Commit Graph

20795 Commits

Author SHA1 Message Date
Robin Ward f14020dd0a Allow the topic excerpt size to be customizable by plugins 2019-10-16 16:28:28 -04:00
Rafael dos Santos Silva 6e9c8fe854
FIX: More encoded slug fixes (#8191)
* FIX: Do not encode the URL twice

Now that we encode slugs in the server we don't need this anymore.

Reverts fe5na33

* FIX: More places do deal with encoded slugs

* the param is a string now, not a hash

* FIX: Handle the nil slug on /categories

* DEV: Add seeded? method to identity default categories

* DEV: Use SiteSetting to keep track of seeded categories
2019-10-16 17:08:43 -03:00
Daniel Waterworth 7a0c06691c FIX: Account for nil when looking up subcategories 2019-10-16 20:04:54 +01:00
Penar Musaraj baf8ae604a FIX: Correct topic timeline position calculation
Fixes calculation for themes with tall custom headers.
2019-10-16 15:01:01 -04:00
Penar Musaraj 48c1238492 FIX: Do not send notification to empty push_url
Completes e4424d7
2019-10-16 11:27:07 -04:00
Kris d6118c8bc8 Add digest email template classes for popular post section 2019-10-16 11:22:33 -04:00
Penar Musaraj e4424d7c2e FIX: Do not make notification API call if push_url is blank
Followup to 77643931bc
2019-10-16 10:59:06 -04:00
Kris 1c4baadc49 UX: Wrap digest email footer in a table for better alignment options 2019-10-16 10:39:40 -04:00
Penar Musaraj c6e255f4e0 UX: Include metadata in composer link modal search results
Metadata includes topic status (closed, pinned, solved, etc.) as well as category and tags.
2019-10-16 10:17:27 -04:00
Daniel Waterworth 7ba914f1e1 FIX: Add migrations to fix index on category slugs
Slugs can be the empty string, but the added index didn't account for
that. This commit changes the migration, stopping it from being unique
so that it can be applied everywhere and adds another migration that
recreates the index properly.
2019-10-16 14:02:11 +00:00
Joffrey JAFFEUX 02250bd91f
DEV: removes one deprecation with app-events:main 2019-10-16 10:50:43 +02:00
Joffrey JAFFEUX 5a543f8abd
FIX: prevents trash button to get focus when submiting input on profile (#8198)
This is a default behavior for browsers to submit using first button which doesn't have `type="button"` in a form when pressing enter inside an input.
2019-10-16 10:05:46 +02:00
Arpit Jalan c596d7df77 FIX: respect private_email setting for user invited notification email 2019-10-16 12:50:30 +05:30
Arpit Jalan 600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Sam Saffron d5d8db7fa8 FEATURE: improve honeypot and challenge logic
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.

This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.

We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations

Client has been made aware of these changes.

Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293

This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
2019-10-16 16:53:44 +11:00
Kris 645faa847b Follow up fix to c71da3f, class was defined twice 2019-10-15 20:12:50 -04:00
David Taylor 7332649f1a DEV: Add plugin outlet to category security tab 2019-10-15 22:37:41 +01:00
Kris 50b618dd44 UX: Add CSS classes to digest email template to allow for easier styling 2019-10-15 16:21:55 -04:00
Daniel Waterworth c71da3f335 FIX: Add unique index to prevent duplicate slugs for categories 2019-10-15 19:44:50 +00:00
Daniel Waterworth 5f5b232cde FIX: Category.find_by_slug
find_by_slug should ensure that the parent actually exists when its
looking for a parent.
2019-10-15 16:44:24 +01:00
Penar Musaraj e83c2488a2 FIX: do not unpin reply box in iOS when selecting Emoji 2019-10-15 10:51:53 -04:00
Vinoth Kannan b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Daniel Waterworth 0de7e4339c FIX: Subcategory permissions validation
When a category has a subcategory, we ensure that no one who can see the
subcategory cannot see the parent. However, we don't take into account
the fact that, when no CategoryGroups exist, the default is that
everyone has full permissions.
2019-10-14 21:13:22 +01:00
Daniel Waterworth c49b20a1a2 FIX: Validation of category tree depth
This prevents the creation of sub-sub-categories in multiple tabs
2019-10-14 21:13:22 +01:00
romanrizzi 9845963105 FEATURE: Use the 'ugc' rel attribute alongside 'nofollow' 2019-10-14 15:21:48 -03:00
David Taylor 392f6cdf33 DEV: Stop overriding computed property on `models/category.js.es6`
This causes an Ember deprecation notice, and is a confusing pattern. We never used the default values, so there is no benefit to including them.
2019-10-14 16:26:48 +01:00
Gerhard Schlager 2c011252f1 FIX: Move notification level only when user posted
Moving posts also moves the read state (`topic_users` table) to the destination topic. This changes that behavior so that only users who posted in the destination topic will have the original notification level (probably "watching") of the original topic. The notification level for all other users will be set to "regular".
2019-10-14 15:06:09 +02:00
Gerhard Schlager f1742617fb PERF: Faster moving of read state
This should improve the performance of moving the read state of lots of posts to a new/existing topic.
2019-10-14 15:06:09 +02:00
Dan Ungureanu 086b46051c
FIX: Zeitwerk-related fixes for jobs. (#8187) 2019-10-14 13:03:22 +03:00
Arpit Jalan 815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188)
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 15:40:33 +11:00
Jeff Wong 2b74dc5885 FIX: allow change password with TOTP 2019-10-13 00:53:57 -07:00
Joffrey JAFFEUX 312ecf2a05
FIX: allows scrolling of search menu panel when showing more results (#8186) 2019-10-11 22:25:28 +02:00
Robin Ward c5d03c30ca DEV: Add a plugin API for registering a "beforeSave" on the composer
This allows plugins to perform operations before saves occur, and
perhaps reject the post.
2019-10-11 14:55:27 -04:00
Robin Ward ee4369f972 Hook that allows custom logic before saving the composer 2019-10-11 14:55:09 -04:00
Faizaan Gagan 4d67f2a8ed bumped plugin api version to 0.8.33 (#8185) 2019-10-11 13:56:04 -04:00
Mark VanLandingham f63db1c4c8
FIX: Accurate sub_total calculation for reviewable_scores (#8184) 2019-10-11 11:07:19 -05:00
Rafael dos Santos Silva 76ab0350f1
FIX: Properly encoded slugs when configured to (#8158)
When an admin changes the site setting slug_generation_method to
encoded, we weren't really encoding the slug, but just allowing non-ascii
characters in the slug (unicode).

