Commit Graph

1399 Commits

Author SHA1 Message Date
Angus McLeod ec7de0fd68
Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
OsamaSayegh a28ab171ec DEV: Add index to users.ip_address 2024-11-15 11:17:07 -05:00
Jan Cernik 234133bd3b
UX: Split `hide_profile_and_presence` user option (#29632)
It splits the hide_profile_and_presence user option and the default_hide_profile_and_presence site setting for more granular control. It keeps the option to hide the profile under /u/username/preferences/interface and adds the presence toggle in the quick user menu.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-11-12 22:22:58 -03:00
Mark VanLandingham 9b8af0ea9f
DEV: Create permanent version of `moved_posts` table from PostMover class (#29664)
This is a very simple change, which creates a permanent table in the DB, rather than generating a temporary table when moving posts. This change is about capturing data and any usage will appear in a follow-up.

I did include a new column created_new_topic in the new table, so that it can be easily audited without having to compare destination topic created_at with moved_post records.
2024-11-12 14:35:20 -06:00
Roman Rizzi d97d48ead1
FIX: Ensure normalized_email gets anonymized (#29719) 2024-11-12 14:36:17 -03:00
Angus McLeod cb4b8146a3
Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
Alan Guo Xiang Tan 57f4176b57
DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
Bianca Nenciu 723dc1fa55
Dev fix some types (#29547)
The primary key is usually a bigint column, but the foreign key columns
are usually of integer type. This can lead to issues when joining these
columns due to mismatched types and different value ranges.

This was using a temporary plugin / test API to make tests pass. After
more careful consideration, we concluded that it is safe to alter the
tables directly.
2024-11-01 19:19:25 +02:00
Osama Sayegh 397d41008e
FIX: Account for sidebars with no primary links when adding invite link (#29535)
Meta topic: https://meta.discourse.org/t/stumped-about-launcher-rebuild-app-error-process-pid-2096/333876?u=osama.

Follow up to 19672faba6.

The migration that adds the invite link to the sidebar determines the position of the link by looking up the max position that a primary link has and inserts the invite link at the max position plus 1. This approach works fine for most sites, however, sites that have deleted all primary links from the sidebar will fail because the max position will be `nil` which blows up the migration.

This commit addresses this edge case by falling back to looking up the min position of secondary links,    or to zero if there're also no secondary links, and then inserts the invite link at the min position minus 1.
2024-11-01 10:31:21 +03:00
Osama Sayegh 19672faba6
FEATURE: Add invite link to the sidebar (#29448)
This commit adds a new "Invite" link to the sidebar for all users who can invite to the site. Clicking the link opens the invite modal without changing the current route the user is on. Admins can customize the new link or remove it entirely if they wish by editing the sidebar section.

Internal topic: t/129752.
2024-10-30 05:31:14 +03:00
Osama Sayegh 2ffe413b0b
FEATURE: Enable the new /about page for everyone (#29390)
This commit removes the feature flag for the new /about page, enabling it for all sites, and removes the code for old the /about page.

Internal topic: t/140413.
2024-10-29 18:40:11 +03:00
Martin Brennan 27bdfb6437
FEATURE: Add user preference to disable smart lists (#29434)
Followup 30fdd7738e

Adds a new site setting and corresponding user preference
to disable smart lists. By default they are enabled, because
this is a better experience for most users. A small number of
users would prefer to not have this enabled.

Smart lists automatically append new items to each
list started in the composer when enter is pressed. If
enter is pressed on an empty list item, it is cleared.

This setting will be removed when the new composer is complete.
2024-10-28 14:18:15 +10:00
Kelv a89767913d
resolve Rails/ReversibleMigrationMethodDefinition errors (#29412) 2024-10-25 15:13:06 +08:00
Guhyoun Nam 82ad7f9d17
DEV: Delete plugin specific webhook event types (#29374)
Background
When creating webhooks on a site without the Discourse Category Experts plugin installed, the category_experts_unapproved_event and category_experts_approved_event webhook events are getting automatically added to webhooks without a way to disable them.

