Commit Graph

9384 Commits

Author SHA1 Message Date
Martin Brennan 20fe5eceb8
FEATURE: Scheduled group email credential problem check (#15396)
This commit adds a check that runs regularly as per
2d68e5d942 which tests the
credentials of groups with SMTP or IMAP enabled. If any issues
are found with those credentials a high priority problem is added to the
admin dashboard.

This commit also formats the admin dashboard differently if
there are high priority problems, bringing them to the top of
the list and highlighting them.

The problem will be cleared if the issue is fixed before the next
problem check, or if the group's settings are updated with a valid
credential.
2022-01-04 10:14:33 +10:00
Daniel Waterworth 4a0f73a337
PERF: Turn common test prefixes into contexts in topics_controller_spec (#15439) 2022-01-03 11:00:03 -06:00
Arpit Jalan 702685b6a0
SECURITY: only show user suggestions with regular post (#15436) 2022-01-03 13:37:40 +05:30
Roman Rizzi 23b75d8a2b
FEATURE: Before consolidation callbacks. (#15428)
You can add callbacks that get called before updating an already consolidated notification or creating a consolidated one.

Instances of this rule can add callbacks to access the old notifications about to be destroyed or the consolidated one and add additional data inside the data hash versus having to execute extra queries when adding this logic inside the `set_mutations` block.
2021-12-30 15:40:16 -03:00
Osama Sayegh 8e6988163f
FIX: Don't allow NULL values for `notification_level` in `category_users` (#15407) 2021-12-29 09:19:39 +11:00
Roman Rizzi e005e3f153
DEV: Create post actions without creating a notification and store custom data. (#15397)
I plan to use this in an upcoming discourse-reactions PR, where I want to like a post without notifying the user, so I can instead create a reaction notification.

Additionally, we decouple the a11y attributes from the icon itself, which will let us extend the widget's icon without losing them.
2021-12-27 11:25:37 -03:00
Daniel Waterworth 9e18868c31
DEV: Re-organize TopicsController#reset_new tests (#15399) 2021-12-23 12:29:51 -06:00
David Taylor cdf4d7156e
DEV: Introduce Auth::Result API for overrides_* (#15378)
This allows authenticators to instruct the Auth::Result to override attributes without using the general site settings. This provides an easy migration path for auth plugins which offer their own "overrides email", "overrides username" or "overrides name" settings. With this new api, they can set `overrides_*` on the result object, and the attribute will be overriden regardless of the general site setting.

ManagedAuthenticator is updated to use this new API. Plugins which consume ManagedAuthenticator will instantly take advantage of this change.
2021-12-23 10:53:17 +00:00
Blake Erickson b705971d42
DEV: Allow for taller images in posts and oneboxes (#15395)
The previous default aspect ratio for cropping tall images was a little
too strict and was cutting off images. This new setting should allow for
a larger range of image sizes before cropping them.
2021-12-22 16:01:34 -07:00
Martin Brennan 19089f21d2
DEV: Add API docs for uploads and API doc watcher (#15387)
This commit adds API documentation for the new upload
endpoints related to direct + multipart external uploads.

Also included is a rake task which watches the files in
the spec/requests/api directory and calls a script file
(spec/regenerate_swagger_docs) whenever one changes. This
script runs rake rswag:specs:swaggerize and then copies
the openapi.yml file over to the discourse_api_docs repo
directory, and hits a script there to convert the YML to
JSON so the API docs are refreshed while the server is
still running. This makes the loop of making a doc change
and seeing it in the local server much faster.

The rake task is rake autospec:swagger
2021-12-23 08:40:15 +10:00
Daniel Waterworth 5ff0b86b57
PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
Jarek Radosz 72ad5bf8bd
FIX: SiteSetting.title was being polluted in StaticController (#15385)
Regressed in #15324
2021-12-21 20:51:18 +01:00
Daniel Waterworth 80591724cf
DEV: Avoid shadowing variables in topics_controller_spec (#15383) 2021-12-21 12:28:12 -06:00
Andrei Prigorshnev c202252190
FEATURE: when suggesting usernames skip input that consist entirely of disallowed characters (#15368) 2021-12-21 21:13:05 +04:00
Andrei Prigorshnev 952bebc5a1
FIX: fallback to `anonymous` not `user` when suggesting usernames for anonymous users (#15354) 2021-12-21 21:09:55 +04:00
Jarek Radosz c209be09f1
DEV: Fix a flaky test (#15374)
See: https://github.com/discourse/discourse/runs/4589134998?check_suite_focus=true
2021-12-21 02:21:47 +01:00
Roman Rizzi 491f020771
FIX: Use correct argument name in pending reviewables translation (#15371) 2021-12-20 17:35:51 -03:00
Daniel Waterworth 7e0c1fb039
PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
Sam b6c3e9aa03
FEATURE: hide_email_address_taken forces use of email in forgot password form (#15362)
* FEATURE: hide_email_address_taken forces use of email in forgot password form

This strengthens this site setting which is meant to be used to harden sites
that are experiencing abuse on forgot password routes.

