic-title/144722
2020-03-21 07:43:11 -06:00
David Taylor dbfec4b268
DEV: Update spec for category permalink
Followup to 3215f2b6ee
2020-03-20 22:26:45 +00:00
David Taylor 3215f2b6ee
FIX: Permalinks should redirect to category URL including the ID
This is a temporary fix. Urls for third-level categories should function without the id. Once that is fixed, this change can be reverted
2020-03-20 22:06:20 +00:00
Jeff Wong 4ecc0a25ae Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)"
This reverts commit beaeb0c4b2.
2020-03-20 14:37:55 -07:00
Jeff Wong beaeb0c4b2
FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)
Attempt 2, with more test.

Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

Setting the cookie for the correct path, and not having it on root
Correctly removing the cookie on first login
2020-03-20 14:03:38 -07:00
Kane York 330102fd20 FEATURE: Show votes in an "on voted" poll to the creator
This required properly plumbing the guardian into the serializer.

Notably, the default state in the client was not changed - if you haven't voted in
the poll, you need to click the button to view the results instead of the results
being immediately visible on page load.

Implements https://meta.discourse.org/t/-/138108
2020-03-20 13:36:42 -07:00
Robin Ward 0d3386d255 Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238)"
This reverts commit a1f9b1a7fc.

This might have caused a problem with social logins. We are confirming
via this revert and will follow up.
2020-03-20 15:25:10 -04:00
Robin Ward 07813c4a91
Convert select-kit from es6 to js (#9246)
* Convert select-kit from es6 to js

* Hide more git blames
2020-03-20 12:40:32 -04:00
Kris 69df19a663 UX: Disable highlight animation on deleted posts 2020-03-20 12:15:58 -04:00
romanrizzi cfec10a568 FIX: Moderators should be able to review flagged PMs since this has always been like this 2020-03-20 12:28:36 -03:00
Jarek Radosz 20f3be1e9c
DEV: Use the `type: :multisite` spec setting (#9245)
Fixes recent spec flakiness.

Also includes:
DEV: Prevent accidental exit from specs
2020-03-20 16:18:34 +01:00
Robin Ward 1859e6b7ca FIX: Don't fail if the test environment doesn't support Webauthn 2020-03-20 10:44:02 -04:00
Robin Ward c150566506
Migrate pretty-text to `.js` extensions (#9243) 2020-03-20 09:55:42 -04:00
dependabot-preview[bot] 8174f1551c
Build(deps): Bump aws-sdk-s3 from 1.61.0 to 1.61.1 (#9216)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.61.0 to 1.61.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-20 09:43:58 -04:00
Daniel Waterworth 1b24a7b993 FIX: Include entire slug path in permalinks
This is a temporary fix since these URLs should contain the id as well.
2020-03-20 10:43:13 +00:00
Sam Saffron 145c90419d
DEV: increase timeout for initial context eval
Due to JS refactors our initial payload transpile is taking a bit longer
instead of failing the test suite attempt to give this a bit more time
2020-03-20 15:48:25 +11:00
Sam Saffron 10b37e1e36
FIX: add support for sub-sub category slugs in search
Previous to this change slugs for leaves in 3 level nestings would not work

Our UX picks only the last two levels

This also makes the results consistent for slugs as it enforces order.
2020-03-20 15:36:50 +11:00
David Taylor 19814c5e81
FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180)
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
2020-03-19 19:54:42 +00:00
David Taylor e9a3639b10
DEV: Pin hashie and faraday versions for zendesk api compatibility (#9214) 2020-03-19 19:52:31 +00:00