Commit Graph

26686 Commits

Author SHA1 Message Date
Dan Ungureanu 7179fbab77
UX: Require a password for invited users (#16291)
Invited users were allowed to accept invites without entering a
password. When this happened, instead of receiving an activation email,
they received a password reset email. Basically, a user could postpone
choosing a password until after registration.

Unfortunately, this led to a confusing user experience and this commit
attempts to fix that by making the client require a password. There is
a single case when users do not need to input a password: when they sign
up using an external authenticator and password field is completely
hidden. In this case, the third party handles the password logic.

Technically, invites can still be redeemed without a password, but that
functionality was kept to preserve backwards compatibility.
2022-04-05 14:57:15 +03:00
Dan Ungureanu e90815a429
FIX: Redirect user to topic they were invited to (#16298)
This did not work properly everytime because the destination URL was
saved in a cookie and that can be lost for various reasons. This commit
redirects the user to invited topic if it exists.
2022-04-05 14:57:00 +03:00
Alan Guo Xiang Tan 080164a66e DEV: Use settled ember test helper instead of attempting to rerender. 2022-04-05 18:42:02 +08:00
David Taylor 39ac476db6 FIX: Do not attempt to pull_hotlinked_image for raw_html
raw_html posts (i.e. those which are pulled as part of our comments integration) don't go through our markdown pipeline, so `upload://` URLs are not supported. Running pull_hotlinked_images will break any images in the post.

In future we may add support for pulling hotlinked images in these posts. But for now, disabling it will stop it breaking images.
2022-04-05 16:39:38 +08:00
Martin Brennan b982992ef7
FIX: Auto-generated emails causing group SMTP email storm (#16372)
When emailing a group inbox and including other support-type
emails (or even just regular ones with autoresponders) in the
CC field, each automated reply to the group inbox triggered
more emails to be sent out to all CC addresses to notify them
of the new reply, which in turn caused more automated emails
to be sent to the group inbox.

This commit fixes the issue by preventing any emails being sent
by the PostAlerter when the new post has an incoming email record
which is_auto_generated, which we detect in Email::Receiver.
2022-04-05 13:18:49 +10:00
Jean e03593d75c
DEV: add composer cancelled event triggers (#16371) 2022-04-04 17:38:30 -04:00
Blake Erickson ec2930712d
FIX: 500 error when creating a user with an integer username (#16370)
Via the API it is possible to create a user with an integer username. So
123 instead of "123". This causes the following 500 error:

```
NoMethodError (undefined method `unicode_normalize' for 1:Integer)
app/models/user.rb:276:in `normalize_username'
```

See: https://meta.discourse.org/t/222281
2022-04-04 15:15:32 -06:00
Faizaan Gagan 1da4b9eeb3
FIX: update 'posted' column on post owner change (#16367)
Fixes the issue where making a user x as owner of a post doesn't
cause the concerned topic to be listed in new owner's `My Posts`
top menu filter

per https://meta.discourse.org/t/199369
2022-04-04 22:42:38 +05:30
Vinoth Kannan 415c4fa72a
FIX: review queue scrolling is not working after take an action. (#16346)
`reject` method for `Reviewable` model is returning an array. So if we use `this.set` method to update `reviewables` attribute in controller then it replaces the model with an array of objects wrongly. This is now fixed by using the `setObjects` method of the model.
2022-04-04 14:48:06 +05:30
Jarek Radosz 6555f0c11b
DEV: Support qunit_disable_auto_start in ember CLI (#16358)
Required for e.g. `test/run-qunit.js`
2022-04-02 21:15:50 +02:00
Jordan Vidrine b20307377a
linting (#16360) 2022-04-02 10:47:01 -05:00
CommanderRoot 86a783b3ad
DEV: Replace deprecated String.prototype.substr() (#16233)
String.prototype.substr() is deprecated so we replace it with String.prototype.slice() which works similarily but isn't deprecated.

