Commit Graph

6099 Commits

Author SHA1 Message Date
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Régis Hanol 0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Daniel Kessler 8a443e051b Add base_url to config locales (#6510) 2018-10-31 08:19:37 +00:00
Joe d08cd0b21f
UX: updates category muting instructions 2018-10-31 13:01:22 +08:00
Bianca Nenciu e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 087b12b40c FIX: Fix 'New Login Alert' message. (#6539) 2018-10-30 19:13:25 +00:00
Gerhard Schlager e32993f96c minor copyedit 2018-10-30 13:33:26 +01:00
Maja Komel 5485248fbe FIX: sso provider copyedit 2018-10-30 10:02:22 +01:00
Jeff Atwood 23ae2023ef minor copyedit 2018-10-30 00:25:34 -07:00
Jeff Atwood 8e12846b9c more copyedits on staff unusual login email 2018-10-27 18:30:45 -07:00
Jeff Atwood a453643a5b copyedits on staff unusual login alert 2018-10-27 18:17:40 -07:00
Jeff Atwood 817cf8b229 remove extraneous two factor auth info popup 2018-10-27 14:10:26 -07:00
Jeff Atwood 58b53f7841 update copy for "was this you?" login dialog 2018-10-27 13:57:30 -07:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Jeff Atwood 54e025225d minor copyedit 2018-10-24 16:22:29 -07:00
Sam Saffron 64aca0dc1b FIX: remove duplicate referrer policy
Rails already ships with strict-origin-when-cross-origin, no need
to also add no-referrer-when-downgrade

see: https://meta.discourse.org/t/harden-referrer-policy-header/100172
2018-10-24 08:38:39 +11:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Rafael dos Santos Silva db26fe1527 FIX: Proper naming for the GNU/Linux OS 2018-10-22 13:34:01 -03:00
Bianca Nenciu 99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
David Taylor 37b7afa522 FIX: Sanitize tags before creation 2018-10-22 10:53:42 +01:00
Arpit Jalan ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
David Taylor 0dd717e641 Revert "FIX: Sanitize tags before creation"
This reverts commit 18ae8de9e5.
2018-10-19 15:49:05 +01:00
David Taylor 18ae8de9e5 FIX: Sanitize tags before creation 2018-10-19 15:43:31 +01:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Jeff Atwood 0db3e27ce4 remove windows phone references, it is ☠ 2018-10-16 15:11:24 -07:00
Davide Porrovecchio 005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Joe 2acb885c72 FEATURE: fullscreen composer mode on desktop
Adds keyboard shortcut and icon that allows expanding composer to full screen.
2018-10-15 13:59:49 +11:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Neil Lalonde af39624d19 Update translations 2018-10-12 10:40:25 -04:00
Neil Lalonde 12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Jeff Wong b5b382dcd6 Feature: add boxes with subcategories option for desktop categories page (#6471)
* Feature: add boxes with subcategories option for desktop categories page

* only add subclass div when subclasses exist
2018-10-11 15:59:37 +08:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Joshua Rosenfeld fd48ba10b8
Add quotes to site setting HTML links 2018-10-10 16:53:02 -04:00
Joshua Rosenfeld 51029e3884
Revert sendgrid URL change
per 2ded524b5a
2018-10-10 09:00:39 -04:00
Joshua Rosenfeld 18e99ddfa9 Link to social login instructions in site settings 2018-10-10 08:46:48 -04:00
Joshua Rosenfeld cd2b8d40f1 Properly link to URLs in site settings 2018-10-10 08:46:03 -04:00
Joshua Rosenfeld d35bce96ab Use https:// when possible 2018-10-10 07:11:58 -04:00
Joshua Rosenfeld 3d8b063c83
Update test_mailer to minimize URL redirects 2018-10-10 06:16:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Penar Musaraj 47f19adac8 Remove old bookmark strings 2018-10-09 09:31:08 -04:00
Vinoth Kannan ac034a6b2c copyedit on branch field help text 2018-10-09 11:56:51 +05:30
Erin Kosewic 51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Kyle Zhao acba7d2a5d Extract `discourse_javascript.html.erb` to a scrip include
* extract omniauth auth complete inline JS

