Commit Graph

564 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan a473e352de
DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692)
Before this commit, there was no way for us to efficiently check an
array of topics for which a user can see. Therefore, this commit
introduces the `TopicGuardian#can_see_topic_ids` method which accepts an
array of `Topic#id`s and filters out the ids which the user is not
allowed to see. The `TopicGuardian#can_see_topic_ids` method is meant to
maintain feature parity with `TopicGuardian#can_see_topic?` at all
times so a consistency check has been added in our tests to ensure that
`TopicGuardian#can_see_topic_ids` returns the same result as
`TopicGuardian#can_see_topic?`. In the near future, the plan is for us
to switch to `TopicGuardian#can_see_topic_ids` completely but I'm not
doing that in this commit as we have to be careful with the performance
impact of such a change.

This method is currently not being used in the current commit but will
be relied on in a subsequent commit.
2022-10-27 06:13:21 +08:00
Alan Guo Xiang Tan 305b7c8fae
DEV: Update rubocop (#18754) 2022-10-26 09:05:15 +08:00
Jarek Radosz df56ab172a
DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
Alan Guo Xiang Tan 0ffd408674
DEV: Remove harded id when fabricating in tests (#18729)
Hardcoding ids always lead to sadness for our test suite
2022-10-25 06:18:40 +08:00
Bianca Nenciu 266e165885
FIX: Use only first line from commit message (#18724)
Linking a commit from a GitHub pull request included the complete commit
message, instead of just the first line. The rest of the commit message
will be added to the body of the Onebox.
2022-10-24 22:26:48 +03:00
Jan Cernik 25fbbf4020
UX: Stop falling back to topic image on embeds (#18720)
If linked post (not OP) has no image, it won't fall back to the topic
image anymore.
2022-10-24 14:54:02 -03:00
Alan Guo Xiang Tan c752d68737
DEV: Fabricate instead of just building topic, post and user in tests (#18698)
Building does not persist the object in the database which is
unrealistic since we're mostly dealing with persisted objects in
production.

In theory, this will result our test suite taking longer to run since we
now have to write to the database. However, I don't expect the increase
to be significant and it is actually no different than us adding new
tests which fabricates more objects.
2022-10-24 05:51:41 +08:00
David Taylor cc439cf412
DEV: Apply theme template transforms to colocated components (#18704) 2022-10-21 19:05:34 +01:00
dependabot[bot] 5827d1eecc
Build(deps): Bump @babel/standalone from 7.19.3 to 7.19.6 in /app/assets/javascripts (#18689)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.19.3 to 7.19.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.6/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Tweak whitespace expectations in tests

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2022-10-21 14:48:27 +01:00
Alan Guo Xiang Tan 5fbd16926b
DEV: Add missing test case for `TopicGuardian#can_see_topic?` (#18694)
Staged users are allowed to view topics they created in a read restricted category
when category has `Category#email_in` and
`Category#email_in_allow_strangers` configured.
2022-10-21 16:40:46 +08:00
Bianca Nenciu 6b788d7329
FIX: Skip all post validations if necessary (#18625)
When PostRevisor is called with 'skip_validations: true' it can save
the post twice and one of the calls passes the correct 'validate: false'
argument, but the other one does not.
2022-10-19 18:54:32 +03:00
David Taylor c185043590
FIX: Ensure minification does not break colocated connectors (#18664)
The filenames (minus the extensions) were being used as keys in a hash to pass to Terser, which meant that colocated connector files would overwrite each other. This commit moves the un-colocating earlier in the pipeline so that the fixed filenames are passed to Terser.

Followup to be3d6a56ce
2022-10-19 10:49:01 +01:00
David Taylor be3d6a56ce
DEV: Introduce minification and source maps for Theme JS (#18646)
Theme javascript is now minified using Terser, just like our core/plugin JS bundles. This reduces the amount of data sent over the network.

This commit also introduces sourcemaps for theme JS. Browser developer tools will now be able show each source file separately when browsing, and also in backtraces.

For theme test JS, the sourcemap is inlined for simplicity. Network load is not a concern for tests.
2022-10-18 18:20:10 +01:00
David Taylor cb87067c77 DEV: Introduce support for template colocation in themes 2022-10-18 10:10:49 +01:00
David Taylor 65a5c84a92 DEV: perform theme extra_js compilation all together
Previously, compiling theme 'extra_js' was done with a number of steps. Each theme_field would be compiled into its own value_baked column, and then the JavascriptCache content would be built by concatenating all of those compiled values.

This commit streamlines things by removing the value_baked step. The raw value of all extra_js theme_fields are passed directly to the ThemeJavascriptCompiler, and then the result is stored in the JavascriptCache.

