Commit Graph

26878 Commits

Author SHA1 Message Date
Andrei Prigorshnev badde13894
UX: improve the list of options on the slow mode modal (#16561) 2022-04-28 17:05:32 +04:00
Vinoth Kannan 1928bb6ac6
FIX: show group in filter only if user can see the members list. (#16580) 2022-04-28 18:27:47 +05:30
Jarek Radosz bcb22821fb
DEV: Add support for GH Codespaces to ember proxy (#16581) 2022-04-28 14:46:59 +02:00
Loïc Guitaut 008b700a3f DEV: Upgrade to Rails 7
This patch upgrades Rails to version 7.0.2.4.
2022-04-28 11:51:03 +02:00
Alan Guo Xiang Tan 532f9cdb1a
DEV: Partially revert 98c49acad5 (#16578)
Use of glimmer component breaks site not on Ember CLI.
2022-04-28 16:01:58 +08:00
David Taylor 0f7b198ca0
FIX: Ensure values are escaped in select-kit dropdowns (#16576)
The values in Discourse dropdown menus only come from admin-defined strings, not unsanitised end-user input, so this lack of escaping was not exploitable.
2022-04-28 08:52:29 +01:00
Alan Guo Xiang Tan 98c49acad5
DEV: Setup experimental sidebar skeleton (#16575)
* hidden siteSetting to enable experimental sidebar
* user preference to enable experimental sidebar
* `experimental_sidebar_enabled` attribute for current user
* Empty glimmer component for Sidebar
2022-04-28 15:27:06 +08:00
Bianca Nenciu 14b09c9909
UX: Move post date under title in share-modal (#16455)
The old position was less than ideal on mobile.
2022-04-27 16:36:08 +03:00
Andrei Prigorshnev c9b2374299
DEV: make API of future-date-input more customizable and aligned with the API of time-shortcut-picker (#16502) 2022-04-27 16:41:15 +04:00
Joffrey JAFFEUX 3e23bd4745
FIX: prepare data before creating chart to avoid side effect (#16570)
Before this change, we were using the labels from the original chartData to the chart builder, and we would then apply our collapse function on each dataset which could change the labels and cause a mismatch.

This was very visible when using quarterly periods on consolidated pageviews.
2022-04-27 14:04:09 +02:00
Penar Musaraj eebce8f80a
FEATURE: Add in:messages search modifier (#16567)
This adds `in:messages` as a synonym for `in:personal` and sets it up as our default nomenclature (`in:personal` will still work).
2022-04-26 16:47:01 -04:00
Kris 8dd3d6cb97
UX: Larger clickable area for mobile topic list (#16473) 2022-04-26 15:01:43 -04:00
Penar Musaraj 07f975848d
FEATURE: Scope search to PMs when in that context (#16528) 2022-04-26 14:43:09 -04:00
David Taylor 5e34ce1282
DEV: Ensure theme tests are always loaded in a consistent order (#16569)
If they aren't, then the digest will be different, causing unexpected issues
2022-04-26 17:05:57 +01:00
Kris 144b87b17a
UX: fix topic admin menu layout for short screens (#16565) 2022-04-26 10:27:45 -04:00
Jarek Radosz 020d862baa
UX: Tweak topic-admin-menu alignment/size (#16564)
* Increase the space between icons and labels
* Increase the menu width
2022-04-26 16:02:46 +02:00
Kris 0b9410d96f
DEV: prefix group name when appended as class (#16556) 2022-04-26 08:31:27 -04:00
Kris 329a64969c
UX: prevent group mention from wrapping (#16558) 2022-04-26 08:30:55 -04:00
Joffrey JAFFEUX c8757c9d1d
FIX: prefers computed over discourseComputed (#16562)
We have currently unexpected behaviors when using @discourseComputed in a native class.
2022-04-26 11:43:41 +02:00
Andrei Prigorshnev 3e0cb8ea47
UX: ask for confirmation when deleting a post using shortcut (#16526) 2022-04-25 17:50:54 -04:00
Penar Musaraj c1d9822003
UX: Fix a few WCAG color scheme contrast issues (#16554) 2022-04-25 17:07:35 -04:00
Kris 4157403308
UX: organize topic admin menu into groups (#16489) 2022-04-25 16:02:41 -04:00
Roman Rizzi 2a96bca7a1
FIX: Correctly handle the print param on topics#show. (#16555)
The controller incorrectly sets print to true when passing `print=false`, which causes the rate limit to perform.
2022-04-25 16:04:13 -03:00
Joffrey JAFFEUX 596469a712
REFACTOR: live-development.js (#16548)
- drop jquery
- replaces setTimeout by later
- removes dead code which is not even working today
2022-04-25 19:34:16 +02:00
David Taylor 922fbe82da
DEV: Ensure `custom_fields_clean?` returns false when values change (#16552)
We were calling `dup` on the hash and using that to check for changes. However, we were not duplicating the values, so changes to arrays or nested hashes would not be detected.
2022-04-25 17:19:39 +01:00
David Taylor 32346f4ba5
FIX: Ensure lazy-load-images does not remove entire `img.style` (#16553)
Other things may have added things to the style attribute (e.g. the `image-aspect-ratio` decorator).

