Commit Graph

26311 Commits

Author SHA1 Message Date
Penar Musaraj d9c511f734
DEV: Refactor animation for invalid inputs in wizard (#15334) 2021-12-16 17:17:36 -05:00
Penar Musaraj 92bff4df93
FIX: Add smooth scrolling polyfill (#15333) 2021-12-16 14:07:52 -05:00
Penar Musaraj 48b7696dbc
DEV: Remove jQuery animate calls (#15321)
Affects j/k navigation and PM interaction with @discobot.
2021-12-16 11:00:09 -05:00
Andrei Prigorshnev 9365c4b364
DEV: make sure we handle staged users correctly in DiscourseConnect (#15320)
Some time ago, we made this fix to external authentication –  https://github.com/discourse/discourse/pull/13706. We didn't address Discourse Connect (https://meta.discourse.org/t/discourseconnect-official-single-sign-on-for-discourse-sso/13045) at that moment, so I wanted to fix it for Discourse Connect as well.

Turned out though that Discourse Connect doesn't contain this problem and already handles staged users correctly. This PR adds tests that confirm it. Also, I've extracted two functions in Discourse Connect implementation along the way and decided to merge this refactoring too (the refactoring is supported with tests).
2021-12-16 19:44:07 +04:00
Joffrey JAFFEUX 81b0ac1766
FIX: uses new format for search tag endpoint to prevent issues (#15328)
Due to our usage of fixtures, backend changes didn't get catch.
2021-12-16 11:57:47 +01:00
Jarek Radosz 2a4df93b8e
FEATURE: Allow to modify topic-backed static pages (#15324)
A plugin API that allows customizing existing topic-backed static pages, like:
faq, tos, privacy (see: StaticController) The block passed to this
method has to return a SiteSetting name that contains a topic id.

```
add_topic_static_page("faq") do |controller|
  current_user&.locale == "pl" ? "polish_faq_topic_id" : "faq_topic_id"
end
```

You can also add new pages in a plugin, but remember to add a route,
for example:

```
get "contact" => "static#show", id: "contact"
```
2021-12-16 04:24:11 +01:00
Kris ad4faf637c
UX: Always show avatar on mobile topic lists (#15323) 2021-12-15 20:31:03 -05:00
Kris 1c9a0fe18e
UX: let mobile post controls scroll on overflow (#15305) 2021-12-15 15:36:10 -05:00
jbrw a2fcc360dd
UX: Show group card with animated loading state (#15253)
* Remove _calculateTopOffset entirely

* Show group card with animated loading state

Showing the animated loading state before rending the actual content prevents an
awkward scroll position jump when displaying this card.

This mimics the behaviour of the user card (which uses the same `CardContentsBase` mixin).

* Fix two user card issues

1. A JS console error (with no consequences) when clicking a group mention
2. User cards weren't being loaded from the header (for example, for PMs)

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-12-15 13:47:31 -05:00
Penar Musaraj 9fd92f329e
DEV: remove `showHtml` jQuery plugin (#15316) 2021-12-15 13:13:06 -05:00
Penar Musaraj 6120dde65c
DEV: Cleanup `for` attributes in category edit screens (#15284) 2021-12-15 12:37:11 -05:00
Bianca Nenciu 0335c9d77f
FEATURE: Add topic-navigation plugin outlet and popup component (#15081)
Adds a plugin outlet that can be used to insert a popup over topic timeline.
2021-12-15 17:16:14 +02:00
Joe 3b3e572ce6
allow themes to change the lock icon easily (#15309) 2021-12-15 09:13:10 -05:00
Andrei Prigorshnev 6afab87d50
DEV: migrate more routes away from the old `actions:` pattern (#15275) 2021-12-15 18:06:10 +04:00
Bianca Nenciu a09b6fe114
FEATURE: Save scroll position on bookmarks page (#15296)
Clicking on a bookmark and then back will preserve the scrolling
position.
2021-12-15 15:27:09 +02:00
Roman Rizzi 0719531bd3
FIX: Notify group members when someone quotes or replies to their post. (#15295)
When a member set a group PM notification level to Normal, we didn't notify group members if someone quoted or replied to one of their posts.
2021-12-15 09:07:39 -03:00
Joffrey JAFFEUX 666d291b24
DEV: minor refactoring or jump-to-post (#15312)
- replaces alias by reads
- drops jquery usage
- autofocus should already be done; so remove custom code
- uses @action
2021-12-15 12:09:26 +01:00
David Taylor 88fa8b5848
DEV: Skip Ember OnError validation for plugin qunit tests (#15314)
If the Ember OnError validation test is added, it breaks the "no tests were run" detection (since at least 1 test is always run). This is particularly important when running tests scoped to a single plugin, because there is no indication that you have typo'd the `qunit_single_plugin` query parameter.
2021-12-15 10:59:38 +00:00
Natalie Tay 77781f9a11
FEATURE: Extend plugin API to add multiple poster icons (#15311) 2021-12-15 18:09:26 +08:00
Martin Brennan e37f0eb240
DEV: Add DropTarget options function for Uppy mixins (#15307)
This is so the target element for file drag + drop is
not always just this.element for the component, and
provides a way to hook into onDragOver and onDragLeave.
By default also adds a .uppy-is-drag-over class to the target
element.
2021-12-15 15:43:07 +10:00
Martin Brennan 4519f3f137
FIX: Add more actions to the uploads API key scope (#15306)
The uploads API key create scope did not cover the
external upload API endpoints, or the direct S3
multipart endpoints, and this commit adds them.

cf. https://meta.discourse.org/t/upload-create-api-key-insufficient/211896
2021-12-15 14:08:11 +10:00
Sam 15752da957
Revert "A11Y: Focus last viewed topic in topic lists (#15300)" (#15304)
This reverts commit 76aeee6735.

Sadly this breaks on non-screen readers on Chrome and Safari
2021-12-15 12:33:33 +11:00
Osama Sayegh 76aeee6735
A11Y: Focus last viewed topic in topic lists (#15300) 2021-12-15 10:02:31 +11:00
Kris 091ca9dbb1
UX: prevent timeline overflow in extreme cases (#15303) 2021-12-15 10:02:02 +11:00
Penar Musaraj dba16391ad
DEV: cleanup `for` attributes in search filters (#15283) 2021-12-14 14:47:03 -05:00
Joffrey JAFFEUX 031f4f06d5
DEV: update and improvements to json editor (#15294)
- changes on how errors are handled to prevent weird cases
- uses didInsert/willDestroy to setup/clean state
- updates json editor library to 2.6.1
2021-12-14 17:21:49 +01:00
Bianca Nenciu ce7c821aa9
UX: Extend user hyperlink in staff action logs (#15293)
The avatar hyperlink redirected to admin user page and the username
hyperlink applied a filter. Now both hyperlinks redirect to admin user
page.
2021-12-14 17:14:18 +02:00
Mark VanLandingham 175ced5096
DEV: Add chat invitation notification type (#15288) 2021-12-14 09:01:53 -06:00
Penar Musaraj 10caceec42
DEV: Prefers reads helper over alias (#15282) 2021-12-14 10:03:31 +08:00
Mark VanLandingham 53475cf5be
DEV: Plugin API to add desktop notification handlers (#15280) 2021-12-13 11:54:46 -06:00
Penar Musaraj 954ab4e0ec
DEV: Refactor popup-tip component (#15257) 2021-12-13 11:22:02 -05:00
Dan Ungureanu adb6202c94
FIX: Check if invite domain is valid (#15238)
* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
2021-12-13 16:39:14 +11:00
Dan Ungureanu 3d4aee1487
DEV: Drop unused column email_tokens.token (#15203) 2021-12-13 16:29:47 +11:00
Martin Brennan 40d13ce662
DEV: Only support multipart for backup S3 uploads with Uppy (#15270)
In the composer, we already only allow for S3 multipart uploads
if enable_direct_s3_uploads is true, so in the backups uploader
that is based on Uppy we want to do the same thing. In future
if self-hosters need some way to not use S3 multipart in these
scenarios for whatever reason we can revisit this then (which
should be as simple as adding a enable_multipart_s3_uploads site
setting).
2021-12-13 15:24:00 +10:00
Martin Brennan 18a209bd0d
DEV: Use Uppy in wizard-field-image uploads (#15269)
We cannot use any of the uppy mixins or core code, because
the code there is not shared with the wizard, and to move
it all to discourse-common would be a task almost equal
difficulty to taking the ring to Mordor.

