Commit Graph

8222 Commits

Author SHA1 Message Date
Osama Sayegh e40c4bb7f9
FIX: Validate category tag restrictions before sending new topics to review (#16292)
Tags (and tag groups) can be configured so that they can only be used in specific categories and (optionally) restrict topics in these categories to be able to add/use only these tags. These restrictions work as expected when a topic is created without going through the review queue; however, if the topic has to be reviewed by a moderator then these restrictions currently aren't checked before the topic is sent to the review queue, but they're checked later when a moderator tries to approve the topic. This is because if a user manages to submit a topic that doesn't meet the restrictions, moderators won't be able to approve and it'll be stuck in the review queue.

This PR prevents topics that don't meet the tags requirements from being sent to the review queue and shows the poster an error message that indicates which tags that cannot be used.

Internal ticket: t60562.
2022-03-28 21:25:26 +03:00
Mark VanLandingham a3563336db
FIX: Bug setting notification level to muted/ignored on user page (#16268) 2022-03-25 10:51:45 -05:00
Andrei Prigorshnev 5423d46442
UX: cleaner messages for empty state on the user activity topics page (#16267) 2022-03-25 00:20:55 +04:00
OsamaSayegh 771dddb711 A11Y: Make the views column in topics lists tabbable 2022-03-24 13:42:24 +03:00
OsamaSayegh bc54b0055c A11Y: Improve topic entrance modal
Clicking the Replies cell of a topic in a topics list shows a little
modal with 2 buttons that take you to the first and last posts of the
topic. This modal is currently completely inaccessible to
keyboard/screen reader users because it can't be reached using the
keyboard.

This commit improves the modal so that it traps focus when it's shown
and makes it possible to close the modal using the esc key.
2022-03-24 13:42:24 +03:00
OsamaSayegh 0d4fad67db A11Y: Add `aria-label`s to topics list column headers
Topics lists like /latest are ordered by last activity date by default,
but the order can be changed (and reversed) to something else such as
replies count and views count by clicking on the corresponding column
header in the topics list. These column headers are tabbable, but screen
readers announce them as, using the replies column as example, `Replies
toggle button`. This doesn't communicate very well that this the button
changes the order, so this commit adds `aria-label`s to all column
headers to make it clear that they change order. The current copy for
the `aria-label` is `Sort by replies`.
2022-03-24 13:42:24 +03:00
David Taylor daacb3b038 FIX: Ensure all/none subcategory filters work correctly with tags
This is done by defining a `/all` route for use when a category's default filter is 'none'. This was defined for regular category routes in 3e7f7fdd, but not for tag routes.

This commit also corrects the route name TagsShowNoneCategory*Route -> TagsShowCategoryNone*Route, which fixes an error when setting subcategories=none while filtering by tags.
2022-03-22 15:26:00 +00:00
Discourse Translator Bot b8a98708d8
Update translations (#16250) 2022-03-22 16:01:16 +01:00
Robin Ward d025405130
FIX: When using Ember CLI, plugin admin code was not being loaded in tests (#16239) 2022-03-21 15:46:41 -04:00
Ella E 3b8ff1184f
update button label to be more clear (#16205) 2022-03-16 14:54:23 -06:00
Mark VanLandingham cea0b9cefb
DEV: Reserve usernames for chat and sunset `chat_group_mention` (#16200) 2022-03-16 08:55:21 -05:00
Sam 81be734873
FEATURE: enable canonical url indexing (#16196)
We rolled out a change to disable canonical indexing.

The goal behind it was to limit crawl budget by Google being spent
scanning non canonical topic links.

Since this change was applied we rolled out 2 fixes that made the change
no longer needed.

1. Topic RSS feeds are no longer followed, links in the RSS feeds are
not followed.

2. Post RSS feeds now contain canonical links.

Combined these two changes mean crawlers no longer discover a large
amount on non-canonical links on Discourse sites.
2022-03-16 09:36:04 +11:00
Penar Musaraj 593f3e5dd8
UX: Styling changes to global banner (#16191) 2022-03-15 16:19:55 +01:00
Discourse Translator Bot 20a954fa0f
Update translations (#16194) 2022-03-15 14:40:40 +01:00
Blake Erickson 02fa04e333
FIX: Update topic route id param (#16166)
This update topic route has never worked. Better late than never. I am
in favor of using non-slug urls when using the api so I do think we
should fix this route.

