Commit Graph

6373 Commits

Author SHA1 Message Date
Arpit Jalan 93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor 49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
David Taylor a8fc677677 FIX: Correct copy for flag_sockpuppets site setting 2019-01-11 17:31:41 +00:00
Vinoth Kannan 2684ecaecf minor copyedit
Topics will be in closed status until the community flags are handled
2019-01-09 14:49:28 +05:30
Zach Whitehead 2748822576 FEATURE: Remove option for Google Plus sharing (#6864)
* Remove option for Google Plus sharing

* remove google+ share translations
2019-01-09 10:17:50 +08:00
Rafael dos Santos Silva f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Arpit Jalan e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
Gerhard Schlager c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
David Taylor 5bf16d7d10 FEATURE: Topic timer for bumping a topic in the future 2019-01-04 13:08:04 +00:00
Sam 8b7a2d1cb7 FEATURE: add setting to bypass sending redis CLIENT commands
Some cloud providers (Google Memorystore) do not support any CLIENT commands

By setting :id to nil in the redis config hash we can avoid these commands.

This adds a special global setting GCE users can enable:
`DISCOURSE_REDIS_SKIP_CLIENT_COMMANDS = true`
2019-01-04 15:08:33 +11:00
Sam 8f35fd4595 FEATURE: remove global settings for redis sentinels
This global setting is never used, configuring Discourse with sentinel is
unsupported.
2019-01-04 15:08:33 +11:00
cfitz 19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Jeff Atwood d7a82f146a minor copyedit 2019-01-03 16:47:39 -08:00
Joshua Rosenfeld e74dd273b9
UX: Update site setting description to match current function 2019-01-03 19:08:25 -05:00
Sam 70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Vinoth Kannan 385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Neil Lalonde d7656f30c3 Update translations 2019-01-02 12:32:38 -05:00
Joe 2914431729
Improves admin and wizard logo copy
History:

https://meta.discourse.org/t/logo-recommended-resolution-tips/105053/6
2019-01-02 14:12:40 +08:00
Arpit Jalan 70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Arpit Jalan 1381dc603d UX: show generic message when reloading 'activation email resent' page 2018-12-31 13:12:37 +05:30
Sam a19170a4c2 DEV: avoid require_dependency for some libs
This avoids require dependency on method_profiler and anon cache.

It means that if there is any change to these files the reloader will not pick it up.

Previously the reloader was picking up the anon cache twice causing it to double load on boot.

This caused warnings.

Long term my plan is to give up on require dependency and instead use:

https://github.com/Shopify/autoload_reloader
2018-12-31 10:53:30 +11:00
Joffrey JAFFEUX f1269fa807
FEATURE: Add `Top Uploads` report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Joe eaabbe5943
UX: improves help text for admin and wizard logo settings 2018-12-28 17:48:33 +08:00
Joffrey JAFFEUX 0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Jeff Atwood 29c455bb7f minor copyedit on embedding referer error 2018-12-21 17:27:56 -08:00
Saurabh Patel f4d8a330c3 Merge pull request #6761 from mrfinch/saurabh/show-popup
FIX:show popup before bulk invite
2018-12-21 21:36:17 +01:00
Joffrey JAFFEUX e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Neil Lalonde 6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Rishabh c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Vinoth Kannan 341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Jeff Atwood f67cc2a540 minor copyedit 2018-12-17 19:31:02 -08:00
Gerhard Schlager 01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Saurabh Patel ed1a309fe4 FIX: use new key for delete topic to make it lowercased as all other buttons label around it (#6778) 2018-12-17 10:55:19 +08:00
David Taylor 430083019d UX: Improve dashboard report title copy
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Neil Lalonde 124ae46763 Update translations 2018-12-14 10:34:12 -05:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Neil Lalonde a1db15fead FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-12 15:32:38 -05:00
Bianca Nenciu 7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Joffrey JAFFEUX 3a799ed922
FEATURE: Check if draft exists before starting a new one (#6755)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: zogstrip <regis@hanol.fr>
2018-12-12 10:21:51 +01:00
Guo Xiang Tan e564fe1866 FIX: Sidekiq fails to start if any of the multisite has problems. 2018-12-12 11:30:14 +08:00
Sam a34bc92e1a DEV: update mini profiler
This provides us with instrumentation missing after rails upgrade

Latest version of rails uses exec_params internally which is no longer
routed to intercepted methods in mini profiler 1.0.0
2018-12-10 14:29:20 +11:00
Penar Musaraj 67450ba402 UX: when composer is minimized, let user open composer in regular size instead of full screen 2018-12-07 17:45:13 -05:00
Bianca Nenciu 41e184280d FEATURE: Remove full quotes of direct replies. (#6729) 2018-12-07 13:07:11 +01:00
Jay Pfaffman cf2e86c763 FEAT: make s3_force_path_style shadowed_by_global
Without this it's impossible to enable S3 backups to Minio (and Digital Ocean Spaces?) using only ENV variables in config.