Therefore, we can just use the uppy vendor libraries in the
wizard, and do a quick-n-dirty version of the uppy upload
code for the wizard-field-image uploader.
2021-12-13 15:23:44 +10:00
Martin Brennan 1c97a7fe43
DEV: Move isInside to private function (#15268)
This text manipulation library can be used by plugins
as well, so better to have this defined as a function
instead of floating above the class.
2021-12-13 12:26:33 +10:00
Martin Brennan fc01619bcb
FEATURE: Use Tab for indenting text in composer (#15208)
This commit allows for using Tab and Shift+Tab to indent
and de-indent selected text in the composer. The selected
text is searched for the most occurrences of either tabs (\t)
or spaces at the start of each line, and that character is
used for indentation of all lines.
2021-12-13 09:31:49 +10:00
Mark VanLandingham 5e534e5897
DEV: Allow emoji picker to disable popper for itself (#15256) 2021-12-10 14:45:22 -06:00
Joe 726649fd46
adds missing id (#15255) 2021-12-10 14:33:55 +01:00
Roman Rizzi b7b61d4b56
FEATURE: A notification consolidation plan for keeping the latest one. (#15249)
We previously used ConsolidateNotifications with a threshold of 1 to re-use an existing notification and bump it to the top instead of creating a new one. It produces some jumpiness in the user notification list, and it relies on updating the `created_at` attribute, which is a bit hacky.

As a better alternative, we're introducing a new plan that deletes all the previous versions of the notification, then creates a new one.
2021-12-10 10:32:15 -03:00
Roman Rizzi 3602f83cf4
FEATURE: Delete previous reviewable reminders. (#15250)
We send the reminder using the GroupMessage class, which supports removing previous messages. We can't match them by raw because they could mention different moderators. Also, I had to change the subject to remove dynamically generated values, which is necessary for finding them.
2021-12-10 10:17:39 -03:00
Joffrey JAFFEUX ac31c2bbb2
FIX: only consider it handled by composer when a composer (#15254) 2021-12-10 13:07:54 +01:00
Penar Musaraj f24027b453
UX: Fix topic status icon size in mobile search results (#15251) 2021-12-09 14:32:12 -05:00
Kerry Liu c8af3e7bc1
UX: only apply link formats on paste to selections that do not contain bbcode-like tags (#15204) 2021-12-09 16:41:44 +00:00
Joffrey JAFFEUX e0ea16f05d
DEV: removes jquery usage from admin-watched-words (#15246) 2021-12-09 17:06:54 +01:00
Joffrey JAFFEUX 3052eb6ae6
DEV: fixes test as bodyClass is sometimes "foo bar" (#15248) 2021-12-09 15:34:50 +01:00
Joffrey JAFFEUX adb23636e6
DEV: minor full page search refactoring (#15242)
- drops jquery usage
- shows clear all/ select all only when appropriate
- removes ~ char apparently un-needed
2021-12-09 13:48:08 +01:00
Joffrey JAFFEUX f889ec2fcd
DEV: refactors admin-plugins/admin-site-settings (#15244)
- drops jQuery usage
- removes apparently useless clearfix
- uses @action
- drops unused clearFilter function in admin-plugins
2021-12-09 13:47:56 +01:00
Joffrey JAFFEUX 5d44adb9b9
DEV: refactors d-section (#15245)
- go tagless
- properly declares properties
- deprecates "false" in favour of false
- drops jquery
2021-12-09 13:47:47 +01:00
Joffrey JAFFEUX 76dff7fd9e
DEV: drops jquery usage from discovery-categories (#15243) 2021-12-09 13:47:13 +01:00
Angus McLeod df3886d6e5
FEATURE: Experimental support for group membership via google auth (#14835)
This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. 

The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future.

https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 12:30:27 +00:00
Jeff Wong 347669ef04
DEV: Add keyboard:move selection event (#15241)
allows plugin event hook for keyboard:move-selection. Passes raw selected and all articles through named params.
2021-12-08 23:38:25 -08:00
Joffrey JAFFEUX 828e75c2f3
DEV: minor choose topic refactoring (#15233)
* DEV: minor choose topic refactoring

- prevents category to be clickable to make clicking topics easier
- drops jQuery
- uses @action
- uses ? operator where possible
- drops un-needed next/schedule usage

* uses topic-status component and prevents pinned icon to be focusable

* Update app/assets/javascripts/discourse/app/templates/components/choose-topic.hbs

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-09 14:08:21 +11:00
Alan Guo Xiang Tan 4d1c84f15f
UX: Make toggling to filtered replies mode less jumpy. (#15240)
Previously we would jump to the first two replies but it made the
transition very jumpy depending on how long the post being selected is.
2021-12-09 10:03:22 +08:00
Alan Guo Xiang Tan e668b3dc71
DEV: Remove unnecessary element. (#15225)
This was added 6 years ago in d1e85bdd8b
and I can't see how this is useful for any customizations at all.
2021-12-09 08:40:23 +08:00
Alan Guo Xiang Tan ae88b52370
DEV: Fix position of avatar flair to be based on the actual avatar. (#15226)
Previously, it was based on the container of the avatar. However, the
container of the avatar can be extended to contain more than just the
avatar itself. This resulted in the positioning of the avatar flair to
be off.
2021-12-09 08:38:39 +08:00
Jeff Wong 51abcd7524
DEV: add app event for user-card:after-show (#15227)
Adds user-card:after-show event for when a usercard is fully loaded and shown.
2021-12-08 15:23:39 -08:00
Osama Sayegh aec9ce9819
A11Y: Move focus to highlighted post when visiting a topic (#15236)
Meta topic: https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/87?u=osama.
2021-12-08 21:33:15 +03:00
Andrei Prigorshnev 4e8983036a
DEV: do not return no_result_help from the server (#15220)
We don't need it anymore. Actually, I removed using of it on the client side a long time ago, when I was working on improving blank page syndrome on user activity pages (see https://github.com/discourse/discourse/pull/14311).

This PR also removes some old resource strings that we don't use anymore. We have new strings for blank pages.
2021-12-08 21:46:54 +04:00
David Taylor a6230b8138
UX: Improve composer presence-display positioning (#15235)
Previously the discourse-presence plugin was using a `position: absolute` hack to display the 'replying...' users in the top right of the composer. This commit adds a more suitable plugin outlet, and updates the discourse-presence styling so it slots into the flex-box layout at the top of the composer
2021-12-08 16:18:49 +00:00
Dan Ungureanu d8fe0f4199
FEATURE: Restrict link invites to email domain (#15211)
Allow multiple emails to redeem a link invite only if the email domain
name matches the one specified in the link invite.
2021-12-08 17:06:57 +02:00
Joffrey JAFFEUX e1b4e2e034
DEV: removes jquery usage from add-category-tag-classes (#15232)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-08 14:32:27 +01:00
Bianca Nenciu b1c11d5787
FIX: Select correct topic draft for user (#15234)
The old query could return multiple rows.
2021-12-08 15:23:44 +02:00
Bianca Nenciu 049bc33838
FIX: Update has_topic_draft when draft is updated (#15219)
Current user state regarding the new topic draft was not updated when
the draft was created or destroyed.
2021-12-08 14:40:35 +02:00
Joffrey JAFFEUX a144f49ec2
UX: scroll row to top of container in select-kit (#15230) 2021-12-08 12:22:18 +01:00
Loïc Guitaut 74387e83b6 DEV: Stop polluting all Ruby classes
The `ReviewableScore` model was defining class methods on `self.class`
from a singleton context so instead of defining methods on
`ReviewableScore` it was defining them on `Class`, so basically on every
existing class.

