Commit Graph

20779 Commits

Author SHA1 Message Date
Blake Erickson ef0fe51e05
FIX: Include user id in notification webhook (#8195)
The payload when receiving a notification webhook is pointless without
knowing which user the notification is for. This fix adds the user_id to
the notification serializer so that when you receive a notification
webhook you can properly identify which user the notification is for.

See

https://meta.discourse.org/t/getting-the-target-user-for-notification-webhook-events/129052?u=blake

for more details.
2019-10-21 16:24:41 -06:00
Dan Ungureanu 2f54dd5e3d
FIX: Load user model when some attributes are missing.
Follow-up to 3ad07aacfa.
2019-10-21 21:05:25 +03:00
Robin Ward ab53b485b4 Add setter for `excerpt_size` so plugins can set it more easily 2019-10-21 13:44:32 -04:00
Michael Brown 40b0b549ff DEV: update the comments re the encoded slug changes
* followup to 2e73985d
2019-10-21 13:39:45 -04:00
Rafael dos Santos Silva 2e73985d1b FIX: Make category updates slug validation idempotent
Co-authored-by: Michael Brown <supermathie@gmail.com>
2019-10-21 14:33:19 -03:00
Dan Ungureanu 3ad07aacfa
FIX: Reload only notifications when refreshing notification count (#8221)
Previously, we used to reload the whole User instance which discarded
any changes made (for example setting 'unstage' to false).
2019-10-21 20:25:46 +03:00
Dan Ungureanu 1358312584
FIX: Zeitwerk-related fixes for jobs. (#8219) 2019-10-21 20:25:35 +03:00
Kris b41b12ad71
Add unique class to custom field wrappers (#8193) 2019-10-21 12:22:55 -04:00
Kris 56862f61c0
Add group name classes to tag page so groups can be hidden with CSS (#8118) 2019-10-21 12:22:19 -04:00
Robin Ward 3085b923f6 Removed `MOVED_MODULES` which is 3 years old 2019-10-21 11:59:13 -04:00
Robin Ward 9dcdbcfd5b Run prettier on the loader 2019-10-21 11:56:15 -04:00
David Taylor cc56f226b8 FIX: Correct mention autocomplete in new topics in unsecured categories
When autocompleting mentions in secure categories, we immediately populate the list with users which have permission to view the category. This logic is applied to unsecured categories as well, but the server returns an empty list of users. This commit teaches the autocomplete to understand empty lists of users without terminating the autocomplete dropdown.
2019-10-21 14:52:54 +01:00
Daniel Waterworth 594925b896 FIX: id is always true since it's been to_i'd
Let's only look up the category if the id has been provided
2019-10-21 13:21:12 +01:00
Daniel Waterworth 55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Joffrey JAFFEUX 72822aa93f
FIX: d-button should default type to button (#8217)
This will prevent unexpected behaviour of  d-button being considered as a submit button.
2019-10-21 09:42:19 +02:00
Sam Saffron 98d6cee7c7 FIX: various fixes to draft system
- destroyDraft which is called when we cancel a draft is now async,
  removing race conditions when you click "reply" to a post and are
  already editing. We used to trigger double dialogs for cancelling
  drafts which was confusing.

- Remove reply as new topic / reply as pm keys, they are no longer
  used and only caused confustion. For example we used to pop up a
  warning when you are composing a reply and flick to reply as
  new topic

- Remove createTopic key, this was a bug that proliferated. Whenever
  creating a topic via the C shortcut or clicking on new topic on full
  screen search the correct new topic draft key will be used
  consistently

- When abandoning an edit we now say "Are you sure you want to discard
  your changes" (instead of abandon your post which is confusing)
2019-10-21 17:24:06 +11:00
Mark VanLandingham 054fbd7846
FEATURE: Remember scroll position in private message lists (#8212)
* FEATURE: remember position in private message lists

* Unified saving scroll position between topic lists

* added discovery-topics-list template

* ran prettier

* removed dynamic scroll key

* JS cleanup
2019-10-18 13:16:52 -05:00
tshenry 95114f87ae
Improve spam_hosts copy (#8203)
- Increase size of the reviewable's conversation excerpt to prevent truncation of the new copy
- Remove the `domain` parameter from the `flag_linked_posts_as_spam` method in the user model since it is no longer needed
- Remove the `domain` interpolation variable from all translation files
- Add "All posts from this user that include links should be reviewed." to server.en.yml for added clarity on why the posts entered the queue
2019-10-18 09:31:15 -07:00
Joffrey JAFFEUX 2fa3808928
FIX: polyfills forEach support on NodeList for IE11 (#8213) 2019-10-18 12:27:51 +02:00
Jarek Radosz ac06c87b43
DEV: Remove badge-select-controller (#8207)
* DEV: Remove badge-select-controller

1. The `selectableUserBadges` computed property of `badge-title` was being incorrectly overwritten, which triggered computed-property.override deprecation.

2. The `badge-select-controller` mixin contained properties that were used either by `badge-title` component or `badges/show` controller, but none were being used by both. This change moves properties where they belong, and removes the mixin.

* Update app/assets/javascripts/discourse/controllers/badges/show.js.es6

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

* Improve code brevity
2019-10-18 02:17:05 +02:00
Jarek Radosz 7de3e7b322
DEV: Fix the `Function.prototype.on` deprecation (#8205)
https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-on
2019-10-18 01:49:41 +02:00
Jarek Radosz f6ea986aec
DEV: Remove `suspend` from Admin::UsersController responses (#8206)
`suspend` isn't a User attribute, but was being assigned to the frontend User model as if it was. The model has a computed property that depends on `suspended_till`, so instead of overriding this property, it's better to return relevant attributes.

