Commit Graph

53024 Commits

Author SHA1 Message Date
Sam b057f1b2b4
FEATURE: add a `.topic` attribute to transformedPost (#25757)
During extensibility when we add post menu buttons we very much want access
to the topic.

The transformer does not include a `topic` attribute due to historical reasons.

Given we are going to move away from transforming long term and need to give
plugins access to topic when they are adding buttons, just add the extra
property
2024-02-20 13:44:43 +11:00
Martin Brennan 86183fea37
FIX: Admin nav active link in dark mode (#25759)
Followup e4b6142d6a,
the link was still black in dark mode.
2024-02-20 11:25:35 +10:00
Martin Brennan 0b3180c86f
DEV: Add SecureUploadEndpointHelpers for controllers (#25758)
This commit moves some code out of UploadController#show_secure
so it can be reused in other controllers if a secure upload
needs to have permission checks run.
2024-02-20 11:19:22 +10:00
Alan Guo Xiang Tan bf3c4b634a
DEV: Support validations options for string and numeral types (#25719)
Why this change?

This commit updates `ThemeSettingsObjectValidator` to validate a
property's value against the validations listed in the schema.

For string types, `min_length`, `max_length` and `url` are supported.
For integer and float types, `min` and `max` are supported.
2024-02-20 09:17:27 +08:00
Martin Brennan 3894ee6cb6
DEV: Add post_action_users_list modifier for PostActionUsersController (#25740)
This commit adds another plugin modifier related to post
actions, similar to ae24e04a5e.

This will be used to exclude users who liked _and_ reacted to
the post, since now in discourse-reactions we make a Like when
a user reacts too. This will affect the display of the post footer.
2024-02-20 09:48:09 +10:00
Jarek Radosz 09b1db8c3c
Revert "Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.3 in /app/assets/javascripts (#25747)" (#25756)
This reverts commit 9e4e085666.
2024-02-20 09:31:09 +10:00
dependabot[bot] f1740de62e
Build(deps): Bump terser from 5.27.1 to 5.27.2 in /app/assets/javascripts (#25748)
* Build(deps): Bump terser in /app/assets/javascripts

Bumps [terser](https://github.com/terser/terser) from 5.27.1 to 5.27.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.27.1...v5.27.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 23:14:15 +01:00
dependabot[bot] 385401d75c
Build(deps-dev): Bump webpack from 5.90.2 to 5.90.3 in /app/assets/javascripts (#25746)
* Build(deps-dev): Bump webpack in /app/assets/javascripts

Bumps [webpack](https://github.com/webpack/webpack) from 5.90.2 to 5.90.3.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.90.2...v5.90.3)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 23:13:34 +01:00
dependabot[bot] 9e4e085666
Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.3 in /app/assets/javascripts (#25747)
* Build(deps): Bump @uppy/drop-target in /app/assets/javascripts

Bumps [@uppy/drop-target](https://github.com/transloadit/uppy) from 2.0.1 to 2.0.3.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/drop-target@2.0.1...@uppy/drop-target@2.0.3)

---
updated-dependencies:
- dependency-name: "@uppy/drop-target"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 23:13:12 +01:00
dependabot[bot] 445dcad4d3
Build(deps-dev): Bump selenium-webdriver from 4.17.0 to 4.18.0 (#25751)
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.17.0 to 4.18.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.17.0...selenium-4.18.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 23:11:39 +01:00
dependabot[bot] cb5485736e
Build(deps): Bump logster from 2.18.0 to 2.18.1 (#25750)
Bumps [logster](https://github.com/discourse/logster) from 2.18.0 to 2.18.1.
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.18.0...v2.18.1)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 23:11:17 +01:00
dependabot[bot] 0796cc2b21
Build(deps-dev): Bump webmock from 3.20.0 to 3.21.0 (#25749)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.20.0 to 3.21.0.
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.20.0...v3.21.0)

---
updated-dependencies:
- dependency-name: webmock
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 23:11:02 +01:00
Krzysztof Kotlarek b215aac317
DEV: remove unused isInAnyGroups function (#25741)
Recently we changed the code to check permission in the backend. Example PR https://github.com/discourse/discourse/pull/25735

After those changes, `isInAnyGroups` and `userInAnyGroups` functions are not used anymore.
2024-02-20 09:08:46 +11:00
Blake Erickson 5ebe91a9a4
FIX: Set the video background to be black (#25744)
If you upload a portrait video or just a video that doesn't fit in the
normal video dimensions we want it to have a black background instead of
trying to render parts of the placeholder image as the video background.