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-04-01 17:35:17 +02:00
Andrei Prigorshnev e30f13d850
FIX: stop sorting options in date-pickers on the bookmark modal and the topic-timers modal (#15750) 2022-04-01 16:16:46 +04:00
awesomerobot 98f3349c31 DEV: Safari's window.innerWidth doesn't match CSS 2022-04-01 09:50:08 +08:00
awesomerobot e54440a035 DEV: pass user to user-summary outlets 2022-04-01 09:49:44 +08:00
Bianca Nenciu 819038537c
FIX: can_permanently_delete should check for admin (#16348)
can_permanently_delete field in Post and TopicViewDetails serializers
cannot use Guardian's can_permanently_delete beause their use is
different. The field from the serializers is used to show the button
and the button is shown even if the post cannot be removed forever
because not enough time has passed since it was first deleted. The
guardian method is used by the controller to check that the post can
really be deleted.
2022-04-01 12:03:39 +11:00
Sam b023d88b09
FIX: Abort theme creation if unable to create uploads (#16336)
Previous to this change if any of the assets were not allowed extensions
they would simply be silently ignored, this could lead to broken themes
that are very hard to debug
2022-04-01 12:03:14 +11:00
Alan Guo Xiang Tan e7c3d01aaa
DEV: Restore order assertion in category serializer tests. (#16344)
Our group fabrication creates groups with name "my_group_#{n}" where n
is the sequence number of the group being created. However, this can
cause the test to be flaky if and when a group with name `my_group_10`
is created as it will be ordered before
`my_group_9`. This commits makes the group names determinstic to
eliminate any flakiness.

This reverts commit 558bc6b746.
2022-04-01 08:58:06 +08:00
Bianca Nenciu ac612987ef
FIX: Build correct post and topic shareUrl (#16332)
The links returned by post.url and topic.url are relative, but contain
the subdirectory. When getAbsoluteURL is called to construct the
complete share URL, it adds the host and the subdirectory again. As a
result the created URLs contained the subdirectory twice.
2022-04-01 00:02:01 +03:00
OsamaSayegh ba509a93c2 DEV: Add tests for accessibility changes
Follow-up to the previous 5 commits (aka PR #16328).
2022-03-31 19:01:40 +03:00
OsamaSayegh db67c478be A11Y: Make user avatars in posts stream untabbable
The user avatar in posts has aria-hidden set to true to reduce
redundancy since the information that the avatar gives to screen readers
is the same information that the username/name of the post gives which
is the author of the post.

However, it's still possible for a screen reader user to reach the
avatar by tabbing through the post and when that happens the avatar is
read as "blank". This isn't ideal so we should set tabindex to -1 on the
avatar to remove it from the default keyboard nav flow.
2022-03-31 19:01:40 +03:00
OsamaSayegh ca58d80b0c A11Y: Improve accessibility of embedded replies below post
The changes are:

* Add an aria-label for the button that embeds/expand the replies of a
post below it
* Add an aria-label for the button that collapses the embedded replies
* Add an aria-label to describe the embedded replies section when
expanded and an aria-label for each embedded reply
2022-03-31 19:01:40 +03:00
OsamaSayegh fd26facdf3 A11Y: Improve accessibility of likes/read count post buttons
The improvements are:

* Add an aria-label to the like/read count buttons below posts to
indicate what they mean and do.

* Add aria-pressed to the like/read count buttons to make it clear to screen
readers that these buttons are toggleable.

* Add an aria-label to the list of avatars that's shown when post likes
or readers are expanded so that screen reader users can understand what
the list of avatars means.
2022-03-31 19:01:40 +03:00
OsamaSayegh acdb64eb7e A11Y: change tabLoc tagName from <a> to <span>
The tabLoc is a hidden element inside the post region that we use to
move the focus close to the post that's visually highlighted (by
changing the background color and then fading it away) when a topic is
opened so that screen readers can start reading from that post rather
than the top of the page.

