Commit Graph

43450 Commits

Author SHA1 Message Date
Martin Brennan b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz 9be69b603c
DEV: Make `screen-track` a regular service (#14983) 2021-11-17 20:56:06 +01:00
Jarek Radosz 05423e9dfd
DEV: `I18n` global is no longer supported (#14993)
Don't allow it when linting.
2021-11-17 20:52:22 +01:00
Bianca Nenciu 186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz bf34d3524b
DEV: Fix a `userFields` computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX 439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX 113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Vinoth Kannan a3a4f16e88
UX: add more search aliases for emojis. (#14768) 2021-11-17 11:54:43 +01:00
Krzysztof Kotlarek 9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00
Penar Musaraj 2ff7f105d9
UX: launch full page search on second `Enter` hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00
Martin Brennan 515acb8fc4
FIX: Error when SMTP enabled in PostAlerter with no incoming email (#14981)
When 31035010af
was done it failed to take into account the case where the smtp_enabled
site setting was true, but the topic had no allowed groups / no
incoming email record, which caused errors for topics even with
nothing to do with group SMTP.
2021-11-17 09:24:17 +10:00
Martin Brennan e7a4742490
FIX: Clean up emoji name which is file name (#14980)
Uppy adds the file name as the "name" parameter in the
payload by default, which means that for things like the
emoji uploader which have a name param used by the controller,
that param will be passed as the file name. We already use
the existing file name if the name param is null, so this
commit just does further cleanup of the name param, removing
the extension if it is a filename so we don't end up with
emoji names like blah_png.
2021-11-17 09:20:44 +10:00
Jarek Radosz bf33d2cd4b
FIX: Include all categories in sortedCategories (#14979)
Fixes the issue where categories over two levels deep were missing.
2021-11-17 00:12:04 +01:00
Martin Brennan 7e39910de6
DEV: Refactor uppy s3 mulipart mixin to not use self = this (#14960)
We no longer use this pattern, so we can replace with function
binding instead.
2021-11-17 09:03:10 +10:00
Jordan Vidrine aa31fbe29a
REFACTOR: Continued topic-list tweaks (#14977)
* REFACTOR: Prep for topic-list refactor
2021-11-16 14:44:04 -06:00
Mark VanLandingham 1b752a5dec
DEV: Export add emoji logic in textarea manipulation mixin (#14976) 2021-11-16 13:42:21 -06:00
Jordan Vidrine 19fb97bb13
FIX: Adjust topic list header alert (#14974) 2021-11-16 11:09:07 -06:00
jbrw e306d84c56
FEATURE: display warning when sharing a topic in a restricted category (#14820)
* FEATURE: display warning when sharing a topic in a restricted category

If a topic belongs to a category that is not readable by everyone, display a text warning of "Only visible to members of groups: [group_a], [group_b]"

* DEV: Adding a new category means we need to bump this value

* DEV: pass category to showModal
2021-11-16 11:49:41 -05:00
Jarek Radosz b6677fb126
DEV: Use radix 10 in `parseInt()` (#14973) 2021-11-16 16:36:44 +01:00
Akshay Birajdar 6b5e8be25a Support parsing array in #param_to_integer_list
Co-authored-by: Akshay Birajdar <akshay.birajdar@coupa.com>
2021-11-16 10:27:00 -05:00
Jarek Radosz cfabdb72bc
FIX: Ambiguous column in `downsize_uploads` (#14972) 2021-11-16 16:23:32 +01:00
Discourse Translator Bot 8420cf047e
Update translations (#14970) 2021-11-16 16:17:10 +01:00
Osama Sayegh 8f5412cccf
DEV: Skip logging in test environment (#14971)
It adds unnecessary noise when running the test suite.
2021-11-16 18:01:48 +03:00
Joffrey JAFFEUX 035822d9e0
DEV: sticky avatar was retained during tests (#14969) 2021-11-16 14:33:06 +01:00
Joffrey JAFFEUX ff7e685a59
DEV: removes jquery usage from discourse-topic (#14964) 2021-11-16 13:17:44 +01:00
Joffrey JAFFEUX 0fbeb2e5a2
DEV: removes jquery usage from links-redirect (#14968) 2021-11-16 13:16:53 +01:00
Joffrey JAFFEUX f9682f1c69
DEV: removes jquery usage from html-with-links (#14966) 2021-11-16 13:16:43 +01:00
Andrei Prigorshnev 32c6c4f417
DEV: Remove unused action (#14889)
There are no usages in Core and plugins.
2021-11-16 15:49:59 +04:00
Jordan Vidrine 370c729160
FIX: Additional fixes for last-visited on topic list (#14962) 2021-11-16 12:34:29 +01:00
Joffrey JAFFEUX 2167d4d890
FIX: fix regressions introduced in ae16b0a (#14967)
- ensures arrow up/down doesn’t also apply to textarea while autocomplete is opened
- ensures esc is closing autocomplete and also not closing composer while autocomplete is opened
2021-11-16 12:19:14 +01:00
Joffrey JAFFEUX 49f09345c7
FIX: adds missing class for last visit separator (#14965) 2021-11-16 11:40:08 +01:00
Joffrey JAFFEUX ae16b0a9d4
DEV: reduces jquery usage and memory leaks in composer (#14924)
Removes more than 60 jquery function leaks in one `Acceptance: Composer` run.
2021-11-16 10:27:05 +01:00
Joffrey JAFFEUX ef881fdedc
DEV: drops jquery/simplify code/removes leaked event (#14947) 2021-11-16 10:26:39 +01:00
Joffrey JAFFEUX c768c2ab3a
DEV: drops jquery usage in stacked chart (#14946) 2021-11-16 10:26:26 +01:00
Joffrey JAFFEUX 43659a6de2
DEV: jquery removal/listeners/cleanup of permalink form (#14944)
- Removes jquery
- Removes a not unregistered listener and uses component event
- Removes external-url class as it was only valid in one case of the dropdown
- Uses @action
- Tagless
- Other minor changes
2021-11-16 10:25:54 +01:00
Joffrey JAFFEUX c9a84d8067
DEV: removes unnecessary jquery selector (#14945) 2021-11-16 10:25:34 +01:00
Bianca Nenciu 88523a6d6a
FIX: Redirect to homepage if no posts exist (#14951)
After permanently deleting the first post of a topic the user was
sometimes stuck on the page because of an infinite loop. This problem
happened more often in Firefox.
2021-11-16 11:10:07 +02:00
Loïc Guitaut c2be7c65e8 FEATURE: Move sticky avatars into core
This patch takes the small component we had for sticky avatars and adds
it into our core code base.