@tgxworld 

https://meta.discourse.org/t/can-we-make-s3-force-path-style-be-shadowed-by-global/103571
2018-12-07 10:59:15 +11:00
Gerhard Schlager 43cfdb1cb9 FIX: Wizard tries harder to find existing Welcome Topic
The wizard searches for:

* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic

It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Bianca Nenciu e9bbdef156 FEATURE: Add support for inline emoji translation. 2018-12-05 21:58:55 +01:00
Bianca Nenciu b585f7f336 DEV: Apply code review. 2018-12-05 21:56:18 +01:00
Bianca Nenciu 56890efd7a FEATURE: Add 'Advanced Test' for admin panel. 2018-12-05 21:56:18 +01:00
Guo Xiang Tan 978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Jeff Atwood 1d8266a623 very minor copyedit 2018-12-05 03:18:11 -08:00
Vinoth Kannan d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Sam 1a71f98d28 DEV: only publish logs error count to admins 2018-12-05 17:03:37 +11:00
Jeff Atwood ba762ea87f minor copyedit 2018-12-04 16:36:47 -08:00
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Guo Xiang Tan cfa0321aaa FIX: Increase timeout when trying to reload unicorn.
Also fail better when reloading takes too long by sending
unicorn a TERM.
2018-12-04 13:43:14 +08:00
Sam 12f5889c85 DEV: stop logging warning when overriding open scope
ActiveRecord defines automatic scopes for enums, the Poll model defines
an enum for `{open: 1}` this mean Rails wants the scope `Poll.all.open`
to work which in turn means it has to override `open` which is defined
privately.

Rails feature req exists for: https://github.com/rails/rails/issues/34599
which will allow us to define enums without scopes which would resolve this
a lot more cleaner.
2018-12-03 13:52:09 +11:00
Maja Komel 1073634271 FIX: show generic title when quoting off-topic secure category posts 2018-12-03 09:42:32 +11:00
Kris 7efc1b7bf7 Removing added text from commit a113777 2018-11-30 19:56:10 -05:00
Kris a113777003 Extra margin isn't needed on mobile 2018-11-30 19:49:26 -05:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Neil Lalonde d43d007929 Update translations 2018-11-29 10:51:16 -05:00
Saurabh Patel 55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Penar Musaraj 654b80e472 FIX: add FA Discourse icon, update setting instructions 2018-11-28 09:53:06 -05:00
Gerhard Schlager e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Saurabh Patel 49c3cf9c75 UX: Topic stats were hard to translate 2018-11-28 14:25:22 +01:00
Jeff Atwood 54c599c7a3 copyedit on max consecutive replies help 2018-11-27 03:35:27 -08:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Vinoth Kannan cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply (#6648) 2018-11-27 00:29:37 +05:30
David Taylor a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods (#6660) 2018-11-23 17:41:41 +00:00
Guo Xiang Tan a19780d7a6 DEV: Don't expose wizard qunit route in production. 2018-11-23 13:49:31 +08:00
Kyle Zhao 80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao 8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Saurabh Patel d984323e23 FEATURE: Show change name of user in staff logs (#6647)
https://meta.discourse.org/t/admins-changing-users-name-not-username-should-be-logged/99511
2018-11-22 10:13:02 +08:00
Gerhard Schlager a3f8ef89a6 FIX: Setting DISCOURSE_S3_REGION env variable had no effect 2018-11-21 23:15:28 +01:00
Guo Xiang Tan 598ac69773 Stop Sidekiq first before reloading unicorn master. 2018-11-21 09:53:00 +08:00
Guo Xiang Tan 1def6c08ec Fix copy due to 050dd57494. 2018-11-21 08:00:15 +08:00
Kyle E. Mitchell 15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Jeff Atwood 050dd57494 update wizard intro copy step 2018-11-20 13:43:18 -08:00
Erick Guan a2042c8e7d strip unused string from an deleted site setting 2018-11-20 14:28:42 +01:00
Bianca Nenciu a0022a1771 FIX: Use count variable for pluralized string. 2018-11-20 14:17:31 +02:00
Kyle Zhao e25b3965a7 do not overwrite hostname in development (#6623) 2018-11-20 14:34:02 +11:00
Joffrey JAFFEUX e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Sam 1824ac9d39 PERF: cache path for svg-sprite in upcoming FA5
We need to make sure NGINX caches all paths for SVG assets,
this ensures only the first request for an svg sprite ever hits the app
2018-11-19 10:34:16 +11:00
Guo Xiang Tan 44d7249a17
Stop seeding assets for site design topic. (#6609) 2018-11-16 12:57:04 +08:00
Joffrey JAFFEUX dcc6527dff
FIX: s/save/finish for wizard exit early button (#6614) 2018-11-15 21:26:26 +01:00
Kyle Zhao 5f754b43f1
extract inline `onpopstate` handler on 404 page (#6613) 2018-11-15 13:35:38 -05:00
Joffrey JAFFEUX c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Sam e7001f879a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Régis Hanol 5852fe7975 FIX: change 'max_consecutive_replies' default to 3 2018-11-14 22:58:05 +01:00
David Taylor 7987425e09 UX: Improve copy for tag upload 2018-11-14 20:03:36 +00:00
Andrew Schleifer 581016c31f Revert "strip X-Forwarded-Host in sample"
This broke brotli_assets on a site, more testing needed.