Unfortunately this is difficult to add a test for because `lazy-load-images` leans on the `onload` event. We have no control over image loading in tests, so race conditions would be very likely.
2022-04-25 17:19:25 +01:00
Jarek Radosz 06462631c4
DEV: Fix test hook placement (#16551)
It was incorrectly put inside the pretender block.
2022-04-25 15:07:55 +02:00
Joffrey JAFFEUX 7f55c9c502
REFACTOR: add-archetype-class mixin (#16546) 2022-04-25 13:16:43 +02:00
David Taylor 794d2dabf6
DEV: Ensure ember-cli `rake theme:qunit` works with CSP enabled (#16541)
- Make proxy pass `x-forward...` headers, so that Rails can set the host/port correctly in the csp
- Make `testem.js` available on a route which is within the app's default CSP
2022-04-22 16:59:45 +01:00
Isaac Janzen e0d7431292
FIX: Use username for nested quotes (#16523)
There was an edge when a user re-quoted a nested quote that it would return an incorrect `full name` but the correct `username` for the original quote. This PR updates the logic to fall back to using the OP user's username. 

The complexity of the changes required to allow for full names to be displayed on nested quotes far outweighs how rare quoting nested quotes is.
2022-04-22 10:20:24 -05:00
David Taylor 127ba698a7
DEV: Allow running theme-qunit tests via testem (#16540)
This allows `QUNIT_EMBER_CLI=1 bin/rake theme:qunit[...]` to test themes using `testem` with Ember-CLI-generated assets
2022-04-22 15:04:01 +01:00
Jarek Radosz 3010c5fd74
DEV: Fix `loadScript()` in ember-cli testem env (#16533)
The issue affected plugin-provided scripts.
2022-04-22 12:32:33 +02:00
Jarek Radosz 70b69e318a
DEV: Clean up `loadScript()` (#16537) 2022-04-22 11:53:39 +02:00
Jarek Radosz f2f1a4df62
DEV: Don't clean outlet and html caches twice (#16534)
They're already cleared after each test.
2022-04-22 11:17:18 +02:00
Jarek Radosz dba7a1d8ed
FIX: Show footer on the categories page (#16538)
I removed that code in #16519 but it's still needed to display the footer on `/categories`.
2022-04-22 11:14:16 +02:00
Jarek Radosz 9ffc19ec60
DEV: Don't leave loadScript tests hanging (#16536)
…when anything goes wrong. Let it move on instead of waiting for global test timeout.
2022-04-22 10:34:13 +02:00
Gerhard Schlager 3d62e335f7
FEATURE: Detect emoji from Emoji 14.0 (#16531) 2022-04-22 08:42:15 +02:00
Martin Brennan 3e4621c2cb
FEATURE: Polymorphic bookmarks pt. 2 (lists, search) (#16335)
This pull request follows on from https://github.com/discourse/discourse/pull/16308. This one does the following:

