Commit Graph

803 Commits

Author SHA1 Message Date
Roman Rizzi 10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Osama Sayegh ff8cc244d8
FIX: remote theme record not saved when checking for updates (#8054) 2019-08-30 00:32:54 +03:00
Gerhard Schlager d516e492a4 FIX: An overridden text of a non-existent plural key resulted in error
When there is an overridden text in the database that belongs to
a pluralized key which doesn't exist in English anymore, the
Customize Texts admin page was unusable. This stops those keys from
ever being returned by a search.
2019-08-29 17:41:19 +02:00
Roman Rizzi 7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
Roman Rizzi 3259ea60a6
DEV: Remove code deprecated by the new Reviewable API (#8023)
* Remove flag hooks and endpoints

* Remove #reject_bulk for users

* Remove code for quued_posts_controller
2019-08-26 10:33:26 -03:00
romanrizzi 36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi 5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi 67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi 1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Rishabh f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Vinoth Kannan 88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Bianca Nenciu ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
Neil Lalonde 9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Osama Sayegh f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Gerhard Schlager 651a5b6e40 SECURITY: Validate backup chunk identifier 2019-07-22 08:43:16 +02:00
Roman Rizzi f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Osama Sayegh 6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Guo Xiang Tan a4234e9be0 DEV: Minor tweaks to `Admin::WatchedWordsController`. 2019-07-15 10:22:46 +08:00
romanrizzi f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi 8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Osama Sayegh 3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Osama Sayegh f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Penar Musaraj e51de4cc25
FEATURE: Add endpoint to individually update a theme setting (#7789)
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
2019-06-21 13:49:14 -04:00
Bianca Nenciu e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Roman Rizzi c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Robin Ward 2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
Robin Ward d95a68b837 FEATURE: When suspending a user, allow the Delete + Replies action
Previously you could only delete the post
2019-05-27 12:27:16 -04:00
Gerhard Schlager 81c329fbb8 FIX: Customizing missing pluralized translations didn't work 2019-05-13 09:36:05 +02:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Penar Musaraj b948d97c8f
FEATURE: Show diff of local changes before updating remote theme (#7443) 2019-05-02 21:43:54 -04:00
Sam Saffron 96360a779f DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
David Taylor 5edb5c8b03
FIX: Mark invited admins as 'approved' (#7459)
This prevents invited admins appearing as no-op reviewables in the queue when invite_only or require_approval is enabled.
2019-04-30 17:26:39 +01:00
Sam Saffron ac3dab93f5 DEV: lint the files 2019-04-29 17:40:53 +10:00
Sam Saffron 45285f1477 DEV: remove update_attributes which is deprecated in Rails 6
See: https://github.com/rails/rails/pull/31998

update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Joffrey JAFFEUX bcca2b5d73
FEATURE: initial implementation of generic filters for reports 2019-04-26 12:17:10 +02:00
Guo Xiang Tan 87cca0fb80 FIX: Return the right response code for invalid theme id. 2019-04-23 14:57:14 +08:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Robin Ward ba6d4b2a8d FIX: Better handling for toggling `must_approve_users`
If you turn it on now, default all users to approved since they were
previously. Also support approving a user that doesn't have a reviewable
record (it will be created first.)

This also includes a refactor to move class method calls to
`DiscourseEvent` into an initializer. Otherwise the load order of
classes makes a difference in the test environment and some settings
might be triggered and others not, randomly.
2019-04-16 15:56:35 -04:00
Roman Rizzi 536b90e0ef
FEATURE: Support searching custom staff actions (#7346) 2019-04-10 09:53:17 -03:00
Robin Ward 9bcd7aacc8 Remove deprecation, the admin controller can approve just fine 2019-04-09 11:19:19 -04:00
Robin Ward c1ea63bdc1 FIX: Reviewables should not be created for users until they are active
Conversely, if a user is deactivated the reviewable should automatically
be rejected.

Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
venarius c185109380 FIX: Restricted site text better error 2019-04-02 11:16:27 -04:00
Joffrey JAFFEUX e986e96227
DEV: removes old dashboard (#7295) 2019-04-01 12:39:49 +02:00
Maja Komel 4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Gerhard Schlager 4f04ae5692 FIX: Failed to show details about some bounced emails
Bounces sent to reply_by_email_address could not be found.
2019-03-26 18:00:27 +01:00
David Taylor a9d5ffbe3d FIX: Prevent critical emails bypassing disable, and improve email test logic
- The test_email job is removed, because it was always being run synchronously (not in sidekiq)
- 34b29f62 added a bypass for critical emails, to match the spec. This removes the bypass, and removes the spec.
- This adapts the specs for 72ffabf6, so that they check for emails being sent
- This reimplements c2797921, allowing test emails to be sent even when emails are disabled
2019-03-22 17:28:43 +08:00
David Taylor 3f9e7eb326 FIX: Respect the disable_emails=non-staff site setting correctly
This reverts commit c279792130.

This commit inadvertently removed all of the non-staff email logic, rather than just for the 'test email' button. 

https://meta.discourse.org/t/112231/5
2019-03-21 21:44:14 +00:00
Neil Lalonde 1812a38f0a FIX: upload watched words should use UTF-8 2019-03-21 13:46:16 -04:00
Maja Komel 34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Gerhard Schlager 8a99d59422 FIX: seed data classes couldn't always be found 2019-03-18 23:13:47 +01:00
Gerhard Schlager 3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Tarek Khalil f8480ed911
FEATURE: Exposing a way to add a generic report filter (#6816)
* FEATURE: Exposing a way to add a generic report filter

## Why do we need this change?

Part of the work discussed [here](https://meta.discourse.org/t/gain-understanding-of-file-uploads-usage/104994), and implemented a first spike [here](https://github.com/discourse/discourse/pull/6809), I am trying to expose a single generic filter selector per report.

## How does this work?

We basically expose a simple, single generic filter that is computed and displayed based on backend values passed into the report.

This would be a simple contract between the frontend and the backend.

**Backend changes:** we simply need to return a list of dropdown / select options, and enable the report's newly introduced `custom_filtering` property.

For example, for our [Top Uploads](https://github.com/discourse/discourse/pull/6809/files#diff-3f97cbb8726f3310e0b0c386dbe89e22R1423) report, it can look like this on the backend:

```ruby
report.custom_filtering = true
report.custom_filter_options = [{ id: "any", name: "Any" }, { id: "jpg", name: "JPEG" } ]
```

In our javascript report HTTP call, it will look like:

```js
{
  "custom_filtering": true,
  "custom_filter_options": [
    {
      "id": "any",
      "name": "Any"
    },
    {
      "id": "jpg",
      "name": "JPG"
    }
  ]
}
```

**Frontend changes:** We introduced a generic `filter` param and a `combo-box` which hooks up into the existing framework for fetching a report.

This works alright, with the limitation of being a single custom filter per report. If we wanted to add, for an instance a `filesize filter`, this will not work for us. _I went through with this approach because it is hard to predict and build abstractions for requirements or problems we don't have yet, or might not have._

## How does it look like?

![a1ktg1odde](https://user-images.githubusercontent.com/45508821/50485875-f17edb80-09ee-11e9-92dd-1454ab041fbb.gif)

## More on the bigger picture

The major concern here I have is the solution I introduced might serve the `think small` version of the reporting work, but I don't think it serves the `think big`, I will try to shed some light into why.

Within the current design, It is hard to maintain QueryParams for dynamically generated params (based on the idea of introducing more than one custom filter per report).

