Commit Graph

42570 Commits

Author SHA1 Message Date
dependabot[bot] f4720205c0
Build(deps): Bump sanitize from 5.2.3 to 6.0.0 (#13949)
Bumps [sanitize](https://github.com/rgrove/sanitize) from 5.2.3 to 6.0.0.
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](https://github.com/rgrove/sanitize/compare/v5.2.3...v6.0.0)

---
updated-dependencies:
- dependency-name: sanitize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 10:49:07 +10:00
jbrw fb14e50741
SECURITY: Destroy `EmailToken` when `EmailChangeRequest` is destroyed (#13950) 2021-08-04 19:14:56 -04:00
Martin Brennan d8a0d2262c
DEV: Update pretender and fake-xml-http-request (#13937)
We are still on a version of pretender since 2017
https://github.com/pretenderjs/pretender/releases/tag/v1.6.1

Since then many changes have been made, including adding support
for xhr.upload. Upgrading will let us write proper acceptance
tests for uppy, which uses XmlHTTPRequest internally including
xhr.upload.

Updates pretender to 3.4.7 and fake-xml-http-request to 2.1.2.

Note: There have been no breaking changes in the releases that would
affect us, mainly dropping support for old node versions.
2021-08-05 08:23:01 +10:00
Robin Ward 17f28d4018 DEV: Add a widget API for injecting services
When declaring your widget you can now add an option like: `services: ['cool']`

And your widget instances will automatically get a `this.cool` property
which will resolve to the service. This saves having to look it up
yourself.
2021-08-04 16:27:19 -04:00
Jarek Radosz 07c6b720bc
DEV: Remove `PostProcessed` trigger option (#13916)
It was deprecated 5 years ago in e55e2aff94

I've seen it still being used in the wild, even though it doesn't do anything anymore as I understand it.
2021-08-04 22:24:47 +02:00
Jarek Radosz fbd1cd5fe1
DEV: Prevent npm usage (#13945)
We rely on yarn workspaces so we don't want people using npm in the repo by accident.

Also updated the required node version to 12+.

~~Not sure about the min yarn version – the latest one could be missing in various CI-like envs, so I might change it yet.~~
Downgraded yarn to ">= 1.21.1" (the oldest of "current" versions, tagged "legacy")
2021-08-04 22:04:58 +02:00
Joffrey JAFFEUX 5b85b254db
DEV: do not process composer preview when collapsed (#13941) 2021-08-04 16:40:31 +02:00
Joffrey JAFFEUX 11668ee85b
PERF: generates dates tooltip on demand (#13944) 2021-08-04 16:28:07 +02:00
Discourse Translator Bot 6b87ae3d4c
Update translations (#13929) 2021-08-04 14:14:52 +02:00
Arpit Jalan ff994234ee
UX: append ellipsis to actions that have follow-up screen (#13943) 2021-08-04 17:26:12 +05:30
Bianca Nenciu d9843d757a
FIX: Update draft count when sequence is increased (#13940)
* FIX: Update draft count when sequence is increased

Sometimes users ended up having a draft count higher than the actual
number of drafts.

* FIX: Do not update draft count twice

The call to DraftSequence.next! above already does it.
2021-08-04 13:30:37 +03:00
Bianca Nenciu e2af2a2219
FIX: Make rake site:export_structure export uploads (#13938)
It failed because of an undefined variable.
2021-08-04 11:14:30 +03:00
Arpit Jalan 4122affc0f
FIX: use search message context on group message page (#13936) 2021-08-04 13:42:17 +05:30
Joffrey JAFFEUX d23c0c06c3
PERF: reduces rendering time of local-dates (#13931)
- prefers insertAdjacentHTML over innerHTML as it's much faster in this case (about 5x)
- memoizes tz.guess()
- memoizes list of timezones
- inlines template
- applies main element class in one pass

