Commit Graph

34672 Commits

Author SHA1 Message Date
Joffrey JAFFEUX 4cec575ad8
FIX: EmojiOne is now JoyPixels (#8142) 2019-10-02 16:01:22 -04:00
Justin DiRose 63fabdb6f2 FIX: first post true if user creates topic first (#8139)
Reported here: https://meta.discourse.org/t/user-was-banned-for-posting-a-reply-within-3-seconds/128823/12
The problem here is the user could create a topic, then reply and get
silenced on the second time (though technically their first post) for being below the
min_first_post_typing_time threshold.
2019-10-02 15:51:40 -04:00
Jeff Wong dbb33f08a9 REFACTOR: clean-up webauthn mobile view 2019-10-02 11:49:36 -07:00
Martin Brennan 9f5ec7154d [FIX] Webauthn security key fixes after real-world usage (#8135)
* Fix broken security key 2FA on mobile login.hbs

* Show nicer error message when a security key already exists

* [COPY] Disable -> Delete for security key editing

* Standardize UI elements in 2FA prefs password confirmation

* Minor fixes to label location for resetPasswordProgress
2019-10-02 11:47:29 -07:00
Penar Musaraj eeea016f23 FIX: Show composer above DiscourseHub app nav on iPad 2019-10-02 14:13:33 -04:00
Penar Musaraj ea4e9dba8e FIX: Apply Visual Viewport composer height calc in iOS only 2019-10-02 13:37:41 -04:00
Joffrey JAFFEUX d0390fba3e
UX: displays reads/likes in the same order that post menu buttons (#8140) 2019-10-02 13:00:47 -04:00
Penar Musaraj ceb29d3eea UX: Full viewport composer layout on iPad
Partially reverts 94ab48c by using Safari hacks on iPad again.

This brings parity in the composer UI between iPhones and iPads

Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
2019-10-02 12:36:11 -04:00
Joffrey JAFFEUX 7f114ef861
DEV: removes dead code (#8130)
This commit also refactors the new code which did make this dead code
2019-10-02 12:15:11 -04:00
Joffrey JAFFEUX fb66ddf161
DEV: removes dead coded (#8129)
As per sam:

b9ccf4d09c/app/assets/javascripts/discourse.js 1

We used to put (*) topic title for certain cases, something that we totally stopped doing.
2019-10-02 12:13:39 -04:00
Daniel Waterworth 1fdba2c5b2 FIX: Harden DistributedMutex
Threadsafety

  Since we use the same redis connection in multiple threads, a rogue
  transaction in another thread can trample the connection state
  (watched keys) that we need to acquire and release the lock properly.

  This is fixed by preventing other threads from using the connection
  when we are performing these actions.

Off-by-one error

  A distributed mutex is now consistently determined to be expired if
  the current time is strictly greater than the expire time.

Unwatch before transaction

  Since the redis connection is used by so much of the code, it is
  difficult to ensure that any watched keys have been cleared. In order
  to defend against this rogue connection state, an unwatch has been
  added before locking and unlocking.

Logging

  Hopefully this log message is more clear.
2019-10-02 13:00:41 +00:00
Joffrey JAFFEUX ef610af328
FIX: exception with triggerRefresh and subcat listing (#8131)
Clicking fast on the "top", "unread", or "latest" button  when browsing a parent category page with subcategories and the setting `Show subcategory list above topics in this category` enabled would cause an exception:

```
Uncaught Error: Nothing handled the action 'triggerRefresh'. If you did handle the action, this error can be caused by returning true from an action handler in a controller, causing the action to bubble.
```
2019-10-02 07:51:23 -04:00
Krzysztof Kotlarek 302e8f4393 FIX: Use migrations path for post_migrate (#8133)
That is a problem after upgrade to Rails 6. It was partially fixed here: 025d4ee91f
2019-10-02 15:28:38 +10:00
Sam Saffron 34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Michael Brown dbe0111822 FEATURE: allow UploadRecovery to be run on a single post (#8094) 2019-10-02 14:57:36 +10:00
Krzysztof Kotlarek 35b1185a08 FIX: Revert Demon::DemonBase back to Demon::Base (#8132)
I introduced DemonBase because I had got some conflict between `demon/base.rb` and `jobs/base.rb`, however, to not rename base class, it is possible to use regex on absolute path in Zeitwerk custom inflector.
2019-10-02 14:54:08 +10:00
Sam Saffron 55ee9abecb DEV: clean up dependencies in spec
Follow up on zeitwork we needed to be a bit more explicit about a few
dependencies internally.

On certain orders the test suite could fail.
2019-10-02 14:50:54 +10:00
Sam Saffron 3f6af54fe1 DEV: minor fixes related to zeitwerk
A couple of specs stopped working post zeitwerk. Adding missing require
corrected inheritance to avoid a circular ref.
2019-10-02 14:28:18 +10:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Rafael dos Santos Silva 45ff119f27 FIX: Try to match advanced tutorial reset first (#8048)
Advanced trigger is currently broken on:

    ca
    es
    et
    fr
    he
    it
    pt_BR

And that is because the translation levels for the plugin are kinda low, so I would guess it's broken for half the languages.

Since we have only two tracks for a while now, a quick fix to me is inverting the selectors.

This patch works because the advanced key is "larger" than the new user one.
2019-10-02 11:55:47 +10:00
Konrad Borowski 90a8852b63 List dots as a valid character in usernames (#8108) 2019-10-02 11:42:18 +10:00
Ryan Boder b7ebe574df FEATURE: Add topic and category context to post webhook payload (#8110)
Adds additional fields topic_archetype and category_slug to the post
webhook so that handlers have some context about the post event without
having to call back to the API.