This reverts commit 118abfad0f.
2018-11-14 12:05:21 -06:00
Bianca Nenciu b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
Bianca Nenciu fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Penar Musaraj f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Bianca Nenciu 34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Andrew Schleifer 118abfad0f strip X-Forwarded-Host in sample 2018-11-13 12:44:32 -06:00
Robin Ward 0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
David Taylor ba00fcc371 FIX: Translation improvements for unused tags (d89ffbe) 2018-11-12 16:36:56 +00:00
David Taylor d89ffbeffd
FEATURE: Add button to delete unused tags (#6587)
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Joffrey JAFFEUX 9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Sam e17a13ce19 FEATURE: additional "related messages" section
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Sam 173408d72f DEV: correctly force Ruby version 2.5.2 and up 2018-11-09 18:36:18 +11:00
Gerhard Schlager cbd6bd191a Add base path to relative links in translations 2018-11-08 23:31:05 +00:00
Gerhard Schlager 42f693adfa Update translations 2018-11-08 23:31:05 +00:00
Gerhard Schlager 24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Gerhard Schlager 5c845c5877 Remove unused copy 2018-11-08 23:31:05 +00:00
Jay Pfaffman 53634c457c
replace "digest" with "summary"
https://meta.discourse.org/t/discourse-activity-summary-emails-guide/36627 suggests that "digest" is no longer what these are to be called.
2018-11-08 12:02:33 -08:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Claas Augner 31ee618b50 Fix typo in server.en.yml 2018-11-06 22:47:52 +00:00
Daniel Hollas 30501b6660 Fix link to GitHub oauth registration page (#6567)
* Fix link to GitHub oauth registration page

The old link lead only to the list of authorised apps for a particular user.

* Whoops, fix href tag.