Fixes a computed-property.override deprecation (https://emberjs.com/deprecations/v3.x#toc_computed-property-override)
2019-10-18 01:49:26 +02:00
Rafael dos Santos Silva 42c2068ada DEV: fix prettier offense 2019-10-17 17:39:44 -03:00
Rafael dos Santos Silva f97b6e85da FIX: Handle encoded slugs for subcategories 2019-10-17 17:02:17 -03:00
Neil Lalonde 85140aa09a UX: dashboard links to git commits list instead of git comparison
Previously the link went to a comparison of the installed commit with
the tests-passed branch. This change will show the list of installed
commits.
2019-10-17 15:08:43 -04:00
David Taylor d1b86352d4
UX: Make group membership UI clearer (#8210)
The 'automatically set primary group' checkbox looked like it was associated with the email membership. In fact, it applies to all members who join the group. This commit moves it next to the 'automatic trust level' setting, and puts them both under an 'Effects' heading
2019-10-17 18:05:42 +01:00
Vinoth Kannan 3cdcd093ee
REFACTOR: improve the code readability. (#8211)
b2f682f35e
2019-10-17 22:05:44 +05:30
Mark VanLandingham bd969332e0 FIX: Display site text overrides for non '_MF' keys (#8189)
FIX: Transform pluralized keys to `.other`, to check valid interpolation
2019-10-17 18:34:07 +02:00
David Taylor ecfba0bb37 UX: Ensure GitHub onebox info does not wrap unnecessarily 2019-10-17 11:00:44 +01:00
Joffrey JAFFEUX b6ef473a31
DEV: prevents redefinition of various constants (#8199)
CLEANUP_GRACE_PERIOD
MAX_AWARDED
POLL_MAILBOX_TIMEOUT_ERROR_KEY
2019-10-17 09:18:07 +02:00
Sam Saffron cb0443792b DEV: correct revision debouncer for backup draft
We were debouncing on update_at which we kept on pushing forward, this
was leading to not enough revisions.
2019-10-17 17:41:28 +11:00
Sam Saffron 3314aa9f88 DEV: annotate models
Some comments were out of data, updated
2019-10-17 16:58:22 +11:00
Sam Saffron f5d1aff8dd FEATURE: experimental hidden setting for draft backups
Under exceptional situations the automatic draft feature can fail.

This new **hidden, default off** site setting
`backup_drafts_to_pm_length` will automatically backup any draft that is
saved by the system to a dedicated PM (originating from self)

The body of that PM will contain the text of the reply.

We can enable this feature strategically on sites exhibiting issues to
diagnose issues with the draft system and offer a recourse to users who
appear to lose drafts. We automatically checkpoint these drafts every 5
minutes forcing a new revision each 5 minutes so you can revert to old
content.

Longer term we are considering automatically enabling this kind of feature
for extremely long drafts where the risk is really high one could lose
days of writing.
2019-10-17 16:58:21 +11:00
Sam Saffron c3d06ef01a DEV: avoid making direct HTML changes in controllers
Followup on d5d8db7f, we prefer not to amend DOM directly from controllers.
2019-10-17 08:43:30 +11:00
Robin Ward f14020dd0a Allow the topic excerpt size to be customizable by plugins 2019-10-16 16:28:28 -04:00
Rafael dos Santos Silva 6e9c8fe854
FIX: More encoded slug fixes (#8191)
* FIX: Do not encode the URL twice

Now that we encode slugs in the server we don't need this anymore.

Reverts fe5na33

* FIX: More places do deal with encoded slugs

* the param is a string now, not a hash

* FIX: Handle the nil slug on /categories

* DEV: Add seeded? method to identity default categories

* DEV: Use SiteSetting to keep track of seeded categories
2019-10-16 17:08:43 -03:00
Daniel Waterworth 7a0c06691c FIX: Account for nil when looking up subcategories 2019-10-16 20:04:54 +01:00
Penar Musaraj baf8ae604a FIX: Correct topic timeline position calculation
Fixes calculation for themes with tall custom headers.
2019-10-16 15:01:01 -04:00
Penar Musaraj 48c1238492 FIX: Do not send notification to empty push_url
Completes e4424d7
2019-10-16 11:27:07 -04:00
Kris d6118c8bc8 Add digest email template classes for popular post section 2019-10-16 11:22:33 -04:00
Penar Musaraj e4424d7c2e FIX: Do not make notification API call if push_url is blank
Followup to 77643931bc
2019-10-16 10:59:06 -04:00
Kris 1c4baadc49 UX: Wrap digest email footer in a table for better alignment options 2019-10-16 10:39:40 -04:00
Penar Musaraj c6e255f4e0 UX: Include metadata in composer link modal search results
Metadata includes topic status (closed, pinned, solved, etc.) as well as category and tags.
2019-10-16 10:17:27 -04:00
Daniel Waterworth 7ba914f1e1 FIX: Add migrations to fix index on category slugs
Slugs can be the empty string, but the added index didn't account for
that. This commit changes the migration, stopping it from being unique
so that it can be applied everywhere and adds another migration that
recreates the index properly.
2019-10-16 14:02:11 +00:00
Joffrey JAFFEUX 02250bd91f
DEV: removes one deprecation with app-events:main 2019-10-16 10:50:43 +02:00
Joffrey JAFFEUX 5a543f8abd
FIX: prevents trash button to get focus when submiting input on profile (#8198)
This is a default behavior for browsers to submit using first button which doesn't have `type="button"` in a form when pressing enter inside an input.
2019-10-16 10:05:46 +02:00
Arpit Jalan c596d7df77 FIX: respect private_email setting for user invited notification email 2019-10-16 12:50:30 +05:30
Arpit Jalan 600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Sam Saffron d5d8db7fa8 FEATURE: improve honeypot and challenge logic
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.