That brings problems when a user posts a link to topic without the slug, as
our topic controller tries to redirect the user to the correct URL that contains
the slug with unicode characters. Having unicode in the Location header in a
response is a RFC violation and some browsers end up in a redirection loop.

Bug report: https://meta.discourse.org/t/-/125371?u=falco

This commit also checks if a site uses encoded slugs and clear all saved slugs
in the db so they can be regenerated using an onceoff job.
2019-10-11 12:38:16 -03:00
Penar Musaraj 3a469a79cf
FEATURE: search topics when adding a link in composer (#8178) 2019-10-11 11:37:44 -04:00
David Taylor 67787799bb DEV: Allow plugins to mark user custom fields as editable only by staff
This adds a staff_only parameter to the register_editable_user_custom_field API. The default is false, to maintain backwards compatibility.
2019-10-11 09:57:55 +01:00
Faizaan Gagan 3bcfa158a7 fixed wrong method name while calling (#8182) 2019-10-11 03:51:18 -04:00
Krzysztof Kotlarek 694a5bf229 FIX: Prevent from creation of duplicated TopicAllowedUsers (#8169)
Ensure that we don't try to create duplicated TopicAllowedUsers

Related to https://meta.discourse.org/t/error-message-topic-allowed-users-is-invalid/130382/5

Spec amended to cover a case creating an overlap.
2019-10-11 17:44:29 +11:00
Penar Musaraj 5c5845f3f2 FIX: Minor Github onebox layout issues
- prevents long branch names from overflowing

- fixes alignment of inline avatars in preview
2019-10-10 21:35:36 -04:00
Penar Musaraj 21f3c044e5 FIX: Mobile adjustments for reviewable list 2019-10-10 21:19:49 -04:00
Faizaan Gagan 8fc0cc9aaa Serialize draft (#8175)
* DEV: allow serializing data for drafts

* Various fixes

* added an alias method for 'serializeToDraft' to plugin-api

* fixed linting issues

* changed single quotes to double quotes to fix linting issue

* fixed linting issues

* fixed composer model file via prettier

* fixed composer controller file via prettier

* fixed plugin-api file via prettier
2019-10-10 13:02:35 -04:00
Arpit Jalan 1be8c737e6 UX: add glyph to "Help" button on Password Reset modal 2019-10-10 10:15:43 +05:30
Sam Saffron 5aaf7e3316 FIX: during concurrent emails generation renderer should not be reused
Our instance used for template rendering needs a lock to ensure there is
no race condition where rendering happens on 2 threads at the same time.

This can lead to local poisoning which can cause unexpected results in
emails
2019-10-10 08:50:48 +11:00
Penar Musaraj 04452e748d DEV: remove old code, refactor jQuery call 2019-10-09 14:40:48 -04:00
Mark VanLandingham d710316ed1 FIX: Order UserFields by position, by default (#8176)
* FIX: site user_fields sorted by position

* FIX: Sort UserField by position for Site
2019-10-09 13:49:28 -04:00
Penar Musaraj a91ad81ed1 UX: Trigger primary action in modals using Enter
A modal's primary action (blue button in the default theme) can now be invoked
by hitting Enter on the keyboard. This applies to all modals that aren't strict
forms as long as the focus is not on a textarea element.
2019-10-09 13:28:07 -04:00
Gerhard Schlager 10e509e47f FIX: Don't swallow the original error when moving posts
Dropping the temp table in an `ensure` block hides the actual exception. Creating the table with `ON COMMIT DROP` makes the temp table disappear automatically at the end of the transaction. We only need the explicit `DROP` in tests, because tests already run inside a transaction, so the temp table won't be dropped after each test which leads to spec failures.
2019-10-09 17:02:17 +02:00
David Taylor 445a3851d6 FEATURE: Display created and last_used dates for API keys 2019-10-09 14:24:41 +01:00
Roman Rizzi 10478cb395
DEV: Bump uglifyjs (#7834)
* Rewrite uglifyjs command to work with 3.x

* Use ES5 syntax in plain JS files

* Use the older command if uglifyJS V2.x is installed
2019-10-09 10:02:49 -03:00
David Taylor 939a746dcd UX: Use theme colors for GitHub issue labels
Bump onebox version to pull tag rendering bug fix
2019-10-09 12:28:48 +01:00
David Taylor 3edd514c72 FEATURE: Redesigned GitHub oneboxes
Bump onebox version, and add new styling

Commit, PR and Issue oneboxes are updated with a new design. Timestamps are now localized using local-dates (if installed).
2019-10-09 11:47:58 +01:00
Sam Saffron 3d5f71dac7 DEV: stop mixing in application helper where not needed
We were mixing in 20 or so methods into a controller just to use a single
one.

The helper itself is not the actual implementation anyway... MobileDetection
is responsible here.
2019-10-09 13:06:18 +11:00
Sam Saffron 602215a273 SECURITY: mini profiler enabled incorrectly for admins
We expect mini profiler only to show up on accounts that are flagged as
developer accounts.

Unfortunately there was a bypass on any controllers that mix in ApplicationHelper
2019-10-09 12:49:22 +11:00
Joffrey JAFFEUX 49a4b0dd9c
DEV: adds teardownComponent hook to connector class (#8171)
This is the counterpart to setupComponent and allows you to clean any observers or state when the component is destroyed.
2019-10-09 00:26:33 +02:00
Penar Musaraj 30cda1761d
UX: Better composer hyperlink modal (#8160) 2019-10-08 16:19:07 -04:00
Penar Musaraj 1ee633cea4 FIX: Topic timeline placement on iPad 2019-10-08 16:10:09 -04:00
Gerhard Schlager bee000bcec FIX: Existing post timings could prevent moving posts
Post timings are created by `topic_id` and `post_number` and it's possible that the destination topic already contains post timings for non-existent posts. For example, this can happen if the destination topic was previously split and Discourse recorded post timings for moved posts in the destination topic.

