Commit Graph

682 Commits

Author SHA1 Message Date
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Mark VanLandingham 4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Arpit Jalan b3cd83460b FIX: check for presence of liked post before creating notification 2019-10-24 14:25:56 +05:30
Neil Lalonde f061aee818 FEATURE: support SCSS in custom email style
In the CSS tab of Admin > Customize > Email Style, SCSS can now be used.
2019-10-23 15:42:37 -04:00
Daniel Waterworth 55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Penar Musaraj 48c1238492 FIX: Do not send notification to empty push_url
Completes e4424d7
2019-10-16 11:27:07 -04:00
Sam Saffron 5aaf7e3316 FIX: during concurrent emails generation renderer should not be reused
Our instance used for template rendering needs a lock to ensure there is
no race condition where rendering happens on 2 threads at the same time.

This can lead to local poisoning which can cause unexpected results in
emails
2019-10-10 08:50:48 +11:00
Sam Saffron 71ea4ad7fc PERF: reuse renderer when rendering email templates
Previous to this fix we were leaking methods on the internal action view
template class per render.

This caused email generation to be very low and a steady memory leak in the
application in sidekiq when sending out emails

The behavior change is new to Rails 6 so this fix does not need to be
backported into stable.
2019-10-06 23:57:03 -04:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Régis Hanol 0cfe47471f FIX: add support for version query parameter in InlineUploads 2019-09-13 18:21:19 +02:00
Régis Hanol aa511c5b59 FIX: support <img> in code blocks when inlining uploads
Simpler code is better :)

Also added moar specs to ensure <img> tag inside code blocks are properly ignored.
2019-09-12 21:25:14 +02:00
Vinoth Kannan 321f559c7c FIX: make markdown regexp patterns case insensitive. 2019-09-12 22:25:15 +05:30
David Taylor 73172f00d3
FIX: Clear authentication data from session after create account (#8040) 2019-09-12 12:11:12 +01:00
Sam Saffron 93b0ffc85c DEV: improve subfolder inline logic
This follows up on #503a11cc88f with a spec
2019-09-11 12:02:42 +10:00
Michael Brown 503a11cc88 FIX: inline_uploads and subfolder (#8076)
* FIX: inline_uploads and subfolder

* if subfolder, also look for images with a path containing
  cdn_url + relative_url_root

* FIX: migrate_to_s3 task and subfolder
2019-09-11 11:50:48 +10:00
Sam Saffron cd894b7d17 FIX: inline_uploads not working on subfolder setups 2019-09-05 15:32:33 +10:00
Roman Rizzi 7a70fce584
FIX: :reject_user_delete action can only be handled by ReviewableUser (#8068) 2019-09-04 14:12:48 -03:00
Dan Ungureanu 34a76bf106 FIX: Do not set destination_url cookie after deleting own account. (#8028)
destination_url cookie is used to redirect the user to the a private
page after they have logged in. After deleting own account, a user's
pages would be refreshed which would set the destination_url, cookie
that can cause a redirect to an invalid page after logging in again.

Reproduction steps:

1. User is at `/u/:username/preferences/account` and deletes account by
requesting DELETE `/u/:username.json`.

2. User is being destroyed and a MessageBus message (`file-change`,
`['refresh']`) is published.

3. User receives response to DELETE request, but page may be or not
refreshed. Anyway, since they can no longer see the preferences page,
they are redirected to `/login` and `destination_url` cookie is set,
that will redirect on next login (but to the previous preferences page).
2019-08-22 17:42:45 +02:00
David Taylor 39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Rishabh dcb47d902b
REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications (#7958)
* REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications

- The older name could cause some confusion because the setting does not disable all edit notifications, only system ones.

* FIX: Add frozen_string_literal: true in the migration

* DEV: Deprecate 'disable_edit_notifications'
2019-07-31 20:20:41 +05:30
Neil Lalonde 9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Guo Xiang Tan faea594436 DEV: Extract common regexps for multisite. 2019-07-29 19:01:36 +08:00
Osama Sayegh f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Blake Erickson d26aa6e71e REFACTOR: Cleanup rake tasks based on feedback
Follow up to: [FEATURE: Create a rake task for destroying categories][1]

- `Discourse.system_user` is my friend
- Remove puts statements from rake tasks that don't return anything
- `for_each` is also my friend
- Use `human_users` to also exclude discobot
- Sort/format categories:list

[1]: 092eeb5ca3
2019-07-18 19:15:01 -06:00
Blake Erickson 092eeb5ca3 FEATURE: Create a rake task for destroying categories
Created a rake task for destroying multiple categories along with any
subcategories and topics the belong to those categories.