This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.

We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations

Client has been made aware of these changes.

Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293

This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
2019-10-16 16:53:44 +11:00
Kris 645faa847b Follow up fix to c71da3f, class was defined twice 2019-10-15 20:12:50 -04:00
David Taylor 7332649f1a DEV: Add plugin outlet to category security tab 2019-10-15 22:37:41 +01:00
Kris 50b618dd44 UX: Add CSS classes to digest email template to allow for easier styling 2019-10-15 16:21:55 -04:00
Daniel Waterworth c71da3f335 FIX: Add unique index to prevent duplicate slugs for categories 2019-10-15 19:44:50 +00:00
Daniel Waterworth 5f5b232cde FIX: Category.find_by_slug
find_by_slug should ensure that the parent actually exists when its
looking for a parent.
2019-10-15 16:44:24 +01:00
Penar Musaraj e83c2488a2 FIX: do not unpin reply box in iOS when selecting Emoji 2019-10-15 10:51:53 -04:00
Vinoth Kannan b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Daniel Waterworth 0de7e4339c FIX: Subcategory permissions validation
When a category has a subcategory, we ensure that no one who can see the
subcategory cannot see the parent. However, we don't take into account
the fact that, when no CategoryGroups exist, the default is that
everyone has full permissions.
2019-10-14 21:13:22 +01:00
Daniel Waterworth c49b20a1a2 FIX: Validation of category tree depth
This prevents the creation of sub-sub-categories in multiple tabs
2019-10-14 21:13:22 +01:00
romanrizzi 9845963105 FEATURE: Use the 'ugc' rel attribute alongside 'nofollow' 2019-10-14 15:21:48 -03:00
David Taylor 392f6cdf33 DEV: Stop overriding computed property on `models/category.js.es6`
This causes an Ember deprecation notice, and is a confusing pattern. We never used the default values, so there is no benefit to including them.
2019-10-14 16:26:48 +01:00
Gerhard Schlager 2c011252f1 FIX: Move notification level only when user posted
Moving posts also moves the read state (`topic_users` table) to the destination topic. This changes that behavior so that only users who posted in the destination topic will have the original notification level (probably "watching") of the original topic. The notification level for all other users will be set to "regular".
2019-10-14 15:06:09 +02:00
Gerhard Schlager f1742617fb PERF: Faster moving of read state
This should improve the performance of moving the read state of lots of posts to a new/existing topic.
2019-10-14 15:06:09 +02:00
Dan Ungureanu 086b46051c
FIX: Zeitwerk-related fixes for jobs. (#8187) 2019-10-14 13:03:22 +03:00
Arpit Jalan 815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188)
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 15:40:33 +11:00
Jeff Wong 2b74dc5885 FIX: allow change password with TOTP 2019-10-13 00:53:57 -07:00
Joffrey JAFFEUX 312ecf2a05
FIX: allows scrolling of search menu panel when showing more results (#8186) 2019-10-11 22:25:28 +02:00
Robin Ward c5d03c30ca DEV: Add a plugin API for registering a "beforeSave" on the composer
This allows plugins to perform operations before saves occur, and
perhaps reject the post.
2019-10-11 14:55:27 -04:00
Robin Ward ee4369f972 Hook that allows custom logic before saving the composer 2019-10-11 14:55:09 -04:00
Faizaan Gagan 4d67f2a8ed bumped plugin api version to 0.8.33 (#8185) 2019-10-11 13:56:04 -04:00
Mark VanLandingham f63db1c4c8
FIX: Accurate sub_total calculation for reviewable_scores (#8184) 2019-10-11 11:07:19 -05:00
Rafael dos Santos Silva 76ab0350f1
FIX: Properly encoded slugs when configured to (#8158)
When an admin changes the site setting slug_generation_method to
encoded, we weren't really encoding the slug, but just allowing non-ascii
characters in the slug (unicode).

That brings problems when a user posts a link to topic without the slug, as
our topic controller tries to redirect the user to the correct URL that contains
the slug with unicode characters. Having unicode in the Location header in a
response is a RFC violation and some browsers end up in a redirection loop.

Bug report: https://meta.discourse.org/t/-/125371?u=falco

This commit also checks if a site uses encoded slugs and clear all saved slugs
in the db so they can be regenerated using an onceoff job.
2019-10-11 12:38:16 -03:00
Penar Musaraj 3a469a79cf
FEATURE: search topics when adding a link in composer (#8178) 2019-10-11 11:37:44 -04:00
David Taylor 67787799bb DEV: Allow plugins to mark user custom fields as editable only by staff
This adds a staff_only parameter to the register_editable_user_custom_field API. The default is false, to maintain backwards compatibility.
2019-10-11 09:57:55 +01:00
Faizaan Gagan 3bcfa158a7 fixed wrong method name while calling (#8182) 2019-10-11 03:51:18 -04:00
Krzysztof Kotlarek 694a5bf229 FIX: Prevent from creation of duplicated TopicAllowedUsers (#8169)
Ensure that we don't try to create duplicated TopicAllowedUsers