This commit ensures that all timings which reference non-existent posts are deleted from the destination topic before the posts are moved.
2019-10-08 21:07:29 +02:00
Robin Ward eae57652a4 FIX: Bump Compiler Version
In 98719be we fixed raw handlebars, but they won't be recompiled without
this bump.
2019-10-08 14:50:14 -04:00
Roman Rizzi b805037825
FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
Penar Musaraj b20b6c52e1 FIX: Do not reset original scroll position in iOS to zero
This avoids scrolling to the top of a post when toggling focus to the composer textarea
2019-10-08 11:59:53 -04:00
Penar Musaraj c3a5a8e095 UX: Refactor iOS composer layout
This addresses the following issues:
- on iPad, with keyboard attached, the composer is no longer forced to full screen
- on iPad, with keyboard attached, the topic no longer scrolls when starting a
  reply and then cancelling it
- switching between inputs and buttons (formatting, emojis, categories/tags, etc.) no longer
  causes layout to bounce around
2019-10-08 11:16:41 -04:00
Robin Ward d527f3a723 Log an event for `topic:created`
You can distinguish between `post:created` and `topic:created` now.
2019-10-08 10:39:03 -04:00
Robin Ward 50fae909d6 Add an appEvent for when a post is created
List for `post:created` and you'll be passed the new post when it is
created.
2019-10-08 10:12:38 -04:00
Mark VanLandingham 057f698e37 FIX: Store user_accuracy_bonus to clarify explanations (#8165)
* FIX: Store user_accuracy_bonus to clarify explanations

* Fixed specs from rounding change

* migration cleanup

* user_accuracy_bonus column not nullable
2019-10-08 09:49:07 -04:00
Dan Ungureanu fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
David Taylor 228a55a475 UX: Reduce size of github onebox icons 2019-10-08 11:08:36 +01:00
Sam Saffron 7a5daa3079 DEV: lint file
needed a prettier run
2019-10-08 12:15:23 +11:00
Daniel Waterworth 87f0b56191 UI: Scroll to the bottom of the page when the scrollbar hits the end (#8101) 2019-10-08 12:00:58 +11:00
Robin Ward afe7429e7d Add more analytics events
The ability to track when likes and bookmarks are toggled
2019-10-07 16:39:17 -04:00
Penar Musaraj 1aaddf13a0 UX: remove iPad keyboard user setting from iOS 13
Removes setting for iOS devices that support Visual Viewport API.

On devices where it was previously enabled, it was causing some scrolling drift when invoking the composer.
2019-10-07 14:55:25 -04:00
Robin Ward 5c9acfec1d Add event for when "Reply" is clicked
This is useful by analytics libraries or other code that wants to track
when replies are begun. A new event: `page:compose-reply` is fired with
the topic.
2019-10-07 14:30:31 -04:00
Robin Ward 847f48a9d0 Add an app event for when a topic is fully loaded
If we are interested in page events (say analytics), they are reported
when the route changes, which does not wait for any promises in
`setupController` to finish.

A plugin might want to know when a topic has fully loaded, so this event
is triggered when that happens.
2019-10-07 14:30:31 -04:00
David Taylor 615039f228 FEATURE: Improve GitHub commit, PR and issue onebox rendering
Bump onebox version to include new github rendering, and add relevant CSS

Avatars are reduced in size significantly, and icons are added to easily differentiate PRs and commits. The 'Issue:' prefix is removed from issue oneboxes, to make them consistent with commits and PRs.
2019-10-07 19:26:10 +01:00
Penar Musaraj 342b925b02 FIX: Add mobile padding to bottom of user preferences screen 2019-10-07 12:03:31 -04:00
Sam Saffron 71ea4ad7fc PERF: reuse renderer when rendering email templates
Previous to this fix we were leaking methods on the internal action view
template class per render.

This caused email generation to be very low and a steady memory leak in the
application in sidekiq when sending out emails

The behavior change is new to Rails 6 so this fix does not need to be
backported into stable.
2019-10-06 23:57:03 -04:00
Penar Musaraj d45866eb5c UX: Fix topic progress placement in iOS app
Fixes placement issues introduced in #45a55a3

Fixes topic progress placement when composer is collapsed with a draft
2019-10-06 16:10:08 -04:00
Kris be85bc9dac convert ip lookup copy anchor to button 2019-10-04 16:28:36 -04:00
Mark VanLandingham 868303e5d9 FEATURE: Weighted reviewable user accuracy (#8156)
* FEATURE: Inaccurate users have negative review accuracy

* FIX: disallow negative reviewable score even if the accuracy would make it negative
2019-10-04 15:10:56 -04:00
Mark VanLandingham 30087beb72
UX: Input for name when creating a new authenticator (#8153)
* FEATURE: Added input for name when creating a new authenticator in user preferences

* FEATURE: Added placeholders to authenticator inputs

* Ran prettier on second-factor-add-totp.js.es6
2019-10-04 13:46:48 -05:00
Kris 9e9d57d7ee General admin style cleanup 2019-10-04 13:25:54 -04:00
Penar Musaraj 77643931bc FIX: Ensure push_url exists before making push notification API call 2019-10-04 11:52:10 -04:00
Robin Ward f5d391a48a
REFACTOR: Move `app-events:main` to `service:app-events` (#8152)
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.

In the future we should also deprecate `this.appEvents` without an
explicit injection too.
2019-10-04 10:06:08 -04:00
Jarek Radosz 5e88baebb6 DEV: Remove SiteSetting.default_categories_selected (#8138)
Added on Aug 21, 2015 in bef80633b1
The only usage removed on Aug 26, 2015 in 4ba89eec27

As far I can tell it isn't used by core or any official plugins.
2019-10-04 15:57:17 +10:00
Kyle Zhao 75d54e3335 UX: Add "Drafts" to quick access profile tab. (#8155) 2019-10-04 15:48:17 +10:00
Kris 8ccd286721 Minor category link alignment adjustment 2019-10-03 21:19:03 -04:00
Osama Sayegh e27f332318
PERF: speed up about page render time and limit category mods (#8112)
* PERF: speed up about page render time and limit category mods