The category_experts_unapproved_event and category_experts_approved_event webhook events are associated with the Discourse Category Experts plugin so I am moving these webhook events into the Category Experts plugin.

Changes
This PR deletes Category Experts plugin specific webhook event types added into core.
2024-10-24 11:02:58 -05:00
Ted Johansson 63ed1b5bd7
DEV: Remove NULLS NOT DISTINCT from problem check trackers (#29327)
We added NULLS NOT DISTINCT to a unique index on problem_check_trackers.

This option is only available in PG15+. It does not in itself break PG13, but restoring a PG15+ backup to PG13 currently errors out. It seems this is an operation that's more common than we first thought.

This commit fixes that by removing the NULLS NOT DISTINCT.

We already have another, backwards-compatible approach to do the same thing in place, so this shouldn't change existing behaviour.
2024-10-22 10:47:24 +08:00
Ted Johansson 93625ef07c
FIX: Make problem check tracker unique constraint work on PG13 (#29272)
In #29169 we added a NULLS NOT DISTINCT option to the unique index on problem_check_trackers. This is to enforce uniqueness even when the target is NULL. (Postgres considers all NULLs to be distinct by default.)

However, this only works in PG15. In PG13 it does nothing.

This commit adds a default dummy string value __NULL__ to target. Since it's a string, PG13 will be able to correctly identify duplicate records.
2024-10-21 10:45:09 +08:00
Sam c08c40dc23
FEATURE: theme_modifiers can depend on theme settings (plus serialize_post_user_badges) (#29227)
Theme modifiers can now be defined as theme settings, this allows for
site operators to override behavior of theme modifiers.

New syntax is:

```
{
    ...
   "modifiers": {
      "modifier_name": {
         "type": "setting",
         "value": "setting_name"
      }
   }
}
```

This also introduces a new theme modifier for serialize_post_user_badges. Name of badge must match the name of the badge in the badges table. The client-side is updated to load this new data from the post-stream serializer.

Co-authored-by: David Taylor <david@taylorhq.com>
2024-10-17 15:16:16 +01:00
Alan Guo Xiang Tan 322a3be2db
DEV: Remove logical OR assignment of constants (#29201)
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Ted Johansson 45c9316d7d
DEV: Fix problem check tracker unique index not respecting NULLs (#29169)
By default, when checking uniqueness on a tuple for the purposes of enforcing a unique index, PostgreSQL considers NULLs to be distinct values. Because of this we could incorrectly have multiple entries with { identifier: "rails_env", target: nil } created due to race conditions. This would then cause errors at runtime.
2024-10-14 13:55:35 +08:00
Kelv 32e261ef73
DEV: Migrate user passwords data to UserPassword table (#28746)
* Add migrations to ensure password hash is synced across users & user_passwords

* Persist password-related data in user_passwords instead of users

* Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed

* Add post deploy migration to mark password-related columns from users table as read-only

* Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
2024-10-10 09:23:06 +08:00
Alan Guo Xiang Tan 02380af75c
PERF: Update migration to drop index concurrently. (#28955)
This avoids locking the index's table
2024-09-18 10:20:24 +08:00
Alan Guo Xiang Tan 97143efc52
PERF: Drop `user_search_similar_results` site setting (#28874)
In 14cf8eacf1, we added the
`user_search_similar_results` site setting which when enabled will use
trigram matching for similarity search in `UserSearch`. However, we
noted that adding the `index_users_on_username_lower_trgm` index is
causing the PG planner to not use the `index_users_on_username_lower`
index when the `=` operator is used against the `username_lower` column.

Based on the PG mailing list discussion where support for the `=`
operator in gist_trgm_ops was being considered, it stated that "I also have checked that btree_gist is preferred over pg_trgm gist
index for equality search." This is however quite different from reality
on our own PG clusters where the btree index is not preferred leading to
significantly slower queries when the `=` operator is used.

Since the pg_trgm gist index is only used for queries when the `user_search_similar_results` site setting
is enabled, we decided to drop the feature instead as it is hidden and
disabled by default. As such, we can consider it experiemental and drop
it without deprecation.