Also created a rake task for listing all of your categories.

Refactored existing destroy rake tasks to use new logging method, that
allows for puts output in the console but prevents it from showing in
the specs.
2019-07-17 12:44:14 -06:00
Vinoth Kannan 4f0004a0c2 Fix typo in dc6b13e4d2. 2019-07-17 15:54:42 +05:30
Vinoth Kannan dc6b13e4d2 FIX: when 'raw' started with non-image upload url it's not converted to short-url.
dd0f0494c6
2019-07-17 11:13:50 +05:30
Vinoth Kannan dd0f0494c6 FIX: convert hotlinked non-image urls to short url.
3840ace978
2019-07-17 09:15:09 +05:30
Vinoth Kannan 3840ace978 FIX: skip markdown conversion for hotlinked non image urls 2019-07-16 18:05:17 +05:30
Gerhard Schlager 7311eeed39 FIX: Use default locale for flag reasons 2019-07-12 12:04:23 +02:00
Régis Hanol 155cad8b85 FIX: only add image size when with & height are in pixels 2019-07-05 20:34:11 +02:00
Ralph Rooding 1318e0b288 FEATURE: Rake themes installer (#7848)
* Delete remote_theme when deleting the theme

* Install themes and theme components through rake

* Removed unnecessary test
2019-07-04 14:33:05 -04:00
Osama Sayegh 3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Penar Musaraj 27387b0859 Do not collapse quote notifications
This prevents an issue where edits to a post with a quote would trigger push notifications indefinitely.
2019-06-27 18:20:43 -04:00
Jeff Wong 6de254f642 FIX: iterate when clearing watched words cache 2019-06-24 17:17:56 -07:00
Penar Musaraj e51de4cc25
FEATURE: Add endpoint to individually update a theme setting (#7789)
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
2019-06-21 13:49:14 -04:00
Guo Xiang Tan 7c86f16aa3 FIX: Support carriage return in `InlineUploads`.
Follow up to 8deaef3872.
2019-06-21 14:07:06 +08:00
Guo Xiang Tan 8deaef3872 FIX: Don't replace img tags within anchor tags with markdown format.
Follow up to 9a25b0d614.
2019-06-21 12:32:02 +08:00
Guo Xiang Tan 9a25b0d614 FIX: Edge case with anchor tag in `InlineUploads`. 2019-06-21 09:55:56 +08:00
Guo Xiang Tan 53efb7bd24 FIX: BBcode edge case for `InlineUploads`. 2019-06-20 11:47:51 +08:00
Guo Xiang Tan 34f382b758 FIX: `InlineUploads` should replace attachment links with markdown text. 2019-06-19 11:15:02 +08:00
Guo Xiang Tan 77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan 5d16d10a9e DEV: Fix edge case for `InlineUploads`. 2019-06-14 13:48:03 +08:00
Guo Xiang Tan befb074c98 DEV: `InlineUploads` should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Guo Xiang Tan 41abebcbce DEV: Support both `http` and `https` for `InlineUploads`. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan 9daed05ad0 Fix the build. 2019-06-13 13:53:43 +08:00
Guo Xiang Tan 7a0d031bc4 FIX: `InlineUploads` matching on external bbcode img url. 2019-06-13 13:47:36 +08:00
Guo Xiang Tan 782e583844 FIX: Edge cases with markdown references for `InlineUploads`. 2019-06-13 12:08:01 +08:00
Guo Xiang Tan 93c552afda FIX: `InlineUploads` does not correct urls with uppercase extension. 2019-06-13 11:19:33 +08:00
Guo Xiang Tan 641521896c FIX: Cover more edge cases in `InlineUploads`. 2019-06-12 17:06:58 +08:00
Guo Xiang Tan 73bf880f74 FIX: Correct more edge cases with `InlineUploads`. 2019-06-12 10:44:25 +08:00
Guo Xiang Tan ff48fbdfda FIX: `InlineUploads` raises an error when img tag is invalid. 2019-06-12 10:31:00 +08:00
Guo Xiang Tan ee142c2173 DEV: More improvements to `InlineUploads`.
* Convert inline links to short path

```
<link> <link>
<link>
```