Some screen readers get confused by the tabLoc element being an `<a>`
element and read out the topic ID and I've found that changing the tag
to `<span>` fixes the problem.
2022-03-31 19:01:40 +03:00
OsamaSayegh ef66b3fd40 A11Y: Include username in aria-label of post region
I think the author of a post is a critical piece of information that
should be communicated right when the post region is reached.
2022-03-31 19:01:40 +03:00
Osama Sayegh e7c16bc49a
DEV: Remove grant admin 2FA modal (#16347)
The `grant-admin-second-factor` modal is no longer being used since dd6ec65061.
2022-03-31 19:01:11 +03:00
Penar Musaraj e5bf704c7b
UX: Add details button to admin bounced/rejected lists (#16343) 2022-03-31 11:14:11 -04:00
Alan Guo Xiang Tan dfaf9831f7
SECURITY: Avoid leaking private group name when viewing category. (#16337)
In certain instances when viewing a category, the name of a group with
restricted visilbity may be revealed to users which do not have the
required permission.
2022-03-31 14:39:01 +08:00
Penar Musaraj e431000b23
FIX: Hide tag count in tag filter when in a category context (#16327) 2022-03-31 12:57:27 +11:00
Penar Musaraj 943083f4df
DEV: Include helper in core for `applyLocalDates` (#16325) 2022-03-30 20:58:38 -04:00
Joffrey JAFFEUX 57b20393ac
FIX: flips popper when top position is chosen incorrectly (#16333)
More precisely, if popper can't position something at the bottom, it will automatically attempt to position it at the top. However we should ensure it doesn’t consider the space under the d-header as valid space, when header's height is taken into consideration if top space is not enough, we should force bottom, and flip it back.

This logic is not necessary on modals as the d-header is not present.
2022-03-30 20:58:22 -04:00
Kris 8999de6e5b
DEV: add plugin outlets for user badges (#16334) 2022-03-30 19:59:45 -04:00
Rafael dos Santos Silva 4d809e984d
FEATURE: DiscourseEvent hook for sync_sso (#16329) 2022-03-30 16:22:22 -03:00
Mark VanLandingham b974375239
DEV: Skip notifications without topic_id in `ensure_consistency` (#16299) 2022-03-30 09:56:35 -05:00
Osama Sayegh 2e77cc86fc
Revert "A11Y: Make the views column in topics lists tabbable" (#16321)
This partially reverts commit 771dddb711.

This was a mistake; non-interactive element should not be included in tab navigation.
2022-03-30 17:50:28 +03:00
Penar Musaraj daa581d8f2
REFACTOR: Abstract search link click logging (#16317) 2022-03-30 10:10:39 -04:00
Alan Guo Xiang Tan d0c2eb3359
DEV: Drop `enable_long_polling` and `long_polling_interval` settings (#16323)
Scheduled to drop in 2.9.

Co-authored-by: Loïc Guitaut <loic@discourse.org>
2022-03-30 16:32:40 +08:00
Martin Brennan b8828d4a2d
FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308)
This commit introduces a new use_polymorphic_bookmarks site setting
that is default false and hidden, that will be used to help continuous
development of polymorphic bookmarks. This setting **should not** be
enabled anywhere in production yet, it is purely for local development.

This commit uses the setting to enable create/update/delete actions
for polymorphic bookmarks on the server and client side. The bookmark
interactions on topics/posts are all usable. Listing, searching,
sending bookmark reminders, and other edge cases will be handled
in subsequent PRs.