Just thought I would update the `:id` param to `:topic_id` here in the
routes file instead of updating the controller to handle both params.

Added a spec to test this route.

Also added the same constraint we have on other topic routes to ensure
we only pass in an ID that is a digit.
2022-03-11 11:01:08 -07:00
Bianca Nenciu 7a416257df
FIX: Invalidate site settings cache in all instances (#16155)
Previous cache implementation did not support multisite instances and
the cache was invalidated only in the instance where the change took
place.
2022-03-11 17:16:56 +02:00
maiki 8e010aecfb
Remove a few words for clarity (#16162)
Remove extra words from two descriptions for user like reports
2022-03-11 09:33:16 +08:00
Discourse Translator Bot 93407005b5
Update translations (#16132) 2022-03-10 16:51:47 +01:00
Martin Brennan ca93e5e68b
FIX: Allow admins to change user ignore list (#16129)
Previously, if an admin user tried to add/remove
users to another user's ignored list, it would
be added to their own ignore list because the
controller used current_user. Now for admins only
a source_user_id parameter can be passed through,
which will be used to ignore the target user for
that source user.
2022-03-09 14:51:30 +10:00
Bianca Nenciu 6d422a8033
FEATURE: Highlight expired bookmark reminders (#15317)
The user can select what happens with a bookamrk after it expires. New
option allow bookmark's reminder to be kept even after it has expired.
After a bookmark's reminder notification is created, the reminder date
will be highlighted in red until the user resets the reminder date.
User can do that using the new Clear Reminder button from the dropdown.
2022-03-08 19:44:18 +02:00
Bianca Nenciu f5422f91aa
FEATURE: Add link to original image in lightbox (#15640)
Adds a link to the original image next to the download link. It can be
used to view full resolution image in the browser.
2022-03-08 19:39:46 +02:00
Martin Brennan 7af01d88d2
FIX: Better 0 file size detection and logging (#16116)
When creating files with create-multipart, if the file
size was somehow zero we were showing a very unhelpful
error message to the user. Now we show a nicer message,
and proactively don't call the API if we know the file
size is 0 bytes in JS, along with extra console logging
to help with debugging.
2022-03-07 12:39:33 +10:00
Blake Erickson d760fd4074
DEV: Add API scope for categories endpoint (#16105)
This change adds support for the categories endpoint to have an api
scope. Only adds GET scope for listing categories and for fetching a
single category.

See: https://meta.discourse.org/t/218080/4
2022-03-04 14:29:47 -07:00
David Taylor eb2e3b510d
FEATURE: Introduce 'Subcategories with featured topics' view (#16083)
This categories view is designed for sites which make heavy use of subcategories, and use top-level categories mainly for grouping
2022-03-04 21:11:59 +00:00
Blake Erickson 07e80b52ef
DEV: Add api scoping for updating topics. (#16101)
This change adds a new api scope for updating topics.

See: https://meta.discourse.org/t/219805
2022-03-04 10:44:56 -07:00
Osama Sayegh 8c71878ff5
UX: Add description to the 2FA page when adding new admins (#16098)
This PR adds an extra description to the 2FA page when granting a user admin access. It also introduces a general system for adding customized descriptions that can be used by future actions.

(Follow-up to dd6ec65061)
2022-03-04 06:43:06 +03:00
David Taylor a7db0ce985
UX: Differentiate 'emails disabled' notice for 'yes' and 'non-staff' (#16096) 2022-03-03 15:49:20 +00:00
Dan Ungureanu e3b4998efc
DEV: Remove notify user topic from share modal (#16085)
This feature was rarely used, could be used for spamming users and was
impossible to add a context to why the user was notified of a topic. A
simple private messages that includes the link and personalized message
can be used instead.
2022-03-03 09:27:45 +11:00
Discourse Translator Bot 9d2c5c489e
Update translations (#16074) 2022-03-01 22:56:34 +01:00
Martin Brennan ff96d541e9
FEATURE: Add fullscreen button for code blocks (#16044)
This commit extends the original copy-codeblocks initializer,
renaming it to codeblock-buttons, and adding another button
to make the code block fullscreen in a modal window. The fullscreen
code is then run through highlight.js.