Co-Authored-By: danielhollas <danekhollas@gmail.com>
2018-11-06 15:22:16 +00:00
Joffrey JAFFEUX 75b1865d15
UX: adds new categories layouts to the wizard (#6569) 2018-11-06 15:52:13 +01:00
Bianca Nenciu bd3e8d1a54 UX: Minor copyedit. 2018-11-05 13:58:20 +02:00
David Taylor d963f96fa4 Update translations 2018-11-05 11:16:58 +00:00
Maja Komel ae9eddb002 FIX: don't allow adding a value containing vertical bar char to the secret list 2018-11-05 12:14:56 +01:00
Jeff Atwood 48501b0d45 minor wizard copyedit 2018-11-03 15:36:29 -07:00
scossar 939d5ede91 Fix sso overrides avatar description 2018-11-02 11:52:49 -07:00
Robin Ward 5194313133 Revert "Add base_url to config locales (#6510)"
This reverts commit 8a443e051b.
2018-11-02 10:58:28 -04:00
Joffrey JAFFEUX 4e0f033fae
FEATURE: adds ignored flags to most_disagreed_flags report (#6554) 2018-11-02 11:08:00 +01:00
Robin Ward ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Régis Hanol 0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Daniel Kessler 8a443e051b Add base_url to config locales (#6510) 2018-10-31 08:19:37 +00:00
Joe d08cd0b21f
UX: updates category muting instructions 2018-10-31 13:01:22 +08:00
Bianca Nenciu e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 087b12b40c FIX: Fix 'New Login Alert' message. (#6539) 2018-10-30 19:13:25 +00:00
Gerhard Schlager e32993f96c minor copyedit 2018-10-30 13:33:26 +01:00
Maja Komel 5485248fbe FIX: sso provider copyedit 2018-10-30 10:02:22 +01:00
Jeff Atwood 23ae2023ef minor copyedit 2018-10-30 00:25:34 -07:00
Jeff Atwood 8e12846b9c more copyedits on staff unusual login email 2018-10-27 18:30:45 -07:00
Jeff Atwood a453643a5b copyedits on staff unusual login alert 2018-10-27 18:17:40 -07:00
Jeff Atwood 817cf8b229 remove extraneous two factor auth info popup 2018-10-27 14:10:26 -07:00
Jeff Atwood 58b53f7841 update copy for "was this you?" login dialog 2018-10-27 13:57:30 -07:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Jeff Atwood 54e025225d minor copyedit 2018-10-24 16:22:29 -07:00
Sam Saffron 64aca0dc1b FIX: remove duplicate referrer policy
Rails already ships with strict-origin-when-cross-origin, no need
to also add no-referrer-when-downgrade

see: https://meta.discourse.org/t/harden-referrer-policy-header/100172
2018-10-24 08:38:39 +11:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Rafael dos Santos Silva db26fe1527 FIX: Proper naming for the GNU/Linux OS 2018-10-22 13:34:01 -03:00
Bianca Nenciu 99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
David Taylor 37b7afa522 FIX: Sanitize tags before creation 2018-10-22 10:53:42 +01:00
Arpit Jalan ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
David Taylor 0dd717e641 Revert "FIX: Sanitize tags before creation"
This reverts commit 18ae8de9e5.
2018-10-19 15:49:05 +01:00
David Taylor 18ae8de9e5 FIX: Sanitize tags before creation 2018-10-19 15:43:31 +01:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Jeff Atwood 0db3e27ce4 remove windows phone references, it is ☠ 2018-10-16 15:11:24 -07:00
Davide Porrovecchio 005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Joe 2acb885c72 FEATURE: fullscreen composer mode on desktop
Adds keyboard shortcut and icon that allows expanding composer to full screen.
2018-10-15 13:59:49 +11:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Neil Lalonde af39624d19 Update translations 2018-10-12 10:40:25 -04:00
Neil Lalonde 12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Jeff Wong b5b382dcd6 Feature: add boxes with subcategories option for desktop categories page (#6471)
* Feature: add boxes with subcategories option for desktop categories page

* only add subclass div when subclasses exist
2018-10-11 15:59:37 +08:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Joshua Rosenfeld fd48ba10b8
Add quotes to site setting HTML links 2018-10-10 16:53:02 -04:00
Joshua Rosenfeld 51029e3884
Revert sendgrid URL change
per 2ded524b5a
2018-10-10 09:00:39 -04:00
Joshua Rosenfeld 18e99ddfa9 Link to social login instructions in site settings 2018-10-10 08:46:48 -04:00
Joshua Rosenfeld cd2b8d40f1 Properly link to URLs in site settings 2018-10-10 08:46:03 -04:00
Joshua Rosenfeld d35bce96ab Use https:// when possible 2018-10-10 07:11:58 -04:00
Joshua Rosenfeld 3d8b063c83
Update test_mailer to minimize URL redirects 2018-10-10 06:16:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Penar Musaraj 47f19adac8 Remove old bookmark strings 2018-10-09 09:31:08 -04:00
Vinoth Kannan ac034a6b2c copyedit on branch field help text 2018-10-09 11:56:51 +05:30
Erin Kosewic 51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Kyle Zhao acba7d2a5d Extract `discourse_javascript.html.erb` to a scrip include
* extract omniauth auth complete inline JS