* Changes `BookmarkQuery` to allow for querying more than just Post and Topic bookmarkables
* Introduces a `Bookmark.register_bookmarkable` method which requires a model, serializer, fields and preload includes for searching. These registered `Bookmarkable` types are then used when validating new bookmarks, and also when determining which serializer to use for the bookmark list. The `Post` and `Topic` bookmarkables are registered by default.
* Adds new specific types for Post and Topic bookmark serializers along with preloading of associations in `UserBookmarkList`
* Changes to the user bookmark list template to allow for more generic bookmarkable types alongside the Post and Topic ones which need to display in a particular way

All of these changes are gated behind the `use_polymorphic_bookmarks` site setting, apart from the .hbs changes where I have updated the original `UserBookmarkSerializer` with some stub methods.

Following this PR will be several plugin PRs (for assign, chat, encrypt) that will register their own bookmarkable types or otherwise alter the bookmark serializers in their own way, also gated behind `use_polymorphic_bookmarks`.

This commit also removes `BookmarkQuery.preloaded_custom_fields` and the functionality surrounding it. It was added in 0cd502a558 but only used by one plugin (discourse-assign) where it has since been removed, and is now used by no plugins. We don't need it anymore.
2022-04-22 08:23:42 +10:00
Joffrey JAFFEUX 3daa45deaf
FIX: replaces discourseComputed by computed (#16530)
This was causing unexpected behaviors on production builds. And also on firefox on local environnement, however the issues was slightly different.

- production chrome: colors don't load
- dev firefox: colors don't change when selecting a different color set
2022-04-21 21:56:08 +02:00
David Taylor fc56bd36c9
DEV: Ensure a broken tag_group relation doesn't raise an error (#16529)
A category_required_tag_group should always have an associated tag_group. However, this is only enforced at the application layer, so it's technically possible for the database to include a category_required_tag_group without a matching tag_group.

Previously that situation would cause the whole site to go offline. With this change, it will cause some unexpected behavior, but the site serializer will not raise an error.
2022-04-21 18:18:35 +01:00
David Taylor 22a7905f2d
DEV: Allow Ember CLI assets to be used by development Rails app (#16511)
Previously, accessing the Rails app directly in development mode would give you assets from our 'legacy' Ember asset pipeline. The only way to run with Ember CLI assets was to run ember-cli as a proxy. This was quite limiting when working on things which are bypassed when using the ember-cli proxy (e.g. changes to `application.html.erb`). Also, since `ember-auto-import` introduced chunking, visiting `/theme-qunit` under Ember CLI was failing to include all necessary chunks.

This commit teaches Sprockets about our Ember CLI assets so that they can be used in development mode, and are automatically collected up under `/public/assets` during `assets:precompile`. As a bonus, this allows us to remove all the custom manifest modification from `assets:precompile`.

The key changes are:
- Introduce a shared `EmberCli.enabled?` helper
- When ember-cli is enabled, add ember-cli `/dist/assets` as the top-priority Rails asset directory
- Have ember-cli output a `chunks.json` manifest, and teach `preload_script` to read it and append the correct chunks to their associated `afterFile`
- Remove most custom ember-cli logic from the `assets:precompile` step. Instead, rely on Rails to take care of pulling the 'precompiled' assets into the `public/assets` directory. Move the 'renaming' logic to runtime, so it can be used in development mode as well.
- Remove fingerprinting from `ember-cli-build`, and allow Rails to take care of things

Long-term, we may want to replace Sprockets with the lighter-weight Propshaft. The changes made in this commit have been made with that long-term goal in mind.