This commit also moves much of the code out of the initializer
and into a reusable CodeblockButtons class, so it can also be used
in the fullscreen code modal for the copy + paste button.

The fullscreen button will not be shown if there is no scroll overflow
in the code block, nor will it be shown on mobile. This commit also
changes the fullscreen table button to not show on mobile.

This will make long lines of code much easier to read and interact
with. This is gated behind the same `show_copy_button_on_codeblocks`
site setting.
2022-03-01 08:37:24 +10:00
Jarek Radosz 2fc70c5572
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.

Heredoc tag names we use:

languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-02-28 20:50:55 +01:00
Jeff Wong d1bdb6c65d
FEATURE: upload an avatar option for uploading avatars with selectable avatars (#15878)
* FEATURE: upload an avatar option for uploading avatars with selectable avatars

Allow staff or users at or above a trust level to upload avatars even when the site
has selectable avatars enabled.

Everyone can still pick from the list of avatars. The option to upload is shown
below the selectable avatar list.

refactored boolean site setting into an enum with the following values:

disabled: No selectable avatars enabled (default)
everyone: Show selectable avatars, and allow everyone to upload custom avatars
tl1: Show selectable avatars, but require tl1+ and staff to upload custom avatars
tl2: Show selectable avatars, but require tl2+ and staff to upload custom avatars
tl3: Show selectable avatars, but require tl3+ and staff to upload custom avatars
tl4: Show selectable avatars, but require tl4 and staff to upload custom avatars
staff: Show selectable avatars, but only allow staff to upload custom avatars
no_one: Show selectable avatars. No users can upload custom avatars

Co-authored-by: Régis Hanol <regis@hanol.fr>
2022-02-24 12:57:39 -08:00
Osama Sayegh 9c1ab97c01
DEV: Ensure Mini Profiler's `cookie_path` is not empty or nil (#16039)
Follow-up to 9c50c69bd2.
2022-02-23 22:18:58 +03:00
Jeff Wong 9c50c69bd2
FIX: dev subfolder session cookies (#16031)
rack-mini-profiler was setting a cookie path of / which was clobbering
the session cookie path of Discourse.base_path.

Fixes some issues when local dev is unable to read or write from/to
the user session, such as during omniauth CSRF checks.
2022-02-23 06:42:57 -08:00
David Taylor 98a7fa3d1a
PERF: Bump message_bus to 4.2 (#16026)
This includes upstream performance improvements. For details, see 1baa1ea4a5
2022-02-22 16:16:02 +00:00
Discourse Translator Bot 50da1375ca
Update translations (#16024) 2022-02-22 14:20:23 +01:00
Joffrey JAFFEUX f5ec32bc8c
FEATURE: adds the user_promoted event to webhooks (#15996) 2022-02-22 10:57:18 +01:00
Bianca Nenciu 90c3695ab0
FEATURE: Rename Reset Read bulk action to Defer (#15972)
It is enabled only if defer is enabled in user options too and if the
button shows up in the topic's footer.
2022-02-21 22:45:01 +02:00
Bianca Nenciu ae1d2d957f
FEATURE: Replace share post popup with share modal (#15875)
This uniformizes the topic share modal and the post link popup. It also
introduces a new feature which can notify the user of a post.
2022-02-21 22:14:28 +02:00
Rafael dos Santos Silva 5c9ca07119
FEATURE: Disable indexing of non-canonical pages by default (#16015)
Enables the setting introduced in 5647819 by default, as early results
show improvement in websites crawl budget.
2022-02-21 16:16:22 -03:00
Bianca Nenciu 53f9a1a469
FEATURE: Add settings to scale daily flags limit (#15983)
Similar site settings exist for likes and edits and the new ones work
in a similar way.