This patch resolves this issue. Using `enum` from `ActiveRecord` in the
future will avoid this kind of problems.
2021-12-08 11:32:25 +01:00
Jarek Radosz 301d5657fe
FIX: --header-offset didn't account for overscroll (#15221)
Fixes miniprofiler badge sliding away from the header when you rubber-band overscroll on the top of the page (in Safari)
2021-12-08 01:40:49 +01:00
Mark VanLandingham a7fdcb921a
DEV: Sniff isPwa for capabilities (#15218) 2021-12-07 15:35:06 -06:00
David Taylor f3d480dacb
DEV: Allow PresenceChannel to specify custom activity thresholds (#15217)
This allows consumers to vary the parameters on a per-channel basis. e.g. if you wanted a channel to consider someone 'away' after 10 minutes, and another channel to consider someone 'away' after 1 minute, that is now possible.
2021-12-07 20:57:57 +00:00
Jarek Radosz 6e8df3d66b
DEV: Deprecate `registerOption()` (#15209)
It's been a no-op for 5 years now.
2021-12-07 18:33:45 +01:00
Penar Musaraj 03b0c9f267
A11Y: Remove dupe label on signup confirm field (#15212) 2021-12-07 11:40:00 -05:00
Loïc Guitaut d0888c190e FIX: Display pending posts in a moderated category
Currently we display pending posts in topics (both for author and staff
members) but the feature is only enabled when there’s an enabled global site
setting related to moderation.

This patch allows to have the same behavior for a site where there’s
nothing enabled globally but where a moderated category exists. So when
browsing a topic of a moderated category, the presence of pending posts
will be checked whereas nothing will happen in a normal category.
2021-12-07 10:14:45 +01:00
Krzysztof Kotlarek 412a6c0e8c
FIX: edit tag test (#15207)
Broken with PR https://github.com/discourse/discourse/pull/15149
2021-12-07 07:24:55 +01:00
Krzysztof Kotlarek a616bc296a
FIX: tag transition only if tag name changed (#15149)
We need to change path only if tag name is changed. If a description is added, we don't need to reload.
2021-12-07 05:44:55 +01:00
Dan Ungureanu 9a6ec1d0c6 PERF: Add index on email_tokens.token_hash 2021-12-07 10:17:45 +08:00
Alan Guo Xiang Tan 4e67297a7c FIX: Missing allowed urls when displaying granualar API key scopes.
Follow-up to 3791fbd919
2021-12-07 10:17:17 +08:00
Alan Guo Xiang Tan 44588255fc FEATURE: Introduce API scopes for badges. 2021-12-07 10:17:17 +08:00
Andrei Prigorshnev f3508065a3
FIX: auth incorrectly handles duplicate usernames (#15197) 2021-12-06 20:49:04 +04:00
Penar Musaraj bf18145e70
UX: Fix flair dropdown styling in user account (#15201) 2021-12-06 11:28:10 -05:00
Roman Rizzi 43903f8dfe
FIX: Updating a consolidated notification should bump it to the top. (#15199)
In the future, it would be better to have a consolidated_at timestamp instead of updating created_at.
2021-12-06 12:31:44 -03:00
David Taylor 0b364140ec
DEV: Add :before_email_login event for plugins (#15187) 2021-12-06 09:38:37 +08:00
Andrei Prigorshnev ce074d118e
DEV: drop unused method (#15190)
There are no usages in Core and plugins.
The last usage was removed in https://github.com/discourse/discourse/pull/9369.
2021-12-06 09:37:54 +08:00
Jarek Radosz 28bf9599f5
FEATURE: Pre-setting user locale via bulk invite (#15195) 2021-12-06 02:08:21 +01:00
Jarek Radosz 4bb91754ad
FIX: Make user themes sort order case insensitive (#15193)
That's the order they appear in a dropdown in user preferences.
2021-12-06 01:55:34 +01:00
Martin Brennan 3b13f1146b
FIX: Add random suffix to outbound Message-ID for email (#15179)
Currently the Message-IDs we send out for outbound email
are not unique; for a post they look like:

topic/TOPIC_ID/POST_ID@HOST

And for a topic they look like:

topic/TOPIC_ID@HOST

This commit changes the outbound Message-IDs to also have
a random suffix before the host, so the new format is
like this:

topic/TOPIC_ID/POST_ID.RANDOM_SUFFIX@HOST

Or:

topic/TOPIC_ID.RANDOM_SUFFIX@HOST

This should help with email deliverability. This change
is backwards-compatible, the old Message-ID format will
still be recognized in the mail receiver flow, so people
will still be able to reply using Message-IDs, In-Reply-To,
and References headers that have already been sent.

This commit also refactors Message-ID related logic
to a central location, and adds judicious amounts of
tests and documentation.
2021-12-06 10:34:39 +10:00
David Taylor 972d7cb1d6
DEV: Fix mini-profiler location for custom (or missing) d-headers (#15192) 2021-12-04 23:33:07 +00:00
Jarek Radosz d3912075b6
FIX: PWA badges were not updating (#15191)
That regressed in #7714, over two years ago. :P
2021-12-05 00:15:51 +01:00
Kris 03f3d79388
UX: remove style that breaks composer on pm page (#15189) 2021-12-03 21:56:37 -05:00
Kris 6d2eae27a6
UX: reduce composer jumpiness on android (#15184) 2021-12-03 17:02:22 -05:00
Kris 657c137384
UX: Prevent overflow on mobile timeline dates (#15182) 2021-12-03 13:48:26 -05:00
Kris b01ded9c89
UX: Improve tag info style (#15177) 2021-12-03 10:22:05 -05:00
Joffrey JAFFEUX f9e2ab570b
FIX: allows more precise placement strategy on mobile (#15171)
* FIX: allows more precise placement strategy on mobile

- default to absolute on mobile, fixed on desktop
- allows to set a global `placementStrategy` or a specific to each view `mobilePlacementStrategy` `desktopPlacementStrategy`

This is mainly used to allow a proper composer-actions positioning in mobile.

Note this commit also fixes a mouseDown event which could propagate quote-button event and cause the composer to close full screen on mobile

* mobile only
2021-12-03 11:47:33 +11:00
Mark VanLandingham 7e005f2ea3
DEV: Don't error when emoji-picker is used outside composer (#15172) 2021-12-02 14:50:30 -06:00
Jordan Vidrine 9ecf454074
DEV: Invite page changes (#15175) 2021-12-02 13:18:11 -06:00
Jarek Radosz 7456a59022
FEATURE: Add the ability to go back and forth between PM and New Topic (#15173)
Before this, if you were composing a new topic and then switched the mode to "New Message", the dropdown would disappear.

So if you changed your mind, you'd have to copy the text you typed, cancel, click "New Topic" again, and then paste the text. (and if you already had a title entered too, things would be more complicated…)
2021-12-02 19:46:40 +01:00
Daniel Waterworth bd10f113e9
DEV: Raise errors for (black|white)list accesses (#15174)
These have been deprecated for a while
2021-12-02 12:16:55 -06:00
Michelle Bueno Saquetim Vendrame 9b5836aa1d
Add three reports (#14338)
* Add report top_users_by_received_likes

* Add report top_users_by_received_likes_from_inferior_trust_level

* Add report top_users_by_likes_received_from_a_variety_of_people

* Add test to report_top_users_by_received_likes

* add top_users_by_likes_received_from_a_variety_of_people report test

* add top_users_by_likes_received_from_inferior_trust_level report tests
2021-12-02 22:41:55 +05:30
Daniel Waterworth 2f04a9b9fb
DEV: Remove site_setting_saved event (#15164)
We said we would drop it from 2.4, so this is long overdue

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-02 09:33:03 -06:00
David Taylor cfb6199a95
FIX: Don't redirect XHR/JSON requests when login is required (#15093)
When redirecting to login, we store a destination_url cookie, which the user is then redirected to after login. We never want the user to be redirected to a JSON URL. Instead, we should return a 403 in these situations.