* extract Ember error logging inline JS

* transpile `authentication-complete`

This is CSP related work
2018-10-09 16:50:45 +11:00
Guo Xiang Tan 1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
Jeff Wong e55f220b33 add category style boxes with featured topics option 2018-10-08 16:19:54 -07:00
Gerhard Schlager 97ad9e9d9b UX: Prompt for custom invite message was hard to translate 2018-10-08 18:01:21 +02:00
Guo Xiang Tan 40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Jeff Atwood 3b6a525e5b minor copyedit for bookmarks 2018-10-07 04:17:59 -07:00
Arpit Jalan 2a94bf9dfb UX: change staff actions logs user label 2018-10-06 13:54:46 +05:30
David Taylor 9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan 8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Guo Xiang Tan da39a310c3 Fix missing quotes in unicorn_launcher. 2018-10-05 12:21:07 +08:00
Guo Xiang Tan 07eca289d3 Fix invalid bash syntax. 2018-10-05 12:18:20 +08:00
Guo Xiang Tan 00ae94cb4d DEV: Prevent `unicorn_launcher` from looping forever.
For some reason, the new master unicorn process that we
detect might be replaced with another process causing
the script to loop forever.
2018-10-05 12:12:54 +08:00
Guo Xiang Tan 3400624d70 Log pid of launcher script when logging. 2018-10-05 11:48:32 +08:00
Jeff Atwood 2bdc36bd8c very minor copyedit on bump date 2018-10-04 17:22:44 -07:00
Maja Komel 361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Guo Xiang Tan 16dedb5498 Avoid hardcoded value in `unicorn_launcher` take 2. 2018-10-04 17:13:27 +08:00
Guo Xiang Tan a8368318fe Revert "Avoid hardcoded value in `unicorn_launcher`."
This seems to be causing problem with the unicorn master pid
tracking so revert for now.

This reverts commit 09d0216e84.
2018-10-04 16:26:13 +08:00
Guo Xiang Tan 09d0216e84 Avoid hardcoded value in `unicorn_launcher`.
On slower instances, spinning up a new master process
can take more than 10 secs.
2018-10-04 15:44:13 +08:00
Rafael dos Santos Silva b8d3fbd08b FEATURE: Enable the notification prompt by default 2018-10-03 19:58:24 -03:00
Vinoth Kannan 23b4ab9bf9 DEV: Do not use concatenation in translations 2018-10-03 11:59:21 +05:30
Guo Xiang Tan 4b367dc61e FIX: `unicorn_launcher` should shut down unicorn gracefully. 2018-10-03 14:27:05 +08:00
Sam 0e10b47618 UX: make responsive_post_image_sizes a visible site setting
This is useful for sites that want to cut bandwidth by decreasing
fidelity of thumbnails.
2018-10-03 15:06:37 +10:00
Sam ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Maja Komel 73443d889c FIX: keep files in order when adding multiple uploads (#6306)
* FIX: keep files in order when adding multiple uploads

* use filename in the placeholder when uploading files

* add tests

* add consecutive nr to the placeholder when multiple uploads with the same filename
2018-10-03 11:12:36 +10:00
Sam a6f0436a29 FEATURE: change default to enable login by email out-of-the-box 2018-10-03 10:16:52 +10:00
Bianca Nenciu e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Arpit Jalan dc960e1a82 Make `enable_mobile_theme` a hidden setting
https://meta.discourse.org/t/default-mobile-view-formatting-error/98063/3
2018-09-29 10:33:17 +08:00
David Taylor 2a8ce0cb04
UX: Improve shared_drafts_category description 2018-09-27 22:39:10 +01:00
Gerhard Schlager 471f9927bb Fix Bosnian plural rules 2018-09-27 05:43:49 +02:00
Gerhard Schlager b0a383561e FEATURE: Add Lithuanian locale 2018-09-27 05:26:38 +02:00
David Taylor 0b2b617483 FIX: Corrected copy on post_edit_time_limit site setting 2018-09-26 18:49:10 +01:00
Rishabh Nambiar e387adadf8 UX: Improve owner_groups text to fit combo-box in a single line 2018-09-26 17:02:59 +05:30
Neil Lalonde f8a77cd041 FIX: links in TL1 promotion system message for subfolder installs 2018-09-21 12:20:59 -04:00
Guo Xiang Tan d4bd04c3a7 Allow `purge_deleted_uploads_grace_period_days` to be shadowed. 2018-09-19 17:49:00 +08:00
Jeff Atwood b33a623774 very minor copyedit 2018-09-18 15:48:48 -07:00
Vinoth Kannan 4383afb769
Merge pull request #6413 from vinothkannans/log-entity-export
FEATURE: Log entity export in staff logs
2018-09-19 03:18:28 +05:30
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Jeff Atwood f43b5bb3c1 considerably simplify copy for change owner 2018-09-18 14:15:08 -07:00
Sam 0e9841b995 SECURITY: remove admin memory diagnostics routes 2018-09-18 08:35:09 +10:00
Neil Lalonde 6f1b8ad16d FIX: tag groups page should only be visible to staff
No security concern here because nothing private was visible,
and no actions could be taken by non-staff users.
2018-09-17 11:41:18 -04:00
Régis Hanol 4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
CheshireVillageSoftware f3214889dc FEATURE: Updated CORS config to explicitly specifyhttp methods
See: https://stackoverflow.com/questions/20478312/default-value-for-access-control-allow-methods 

In particular we now explicitly allow DELETE and PUT which is inconsistently allowed depending on browser
2018-09-17 11:01:08 +10:00