By default, users below TL2 have a limit of 20, the limit is increased
by 1.5 for TL2 users up to 30, by 2 for TL3 users up to 40 and by 3 for
TL4 users up to 60.
2022-02-18 14:44:32 +02:00
David Taylor f2762114e0
PERF: Reduce anon_polling_interval to match long_polling_interval (#15992)
The 5s difference was causing anon clients to have ~5s gaps between their long-polling requests. On busy sites, this could be enough time for them to build up a backlog, which then becomes much more expensive for us on the server-side.
2022-02-18 10:53:14 +00:00
David Taylor df96374700
UX: Add 'update' to theme error message (#15977) 2022-02-17 14:21:18 +00:00
Osama Sayegh dd6ec65061
FEATURE: Centralized 2FA page (#15377)
2FA support in Discourse was added and grown gradually over the years: we first
added support for TOTP for logins, then we implemented backup codes, and last
but not least, security keys. 2FA usage was initially limited to logging in,
but it has been expanded and we now require 2FA for risky actions such as
adding a new admin to the site.

As a result of this gradual growth of the 2FA system, technical debt has
accumulated to the point where it has become difficult to require 2FA for more
actions. We now have 5 different 2FA UI implementations and each one has to
support all 3 2FA methods (TOTP, backup codes, and security keys) which makes
it difficult to maintain a consistent UX for these different implementations.
Moreover, there is a lot of repeated logic in the server-side code behind these
5 UI implementations which hinders maintainability even more.

This commit is the first step towards repaying the technical debt: it builds a
system that centralizes as much as possible of the 2FA server-side logic and
UI. The 2 main components of this system are:

1. A dedicated page for 2FA with support for all 3 methods.
2. A reusable server-side class that centralizes the 2FA logic (the
`SecondFactor::AuthManager` class).

From a top-level view, the 2FA flow in this new system looks like this:

1. User initiates an action that requires 2FA;

2. Server is aware that 2FA is required for this action, so it redirects the
user to the 2FA page if the user has a 2FA method, otherwise the action is
performed.

3. User submits the 2FA form on the page;

4. Server validates the 2FA and if it's successful, the action is performed and
the user is redirected to the previous page.

A more technically-detailed explanation/documentation of the new system is
available as a comment at the top of the `lib/second_factor/auth_manager.rb`
file. Please note that the details are not set in stone and will likely change
in the future, so please don't use the system in your plugins yet.

Since this is a new system that needs to be tested, we've decided to migrate
only the 2FA for adding a new admin to the new system at this time (in this
commit). Our plan is to gradually migrate the remaining 2FA implementations to
the new system.

For screenshots of the 2FA page, see PR #15377 on GitHub.
2022-02-17 12:12:59 +03:00
megothss c71c107649
FIX: Don't accept accents in slug if generation_method == 'ascii' (#15702)
* FIX: Don't accept accents in slug if generation_method == 'ascii'

Fixes bug reported in:
- https://meta.discourse.org/t/404-when-trying-to-edit-category-with-accent-in-slug/214762
- https://meta.discourse.org/t/formatting-and-accents-in-urls/215734/5

Assuming `SiteSetting.slug_generation_method == 'ascii'.

If the user provides a slug containing non-ascii characters while
creating the category, the user will receive a 404 error just
after saving the category since the slug will be escaped anyway but
Category.find_by_slug_path won't escape the category slug
causing the Edit Page of the category to be inaccessible.

This commit checks the provided slug and raises an error if the
provided slugcontains non-ascii characters ensuring that the
provided value is consistent with the site settings.

It also changes Category.find_by_slug_path to always escape the slug,
since if present, it is escaped anyway in Category.ensure_slug to
prevent the 404 in the Edit Category Page in case the user already
have some category with a non-ascii slug.

* Removed trailing whitespace
2022-02-17 13:46:06 +11:00
Dan Ungureanu effbd6d3e4
FEATURE: Show error if invite to topic is invalid (#15959)
This can happen if the topic to which a user is invited is in a private
category and the user was not invited to one of the groups that can see
that specific category.