Related to https://meta.discourse.org/t/error-message-topic-allowed-users-is-invalid/130382/5

Spec amended to cover a case creating an overlap.
2019-10-11 17:44:29 +11:00
Penar Musaraj 5c5845f3f2 FIX: Minor Github onebox layout issues
- prevents long branch names from overflowing

- fixes alignment of inline avatars in preview
2019-10-10 21:35:36 -04:00
Penar Musaraj 21f3c044e5 FIX: Mobile adjustments for reviewable list 2019-10-10 21:19:49 -04:00
Faizaan Gagan 8fc0cc9aaa Serialize draft (#8175)
* DEV: allow serializing data for drafts

* Various fixes

* added an alias method for 'serializeToDraft' to plugin-api

* fixed linting issues

* changed single quotes to double quotes to fix linting issue

* fixed linting issues

* fixed composer model file via prettier

* fixed composer controller file via prettier

* fixed plugin-api file via prettier
2019-10-10 13:02:35 -04:00
Arpit Jalan 1be8c737e6 UX: add glyph to "Help" button on Password Reset modal 2019-10-10 10:15:43 +05:30
Sam Saffron 5aaf7e3316 FIX: during concurrent emails generation renderer should not be reused
Our instance used for template rendering needs a lock to ensure there is
no race condition where rendering happens on 2 threads at the same time.

This can lead to local poisoning which can cause unexpected results in
emails
2019-10-10 08:50:48 +11:00
Penar Musaraj 04452e748d DEV: remove old code, refactor jQuery call 2019-10-09 14:40:48 -04:00
Mark VanLandingham d710316ed1 FIX: Order UserFields by position, by default (#8176)
* FIX: site user_fields sorted by position

* FIX: Sort UserField by position for Site
2019-10-09 13:49:28 -04:00
Penar Musaraj a91ad81ed1 UX: Trigger primary action in modals using Enter
A modal's primary action (blue button in the default theme) can now be invoked
by hitting Enter on the keyboard. This applies to all modals that aren't strict
forms as long as the focus is not on a textarea element.
2019-10-09 13:28:07 -04:00
Gerhard Schlager 10e509e47f FIX: Don't swallow the original error when moving posts
Dropping the temp table in an `ensure` block hides the actual exception. Creating the table with `ON COMMIT DROP` makes the temp table disappear automatically at the end of the transaction. We only need the explicit `DROP` in tests, because tests already run inside a transaction, so the temp table won't be dropped after each test which leads to spec failures.
2019-10-09 17:02:17 +02:00
David Taylor 445a3851d6 FEATURE: Display created and last_used dates for API keys 2019-10-09 14:24:41 +01:00
Roman Rizzi 10478cb395
DEV: Bump uglifyjs (#7834)
* Rewrite uglifyjs command to work with 3.x

* Use ES5 syntax in plain JS files

* Use the older command if uglifyJS V2.x is installed
2019-10-09 10:02:49 -03:00
David Taylor 939a746dcd UX: Use theme colors for GitHub issue labels
Bump onebox version to pull tag rendering bug fix
2019-10-09 12:28:48 +01:00
David Taylor 3edd514c72 FEATURE: Redesigned GitHub oneboxes
Bump onebox version, and add new styling

Commit, PR and Issue oneboxes are updated with a new design. Timestamps are now localized using local-dates (if installed).
2019-10-09 11:47:58 +01:00
Sam Saffron 3d5f71dac7 DEV: stop mixing in application helper where not needed
We were mixing in 20 or so methods into a controller just to use a single
one.

The helper itself is not the actual implementation anyway... MobileDetection
is responsible here.
2019-10-09 13:06:18 +11:00
Sam Saffron 602215a273 SECURITY: mini profiler enabled incorrectly for admins
We expect mini profiler only to show up on accounts that are flagged as
developer accounts.

Unfortunately there was a bypass on any controllers that mix in ApplicationHelper
2019-10-09 12:49:22 +11:00
Joffrey JAFFEUX 49a4b0dd9c
DEV: adds teardownComponent hook to connector class (#8171)
This is the counterpart to setupComponent and allows you to clean any observers or state when the component is destroyed.
2019-10-09 00:26:33 +02:00
Penar Musaraj 30cda1761d
UX: Better composer hyperlink modal (#8160) 2019-10-08 16:19:07 -04:00
Penar Musaraj 1ee633cea4 FIX: Topic timeline placement on iPad 2019-10-08 16:10:09 -04:00
Gerhard Schlager bee000bcec FIX: Existing post timings could prevent moving posts
Post timings are created by `topic_id` and `post_number` and it's possible that the destination topic already contains post timings for non-existent posts. For example, this can happen if the destination topic was previously split and Discourse recorded post timings for moved posts in the destination topic.