to

```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
Neil Lalonde 1f73a3ba6d FIX: round the calculated heat values
Views heats like 12135 will become 12000, like ratios like
1.666666666667 will become 1.67.
2019-06-06 15:44:55 -04:00
Guo Xiang Tan 95db609586 DEV: Support more formats of inline images. 2019-06-06 15:50:56 +08:00
Neil Lalonde ecc9c76692
FEATURE: dynamically update the topic heat settings monthly (#7670)
The site settings beginning with "topic views heat" and "topic post like
heat" are set to defaults when installing Discourse, but there has not
been a process or guidance for updating these values based on
community activity.

This feature will update them once a month. The low, medium, and
high settings will be based on the minimums of the 45th, 25th, and
10th percentile topics respectively, so that 45% of topics will have
some "heat".

Disable automatic changes with the automatic_topic_heat_values setting.
2019-06-04 10:34:07 -04:00
Guo Xiang Tan 1991af2abb DEV: Switch `InlineUploads` to a regexp based implementation. 2019-06-04 15:54:25 +08:00
Guo Xiang Tan d93e5fb00d DEV: Class that converts MD with old attachment links to new MD. 2019-06-04 15:54:25 +08:00
Sam Saffron 6428aa5b1f FIX: search indexer had various cases where it could fail
Previous to this fix is a post had the test www.test.com/abc it would fail
to index.

This also simplifies the rules to avoid full url parsing which can be
expensive
2019-06-04 16:21:03 +10:00
Sam Saffron 3b8819f0ab FEATURE: add support for defer topic functionality
This feature allows end users to "defer" topics by marking them unread

The functionality is default disabled. This also introduces the new site
setting default_other_enable_defer: to enable this by default on new user
accounts.
2019-05-31 15:44:35 +10:00
Sam Saffron 5c524ea8a4 FEATURE: introduce dedicated storage and DB constraints for anon users
Previously we used custom fields to denote a user was anonymous, this was
risky in that custom fields are prone to race conditions and are not
properly dedicated, missing constraints and so on.

The new table `anonymous_users` is properly protected. There is only one
possible shadow account per user, which is enforced using a constraint.

Every anonymous user will have a unique row in the new table.
2019-05-29 14:26:24 +10:00
Dan Ungureanu 7a08e23b4b FIX: Bump search index version. 2019-05-29 08:20:59 +08:00
Ralph Rooding 0d9fdbf8fe FEATURE: Allow import of hidden site settings (#7601)
* Allow optional import of hidden site settings

* Always import hidden settings
2019-05-28 16:20:18 +10:00
Robin Ward 89b84651c3 Migrate score settings to use sensitivities
We hide scores so these settings no longer made sense.
2019-05-24 15:44:24 -04:00
Guo Xiang Tan a36fe019bb DEV: Fix race condition when enqueuing edit wiki-ed notification. 2019-05-16 13:48:46 +08:00
Penar Musaraj fc5bb39096 FIX: Do not send duplicate alerts for the same post (#7476) 2019-05-15 18:47:36 +02:00
Arpit Jalan a2b1789c3e FIX: do not log username change if the save process was unsuccessful 2019-05-13 22:20:27 +05:30
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan f04518fdf9 DEV: Reduce number of jobs enqueued.
Apply code review suggestion from
405ba00c08.
2019-05-08 15:58:08 +08:00
Guo Xiang Tan 405ba00c08 FEATURE: Create notifications on wiki edits for watching users.
* Moves creation of notification into background job.
2019-05-08 15:31:10 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Guo Xiang Tan d252dad4f0 FIX: Can't remove user profile uploads.
Follow up to 24347ace10.
2019-05-02 16:54:10 +08:00
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Gerhard Schlager 876c4f20b3 FIX: Remove duplicate Emoji names from blurb
The blurb contained the value of the alt and title attribute of Emojis. Both values are always the same.
2019-04-29 17:26:39 +02:00
Gerhard Schlager 71d19f6e1f FIX: Reduce mentions in blurbs to @username or @groupname
The link to the user profile or group is useless and the URL encoded username or group name looks awful for Unicode names
2019-04-29 17:26:39 +02:00
Sam Saffron 45285f1477 DEV: remove update_attributes which is deprecated in Rails 6
See: https://github.com/rails/rails/pull/31998

update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Tarek Khalil 6e46197bc8
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
FIX: Disable webhooks on 410 and 404 HTTP responses (#7392)
2019-04-18 12:36:37 +01:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Penar Musaraj 6bbdf5b56e DEV: add "pre_notification_alert" event
Allows plugins to modify payload before sending a notification alert
2019-04-15 10:17:15 -04:00
Penar Musaraj 24fd710f04 Revert "FIX: strip spoilers in notification excerpts"
This reverts commit 55942224ed.
2019-04-15 10:15:17 -04:00
Penar Musaraj 55942224ed FIX: strip spoilers in notification excerpts 2019-04-12 12:00:49 -04:00
David Taylor 24ef4f7b2b Remove support for disable_jump_reply user setting (#7359) 2019-04-12 09:03:06 +10:00
David Taylor dc703adad7 FEATURE: Add user preference for title counter mode (#7364) 2019-04-12 09:02:18 +10:00
Robin Ward 5d99346740 FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:39 -04:00
Robin Ward a4ff593506 UX: Slightly improved reviewable user display, plus link to admin if possible 2019-04-03 17:07:48 -04:00
Robin Ward 111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward 1bce97a596 FIX: Allow queued posts from deleted users to be rejected 2019-04-03 11:40:46 -04:00
Guo Xiang Tan d8704c11ca PERF: Better use of index when queueing a topci for search reindex.
Also move `Search::INDEX_VERSION` to `SearchIndexer` which is where the
version is actually being used.
2019-04-02 09:53:37 +08:00
Guo Xiang Tan 3cba10b9ca DEV: Don't warn when trying to reindex a post with a deleted topic. 2019-04-01 17:04:32 +08:00
Guo Xiang Tan 2a69ab4a4c FIX: Keep `alt` and `title` in lightbox when indexing for search.
Follow up to cfd507822f
2019-04-01 16:20:33 +08:00
Guo Xiang Tan cfd507822f
PERF: Improve quality of `PostSearchData#raw_data`. (#7275)
This commit fixes the follow quality issue with `PostSearchData#raw_data`:

1. URLs are being tokenized and links with similar href and characters
are being duplicated in the raw data.

`Post#cooked`:

```
<p><a href=\"https://meta.discourse.org/some.png\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener\">https://meta.discourse.org/some.png</a></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png discourse org/some png https://meta.discourse.org/some.png discourse org/some png
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized https://meta.discourse.org/some.png meta discourse org
```

2. Ligthbox being included in search pollutes the
`PostSearchData#raw_data` unncessarily.

From 28 March 2018 to 28 March 2019, searches for the term `image` on
`meta.discourse.org` had a click through rate of 2.1%. Non-lightboxed images are not included in indexing for search yet we were indexing content within a lightbox. Also, search for terms like `image` was affected we were using `Pasted image` as the filename for
uploads that were pasted.

`Post#cooked`

```
<p>Let me see how I can fix this image<br>\n<div class=\"lightbox-wrapper\"><a class=\"lightbox\" href=\"https://meta.discourse.org/some.png\" title=\"some.png\" rel=\"nofollow noopener\"><img src=\"https://meta.discourse.org/some.png\" width=\"275\" height=\"299\"><div class=\"meta\">\n<svg class=\"fa d-icon d-icon-far-image svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#far-image\"></use></svg><span class=\"filename\">some.png</span><span class=\"informations\">1750×2000</span><svg class=\"fa d-icon d-icon-discourse-expand svg-icon\" aria-hidden=\"true\"><use xlink:href=\"#discourse-expand\"></use></svg>\n</div></a></div></p>
```

`PostSearchData#raw_data` Before:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image some.png png https://meta.discourse.org/some.png discourse org/some png some.png png 1750×2000
```

`PostSearchData#raw_data` After:

```
This is a test topic 0 Uncategorized Let me see how I can fix this image
```

In terms of indexing performance, we now have to parse the given HTML
through nokogiri twice. However performance is not a huge worry here since a string length of 194170 takes only 30ms
to scrub plus the indexing takes place in a background job.
2019-04-01 10:14:29 +08:00
Guo Xiang Tan daeda80ada
FIX: Don't index posts with empty `Post#raw` for search. (#7263)
* DEV: Remove unnecessary join in `Jobs::ReindexSearch`.

* FIX: Don't index posts with empty `Post#raw` for search.
2019-04-01 10:06:27 +08:00
Maja Komel 4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel 34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil a31a35b334 FEATURE: Ignored user notification behaviour should be as a muted user (#7227) 2019-03-21 12:15:34 +01:00
Tarek Khalil 1dd0fa0c4e
REFACTOR: Move redundant ignored user check into guardian (#7219)
* REFACTOR: Move redundant ignored user check into guardian
2019-03-20 19:55:46 +00:00
Tarek Khalil 5852e86226 FEATURE: Only allow TL2 Users to ignore other users (#7212) 2019-03-20 15:02:33 +01:00
Tarek Khalil 3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users (#7202) 2019-03-20 11:18:46 +01:00
Guo Xiang Tan d808f36fc4 FIX: Reindex post for search when post is moved to a different topic.
* This is causing certain posts to appear in searches incorrectly as `PostSearchData#raw_data` contains the outdated title, category name and tag names.
2019-03-19 17:19:14 +08:00