Ensure that the inappropriate flag is used and not some other flag
type. If some other flag is used a message will be posted letting the
user know they used the wrong flag and the original flag will be removed
so that they can try again.
Bug reported on meta: https://meta.discourse.org/t/-/157075
Previously it would sleep for either 2 or 3 seconds instead of sleeping
between a range of 2 to 3 seconds. Also, 2 to 3 seconds seems to be
excessivly long when I tried out discobot again.
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).
This ensures we always create one during the seed phase.
In French, the help trigger has a raw content of "afficher l'aider" which is then cooked into "afficher l’aide" (note the different quote character).
Since we were checking the raw content of the trigger against the cooked version of the post, this trigger never worked in French.
This changes so that we cook the trigger before checking in against the cooked version of the post.
DEV: new 'discobot_username' method that is used everywhere instead of 'discobot_user.username' / 'discobot_user.username_lower'
This reverts commit 20780a1eee.
* SECURITY: re-adds accidentally reverted commit:
03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
instead of the 03d26cd6 parent (which contains security fixes)
Previously the image was imported from a Discourse hosted CDN but the
URL has since become invalid. However, it was not caught since all
errors are rescued. This commit fixes the issue by shipping the user
avatar with the plugin.
* Rename all instances of bookmarkWithReminder and bookmark_with_reminder to just bookmark
* Delete old bookmark code at the same time
* Add migration to remove the bookmarkWithReminder post menu item if people have it set in site settings
* Bookmarks with reminders is a core feature now, no need to have a separate URL
* Keep around the old /u/:username/activity/bookmarks-with-reminders route for backwards compat in Ember but just redirect to user activity bookmarks.
The main thrust of this PR is to take all the conditional checks based on the `enable_bookmarks_with_reminders` away and only keep the code from the `true` path, making bookmarks with reminders the core bookmarks feature. There is also a migration to create `Bookmark` records out of `PostAction` bookmarks for a site.
### Summary
* Remove logic based on whether enable_bookmarks_with_reminders is true. This site setting is now obsolete, the old bookmark functionality is being removed. Retain the setting and set the value to `true` in a migration.
* Use the code from the rake task to create a database migration that creates bookmarks from post actions.
* Change the bookmark report to read from the new table.
* Get rid of old endpoints for bookmarks
* Link to the new bookmarks list from the user summary page
This is to streamline the new user narrative. only works when creating the bookmark, if editing/deleting the modal is shown. This is done via the plugin initializer.
This change refactors the code a bit so that a plugin could easily
replace which badge is awarded when completing the discobot new user
tutorial and advanced tutorial.
By adding a static method and putting the BADGE_NAME constant inside of
that method we can simply call that method now instead of the constant.
A plugin could then `class_eval` that method and replace it with
whatever badge name they choose. This is way cleaner than having the
plugin change the frozen constant! eeek.
* Do not grant badges for posts with no user
* Ensure instructions are correct in Change Owner modal
* Hide user-dependent actions from posts with no user
* Make PostRevisor work with posts with no user
* Ensure posts with no user can be deleted
* discourse-narrative-bot should ignore posts with no user
* Skip TopicLink creation for posts with no user
When a user accepts an invite with an email address that matches a group
which automatically awards its members Trust Level 2, a race condition might happen
when the 'send_advanced_tutorial_message' job runs.
That job is enqueued inside the 'user_promoted' event which is triggered inside a
transaction on the user record. If the job runs before the transaction is done,
the user record is invisible and this generates an exception.
FileHelper.download requires a string not a URI. I also found another
instance of using open-uri directly and swapped it out to use
FileHelper.
I also updated it to not `read` a file if it comes back nil.
Follow up to: fe01099a38
By requiring open-uri this will fix the following error:
```
NoMethodError (private method `open' called for #<URI::Generic...
```
also switched to the shorter syntax and removed default options. Since
ruby 2.4 redirect is on by default.
To eliminate a DDOS attack vector, we're taking the following measures:
The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.
In the future we should also deprecate `this.appEvents` without an
explicit injection too.
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains.
We no longer need to use Rails "require_dependency" anywhere and instead can just use standard
Ruby patterns to require files.
This is a far reaching change and we expect some followups here.
Advanced trigger is currently broken on:
ca
es
et
fr
he
it
pt_BR
And that is because the translation levels for the plugin are kinda low, so I would guess it's broken for half the languages.
Since we have only two tracks for a while now, a quick fix to me is inverting the selectors.
This patch works because the advanced key is "larger" than the new user one.
If a locale has triggers that start with the same word, our regexp will
always end up matching the first trigger. For example,
`start tutorial` and `start tutorial advanced`
To support the change, we have to make the match on triggers more
restrictive. `@discobot quote here` will no longer work like `@discobot
quote`.
Previously we relied on fabrication on anonymous, we can not get the
transaction commit pipeline to work as it does in production, cleanly
This amends it so our anonymous user is created using the core APIs
Signed-off-by: Sam Saffron <sam.saffron@gmail.com>
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging