Commit Graph

6897 Commits

Author SHA1 Message Date
Gerhard Schlager 453bec9394 FEATURE: Add small action post to indicate forwarded email
This happens only when the sender of the email didn't write anything in their email.
2020-02-12 16:23:17 +01:00
Mark VanLandingham 3e89774908
DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
Jay Pfaffman d294e13225
add postmark webhook handling (#8919) 2020-02-11 10:09:07 -05:00
Simon Cossar a2bd0c6ef9
Improve default email level copy (#8897) 2020-02-07 12:16:11 -08:00
Simon Cossar fc3ffd10b4
Improve group allow membership requests copy (#8896) 2020-02-07 11:30:26 -08:00
David Taylor 5919618a87
DEV: Drop legacy OpenID 2.0 support (#8894)
This is not used in core or official plugins, and has been printing a deprecation notice since v2.3.0beta4. All OpenID 2.0 code and dependencies have been dropped. The user_open_ids table remains for now, in case anyone has missed the deprecation notice, and needs to migrate their data.

Context at https://meta.discourse.org/t/-/113249
2020-02-07 17:32:35 +00:00
OsamaSayegh a516c5df82 DEV: Bump logster version to 2.6.1 and enable new logster feature
Logster 2.6.1 includes a few new features and fixes. More details here: 58bb5c5368/CHANGELOG.md
2020-02-07 13:35:26 +00:00
Joffrey JAFFEUX 20944e69e4
FEATURE: adds trust_level_growth report (#8878) 2020-02-06 19:44:30 +01:00
Penar Musaraj f029e2eaf6 FEATURE: Add site setting for specific hosts using custom user agent when oneboxing
Followup to #00c406
2020-02-06 10:32:42 -05:00
Joshua Rosenfeld 3bf870cb24
Update email test email copy
Most major email providers no longer have long-term free plans.
2020-02-05 22:30:32 -05:00
Neil Lalonde 542e62ccf0 FIX: tag info misleading message saying it's not restricted
When a tag is restricted to a secured category that the user can't see,
the message was saying that it wasn't restricted to any categories.
Now it will say it's restricted to categories you can't access.
2020-02-05 15:23:39 -05:00
Rishabh 5133e03b99
UX: Improved composer.saved_draft copy (#8863) 2020-02-05 14:45:10 +05:30
Joffrey JAFFEUX f0fe2ba9ac
UX: introduces icon-picker component for badges (#8844) 2020-02-05 00:41:10 +01:00
Robin Ward 71312d9086 FIX: Labels were switched in the wizard for privacy options 2020-02-04 11:09:52 -05:00
Mark VanLandingham c8a02161dd
FIX: Warn users of overwriting new topic draft (#8841) 2020-02-04 09:59:56 -06:00
Joffrey JAFFEUX 0431942f3d
DEV: select-kit 2 (#7998)
This new iteration of select-kit focuses on following best principales and disallowing mutations inside select-kit components. A best effort has been made to avoid breaking changes, however if you content was a flat array, eg: ["foo", "bar"] You will need to set valueProperty=null and nameProperty=null on the component.

Also almost every component should have an `onChange` handler now to decide what to do with the updated data. **select-kit will not mutate your data by itself anymore**
2020-02-03 14:22:14 +01:00
Sam Saffron 9a199be279 UX: hide the allow_embedding_site_in_an_iframe setting
This setting is very high risk and can potentially break all
sorts of features.

To avoid complications and save people from themselves we are
hiding the site setting.

It can still be modified using the console if absolutely needed.
2020-02-03 15:28:02 +11:00
Martin Brennan c994fd1b01
FIX: Serve .ico files without nginx 404 for secure media uploads (#8826)
Add nginx location to handle /secure-media-uploads/ requests .ico files were getting a 404 when being looked for via /secure-media-uploads/. this nginx config addition fixes the issue.
2020-01-31 12:45:02 +10:00
Arpit Jalan 62c21ba649 Remove `bounce_score_threshold_deactivate` setting.
Removed `bounce_score_threshold_deactivate` setting as the deactivate
threshold is not getting reached.
2020-01-30 16:17:31 +05:30
Roman Rizzi 2ee6a615b7
FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
Dan Ungureanu 09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
David Taylor a9d0d55817 FEATURE: Add message to log when admins are automatically deactivated 2020-01-28 12:16:24 +00:00
David Taylor 25fd2b544a
PERF: Use a separate route for user cards, and split user serializer (#8789)
Adds a new route `/u/{username}/card.json`, which has a reduced number of fields. This change is behind a hidden site setting, so we can test compatibility before rolling out.
2020-01-28 11:55:46 +00:00
Roman Rizzi 9eb622985a
FEATURE: Replace existing badge owners when using the bulk award feature (#8770)
* FEATURE: Replace existing badge owners when using the bulk award feature

* Use ActiveRecord to sanitize title update query, Change replace checkbox text

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:14:58 -03:00
Roman Rizzi db5373a87c
UX: Invalid CSV error message now includes information about the malformed line (#8773)
* UX: Invalid CSV error message now includes information about the malformed line