This should also be much less confusing for API consumers - a 403 is a better representation than a 302.
2021-12-02 15:12:25 +00:00
David Taylor 55cbc70f3f
DEV: Ensure redirects are passed through to the client by ember-cli (#15170)
By default, `fetch` will transparently follow redirects, even across domain boundaries
2021-12-02 15:03:45 +00:00
Penar Musaraj 732678f642
UX: Fix alignment in group navigation bar (#15169)
Same as #15145.
2021-12-02 09:45:33 -05:00
Andrei Prigorshnev 1c0022c195
FIX: extract and fix overriding of usernames by external auth (#14637) 2021-12-02 17:42:23 +04:00
David Taylor ceca34aca6
DEV: Ensure ember-cli does not attempt to bootstrap non-ember pages (#15168)
1b3d124a introduced a logic change which meant that we attempted to bootstrap, even on pages without any `preloadJson` (i.e. non-ember HTML pages from Discourse). This commit restores the original logic, making sure to avoid `?.`.
2021-12-02 10:58:54 +00:00
David Taylor 44d16fcd8e
DEV: Print full stack trace on ember-cli bootstrap error (#15167) 2021-12-02 10:58:03 +00:00
Sam 3a73028a70
PERF: migrate normalized_emails in a migrations (#15166)
Old OnceOff job could perform pretty slowly on sites with millions of emails

New implementation operates in batches in a migration, minimizing locking.
2021-12-02 15:08:22 +11:00
Jarek Radosz 1b3d124a4e
DEV: Don't use `?.` in bootstrap-json (#15162)
That code is not transpiled, so it doesn't work on older node versions.
2021-12-01 22:04:56 +01:00
Mark VanLandingham bd140948e3
DEV: Changes to support chat uploads (#15153) 2021-12-01 13:24:16 -06:00
David Taylor abe30a17da
DEV: Fix ember CLI bootstrap logic (#15160)
When 1fa7a87f was rebased onto `main`, it didn't take into account the recent changes in c0781d7d. This commit updates the logic to work properly.
2021-12-01 18:31:52 +00:00
Kerry Liu 64e1ca6daa UX: only apply link formats on paste to selections that do not contain links 2021-12-01 13:29:17 -05:00
Osama Sayegh 1d69261bc0
FIX: Set `auto_update` to false for non-git themes/components (#15157)
Related to: 20f736aa11.

`auto_update` is true by default at the database level, but it doesn't make sense for `auto_update` to be true on themes that are not imported from a Git repository.
2021-12-01 19:58:13 +03:00
David Taylor 1fa7a87f86
SECURITY: Remove ember-cli specific response from application routes (#15155)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
2021-12-01 16:10:40 +00:00
Andrei Prigorshnev f37375f582
DEV: avoid sending events to a destroying object and enable few skipped tests (#15030) 2021-12-01 18:21:44 +04:00
Martin Brennan 4bdb956a0d
Revert "UX: Fix alignment in group navigation bar (#15145)" (#15150)
This reverts commit 01830f9d28.

This broke sidebar and could have affected customer themes
on a full enterprise deploy.
2021-12-01 16:13:03 +11:00
Natalie Tay 0f598ca51e
SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
Penar Musaraj 01830f9d28
UX: Fix alignment in group navigation bar (#15145) 2021-12-01 11:49:34 +11:00
Martin Brennan d64323b4e6
DEV: Change create-invite-uploader to use uppy (#15088)
Part of overall strategy to remove jQuery file uploader
from the codebase. Also added some helper functionality to
the uppy mixin to allow for non-autostart uploads (all
previous upload changes have been for auto start components.)
2021-12-01 09:45:05 +10:00
Martin Brennan dce6c6fb50
FIX: Native File object was not passed to uploadHandler (#15146)
The commit 20b2a42f49 broke
upload handlers, because previously we passed through the
native File object to the handler, not the uppy-wrapped
File object.
2021-12-01 09:01:53 +10:00
Krzysztof Kotlarek 9cabd3721b
FEATURE: ability to add description to tags (#15125)
Ability to add description to tags, which will be displayed on hover.
2021-12-01 09:18:56 +11:00
Jarek Radosz 0bf30196c9
FIX: Broken css in #15141 (#15144) 2021-11-30 20:02:22 +01:00
Jarek Radosz feb9a3675d
UX: Tweak mobile composer styling (#15141)
A followup to #15117
2021-11-30 19:50:28 +01:00
Jarek Radosz ac79c5efc6
UX: Tweak composer styling (#15117)
* Even margins
* Slightly more muted and unified borders, separators, and icons
* Editor and preview area have same height
2021-11-30 17:41:22 +01:00
Jarek Radosz 7ce6971539
DEV: Add drop-date to drop-dateless deprecations (#15133) 2021-11-30 17:41:04 +01:00
Jarek Radosz c0781d7d23
DEV: Replace bent with node-fetch in bootstrap (#15139)
Drops the `acceptedStatusCodes` array.
2021-11-30 17:40:32 +01:00
Roman Rizzi 1fc06520bd
REFACTOR: Improve support for consolidating notifications. (#14904)
* REFACTOR: Improve support for consolidating notifications.

Before this commit, we didn't have a single way of consolidating notifications. For notifications like group summaries, we manually removed old ones before creating a new one. On the other hand, we used an after_create callback for likes and group membership requests, which caused unnecessary work, as we need to delete the record we created to replace it with a consolidated one.

We now have all the consolidation rules centralized in a single place: the consolidation planner class. Other parts of the app looking to create a consolidable notification can do so by calling Notification#consolidate_or_save!, instead of the default Notification#create! method.

Finally, we added two more rules: one for re-using existing group summaries and another for deleting duplicated dashboard problems PMs notifications when the user is tracking the moderator's inbox. Setting the threshold to one forces the planner to apply this rule every time.

I plan to add plugin support for adding custom rules in another PR to keep this one relatively small.

* DEV: Introduces a plugin API for consolidating notifications.

This commit removes the `Notification#filter_by_consolidation_data` scope since plugins could have to define their criteria. The Plan class now receives two blocks, one to query for an already consolidated notification, which we'll try to update, and another to query for existing ones to consolidate.

It also receives a consolidation window, which accepts an ActiveSupport::Duration object, and filter notifications created since that value.
2021-11-30 13:36:14 -03:00
Andrei Prigorshnev 284ab8cdf7
DEV: migrate (almost all) routes from `actions:` to `@action` syntax (#14722)
This should be safe, all these places are pretty straightforward. I've run into one problem when changing this, though. That problem was fixed in https://github.com/discourse/discourse/pull/14624
2021-11-30 17:01:06 +04:00
Andrei Prigorshnev 88f9bb3dc9
FIX: do not suggest "user1" as a username to invited users (#15031)
Recently, the wrong new behavior appeared – we started to suggest to invited users usernames like "user1".

To reproduce:
1. Create an invitation with default settings, do not restrict it to email
2. Copy an invitation link and follow it in incognito mode
See username already filled, with eg “user1”. See screenshot. Should be empty.