PG mailing list discussiong: https://www.postgresql.org/message-id/CAPpHfducQ0U8noyb2L3VChsyBMsc5V2Ej2whmEuxmAgHa2jVXg%40mail.gmail.com
2024-09-13 09:04:02 +08:00
Joffrey JAFFEUX ad90b9cfd1
DEV: Increases external avatar url limit (#28893)
We recently increased it to 1500 but that was not enough: 113e6fd274
2024-09-13 01:08:01 +02:00
Keegan George f2059bf15f
FIX: Form template limit validation (#28791) 2024-09-10 08:11:44 -07:00
Sérgio Saquetim 7c3ad27de6
DEV: Remove the old header widgets code (#28390)
Remove the header widget code.

More info can be found in https://meta.discourse.org/t/upcoming-header-changes-preparing-themes-and-plugins/296544
2024-09-04 14:50:53 -03:00
Osama Sayegh 280adda09c
FEATURE: Support designating multiple groups as mods on category (#28655)
Currently, categories support designating only 1 group as a moderation group on the category. This commit removes the one group limitation and makes it possible to designate multiple groups as mods on a category.

Internal topic: t/124648.
2024-09-04 04:38:46 +03:00
Natalie Tay cc873977ec
DEV: Ensure unique notification level per tag user (#28638)
TagUser.rb is used to set user notification levels for a tag, we don't have a unique index on the notification level itself. This means that there might be some weird case where a user may have multiple of the same notification level on a tag.

This PR adds a migration which de-duplicates this based on defaults, where we keep the earliest record in the event there is multiple notification level per-user-per-tag.
2024-09-03 15:43:02 +08:00
Kelv a455567f9e
DEV: make UserPassword 1:1 to User (#28528)
* add data migration to keep only unexpired or most recently expired user password
* refactor to 1:1 relationship between User and UserPassword
* add migration to remove redundant indexes on user passwords
2024-09-03 11:09:33 +08:00
Alan Guo Xiang Tan 4a6fc45429
DEV: Migrate `User#seen_notification_id` to `bigint` (#28572)
`Notification#id` was migrated to `bigint` in 799a45a291
2024-08-27 14:32:55 +03:00
Bianca Nenciu b11d901e12
DEV: Migrate user_badges#notification_id to bigint (#28546)
The `notifications.id` has been migrated to bigint in previous commit
799a45a291. This commit migrates one of
the related columns, `user_badges.notification_id`, to `bigint`.
2024-08-27 11:46:48 +08:00
Bianca Nenciu ec8ba5a0b9
DEV: Migrate shelved_notifications#notification_id to bigint (#28549)
DEV: Migrate shelved_notifications#notification_id to bigint

The `notifications.id` has been migrated to `bigint` in previous commit
799a45a291.
2024-08-27 10:56:00 +08:00
Alan Guo Xiang Tan 6832c7b7e7
DEV: Fix bigint notifications id migration to deal with public schema (#28538)
Follow up to 799a45a291
2024-08-26 10:25:13 +08:00
Bianca Nenciu 799a45a291
DEV: Migrate notifications#id to bigint (#28444)
The `notifications.id` column is the most probable column to run out of
values. This is because it is an `int` column that has only 2147483647
values and many notifications are generated on a regular basis in an
active community. This commit migrates the column to `bigint`.

These migrations do not use `ALTER TABLE ... COLUMN ... TYPE` in order
to avoid the `ACCESS EXCLUSIVE` lock on the entire table. Instead, they
create a new `bigint` column, copy the values to the new column and
then sets the new column as primary key.

Related columns (see `user_badges`, `shelved_notifications`) will
be migrated in a follow-up commit.
2024-08-26 09:35:12 +08:00
carson chang 854b8b7093
FEATURE: Add option to immediately delete stub topics upon merge (#28228)
Currently to handle stub topics after merging, there are only options to (1) never delete a stub topic and (2) delete a stub topic after X amount of days. This adds the option to immediately delete a stub topic upon merge.