This used to be a warning and this commit makes it an error.
2022-02-16 18:35:02 +02:00
Rafael dos Santos Silva d83da596be
FIX: Redis may not be availiable on Redis initializer (#15955) 2022-02-15 15:25:22 +00:00
Discourse Translator Bot 12423b56cb
Update translations (#15928) 2022-02-15 15:10:10 +01:00
Rafael dos Santos Silva 4d3da70bc6
PERF: Use Redis `SET EX GET` instead of LUA script for counting (#15939)
This will prevent Discourse from booting on Redis < 6.2.0
2022-02-15 10:36:07 -03:00
David Taylor ebb5c1ff4d
DEV: Prefix deprecation notices with plugin name (#15942)
To make this possible in development mode, the `sourceURL=` implementation needs to include something plugin-specific. This has no effect on production.

The asset version is bumped in order to trigger a re-compilation of plugin JS assets.
2022-02-14 20:13:52 +00:00
David Taylor 3405f66b7e
UX: Improve default_code_lang copy (#15940)
Co-authored-by: Dax74 <Dax74@users.noreply.github.com>
2022-02-14 19:16:09 +00:00
David Taylor 07893779df
DEV: Correct service-worker sourceMappingURL (#15916)
We serve `service-worker.js` in an unusual way, which means that the sourcemap is not available on an adjacent path. This means that the browser fails to fetch the map, and shows an error in the console.

This commit re-writes the source map reference in the static_controller to be an absolute link to the asset (including the appropriate CDN, if enabled), and adds a spec for the behavior.

It's important to do this at runtime, rather than JS precompile time, so that changes to CDN configuration do not require re-compilation to take effect.
2022-02-14 12:47:56 +00:00
David Taylor af24c10314 DEV: Improve theme error handling UX
- Update UI to improve contrast
- Make it clear that the message is only shown to administrators
- Add theme name and id to the console output
- Parse the error backtrace to identify the theme-id for post-decoration errors
- Improve console output to include the theme name / URL
- Add `?safe_mode=no_custom` to the admin panel link, so that it will work even if the theme is causing the site to break
2022-02-14 10:11:19 +00:00
Régis Hanol 0cda57f236
I18N: improve 'here_mention' site setting's description (#15912)
Inspired by [this suggestion](https://meta.discourse.org/t/what-is-a-here-mention/217878/3) from G Ann Campbell

> I suppose the description of the “here mention” field could be improved to something like:
> "Name used for @here mention to allow a privileged user to notify up to 10 people participating in the thread. Must not…"
2022-02-11 16:21:41 +01:00
Alan Guo Xiang Tan 8e5b945b0f
Revert "DEV: Improve theme error handling UX" (#15900)
`PrettyText.cook` is breaking on some sites. Revert for now while we
investigate.

This reverts commit c81d369ab6.
2022-02-11 11:30:36 +08:00
Alan Guo Xiang Tan b876ff6281
FIX: Update user stat counts when post/topic visibility changes. (#15883)
Breakdown of fixes in this commit:

* `UserStat#topic_count` was not updated when visibility of
the topic changed.

* `UserStat#post_count` was not updated when post was hidden or
unhidden.

* `TopicConverter` was only incrementing or decrementing the counts by 1
even if a user has multiple posts in the topic.

* The commit turns off the verbose logging by default as it is just
noise to normal users who are not debugging this problem.
2022-02-11 09:00:58 +08:00
David Taylor c81d369ab6 DEV: Improve theme error handling UX
- Update UI to improve contrast
- Make it clear that the message is only shown to administrators
- Add theme name and id to the console output
- Parse the error backtrace to identify the theme-id for post-decoration errors
- Improve console output to include the theme name / URL
- Add `?safe_mode=no_custom` to the admin panel link, so that it will work even if the theme is causing the site to break
2022-02-10 22:56:11 +00:00
Joffrey JAFFEUX b3ecf00c98
DEV: adds initial support for custom blocks using code fencing (#15743)
Allows to write custom code blocks:

```
   ```mermaid height=200,foo=bar
   test
   ```
```

Which will then get converted to:

```
<pre data-code-wrap="mermaid" data-code-height="200" data-code-foo="bar">
  <code class="lang-nohighlight">
    test
  </code>
</pre>
```
2022-02-09 11:23:44 +01:00
Blake Erickson 71f7f7ed49
FEATURE: Add external_id to topics (#15825)
* FEATURE: Add external_id to topics

This commit allows for topics to be created and fetched by an
external_id. These changes are API only for now as there aren't any
front changes.