To allow ourselves to have more than one generic filter, we will need to:

a. Use the Route's model to retrieve the report's payload (we are now dependent on changes of the QueryParams via computed properties)
b. After retrieving the payload, we can use the `setupController` to define our dynamic QueryParams based on the custom filters definitions we received from the backend
c. Load a custom filter specific Ember component based on the definitions we received from the backend
2019-03-15 12:15:38 +00:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
venarius dc4541a95c FIX: Text content search warning if more than 50 results 2019-03-11 12:56:15 -04:00
Gerhard Schlager 4000978452 FIX: Failed to save email template with pluralized subject 2019-03-06 16:51:04 +01:00
David Taylor 35275c137b PERF: Remove final N+1 from theme admin page
The rails bug previously mentioned only causes an issue when using `pluck`, so this controller is not affected.

Followup to a8ffc02d06
2019-03-05 12:10:53 +00:00
David Taylor a8ffc02d06 PERF: Reduce N+1s on theme admin page 2019-02-26 14:22:02 +00:00
Gerhard Schlager dc961fecb9 FIX: Outgoing emails were not disabled after restoring backup 2019-02-25 16:07:24 +01:00
Gerhard Schlager 6a8007e5fb FEATURE: Improve handling of backup storage errors 2019-02-20 15:16:49 +01:00
Joffrey JAFFEUX 9ade04b709
FIX: removes legacy browsers-refresh button (#7028) 2019-02-19 16:38:21 +01:00
David Taylor 59640ef373 DEV: Add additional hooks for theme-creator plugin 2019-02-12 14:17:34 +00:00
Robin Ward bc3efab816 FIX: When disagreeing with a flag that silenced a user, unsilence them
Previously it would unhide their post but leave them silenced.

This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)