---------

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
Co-authored-by: Renato Atilio <renato@discourse.org>
2024-08-07 10:05:40 -03:00
Blake Erickson 6ee6b1f1d1
DEV: Add validation for allowed iframes setting (#28178)
- Adds a validator for the allowed iframes site setting
- Adds a migration to update any values that don't pass the validator

Follow up to: 188cb58daa
2024-08-01 06:51:02 -06:00
Gabriel Grubba 633a19fcc0
FIX: Remove chat default channel setting (#28170)
* FIX: Remove chat default channel being applied to mobile chat and drawer

* DEV: removing chat_default_channel_id setting

* DEV: add migration to remove chat default channel id

* DEV: remove default_channel_validator and tests
2024-07-31 14:12:10 -03:00
Gabriel Grubba a3d61ba1c4
DEV: rename chat preferred mobile index to chat preferred index (#27953)
* DEV: rename chat preferred mobile index to chat preferred index

* UX: change routing to be consistent with mobile

* DEV: change migration file to use script

* UX: show footer only if more than one option is available

* UX: Remove desktopView only checks for chat

* DEV: Remove unused imports

* UX: Update chat footer checks and Add rerouting to chat drawer

* UX: Add margin to chat row in desktop and update chat drawer logic

* UX: Change chat in desktop to use flexbox

* UX: Add drawer actions to chat navbar

* DEV: Update page object with new chat css classes

removed `.open-browse-page-btn` usage in 7bd65006d7

* DEV: rename `browse/open` in chat url to `channels`

* UX: Adjust css for when in threads mode

* DEV: change css class name in no_sidebar_spec.rb

* DEV: rename tests to be more descriptive with the action they are testing

update chat template to not rely on `:has`

* DEV: update test and add method to chat page object

* DEV: update no_sidebar_spec for chat changes

* DEV: remove tests from navigation_spec that no longer apply

* DEV: revert typo in test

* DEV: change url path for mobile chat in test specs

* DEV: Add check for when is desktop in rerouting

* UX: Removed footer from desktop.

Made `hasThreads` and `hasDirectMessages` methods in chat-drawer public

* UX: remove sidebar on desktop full page if dm list is empty

* DEV: Address review comments

* DEV: Adjust reroute logic for chat browse

remove unused code

* UX: Adjust rerouting to go to browse.open

* UX: Change rerouting to be more consistent

Add chat_default_channel_id routing

* UX: Update rerouting configuration for chat routes

* DEV: Update tests with the new chat behavior

* DEV: revert changes made in tests and bring back toggle for drawer

* DEV: revert classes in page objects

* DEV: Add tests to new chat navigation behavior

remove unused stylesheets
revert deleted lines in tests
update concat class logic in chat dm template

* DEV: update css on test
2024-07-30 10:25:22 -03:00
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Natalie Tay 7a1e3accff
DEV: Promote historic post_deploy migrations (#28127)
This commit promotes all post_deploy migrations which existed in Discourse v3.2.0 (timestamp <= 20240112043325)
2024-07-30 00:49:21 +08:00
Krzysztof Kotlarek 205a2bf0d6
DEV: show admin moderation flags UI (#28071)
The page was hidden behind a feature flag in this PR https://github.com/discourse/discourse/pull/27756

It is now in a shippable state.
2024-07-25 15:24:17 +10:00
Krzysztof Kotlarek b64d01bc10
FIX: store information about the login method in the database. (#28054)
Previously in these 2 PRs, we introduced a new site setting `SiteSetting.enforce_second_factor_on_external_auth`.

https://github.com/discourse/discourse/pull/27547
https://github.com/discourse/discourse/pull/27674

When disabled, it should enforce 2FA for local login with username and password and skip the requirement when authenticating with oauth2.

We stored information about the login method in a secure session but it is not reliable. Therefore, information about the login method is moved to the database.
2024-07-24 17:19:58 +10:00
锦心 a749387c80
FEATURE: Clean up previously logged information after permanently deleting posts (#28033)
* FEATURE: Clean up previously logged information after permanently deleting posts

When soft deleteing a topic or post, we will log some details in the
staff log, including the raw content of the post. Before this commit, we
will not clear the information in these records. Therefore, after
permanently deleting the post, `UserHistory` still retains copy of the
permanently deleted post. This is an unexpected behaviour and may raise
some potential legal issues.

