Commit Graph

1055 Commits

Author SHA1 Message Date
Dan Ungureanu 89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
David Taylor 84a2aae77f
FIX: Allow the app to generate and accept longer backup codes (#8761)
- Increase size of textarea when displaying generated codes
- Adjust maxlength of input field in JS UI
- Adjust maxlength of input field in no_ember UI

Follow-up to bff9880d63
2020-01-21 14:28:31 +00:00
Martin Brennan 66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Martin Brennan 9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
David Taylor cf60de59b1 FIX: Allow omniauth confirmation page to pass through GET parameters
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
Sam Saffron b57e108e84 FEATURE: improve email change workflow
- Show old and new email address during the process
- Ensure correct user is logged on when attempting to make email changes
- Support reloading a page during the email reset process without resubmit
of form
- Improve tests
- Fixed issue where redirect back to site was not linking correctly in
subfolder setups

Internal refactor of single action into 4 distinct actions that are simpler
to reason about.

This also removes the step that logs on an account after you confirm an
email change, since it is no longer needed which leaves us with safer
internals.

This left me no choice but to amend translations cause the old route was
removed.
2019-11-21 16:28:35 +11:00
Blake Erickson 3b16eb7abb FIX: Confirm new email with backup codes enabled
This is a fix for this bug:

https://meta.discourse.org/t/-/133185?u=blake

where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.

Apparently this feature broke during this commit:

68d35b14f4

when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
2019-11-14 16:27:42 -07:00
Arpit Jalan b869ef8a76 FIX: add <img> alt attribute for Summary emails 2019-11-06 15:26:46 +05:30
Gerhard Schlager 61b1f9c36b FEATURE: Load translation overrides without JS `eval` 2019-11-05 19:16:38 +01:00
Arpit Jalan b7327d2c34 UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
Mark VanLandingham 66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Neil Lalonde 4935c9f1f8 DEV: replace inline RTL attributes with classes in digest.html.erb 2019-10-28 16:36:55 -04:00
Kris 67ad8fbd1b minor button styling for admin login 2019-10-22 16:45:23 -04:00
Kris d6118c8bc8 Add digest email template classes for popular post section 2019-10-16 11:22:33 -04:00
Kris 1c4baadc49 UX: Wrap digest email footer in a table for better alignment options 2019-10-16 10:39:40 -04:00
Kris 645faa847b Follow up fix to c71da3f, class was defined twice 2019-10-15 20:12:50 -04:00
Kris 50b618dd44 UX: Add CSS classes to digest email template to allow for easier styling 2019-10-15 16:21:55 -04:00
Arpit Jalan 815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Dan Ungureanu fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
David Taylor 3da9b99dbf FIX: Live reload plugin stylesheets when the color scheme changes 2019-09-17 09:54:55 +01:00
Penar Musaraj 8f601d5025 UI: Add viewport meta tag to embedded topics layout 2019-09-12 14:14:32 -04:00
Krzysztof Kotlarek 32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Robin Ward 1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Arpit Jalan 972c1acef8 DEV: better class names for Flexbox 2019-09-09 21:33:53 +05:30
Arpit Jalan 103629d257 UX: better user image for embed/topics 2019-09-06 06:23:07 +05:30
Arpit Jalan d78ed3159d FEATURE: add topic creator username on topic list embed 2019-09-05 22:43:38 +05:30
Arpit Jalan a5c28f56d1 UX: use Flexbox for topic list embed 2019-09-04 20:22:57 +05:30
Arpit Jalan 111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Sam Saffron ac7d68a745 FIX: in case of orphan user records skip badge
There are rare cases where orphan user records can exist, skip badges
2019-08-30 17:21:34 +10:00
Arpit Jalan b63d476ee9 UX: convert embedded topic list HTML structure from table to div 2019-08-29 22:23:52 +05:30
Penar Musaraj 0f67350764 FIX: only use app argument for official iOS app banner
When showing the native app banner, we include an app argument to automatically add the current site to the official DiscourseHub app. However, the app id can be changed via a hidden site setting, and when changed, that argument is no longer useful. This ensures the argument is only included for the official iOS app banner.
2019-08-27 10:23:57 -04:00
Vinoth Kannan 41f22946c3 FIX: properly load desktop and mobile only plugin css assets.
5bd6b70d98
2019-08-22 08:39:10 +05:30
Vinoth Kannan 5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
Robin Ward 23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
David Taylor 213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor 6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
David Taylor 3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
David Taylor 7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Neil Lalonde 4b9d35cd0e FEATURE: add option to always send excerpts in emails
Enable the new setting "post excerpts in emails" to send excerpts
instead of complete posts in notification emails. Control the length of
excerpts with the "post excerpt maxlength" setting.
2019-08-06 12:45:28 -04:00
Neil Lalonde 43365a2bf1 Fix some broken styles 2019-07-30 16:46:20 -04:00
Neil Lalonde 9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Joe 340173eb12 DEV: consistent theme lookup in application / crawler / no-ember views (#7955)
* removes `raw` helpers

* include theme footer in the crawler view

* include theme body tag content in no-ember pages
2019-07-30 19:00:46 +02:00
Sam Saffron 5feb342914 Revert "FEATURE: add Noindex to robots.txt for disallowed routes"
This reverts commit d84256a876.