Discussed [here](https://meta.discourse.org/t/webhooks-how-best-to-differentiate-a-pm-from-a-public-post/76363/13).
2019-10-02 11:41:33 +10:00
Joffrey JAFFEUX 3ee6e859ec FIX: prevents trigger post read count update on non existing post (#8128) 2019-10-02 10:57:34 +10:00
Joffrey JAFFEUX e5af03be01 DEV: prevents attemps to redefine THEME_TARGETS constant (#8121) 2019-10-02 10:54:31 +10:00
Joffrey JAFFEUX 6e815ba032 DEV: adds discourse:focus-changed app event (#8123) 2019-10-02 10:53:51 +10:00
Krzysztof Kotlarek f331b5eab2 FEATURE: topic title is validated for blocked words (#8127)
Currently, the topic is only validated for censored words and should be validated for blocked words as well.

Blocked word validation is now used by both Post and Topic. To avoid code duplication, I extracted blocked words validation code into separate Validator, and use it in both places.

The only downside is that even if the topic contains blocked words validation message is saying "Your post contains a word that's not allowed: tomato" but I think this is descriptive enough.
2019-10-02 10:38:34 +10:00
Joffrey JAFFEUX 0b93f1239b
DEV: attempts to make date-time-input-range test more reliable (#8126) 2019-10-02 02:12:36 +02:00
romanrizzi 45513fb29a Spec should not depend on aliases 2019-10-01 18:33:53 -03:00
Neil Lalonde 279a94da90 Version bump to v2.4.0.beta5 2019-10-01 16:51:36 -04:00
Neil Lalonde d4751d00d9 Update translations 2019-10-01 16:50:22 -04:00
Joffrey JAFFEUX bbc250cc35
DEV: ensures relative-ages interval is cleared between tests (#8117) 2019-10-01 22:18:26 +02:00
Joffrey JAFFEUX b4d42d1151
DEV: removes memory profiling from qunit tests (#8120)
Most of the work on it has been done and it's un-necessary work for now.
2019-10-01 22:17:53 +02:00
Joffrey JAFFEUX a5af98a149
DEV: fixes deprecation due to incorrect appEvent setup on share:url (#8122) 2019-10-01 22:17:38 +02:00
Gerhard Schlager f82576deea FIX: Reset watched site settings when default locale changes
Some site settings (e.g. `unicode_username_character_whitelist`) depend on the default locale, so we need to reset the watched settings when the locale changes.
2019-10-01 20:41:16 +02:00
Joffrey JAFFEUX 4aefe589de
DEV: rake qunit:test was crashing on macOS due to a flag (#8119)
flag: --disable-software-rasterizer
2019-10-01 20:40:48 +02:00
Gerhard Schlager b48ca9dee9 DEV: Simplify username validation in base importer
The `UsernameValidator` does already all the hard work. No need to do any additional checks in the import script. The checks were out-of-date anyway.
2019-10-01 20:33:09 +02:00
Gerhard Schlager 9e4fb262cf FIX: Respect unicode whitelist when suggesting username 2019-10-01 20:33:09 +02:00
Penar Musaraj 5cf299733a UX: Fix topic progress placement
Keeps element 1em away from the right edge of screen

Takes DiscourseHub app nav position into account on iPad

Uses outerHeight to calculate element height including padding/borders
2019-10-01 13:14:36 -04:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
Kris f7923958e2 UX: fix alignment on topic progress bar and remove some magic numbers 2019-10-01 11:45:51 -04:00
Penar Musaraj 94ab48c616 UX: Improve composer layout in iPads
In iOS 13, Apple no longer includes "iPad" in the user agent by default, so we need to adjust our detection.
2019-10-01 08:22:17 -04:00
Sam Saffron 0420e8145e SECURITY: update rubyzip dependency
This updates rubyzip library so that callers can trust entries when
extracting files avoiding situations where a rogues zip imported by a rogue
admin could cause a disk space issue.
2019-10-01 17:11:20 +10:00
Sam Saffron ba0114a6ff SECURITY: update rack-mini-profiler to latest to correct XSS
This corrects an XSS in ?pp=help.

Also removes the jQuery dependency from rack-mini-profiler and restricts
memory sensitive profiling methods development only.
2019-10-01 16:55:58 +10:00
Sam Saffron 499472b6a0 FIX: change focus when application resumes in android
Per new lifecycle https://developers.google.com/web/updates/2018/07/page-lifecycle-api

On Android and latest Chrome when an app transitions from "frozen" to
active the new "resume" event fires with no accompanying "visibilitychange"
event.

This means that often background tabs may be stuck thinking that discourse
has no focus when, indeed, it has.

This leads to cases where no posts are marked read anymore.
2019-10-01 12:00:07 +10:00
Kris 5cfbe19eef UX: Change composer's edit reason link to an icon 2019-09-30 20:58:31 -04:00
Penar Musaraj 444d123f0d UX: Use Visual Viewport API for iOS composer height
This applies to iPhones running iOS 13+.
Previous technique remains in place for iOS 12 and below.

Note that this does not apply to iPads on iOS 13 due to Apple no longer
identifying iPads in the user agent string.
2019-09-30 13:56:40 -04:00
Robin Ward d5c5ca46b6 SECURITY: Don't allow base_uri as embeddable host if none exist 2019-09-29 20:51:59 -04:00
Kris 756104432e UX: add class to distinguish specific moderator categories on about page 2019-09-27 09:34:56 -04:00
Gerhard Schlager 8adec48b33 Update translations 2019-09-26 04:29:44 +02:00