This commit adds a behavior that when a post is permanently deleted, the
details column of the `UserHistory` associated with the post will be
overwritten to "(permanently deleted)". At the same time, for permanent
deletion, a new `action_id` is introduced to distinguish it from soft
deletion.

Related meta topic: https://meta.discourse.org/t/introduce-a-way-to-also-permanently-delete-the-sensitive-info-from-the-staff-logs/292546
2024-07-23 15:27:11 +08:00
锦心 199f980e6a
FEATURE: Add creator and logging for CustomEmoji (#28004)
* FEATURE: Add logging for CustomEmoji

We didn't provide any logs for CustomEmoji before, nor did we record the
person who added any emoji in the database. As a result, the staff had
no way to trace back who added a certain emoji.

This commit adds a new column `user_id` to `custom_emojis` to record the
creator of an emoji. At the same time, a log is added for staff logs to
record who added or deleted a custom emoji.
2024-07-22 14:44:49 +08:00
Krzysztof Kotlarek c7b458931a
DEV: drop readonly from flags custom type (#27960)
Drop readonly as it is causing problems with seed fu
2024-07-18 11:45:08 +10:00
Martin Brennan 48d13cb231
UX: Use a dropdown for SSL mode for group SMTP (#27932)
Our old group SMTP SSL option was a checkbox,
but this was not ideal because there are actually
3 different ways SSL can be used when sending
SMTP:

* None
* SSL/TLS
* STARTTLS

We got around this before with specific overrides
for Gmail, but it's not flexible enough and now people
want to use other providers. It's best to be clear,
though it is a technical detail. We provide a way
to test the SMTP settings before saving them so there
should be little chance of messing this up.

This commit also converts GroupEmailSettings to a glimmer
component.
2024-07-18 10:33:14 +10:00
Krzysztof Kotlarek c975c7fe1b
FEATURE: custom flag can require additional message (#27908)
Allow admin to create custom flag which requires an additional message.

I decided to rename the old `custom_flag` into `require_message` as it is more descriptive.
2024-07-18 10:10:22 +10:00
Martin Brennan 97e2b353f6
FEATURE: Allow for multiple GitHub onebox tokens (#27887)
Followup 560e8aff75

GitHub auth tokens cannot be made with permissions to
access multiple organisations. This is quite limiting.
This commit changes the site setting to be a "secret list"
type, which allows for a key/value mapping where the value
is treated like a password in the UI.

Now when a GitHub URL is requested for oneboxing, the
org name from the URL is used to determine which token
to use for the request.

Just in case anyone used the old site setting already,
there is a migration to create a `default` entry
with that token in the new list setting, and for
a period of time we will consider that token valid to
use for all GitHub oneboxes as well.
2024-07-15 13:07:36 +10:00
Bianca Nenciu 6591a0654b
FIX: Destroy Drafts when increasing sequences (#27739)
Drafts used to be deleted instead of being destroyed. The callbacks that
clean up the upload references were not being called. As a result, the
upload references were not cleaned up and uploads were not deleted
either. This has been partially fixed in 9655bf3e.
2024-07-10 10:43:11 +03:00
Martin Brennan 7a7bdc9be5
FEATURE: Use group based setting for unsafe-none COOP (#27783)
Followup 3ff7ce78e7

Basing this setting on referrer was too brittle --
the referrer header can easily be ommitted or changed.
Instead, for the small amount of use cases that this
site setting serves, we can use a group-based setting
instead, changing it to `cross_origin_opener_unsafe_none_groups`
instead.
2024-07-09 11:25:49 -05:00
Alan Guo Xiang Tan c0ac15575f
DEV: Drop `logging_provider` site setting (#27785)
This site setting has always been experimental and hidden since it was
added 7 years ago. Drop it to simplify the way we enable logging in a
logstash friendly way.
2024-07-09 10:00:44 +08:00