This commit ensures that all timings which reference non-existent posts are deleted from the destination topic before the posts are moved.
2019-10-08 21:07:29 +02:00
Robin Ward eae57652a4 FIX: Bump Compiler Version
In 98719be we fixed raw handlebars, but they won't be recompiled without
this bump.
2019-10-08 14:50:14 -04:00
Roman Rizzi b805037825
FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
Penar Musaraj b20b6c52e1 FIX: Do not reset original scroll position in iOS to zero
This avoids scrolling to the top of a post when toggling focus to the composer textarea
2019-10-08 11:59:53 -04:00
Penar Musaraj c3a5a8e095 UX: Refactor iOS composer layout
This addresses the following issues:
- on iPad, with keyboard attached, the composer is no longer forced to full screen
- on iPad, with keyboard attached, the topic no longer scrolls when starting a
  reply and then cancelling it
- switching between inputs and buttons (formatting, emojis, categories/tags, etc.) no longer
  causes layout to bounce around
2019-10-08 11:16:41 -04:00
Robin Ward d527f3a723 Log an event for `topic:created`
You can distinguish between `post:created` and `topic:created` now.
2019-10-08 10:39:03 -04:00
Robin Ward 50fae909d6 Add an appEvent for when a post is created
List for `post:created` and you'll be passed the new post when it is
created.
2019-10-08 10:12:38 -04:00
Mark VanLandingham 057f698e37 FIX: Store user_accuracy_bonus to clarify explanations (#8165)
* FIX: Store user_accuracy_bonus to clarify explanations

* Fixed specs from rounding change

* migration cleanup

* user_accuracy_bonus column not nullable
2019-10-08 09:49:07 -04:00
Dan Ungureanu fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
David Taylor 228a55a475 UX: Reduce size of github onebox icons 2019-10-08 11:08:36 +01:00
Sam Saffron 7a5daa3079 DEV: lint file
needed a prettier run
2019-10-08 12:15:23 +11:00
Daniel Waterworth 87f0b56191 UI: Scroll to the bottom of the page when the scrollbar hits the end (#8101) 2019-10-08 12:00:58 +11:00
Robin Ward afe7429e7d Add more analytics events
The ability to track when likes and bookmarks are toggled
2019-10-07 16:39:17 -04:00
Penar Musaraj 1aaddf13a0 UX: remove iPad keyboard user setting from iOS 13
Removes setting for iOS devices that support Visual Viewport API.

On devices where it was previously enabled, it was causing some scrolling drift when invoking the composer.
2019-10-07 14:55:25 -04:00
Robin Ward 5c9acfec1d Add event for when "Reply" is clicked
This is useful by analytics libraries or other code that wants to track
when replies are begun. A new event: `page:compose-reply` is fired with
the topic.
2019-10-07 14:30:31 -04:00
Robin Ward 847f48a9d0 Add an app event for when a topic is fully loaded
If we are interested in page events (say analytics), they are reported
when the route changes, which does not wait for any promises in
`setupController` to finish.

A plugin might want to know when a topic has fully loaded, so this event
is triggered when that happens.
2019-10-07 14:30:31 -04:00
David Taylor 615039f228 FEATURE: Improve GitHub commit, PR and issue onebox rendering
Bump onebox version to include new github rendering, and add relevant CSS

Avatars are reduced in size significantly, and icons are added to easily differentiate PRs and commits. The 'Issue:' prefix is removed from issue oneboxes, to make them consistent with commits and PRs.
2019-10-07 19:26:10 +01:00
Penar Musaraj 342b925b02 FIX: Add mobile padding to bottom of user preferences screen 2019-10-07 12:03:31 -04:00
Sam Saffron 71ea4ad7fc PERF: reuse renderer when rendering email templates
Previous to this fix we were leaking methods on the internal action view
template class per render.

This caused email generation to be very low and a steady memory leak in the
application in sidekiq when sending out emails

The behavior change is new to Rails 6 so this fix does not need to be
backported into stable.
2019-10-06 23:57:03 -04:00
Penar Musaraj d45866eb5c UX: Fix topic progress placement in iOS app
Fixes placement issues introduced in #45a55a3

Fixes topic progress placement when composer is collapsed with a draft
2019-10-06 16:10:08 -04:00
Kris be85bc9dac convert ip lookup copy anchor to button 2019-10-04 16:28:36 -04:00
Mark VanLandingham 868303e5d9 FEATURE: Weighted reviewable user accuracy (#8156)
* FEATURE: Inaccurate users have negative review accuracy

* FIX: disallow negative reviewable score even if the accuracy would make it negative
2019-10-04 15:10:56 -04:00
Mark VanLandingham 30087beb72
UX: Input for name when creating a new authenticator (#8153)
* FEATURE: Added input for name when creating a new authenticator in user preferences

* FEATURE: Added placeholders to authenticator inputs

* Ran prettier on second-factor-add-totp.js.es6
2019-10-04 13:46:48 -05:00
Kris 9e9d57d7ee General admin style cleanup 2019-10-04 13:25:54 -04:00
Penar Musaraj 77643931bc FIX: Ensure push_url exists before making push notification API call 2019-10-04 11:52:10 -04:00
Robin Ward f5d391a48a
REFACTOR: Move `app-events:main` to `service:app-events` (#8152)
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.

In the future we should also deprecate `this.appEvents` without an
explicit injection too.
2019-10-04 10:06:08 -04:00
Jarek Radosz 5e88baebb6 DEV: Remove SiteSetting.default_categories_selected (#8138)
Added on Aug 21, 2015 in bef80633b1
The only usage removed on Aug 26, 2015 in 4ba89eec27

As far I can tell it isn't used by core or any official plugins.
2019-10-04 15:57:17 +10:00
Kyle Zhao 75d54e3335 UX: Add "Drafts" to quick access profile tab. (#8155) 2019-10-04 15:48:17 +10:00
Kris 8ccd286721 Minor category link alignment adjustment 2019-10-03 21:19:03 -04:00
Osama Sayegh e27f332318
PERF: speed up about page render time and limit category mods (#8112)
* PERF: speed up about page render time and limit category mods