In itself, this commit should not cause any behavior change. It is designed to open the door to more advanced compilation features which have interdependencies between different source files (e.g. template colocation, sourcemaps).
2022-10-18 10:10:49 +01:00
Alan Guo Xiang Tan d1304ecb46
DEV: Move sidebar site settings to the sidebar category (#18596)
Sidebar category is only shown in the admin panel when `enable_experimental_sidebar_hamburger` site setting is enabled
2022-10-17 10:33:15 +08:00
David Taylor e0a6d12c55
Use service account credentials for fetching google hd groups (#18329)
The previous implementation would attempt to fetch groups using the end-user's Google auth token. This only worked for admin accounts, or users with 'delegated' access to the `admin.directory.group.readonly` API.

This commit changes the approach to use a single 'service account' for fetching the groups. This removes the need to add permissions to all regular user accounts. I'll be updating the [meta docs](https://meta.discourse.org/t/226850) with instructions on setting up the service account.

This is technically a breaking change in behavior, but the existing implementation was marked experimental, and is currently unusable in production google workspace environments.
2022-10-13 16:04:42 +01:00
Vinoth Kannan 7f167de10b
FIX: remove `nil` items before sorting the sha1 string array. (#18571)
Previously, when the array had both nil and string values it returned the error "comparison of NilClass with String failed". Now I added the `.compact` method to prevent this issue as per @martin-brennan's suggestion https://github.com/discourse/discourse/pull/18431#discussion_r984204788
2022-10-13 02:43:56 +05:30
Bianca Nenciu 33087f0bdf
A11Y: Set role=presentation if alt attr is missing (#18546)
This applies to all images posted that do not have a user description.
2022-10-12 14:07:37 +03:00
Rafael dos Santos Silva 6888eb5c2d
Revert "Revert "FEATURE: Preload resources via link header (#18475)" (#18511)" (#18531)
* Revert "Revert "FEATURE: Preload resources via link header (#18475)" (#18511)"

This reverts commit 95a57f7e0c.

* put behind feature flag

* env -> global setting

* declare global setting

* forgot one spot
2022-10-11 20:11:44 -03:00
Jacob Michalskie 36f7fbebdc
DEV: Allow ManagedAuthenticator classes to match by username (#18517) 2022-10-11 11:25:13 +01:00
Martin Brennan cab173d3b5
DEV: Add specs for hashtags related code (#18526)
Adding a couple of small specs to code around hashtags
for tags and categories since I will be working in this
area soon and these were not covered.
2022-10-11 09:04:51 +10:00
Blake Erickson e320bbe513
FEATURE: Adds seeded default categories to the sidebar (#18512) 2022-10-07 16:02:03 -06:00
Rafael dos Santos Silva 95a57f7e0c
Revert "FEATURE: Preload resources via link header (#18475)" (#18511)
This reverts commit 2d1dbc6f96.

We need to increase nginx proxy buffer to land this.
2022-10-07 15:08:40 -03:00
Rafael dos Santos Silva 2d1dbc6f96
FEATURE: Preload resources via link header (#18475)
Experiment moving from preload tags in the document head to preload information the the response headers.

While this is a minor improvement in most browsers (headers are parsed before the response body), this allows smart proxies like Cloudflare to "learn" from those headers and build HTTP 103 Early Hints for subsequent requests to the same URI, which will allow the user agent to download and parse our JS/CSS while we are waiting for the server to generate and stream the HTML response.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-10-07 13:19:50 -03:00
Krzysztof Kotlarek e6b5b6eae3
DEV: update to patched discourse-seed-fu (#18493)
Original seed-fu was cloned and patched with David's fix 576b69a368
2022-10-07 09:16:04 +11:00
Bianca Nenciu 73e9875a1d
FEATURE: Handle oneboxes for complex GitHub URLs (#18474)
GitHub PR URLs can link to a commit of the PR, a comment or a review
discussion.
2022-10-06 20:26:04 +03:00
Alan Guo Xiang Tan f3392a5a81
DEV: Avoid configuring Rails configuration in tests (#18499) 2022-10-06 15:45:19 +08:00
Arpit Jalan 8ae1edeb79
FIX: do not prefill default site title value on wizard introduction step (#18496) 2022-10-06 12:02:48 +05:30
Martin Brennan 6d7abc1c85
FIX: Make sure first admin users are added to auto groups (#18494)
When a user with an email matching those inside the
DISCOURSE_DEVELOPER_EMAILS env var log in, we make
them into admin users if they are not already. This
is used when setting up the first admin user for
self-hosters, since the discourse-setup script sets
the provided admin emails into DISCOURSE_DEVELOPER_EMAILS.