This bug was very likely introduced by my recent changes to UserNameSuggester.
2021-11-30 16:59:37 +04:00
Jarek Radosz 24356e339b
DEV: Fix pending posts page, make tests work in legacy env (#15132)
* Running the tests only in the ember cli env hid the fact that the pending posts feature wasn't working in the legacy environment
* Tests were using ember-cli-only APIs while there are widely used testing APIs in Discourse that support both ember envs
* `ember-test-selectors` was in both dependencies and devDependencies in discourse/package.json
* `qunit-dom` in package.json was not only unused but also defunct, as it wasn't pulled into the legacy env app

A followup to #14501, and #15128.
2021-11-30 13:01:39 +01:00
Osama Sayegh fced35de15
UX: Add title attribute to reports cells (#15137)
Some reports, like the Web Crawler User Agents report, have very long strings that need to be truncated when displayed. However, there is no way to see the full value without exporting the report or inspecting the elements using dev tools. This PR set a `title` attribute with the full value to the reports `<td>` elements so that the full value is shown on hover.
2021-11-30 14:58:42 +03:00
Joffrey JAFFEUX 77a1d8675c
FIX: adds 422 status code to bootstrap json (#15138)
A post error validation would return a 422 status code. This status code was not accepted with the recent changes to bootstrap-json/index.js and would return a "Discourse Build Error" string, preventing any kind of bootbox popup error in the composer.
2021-11-30 11:54:38 +01:00
Osama Sayegh 7bd3986b21
FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131)
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
Jeff Wong 9896fc7d33
FIX: allow staff to upload when they should and authorized_extensions is blank (#15136)
Allow staff to upload when authorized_extensions is blank, but
authorized_extensions_for_staff is not
2021-11-29 21:40:54 -08:00
David Taylor af4b8d0e21
DEV: Automatically leave PresenceChannels when in the background (#15047)
* DEV: Improve PresenceChannel state storage

Replaces some objects with Maps, and removes the redundant _presentChannels Set.

* DEV: Automatically leave PresenceChannels when in the background

If a tab has been in the background for 10s, or there has been no user activity for 60s, then the user will be removed from all PresenceChannels until activity resumes. Developers can opt-out of this by passing `{onlyWhileActive: false}` to the `enter` method.
2021-11-30 15:38:19 +11:00
Jarek Radosz 6662101208
DEV: Fix a test leak (#15135)
The leak was introduced in #11722 and a test was added that relied on it in #14563

This PR fixes the leak (bookmarks-test), fixes the test that relied on it (fast-edit-test), and repleces some ad-hoc code with cloneJSON helper (other files)
2021-11-30 13:45:26 +11:00
Martin Brennan 7e5f52a163
DEV: Use pushObject for inProgressUploads in uppy (#15134)
The inProgressUploads is meant to be used to display these uploads
in a UI, and Ember will only update the array in the UI if pushObject
is used to notify it.
2021-11-30 10:42:45 +10:00
Martin Brennan f70e6c302f
DEV: Switch to using uppy uploads in composer by default (#15058)
This is a big change to change over to using the uppy
upload mixin in the composer by default. This gets rid
of the temporary composer-editor-uppy component, as well
as removing the old ComposerUpload mixin and copying over
any missing functions that were not yet implemented by
ComposerUploadUppy. This has been working well on our
hosting for some time now and has led us to several
bug fixes.

This commit also deletes the old plugin API for adding
preprocessors for the uploads. The accepted method of doing
this now is via an uppy preprocessor plugin, which we have
several examples of in the core codebase.

Leaving the `enable_experimental_composer_uploader` site setting
intact for now because some plugins still rely on it, this
will be removed at a later date.

One step closer to ending the jQuery file uploader saga...
2021-11-30 08:33:06 +10:00
Joffrey JAFFEUX 3dc0b9e077
UX: closes multi-select on selection when maximum=1 (#15092) 2021-11-29 14:29:11 +01:00
Loïc Guitaut 354f88358c DEV: Add ember-test-selectors to production env 2021-11-29 11:31:31 +01:00
David Taylor 0ab57975a4
FIX: Ensure widget hooks always call the correct instance (#15127)
Widgets instances are ephemeral - they change on every re-render. We always want to notify the 'most recent' widget instance of events. This regressed in 1b9cf1b1 because the touchStart and drag hooks would persist the widget instance from the initial render. This commit switches TouchStart and Drag back to the pattern other events use, so that the most recent instance is always called. The performance benefits of per-element event listeners are retained.
2021-11-29 09:33:40 +00:00
Loïc Guitaut a5fbb90df4 FEATURE: Display pending posts on user’s page
Currently when a user creates posts that are moderated (for whatever
reason), a popup is displayed saying the post needs approval and the
total number of the user’s pending posts. But then this piece of
information is kind of lost and there is nowhere for the user to know
what are their pending posts or how many there are.

This patch solves this issue by adding a new “Pending” section to the
user’s activity page when there are some pending posts to display. When
there are none, then the “Pending” section isn’t displayed at all.
2021-11-29 10:26:33 +01:00
Joffrey JAFFEUX 6e603799eb
FIX: treats ipad as mobileView for popper positioning (#15091)
* FIX: treats ipad as mobileView for popper positioning

* ensures it doesn’t break wizard
2021-11-29 17:40:01 +11:00
Jarek Radosz 530eb0c9bd
DEV: Throw on non-xhr errors (#15123)
Makes it easier to debug post-stream problems when the issue isn't with the server response.
2021-11-29 17:36:48 +11:00
Jarek Radosz 5d643a498e
FIX: Global log notice regressed in #15000 (#15119)
Notice models didn't have the same injections as GlobalNotice components.
2021-11-29 17:13:35 +11:00
Martin Brennan 20b2a42f49
DEV: Send multiple files in batches to composer upload handlers when using uppy (#15124)
In jQuery file upload land, we were sending a single file through
at a time to matching upload handlers. This in turn required plugin
authors to marshal the files as they came through one by one if they
wanted to group them together to do something with them. Now that
we are using uppy, files come through in the groups they are added
in (for example dropping multiple, selecting multiple from the system
file dialogue).

This commit changes the matching upload handlers to send through
all matching files at once instead of piecemeal.
2021-11-29 11:19:02 +10:00
Jarek Radosz 13aed6fe3b
FIX: Setting bookmarks in some cases was broken (#15120)
Error introduced in #14781

```
Error: Assertion Failed: You attempted to update <(unknown):ember3217>.bookmarks to "<(unknown):ember3846>", but it is being tracked by a tracking context, such as a template, computed property, or observer. In order to make sure the context updates properly, you must invalidate the property when updating it. You can mark the property as `@tracked`, or use `@ember/object#set` to do this.
```
2021-11-28 23:34:51 +01:00
Martin Brennan e464958333
DEV: Fix uploadHandler impl. in composer-upload-uppy mixin (#15105)
In f6528afa01 I added parity support
for composer upload handlers to the uppy-ized composer. However the
way I assumed that it was only possible to handle a single file
upload at a time was false; it only appeared this way in the old
jQuery file upload composer because jQuery file upload sent through
files one at a time even if multiple were added at once. This caused
issues in certain plugins and themes by third parties.

This commit fixes the issue by making the uppy upload handler work
the same as the old one, by capturing all of the added files that
have matching handlers then going through them one by one and passing
them to the handler function.
2021-11-29 08:32:06 +10:00
Jarek Radosz fb5e871dff
DEV: Remove unnecessary functions (#15113) 2021-11-28 12:45:32 +01:00
David Taylor 1b9cf1b1c7
PERF: Update widget hooks to avoid global scroll-blocking events (#15116)
For widget event handlers, we register a single listener on the `<body>`, and then notify the relavent widget (if any) when the event fires.

`touchstart` and `touchmove` events are particularly performance sensitive because they block scrolling on mobile. Therefore we want to avoid registering global non-passive listeners for these events.

This commit updates the WidgetTouchStartHook and WidgetDragHook implementations to automatically register listeners on the specific widget DOM elements when required.

This commit removes the last global scroll-blocking event handler from Discourse core. That means that mobile scrolling is now completely decoupled from our JS app. Even if the JS app is completely blocked (e.g. during rendering), scrolling will now continue to work. This should make things feel a lot smoother, especially on lower performance devices.
2021-11-28 10:47:44 +00:00
David Taylor bca5c58c90
DEV: Disable 'passive' handlers for pan-events mixin (#15118)
These were set to `passive: true` in ff72522f.

However, two consumers of this mixin (topic-navigation and site-header) do need to call `e.preventDefault()`, so we can't use passive listeners here.

