Commit Graph

210 Commits

Author SHA1 Message Date
David Taylor 23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
David Taylor ded3639f87 DEV: Add openid-connect as an official plugin 2018-12-06 16:16:47 +00:00
David Taylor 4e010382cc REFACTOR: Initialize auth providers after `plugin.activate!`
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor 052bf37578 FIX: Use `Discourse.deprecate` instead of `Rails.logger.warn`
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Bianca Nenciu d408073fc2 DEV: Update official plugins list
canned replies is now named discourse-canned-replies which keeps our naming consistent
2018-10-15 13:53:21 +11:00
Joshua Rosenfeld aba4dec27f
Update official plugin list
* Remove duplicate entry
* Add missing plugins
* Update list for new names
2018-10-12 10:12:31 -04:00
Guo Xiang Tan 1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Rishabh Nambiar 943f017a17 Mark discourse-perspective-api as an official plugin 2018-10-04 14:34:22 +05:30
Joshua Rosenfeld afaa722c32
sort official plugin list, remove duplicate entry
`discourse-sitemap` was listed twice, sorted list to help avoid duplication
2018-09-09 13:41:26 -04:00
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Dax74 5f51ef27e7
Added sitemap plugin in the official list 2018-08-29 10:58:26 +02:00
Sam 47e6b8b318 discourse etiquette is an official plugin 2018-08-27 10:03:49 +10:00
Sam 8fa5dd4a1f FEATURE: discourse-checklist is now an official plugin 2018-08-21 10:44:40 +10:00
Robin Ward 5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam 4b000f5d12 FIX: do not use `lib` for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Jeff Wong 059862ed46 Mark discord auth plugin official 2018-08-01 09:33:14 -07:00
David Taylor 8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor 467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor 88241f57a3
FEATURE: allow auth plugins to have a site setting for full screen login 2018-07-26 11:11:16 +01:00
Nick Shearer def2c977ce allow auth plugins to have a site setting for if they should be full screen vs popup window 2018-07-25 19:20:11 -05:00
David Taylor 0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joshua Rosenfeld 212f518cd1
Add invite tokens to official plugins list 2018-06-30 17:24:45 -04:00
Robin Ward 6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX 24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Blake Erickson 9963078dd1 Add to offical plugins list 2018-06-18 10:20:49 -06:00
Robin Ward e5c156b226 Add `characters-required` to official plugins list 2018-06-18 10:30:46 -04:00
Régis Hanol 4d75535f9e Revert "Revert "Revert "Add discourse-group-tracker to official plugin list."""
This reverts commit d1dc8e4226.
2018-06-11 15:52:20 +02:00
Régis Hanol d1dc8e4226 Revert "Revert "Add discourse-group-tracker to official plugin list.""
This reverts commit 1a00aaa825.
2018-06-11 14:30:16 +02:00
Guo Xiang Tan 1a00aaa825 Revert "Add discourse-group-tracker to official plugin list."
This reverts commit e262cb07d4.
2018-06-08 10:51:16 +08:00
Guo Xiang Tan e262cb07d4 Add discourse-group-tracker to official plugin list. 2018-06-08 09:55:26 +08:00
Dax74 5bd38e3a29
Add Github Linkback plugin 2018-05-31 01:02:35 +02:00
Joshua Rosenfeld 4ad924bcf5
Add discourse-policy as official plugin 2018-05-29 16:57:05 -04:00
jomaxro be01491c04 Revert "Correct BBCode plugin name"
This reverts commit 10dfdd7d2a.
2018-05-19 20:03:49 -04:00
Joshua Rosenfeld 10dfdd7d2a
Correct BBCode plugin name 2018-05-19 19:53:39 -04:00
Guo Xiang Tan c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan 8cf0f51eb2 UX: Display site settings shortcut for `poll` and `discourse-nginx-performance-report`.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Sam c81854ad14 FEATURE: Rename discourse-cronos to discourse-local-dates 2018-05-04 16:11:50 +10:00
Joffrey JAFFEUX 78435833a5
FEATURE: discourse-cronos is now a core plugin 2018-05-03 20:15:57 +02:00
Robin Ward 93b40d5e59 Don't use `puts` here since it happens in tests 2018-04-30 12:26:43 -04:00
Neil Lalonde e52d914c08 add discourse-user-card-badges to official plugins 2018-04-26 15:28:06 -04:00
Sam 98d142b1c1 also causes test failure, removing 2018-04-26 13:48:44 +10:00
Sam 0a82d739f9 unofficialize plugin 2018-04-26 13:23:14 +10:00
Sam 4ded5e18e6 add more official plugins 2018-04-26 12:33:07 +10:00
Gerhard Schlager afe1a2793d Mark discourse-signatures plugin as official 2018-04-25 11:58:39 +02:00
Guo Xiang Tan 0e38481d6d Add docker_manager to official plugin list. 2018-04-25 13:02:50 +08:00
Guo Xiang Tan bf6e548692 Remove plugin that is internal to us. 2018-04-24 11:07:49 -04:00
Guo Xiang Tan 80847d83a8 Mark `discourse-voting` and `discourse-staff-notes` as official. 2018-04-23 09:26:13 +08:00
Robin Ward cfcdc4b420 Output when a locale is invalid 2018-04-20 15:29:18 -04:00
Joffrey JAFFEUX 45f657336e
FEATURE: adds support for loading existing core asset in pretty text 2018-04-10 08:37:16 +02:00
Guo Xiang Tan 2ddcdf8704 UX: Add an icon to indicate if a plugin is official.