* Remove return

* Remove widgets

* Convert admins and mods lists

* Rename component

* Apply Joffrey's patch

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Make limit 100
2019-10-03 21:48:56 +03:00
Jeff Wong d6b39dc01d REFACTOR: use const rather than var 2019-10-03 11:45:03 -07:00
Kris 0744e70022 UX: restrict tall modal height to viewport % 2019-10-03 13:16:28 -04:00
Roman Rizzi 10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Joffrey JAFFEUX aaf15944f8
FIX: errors due to confusion between trustLevel and trust_level (#8149) 2019-10-03 08:52:07 -04:00
Mark VanLandingham 1e2aa263a9 FIX: update user vote count on topic trash/recover (#8144) 2019-10-03 07:53:48 -04:00
Penar Musaraj fa1ed9799c UX: Fix composer layout in Android
Viewport-relative height causes title to be below address bar in Android
2019-10-03 07:43:54 -04:00
Penar Musaraj 45a55a3abf FIX: Correct position of topic progress in iOS when composer is visible
This fix is needed due to what feels like an iOS Safari bug. The CSS rule `margin-bottom: env(safe-area-inset-bottom);` should not apply to the topic progress element when the composer is visible, because the element is not near the bottom of the viewport.
2019-10-02 20:54:11 -04:00
Penar Musaraj 1051a95160 UX: Trigger composer resize when dismissing keyboard in iPad 2019-10-02 20:20:50 -04:00
Sam Saffron 1c3cbbe883 UX: bypass chrome autocomplete when editing admin text fields
Same issue as: 918a0ea3

off is ignored in chrome per: https://bugs.chromium.org/p/chromium/issues/detail?id=587466
2019-10-03 09:01:55 +10:00
Martin Brennan 61868e50cb Check webauthn support when registering security keys (#8146) 2019-10-03 08:26:26 +10:00
Joffrey JAFFEUX 91dd6aacfb
FIX: ensures chart parent element is still present before render (#8145) 2019-10-02 17:54:30 -04:00
Jeff Wong dbb33f08a9 REFACTOR: clean-up webauthn mobile view 2019-10-02 11:49:36 -07:00
Martin Brennan 9f5ec7154d [FIX] Webauthn security key fixes after real-world usage (#8135)
* Fix broken security key 2FA on mobile login.hbs

* Show nicer error message when a security key already exists

* [COPY] Disable -> Delete for security key editing

* Standardize UI elements in 2FA prefs password confirmation

* Minor fixes to label location for resetPasswordProgress
2019-10-02 11:47:29 -07:00
Penar Musaraj eeea016f23 FIX: Show composer above DiscourseHub app nav on iPad 2019-10-02 14:13:33 -04:00
Penar Musaraj ea4e9dba8e FIX: Apply Visual Viewport composer height calc in iOS only 2019-10-02 13:37:41 -04:00
Joffrey JAFFEUX d0390fba3e
UX: displays reads/likes in the same order that post menu buttons (#8140) 2019-10-02 13:00:47 -04:00
Penar Musaraj ceb29d3eea UX: Full viewport composer layout on iPad
Partially reverts 94ab48c by using Safari hacks on iPad again.

This brings parity in the composer UI between iPhones and iPads

Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
2019-10-02 12:36:11 -04:00
Joffrey JAFFEUX 7f114ef861
DEV: removes dead code (#8130)
This commit also refactors the new code which did make this dead code
2019-10-02 12:15:11 -04:00
Joffrey JAFFEUX fb66ddf161
DEV: removes dead coded (#8129)
As per sam:

b9ccf4d09c/app/assets/javascripts/discourse.js 1

We used to put (*) topic title for certain cases, something that we totally stopped doing.
2019-10-02 12:13:39 -04:00
Joffrey JAFFEUX ef610af328
FIX: exception with triggerRefresh and subcat listing (#8131)
Clicking fast on the "top", "unread", or "latest" button  when browsing a parent category page with subcategories and the setting `Show subcategory list above topics in this category` enabled would cause an exception:

```
Uncaught Error: Nothing handled the action 'triggerRefresh'. If you did handle the action, this error can be caused by returning true from an action handler in a controller, causing the action to bubble.
```
2019-10-02 07:51:23 -04:00
Sam Saffron 34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Sam Saffron 3f6af54fe1 DEV: minor fixes related to zeitwerk
A couple of specs stopped working post zeitwerk. Adding missing require
corrected inheritance to avoid a circular ref.
2019-10-02 14:28:18 +10:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Ryan Boder b7ebe574df FEATURE: Add topic and category context to post webhook payload (#8110)
Adds additional fields topic_archetype and category_slug to the post
webhook so that handlers have some context about the post event without
having to call back to the API.

Discussed [here](https://meta.discourse.org/t/webhooks-how-best-to-differentiate-a-pm-from-a-public-post/76363/13).
2019-10-02 11:41:33 +10:00
Joffrey JAFFEUX 3ee6e859ec FIX: prevents trigger post read count update on non existing post (#8128) 2019-10-02 10:57:34 +10:00
Joffrey JAFFEUX 6e815ba032 DEV: adds discourse:focus-changed app event (#8123) 2019-10-02 10:53:51 +10:00
Krzysztof Kotlarek f331b5eab2 FEATURE: topic title is validated for blocked words (#8127)
Currently, the topic is only validated for censored words and should be validated for blocked words as well.

Blocked word validation is now used by both Post and Topic. To avoid code duplication, I extracted blocked words validation code into separate Validator, and use it in both places.

The only downside is that even if the topic contains blocked words validation message is saying "Your post contains a word that's not allowed: tomato" but I think this is descriptive enough.
2019-10-02 10:38:34 +10:00
Joffrey JAFFEUX bbc250cc35
DEV: ensures relative-ages interval is cleared between tests (#8117) 2019-10-01 22:18:26 +02:00
Joffrey JAFFEUX a5af98a149
DEV: fixes deprecation due to incorrect appEvent setup on share:url (#8122) 2019-10-01 22:17:38 +02:00
Gerhard Schlager f82576deea FIX: Reset watched site settings when default locale changes
Some site settings (e.g. `unicode_username_character_whitelist`) depend on the default locale, so we need to reset the watched settings when the locale changes.
2019-10-01 20:41:16 +02:00
Penar Musaraj 5cf299733a UX: Fix topic progress placement
Keeps element 1em away from the right edge of screen

Takes DiscourseHub app nav position into account on iPad

Uses outerHeight to calculate element height including padding/borders
2019-10-01 13:14:36 -04:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
Kris f7923958e2 UX: fix alignment on topic progress bar and remove some magic numbers 2019-10-01 11:45:51 -04:00
Penar Musaraj 94ab48c616 UX: Improve composer layout in iPads
In iOS 13, Apple no longer includes "iPad" in the user agent by default, so we need to adjust our detection.
2019-10-01 08:22:17 -04:00
Sam Saffron 499472b6a0 FIX: change focus when application resumes in android
Per new lifecycle https://developers.google.com/web/updates/2018/07/page-lifecycle-api

On Android and latest Chrome when an app transitions from "frozen" to
active the new "resume" event fires with no accompanying "visibilitychange"
event.

This means that often background tabs may be stuck thinking that discourse
has no focus when, indeed, it has.