* add annotations

* add external_id to this spec

* Several PR feedback changes

- Add guardian to find topic
- 403 is returned for not found as well now
- add `include_external_id?`
- external_id is now case insensitive
- added test for posts_controller
- added test for topic creator
- created constant for max length
- check that it redirects to the correct path
- restrain external id in routes file

* remove puts

* fix tests

* only check for external_id in webhook if exists

* Update index to exclude external_id if null

* annotate

* Update app/controllers/topics_controller.rb

We need to check whether the topic is present first before passing it to the guardian.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

* Apply suggestions from code review

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-02-08 20:55:32 -07:00
Discourse Translator Bot fa9b2b4f42
Update translations (#15864) 2022-02-08 14:13:14 +01:00
David Taylor ecc07fd8dc
DEV: Make Ember CLI assets the default in production (#15861)
This was reverted in e92f57255d due to memory usage concerns. This memory issue was resolved by 4cceb55621.
2022-02-08 10:03:53 +00:00
David Taylor e92f57255d
Revert "DEV: Make Ember CLI assets the default in production (#15843)" (#15852)
This reverts 1b622667bc

We have had reports of issues rebuilding under memory-constrained environments. Reverting while we investigate further.
2022-02-07 20:31:10 +00:00
Osama Sayegh 9bfe5e58d3
Revert "DEV: Add context in `AdminConstraint` (#15838)" (#15845)
This reverts commit 492226a973.
2022-02-07 21:05:19 +03:00
David Taylor c8c23ba557
DEV: Introduce deprecation warning for non-json Job arguments (#15842)
This commit introduces our own handling and warning for Sidekiq's new 'non-json-serializable' warning. This decouples us from Sidekiq's own deprecation cycle, and allows us to use our own deprecation system. It also means that the dump/parse happens in test mode, which will help us to catch occurrences before they reach production.
2022-02-07 17:59:55 +00:00
David Taylor 1b622667bc
DEV: Make Ember CLI assets the default in production (#15843)
This can be disabled by setting `EMBER_CLI_PROD_ASSETS=0`, but this option will not be available for long. If your theme/plugin/site has issues under Ember CLI, please open a topic on https://meta.discourse.org
2022-02-07 15:25:57 +00:00
Osama Sayegh 492226a973
DEV: Add context in `AdminConstraint` (#15838)
This allows plugins to override the permissions required to access
specific things like the Logster and Sidekiq web UI without the changes
leaking to the rest of Discourse routes.
2022-02-07 16:25:31 +03:00
Martin Brennan 0a738bd5bc
FEATURE: Allow sending group SMTP emails with from alias (#15687)
This commit allows group SMTP emails to be sent with a
different from email address that has been set up as an
alias in the email provider. Emails from the alias will
be grouped correctly using Message-IDs in the mail client,
and replies to the alias go into the correct group inbox.
2022-02-07 13:52:01 +10:00
Alan Guo Xiang Tan 930f51e175 FEATURE: Split up text segmentation for Chinese and Japanese.
* Chinese segmenetation will continue to rely on cppjieba
* Japanese segmentation will use our port of TinySegmenter
* Korean currently does not rely on segmentation which was dropped in c677877e4f
* SiteSetting.search_tokenize_chinese_japanese_korean has been split
into SiteSetting.search_tokenize_chinese and
SiteSetting.search_tokenize_japanese respectively
2022-02-07 09:21:14 +08:00
David Taylor fe5bfc8d3b
DEV: Route Sidekiq logs to Rails logger (#15817)
Most of our logging goes through Rails.logger, and therefore appears in Logster at `/logs` on a site. The Sidekiq logger was bypassing this and writing directly to STDERR.

Unfortunately it's not possible to do `Sidekiq.logger = Rails.logger` because `Sidekiq#logger=` applies a number of patches to the logger instance, causing our whole logging system to break.