That's ok, because this mixin only applies to a specific component's element, not the entire page. So having these non-passive listeners doesn't affect the vast majority of scrolling
2021-11-28 10:42:59 +00:00
David Taylor 136189508b
DEV: Ensure scrolling-post-stream event listeners are removed correctly (#15115)
The method was switched from _debouncedScrollCallback to _debouncedScroll in ff72522f, but the cleanup was not updated to match.
2021-11-27 17:04:31 +00:00
David Taylor 1b184cefd0
PERF: Update scrolling mixin implementation (#15109)
This mixin calls the "scrolled" method of some object with no parameters, so there is no way that consumers would ever call `event.preventDefault()`. Therefore we can make the listeners passive, and improve scrolling performance on mobile.

This commit also updates the mixin to remove JQuery usage. The API is slightly modified to remove the need for an event 'name' for binding/unbinding.

The calls to `.bindScrolling` and `.unbindScrolling` in user-stream.js are removed because they are already called by the LoadMore mixin which is applied to the component.

The `bindScrolling` method claimed to offer debouncing-by-default. However, a bug in the `opts` parsing meant that debouncing was skipped if a 'name' was passed in. Therefore the only consumer actually being debounced was the LoadMore mixin. This commit fixes the opts parsing, so all consumers get the same behavior.

However, when scrolling, debounce is rarely what we want. The documentation of `bindScrolling` says "called every 100ms". In fact, debounce means that the functions were only called 'after the user **stops scrolling** for 100ms'. If you're scrolling very slowly (e.g. when using momentum-based scrolling on mobile), then this can be quite frustrating. This is why "Load more" is only triggered on topics/topic-lists when you completely stop scrolling.

Therefore, this commit also replaces the default 'debounce' with a 'throttle'. The 'throttle' is configured with `immediate = false`, so that it fires on the trailing edge, and therefore the final call will always be **after** we finish scrolling. (the default `immediate: true` would fire on the leading edge, and so the last call could be up to 100ms **before** we finish scrolling).
2021-11-26 20:22:50 +00:00
David Taylor 5d59b7e733
DEV: Make plugin api errors more descriptive (#15111)
With more descriptive errors, developers will know **why** a change is required, and may be more likely to take action.
2021-11-26 20:22:29 +00:00
David Taylor e8bb37bd89
PERF: Disable ember touchstart listener (#15112)
Registering non-passive listeners for the touchstart event can affect scroll performance on mobile devices, and now shows a warning in Chrome. Our current version of Ember unconditionally registers all event listeners, even if they're unused. It also doesn't support passive event listeners. Once we get to Ember 4.0, it lazily registers event listeners, and supports passive listeners via the `{{on` helper.

We already disable the ember `mousemove` and `touchmove` events for performance, so it makes sense to do the same for `touchstart`. We are not using `touchstart` anywhere in core, and I cannot find any official/unofficial plugins which use it. If a `touchstart` event is required, plugins/themes can always register their own listeners (preferably on a specific element, rather than the whole `document`)
2021-11-26 20:22:02 +00:00
Jarek Radosz fac6cc0778
DEV: Make `@afterRender` do just that, no extra `next()` (#15086) 2021-11-26 20:16:08 +01:00
David Taylor 4229e3f22c DEV: Set `passive: false` on composer grippie events
We do call `event.preventDefault()` on these events. They're limited to a single element, so performance impact should be negligable. Adding `passive: false` prevents the chrome dev tools warning.
2021-11-26 18:03:39 +00:00
David Taylor ff72522f30 PERF: Use passive event listeners for touchstart, touchmove
None of these places call `event.preventDefault()`. Therefore we can register the event listeners as 'passive', and improve scroll performance on mobile devices.
2021-11-26 18:03:39 +00:00
Penar Musaraj a12b73f881
UX: Fix extra indent on lists when supporting mixed text direction (#15110) 2021-11-26 12:32:45 -05:00
Robin Ward f1178514fa Segment Ember CLI tests
Note `/topics/bulk` missing the first slash seems to expose an error not
present without segmentation.
2021-11-26 12:14:30 -05:00
Jarek Radosz 2971d03307
DEV: Don't create unnecessary scope methods (#15104)
Skipping methods we don't use gives us mem/perf gains (minuscule but still), but more importantly fixes warnings about `Poll#open` (created by `enum :status`) conflicting with some internal AR method. 😃
2021-11-26 16:34:07 +01:00
David Taylor 4d3eb3f1ac
PERF: Set --header-offset property only when changed (#15107)
Calling `setProperty("--header-offset", newValue)` will always cause a 'Recalculate Style' event, even if the value is unchanged. On my browser, these 'Recalculate Style' events take about 6-7ms each time the `dockCheck` function is run.

This commit stores the 'previous' value in an instance variable, and only calls setProperty if the value has changed. This brings the total runtime of `dockCheck` down to about 70µs on my machine.
2021-11-26 15:25:03 +00:00
Jarek Radosz 1441226b1a
DEV: Don't polute all ActiveRecord classes (#15103)
`pending`, `approved`, `rejected`, `ignored`, and `deleted` scope method were accessible on all model classes… 😂

Fixes `Creating scope :pending. Overwriting existing method DiscoursePostEvent::EventDate.pending.` warnings.
2021-11-26 10:17:10 +08:00
Martin Brennan 73db60ad2a
DEV: Add 201 to bootstrap-json accepted status codes (#15102)
The theme creator endpoints return JSON with a 201 CREATED
status code. With the recent changes to bootstrap-json/index.js
for the Ember CLI proxy, these endpoints were broken because
201 was not an accepted status code. This commit simply
adds 201 to the array, but prettier forced a reformat as well!
2021-11-26 11:13:15 +10:00
Robin Ward 9123f471e8 FIX: Don't throw errors on duplicate keys in Yaml
We shouldn't have them, but they shouldn't break a build either.
2021-11-25 16:56:02 -05:00
Jarek Radosz c3eb75bf00
DEV: Don't crash on empty plugin translations (#15097)
ember build would throw and exit on:

```yml
# plugins/my_plugin/config/locales/client.en.yml
en:
  js:
    my_plugin:

```
2021-11-25 22:55:37 +01:00
Penar Musaraj d99deaf1ab
FEATURE: show recent searches in quick search panel (#15024) 2021-11-25 15:44:15 -05:00
Rafael dos Santos Silva 5647819de4
FEATURE: Send a 'noindex' header in non-canonical responses (#15026)
* FEATURE: Optionally send a 'noindex' header in non-canonical responses

This will be used in a SEO experiment.

Co-authored-by: David Taylor <david@taylorhq.com>
2021-11-25 16:58:39 -03:00
Penar Musaraj 1166afa4e8
FIX: Software update prompt position on themes with extra header (#15094) 2021-11-25 11:16:55 -05:00
Jarek Radosz cabacb5c48
DEV: Drop non-visualViewport Safari hacks (#15007)
Those were required pre-iOS 13.
2021-11-25 16:56:11 +01:00
David Taylor 03998e0a29
FIX: Use CDN URL for internal onebox avatars (#15077)
This commit will also trigger a background rebake for all existing posts with internal oneboxes
2021-11-25 12:07:34 +00:00
David Taylor fd93d6f955
DEV: `lib/user-presence` improvements (#15046)
- Remove JQuery
- Remove legacy `document.webkitHidden` support. None of our currently supported browsers need this
- Use `passive` event listeners. These allows the browser to process the events first, before passing control to us
- Add a new `unseenTime` parameter. This allows consumers to request a delay before being notified about the browser going into the background
- Add a method for removing a callback
- Fire the callback when presence changes in either direction. Previously it would only fire when the user becomes present after a period of inactivity.
- Ensure callbacks are only called once for each state change. Previously they would be called every 60s, regardless of the value
- Listen to the `visibilitychanged` and `focus` events, treating them as equivalent to user action. This will make messagebus re-activate more quickly when switching back to a stale tab
- Add test helpers
- Delete the unused `discourse/lib/page-visible` module.
- Call message-bus's onVisibilityChange API directly, rather than dispatching a fake event on the `document`
2021-11-25 12:07:07 +00:00
Dan Ungureanu 6e2d4a14ac
FIX: Delete unconfirmed AND expired email tokens only (#15089) 2021-11-25 10:34:30 +02:00
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
Natalie Tay 4c46c7e334
DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
Jordan Vidrine 09260148b1
DEV: Add cta app event (#15051)
Add app event for when CTA is triggered for anon users
2021-11-25 15:10:26 +11:00
Alan Guo Xiang Tan db5edc713b
DEV: Make it clear that plugin-api on the client side follows semver. (#15070) 2021-11-25 09:26:28 +08:00
Jarek Radosz 704974da6a
DEV: Allow using incorrect headers with ember-cli (#15085)
Makes it possible to pass-through invalid headers, e.g. `Content-Type: multipart/form-data;;`