This change removes the placeholder image for the video background when
the play button is clicked and replaces it with an all black background.
2024-02-19 12:46:45 -07:00
Jan Cernik a03b9f1602
FIX: Correct category name for auto_join_users_info in chat (#25739) 2024-02-19 06:51:11 -03:00
Alan Guo Xiang Tan a64f558f32
DEV: Add property value validation to ThemeSettingsObjectValidator (#25718)
Why this change?

This change adds property value validation to `ThemeSettingsObjectValidator`
for the following types: "string", "integer", "float", "boolean", "enum". Note
that this class is not being used anywhere yet and is still in
development.
2024-02-19 13:19:35 +08:00
Alan Guo Xiang Tan bdd91b3928
PERF: Stop running bootsnap in development mode on all environments (#25737)
Why this change?

For some reason, we were setting up bootsnap manually even though the
official documentation suggests requiring `bootsnap/setup` which will
setup bootsnap using the default configuration. Because we were calling
`Bootsnap.setup` manually, we did not set the `development_mode` option
which defaults to `true`. Hence, we were running bootsnap in development
mode even in the production environment which I suppose is not ideal.

What does this change do?

Instead of calling `Bootsnap.setup` manually, we can just use `require
'bootsnap/setup' instead.`
2024-02-19 11:33:52 +08:00
Krzysztof Kotlarek fc9648578b
DEV: Make more group-based settings client: false (#25735)
Affects the following settings:

delete_all_posts_and_topics_allowed_groups
experimental_new_new_view_groups
enable_experimental_admin_ui_groups
custom_summarization_allowed_groups
pm_tags_allowed_for_groups
chat_allowed_groups
direct_message_enabled_groups
chat_message_flag_allowed_groups

This turns off client: true for these group-based settings,
because there is no guarantee that the current user gets all
their group memberships serialized to the client. Better to check
server-side first.
2024-02-19 13:25:59 +11:00
dependabot[bot] 1905d434ff
Build(deps): Bump sass-embedded from 1.70.0 to 1.71.0 (#25731)
Bumps [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) from 1.70.0 to 1.71.0.
- [Commits](https://github.com/sass-contrib/sass-embedded-host-ruby/compare/v1.70.0...v1.71.0)

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 10:25:35 +08:00
dependabot[bot] 8b3d9869aa
Build(deps): Bump jwt from 2.7.1 to 2.8.0 (#25733)
Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.7.1...v2.8.0)

---
updated-dependencies:
- dependency-name: jwt
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 10:25:23 +08:00
dependabot[bot] 4462635dff
Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 in /app/assets/javascripts (#25729)
* Build(deps-dev): Bump sass in /app/assets/javascripts

Bumps [sass](https://github.com/sass/dart-sass) from 1.70.0 to 1.71.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.70.0...1.71.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 09:13:04 +08:00
dependabot[bot] 700045b449
Build(deps-dev): Bump qunit from 2.20.0 to 2.20.1 in /app/assets/javascripts (#25730)
* Build(deps-dev): Bump qunit in /app/assets/javascripts

Bumps [qunit](https://github.com/qunitjs/qunit) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/qunitjs/qunit/releases)
- [Changelog](https://github.com/qunitjs/qunit/blob/main/History.md)
- [Commits](https://github.com/qunitjs/qunit/compare/2.20.0...2.20.1)

---
updated-dependencies:
- dependency-name: qunit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 09:12:42 +08:00
dependabot[bot] 0d97f4a69b
Build(deps-dev): Bump parallel_tests from 4.5.0 to 4.5.1 (#25732)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 4.5.0 to 4.5.1.
- [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md)
- [Commits](https://github.com/grosser/parallel_tests/compare/v4.5.0...v4.5.1)

---
updated-dependencies:
- dependency-name: parallel_tests
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 09:12:25 +08:00
Martin Brennan a57280cb17
DEV: Change min_trust_level_to_allow_profile_background to trust level setting (#25721)
New setting name is profile_background_allowed_groups

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408
2024-02-19 10:47:47 +10:00
Sam 9372404a31
FIX: full post jump not working (#25734)
Full post jump "SHIFT+K/J" not working if related topics are displayed