* Remove return

* Remove widgets

* Convert admins and mods lists

* Rename component

* Apply Joffrey's patch

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Make limit 100
2019-10-03 21:48:56 +03:00
Jeff Wong d6b39dc01d REFACTOR: use const rather than var 2019-10-03 11:45:03 -07:00
Kris 0744e70022 UX: restrict tall modal height to viewport % 2019-10-03 13:16:28 -04:00
Roman Rizzi 10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Joffrey JAFFEUX aaf15944f8
FIX: errors due to confusion between trustLevel and trust_level (#8149) 2019-10-03 08:52:07 -04:00
Mark VanLandingham 1e2aa263a9 FIX: update user vote count on topic trash/recover (#8144) 2019-10-03 07:53:48 -04:00
Penar Musaraj fa1ed9799c UX: Fix composer layout in Android
Viewport-relative height causes title to be below address bar in Android
2019-10-03 07:43:54 -04:00
Penar Musaraj 45a55a3abf FIX: Correct position of topic progress in iOS when composer is visible
This fix is needed due to what feels like an iOS Safari bug. The CSS rule `margin-bottom: env(safe-area-inset-bottom);` should not apply to the topic progress element when the composer is visible, because the element is not near the bottom of the viewport.
2019-10-02 20:54:11 -04:00
Penar Musaraj 1051a95160 UX: Trigger composer resize when dismissing keyboard in iPad 2019-10-02 20:20:50 -04:00
Sam Saffron 1c3cbbe883 UX: bypass chrome autocomplete when editing admin text fields
Same issue as: 918a0ea3

off is ignored in chrome per: https://bugs.chromium.org/p/chromium/issues/detail?id=587466
2019-10-03 09:01:55 +10:00
Martin Brennan 61868e50cb Check webauthn support when registering security keys (#8146) 2019-10-03 08:26:26 +10:00
Joffrey JAFFEUX 91dd6aacfb
FIX: ensures chart parent element is still present before render (#8145) 2019-10-02 17:54:30 -04:00
Jeff Wong dbb33f08a9 REFACTOR: clean-up webauthn mobile view 2019-10-02 11:49:36 -07:00
Martin Brennan 9f5ec7154d [FIX] Webauthn security key fixes after real-world usage (#8135)
* Fix broken security key 2FA on mobile login.hbs

* Show nicer error message when a security key already exists

* [COPY] Disable -> Delete for security key editing

* Standardize UI elements in 2FA prefs password confirmation

* Minor fixes to label location for resetPasswordProgress
2019-10-02 11:47:29 -07:00
Penar Musaraj eeea016f23 FIX: Show composer above DiscourseHub app nav on iPad 2019-10-02 14:13:33 -04:00
Penar Musaraj ea4e9dba8e FIX: Apply Visual Viewport composer height calc in iOS only 2019-10-02 13:37:41 -04:00
Joffrey JAFFEUX d0390fba3e
UX: displays reads/likes in the same order that post menu buttons (#8140) 2019-10-02 13:00:47 -04:00
Penar Musaraj ceb29d3eea UX: Full viewport composer layout on iPad
Partially reverts 94ab48c by using Safari hacks on iPad again.

This brings parity in the composer UI between iPhones and iPads

Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
2019-10-02 12:36:11 -04:00
Joffrey JAFFEUX 7f114ef861
DEV: removes dead code (#8130)
This commit also refactors the new code which did make this dead code
2019-10-02 12:15:11 -04:00
Joffrey JAFFEUX fb66ddf161
DEV: removes dead coded (#8129)
As per sam:

b9ccf4d09c/app/assets/javascripts/discourse.js 1

We used to put (*) topic title for certain cases, something that we totally stopped doing.
2019-10-02 12:13:39 -04:00
Joffrey JAFFEUX ef610af328
FIX: exception with triggerRefresh and subcat listing (#8131)
Clicking fast on the "top", "unread", or "latest" button  when browsing a parent category page with subcategories and the setting `Show subcategory list above topics in this category` enabled would cause an exception:

```
Uncaught Error: Nothing handled the action 'triggerRefresh'. If you did handle the action, this error can be caused by returning true from an action handler in a controller, causing the action to bubble.
```
2019-10-02 07:51:23 -04:00
Sam Saffron 34813b643d DEV: properly require csv dependency
csv dependency is not default loaded, explicitly ask for it when we start
parsing csv files.
2019-10-02 15:07:37 +10:00
Sam Saffron 3f6af54fe1 DEV: minor fixes related to zeitwerk
A couple of specs stopped working post zeitwerk. Adding missing require
corrected inheritance to avoid a circular ref.
2019-10-02 14:28:18 +10:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Ryan Boder b7ebe574df FEATURE: Add topic and category context to post webhook payload (#8110)
Adds additional fields topic_archetype and category_slug to the post
webhook so that handlers have some context about the post event without
having to call back to the API.

Discussed [here](https://meta.discourse.org/t/webhooks-how-best-to-differentiate-a-pm-from-a-public-post/76363/13).
2019-10-02 11:41:33 +10:00
Joffrey JAFFEUX 3ee6e859ec FIX: prevents trigger post read count update on non existing post (#8128) 2019-10-02 10:57:34 +10:00
Joffrey JAFFEUX 6e815ba032 DEV: adds discourse:focus-changed app event (#8123) 2019-10-02 10:53:51 +10:00
Krzysztof Kotlarek f331b5eab2 FEATURE: topic title is validated for blocked words (#8127)
Currently, the topic is only validated for censored words and should be validated for blocked words as well.