A small refactor has been made to have a `StickyAvatars` dedicated class.
2021-11-16 10:06:25 +01:00
Vinoth Kannan c47a526371
FIX: exclude topics from muted tag in category featured list. (#14925)
Topics from muted tags were visible in the categories page's featured topics section since we didn't filter it before.
2021-11-16 12:10:50 +05:30
Martin Brennan f52e1258f7
DEV: mutlipart -> multipart spelling fix (#14963) 2021-11-16 13:58:33 +10:00
Kris 8b5dec4607
UX: mobile topic list fixes follow-up to 0e371d4 (#14959) 2021-11-15 21:07:32 -05:00
dependabot[bot] 6aee9f83ec
Build(deps): Bump sprockets-rails from 3.3.0 to 3.4.0 (#14955)
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-16 09:20:06 +08:00
dependabot[bot] 45da3cd2ae
Build(deps): Bump rubocop from 1.22.3 to 1.23.0 (#14954)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.22.3 to 1.23.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.22.3...v1.23.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-16 09:19:51 +08:00
Martin Brennan f61783a218
FIX: Emoji uploader not using data.name on uppy upload (#14958)
When uploading emoji with the new uppy upload mixin, we were
not sending the name of the emoji in the payload, or more
accurately uppy was already using the file name as the name
value and we were not overriding it from data. This commit
changes the behaviour for single files uploaded via the uppy
upload mixin, by merging the file's meta object with this.data
from the parent component.
2021-11-16 11:14:06 +10:00
Martin Brennan 31035010af
FIX: Use correct group out of multiple for SMTP sender (#14957)
When there are multiple groups on a topic, we were selecting
the first from the topic allowed groups to act as the sender
email address when sending group SMTP replies via PostAlerter.
However, this was not ordered, and since there is no created_at
column on TopicAllowedGroup we cannot order this nicely, which
caused just a random group to be used (based on whatever postgres
decided it felt like that morning).

This commit changes the group used for SMTP sending to be the
group using the email_username of the to address of the first
incoming email for the topic, if there are more than one allowed
groups on the topic. Otherwise it just uses the only SMTP enabled
group.
2021-11-16 10:21:49 +10:00
Jarek Radosz f4d1fe18f8
DEV: Don't use `$.isEmptyObject()` (#14953) 2021-11-15 23:17:56 +01:00
Martin Brennan eabe2df8d2
FIX: Drop malformed CC addresses in GroupSmtpEmail job (#14934)
Sometimes, a user may have a malformed email such as
`test@test.com<mailto:test@test.com` their email address,
and as a topic participant will be included as a CC email
when sending a GroupSmtpEmail. This causes the CC parsing to
fail and further down the line in Email::Sender the code
to check the CC addresses expects an array but gets a string
instead because of the parse failure.

Instead, we can just check if the CC addresses are valid
and drop them if they are not in the GroupSmtpEmail job.
2021-11-16 08:15:11 +10:00