Commit Graph

42776 Commits

Author SHA1 Message Date
dependabot[bot] 683712fae7 Build(deps): Bump rubocop-ast from 1.9.0 to 1.9.1
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-ast/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 10:27:30 +08:00
dependabot[bot] 7804fdf860 Build(deps): Bump fastimage from 2.2.4 to 2.2.5
Bumps [fastimage](https://github.com/sdsykes/fastimage) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/sdsykes/fastimage/releases)
- [Changelog](https://github.com/sdsykes/fastimage/blob/master/CHANGELOG)
- [Commits](https://github.com/sdsykes/fastimage/compare/v2.2.4...v2.2.5)

---
updated-dependencies:
- dependency-name: fastimage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 10:27:17 +08:00
dependabot[bot] 7b205abacf Build(deps): Bump oj from 3.13.0 to 3.13.1
Bumps [oj](https://github.com/ohler55/oj) from 3.13.0 to 3.13.1.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.13.0...v3.13.1)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 10:27:01 +08:00
dependabot[bot] 6525918aae Build(deps): Bump nokogiri from 1.12.2 to 1.12.3
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.2 to 1.12.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.2...v1.12.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 10:26:47 +08:00
Krzysztof Kotlarek 195f7346ba
FIX: check if BasicBadge is enabled for TL1 welcome message (#13983)
In 2018 check was added that TL1 welcome message is sent unless user already has BasicBadge granted.

I think we should also check if BasicBadge is even enabled. Otherwise, each time group is assigned to a user and trust level is recalculated, they will receive a welcome message.
2021-08-11 08:39:25 +10:00
Osama Sayegh bdcb96ad1b
UX: Indicate capped history revisions only when they're actually capped (#14000)
We've recently added a limit to the posts history modal so it displays the last 100 revisions only for performance reasons. However, the title of the modal now always says `History, last 100 revisions` even when the post has fewer than 100 revisions which can be a bit noisy.

This PR amends the history modal so the title of the modal says `History` when the post's revisions count is ≤100, and `History, last 100 revisions` when it has more >100 revisions.
2021-08-11 00:24:37 +03:00
Jordan Vidrine 8569895f71
FIX: Fix rtl style for pull right (#13999)
* FIX: RTL fix for pull right
2021-08-10 15:31:04 -05:00
Andrei Prigorshnev 622859dbe6
FEATURE: add Unseen view (#13977)
This view is the same as Latest except it hides the topics you have fully read. Based on this plugin of @davidtaylorhq https://meta.discourse.org/t/simple-unread-list-plugin-discourse-simple-unread/70013.
2021-08-10 18:30:34 +04:00
Dmitry Klimensky d54b339809 Escape values of HTML attributes 2021-08-10 10:25:15 -04:00
David Taylor 7dc8f8b794 FEATURE: Allow linking an existing account during external-auth signup
When a user signs up via an external auth method, a new link is added to the signup modal which allows them to connect an existing Discourse account. This will only happen if:

- There is at least 1 other auth method available

and

- The current auth method permits users to disconnect/reconnect their accounts themselves
2021-08-10 15:07:40 +01:00
David Taylor 46dc189850 DEV: Improve robustness of associate_accounts_controller
This handles a few edge cases which are extremely rare (due to the UI layout), but still technically possible:

- Ensure users are authenticated before attempting association.

- Add a message and logic for when a user already has an association for a given auth provider.
2021-08-10 15:07:40 +01:00
David Taylor 2cae29f644 DEV: Update associate_accounts_controller to use secure_session
This is much cleaner than using redis directly. It also opens the door to more complex association change flows which may happen during login.
2021-08-10 15:07:40 +01:00
Arpit Jalan 97f701bc4c
UX: update member visibility help text to include flair information (#13995) 2021-08-10 19:31:29 +05:30
Joffrey JAFFEUX 6d41c37c16
DEV: stop propagation of events on button click (#13993) 2021-08-10 15:52:59 +02:00
Joffrey JAFFEUX 644441852e
FIX: prevents exception on malformatted messages (#13997)
The following example message would generate an exception:

```
Return-Path: <discourse@bar.com>
From: Foo Bar <discourse@bar.com>
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
Date: Fri, 15 Jan 2016 00:12:43 +0100
Message-ID: <21@foo.bar.mail>
Mime-Version: 1.0
Content-Type: text/html; charset=UTF-8

</div>