Previously we would only deny letting people know if forgot password worked on not
New change also bans usage of username for forgot password when enabled
2021-12-20 12:54:10 +11:00
Martin Brennan 2d68e5d942
FEATURE: Scheduled problem checks for admin dashboard (#15327)
This commit introduces scheduled problem checks for the admin dashboard, which are long running or otherwise cumbersome problem checks that will be run every 10 minutes rather than every time the dashboard is loaded. If these scheduled checks add a problem, the problem will remain until it is cleared or until the scheduled job runs again.

An example of a check that should be scheduled is validating credentials against an external provider.

This commit also introduces the concept of a `priority` to the problems generated by `AdminDashboardData` and the scheduled checks. This is `low` by default, and can be set to `high`, but this commit does not change any part of the UI with this information, only adds a CSS class.

I will be making a follow up PR to check group SMTP credentials.
2021-12-20 09:59:11 +10:00
jbrw 6e925fee6f
FIX: Use basic meta description if other description tags are missing (#15356)
When attempting to Onebox a page if there is no `meta property="og:description"` tag but there is a  `meta name="description"` tag, Onebox should try to use that value.
2021-12-17 19:36:54 -05:00
Gerhard Schlager 769388b8ba FIX: Translation overrides from fallback locale didn't work on client
Discourse sent only translation overrides for the current language to the client instead of sending overrides from fallback locales as well. This especially impacted en_GB -> en since most overrides would be done in English instead of English (UK).

This also adds lots of tests for previously untested code.

There's a small caveat: The client currently doesn't handle fallback locales for MessageFormat strings. That is why overrides for those strings always have a higher priority than regular translations. So, as an example, the lookup order for MessageFormat strings in German is:
1. override for de
2. override for en
3. value from de
4. value from en
2021-12-17 14:03:35 +01:00
Gerhard Schlager 4cd5158974 FIX: "Customize Text" showed compiled MessageFormat string for overridden `_MF` translations 2021-12-17 14:03:35 +01:00
Gerhard Schlager e19a7a7c8d FIX: translation precedence was different on client and server
As an example, the lookup order for German was:

1. override for de
2. override for en
3. value from de
4. value from en

After this change the lookup order is the same as on the client:
1. override for de
2. value from de
3. override for en
4. value from en

see /t/16381
2021-12-17 14:03:35 +01:00
Daniel Waterworth ca0eb8041d
PERF: Prefabricate more parts of users_controller_spec (#15335) 2021-12-16 13:36:49 -06:00
Andrei Prigorshnev 9365c4b364
DEV: make sure we handle staged users correctly in DiscourseConnect (#15320)
Some time ago, we made this fix to external authentication –  https://github.com/discourse/discourse/pull/13706. We didn't address Discourse Connect (https://meta.discourse.org/t/discourseconnect-official-single-sign-on-for-discourse-sso/13045) at that moment, so I wanted to fix it for Discourse Connect as well.

Turned out though that Discourse Connect doesn't contain this problem and already handles staged users correctly. This PR adds tests that confirm it. Also, I've extracted two functions in Discourse Connect implementation along the way and decided to merge this refactoring too (the refactoring is supported with tests).
2021-12-16 19:44:07 +04:00
Jarek Radosz c46b351888
DEV: Make i18n spec ignore these test-only settings (#15329)
Fixes flakyness introduced in #15324
2021-12-16 15:49:20 +01:00
Jarek Radosz 2a4df93b8e
FEATURE: Allow to modify topic-backed static pages (#15324)
A plugin API that allows customizing existing topic-backed static pages, like:
faq, tos, privacy (see: StaticController) The block passed to this
method has to return a SiteSetting name that contains a topic id.

```
add_topic_static_page("faq") do |controller|
  current_user&.locale == "pl" ? "polish_faq_topic_id" : "faq_topic_id"
end
```