The issue being fixed here is that the new admins were
not being automatically added to the staff and admins
automatic groups, which was causing issues with the site
settings that are group_list based that don't have an explicit
staff override. All we need to do is refresh the automatic
staff, admin groups when admin is granted for the user.
2022-10-06 15:16:38 +10:00
Martin Brennan f5194aadd3
DEV: Remove usages of enable_personal_messages (#18437)
cf. e62e93f83a

This PR also makes it so `bot` (negative ID) and `system` users are always allowed
to send PMs, since the old conditional was just based on `enable_personal_messages`
2022-10-05 10:50:20 +10:00
Osama Sayegh 2d391565e4
FIX: Skip quality title validations for static topics when edited by admin (#18468)
Static topics are the seeded topics that are automatically created for every Discourse instance to hold the content for the FAQ, ToS and Privacy pages. These topics are allowed to bypass the minimum title length checks when they're edited by admins:

ba27ee1637/app/assets/javascripts/discourse/app/models/composer.js (L487-L496)

However, on the server-side, the "quality title" validations aren't skipped for static topics and that can cause confusion for admins when they change the title of a static topic to something that's short enough to fail the quality title validations. This commit ignores all quality title validations on static topics when they're edited by admins.

Internal topic: t/75745.
2022-10-04 21:55:21 +03:00
Selase Krakani 0c38757250
FIX: Revert recursively tag lookup with missing ancestor tags (#18439)
This reverts commit 049f8569d8.

To be revisited with a more comprehensive solution covering parent
selection when multiple parents exist.
2022-09-30 08:28:09 +00:00
Vinoth Kannan 6ebd2cecda
FIX: missing theme upload should not break precompile process. (#18431)
Previously, if an active default theme's upload record went missing then it will break the site and cause downtime.
2022-09-30 10:48:26 +05:30
Bianca Nenciu f60e6837c6
FEATURE: Add setting to always confirm old email (#18417)
By default, only staff members have to confirm their old email when
changing it. This commit adds a site setting that when enabled will
always ask the user to confirm old email.
2022-09-30 00:49:17 +03:00
Jarek Radosz b27d5626d2
SECURITY: Prevent arbitrary file write when decompressing files (#18421)
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2022-09-29 20:00:38 +02:00
Martin Brennan 8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Arpit Jalan 2ee721f8aa
FEATURE: add composer warning when user haven't been seen in a long time (#18340)
* FEATURE: add composer warning when user haven't been seen in a long time

When a user creates a PM and adds a recipient that hasn't been seen in a
long time then we'll now show a warning in composer indicating that the
user hasn't been seen in a long time.
2022-09-27 22:06:40 +05:30
Selase Krakani 049f8569d8
FIX: Recursively tag topics with missing ancestor tags (#18344)
* FIX: Recursively tag topics with missing ancestor tags

Given only a child tag, walk up the ancestry chain, get all of it's
ancestors for use in tagging a topic

* FIX: Ensure only one parent tag is returned for topic tagging

Current implementation selects and return first parent tag if child tag
has multiple parents.

This change updates recursive parent tag implementation to only return
parent tags via only one ancestry line.

* DEV: Add test case for tag cycles

Given we aren't performing a strict graph traversal to get a tag's
parent, cycles do not have any effect on the tags returned for topic
tagging.
2022-09-27 12:04:16 +00:00
Vinoth Kannan 076abe46fa
FEATURE: new site setting to set locale from cookie for anonymous users. (#18377)
This new hidden default-disabled site setting `set_locale_from_cookie` will set locale from anonymous user's cookie value.
2022-09-27 14:26:06 +05:30
Martin Brennan 7152345ee7
FIX: list_suggested_for conditional for personal_message_enabled_groups (#18373)
Follow-up to e62e93f83a,
misplaced a bracket and changed the meaning of the conditional.
2022-09-27 16:54:44 +10:00
Martin Brennan e62e93f83a
FEATURE: Introduce personal_message_enabled_groups setting (#18042)
This will replace `enable_personal_messages` and
`min_trust_to_send_messages`, this commit introduces
the setting `personal_message_enabled_groups`
and uses it in all places that `enable_personal_messages`
and `min_trust_to_send_messages` currently apply.

A migration is included to set `personal_message_enabled_groups`
based on the following rules:

* If `enable_personal_messages` was false, then set
  `personal_message_enabled_groups` to `3`, which is
  the staff auto group
* If `min_trust_to_send_messages` is not default (1)
  and the above condition is false, then set the
  `personal_message_enabled_groups` setting to
  the appropriate auto group based on the trust level
* Otherwise just set `personal_message_enabled_groups` to
  11 which is the TL1 auto group

After follow-up PRs to plugins using these old settings, we will be
able to drop the old settings from core, in the meantime I've added
 DEPRECATED notices to their descriptions and added them
to the deprecated site settings list.

This commit also introduces a `_map` shortcut method definition
for all `group_list` site settings, e.g. `SiteSetting.personal_message_enabled_groups`
also has `SiteSetting.personal_message_enabled_groups_map` available,
which automatically splits the setting by `|` and converts it into
an array of integers.
2022-09-26 13:58:40 +10:00
Martin Brennan e3d495850d
FEATURE: Overhaul email threading (#17996)
See https://meta.discourse.org/t/discourse-email-messages-are-incorrectly-threaded/233499
for thorough reasoning.

This commit changes how we generate Message-IDs and do email
threading for emails sent from Discourse. The main changes are
as follows:

* Introduce an outbound_message_id column on Post that
  is either a) filled with a Discourse-generated Message-ID
  the first time that post is used for an outbound email
  or b) filled with an original Message-ID from an external
  mail client or service if the post was created from an
  incoming email.
* Change Discourse-generated Message-IDs to be more consistent
  and static, in the format `discourse/post/:post_id@:host`
* Do not send References or In-Reply-To headers for emails sent
  for the OP of topics.
* Make sure that In-Reply-To is filled with either a) the OP's
  Message-ID if the post is not a direct reply or b) the parent
  post's Message-ID
* Make sure that In-Reply-To has all referenced post's Message-IDs
* Make sure that References is filled with a chain of Message-IDs
  from the OP down to the parent post of the new post.

We also are keeping X-Discourse-Post-Id and X-Discourse-Topic-Id,
headers that we previously removed, for easier visual debugging
of outbound emails.

Finally, we backfill the `outbound_message_id` for posts that have
a linked `IncomingEmail` record, using the `message_id` of that record.
We do not need to do that for posts that don't have an incoming email
since they are backfilled at runtime if `outbound_message_id` is missing.
2022-09-26 09:14:24 +10:00
Loïc Guitaut 26fe047724 DEV: Use AR enums in reviewables related code
This is the first patch of many to replace our custom enums in Ruby by
the ones provided by `ActiveRecord`.
2022-09-22 14:44:27 +02:00
David Taylor d0243f741e
UX: Use dominant color as image loading placeholder (#18248)
We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images.

This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly.

Dominant color will be calculated:
1. When a new upload is created
2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored
3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job)

Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 10:28:17 +01:00
Gerhard Schlager f91426a7fa
FIX: Empty inline BBCodes were broken (#18276)
Upgrading to Markdown.it v13 broke empty inline BBCodes. This works around the problem by adding an empty token before a closing token if the previous token was a BBCode token.

It also removes the unused `jump` attribute which was removed in Markdown.it v12.3
2022-09-20 09:50:22 +10:00
Jarek Radosz 08e63ddab2
DEV: Fix spec file name (#18227)
Match the impl file name
2022-09-12 14:03:23 +02:00
David Taylor 7e74dd0afe
DEV: Use DiscourseJsProcessor for theme template compilation (#18135)
Previously we were relying on a highly-customized version of the unmaintained Barber gem for theme template compilation. This commit switches us to use our own DiscourseJsProcessor, which makes use of more modern patterns and will be easier to maintain going forward.

In summary:
- Refactors DiscourseJsProcessor to move multiline JS heredocs into a companion `discourse-js-processor.js` file
- Use MiniRacer's `.call` method to avoid manually escaping JS strings
- Move Theme template AST transformers into DiscourseJsProcessor, and formalise interface for extending RawHandlebars AST transformations
- Update Ember template compilation to use a babel-based approach, just like Ember CLI. This gives each template its own ES6 module rather than directly assigning `Ember.TEMPLATES` values
- Improve testing of template compilation (and move some tests from `theme_javascript_compiler_spec.rb` to `discourse_js_processor_spec.rb`
2022-09-01 11:50:46 +01:00
Arpit Jalan 3aaf4dcfd0
FIX: hide welcome topic banner as soon as the welcome topic is edited (#18125)
* FIX: hide welcome topic banner as soon as the welcome topic is edited

This commit adds a message bus listener on client to hide the welcome
topic banner as soon as the welcome topic is edited.

* update test

* only subscribe when show_welcome_topic_banner is true

* Do not lookup for messageBus service if it's not required

* Remove unneeded code

* Cache result for Site.show_welcome_topic_banner

* Update tests per latest changes

* Changes per PR review
2022-09-01 09:44:21 +05:30
Jarek Radosz 8fa9f0cf92
DEV: Fix a flaky spec (#18146)
In some cases the topic of the fabricated post can be titled "This is a test topic 777" which matches the search query "#777"
2022-08-31 20:52:57 +02:00