Amended logic so we unconditionally use full post jump on topic pages by
checking for .post-stream
2024-02-19 09:16:46 +11:00
Ella E e4b6142d6a
UX: Tweaks on the admin sidebar (#25717) 2024-02-16 14:28:25 -07:00
Blake Erickson ffac012bbc
FIX: Add a boarder around the video placeholder play button (#25727)
The video placeholder play button is white, so on a video placeholder
that is also white it is very hard to see where the play button is, so
this change adds a dark grey transparent background to the play button
so that it stands out. This is similar to how we have done the
play/pause button on animated gifs.
2024-02-16 13:48:57 -07:00
Penar Musaraj e497f6bf9b
UX: Allow resetting password when confirming session (#25708)
This is particularly useful in scenarios where 2FA is enforced and users have forgotten their password.
2024-02-16 12:18:07 -05:00
David Taylor 1c58395bca
DEV: Disable service worker caching by default (#25723)
Followup to c4559ae575
2024-02-16 15:03:05 +00:00
chapoi 5b9eac00b9
UX: better card alignment (#25720) 2024-02-16 16:00:55 +01:00
Bianca Nenciu a24d110258
FIX: Preload parent categories for sidebar (#25726)
When "lazy load categories" is enabled, only the categories present in
the sidebar are preloaded. This is insufficient because the parent
categories are necessary too for the sidebar to be rendered properly.
2024-02-16 16:39:18 +02:00
David Taylor 330cb837da
FIX: Remove strict-dynamic-specific logic from CSP extensions (#25725)
This data is cached, so we don't want to include any site-specific-logic in there. Let's just keep the old URL-collecting behaviour, and let it be stripped out by `CSP::Builder` at runtime.
2024-02-16 13:24:50 +00:00
David Taylor 1672a24490
DEV: Memoize CSP nonce placeholder on response (#25724)
That way, the same value is used even if the helper is called in the context of different controllers

Followup to c8a1b49ddd
2024-02-16 12:15:55 +00:00
David Taylor b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664)
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
Osama Sayegh 9329a5395a
FEATURE: Groundwork for schema theme settings UI (#25673)
This commit is the first of a series of commits that will allow themes to define complex settings types by declaring a schema of the setting structure that Discourse core will use to build a UI for the setting automatically. We implement the navigation logic and support for multiple levels of nesting in this commit and we'll continue building this new system gradually in future commits.

Internal topic: t/116870.
2024-02-16 09:31:49 +03:00
Martin Brennan 5935148bd8
FIX: Respect homepage prefs on admin sidebar Back to Forum link (#25642) 2024-02-16 14:31:42 +10:00
Martin Brennan 3094f32ff5
FIX: is_my_own? check for users who are anonymously doing actions (#25716)
Followup to 978d52841a

It's complicated...we have multiple "anonymous" user concepts
in core, and even two classes called the exact same thing --
AnonymousUser.

The first case is Guardian::AnonymousUser, which is used for
people who are browsing the forum without being authenticated.

The second case is the model AnonymousUser, which is used when
a user is liking or posting anonymously via allow_anonymous_likes
or allow_anonymous_posting site settings.

We will untangle this naming nightmare later on...but for the
time being, only authenticated users who are pretending to be
anonymous should be able to like posts if allow_anonymous_likes
is on.
2024-02-16 14:28:12 +10:00
Alan Guo Xiang Tan ad900ef9dd
Revert "DEV: Debug AR connection pool queue on CI (#25687)" (#25714)
This reverts commit 796af077c5.

We have not seen checkout timeout errors since c30aeafd9d
2024-02-16 10:11:46 +08:00
Alan Guo Xiang Tan 64b4e0d08d
DEV: First pass of ThemeSettingsObjectValidator (#25624)
Why this change?

This is a first pass at adding an objects validator which main's job is
to validate an object against a defined schema which we will support. In
this pass, we are simply validating that properties that has been marked
as required are present in the object.
2024-02-16 09:35:16 +08:00
Martin Brennan ae24e04a5e
DEV: Add a plugin modifier for user_action_stream_builder (#25691)
Reactions needs this to be able to filter out likes received
actions, where there is also an associated reaction, since
now most reactions also count as a like.
2024-02-16 10:24:39 +10:00
Alan Guo Xiang Tan cc9480b24a
PERF: Use `-ping` option to ImageMagick `identify` command (#25713)
Why this change?