This leads to cases where no posts are marked read anymore.
2019-10-01 12:00:07 +10:00
Kris 5cfbe19eef UX: Change composer's edit reason link to an icon 2019-09-30 20:58:31 -04:00
Penar Musaraj 444d123f0d UX: Use Visual Viewport API for iOS composer height
This applies to iPhones running iOS 13+.
Previous technique remains in place for iOS 12 and below.

Note that this does not apply to iPads on iOS 13 due to Apple no longer
identifying iPads in the user agent string.
2019-09-30 13:56:40 -04:00
Robin Ward d5c5ca46b6 SECURITY: Don't allow base_uri as embeddable host if none exist 2019-09-29 20:51:59 -04:00
Kris 756104432e UX: add class to distinguish specific moderator categories on about page 2019-09-27 09:34:56 -04:00
Vinoth Kannan 02731ef33e FIX: include video tags and short urls in 'have_uploads' method.
While checking the existence of upload in posts we must include <video> tags and 'short-url' format of upload URLs.
2019-09-24 23:17:59 +05:30
Vinoth Kannan 301c5a303f FIX: include 'short_path' as src in each_upload_url method. 2019-09-22 15:32:28 +05:30
Rafael dos Santos Silva 7543695744 FIX: PWA install was broken due to missing basic logo
The current manifest validation in Chrome requires at least one
non-maskable icon to make it installable.

This commit adds the maskable entry as another entry, following up
on changes added in 3e590b8
2019-09-22 00:20:25 -04:00
Rafael dos Santos Silva 3e590b87cf FEATURE: Add support for maskable icons in the PWA manifest
Because:

- Chrome 78 and Firefox Fenix have support for it
- The icons will look better by using all the availiable space
- Admins can control the icon and add appropriate padding since we have a
dedicated asset for the manifest logo. Read more about it on
https://css-tricks.com/maskable-icons-android-adaptive-icons-for-your-pwa/

This commit:

- Adds a new key under the icons array in the webmanifest, named purpose
with maskable value.
2019-09-21 11:50:00 -04:00
Osama Sayegh 57db3c1fbe
FIX: Properly render server side plugin outlets (#8106)
The behavior of the `render` helper method changed in Rails 6 so now the method doesn't render the template and return the output, instead it just returns the file content as-is. Context: https://meta.discourse.org/t/discourse-sitemap-plugin/40348/134?u=osama
2019-09-19 21:51:06 +03:00
Robin Ward d251f12c9c Tweak calculation for reviewable sensitivities/priorities
Previously, calculating thresholds for reviewables was done based on the
50th and 85th percentile across all reviewables. However, many forum
owners provided feedback that these thresholds were too easy to hit, in
particular when it came to auto hiding content.

The calculation has been adjusted to base the priorities on reviewables
that have a minimum of 2 scores (flags). This should push the amount of
flags required to hide something higher then before.
2019-09-19 14:07:56 -04:00
Robin Ward d5b52abf2f FIX: Require a min amount of reviewables before calculating thresholds
On forums with very few flags you don't want to calculate averages
because they won't be very useful. Stick with the defaults until we hit
15 reviewables at least.
2019-09-19 13:42:50 -04:00
Robin Ward 3c6a5836c2 FIX: Sensitivity did not work by default
Forums without previously calculated scores would return the same values
for low/medium/high sensitivity. Now those are scaled based on the
default value.

The default value has also been changed from 10.0 to 12.5 based on
observing data from live discourse forums.
2019-09-19 13:26:17 -04:00
Kris e7ea5d3099 update color variable 2019-09-18 15:57:58 -04:00
Régis Hanol 72e38b291f FIX: proper jumpToPost with whispers/small-actions
findPostIdForPostNumber does not take into account whispers and small actions posts
so the jump might end up on the wrong post.
2019-09-18 18:32:40 +02:00
David Taylor 479fdaaea1
DEV: Allow specifying button class in reviewable action definitions (#8093)
This avoids the need for using `@extend` in SCSS, which can be problematic in plugins

For context, see https://review.discourse.org/t/fix-make-compatible-with-debundled-plugin-css-assets-feature/5297/7
2019-09-18 11:28:59 +01:00
Régis Hanol bb127b8140 FIX: preview up to 'max_oneboxes_per_post' oneboxes
We were counting all the oneboxes in the DOM instead of just the ones in the preview.

Also refactored the logic to count up to 'max_oneboxes_per_post` instead of down to 0.
That also ensured we don't load 11 oneboxes when the setting is limiting to 10.
2019-09-17 23:25:15 +02:00
Robin Ward 5bf3a00328 FIX: Ignored flags should not count in your accuracy score 2019-09-17 14:54:20 -04:00
David Taylor 3da9b99dbf FIX: Live reload plugin stylesheets when the color scheme changes 2019-09-17 09:54:55 +01:00
David Taylor 081c36a459 FIX: Do not include theme variables in plugin SCSS, and fix register_css 2019-09-17 09:54:52 +01:00
Arpit Jalan 4a11e7ee56 fix the build. 2019-09-17 13:00:41 +05:30
Arpit Jalan 671ffc4e06 FIX: do not allow posting of category topic template without any changes 2019-09-17 12:32:46 +05:30
Kyle Zhao fb200e3055 FIX: Escape $ in translations before interpolating (#8100)
The dollar sign (`$`) is a special replace pattern, and `$&` inserts the
matched string. Thus dollars signs need to be escaped with the special
pattern `$$`, which inserts a single `$`.
2019-09-16 13:52:49 -04:00
David Taylor 7c494cc631 DEV: Live-reloading of core/plugin CSS alongside preview_theme_id
In development, we track the last requested theme id, and use that to refresh the correct stylesheet targets. The after_action hook runs on every request, but the preview_theme_id parameter is only sent on the initial HTML request. This commit ensures we only fetch the development theme_id on HTML requests
2019-09-16 17:27:19 +01:00
Dan Ungureanu 520d54d85f
FIX: Open drafts for PMs from Activity > Drafts screen.
Draft.get sometimes returns only the sequence number.
2019-09-16 16:24:42 +03:00
David Taylor 39f7e98b60
FIX: Ensure page is reloaded correctly when a hash is present (#8096)
To demonstrate the issue:
- Visit https://meta.discourse.org/#somethingHere while logged in
- Click "log out"
- You will be logged out, but the page will not be reloaded

Setting `window.location.pathname = "/"` will not reload the page if there is a hash present. Using `window.location = "/"` gives us the desired behavior.
2019-09-16 13:27:12 +01:00
romanrizzi 08b7a3fdfe Fix: Don't show non-members as readers when the post is a whisper 2019-09-13 17:14:31 -03:00
Roman Rizzi 1576b07a10
FIX: Improve protection against problematic usernames (#8097) 2019-09-13 15:11:27 -03:00
David Taylor 98719bee10 FIX: Load raw hbs templates correctly from theme javascripts folder 2019-09-13 18:01:16 +01:00
David Taylor b0211772cb FIX: Explicitly specify the format when loading `/associate/{{token}}`
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. A better solution may be to add a `Vary: Accept` header to all of our HTML responses, but this commit should solve the immediate issue.
2019-09-13 17:22:57 +01:00
Régis Hanol 0cfe47471f FIX: add support for version query parameter in InlineUploads 2019-09-13 18:21:19 +02:00
Kyle Zhao f0f03acb2c FIX: Do not escape `fancy_title` again. (#8095)
`fancy_title` is already escaped by Rails. Escaping it again would print
the HTML entity as-is, e.g. `&quot;` instead of `"`.