You can also add new pages in a plugin, but remember to add a route,
for example:

```
get "contact" => "static#show", id: "contact"
```
2021-12-16 04:24:11 +01:00
Daniel Waterworth 102fa71ef3
PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
Natalie Tay 9fd1a00eef
DEV: Remove customer flair from being an official plugin (#15315) 2021-12-15 22:30:50 +08:00
Roman Rizzi 0719531bd3
FIX: Notify group members when someone quotes or replies to their post. (#15295)
When a member set a group PM notification level to Normal, we didn't notify group members if someone quoted or replied to one of their posts.
2021-12-15 09:07:39 -03:00
Alan Guo Xiang Tan 6fe4c8ae58
DEV: Fix intermittent failing spec. (#15308) 2021-12-15 09:51:46 +01:00
Daniel Waterworth 61e449379c
PERF: Prefabricate posters in topics_controller_spec (#15297)
It would be clearer to prefabricate posts, but that changes redis and
enabling snapshotting for all the tests in topics_controller_spec is
expensive.
2021-12-14 12:09:07 -06:00
Mark VanLandingham 175ced5096
DEV: Add chat invitation notification type (#15288) 2021-12-14 09:01:53 -06:00
Daniel Waterworth 9334abe249
PERF: Prefabricate more of topics_controller_spec.rb (#15281) 2021-12-13 13:44:55 -06:00
David Taylor 08f4edc032
DEV: Reset OmniAuth test mode between tests (#15278)
OmniAuth test mode is disabled by default, so that we can integration-test the omniauth strategies. Sometimes, we manually enable test mode for specific specs. This commit ensures that test_mode is always disabled again after each spec.
2021-12-13 17:05:26 +00:00
Jarek Radosz 42015fe8b2
DEV: Drop env-based SiteSetting deprecation errors (#15273)
These were deprecated ~4 years ago. No need to keep the errors anymore.
2021-12-13 17:36:29 +01:00
David Taylor 6e9bb84d12
FIX: Ensure theme names are escaped in HTML attributes (#15272)
If a theme name contained a double-quote, this problem could lead to invalid/unexpected HTML in the `<head>`

Note that this is not considered a security issue because themes can only be installed/named by administrators, and themes/administrators already have the ability to run arbitrary javascript.
2021-12-13 10:50:09 +00:00
Dan Ungureanu adb6202c94
FIX: Check if invite domain is valid (#15238)
* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
2021-12-13 16:39:14 +11:00
Dan Ungureanu 3d4aee1487
DEV: Drop unused column email_tokens.token (#15203) 2021-12-13 16:29:47 +11:00
Daniel Waterworth 02245ce41f
PERF: Redis snapshotting during tests (#15260)
We can fake redis transactions so that `fab!` works for redis and PG
data, but it's too slow to be used indiscriminately. Instead, you can
opt into it with the `use_redis_snapshotting` helper.

Insofar as snapshotting allows us to `fab!` more things, it provides a
speedup.
2021-12-10 14:25:26 -06:00
Blake Erickson b93b6c4299
FIX: Blurry onebox favicon images (#15258)
This is a fix to address blurry onebox favicon images if the site you
are linking to happens to have a favicon.ico file that contains multiple
images.

This fix detects of we are trying to create an upload for a favicon.ico
file. We then convert it to a png and not a jpeg like we were doing. We
want a png because it will preserve transparency, otherwise if we
convert it to a jpeg we lose that and it looks bad on dark themed sites.

This fix also addresses the fact that .ico files can include multiple
images. The blurry images we were producing was caused by the
ImageMagick `-flatten` option when the .ico file had multiple images
which then squishes them all together. So for .ico files we are no
longer flattening them and instead we are grabbing the last image in the
.ico bundle and converting that single image to a png.
2021-12-10 12:25:50 -07:00
Roman Rizzi b7b61d4b56
FEATURE: A notification consolidation plan for keeping the latest one. (#15249)
We previously used ConsolidateNotifications with a threshold of 1 to re-use an existing notification and bump it to the top instead of creating a new one. It produces some jumpiness in the user notification list, and it relies on updating the `created_at` attribute, which is a bit hacky.

As a better alternative, we're introducing a new plan that deletes all the previous versions of the notification, then creates a new one.
2021-12-10 10:32:15 -03:00
Roman Rizzi 3602f83cf4
FEATURE: Delete previous reviewable reminders. (#15250)
We send the reminder using the GroupMessage class, which supports removing previous messages. We can't match them by raw because they could mention different moderators. Also, I had to change the subject to remove dynamically generated values, which is necessary for finding them.
2021-12-10 10:17:39 -03:00
Daniel Waterworth ec36cddd2f
FIX: Defer topic/post created events until emails have been added (#15252) 2021-12-09 14:45:07 -06:00
Angus McLeod df3886d6e5
FEATURE: Experimental support for group membership via google auth (#14835)
This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. 

The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future.

https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 12:30:27 +00:00
Daniel Waterworth 3b0d46c659
FIX: make tests work with higher starting upload id (#15237) 2021-12-08 13:13:59 -06:00
Andrei Prigorshnev 4e8983036a
DEV: do not return no_result_help from the server (#15220)
We don't need it anymore. Actually, I removed using of it on the client side a long time ago, when I was working on improving blank page syndrome on user activity pages (see https://github.com/discourse/discourse/pull/14311).

This PR also removes some old resource strings that we don't use anymore. We have new strings for blank pages.
2021-12-08 21:46:54 +04:00
Dan Ungureanu d8fe0f4199
FEATURE: Restrict link invites to email domain (#15211)
Allow multiple emails to redeem a link invite only if the email domain
name matches the one specified in the link invite.
2021-12-08 17:06:57 +02:00
Bianca Nenciu b1c11d5787
FIX: Select correct topic draft for user (#15234)
The old query could return multiple rows.
2021-12-08 15:23:44 +02:00