tldr: when you visit the rails app directly, you'll now be served the current ember-cli assets. To keep these up-to-date make sure either `ember serve`, or `ember build --watch` is running. If you really want to load the old non-ember-cli assets, then you should start the server with `EMBER_CLI_PROD_ASSETS=0`. (the legacy asset pipeline will be removed very soon)
2022-04-21 16:26:34 +01:00
Andrei Prigorshnev e8f8a7fc91
FIX: showing icons on future-date-input options (#16527) 2022-04-21 18:13:45 +04:00
David Taylor e5fb884695
FEATURE: Show prompt for required tag groups (#16458) 2022-04-21 13:13:52 +01:00
Andrei Prigorshnev 42bb629817
DEV: use the only source for time shortcut options on all date pickers (#16366) 2022-04-21 15:49:11 +04:00
Andrei Prigorshnev 53e484817e
DEV: drop the unused invite-link-panel component and related unused code (#16435) 2022-04-21 14:32:17 +04:00
Gerhard Schlager 1a56ce3674 FEATURE: Site setting to cap the recipient list in notification emails
* Adds a hidden site setting: `max_participant_names`
* Replaces duplicate code in `GroupSmtpMailer` and `UserNotifications`
* Groups are sorted by the number of users (decreasing)
* Replaces the query to count users of each group with `Group#user_count`)
* Users are sorted by their last reply in the topic (most recent first)
* Adds lots of tests
2022-04-21 10:43:13 +02:00
Gerhard Schlager 87c872823b DEV: Remove unused code and rename interpolation key 2022-04-21 10:43:13 +02:00
Joffrey JAFFEUX 9e2303427c
REFACTOR: admin-customize-colors-show (#16525)
- native class
- drops jquery
- @action
- uses clipboardCopy
- filterBy
2022-04-21 09:50:23 +02:00
David Taylor c88ca23e8f
Revert "DEV: Update to Sprockets 4.0 (#16467)" (#16524)
This reverts commit 01107e418e.

We have seen some random occurrences of corrupted assets, and think it may be related to the sprockets 4 update. Reverting for investigation
2022-04-20 22:17:29 +01:00
Isaac Janzen 692e0140e2
FEATURE: Enables support for dark mode emails (#16520)
This PR enables custom email dark mode styles by default that were added here.

There is currently poor support for dark mode queries in mail clients. The main beneficiary of these changes will be Apple Mail and Outlook.

Enjoy the darkness 🕶️
2022-04-20 13:00:04 -05:00
Isaac Janzen 196b791365
DEV: Prioritize full name when display_name_on_posts active (#16078)
See: https://meta.discourse.org/t/display-full-name-not-username-when-attributing-quote-or-reply/203533?u=isaacjanzen for context

The initial release [broke quoting](https://meta.discourse.org/t/quoting-broken-when-name-matches-username/217633?u=isaacjanzen) but we now pass the username when 
```
siteSettings.display_name_on_posts && !siteSettings.prioritize_username_in_ux && post.name
```
as well as the full name to guarantee that we are not getting any mismatches when querying for user / avatar.

eg. 
```
[quote="Isaac Janzen, post:3, topic:7, full:true, username:isaac.janzen"]
bing bong
[/quote]
```
2022-04-20 10:07:51 -05:00
Jarek Radosz 5d00f7bc0a
FIX: Show footer at the end of topic list (#16519)
Previously it wouldn't show up after all items were loaded.
2022-04-20 15:53:06 +02:00
Bianca Nenciu f3ef69e27d
FIX: Add missing translations for medium format (#16517)
Commit 68497bddf2 implemented a function
to format durations in a medium format, similar to how durationTiny did.
The existent translation strings do not cover all cases and this commit
adds the missing translation strings.
2022-04-20 14:49:08 +03:00
Isaac Janzen 900fcb9da0 Add a test for topic timer notice 2022-04-20 15:29:59 +08:00
Joffrey JAFFEUX e6e0c76c94
DEV: adds an above-user-summary-stats outlet (#16426) 2022-04-20 08:48:01 +02:00
Kris 5a76a3669b
A11Y: fix WCAG contrast for notification header (#16507) 2022-04-19 18:20:50 -04:00
Rafael dos Santos Silva 9d5241d347
FEATURE: Block indexing the embed topic list (#16495)
This adds a robots tag header to disallow indexing the topic list that
powers our embed topic list feature. It also uses a new tag that allows
the content to be indexed in the parent page.

See https://developers.google.com/search/blog/2022/01/robots-meta-tag-indexifembedded

https://meta.discourse.org/t/-/125911/127
2022-04-19 18:24:38 -03:00
Isaac Janzen 39cb9f105f
Wait to display notice on topic timer (#16509) 2022-04-19 13:41:18 -05:00
Bianca Nenciu 68497bddf2
UX: Add title to read time stats from user page (#16501)
The title attributes were added to explain the difference between "read
time" and "recent read time" stats from user summary page.
2022-04-19 20:48:08 +03:00
Daniel Waterworth f55edd54fd
FIX: Don't allow DiscourseConnect logins in readonly mode (#16508) 2022-04-19 12:33:31 -05:00
Joe e0c663c20d
UX: Improves select-kit body placement when vertical space is short (#16504)
1. When the select-kit body is rendered, it defaults to being displayed under the triggering select-kit header, unless...

    there isn't enough space between the bottom of the select-kit header and the bottom of the viewport 
    & 
    there's enough space on top of the select-kit header, and in that case, we render it on top.

2. We give it a bit of padding on top, so it never renders below the header on the Z-axis. 

14778ba52e/app/assets/javascripts/select-kit/addon/components/select-kit.js (L877-L884)

3. If there isn't enough space between the bottom of the viewport and the bottom of the select-kit header, and there isn't enough space between its top and the bottom of `d-header`, it renders at the bottom of the select-kit header.

In theory, number 3 above rarely ever happens. However, it can occur in the case of the user preferences page in combination with a large select-kit body (many categories).

The select-kit body then renders below the trigging select-kit header, but it's cut off. Users won't be able to see the entire select-kit body. 

Here's an example 

a719734d92.mp4

This PR adds a "prevent overflow" modifier to Popper. What it does is that it handles the case above.

If there's not enough space below the select-kit header or above it, render the select-kit body below the select-kit header BUT... anchor it to the bottom of the viewport. 

Here's what that looks like

32cd1639bb.mp4

After this fix, even very large select-kit bodies will always be on the screen. 

Please note that this PR has no impact on either number 1 or number 2 above, and those will continue to function as they currently do. 

The only downside here is that the select-kit body might cover the select-kit header if it needs to be anchored at the bottom of the viewport, and it's very large. However, between that and not being able to see all the options, I think it's a fair compromise. There's only so much space in the viewport. 

This PR ignores mobile because we have a different placement strategy. We use `position: absolute`... so, users can scroll the viewport if needed.
2022-04-19 21:13:54 +08:00
Joffrey JAFFEUX 54812992ae
REFACTOR: badge-button (#16500)
- drops jquery
- uses native class syntax
- tagless
- tests
- removes unnecessary alias
2022-04-19 15:01:28 +02:00
Joffrey JAFFEUX 01727da9b0
REFACTOR: admin-user-field-item (#16499)
- drops jquery
- removes a deprecation caused by overriding a computed property (isEditing)
- adds basic tests
- drops observers
- uses @action
- tagless
2022-04-19 13:31:43 +02:00
David Taylor 137e06a316
FIX: Ensure 'crop' always returns requested dimensions (#16437)
Previously, 'crop' would resize the image to have the requested width, then crop the height to the requested value. This works when cropping images vertically, but not when cropping them horizontally.

For example, trying to crop a 500x500 image to 200x500 was actually resulting in a 200x200 image. Having an OptimizedImage with width/height columns mismatching the actual OptimizedImage width/height causes some unusual issues.

This commit ensures that a call to `OptimizedImage.crop(from, to, width, height)` will always return an image of the requested width/height. The `w x h^` syntax defines minimum width/height, while maintaining aspect ratio.
2022-04-19 11:21:24 +01:00
Martin Brennan c6c633e041
FIX: Issues with incorrect unread and private message topic tracking state (#16474)
This commit fixes two issues at play. The first was introduced
in f6c852b (or maybe not introduced
but rather revealed). When a user posted a new message in a topic,
they received the unread topic tracking state MessageBus message,
and the Unread (X) indicator was incremented by one, because with the
aforementioned perf commit we "guess" the correct last read post
for the user, because we no longer calculate individual users' read
status there. This meant that every time a user posted in a topic
they tracked, the unread indicator was incremented. To get around
this, we can just exclude the user who created the post from the
target users of the unread state message.