This fixes the issue by introducing a new `escapedContent` attribute on
the `QuickAccessItem` widget.
2019-09-13 10:04:14 -04:00
Penar Musaraj 6bbda8eae9 FIX: Do not show latest count in tabs on tag lists 2019-09-12 22:42:48 -04:00
Régis Hanol aa511c5b59 FIX: support <img> in code blocks when inlining uploads
Simpler code is better :)

Also added moar specs to ensure <img> tag inside code blocks are properly ignored.
2019-09-12 21:25:14 +02:00
Penar Musaraj 8f601d5025 UI: Add viewport meta tag to embedded topics layout 2019-09-12 14:14:32 -04:00
Vinoth Kannan 321f559c7c FIX: make markdown regexp patterns case insensitive. 2019-09-12 22:25:15 +05:30
Roman Rizzi 568232052e
DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
hawm 7129637279 FEATURE: Make share button support custom javascript (#8090)
* FEATURE: Make share button support custom javascript

* clean code

* formatting

* formatting
2019-09-12 11:19:43 -04:00
David Taylor 67a98946b8 FIX: Do not log 'pull_hotlinked_images' edits in the staff action log 2019-09-12 15:55:45 +01:00
Penar Musaraj e4b813df4c FIX: Change admin dashboard sort caret icon color on hover 2019-09-12 10:38:53 -04:00
Jarek Radosz 1dcdcb5c31
FIX: Cast all numerical values in reports (#8087)
* FIX: Cast all numerical values in reports

The backend can return some numerical values in report as strings. That results in unexpected order of values when sorting report tables.

* Create `toNumber()` helper

The `typeof` and `parseFloat` seem to be the fastest path: https://jsperf.com/number-vs-typeof-vs-parsefloat#results
2019-09-12 15:17:34 +02:00
David Taylor 73172f00d3
FIX: Clear authentication data from session after create account (#8040) 2019-09-12 12:11:12 +01:00
Kris f4f566a301 Adding above-user-profile plugin outlet 2019-09-11 22:22:00 -04:00
Krzysztof Kotlarek 32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Neil Lalonde 7331e0865a FIX: user directory should not include unapproved users
When the "must approve users" setting is enabled, new users who were
waiting to be approved could show up in the user directory.
2019-09-11 15:18:17 -04:00
Arpit Jalan 59f7c92661 fix the build. 2019-09-11 23:32:58 +05:30
Arpit Jalan 4195548a17 Bump onebox version.
- indicate and link to Flickr Album
2019-09-11 23:23:11 +05:30
Gerhard Schlager 56c6e8e961 FIX: POP3 doesn't work with TLS 1.3 2019-09-11 18:43:19 +02:00
Rishabh d93586c63f FEATURE: Whitelist the `allowfullscreen` iframe attribute (#8086)
Adding this to core allows showing the fullscreen button on external iframe videos like Vimeo.
https://meta.discourse.org/t/full-screen-videos-plugin/90869 will not be needed anymore.
2019-09-11 16:49:54 +02:00
Leo McArdle 9ba4a67766 pass model to above-user-preferences outlet (#8084) 2019-09-11 10:24:22 -04:00
Dan Ungureanu 8b2c272f04
UX: Use medium format for displaying time in post notices. (#8074) 2019-09-11 13:00:53 +03:00
Penar Musaraj 7252c14a16 FIX: Switch to full screen external login for Safari
This is a temporary solution, currently popup auth fails in Safari.
2019-09-11 00:18:37 -04:00
Sam Saffron 93b0ffc85c DEV: improve subfolder inline logic
This follows up on #503a11cc88f with a spec
2019-09-11 12:02:42 +10:00
Michael Brown 503a11cc88 FIX: inline_uploads and subfolder (#8076)
* FIX: inline_uploads and subfolder

* if subfolder, also look for images with a path containing
  cdn_url + relative_url_root

* FIX: migrate_to_s3 task and subfolder
2019-09-11 11:50:48 +10:00
Neil Lalonde f0586ece32 FIX: errors in qunit tests when version check info is missing 2019-09-10 16:38:23 -04:00
Neil Lalonde 82398907af Prettier 2019-09-10 15:09:16 -04:00
Neil Lalonde 509e61e272 UX: Show installed version with SHA instead of number of commits
Removes the "+ 437" string at the end of "v2.4.0.beta2 + 437",
and adds a link to the exact commit on github underneath.
2019-09-10 14:59:51 -04:00
romanrizzi bd930a9c77 FIX: Do not show staged users avatars when expanding the read count indicator 2019-09-10 14:21:34 -03:00
Joffrey JAFFEUX a25869969a
DEV: adds event hook when add/remove user to group (#8038) 2019-09-10 11:58:08 -05:00
Robin Ward 1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Penar Musaraj cf23016360 FIX: Display emojis in search result blurbs 2019-09-10 11:11:15 -04:00
Bianca Nenciu 0d22beb81d
FIX: Improve Onebox detection (#8019)
Follow-up to 7c83d2eeb2.
2019-09-10 13:59:48 +03:00
Arpit Jalan 972c1acef8 DEV: better class names for Flexbox 2019-09-09 21:33:53 +05:30
Kyle Zhao 9b10a78d82 FEATURE: Quick access panels in user menu (#8073)
* Extract QuickAccessPanel from UserNotifications.

* FEATURE: Quick access panels in user menu.

This feature adds quick access panels for bookmarks and personal
messages. It allows uses to browse recent items directly in the user
menu, without being redirected to the full pages.

* REFACTOR: Use QuickAccessItem for messages.

Reusing `DefaultNotificationItem` feels nice but it actually requires a
lot of extra work that is not needed for a quick access item.