* extract Ember error logging inline JS

* transpile `authentication-complete`

This is CSP related work
2018-10-09 16:50:45 +11:00
Guo Xiang Tan 1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Jeff Wong e55f220b33 add category style boxes with featured topics option 2018-10-08 16:19:54 -07:00
Gerhard Schlager 97ad9e9d9b UX: Prompt for custom invite message was hard to translate 2018-10-08 18:01:21 +02:00
Guo Xiang Tan 40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Jeff Atwood 3b6a525e5b minor copyedit for bookmarks 2018-10-07 04:17:59 -07:00
Arpit Jalan 2a94bf9dfb UX: change staff actions logs user label 2018-10-06 13:54:46 +05:30
David Taylor 9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan 8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Guo Xiang Tan da39a310c3 Fix missing quotes in unicorn_launcher. 2018-10-05 12:21:07 +08:00
Guo Xiang Tan 07eca289d3 Fix invalid bash syntax. 2018-10-05 12:18:20 +08:00
Guo Xiang Tan 00ae94cb4d DEV: Prevent `unicorn_launcher` from looping forever.
For some reason, the new master unicorn process that we
detect might be replaced with another process causing
the script to loop forever.
2018-10-05 12:12:54 +08:00
Guo Xiang Tan 3400624d70 Log pid of launcher script when logging. 2018-10-05 11:48:32 +08:00
Jeff Atwood 2bdc36bd8c very minor copyedit on bump date 2018-10-04 17:22:44 -07:00
Maja Komel 361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Guo Xiang Tan 16dedb5498 Avoid hardcoded value in `unicorn_launcher` take 2. 2018-10-04 17:13:27 +08:00
Guo Xiang Tan a8368318fe Revert "Avoid hardcoded value in `unicorn_launcher`."
This seems to be causing problem with the unicorn master pid
tracking so revert for now.

This reverts commit 09d0216e84.
2018-10-04 16:26:13 +08:00
Guo Xiang Tan 09d0216e84 Avoid hardcoded value in `unicorn_launcher`.
On slower instances, spinning up a new master process
can take more than 10 secs.
2018-10-04 15:44:13 +08:00
Rafael dos Santos Silva b8d3fbd08b FEATURE: Enable the notification prompt by default 2018-10-03 19:58:24 -03:00
Vinoth Kannan 23b4ab9bf9 DEV: Do not use concatenation in translations 2018-10-03 11:59:21 +05:30
Guo Xiang Tan 4b367dc61e FIX: `unicorn_launcher` should shut down unicorn gracefully. 2018-10-03 14:27:05 +08:00
Sam 0e10b47618 UX: make responsive_post_image_sizes a visible site setting
This is useful for sites that want to cut bandwidth by decreasing
fidelity of thumbnails.
2018-10-03 15:06:37 +10:00
Sam ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Maja Komel 73443d889c FIX: keep files in order when adding multiple uploads (#6306)
* FIX: keep files in order when adding multiple uploads

* use filename in the placeholder when uploading files

* add tests

* add consecutive nr to the placeholder when multiple uploads with the same filename
2018-10-03 11:12:36 +10:00
Sam a6f0436a29 FEATURE: change default to enable login by email out-of-the-box 2018-10-03 10:16:52 +10:00
Bianca Nenciu e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Arpit Jalan dc960e1a82 Make `enable_mobile_theme` a hidden setting
https://meta.discourse.org/t/default-mobile-view-formatting-error/98063/3
2018-09-29 10:33:17 +08:00
David Taylor 2a8ce0cb04
UX: Improve shared_drafts_category description 2018-09-27 22:39:10 +01:00
Gerhard Schlager 471f9927bb Fix Bosnian plural rules 2018-09-27 05:43:49 +02:00
Gerhard Schlager b0a383561e FEATURE: Add Lithuanian locale 2018-09-27 05:26:38 +02:00
David Taylor 0b2b617483 FIX: Corrected copy on post_edit_time_limit site setting 2018-09-26 18:49:10 +01:00
Rishabh Nambiar e387adadf8 UX: Improve owner_groups text to fit combo-box in a single line 2018-09-26 17:02:59 +05:30
Neil Lalonde f8a77cd041 FIX: links in TL1 promotion system message for subfolder installs 2018-09-21 12:20:59 -04:00
Guo Xiang Tan d4bd04c3a7 Allow `purge_deleted_uploads_grace_period_days` to be shadowed. 2018-09-19 17:49:00 +08:00
Jeff Atwood b33a623774 very minor copyedit 2018-09-18 15:48:48 -07:00
Vinoth Kannan 4383afb769
Merge pull request #6413 from vinothkannans/log-entity-export
FEATURE: Log entity export in staff logs
2018-09-19 03:18:28 +05:30
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Jeff Atwood f43b5bb3c1 considerably simplify copy for change owner 2018-09-18 14:15:08 -07:00
Sam 0e9841b995 SECURITY: remove admin memory diagnostics routes 2018-09-18 08:35:09 +10:00
Neil Lalonde 6f1b8ad16d FIX: tag groups page should only be visible to staff
No security concern here because nothing private was visible,
and no actions could be taken by non-staff users.
2018-09-17 11:41:18 -04:00
Régis Hanol 4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
CheshireVillageSoftware f3214889dc FEATURE: Updated CORS config to explicitly specifyhttp methods
See: https://stackoverflow.com/questions/20478312/default-value-for-access-control-allow-methods 