That ability regressed with the latest changes.
2021-11-25 00:45:55 +01:00
Robin Ward c27e324bd1 FEATURE: Support i18n in Ember CLI plugin tests 2021-11-24 15:19:36 -05:00
Jarek Radosz de3680eb5c
DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
Jarek Radosz e41f98bf96
DEV: Fix set-after-destroy issues (#15078)
Fixes broken tests on the legacy ember env.
2021-11-24 20:13:52 +01:00
Jarek Radosz 9380c1273e
DEV: Fix another form of sending data in ember-cli (#15079) 2021-11-24 18:54:15 +01:00
Osama Sayegh 8fd10e6414
FIX: Don't crash the browser when tapping autocomplete suggestions on Android/Gboard (#15076)
This is a workaround for an annoying bug that crashes the browser when an autocomplete suggestion is selected on Android if the virtual keyboard is Gboard. It's specific to Gboard because it sometimes sends `keydown` and `keyup` events twice for a single key press, more details can be found here: https://meta.discourse.org/t/emoji-selector-crashes-the-message-editor-in-android-chrome/187009/24?u=osama.
2021-11-24 20:44:46 +03:00
Kerry Liu ded9fe950a UX: add additional tests for pasting a link on a selection 2021-11-24 12:33:22 -05:00
Kerry Liu f37bffdf6c UX: when pasting a link use linkify rules 2021-11-24 12:33:22 -05:00
Kerry Liu 0009498901 UX: pasting links on a selection will apply a link format 2021-11-24 12:33:22 -05:00
Jarek Radosz c75224e3d9
DEV: Update supported node versions (#15073)
13 and 15 are no longer supported by node, and issues with discourse dependencies prevent us from using 17. (for now)
2021-11-24 18:18:35 +01:00
Bianca Nenciu 59e0ed8820
FEATURE: Highlight changed tags in post revisions (#15072) 2021-11-24 18:51:25 +02:00
Jarek Radosz 1ab4b1a4a8
DEV: Minor cleanup of create-account tests (#14989) 2021-11-24 16:43:25 +01:00
Jarek Radosz 9105163882
DEV: Fix the /tests path in ember-cli server (#15075) 2021-11-24 15:34:04 +01:00
Jarek Radosz e217364a46
DEV: Fix ember-cli proxy issues (#15071)
* DEV: Fix ember-cli proxy compat with node < 16
* DEV: Fix uploading via ember-cli
* DEV: Fix proxying /logs & other CSP-enabled pages
2021-11-24 12:52:25 +01:00
Bianca Nenciu 3ea8937157
FEATURE: Add email normalization rules setting (#14593)
When this setting is turned on, it will check that normalized emails
are unique. Normalized emails are emails without any dots or plus
aliases.

This setting can be used to block use of aliases of the same email
address.
2021-11-24 11:30:06 +02:00
Alan Guo Xiang Tan 057ef55684
DEV: Allow callback to be registered to remove post menu button. (#15061)
This will allow buttons in the post menu to be remove based on a post's
attributes or site settings.
2021-11-24 13:26:52 +08:00
Jarek Radosz 3172e08b6d
DEV: Fix ember-cli proxying to production sites (#15042) 2021-11-23 23:31:54 +01:00
Bianca Nenciu 73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Vinoth Kannan 0ededb1454
UX: timestamp should not hide handle of topic timeline in mobile. (#15066)
Previously, since the space of the timestamp is big in some locales, it blocked the visibility of topic timeline handle in mobile view.
2021-11-23 23:24:58 +05:30
David Taylor c749b41163
UX: Fallback to regular title if screen-reader title is unavailable (#15048)
c401d641 introduced a new translation key for auth providers, and provided new strings for core providers. However, not all plugins have added this string. This commit makes the screenreader title fallback to the regular title in those cases.
2021-11-23 11:12:54 +00:00
Natalie Tay adf6498fe2
FEATURE: Show browser search tip when discourse search shows up in a topic (#15055) 2021-11-23 13:11:17 +08:00
Alan Guo Xiang Tan 8226ab1099
PERF: Updating first unread PM for user not respecting limits. (#15056)
In b8c8909a9d, we introduced a regression
where users may have had their `UserStat.first_unread_pm_at` set
incorrectly. This commit introduces a migration to reset `UserStat.first_unread_pm_at` back to
`User#created_at`.

Follow-up to b8c8909a9d.
2021-11-23 12:51:54 +08:00
Martin Brennan db4c52ca26
DEV: Add single file progress and cancel for uppy in composer (#15053)
This commit adds handlers for the composer uppy mixin to allow
for cancelling individual file uploads, not just all of them
at once. This is also combined with better tracking of in progress
uploads along with their progress percentage, for UI that needs
to be able to display the progress for individual files and
also cancel individual files.

To use this, a cancel button in the UI should call a function like this:

```javascript
cancelSingleUpload(fileId) {
  this.appEvents.trigger(`${this.eventPrefix}:cancel-upload`, {
    fileId,
  });
},
```

Additionally, the `inProgressUploads` can be shown in the UI. It is an array of objects with the file name, ID, and the progress percentage. We can add more data to this if needed down the line.
2021-11-23 14:00:23 +10:00
Kris 52532758f7
DEV: add plugin outlet before topic list views (#15054) 2021-11-22 22:52:46 -05:00
Natalie Tay 340901c913
DEV: Add if a user is using an Apple device in widget capabilities (#15021)
* Consolidate device capability sniffing in caps
2021-11-23 11:21:31 +08:00
Martin Brennan 49c49e8ae0
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
This takes the uppy chunking algorithm and combines it with some
form submission from resumable.js for parity with the current
backup controller to make local backup uploads work with uppy.
We can then use this to replace the resumable-upload component
and the resumable.js library from our codebase, once stable.

This is disabled by default, so people using local backups will not
be affected. The enable_experimental_backup_uploader site setting
must be enabled for this to work.
2021-11-23 08:45:42 +10:00
Jarek Radosz 68b0fdd2b3
DEV: Fix silence user context message (#15040) 2021-11-22 19:44:20 +01:00
Jarek Radosz bd2e1a8c38
FIX: Don't hit permalink-check if not authorized (#15039) 2021-11-22 19:44:00 +01:00
Jarek Radosz ceed48f321
UX: Make banner full-width (#15038) 2021-11-22 19:43:45 +01:00
Dan Ungureanu d420a7b2c8
DEV: Reuse code for TrustLevelAndStaffSetting (#15044)
The code that checked this permission was duplicated everytime a new
settings of this type was added. This commit changes the behavior of
some functionality because some feature checks were bypassed for staff
members.
2021-11-22 20:18:53 +02:00
RogerBW fd66df5997
FEATURE: adds uploads scope for API keys (#14941)
* FEATURE: adds uploads scope for API keys

* Add basic test, change "image" to "file"
2021-11-22 10:49:08 -07:00
Jarek Radosz d91d67a442
FEATURE: Allow theme settings to request refresh (#15037)
Similar to site settings, adds support for `refresh` option to theme settings.

```yaml
super_feature_enabled:
  type: bool
  default: false
  refresh: true
```
2021-11-22 13:16:56 +01:00
Martin Brennan 9f8ee8f137
FIX: Don't publish notifications to MessageBus for inactive users (#15035)
We are pushing /notification-alert/#{user_id} and /notification/#{user_id}
messages to MessageBus from both PostAlerter and User#publish_notification_state.
This can cause memory issues on large sites with many users. This commit
stems the bleeding by only sending these alert messages if the user
in question has been seen in the last 30 days, which eliminates a large
chunk of users on some sites.
2021-11-22 14:38:49 +11:00
Natalie Tay 9015183942
Always show input when editing text by removing hover (#15034) 2021-11-22 10:23:42 +08:00
Natalie Tay d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Penar Musaraj 10a57825c8
UX: Fix fast edit save button color in dark schemes (#15027) 2021-11-19 16:15:10 -05:00
jbrw 97b27a7426
FIX: Remove 'Open Draft' label after topic draft deleted (#14997)
* FIX: Remove 'Open Draft' label after topic draft deleted
2021-11-19 11:00:11 -05:00
David Taylor e906596942
FIX: Ensure mobile topic-list links are treated as Ember transitions (#15022)
In the topic lists, it's important that we apply `pointer-events: none;` to the links. 0e371d4 updated the selector used for this css.