This adds the `-ping` option to the spots we missed in
cfdb461e9a.
2024-02-16 07:39:49 +08:00
Alan Guo Xiang Tan d119ec617e
DEV: Disable `BlockRequestsMiddleware` before every test (#25712)
Why this change?

This is a follow up to c30aeafd9d. The
commit was calling `BlockRequestsMiddleware.allow_requests!` only before
`type: :system` tests but non system type tests could be running as well
and needs the `BlockRequestsMiddleware.allow_requests!` middleware to be
disabled too.
2024-02-16 07:01:36 +08:00
Sam 9e5e5d4078
FEATURE: shift+j and shift+k will scroll entire posts (#25684)
* FEATURE: shift+j and shift+k will scroll entire posts

When scrolling through topics with very long posts we would like to use
`shift+j` and `shift+k` to quickly move between posts.

This allows users to bypass the scroll within post behavior when zooming
through topics with keyboard shortcuts

This overloads the behavior of shift+k and j which can be used to scroll
through sections (new/latest/etc...)

* remove useless tests

These tests are testing nothing, no point carrying them around
2024-02-16 08:50:29 +11:00
dependabot[bot] ef59fcea68
Build(deps): Bump terser from 5.27.0 to 5.27.1 in /app/assets/javascripts (#25711)
* Build(deps): Bump terser in /app/assets/javascripts

Bumps [terser](https://github.com/terser/terser) from 5.27.0 to 5.27.1.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.27.0...v5.27.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-15 22:34:05 +01:00
dependabot[bot] fe0a36eee0
Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710)
* Build(deps-dev): Bump webpack in /app/assets/javascripts

Bumps [webpack](https://github.com/webpack/webpack) from 5.90.1 to 5.90.2.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.90.1...v5.90.2)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-15 22:33:45 +01:00
dependabot[bot] 8ce9842352
Build(deps): Bump google-protobuf from 3.25.2 to 3.25.3 (#25709)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-15 22:18:48 +01:00
Kris 5e59f1f22f
DEV: add matching plugin outlet to mobile template (#25706) 2024-02-15 16:01:56 -05:00
Isaac Janzen 5a67c8f0ca
UX: Show search history for more contexts (#25705)
Add search history to 👇 contexts:

  - "topic",
  - "category",
  - "tag",
  - "tagIntersection",
  - "user",
  
  We display the search history when no search term is present.
  
  # Demo

https://github.com/discourse/discourse/assets/50783505/c720f70e-0c4c-4dbd-9f28-8b046deef674
  
  ## Topic
<img width="1003" alt="Screenshot 2024-02-15 at 12 36 37 PM" src="https://github.com/discourse/discourse/assets/50783505/5a254d94-2489-4c0f-976d-0eb1e2d6d775">


  ## Category
<img width="1003" alt="Screenshot 2024-02-15 at 12 36 23 PM" src="https://github.com/discourse/discourse/assets/50783505/247ec625-0bc2-431b-ae4f-b4e664647cfe">


  ## Tag  
<img width="1020" alt="Screenshot 2024-02-15 at 12 35 50 PM" src="https://github.com/discourse/discourse/assets/50783505/e416a935-00c2-4e8a-aef4-8de6903864bf">


  ## Tag Intersection
<img width="1004" alt="Screenshot 2024-02-15 at 12 35 28 PM" src="https://github.com/discourse/discourse/assets/50783505/d06cb287-52dd-4df4-ade8-75f30f67f07e">

  
  ## User
  <img width="1001" alt="Screenshot 2024-02-15 at 12 34 51 PM" src="https://github.com/discourse/discourse/assets/50783505/85a7a682-46f5-404c-a441-affb6bad05b6">
2024-02-15 13:25:50 -07:00
Isaac Janzen 45a130e696
FIX: Make recent search items populate input with value (#25704)
- Make clicking a recent search item populate the search input with said value
- Don't add empty search strings to recent search history.
2024-02-15 12:18:35 -07:00
Penar Musaraj 974b3a2a6f
DEV: Do not require session confirmation for new users (#24799)
When making sensitive changes to an account (adding 2FA or passkeys), we
require users to confirm their password. This is to prevent an attacker
from adding 2FA to an account they have access to.

However, on newly created accounts, we should not require this, it's an
extra step and it doesn't provide extra security (since the account was
just created). This commit makes it so that we don't require session
confirmation for accounts created less than 5 minutes ago.
2024-02-15 12:29:16 -05:00