This reverts commit 20780a1eee.
* SECURITY: re-adds accidentally reverted commit:
03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
instead of the 03d26cd6 parent (which contains security fixes)
* DEV: Standardize table sorting verbiage
This commit creates a common component that tables can use to make their
headers sortable. This commit also standardizes on using `desc` as the
default and passing in the `asc=true` flag to adjust the sorting
direction.
* Add deprecation warnings
Adds deprecation warnings if using previous params and maintains
backwards compatibility. Set the default sort value for group members to
be asc.
* switch group requests to use common table-header-toggle
* update fixture
* Revert "Revert "DEV: Add checks that assets do not modify cookies to smoke-test.js (#9504)" (#9773)"
This reverts commit 732776e2ce.
* FIX: Run cookie tests only after logging in
This adds three new checks to the smoke test: that assets and service-worker.js do not
clear invalid cookies, but normal application routes do.
This functions as a test that the nginx config correctly strips out Set-Cookie responses
from the service-worker.js file.
Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
In my original PR (#9647) I attempted to solve the problem of
using fake timers in acceptance tests by using the new sinon
clock.tickAsync methods. This way of doing things seems to be flawed,
however, as we are getting random spec timeouts starting with the
bookmark acceptance test where this was introduced.
I think I was going about things the wrong way. This commit introduces
a new function with callback (acceptanceUseFakeClock) that sets up the
fake timers using sinon.useFakeTimers with the shouldAdvanceTime option
set to true. This advances time at a normal rate of 20ms per tick, which
means that we are not freezing any time and existing setTimeout funcs.
should proceed as normal. Along with this the callback passed will
run clock.reset() at the end to make sure all the timers are cleaned
up correctly.
There is an optional third parameter after the callback, which is the
timezone. If the user is logged in for the acceptance test then their
timezone is used, otherwise we default to America/Denver.
Usage is (inside an acceptance test):
```
test("Name of the test", async assert => {
// first parameter is time to start fake clock at
await acceptanceUseFakeClock("2020-05-04T13:00:00", async () => {
// test code goes here e.g. await visit("/url");
});
});
```
* DEV: allows to define an ariaLabel on d-button
This topic also adds this function to topic-footer-buttons, simplifies the whole logic of titile/label/arialabel in d-button and adds tests for these properties.
* typo
* This is to prevent user's timezones being changed accidentally
e.g. by admin looking at a user
* This problem only occurred via the user card, however the user card
was still calling userTimezone even if the setting to display user
time in card was disabled
There were two constants here, `INLINE_ONEBOX_LOADING_CSS_CLASS` and
`INLINE_ONEBOX_CSS_CLASS` that were both longer than the strings they
were DRYing up: `inline-onebox-loading` and `inline-onebox`
I normally appreciate constants, but in this case it meant that we had
a lot of JS imports resulting in many more lines of code (and CPU cycles
spent figuring them out.)
It also meant we had an `.erb` file and had to invoke Ruby to create the
JS file, which meant the app was harder to port to Ember CLI.
I removed the constants. It's less DRY but faster and simpler, and
arguably the loss of DRYness is not significant as you can still search
for the `inline-onebox-loading` and `inline-onebox` strings easily if
you are refactoring.
We now show an options gear icon next to the bookmark name.
When expanded we show the "delete bookmark when reminder sent" option. The value of this checkbox is saved in local storage for the user.
If this is ticked, when a reminder is sent for the bookmark the bookmark itself is deleted. This is so people can use the reminder functionality by itself.
Also remove the blue alert reminder section from the "Edit Bookmark" modal as it just added clutter, because the user can already see they had a reminder set:
Adds a default false boolean column `delete_when_reminder_sent` to bookmarks.
Update sinon.js to 9.0.2 to access async fake timers https://sinonjs.org/releases/v9.0.2/fake-timers/ which can then be used with acceptance tests (previously useFakeTimers didn't work with await, e.g. for visit).
Fix the bookmark acceptance test that was time based to use these new fake timers.
Add a fakeTime function that uses moment and the provided date string + timezone to freeze time using useFakeTimers and return a clock.
Add a timeStep function that accepts a clock from fakeTime and a function to run. Once the function is run we call clock.tickAsync(1000) to progress the fake clock forward 1s to progress promises/callbacks.
- reduces the API to 3 actions for now: appendContent/prependContent/onChange
- well tested
- removes all previous APIS which were only half supported or too dangerous as they could collide with other plugins or core behaviors
- this plugins also puts every sk test helpers in one file
We were sharing `Discourse` both as an application object and a
namespace which complicated things for Ember CLI. This patch
moves raw templates into `__DISCOURSE_RAW_TEMPLATES` and adds
a couple helper methods to create/remove them.
If the user chooses "Later Today" as the reminder for a bookmark, then edits that bookmark, we should pre-select "Later Today" if that time has not changed (e.g. later is still 6pm). We do this to avoid confusion instead of opening the custom date + time section.
* Do not show confirmation modal if deleting bookmark from list unless the bookmark has a reminder
* Remove the deleted bookmark from the in-memory array for the user list so a full reload of the list is not needed and scrolling is maintained
This will make a few minor improvements to the second factor user interface. Highlights include:
- Using the site's title to prefix the backup code filename. If non-ascii characters are detected, then prefix "discourse" instead.
- Add icons and change the text on some of the buttons for better clarity and consistency
- Add an education link to the security key modal
Joffrey JAFFEUX
Bianca Nenciu
Michael Brown
Jeff Atwood
Mark VanLandingham
Alan Guo Xiang Tan
Blake Erickson
Kane York
Kane York
Robin Ward
Vinoth Kannan
Martin Brennan
Martin Brennan
Jarek Radosz
Zdravko Curic
David Taylor
tshenry