Also, `DefaultNotificationItem` shows an incorrect tooptip ("unread
private message"), and it is not trivial to remove / override that.

* Use a plain JS object instead.

An Ember object was required when `DefaultNotificationItem` was used.

* Prefix instead suffix `_` for private helpers.

* Set to null instead of deleting object keys.

JavaScript engines can optimize object property access based on the
object’s shape. https://mathiasbynens.be/notes/shapes-ics

* Change trivial try/catch to one-liners.

* Return the promise in case needs to be waited on.

* Refactor showAll to a link with href

* Store `emptyStatePlaceholderItemText` in state.

* Store items in Session singleton instead.

We can drop `staleItems` (and `findStaleItems`) altogether. Because
`(old) items === staleItems` when switching back to a quick access
panel.

* Add `limit` parameter to the `user_actions` API.

* Explicitly import Session instead.
2019-09-09 11:03:57 -04:00
Nick Quaranto 530356f465 Use Discourse.getURL for /clicks/track so clicks can be tracked on relative URLs (#8079) 2019-09-09 17:41:37 +10:00
Roman Rizzi 7d5f3c1338 UX/PERF: Update readers count when a post from another user is read. Don't fetch the post data again just to update the count. (#8078) 2019-09-09 11:29:15 +10:00
Robin Ward 3e3f6b1b62 Revert "FIX: Auth popup handling for Safari same-site cookie quirks"
This reverts commit 310a8ac242.

It seems this breaks google authentication. My suspicion is opening
the URL twice invalidates the CSRF after the first access.
2019-09-06 15:46:48 -04:00
Gerhard Schlager 52461abad9 FIX: Move read state when moving posts
* Moves / copies post timings
* Moves / copies topic users
* Fixes a small bug in the calculation of post numbers
2019-09-06 20:52:44 +02:00
Gerhard Schlager 631315624d FIX: Topics with muted tag didn't show up when filtering by category and tag
It also removes the redundant `filter` parameter. Previously URLs looked like this:

```
http://example.com/tags/c/some-category/muted-tag/l/latest.json?filter=tags/c/some-category/muted-tag/l/latest
```

But it looks like the `filter` parameter was only used to find out if topics with a muted tag should be removed or not. But the same thing can be accomplished by using the first tag ID. The following URL looks a lot cleaner.

```
http://example.com/tags/c/some-category/muted-tag/l/latest.json
```
2019-09-06 20:38:03 +02:00
Rimian Perkins 6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Arpit Jalan 103629d257 UX: better user image for embed/topics 2019-09-06 06:23:07 +05:30
Vinoth Kannan f0f6b715ce fix the typo
c1769b0ec5
2019-09-06 01:33:23 +05:30
Vinoth Kannan c1769b0ec5 DEV: improve the code readability.
82c5a1d20f
2019-09-06 01:27:29 +05:30
Arpit Jalan d78ed3159d FEATURE: add topic creator username on topic list embed 2019-09-05 22:43:38 +05:30
Sam Saffron cd894b7d17 FIX: inline_uploads not working on subfolder setups 2019-09-05 15:32:33 +10:00
Jeff Wong 6b6b0f09c4 UX: Align timeline controls to the top 2019-09-04 17:28:54 -07:00
romanrizzi f9ee6e923a UX: Hide the read indicator if read count is zero 2019-09-04 16:55:39 -03:00
Roman Rizzi 7a70fce584
FIX: :reject_user_delete action can only be handled by ReviewableUser (#8068) 2019-09-04 14:12:48 -03:00
Jeff Wong c20d26a500 FEATURE: add before-topic-progress plugin outlet 2019-09-04 09:31:06 -07:00
Robin Ward bde0ef865f
FEATURE: Adds a pop up that shows a more detailed score for reviewables (#8035)
If you click a (?) icon beside the reviewable status a pop up will
appear with expanded informatio that explains how the reviewable got its
score, and how it compares to system thresholds.
2019-09-04 09:56:25 -06:00
Arpit Jalan 5109cef126 Fix the build. 2019-09-04 20:44:05 +05:30
Arpit Jalan a5c28f56d1 UX: use Flexbox for topic list embed 2019-09-04 20:22:57 +05:30
Sam Saffron 213117b84c PERF: use CDN url for proxy of favicon
This avoids hitting S3 direct which is usually not desirable.
2019-09-04 18:21:07 +10:00
Arpit Jalan 3e37801d05 DEV: validate param value on /embed/topics 2019-09-04 13:31:46 +05:30
Mark VanLandingham d819b55038 FEATURE: support data-explorer outlet in group navigation (#8063) 2019-09-04 16:15:10 +10:00
Penar Musaraj 21e5772aa5 FIX: Mobile Safari composer improvements (#8069)
- prevents keyboard from being invoked when textarea is disabled

- avoids scrolling up when switching focus from title to textarea on new topic creation
2019-09-04 16:04:07 +10:00
Vinoth Kannan 82c5a1d20f FIX: Make 'group membership requests' feature compatible with visibility level option 'logged_on_users'. 2019-09-04 03:22:55 +05:30
Penar Musaraj c468abe9d0 FIX: Adjust composer size for iPhone Xs Max and Xʀ 2019-09-03 12:47:00 -04:00
Sam Saffron dc9110cc43 FEATURE: track date api key was last used
Start tracking the date an api key was last used. This has already been
the case for user_api_keys.

This information can provide us with the ability to automatically expire
unused api keys after N days.
2019-09-03 18:11:30 +10:00
Arpit Jalan d64908ba27 fix the build. 2019-09-02 20:04:21 +05:30
Arpit Jalan 111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Vinoth Kannan aa012d12dc FIX: include 'short_url' as src if upload url not exist
The URL '/images/transparent.png' will be used in the cooked content if upload record not found. In that case we have to use 'short_url' as image src in 'post.each_upload_url' method.
2019-09-02 15:11:22 +05:30
Régis Hanol 75eebc904e FEATURE: new 'Discourse-Render' HTTP header 2019-08-30 20:45:18 +02:00
Penar Musaraj 4d6eacac5c FIX: close user card after clicking Message button
This was primarily an issue on mobile, where after clicking the "Messsage" button in the user card, the composer would load behind the user card overlay.
2019-08-30 13:40:12 -04:00
David Taylor 310a8ac242 FIX: Auth popup handling for Safari same-site cookie quirks
When opening authentication popup, start with an on-site URL. Opening "about:blank", and then POSTing the form does not send same-site=Lax cookies. Opening the popup to a page on the site domain, and then POSTing the form, works successfully.
2019-08-30 17:55:18 +01:00
Roman Rizzi e515324afa
Feature/Fix: Flagged posts user notifications (#8041)
* FIX: User should get notified when a post is deleted