* Update config/locales/server.en.ym and use line_number instead of lineno

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:04:06 -03:00
Régis Hanol 821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
Neil Lalonde b63d146128 UX: add confirmation when adding tag synonyms
The new confirmation modal explains that adding a tag as a synonym to
another tag will change all topics to replace the synonyms with the
base tag.
2020-01-22 12:35:42 -05:00
Dan Ungureanu 89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Leo McArdle 8883cca373 enqueue spam/dmarc failing emails instead of hiding (#8674)
* enqueue spam/dmarc failing emails instead of hiding

* add translations for dmarc/spam enqueued reasons

* unescape quote

* if email_in_authserv_id is blank return gray for all emails
2020-01-21 11:12:00 -05:00
Neil Lalonde 2dd1ff79b4 Update translations 2020-01-20 11:00:44 -05:00
Jeff Atwood 1fb81e9f56 omit needless words 2020-01-17 16:16:21 -08:00
romanrizzi 0d08eac1c7 UX: Users must confirm when leaving a private group 2020-01-17 17:58:47 -03:00
Sam Saffron f8e92298f2 DEV: default Oj to compat mode
Out-of-the-box Oj uses :object mode, this shifts us to use :compat mode
by default which is safer.
It means any de-serialization going forward will default to this mode.

If we wish to serialize or deserialize arbitrary objects going forward with
no json interfaces we will have to opt in.
2020-01-16 07:52:28 +11:00
Arpit Jalan 0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Martin Brennan 66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Gerhard Schlager c351ffe580 FEATURE: Add hidden setting to disable configuration of inventory bucket 2020-01-14 17:23:12 +01:00
romanrizzi d3091edcea UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view 2020-01-13 15:53:41 -03:00
Robin Ward e4a85e2a80 Minor tweaks to badge CSV upload 2020-01-13 12:44:22 -05:00
Roman Rizzi d69c5eebcf
Feature: Mass award badge (#8694)
* UI: Mass grant a badge from the admin ui

* Send the uploaded CSV and badge ID to the backend

* Read the CSV and grant badge in batches

* UX: Communicate the result to the user

* Don't award if badge is disabled

* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.

* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Martin Brennan 9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Robin Ward e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
David Taylor c8d438cc63
DEV: Allow CSP to be enabled during QUnit tests (#8668)
The QUnit rake task starts a server in test mode. We need a tweak to allow dynamic CSP hostnames in test mode. This tweak is already present in development mode.

To allow CSP to work, the browser host/port must match what the server sees. Therefore we need to disable the enforce_hostname middleware in test mode. To keep rspec and production as similar as possible, we skip enforce_hostname using an environment variable.

Also move the qunit rake task to use unicorn, for consistency with development and production.
2020-01-07 12:22:58 +00:00
Blake Erickson b7b85f9ade
FEATURE: Turn csp on by default (#8665)
* turn csp on by default

* remove csp migration for new sites now that is is on by default

* Ensure CSP is off before starting qunit
2020-01-06 13:42:21 -07:00
Risto e0da8d3ce6 UX: correct validation message for category search priority
The default value is 1.2 so it can surely be set greater than 1.
2020-01-06 17:15:28 +11:00
Sam Saffron 87a8003691 Revert "FEATURE: Turn CSP on by default"
This reverts commit 3193b0f6e6.

This is a temporary revert, we are seeing some CI failures due to this
change so I am reverting till we sort out all the problems.
2020-01-06 11:37:07 +11:00
Blake Erickson 3193b0f6e6 FEATURE: Turn CSP on by default
Turning on CSP by default is one of the 2.4 release features.

https://meta.discourse.org/t/discourse-version-2-4/108194
2020-01-03 13:40:11 -07:00
Sam Saffron a8ffb6949c FEATURE: support MaxMind DB downloads using a license key
MaxMind now requires an account with a license key to download files.

Discourse admins can register for such an account at:

https://www.maxmind.com/en/geolite2/signup

License key generation is available in the profile section.

Once registered you can set the license key using `DISCOURSE_MAXMIND_LICENSE_KEY`

This amends it so we unconditionally skip MaxMind DB downloads if no license key exists.
2020-01-03 16:32:48 +11:00
Vinoth Kannan cfd1549abe FIX: allow underscore in file extension while downloading the uploads. 2020-01-03 10:09:07 +05:30
Martin Brennan 2050238d0c
DEV: Log to STDOUT if RAILS_ENABLE_TEST_LOG (#8650)
The env var `RAILS_ENABLE_TEST_LOG` didn't seem to do anything if enabled. This now sets the logger to STDOUT if `RAILS_ENABLE_TEST_LOG` is enabled and also introduces `RAILS_TEST_LOG_LEVEL` so the level of the logging in the console can be provided (default info).

Note: I am not sure if the original behaviour is expected. I can add an additional env var to enable the STDOUT logging if required
2020-01-03 09:58:01 +10:00
Martin Brennan c031434b86
FIX: Catch error when unknown COSE algorithm is supplied for Security Key (#8649)
Added a fix to gracefully error with a Webauthn::SecurityKeyError if somehow a user provides an unkown COSE algorithm when logging in with a security key.

If `COSE::Algorithm.find` returns nil we now fail gracefully and log the algorithm used along with the user ID and the security key params for debugging, as this will help us find other common algorithms to implement for webauthn
2020-01-02 10:14:22 +10:00