The second issue was related to the private message topic tracking
state, and was somewhat similar. Whenever a user created a new private
message, the New (X) indicator was incremented, and could not be
cleared until the page was refreshed. To solve this, we just don't
update the topic state for the user when the new_topic tracking state
message comes through if the user who created the topic is the
same as the current user.

cf. https://meta.discourse.org/t/bottom-of-topic-shows-there-is-1-unread-remaining-when-there-are-actually-0-unread-topics-remaining/220817
2022-04-19 11:37:01 +10:00
Mark VanLandingham 1e8a666003
DEV: Accept `force_respect_seen_recently` argument in UserEmail job (#16460) 2022-04-18 13:32:11 -05:00
Natalie Tay 34fba417f1
FIX: Show dismiss all modal in user-notifications page (#16491)
Earlier on when https://github.com/discourse/discourse/pull/14935 was implemented, the "Dismiss all" button in /user-notifications was not catered for. Now, it is!
2022-04-18 22:32:39 +08:00
Kris 6b4f4e5387
UX: minor email group chooser alignment fix (#16487) 2022-04-18 09:39:27 -04:00
Kris 8f7f6280cb
UX: minor adjustment to login/signup close position (#16488) 2022-04-18 09:38:39 -04:00
Bianca Nenciu 234cf65e39
FIX: Do not show visibility topic if visible (#16478)
It used to show the warning that said only members of certain groups
could view the topic even if the group "everyone" was listed in
category's permission list.
2022-04-18 11:16:30 +03:00
Kris c81d4597a7
UX: improve small action button alignment (#16486) 2022-04-15 11:43:32 -04:00
Isaac Janzen 10a4bbfa72
update email dark mode styles (#16484)
Update dark mode styles for:

- secure media
- code blocks (they were too dark and had bad contrast)
2022-04-14 15:08:09 -05:00
Jordan Vidrine 2f3b518920
DEV: Add index to each helper for access within topic-list-items (#16483) 2022-04-14 14:24:07 -05:00
Penar Musaraj e164ff3085
FIX: Email styles for Gmail app dark mode (#16482) 2022-04-14 15:03:06 -04:00
Gerhard Schlager b7230d14a3 REFACTOR: Add `full_url` to `Group`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Gerhard Schlager b3cda195b8 REFACTOR: Add `full_url` and `display_name` to `User`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Penar Musaraj 650adbe423
FIX: Href attribute for post-date link (#16471)
This updates the fix in commit eb70ea4.

Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 23:09:39 -04:00
Kris f2468f1093
Revert: UX: Make full topic row clickable on mobile (#16440) (#16472) 2022-04-13 18:35:47 -04:00
Kris 0ff66b3b74
UX: minor mobile topic list alignment adjustments (#16470)
* UX: minor mobile topic list alignment adjustments

* use margin, not padding
2022-04-13 15:47:18 -04:00
Bianca Nenciu eb70ea4478
FIX: Add href to post-date link element (#16469)
The href was removed in commit 08a1f41582,
but it was useful to quick copy the URL to the post.
2022-04-13 18:41:06 +03:00
Vinoth Kannan c863244382
FEATURE: add `user_suspended` attribute in post serialize. (#16413)
This PR will include `suspended` attribute in post serializer to check it in post widget and add a CSS class name.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 19:58:09 +05:30
David Taylor 01107e418e
DEV: Update to Sprockets 4.0 (#16467)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 15:03:50 +01:00
Joffrey JAFFEUX 3e0c8d48e9
FIX: prevents error with emoji autocomplete (#16465)
The error would happen when emoji_autocomplete_min_chars site setting is set to anything superior to 0, in this case until we reach the min chars length, emojiSearch would return "skip" and the code was currently expecting an array.
2022-04-13 15:32:24 +02:00
Osama Sayegh eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386)
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
David Taylor 78f7e8fe2f
Revert "DEV: Update to Sprockets 4.0 (#16459)" (#16466)
This reverts commit ec7efbde1a.