In `templates/list/topic-list-item.hbs`, `.main-link` is applied to the same element as `.topic-list-data`, so the new selector applied correctly.

In `templates/mobile/list/topic-list-item.hbr`, `.main-link` is nested within `.topic-list-data`, so the new selector did not apply correctly.

This commit switches the selector back to simply `.main-link`, so that it works for both mobile and desktop.
2021-11-19 13:47:53 +00:00
Andrei Prigorshnev b0d8d9e73d
FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
David Taylor 2153011cdb
PERF: Use more efficient text-direction check in select-kit init (#15015)
Calling `window.getComputedStyle` during initialization causes the browser to pause and 'Recalculate Style'. On my machine, this adds about 7ms to boot time. Instead, we can check for the `rtl` class on the html element, which is added by the server, and doesn't require computing styles.
2021-11-19 10:17:23 +00:00
Alan Guo Xiang Tan 1566cd2048
DEV: Return promise for toggleFilteredRepliesView widget action. (#15020)
This allows plugin to wait on the promise when the widget action is
called.
2021-11-19 15:40:35 +08:00
Alan Guo Xiang Tan 4b4973ee0d
PERF: Reduce records queried in `UserStat.update_first_unread_pm`. (#15016)
The inefficiency here is that we were previously fetching all the
records from `TopicAllowedUser` before filtering against a limited subset of
users based on `User#last_seen_at`.
2021-11-19 15:30:39 +11:00
Natalie Tay da9a9a8e65
FIX: Add a confirm and cancel button when editing alt text (#15003) 2021-11-19 10:57:09 +08:00
David Taylor 254689b1fb
DEV: Remove JQuery from discourse/lib/text-direction (#15014) 2021-11-19 01:09:36 +00:00
jbrw 9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Jarek Radosz e6670393df
DEV: Refactor `logs-notice`/`global-notice` (#15000) 2021-11-18 21:49:58 +01:00
Robin Ward 2c045c6368 FIX: Don't overwrite computed property for loading spinner fix
This fixes an issue CvX found on PR #14666 where a previous fix
overwrote a computed property.

The better fix (as is often the case with Ember) is to remove an
observer and call methods when things change ourselves.
2021-11-18 15:04:11 -05:00
Jordan Vidrine 9ebfcbb867
FIX: Topic list separator fix (#15011) 2021-11-18 13:32:44 -06:00
Dan Ungureanu 6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
David Taylor ed2c3ebd71
PERF: Move `preload` hints to the `<head>` (#15008)
We have two JS assets which are included in the `<body>` of responses. We were including the `<link rel='preload'` hint alongside the script tag in the body. Instead, we can move the preload hint to the `<head>` so that the browser discovers it earlier, and can start preloading the assets while the body is loading.
2021-11-18 18:02:16 +00:00
David Taylor 135fdd59ed
PERF: Improve JS app boot speed by optimizing `customResolve()` (#14990)
Time spent in the 'find module with suffix' portion of our `customResolve` function were adding up to around 100ms-150ms when booting the app. This time is spread over 150+ calls, so it's not immediately obvious in flamegraphs.

This commit implements a (reversed) [Trie](https://en.wikipedia.org/wiki/Trie) which enables fast suffix-based lookups on a list of strings.

In my tests, this requires < 5ms to initialize, and brings the cumulative 'find module with suffix' time down to `< 5ms`. This corresponds to a ~100ms improvement in LCP metrics in my browser.

The only behavior change is to remove support for module filenames which are **not** dasherized. I haven't found any core/theme/plugin modules which are not dasherized in their filenames.
2021-11-18 16:38:00 +00:00
Jarek Radosz a102673522
DEV: Avoid unnecessary `site-settings:main` lookups (#15006) 2021-11-18 17:11:59 +01:00
Jarek Radosz 8dc9e0f4bd
DEV: Use `class` syntax in key-value-store (#15005) 2021-11-18 16:54:47 +01:00
Jarek Radosz 82c72a46d1
DEV: Fix `castInteger` deprecations (#15004) 2021-11-18 16:52:14 +01:00
Jarek Radosz 4021842628
DEV: Make `search` an actual service (#14998) 2021-11-18 16:52:03 +01:00
Jarek Radosz 42fff92d9f
DEV: Make `store` an actual service (#14996)
`store:main` was unofficially deprecated 4 years ago in fbd5f1e411 (diff-b19dd1d6a5c7938fda9ae317136bbbb82339946ab457c9b95af936a47276c3ddR22)
2021-11-18 16:51:20 +01:00
Kris 19627eca4b
DEV: add outlet for extra categories column (#15002) 2021-11-18 09:46:59 -05:00
Vinoth Kannan fc1c76cfcc
FIX: exclude moderator_action post for reply count in user summary. (#14991)
Previously, incorrect reply counts are displayed in the "top categories" section of the user summary page since we included the `moderator_action` and `small_action` post types.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-11-18 13:42:03 +05:30
Alan Guo Xiang Tan db24c9b94e
FIX: Incorrect title and chevron when filtering by post number. (#14985)
The widget's state did not reflect the state of the controller.
2021-11-18 09:19:00 +08:00
Krzysztof Kotlarek eb82849ccb
FIX: none and all categories filter (#14999)
parentCategory is passed to drop-category componen: https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/templates/components/bread-crumbs.hbs#L11

However, it is not available if it is not explicitly allow listed in selectKitOptions
2021-11-18 10:21:34 +11:00
Martin Brennan b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz 9be69b603c
DEV: Make `screen-track` a regular service (#14983) 2021-11-17 20:56:06 +01:00
Bianca Nenciu 186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz bf34d3524b
DEV: Fix a `userFields` computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX 439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX 113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Krzysztof Kotlarek 9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00
Penar Musaraj 2ff7f105d9
UX: launch full page search on second `Enter` hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00
Martin Brennan 515acb8fc4
FIX: Error when SMTP enabled in PostAlerter with no incoming email (#14981)
When 31035010af
was done it failed to take into account the case where the smtp_enabled
site setting was true, but the topic had no allowed groups / no
incoming email record, which caused errors for topics even with
nothing to do with group SMTP.
2021-11-17 09:24:17 +10:00
Martin Brennan e7a4742490
FIX: Clean up emoji name which is file name (#14980)
Uppy adds the file name as the "name" parameter in the
payload by default, which means that for things like the
emoji uploader which have a name param used by the controller,
that param will be passed as the file name. We already use
the existing file name if the name param is null, so this
commit just does further cleanup of the name param, removing
the extension if it is a filename so we don't end up with
emoji names like blah_png.
2021-11-17 09:20:44 +10:00
Jarek Radosz bf33d2cd4b
FIX: Include all categories in sortedCategories (#14979)
Fixes the issue where categories over two levels deep were missing.
2021-11-17 00:12:04 +01:00
Martin Brennan 7e39910de6
DEV: Refactor uppy s3 mulipart mixin to not use self = this (#14960)
We no longer use this pattern, so we can replace with function
binding instead.
2021-11-17 09:03:10 +10:00