This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
David Taylor 7b7bc3db39 FIX: Rescue and display import errors when updating theme via git 2019-02-05 13:49:16 +00:00
David Taylor d8bd3c32ca
DEV: Allow theme CLI to specify which theme to synchronize (#6963)
Currently the theme is matched by name, which can be fragile when there are many themes with the same name. This functionality will be used by the next version of theme CLI.
2019-01-30 14:17:04 +00:00
Guo Xiang Tan 60c1cd9f81 FIX: Return 400 when username params is invalid. 2019-01-30 16:06:55 +08:00
David Taylor 77d26b9df6 FIX: Support application/gzip theme imports, and improve error message 2019-01-28 11:51:14 +00:00
David Taylor afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
David Taylor 2e59a37687
FEATURE: List unused theme components (#6924) 2019-01-23 09:20:13 +00:00
Maja Komel 45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Gerhard Schlager 457e6c7b37 FIX: Mods weren't able to see emails in admin user list 2019-01-18 15:37:30 +01:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Robin Ward dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Guo Xiang Tan c2bca9cabe Make rubocop happy. 2019-01-10 10:52:15 +08:00
Guo Xiang Tan d10694150e Revert "FIX: Partial reply key search in email sent logs."
This reverts commit e9b2018bc8.
2019-01-10 10:05:56 +08:00
Guo Xiang Tan e9b2018bc8 FIX: Partial reply key search in email sent logs.
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Michael Brown c85b9c6ed3 FIX: searching email logs by reply key (#6868)
* you can't use LIKE or ILIKE on a UUID
2019-01-10 07:51:58 +08:00
Joffrey JAFFEUX 1d62d3df6f
FIX: remove storage_stats from the list of reports, too specific (#6817) 2018-12-27 22:21:08 +01:00
David Taylor 7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Joffrey JAFFEUX e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Rishabh c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan e9ea0102a5 FIX: Consistency about our response for invalid user id in `Admin::UsersController`. 2018-12-15 08:01:35 +08:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
David Taylor f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
Bianca Nenciu 56890efd7a FEATURE: Add 'Advanced Test' for admin panel. 2018-12-05 21:56:18 +01:00
Vinoth Kannan d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Arpit Jalan 851ef14096 Revert "FIX: do not agree flags by default when deleting posts"
This reverts commit cb6fc8057b.
2018-11-28 10:21:11 +05:30
Arpit Jalan cb6fc8057b FIX: do not agree flags by default when deleting posts 2018-11-27 10:57:20 +05:30
Arpit Jalan b5bf182ad5 FIX: validate topic deletion when acting on a flag 2018-11-25 23:24:03 +05:30
Kyle Zhao 8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Joffrey JAFFEUX e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Bianca Nenciu 5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Joffrey JAFFEUX 9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Gerhard Schlager 7c4d4331bc FEATURE: Better handling of quotation marks in site text search
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Robin Ward 242a5fc5ef Add DiscourseEvents for when users as unsuspended/unsilenced 2018-11-08 16:33:38 -05:00
Sam 32b1f34910 PERF: avoid DNS lookups when getting IP info
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 4b7ab97a01 FIX: Add 'log in via link' to email templates. (#6545) 2018-10-30 19:15:05 +00:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Erin Kosewic 51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Sam 0e9841b995 SECURITY: remove admin memory diagnostics routes 2018-09-18 08:35:09 +10:00
Sam d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Bianca Nenciu 72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Joffrey JAFFEUX 82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
Osama Sayegh e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Bianca Nenciu dc5fddbfe6 FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 17:37:30 +02:00
Joffrey JAFFEUX 37d4f27c44
FIX: quality/bugfix dashboard/reports pass (#6283) 2018-08-17 16:19:25 +02:00
Osama Sayegh 0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Joffrey JAFFEUX 67ec81babf
FIX: fixes last backup/last_update dates (#6242) 2018-08-07 08:19:52 -04:00
Sam 6797395bd0 FIX: staff should be allowed to agree and keep post 2018-08-07 10:05:43 +10:00
Joffrey JAFFEUX 7f2f3b8b22
FIX: improves reports resilience (#6239)
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
Régis Hanol 535732bdc1 FIX: ensure the 'email_revoked' PM template is customizable 2018-08-03 17:10:20 +02:00
Neil Lalonde c12a9279f6 post deleted notification regression because controller was agreeing with all flags too early 2018-07-30 16:45:46 -04:00
Guo Xiang Tan 87537b679c Drop `reply_key`, `skipped` and `skipped_reason` from `email_logs`. 2018-07-30 11:39:28 +08:00
Joffrey JAFFEUX 330cf78c83
FIX: don’t break browser history on dashboard visit (#6186) 2018-07-26 14:59:28 -04:00
Gerhard Schlager 9989c8179d FIX: Translation for default (light) color scheme was missing 2018-07-25 11:28:14 +02:00
Gerhard Schlager 1ac643d71c FIX: Email template for "Queued Posts Reminder" was not found 2018-07-24 17:26:52 +02:00
Guo Xiang Tan fad9c2b971 PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
Blake Erickson 37b726982d Fix silence and unsilenced response bodies
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
Joffrey JAFFEUX 1d5096eb46 FIX: lazy load more reports in dashboard 2018-07-20 23:35:53 -04:00
Joffrey JAFFEUX 1a78e12f4e
FEATURE: part 2 of dashboard improvements
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
OsamaSayegh decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Joffrey JAFFEUX 95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Arpit Jalan f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Blake Erickson 3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts
See [this commit][1] for more info