Instead, this commit adds a dedicated Logger instance with no output, which is then patched to forward all messages directly to `Rails.logger`
2022-02-04 16:28:20 +00:00
Discourse Translator Bot 0dfaaf49a5
Update translations (#15816) 2022-02-04 16:23:45 +00:00
janzenisaac cffc2836cb
DEV: Don't allow users to immediately reinvite (#15722)
- Limit bulk re-invite to 1 time per day
- Move bulk invite by csv behind a site setting (hidden by default)
- Bump invite expiry from 30 -> 90 days

## Updates to rate_limiter
When limiting reinvites I found that **staff** are never limited in any way. So I updated the **rate_limiter** model to allow for a few things:
- add an optional param of `staff_limit`, which (when included and passed values, and the user passes `.staff?`) will override the default `max` & `secs` values and apply them to the user.
- in the case you **do** pass values to `staff_limit` but the user **does not** pass `staff?` the standard `max` & `secs` values will be applied to the user.

This should give us enough flexibility to 
1. continue to apply a strict rate limit to a standard user
2. but also apply a secondary (less strict) limit to staff
2022-02-03 13:07:40 -06:00
David Taylor dfcb8a72fd
DEV: Ensure Sidekiq warnings are logged to STDERR (#15800)
The default configuration will log to STOUT, which pollutes the output of scripts/rake-tasks
2022-02-03 14:24:15 +00:00
Natalie Tay 23a8341b28
FEATURE: Validate domain settings for blocked_onebox_domain only (#15754)
We want to prevent the user from adding ? or * minimally
when setting domains in sitesettings
2022-02-03 11:26:53 +08:00
Discourse Translator Bot 022480b461
Update translations (#15763) 2022-02-01 16:15:18 +01:00
Andrei Prigorshnev dad2e5e513
FEATURE: make the use_email_for_username_and_name_suggestions setting visible and on by default on existing sites (#15751) 2022-02-01 14:55:17 +04:00
Régis Hanol e1367cdea6
I18N: Improve copy on blocked words error messages (#15741) 2022-01-28 17:12:35 +01:00
Michael Brown 23d7fcf9a1 FIX: remove duplicated word from client strings 2022-01-27 14:03:45 -05:00
Discourse Translator Bot 332266cbee
Update translations (#15731) 2022-01-27 15:18:29 +01:00
Discourse Translator Bot 5fd13380d8
Update translations (#15705) 2022-01-25 14:27:05 +01:00
Discourse Translator Bot a5cb6ab8a0
Update translations (#15696) 2022-01-24 20:13:10 +01:00
Discourse Translator Bot f0435ca1a7
Update translations (#15673) 2022-01-23 11:14:20 +01:00
Discourse Translator Bot 14b8cd5e17
Update translations (#15637) 2022-01-18 14:41:41 +01:00
Martin Brennan 35343e7f91
FIX: Improve emoji upload UI (#15603)
This commit adds a hover effect for drag and drop in
the admin emoji uploader. It also changes the "Add New
Emoji" button to open the file selector; previously it
was useless because it was disabled unless a name was
entered (which is not even a requirement for the emoji)
and also it didn't actually do anything on click even
if it wasn't disabled.

Now we have a way of adding files without having to drag
and drop them, which is nice.

Also in this PR, there was no indication before that the upload was
complete apart from the button becoming enabled again.
This commit adds the highlight class to the emoji list
and removes it once the highlight fade animation is done,
like we do for new posts.
2022-01-17 11:48:49 +10:00
Roman Rizzi 8b3d50713d
FIX: Pass category and tag IDs to the emit webhook event job. (#15568)
* FIX: Pass category and tag IDs to the emit webhook event job.

Like webhooks won't fire when they're scoped to specific categories or tags because we're not passing the data to the job that emits it.

* Update config/initializers/012-web_hook_events.rb

Co-authored-by: Dan Ungureanu <dan@ungureanu.me>

Co-authored-by: Dan Ungureanu <dan@ungureanu.me>
2022-01-14 11:17:38 -03:00
Robin Ward 6272edd121 DEV: Support for running theme test with Ember CLI (third attempt)
The second attempt fixed issues with smoke test.