https://meta.discourse.org/t/improving-admin-plugins/84585
2018-04-06 10:54:58 +08:00
Guo Xiang Tan 76e2b6c825 Add "discourse-assign" to the list of official plugins. 2018-03-06 21:45:37 +08:00
Gerhard Schlager eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Jeff Wong b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward 966c7e7f07 FEATURE: Allow plugins to dynamically add seed fixture paths
This is useful if your plugin wants different seed data for different
locales for example.
2017-11-16 14:43:17 -05:00
Guo Xiang Tan 5c8dac3ae5 Replace `discourse-slack-official` with `discourse-chat-integration`. 2017-10-24 09:44:11 +08:00
Sam d4d5e6965e FEATURE: discourse-prometheus is an official plugin 2017-10-24 10:27:28 +11:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward 823936ca9c A plugin API to catch exceptions 2017-10-02 12:05:12 -04:00
Robin Ward 34f98f362f Add a plugin hook to specify a class on the body of the document 2017-09-28 13:17:09 -04:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward e7885c20cb Add reloadable support for patching in an avatar lookup 2017-08-30 14:24:03 -04:00
Guo Xiang Tan 2157079d09 Add Plugin API to register a category custom field. 2017-08-17 15:59:57 +09:00
Régis Hanol 55f449edc5 FIX: reloading issues with classes 2017-08-16 23:00:52 +02:00
Robin Ward 5ed809a15b FIX: Reloading issues with classes 2017-08-13 13:19:50 -04:00
Régis Hanol 51ef36abb4 Add a bunch of reload-friendly class variables accessors plugin APIs 2017-08-12 04:21:02 +02:00
Régis Hanol 75e4f7f896 Shorten some very long lines
Prevent warnings from already defined constants when reloading
2017-08-12 04:18:04 +02:00
Régis Hanol 04460ecac5 'add_to_serializer' should define the 'include_' method by default 2017-08-09 22:22:18 +02:00
Robin Ward f11253dcb6 Allow plugin patches to reload in development mode 2017-08-09 12:30:27 -04:00
Robin Ward 43fd90b2da Remove serve_public_dir -- it's not needed 2017-07-28 13:44:38 -04:00
Robin Ward 5ae79697b8 Remove unused `register_theme` code, expose `serve_public` 2017-07-28 11:47:25 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam b92e181390 FEATURE: rake plugin:install_all_official
use this task to quickly install all official plugins
GIT_WRITE=1 to enable write access to repos (discourse staff only)
2017-07-18 12:09:27 -04:00
Sam 6a1f579c6e FIX: don't search for plugins in nested subdirectories 2017-05-16 17:28:56 -04:00
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Régis Hanol 747f4812e4 fix custom emoji support when using subfolder 2017-03-24 02:09:39 +01:00
Régis Hanol 9f65658c5c register_emoji should work with subfolder installs 2017-03-24 01:08:12 +01:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Robin Ward 9c9e0f5eca FIX: Move the middleware 2017-01-18 18:22:03 -05:00
Robin Ward fffa285dbf Insert middleware in production mode if enabled 2017-01-18 18:05:56 -05:00
Robin Ward adb73180f7 FEATURE: Let plugins register themes easily 2017-01-13 11:50:52 -05:00
Robin Ward b60bc47a4c Plugins can register providers for global settings 2017-01-09 17:18:58 -05:00
Guo Xiang Tan 3909f342f6 FEATURE: Allow options to be set when adding model callbacks. 2016-11-21 10:20:31 +08:00
Sam f4c754b389 FEATURE: split JavaScript application bundle, so plugins live in own file
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Guo Xiang Tan 49c27d9a88 FEATURE: Add interface in `Plugin::Instance` to register a seedfu fixture. 2016-10-25 14:57:31 +08:00
Robin Ward af266acac1 FIX: Plugin Custom emoji weren't working correctly on the server side 2016-07-22 12:59:43 -04:00
Robin Ward c11f7bee99 FIX: Registering emoji via plugin.rb was broken 2016-07-21 14:15:51 -04:00
Robin Ward b8261a662b FIX: `siteSettings` weren't getting applied to plugin auth 2016-07-13 16:11:48 -04:00
Robin Ward b8125b3512 REFACTOR: Remove `Discourse.Ajax` 2016-07-11 12:57:05 -04:00
Robin Ward 56f07529bb REFACTOR: Migrate more legacy JS to ES6 2016-07-11 12:57:05 -04:00
Robin Ward a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Guo Xiang Tan cb5be1fe8f
Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
Neil Lalonde e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Robin Ward c423ce6333
Allow auth providers to provide custom urls 2016-04-20 13:19:59 -04:00