In particular we now explicitly allow DELETE and PUT which is inconsistently allowed depending on browser
2018-09-17 11:01:08 +10:00
Rishabh 4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Kyle Zhao f666d72606 extract inline JS for google tag manager 2018-09-17 09:56:00 +10:00
OsamaSayegh c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
OsamaSayegh ca28548762 feedback (see commit description for details)
* fill blank space when no theme is selected
* animate row's height in themes/components list when selecting, and hide children list
* show warning when you move to a different page and have unsaved changes
* refactor `adminCustomizeThemes.show` controller
* allow collapsing/expanding children lists
* fix a bug when adding components to a theme (changed the way it works slightly)
* a bunch of other minor things
2018-09-17 09:49:53 +10:00
OsamaSayegh a4f057a589 UX: improvements to admin theme UI 2018-09-17 09:49:53 +10:00
Neil Lalonde a147a856f8 Update translations 2018-09-14 11:43:14 -04:00
Bianca Nenciu aca195e4a7 Remove unused site setting. (#6398) 2018-09-14 07:49:32 +00:00
pmusaraj aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
Sam d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Gerhard Schlager e847bb33d5 Better default settings for Japanese 2018-09-11 11:58:36 +02:00
Arpit Jalan 51edb19aa9 FIX: pop3 polling password and mailgun API key should be secret 2018-09-11 06:40:33 +05:30
Sam 103f9b5dc7 UX: missing translation in AWS site settings 2018-09-11 09:34:02 +10:00
Neil Lalonde 6afc86398c Update translations 2018-09-10 13:29:07 -04:00
Guo Xiang Tan d788555994 DEV: Manage pretender with yarn. 2018-09-07 16:01:49 +08:00
Neil Lalonde ea2f13c71b recover terms_of_service translation for zh_TW 2018-09-06 17:36:30 -04:00
Neil Lalonde 1f54423609 Update translations 2018-09-06 17:27:58 -04:00
Jeff Atwood 5baecffb0d improved opengraph site setting copy 2018-09-05 19:54:45 -07:00
Gerhard Schlager e22bf8ff28 Update German translations 2018-09-05 00:47:39 +02:00
Sam 6e3f249aea Disable auth token logging
We have a work in progress feature that required the logging,
This feature is not going to be shipped for a while so disabling this
for now.
2018-09-04 17:05:17 +10:00
Guo Xiang Tan edbcc992d4 Allow unicorn timeout to be configurable via ENV. 2018-09-04 13:21:41 +08:00
Guo Xiang Tan 8dc1463ab3 Enable `Lint/ShadowingOuterLocalVariable` for Rubocop. 2018-09-04 10:16:42 +08:00
Guo Xiang Tan 0a14e0a256 Ensure `params[:files]` responds to `map` in Lograge. 2018-09-04 09:22:54 +08:00
Jeff Atwood 690908993f reduce default post deletions per day 2018-08-31 13:27:25 -07:00
Bianca Nenciu 931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Neil Lalonde 1062d45430 recover translations for Terms of Service 2018-08-30 10:31:10 -04:00
Neil Lalonde 5a4d6f9656 Update translations 2018-08-30 09:40:31 -04:00