* FEATURE: Notify posters when restoring flagged posts

* Fix typo

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Improve tests
2019-08-30 10:27:52 -03:00
David Taylor 3c6176b844 FIX: Allow accessing nested objects within theme settings
This is required to access keys within the new theme_uploads object
2019-08-30 12:27:02 +01:00
David Taylor e2449f9f23 Revert "Revert "Revert "FIX: Heartbeat check per sidekiq process (#7873)"""
This reverts commit c3497559be.
2019-08-30 11:26:16 +01:00
David Taylor 5d4fcc62bb Revert "FIX: heartbeat should be per host"
This reverts commit 17bed44405.
2019-08-30 11:25:59 +01:00
David Taylor be96c4478e
FEATURE: Login with Discord (#8053)
This migrates the functionality of discourse-plugin-discord-auth into core. 

The plugin will automatically disable itself when core is updated: fd0867844d?w=1

For setup instructions, visit https://meta.discourse.org/t/configuring-discord-login-for-discourse/127129
2019-08-30 10:54:19 +01:00
Sam Saffron ac7d68a745 FIX: in case of orphan user records skip badge
There are rare cases where orphan user records can exist, skip badges
2019-08-30 17:21:34 +10:00
Sam Saffron 17bed44405 FIX: heartbeat should be per host
We need to schedule heartbeat on the correct host, otherwise some queues
may end up starving.
2019-08-30 16:10:08 +10:00
Sam Saffron 3e855e33ae FIX: notifications not updating correctly from background tab
We refactored some code to avoid app event leak in tests at c462c2f2

Unfortunately this broke all background notifications in title and they
were broken for the past multiple months.
2019-08-30 15:51:20 +10:00
Sam Saffron e9cf0de588 FEATURE: do not replace &harr; with an emoji
&harr; technically can be an emoji, but usually will not be used in that way
2019-08-30 15:06:23 +10:00
Sam Saffron c3497559be Revert "Revert "FIX: Heartbeat check per sidekiq process (#7873)""
This reverts commit e805d44965.
We now have mechanisms in place to ensure heartbeat will always
be scheduled even if the scheduler is overloaded per: 098f938b
2019-08-30 10:12:10 +10:00
Osama Sayegh ff8cc244d8
FIX: remote theme record not saved when checking for updates (#8054) 2019-08-30 00:32:54 +03:00
romanrizzi 1a909c16eb UX: User vertical-align: middle instead of em units 2019-08-29 17:33:35 -03:00
Arpit Jalan befab8eafa UX: use color code variable 2019-08-29 23:53:42 +05:30
Arpit Jalan b63d476ee9 UX: convert embedded topic list HTML structure from table to div 2019-08-29 22:23:52 +05:30
romanrizzi 2b3dd1b945 FIX: Avoid publishing changes if the topic was deleted 2019-08-29 13:38:23 -03:00
romanrizzi 13af02b70f FIX: Include read indicator when the publish_group_state is enabled 2019-08-29 12:47:55 -03:00
Gerhard Schlager d516e492a4 FIX: An overridden text of a non-existent plural key resulted in error
When there is an overridden text in the database that belongs to
a pluralized key which doesn't exist in English anymore, the
Customize Texts admin page was unusable. This stops those keys from
ever being returned by a search.
2019-08-29 17:41:19 +02:00
Roman Rizzi ebb389ef8a
UX: Read indicator improvements. (#8049)
* The read indicator now shows up when no member has read the last post of the topic (written by a non-member)
* The read indicator works on mobile and receives live updates from message bus
* The icon we display in the topic list was changed
* Added a title to the indicator to indicate its purpose when hovering over it
2019-08-29 12:03:43 -03:00
David Taylor 98fbc019a3
FIX: Ensure live-reloading of theme CSS works first time (#8052)
The client-side theme-selector would always apply the first in a series of file change notifications. This has been fixed, so it now applies the most recent notification.

Duplicate notifications were being sent because
- The remote_theme autosave was causing every change notification to be doubled
- Color scheme change notifications were being sent every time a theme was uploaded, even if the colors were unchanged

These duplicate notifications have been fixed, and a spec added to ensure it does not regress in future
2019-08-29 15:47:08 +01:00
Sam Saffron 0bf3316aec FIX: race condition during deploys creating stylesheets
In some cases stylesheet cache path may be missing, ensure it exists
prior to writing stylesheet
2019-08-29 17:27:07 +10:00
Sam Saffron 4fce6484fe PERF: reduce window of consistency on user actions
Databases can have a lot of user actions, self joining and running an
aggregate on millions of rows can be very costly

This optimisation will reduce the regular window of consistency down to 13
hours, this ensures the job runs much faster
2019-08-29 13:27:04 +10:00
Régis Hanol 56be4bb8f0 FIX: don't search for tags when editing topic title 2019-08-28 21:25:49 +02:00
Régis Hanol e3eb49729c FIX: don't blow up if the topic does not exists anymore
PERF: only select the only field we use

introduced in 7c741fa0d6 (cc @romanrizzi)
2019-08-28 18:07:56 +02:00
Gerhard Schlager a40e9d9cb5 UX: Remove unused strings about desktop notifications 2019-08-28 16:00:50 +02:00
David Taylor de4bf6ee9f FIX: When activating via omniauth, create tokens after password reset
Resetting a password invalidates all email tokens, so we need to create the tokens after the password reset.
2019-08-28 14:43:25 +01:00
David Taylor 2bb08d93e4 FIX: When activating a user, ensure the change is reflected immediately
When activating a user via an external provider, this would cause the "this account is not activated" message to show on the first attempt, even though the account had been activated correctly.
2019-08-28 14:07:16 +01:00
David Taylor a5e198fa30 SECURITY: Reset password when activating an account via auth provider
Followup to d693b4e35fe0e58c5578eae4a56c06dff4756ba2
2019-08-28 14:07:07 +01:00
David Taylor 9878bc62b3 Revert "Merge pull request from GHSA-7cmh-wm9h-j63f"
This reverts commit 8e5a8d1d54. The change will be re-applied with improvements.
2019-08-28 14:07:03 +01:00
David Taylor ca9ef58318 FIX: Allow dashboard to load even when git version cannot be found 2019-08-28 12:37:42 +01:00