This is causing problems in non-ember-cli environments. Reverting for now.
2022-04-13 11:04:13 +01:00
David Taylor ec7efbde1a
DEV: Update to Sprockets 4.0 (#16459)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 10:21:59 +01:00
Alan Guo Xiang Tan 6fc52d95de DEV: Remove scoped order warning in PostDestroyer.
`Scoped order is ignored, it's forced to be batch order.`

`find_each` ignores the `order` scope and triggers a warning in
production which is noisy.

Follow-up to 7a284164ce
2022-04-13 09:34:36 +08:00
awesomerobot a47efcd6ec DEV: user-preference-page class on solo-perference 2022-04-13 09:32:58 +08:00
Isaac Janzen 5f9c98dfc1
FIX: update dark mode emails styles (#16461)
- divider sometimes is too bright
- lists have dark text on dark copy
- border around the “secure media” message is bright
2022-04-12 13:13:34 -05:00
Bianca Nenciu 86c7e07428
FEATURE: Improve screened IPs roll up and extend for IPv6 (#15585)
This commit improves the logic for rolling up IPv4 screened IP
addresses and extending it for IPv6. IPv4 addresses will roll up only
up to /24. IPv6 can rollup to /48 at most. The log message that is
generated contains the list of original IPs and new subnet.
2022-04-12 21:07:37 +03:00
Penar Musaraj 0bef5af582
DEV: Cleanup `body.scrollTop` usage (#16445)
All current browser treat the HTML document (not the body element) as
the scrollable document element. Hence in all current browsers,
`document.body.scrollTop` returns 0. This commit removes all usage of
this property, because it is effectively 0.

Co-authored-by: David Taylor <david@taylorhq.com>
2022-04-12 13:23:57 -04:00
Kris 0e88cffaf4
UX: Make full topic row clickable on mobile (#16440) 2022-04-12 09:44:20 -04:00
Roman Rizzi 6f76a12e0a
FEATURE: Let sites add a sitemap.xml file. (#16357)
* FEATURE: Let sites add a sitemap.xml file.

This PR adds the same features discourse-sitemap provides to core. Sitemaps are only added to the robots.txt file if the `enable_sitemap` setting is enabled and `login_required` disabled.

After merging discourse/discourse-sitemap#34, this change will take priority over the sitemap plugin because it will disable itself. We're also using the same sitemaps table, so our migration won't try to create it
again using `if_not_exists: true`.
2022-04-12 10:33:59 -03:00
David Taylor 9c33f6de05
FIX: Ensure allowed_tags and allowed_tag_groups can be removed (#16454) 2022-04-12 11:14:29 +01:00
Martin Brennan 9f2138dc92
FEATURE: Add a sidekiq job for syncing S3 ACLs (#16449)
Sometimes we need to update a _lot_ of ACLs on S3 (such as when secure media
is enabled), and since it takes ~1s per upload to update the ACL, this is
best spread out over many jobs instead of having to do the whole thing serially.

In future, it will be better to have a job that can be run based on
a column on uploads (e.g. acl_stale) so we can track progress, similar
to how we can set the baked_version to nil to rebake posts.
2022-04-12 14:26:42 +10:00
Blake Erickson 4c0a9fd4c3
FIX: Email logs not finding attached incoming email (#16446) 2022-04-11 21:22:15 -06:00
awesomerobot 264c8f5fd7 Improve docked progress position on mobile 2022-04-12 09:09:59 +08:00
awesomerobot be4699fc28 add classes to danger buttons on user admin 2022-04-12 09:09:04 +08:00
awesomerobot c4ec2049ac UX: add margin to security key button 2022-04-12 09:08:52 +08:00
Isaac Janzen 9de61f37a0
remove avatars next to 'read more' in summary email (#16439) 2022-04-11 14:07:37 -05:00