This is not supported by Google and causes robots.txt to be flagged as
invalid

Removing Noindex
2019-07-30 11:33:38 +10:00
Saurabh Patel 08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Gerhard Schlager 2ecc613c5d FIX: URL encode usernames in user profile links in RSS feeds
user_url() failed for usernames containing Unicode characters because it expects URL encoded usernames. RSS feeds do not support IRIs, so lets convert them to URIs by encoding the usernames.
2019-07-18 23:18:23 +02:00
Vinoth Kannan 839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Neil Lalonde 6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Arpit Jalan 324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Joffrey JAFFEUX 71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
Joffrey JAFFEUX dfde59f631
FIX: provides an emoji helper to replace codes by images (#7802) 2019-06-26 15:11:04 +02:00
David Taylor e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor 52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor 5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Sam Saffron a0474a0774 FIX: always take the first post in the RSS fee
`.posts.first` may be the first post and may not, depending on luck

Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Saurabh Patel b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Vinoth Kannan f9f12ed221 PERF: fix N+1 queries for non-JS topic view. 2019-06-03 21:47:33 +05:30
Régis Hanol f6ced0a78a Remove unused & empty author meta tag 2019-06-03 12:00:14 +02:00
David Taylor 7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Kris 98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Arpit Jalan 553ffbfcb5 FEATURE: add OpenGraph data to /login page 2019-05-23 07:03:01 +05:30
Gerhard Schlager 58f72cd439 Remove duplicate translations 2019-05-22 16:15:22 +02:00
Osama Sayegh 14bae6d52d Make `email_excerpt` method take an optional `post` param (#7570)
The spoiler alert plugin replaces spoiler text found in email excerpts with posts URL, which means it needs to have a reference to the post it's processing.

This change makes `email_excerpt` accepts an optional post param, which calls `PrettyText.format_for_email` which then triggers the `reduce_cooked` event that the plugin subscribes to.
2019-05-20 10:04:23 +02:00
Saurabh Patel e20f13ebb7 fix css of prev and next page links, move them to bottom of page (#7465)
Thanks 👍
2019-05-07 17:04:27 +02:00
Penar Musaraj 5e546ba7d1 Standardize viewport rules for mobile and desktop
Also removes`maximum-scale` on non-mobile devices, better for accessibility.
2019-05-06 10:28:29 -04:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Saurabh Patel d4bec7fdfb use description_text instead of description to show correct sanitized description (#7420) 2019-04-24 16:33:58 +10:00
Bianca Nenciu 1867f2dda0
FEATURE: Always track clicks using AJAX. (#7373) 2019-04-23 12:41:36 +03:00
Saurabh Patel 3658be42f5 FIX: remove like_count and <hr> tag from post crawler layout (#7413)
* show likes value in crawler view if count is > 0

* remove <hr> since horizontal line is already provided by css - this removes one of 2 horizontal lines in post crawler view
2019-04-23 15:35:57 +10:00
Robin Ward a8e3ac90a0 FIX: `nil` error in list, incorrect count in reviewable pending 2019-04-22 12:18:57 -04:00
Saurabh Patel 3f9ec197e7 FIX: use last_activity_date instead of created_at for crawler view 2019-04-22 11:38:48 -04:00
Penar Musaraj 7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Roman Rizzi 12a5c69abd
FEATURE: Allow users to tone down digest emails (#7353)
* FEATURE: Allow user to tone down email digest insteand of only unsubscribing

* Reordered options and select the next slowest frequency by default
2019-04-17 12:14:40 -03:00
Penar Musaraj eae22548de
Footer navigation for iOS PWAs and DiscourseHub app (#7347) 2019-04-10 12:23:18 -04:00
Saurabh Patel 9b288613ae DEV: remove span from inside <tr> and move meta info to a td (#7324) 2019-04-05 09:32:11 +02:00
Saurabh Patel 90fc2d15c4 FEATURE: change layout when default page is category to tabular for _… (#7270) 2019-04-04 15:57:18 +02:00
Saurabh Patel da2f659635 UX: Improve posts layout for crawler (#7286) 2019-04-03 11:58:00 +02:00
Robin Ward 76669bb5a6 FIX: Don't refer to pending review items as flags
They could be queued posts or users, and the notice should reflect that
properly.
2019-04-01 14:46:56 -04:00
Penar Musaraj fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Saurabh Patel 4a47ec791f * FEATURE: change layout of escaped_fragment_ topic page to table one like live discourse (#7250) 2019-03-27 21:32:56 +01:00
Rafael dos Santos Silva 8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Jeff Wong b0d93a38e8 FEATURE: Add plugin html hook to insert html before any other scripts 2019-03-05 10:41:16 -08:00
Arpit Jalan ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Arpit Jalan 01e2180548 FIX: /signup and /password-reset direct links were broken 2019-03-04 09:02:22 +05:30
Joffrey JAFFEUX 900e187627
DEV: removing blank files (#7057) 2019-02-25 09:52:44 +01:00
Dan Ungureanu 90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Vinoth Kannan e0c16d3a8a minor refactoring to improve code readability 2019-02-11 17:24:02 +05:30
Vinoth Kannan 2c12336c6b FIX: Display post updated date in non-JS view for crawler 2019-02-11 16:48:22 +05:30
Vinoth Kannan 3d52f690b3 UX: Add post action text in non-JS topic view 2019-01-28 22:51:06 +05:30
Joffrey JAFFEUX 096a81158a
FIX: siteNavigationElement was reversed (#6934) 2019-01-23 15:47:39 +01:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Arpit Jalan 93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor 49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
Saurabh Patel a52baf4b28 FEAT: use category logo image as meta image (#6865) 2019-01-10 09:33:13 +08:00
cfitz 19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Guo Xiang Tan ffdacba219 Remove extra `apple-touch-icon` link in head.
The sizes attribute does not make a difference because both
image provided is of the same size.
2018-11-29 15:24:52 +08:00
Arpit Jalan 654d7996ae FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30