```

Exception:

```
NoMethodError:
       undefined method `split' for nil:NilClass
```
2021-08-10 15:49:32 +02:00
Arpit Jalan 3006de39d1
REVERT "FIX: do not show private group flair on user avatars" (#13991)
This reverts commit fe3e18f981 and 0d8fd9ace6
2021-08-10 17:25:11 +05:30
Joffrey JAFFEUX 4ca34940d3
DEV: ensures container is not destroyed before showing tooltip (#13992)
In fast tests it could results in an error.
2021-08-10 11:48:31 +02:00
Joffrey JAFFEUX 2efe91f49f
UI: fixes sidebar settings border and active styles (#13990)
- active setting should now correctly show an arrow which was previously floating in the middle of nowhere
- uses a correct color for border separation, previously the border was present but invisible as similar to the background
- slighty tweak padding
- makes arrow computation based on a variable
2021-08-10 08:53:22 +02:00
Martin Brennan 6774c600a4
DEV: Fix uploads controller flaky presigned put spec (#13985)
Was missing RateLimiter.clear_all!, leading to 403 errors
2021-08-10 14:30:22 +10:00
Martin Brennan 93af139a76
Revert "DEV: Move rate limiter disable to after :each for tests (#13986)" (#13987)
This reverts commit 52035dc665.
2021-08-10 14:12:36 +10:00
Martin Brennan 52035dc665
DEV: Move rate limiter disable to after :each for tests (#13986)
We weren't calling clear_all! for the rate limiter which
was the first problem, and the second problem was that it
is very odd to do state cleanup before tests instead of after,
so moved the disabling and clear_all! to after.
2021-08-10 13:38:35 +10:00
Alan Guo Xiang Tan fa952c036c UX: Missing translation for title attribute for PM tag route. 2021-08-10 09:58:59 +08:00
dependabot[bot] 7ecd0da109 Build(deps): Bump oj from 3.12.3 to 3.13.0
Bumps [oj](https://github.com/ohler55/oj) from 3.12.3 to 3.13.0.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.12.3...v3.13.0)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 09:16:59 +08:00
dependabot[bot] a38dc09e05 Build(deps): Bump faraday from 1.6.0 to 1.7.0
Bumps [faraday](https://github.com/lostisland/faraday) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 09:16:36 +08:00
Bianca Nenciu d68f2de4c7
FIX: Reuse avatar-flair component in group preview (#13961)
Sometimes the group flair preview was different than the real group
flair because different components were used for rendering.
2021-08-09 15:38:49 -03:00
Robin Ward 5c07e544af Revert "DEV: `Discourse.User` has been deprecated since 2.6"
This reverts commit 3edf24437a.

Too many plugins rely on this right now and need to be updated.
2021-08-09 13:42:26 -04:00
Robin Ward 3edf24437a DEV: `Discourse.User` has been deprecated since 2.6 2021-08-09 12:40:42 -04:00
Laurent Arnoud 03896a9c43
FIX: Errno::EXDEV when across filesystem boundaries (#13976)
ref https://bugs.ruby-lang.org/issues/12615

```
        W: rake aborted!
        W: Errno::EXDEV: Invalid cross-device link @ rb_file_s_rename - (/app/tmp/adeeee62504de67238341871bda1aaf0, /app/app/assets/javascripts/plugins/discourse-cakeday.js.e
rb)
        W: lib/discourse.rb:65:in `rename'
        W: lib/discourse.rb:65:in `atomic_write_file'
        W: /app/lib/plugin/instance.rb:683:in `activate!'
        W: lib/discourse.rb:246:in `block in activate_plugins!'
        W: lib/discourse.rb:243:in `each'
        W: lib/discourse.rb:243:in `activate_plugins!'
```
2021-08-09 12:20:26 +02:00
Jarek Radosz e68c1d5ba5
DEV: Use `key` over the deprecated `keyCode` (#13795)
Makes the code a bit more readable. Inspired by https://github.com/emberjs/ember.js/pull/19185
2021-08-09 11:41:36 +02:00
Joffrey JAFFEUX 8df48b516f
DEV: ensures click listeners are reset between tests (#13900) 2021-08-09 10:00:56 +02:00
Joffrey JAFFEUX 800926fcce
FIX: prevents s shortcut to generate an error (#13974)
When no element is selected, on the homepage for example, pressing `s` would generate the following error:

```
Uncaught TypeError: Cannot read property 'click' of undefined
```