Comprehensive UI tests will be added in the final PR -- we already
have them for regular bookmarks, so it will just be a matter of
changing them to be for polymorphic bookmarks.
2022-03-30 12:43:11 +10:00
Osama Sayegh a782f04676
FIX: Close user/group card on esc key press (#16306)
`keyUp` is only invoked if the component's root element (or one of its descendants) has focus which isn't great for keyboard users because if they open a user card and want to close it, they have to tab through to the user card and only then will the Esc key actually close the card. This commit adds a `keyup` event listener on the `document` for the Esc key so that the user card is closed (if it's open) no matter where the focus is.
2022-03-29 21:29:22 +03:00
Penar Musaraj 1210cfe60e
UX: Indicate that "Show replies" button does not work for deleted posts (#16304) 2022-03-29 11:58:50 -04:00
David Taylor 7a284164ce
PERF: Update UserDestroyer to fetch histories and actions in batch (#16316)
This is much more memory-efficient when there are 1000s of rows
2022-03-29 16:56:55 +01:00
Alan Guo Xiang Tan 5743a6ec1e DEV: Remove Zeitwerk inflection monkey patch.
There isn't a good reason we need to patch the inflector.

Co-authored-by: Loïc Guitaut <loic@discourse.org>
2022-03-29 16:04:49 +02:00
David Taylor b2a8dc4c0f
FIX: Maintain HTML `<img` when downloading remote images (#16278)
Under some conditions, replacing an `<img` with `![]()` can break rendering, and make the image disappear.

Context at https://meta.discourse.org/t/152801
2022-03-29 10:55:10 +01:00
Martin Brennan 045be237a0
DEV: Fix failing share topic tests (#16309)
Since 3fd7b31a2a some tests
were failing with this error:

> Error: Unhandled request in test environment: /c/feature/find_by_slug.json
> (GET) at http://localhost:7357/assets/test-helpers.js

This commit fixes the issue by adding the missing pretender. Also
noticed while fixing this that the parameter for the translation
was incorrect -- it was `group` instead of `groupNames`, so that
is fixed here too, along with moving the onShow functions into
@afterRender decorated private functions. There is no need for the
appevent listeners.
2022-03-29 15:11:44 +08:00
Kris ad89bd5ac1
DEV: New plugin outlets for user and user-card (#16307) 2022-03-29 09:09:13 +08:00
Osama Sayegh e40c4bb7f9
FIX: Validate category tag restrictions before sending new topics to review (#16292)
Tags (and tag groups) can be configured so that they can only be used in specific categories and (optionally) restrict topics in these categories to be able to add/use only these tags. These restrictions work as expected when a topic is created without going through the review queue; however, if the topic has to be reviewed by a moderator then these restrictions currently aren't checked before the topic is sent to the review queue, but they're checked later when a moderator tries to approve the topic. This is because if a user manages to submit a topic that doesn't meet the restrictions, moderators won't be able to approve and it'll be stuck in the review queue.

This PR prevents topics that don't meet the tags requirements from being sent to the review queue and shows the poster an error message that indicates which tags that cannot be used.

Internal ticket: t60562.
2022-03-28 21:25:26 +03:00
Jordan Vidrine 2b974d4992
DEV: Add additional outlet to user-card next to `message` button (#16300) 2022-03-28 11:56:43 -05:00
Bianca Nenciu 3fd7b31a2a
FIX: Show restricted groups warning when necessary (#16236)
It was displayed for the "everyone" group too, but that was not
necessary.
2022-03-28 19:38:29 +03:00
David Taylor c219740274
DEV: Add polyfill for `String.prototype.replaceAll` (#16301) 2022-03-28 17:18:56 +01:00
David Taylor 720e1ca9e7
FEATURE: Support upload:// urls in img tags (#16277)
Previously, our `upload://` protocol urls were only supported in markdown image tags. This meant that our PullHotlinkedImages job was forced to convert `<img` tags to markdown. Depending on the exact syntax, this can actually cause the image to break.

This commit adds support for `upload://` inside regular HTML `<img` tags. In a future commit, we'll be able to use this to make our PullHotlinkedImages job much more robust.

Context at https://meta.discourse.org/t/152801
2022-03-28 16:46:47 +01:00