This one makes sure minification only happens in production mode.
2022-01-13 16:02:07 -05:00
Martin Brennan 107239a442
Revert "DEV: Support for running theme test with Ember CLI (second attempt)" (#15559)
This reverts commit 2c7906999a.

The changes break some things in local development (putting JS files
into minified files, not allowing debugger, and others)
2022-01-13 10:05:35 +10:00
Jarek Radosz aee9fcd257
DEV: Update message_bus to 4.0.0 (#15553) 2022-01-13 08:14:52 +11:00
Robin Ward 2c7906999a DEV: Support for running theme test with Ember CLI (second attempt)
This PR includes support for running theme tests in legacy ember
production envrionments.
2022-01-12 15:43:29 -05:00
David Taylor 252bb87ab3
Revert "DEV: Support for running theme test with Ember CLI" (#15547)
This reverts commit ea84a82f77.

This is causing problems with `/theme-qunit` on legacy, non-ember-cli production sites. Reverting while we work on a fix
2022-01-11 23:38:59 +00:00
Robin Ward ea84a82f77 DEV: Support for running theme test with Ember CLI
This is quite complex as it means that in production we have to build
Ember CLI test files and allow them to be used by our Rails application.

There is a fair bit of glue we can remove in the future once we move to
Ember CLI completely.
2022-01-11 15:42:13 -05:00
Discourse Translator Bot 2976b63094
Update translations (#15540) 2022-01-11 14:21:34 +01:00
David Taylor b3e52f99e6
FIX: LOAD_PLUGINS=0 in dev/prod, warn in plugin:pull_compatible_all (#15537)
The `plugin:pull_compatible_all` task is intended to take incompatible plugins and downgrade them to an earlier version. Problem is, when running the rake task in development/production environments, the plugins have already been activated. If an incompatible plugin raises an error in `plugin.rb` then the rake task will be unable to start.

This commit centralises our LOAD_PLUGINS detection, adds support for LOAD_PLUGINS=0 in dev/prod, and adds a warning to `plugin:pull_compatible_all` if it's run with plugins enabled.
2022-01-11 12:30:22 +00:00
Bianca Nenciu 5d35c38db2
FEATURE: Search screened IP address in blocks (#15461)
An admin could search for all screened ip addresses in a block by
using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16.
This feature allows admins to search for a single IP address in all
screened IP blocks. 192.168.0.1 returns all IP blocks that match it,
for example 192.168.0.0/16.

* FEATURE: Remove roll up button for screened IPs

* FIX: Match more specific screened IP address first
2022-01-11 09:16:51 +02:00
Bianca Nenciu 5a8b8f6f1e
FEATURE: Show warning if user won't be mentioned (#15339)
The new warnings cover more cases and more accurate. Most of the
warnings will be visible only to staff members because otherwise they
would leak information about user's preferences.
2022-01-11 09:16:20 +02:00
Vinoth Kannan 6626089034
UX: change text of public_topic action code in login required sites. (#14764)
The wording "made this topic public" made confusion in login required forums.
2022-01-11 11:35:16 +05:30
Meghna 5c74f048a5
UX: updated "accept invite" error page (#15490) 2022-01-09 10:21:42 +05:30
Jarek Radosz 5a50f18c0c
DEV: Avoid `$` globals (#15453)
Also:
* Remove an unused method (#fill_email)
* Replace a method that was used just once (#generate_username) with `SecureRandom.alphanumeric`
* Remove an obsolete dev puma `tmp/restart` file logic
2022-01-08 23:39:46 +01:00
Jarek Radosz 5b6acea56e DEV: Remove obsolete topic-progress code 2022-01-06 09:04:30 +08:00
janzenisaac 22e8f8af6d
FIX: Clean flagged queue when response to flagged post deleted (#15463) 2022-01-05 12:37:15 -06:00
Peter Zhu c5fd8c42db
DEV: Fix methods removed in Ruby 3.2 (#15459)
* File.exists? is deprecated and removed in Ruby 3.2 in favor of
File.exist?
* Dir.exists? is deprecated and removed in Ruby 3.2 in favor of
Dir.exist?
2022-01-05 18:45:08 +01:00