Blocked word validation is now used by both Post and Topic. To avoid code duplication, I extracted blocked words validation code into separate Validator, and use it in both places.

The only downside is that even if the topic contains blocked words validation message is saying "Your post contains a word that's not allowed: tomato" but I think this is descriptive enough.
2019-10-02 10:38:34 +10:00
Joffrey JAFFEUX bbc250cc35
DEV: ensures relative-ages interval is cleared between tests (#8117) 2019-10-01 22:18:26 +02:00
Joffrey JAFFEUX a5af98a149
DEV: fixes deprecation due to incorrect appEvent setup on share:url (#8122) 2019-10-01 22:17:38 +02:00
Gerhard Schlager f82576deea FIX: Reset watched site settings when default locale changes
Some site settings (e.g. `unicode_username_character_whitelist`) depend on the default locale, so we need to reset the watched settings when the locale changes.
2019-10-01 20:41:16 +02:00
Penar Musaraj 5cf299733a UX: Fix topic progress placement
Keeps element 1em away from the right edge of screen

Takes DiscourseHub app nav position into account on iPad

Uses outerHeight to calculate element height including padding/borders
2019-10-01 13:14:36 -04:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
Kris f7923958e2 UX: fix alignment on topic progress bar and remove some magic numbers 2019-10-01 11:45:51 -04:00
Penar Musaraj 94ab48c616 UX: Improve composer layout in iPads
In iOS 13, Apple no longer includes "iPad" in the user agent by default, so we need to adjust our detection.
2019-10-01 08:22:17 -04:00
Sam Saffron 499472b6a0 FIX: change focus when application resumes in android
Per new lifecycle https://developers.google.com/web/updates/2018/07/page-lifecycle-api

On Android and latest Chrome when an app transitions from "frozen" to
active the new "resume" event fires with no accompanying "visibilitychange"
event.

This means that often background tabs may be stuck thinking that discourse
has no focus when, indeed, it has.

This leads to cases where no posts are marked read anymore.
2019-10-01 12:00:07 +10:00
Kris 5cfbe19eef UX: Change composer's edit reason link to an icon 2019-09-30 20:58:31 -04:00
Penar Musaraj 444d123f0d UX: Use Visual Viewport API for iOS composer height
This applies to iPhones running iOS 13+.
Previous technique remains in place for iOS 12 and below.

Note that this does not apply to iPads on iOS 13 due to Apple no longer
identifying iPads in the user agent string.
2019-09-30 13:56:40 -04:00
Robin Ward d5c5ca46b6 SECURITY: Don't allow base_uri as embeddable host if none exist 2019-09-29 20:51:59 -04:00
Kris 756104432e UX: add class to distinguish specific moderator categories on about page 2019-09-27 09:34:56 -04:00
Vinoth Kannan 02731ef33e FIX: include video tags and short urls in 'have_uploads' method.
While checking the existence of upload in posts we must include <video> tags and 'short-url' format of upload URLs.
2019-09-24 23:17:59 +05:30
Vinoth Kannan 301c5a303f FIX: include 'short_path' as src in each_upload_url method. 2019-09-22 15:32:28 +05:30
Rafael dos Santos Silva 7543695744 FIX: PWA install was broken due to missing basic logo
The current manifest validation in Chrome requires at least one
non-maskable icon to make it installable.

This commit adds the maskable entry as another entry, following up
on changes added in 3e590b8
2019-09-22 00:20:25 -04:00
Rafael dos Santos Silva 3e590b87cf FEATURE: Add support for maskable icons in the PWA manifest
Because:

- Chrome 78 and Firefox Fenix have support for it
- The icons will look better by using all the availiable space
- Admins can control the icon and add appropriate padding since we have a
dedicated asset for the manifest logo. Read more about it on
https://css-tricks.com/maskable-icons-android-adaptive-icons-for-your-pwa/

This commit:

- Adds a new key under the icons array in the webmanifest, named purpose
with maskable value.
2019-09-21 11:50:00 -04:00
Osama Sayegh 57db3c1fbe
FIX: Properly render server side plugin outlets (#8106)
The behavior of the `render` helper method changed in Rails 6 so now the method doesn't render the template and return the output, instead it just returns the file content as-is. Context: https://meta.discourse.org/t/discourse-sitemap-plugin/40348/134?u=osama
2019-09-19 21:51:06 +03:00
Robin Ward d251f12c9c Tweak calculation for reviewable sensitivities/priorities
Previously, calculating thresholds for reviewables was done based on the
50th and 85th percentile across all reviewables. However, many forum
owners provided feedback that these thresholds were too easy to hit, in
particular when it came to auto hiding content.

The calculation has been adjusted to base the priorities on reviewables
that have a minimum of 2 scores (flags). This should push the amount of
flags required to hide something higher then before.
2019-09-19 14:07:56 -04:00
Robin Ward d5b52abf2f FIX: Require a min amount of reviewables before calculating thresholds
On forums with very few flags you don't want to calculate averages
because they won't be very useful. Stick with the defaults until we hit
15 reviewables at least.
2019-09-19 13:42:50 -04:00
Robin Ward 3c6a5836c2 FIX: Sensitivity did not work by default
Forums without previously calculated scores would return the same values
for low/medium/high sensitivity. Now those are scaled based on the
default value.