All in all for a very edge case of about 80 dates it should be faster of about 15/20ms.
2021-08-04 08:27:22 +02:00
Vinoth Kannan 1da0aa838f
FIX: use `update_attribute` method to trigger callbacks. (#13930)
Group flair is not removed while removing a user from the group since the `before_save` callback methods are not triggered while using the `update_columns` method.
2021-08-04 11:54:46 +05:30
dependabot[bot] fc5194e515
Build(deps): Bump nokogiri from 1.12.0 to 1.12.1 (#13932)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.0 to 1.12.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 11:00:36 +08:00
dependabot[bot] bd70de5c07
Build(deps): Bump nio4r from 2.5.7 to 2.5.8 (#13933)
Bumps [nio4r](https://github.com/socketry/nio4r) from 2.5.7 to 2.5.8.
- [Release notes](https://github.com/socketry/nio4r/releases)
- [Changelog](https://github.com/socketry/nio4r/blob/master/CHANGES.md)
- [Commits](https://github.com/socketry/nio4r/compare/v2.5.7...v2.5.8)

---
updated-dependencies:
- dependency-name: nio4r
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 10:59:22 +08:00
dependabot[bot] fe2fbe1a38
Build(deps): Bump oj from 3.12.2 to 3.12.3 (#13934)
Bumps [oj](https://github.com/ohler55/oj) from 3.12.2 to 3.12.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.12.2...v3.12.3)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 10:59:06 +08:00
Bianca Nenciu 54e2b95539
FIX: Remove 'reply above line' marker (#13927)
This marker is automatically added by Discourse's group SMTP mailer.
When user responded to emails sent by it, Discourse did not trim this
marker.
2021-08-03 20:08:19 +03:00
Bianca Nenciu e2c415457c
FEATURE: Attach backup log as upload (#13849)
Discourse automatically sends a private message after backup or
restore finished. The private message used to contain the log inline
even when it was very long. A very long log can create issues because
the length of the post will be over the maximum allowed length of a
post. When that happens, Discourse will try to create an upload with
the logs. If that fails, it will trim the log and inline it.
2021-08-03 20:06:50 +03:00
Osama Sayegh e67670c1e4
FIX: Consistently show history modal when clicking edit notifications (#13912)
Currently when a user clicks on an edit notification, we use `appEvents` to
notify the topics controller that it should open up the history modal for the
edited post and the appEvents callback opens up the history modal in the next
Ember runloop (by scheduling an `afterRender` callback).

There are 2 problems with this implementation:

1) the callbacks are fired/executed too early and if the post has never been
loaded from the server (i.e. not in cache), we will not get a modal history
because the method that shows the modal `return`s if it can't find the post:

016efeadf6/app/assets/javascripts/discourse/app/controllers/topic.js (L145-L152)

2) when clicking an edit notification from a non-topic page, you're redirected
to the topic page that contains the edited post and you'll see the history
modal briefly and it'll be closed immediately. The reason for this is because
we attempt to show the history modal before the route transition finishes
completely, and we have cleanup code in `initializers/page-tracking.js` that's
called after every transition and it does several things one of which is
closing any open modals.

The fix in this commit defers showing the history modal until posts are loaded
(whether fresh or cached). It works by storing some bits of information (topic
id, post number, revision number) whenever the user clicks on an edit
notification, and when the user is redirected to the topic (or scrolled to the
edited post if they're already in the topic), the post stream model checks if
we have stored information of an edit notification and requests the history
modal to be shown by the topics controller.
2021-08-03 19:06:23 +03:00
Bianca Nenciu 52520638ca
FIX: Inline secure images with duplicated names (#13926)
Inlining secure images with the same name was not possible because they
were indexed by filename. If an email contained two files with the same
name, only the first image was used for both of them. The other file
was still attached to the email.
2021-08-03 18:58:34 +03:00
Blake Erickson 413de9361f
DEV: Disable PATCH requests (#13928)
We aren't actually calling any of the PATCH requests, so maybe we should
just stick with PUT unless we explicitly need PATCH for something.
2021-08-03 07:26:48 -06:00
Blake Erickson 5c6e7e3401
DEV: Document some of the badge api endpoints (#13919)
Adding some api documentation for the badge routes.
2021-08-03 06:25:12 -06:00
David Taylor ab1460e2ca
UX: Ensure external login icons are visible on hover (#13914)
Some authentication buttons (e.g. apple, oidc, oauth2, saml) do not have a specific color specified. Therefore they were taking the default button-with-icon color, and the icons would almost disappear on hover. This commit adds a default of #000 for these buttons, so that the button hover looks similar to core auth buttons.
2021-08-03 12:48:21 +01:00
Martin Brennan 8eabbdae5c
DEV: Move composer-editor upload functions into mixin (#13923)
This PR moves all the upload related functions into a new
ComposerUpload mixin that is extended by the composer-editor
component. This is being done so I can introduce a ComposerUploadUppy
mixin that overrides functions in the regular ComposerUpload mixin,
via a new composer-editor-uppy component that inherits from
ComposerEditor. The proposed structure, which will be in the next PR,
looks like this:

composer-editor-uppy

```javascript
import ComposerEditor from "discourse/components/composer-editor"
import ComposerUploadUppy from "discourse/mixins/composer-upload-uppy"

export default ComposerEditor.extend(ComposerUploadUppy, {
  layoutName: "components/composer-editor"
});
```

This way the new composer-editor is a dumb component purely used for
testing uppy safely, and within the template for composer.hbs we do
this:

```javascript
@discourseComputed
composerComponent() {
  return this.siteSettings.enable_experimental_composer_uploader
    ? "composer-editor-uppy"
    : "composer-editor";
},
```

```handlebars
{{component composerComponent ...}}
```

This is the only way I can think to do it, because it is not possible to
access the site settings when the component is first declared I can't do
something like:

```javascript
const uploaderMixin = this.siteSettings.use_experimental_uploader?
ComposerUploaderUppy : ComposerUploader;

Component.extend(uploaderMixin, {});
```

An additional change in this PR is explicitly passing in these four
plugin data structures to the composer-editor Component, rather
than relying on JS closures which the mixin cannot do:

* uploadMarkdownResolvers
* uploadProcessorActions
* uploadProcessorQueue
* uploadHandlers
2021-08-03 14:46:32 +10:00
Vinoth Kannan 4ec2c1e9a9
DEV: don't merge email address if target user is not human. (#13915)
While merging two user accounts don't merge the source user's email address if the target user is not a human.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-08-03 10:04:35 +05:30
dependabot[bot] c02c6940bb
Build(deps): Bump nokogiri from 1.11.7 to 1.12.0 (#13920)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.7 to 1.12.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:04:41 +08:00
dependabot[bot] c70f3e0916
Build(deps): Bump bootsnap from 1.7.6 to 1.7.7 (#13921)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.6 to 1.7.7.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.6...v1.7.7)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:04:10 +08:00
dependabot[bot] 9e8b377978
Build(deps): Bump globalid from 0.5.1 to 0.5.2 (#13922)
Bumps [globalid](https://github.com/rails/globalid) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/rails/globalid/releases)
- [Commits](https://github.com/rails/globalid/compare/v0.5.1...v0.5.2)

---
updated-dependencies:
- dependency-name: globalid
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-03 10:03:56 +08:00
Jordan Vidrine 465db1e5b5
FIX: Adjust poll buttons (#13924)
* FIX: Adjust poll buttons

* REFACTOR: Move styles to desktop stylesheet
2021-08-03 10:03:18 +08:00
Jordan Vidrine 2c3b4ff135
UX: UX Fixes (#13918)
* UX: Adjust name alignment on email group chooser

* UX: Remove dotted line when using j/k navigation on topic
2021-08-02 17:36:48 -05:00
Martin Brennan b88d8c8894
FIX: Use reply-to address for incoming emails if present (#13896)
When the Reply-To header is present for incoming emails we
want to use it instead of the from address. This is usually the
case when forwarding an email via a mailing list into Discourse.

For now we are only using the Reply-To header if the email has
been forwarded via Google Groups, which is why we are checking the
X-Original-From header too. In future we may want to use the Reply-To
header in more cases.
2021-08-03 08:01:17 +10:00
Rafael dos Santos Silva e92163367d
FIX: Upload placeholder was missing line break (#13917) 2021-08-02 16:33:51 -03:00
Jean e7b8e75583
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
Joe 7b56325f89
UX: adds hover title with full date to admin users columns (#13913)
This PR adds a hover title to a few columns on the admin users' page

/admin/users/list/active

The hover title will show the date in full format on those columns with shortened dates
2021-08-02 20:54:05 +08:00
Bianca Nenciu fbf7627c8e
FIX: Make search work with sub-sub-categories (#13901)
Searching in a category looked only one level down, ignoring the site
setting max_category_nesting. The user interface did not support the
third level of categories and did not display them in the "Categorized"
input of the advanced search options.
2021-08-02 14:04:13 +03:00
Alan Guo Xiang Tan 016efeadf6
FEATURE: New and Unread messages for user personal messages. (#13603)
* FEATURE: New and Unread messages for user personal messages.

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2021-08-02 12:41:41 +08:00
Arpit Jalan fe3e18f981
FIX: do not show private group flair on user avatars (#13872)
Meta ref: https://meta.discourse.org/t/visible-flair-for-invisible-groups-is-that-on-purpose/167674
2021-08-02 06:21:00 +05:30
dependabot[bot] 2d02ae36b5
Build(deps): Bump faraday from 1.5.1 to 1.6.0 (#13908)
Bumps [faraday](https://github.com/lostisland/faraday) from 1.5.1 to 1.6.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v1.5.1...v1.6.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-02 00:47:10 +02:00
dependabot[bot] d43c538b58
Build(deps): Bump loofah from 2.10.0 to 2.11.0 (#13909)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-02 00:46:25 +02:00
Kris 00820f0fad
UX: History controls should use nav-pill styles (#13904) 2021-07-30 19:52:15 -04:00
Rafael dos Santos Silva d2ab5ab53f
FIX: Better composer placeholder handling during media optimization (#13907) 2021-07-30 18:46:55 -03:00
1resu c640eee512 Update .ruby-version.sample
...to match the recommended Ruby version
2021-07-30 14:42:14 -04:00
Jean ac777440fd
FIX: Validate value of custom dropdown user fields - dropdowns and multiple selects (#13890) 2021-07-30 13:50:47 -04:00
jbrw 2f28ba318c
FEATURE: Onebox can match engines based on the content_type (#13876)
* FEATURE: Onebox can match engines based on the content_type

`FinalDestination` now returns the `content_type` of a resolved URL.

`Oneboxer` passes this value to `Onebox` itself. Onebox engines can now specify a `matches_content_type` regex of content_types that the engine can handle, regardless of the URL.

`ImageOnebox` will match URLs with a content type of `image/png`, `jpg`, `gif`, `bmp`, `tif`, etc.

This will allow images that exist at a URL without a file type extension to be correctly rendered, assuming a valid `content_type` is returned.
2021-07-30 13:36:30 -04:00
Andrei Prigorshnev f0d048b42a
DEV: don't swallow a promise from group.findMembers method and switch to using async/await (#13888) 2021-07-30 21:00:34 +04:00
Jarek Radosz f740c1a952
DEV: Clear all `navItem` information between tests (#13903)
Expands the original `clearCustomNavItemHref` from #13025. Fixes issues with discourse-assign tests.
2021-07-30 18:05:04 +02:00
David Taylor 0ac2cfa68c
DEV: Add `GeoList2-ASN.mmdb` and `.bundle` to `.gitignore` (#13902)
- `GeoList2-ASN.mmdb` is one of the MaxMind databases we use for geolocation
- `.bundle/` is created when you run something like `bundle config set --local ...`
2021-07-30 16:17:55 +01:00
David Taylor ccf1cd0ca6
UX: Improve copy when a group member search returns no results (#13899)
Previously it would say "There are no members in this group". Now it says "No members match that search."

https://meta.discourse.org/t/group-username-search-empty-search-message-is-wrong/198609
2021-07-30 11:40:21 +01:00