Note that this commit also removes jquery usage.
2021-08-09 09:39:01 +02:00
dependabot[bot] 0790bbdea5
Build(deps): Bump rubocop-ast from 1.8.0 to 1.9.0 (#13975)
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-ast/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-09 00:27:39 +02:00
Vinoth Kannan 8c27e69523
UX: disable "Queue For Review" button if user can't perform action. (#13966)
Currently, it's returning JS error when trying to click the button when the action is already performed by the same staff user.
2021-08-07 12:36:56 +05:30
Robin Ward 3fdb64184b FIX: Don't swallow an error if we can't run `yarn ember build` 2021-08-06 15:13:18 -04:00
Andrei Prigorshnev 09ad3ed41d
FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970)
This reverts a part of changes introduced by https://github.com/discourse/discourse/pull/13947

In that PR I:
1. Disallowed topic feature links for TL-0 users
2. Additionally, disallowed just putting any URL in topic titles for TL-0 users

Actually, we don't need the second part. It introduced unnecessary complexity for no good reason. In fact, it tries to do the job that anti-spam plugins (like Akismet plugin) should be doing.

This PR reverts this second change.
2021-08-06 20:07:42 +04:00
Arpit Jalan 0d8fd9ace6
FIX: do not show flair bg color if flair is not visible (#13969)
follow up to fe3e18f981
2021-08-06 20:53:23 +05:30
Andrei Prigorshnev b66674fec2
DEV: ignore the given_daily_likes table when moving timestamps on Try (#13971)
This will fix the try-reset build that failed today. Probably this going to happen again with other tables that have constraints on date columns. I'm going to modify the script to make it work without ignoring such tables. After that, the only table we're going to need to ignore will be the 2FA table.

Before I fixed that, don't hesitate to tag me if the try-reset build fail again.
2021-08-06 18:27:23 +04:00
Roman Rizzi 044de6d670
DEV: Give callback listeners access to the request object. (#13965)
Plugins listening on the `before_auth` callback can interact with the request object and access data like the user agent or the remote IP address. We'll later store this data in the user record, but it might not exist at this point if we're authenticating a new account.
2021-08-06 11:26:11 -03:00
Joffrey JAFFEUX bf43d8eb40
DEV: uses vanilla js and DOM to replace link mentions (#13959)
- uses DOM apis
- do not concat strings
- ensures string is set as innerText and not HTML
- do not work on jquery objects
2021-08-06 09:26:54 +02:00
dependabot[bot] 86f1f82f7b Build(deps-dev): Bump webmock from 3.13.0 to 3.14.0
Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-06 09:35:54 +08:00
Robin Ward 844c05b70b DEV: New Plugin API method for delegating an app event 2021-08-05 14:44:26 -04:00
Andrei Prigorshnev 2ec0a17bef
DEV: clarify the slow mode specs names (#13962) 2021-08-05 22:07:29 +04:00
Bianca Nenciu 38199424bc
SECURITY: Sanitize d-popover attributes (#13958) 2021-08-05 16:39:17 +03:00
Arpit Jalan bb2c48b065
FIX: update iframe url for simplecast onebox (#13957)
https://meta.discourse.org/t/onebox-regression-simplecast-com/187911
2021-08-05 18:29:04 +05:30
Robin Ward 18c5e9338f DEV: Allow us to use Ember CLI assets in production
This adds an optional ENV variable, `EMBER_CLI_PROD_ASSETS`. If truthy,
compiling production assets will be done via Ember CLI and will replace
the assets Rails would otherwise use.
2021-08-05 08:32:33 -04:00
Arpit Jalan a341dba5d9
FIX: update oEmbed URL for simplecast onebox (#13956) 2021-08-05 17:42:38 +05:30
Andrei Prigorshnev 0c0a11b66a
FEATURE: Disallow putting urls in the title for TL-0 users (#13947)
This disallows putting URLs in topic titles for TL0 users, which means that:

If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings)
Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users
TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected.

Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 13:38:39 +04:00
Alan Guo Xiang Tan 0bf27242ec FIX: Group inbox new filter not accounting for dismissed topics.
Follow-up to 2c046cc670
2021-08-05 16:53:12 +08:00
Alan Guo Xiang Tan 3f59ccefd7 FIX: Remove limit on dismissing unread and new messages.
Follow-up to 2c046cc670
2021-08-05 14:55:38 +08:00
Alan Guo Xiang Tan bfe24f74e1 FIX: Restore server side route for tag messages filter.
Follow-up to 016efeadf6
2021-08-05 13:05:42 +08:00