[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
Arpit Jalan 9f422c93f6 FIX: restrict updates on `confirm_old_email` email templates 2018-05-19 12:19:59 +05:30
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Sam 21e0b7c818 avoid async report pattern and replace with simpler hijack 2018-05-16 16:05:03 +10:00
Sam 193b6d5651 UX: improve new dashboard
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
Sam 6332d5040d UX: switch dashboard to be the new dashboard
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam bc9e0d46af PERF: use cached reports for dashboard if available 2018-05-14 12:01:44 +10:00
Sam 8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Blake Erickson bd352a17bf FIX: Show a json api response when deleting a user with posts
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
Guo Xiang Tan bbc85258c9 Rename `display_plugins` -> `visible_plugins`. 2018-05-09 07:52:45 +08:00
Guo Xiang Tan c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Arpit Jalan 3a6e137e70 FIX: add context for deactivated user logs 2018-05-08 08:18:04 +05:30
Guo Xiang Tan aa0d32231c FIX: Incorrect query when removing a group owner.
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Neil Lalonde a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Joffrey JAFFEUX 980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Joffrey JAFFEUX 0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX 01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Joffrey JAFFEUX 0e15a575f4
EXPERIMENTAL: new dashboard UI
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Guo Xiang Tan c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Gerhard Schlager cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Vinoth Kannan 16341219ab Log exception if remote theme importing failed 2018-04-02 20:10:18 +05:30
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Vinoth Kannan efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Robin Ward 22b631510c FIX: Silenced user wasn't being linked properly 2018-03-29 17:07:09 -04:00
Vinoth Kannan e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Guo Xiang Tan dcd1d422d1 UX: Allow admins to set users as owners while adding users.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Sam ba15273d3f FEATURE: maintain preview theme, while previewing
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
Robin Ward d31dfe0e84 FIX: Silencing / Suspending a user should not send a hidden message 2018-03-14 14:39:52 -04:00
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Sam 758b9a7dda FEATURE: prototype of local theme directory watcher
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
Sam 7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam 39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam a94dc0c731 Revert "FIX: preview theme not working consistently"
This reverts commit 845cec3ba0.
was not a needed change, but was elsewhere
2018-02-23 17:59:00 +11:00
Sam 845cec3ba0 FIX: preview theme not working consistently
Avoid flash, this makes debugging much simpler as well.

Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward 7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Gerhard Schlager 8765279c90 FIX: Customizing site texts ignored current locale for _MF keys 2018-02-07 16:57:08 +01:00
Robin Ward 8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Neil Lalonde 9fa71e198e FIX: admin reports charts should use same time of day as dashboard numbers 2018-02-01 15:59:39 -05:00
Sam 41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward 34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Arpit Jalan e04fb9a877 fix the build 2018-01-17 12:57:33 +05:30
Arpit Jalan 79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Arpit Jalan 6177fb80eb UX: switch to quartlerly period view for search log term graphs 2018-01-16 07:53:22 +05:30
Robin Ward dd33050e10 Add discourse events for when a user is suspended/silenced 2018-01-11 12:56:45 -05:00
Robin Ward e904d92b98 FIX: Suspension / Silence reasons were incorrect on save 2018-01-11 10:54:47 -05:00
Vinoth Kannan b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Arpit Jalan ed4b845930 FIX: render error message when backup download fails 2018-01-05 19:46:43 +05:30
Robin Ward 69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Arpit Jalan eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Guo Xiang Tan 97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam 433ef4513b FEATURE: upload images and fonts in themes via hijack 2017-12-18 10:40:10 +11:00
Sam 5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Joffrey JAFFEUX 001abfc4cb Revert "FIX: not permitted theme params when importing theme"
This reverts commit 813df1a3fb.
2017-12-14 11:40:14 +01:00
Joffrey JAFFEUX 041deac67a Revert "FIX: constant lookup error when exporting theme"
This reverts commit 1eda8c50f0.
2017-12-14 11:40:08 +01:00
Joffrey JAFFEUX 813df1a3fb
FIX: not permitted theme params when importing theme 2017-12-14 11:25:58 +01:00
Joffrey JAFFEUX 1eda8c50f0
FIX: constant lookup error when exporting theme 2017-12-14 11:25:11 +01:00
Robin Ward 410994b7f5 FEATURE: Show a button to Staff for "Moderation History" on posts/topics
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
Arpit Jalan e3925278e2 FEATURE: support search click through tracking for user, category and tags
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj

This commit adds following features:

- support for tracking click through to user, tag and category
- new filter for search type (header, full page)

This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30