The default value has also been changed from 10.0 to 12.5 based on
observing data from live discourse forums.
2019-09-19 13:26:17 -04:00
Kris e7ea5d3099 update color variable 2019-09-18 15:57:58 -04:00
Régis Hanol 72e38b291f FIX: proper jumpToPost with whispers/small-actions
findPostIdForPostNumber does not take into account whispers and small actions posts
so the jump might end up on the wrong post.
2019-09-18 18:32:40 +02:00
David Taylor 479fdaaea1
DEV: Allow specifying button class in reviewable action definitions (#8093)
This avoids the need for using `@extend` in SCSS, which can be problematic in plugins

For context, see https://review.discourse.org/t/fix-make-compatible-with-debundled-plugin-css-assets-feature/5297/7
2019-09-18 11:28:59 +01:00
Régis Hanol bb127b8140 FIX: preview up to 'max_oneboxes_per_post' oneboxes
We were counting all the oneboxes in the DOM instead of just the ones in the preview.

Also refactored the logic to count up to 'max_oneboxes_per_post` instead of down to 0.
That also ensured we don't load 11 oneboxes when the setting is limiting to 10.
2019-09-17 23:25:15 +02:00
Robin Ward 5bf3a00328 FIX: Ignored flags should not count in your accuracy score 2019-09-17 14:54:20 -04:00
David Taylor 3da9b99dbf FIX: Live reload plugin stylesheets when the color scheme changes 2019-09-17 09:54:55 +01:00
David Taylor 081c36a459 FIX: Do not include theme variables in plugin SCSS, and fix register_css 2019-09-17 09:54:52 +01:00
Arpit Jalan 4a11e7ee56 fix the build. 2019-09-17 13:00:41 +05:30
Arpit Jalan 671ffc4e06 FIX: do not allow posting of category topic template without any changes 2019-09-17 12:32:46 +05:30
Kyle Zhao fb200e3055 FIX: Escape $ in translations before interpolating (#8100)
The dollar sign (`$`) is a special replace pattern, and `$&` inserts the
matched string. Thus dollars signs need to be escaped with the special
pattern `$$`, which inserts a single `$`.
2019-09-16 13:52:49 -04:00
David Taylor 7c494cc631 DEV: Live-reloading of core/plugin CSS alongside preview_theme_id
In development, we track the last requested theme id, and use that to refresh the correct stylesheet targets. The after_action hook runs on every request, but the preview_theme_id parameter is only sent on the initial HTML request. This commit ensures we only fetch the development theme_id on HTML requests
2019-09-16 17:27:19 +01:00
Dan Ungureanu 520d54d85f
FIX: Open drafts for PMs from Activity > Drafts screen.
Draft.get sometimes returns only the sequence number.
2019-09-16 16:24:42 +03:00
David Taylor 39f7e98b60
FIX: Ensure page is reloaded correctly when a hash is present (#8096)
To demonstrate the issue:
- Visit https://meta.discourse.org/#somethingHere while logged in
- Click "log out"
- You will be logged out, but the page will not be reloaded

Setting `window.location.pathname = "/"` will not reload the page if there is a hash present. Using `window.location = "/"` gives us the desired behavior.
2019-09-16 13:27:12 +01:00
romanrizzi 08b7a3fdfe Fix: Don't show non-members as readers when the post is a whisper 2019-09-13 17:14:31 -03:00
Roman Rizzi 1576b07a10
FIX: Improve protection against problematic usernames (#8097) 2019-09-13 15:11:27 -03:00
David Taylor 98719bee10 FIX: Load raw hbs templates correctly from theme javascripts folder 2019-09-13 18:01:16 +01:00
David Taylor b0211772cb FIX: Explicitly specify the format when loading `/associate/{{token}}`
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. A better solution may be to add a `Vary: Accept` header to all of our HTML responses, but this commit should solve the immediate issue.
2019-09-13 17:22:57 +01:00
Régis Hanol 0cfe47471f FIX: add support for version query parameter in InlineUploads 2019-09-13 18:21:19 +02:00
Kyle Zhao f0f03acb2c FIX: Do not escape `fancy_title` again. (#8095)
`fancy_title` is already escaped by Rails. Escaping it again would print
the HTML entity as-is, e.g. `&quot;` instead of `"`.

This fixes the issue by introducing a new `escapedContent` attribute on
the `QuickAccessItem` widget.
2019-09-13 10:04:14 -04:00
Penar Musaraj 6bbda8eae9 FIX: Do not show latest count in tabs on tag lists 2019-09-12 22:42:48 -04:00
Régis Hanol aa511c5b59 FIX: support <img> in code blocks when inlining uploads
Simpler code is better :)

Also added moar specs to ensure <img> tag inside code blocks are properly ignored.
2019-09-12 21:25:14 +02:00
Penar Musaraj 8f601d5025 UI: Add viewport meta tag to embedded topics layout 2019-09-12 14:14:32 -04:00
Vinoth Kannan 321f559c7c FIX: make markdown regexp patterns case insensitive. 2019-09-12 22:25:15 +05:30
Roman Rizzi 568232052e
DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
hawm 7129637279 FEATURE: Make share button support custom javascript (#8090)
* FEATURE: Make share button support custom javascript

* clean code

* formatting

* formatting
2019-09-12 11:19:43 -04:00
David Taylor 67a98946b8 FIX: Do not log 'pull_hotlinked_images' edits in the staff action log 2019-09-12 15:55:45 +01:00
Penar Musaraj e4b813df4c FIX: Change admin dashboard sort caret icon color on hover 2019-09-12 10:38:53 -04:00