Commit Graph

21217 Commits

Author SHA1 Message Date
Martin Brennan cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Kris dd52291fb7 UX: Center featured topic on mobile profiles 2020-01-09 16:35:34 -05:00
Kris ef9828b25d UX: Remove reliance on JS for category box links 2020-01-09 16:25:41 -05:00
Robin Ward dcbe527a82 FIX: Don't log a claimed topic database error during tests
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
Robin Ward d043a4c6fe FIX: Stop logging errors in postgres on reviewable conflict
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.

This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
2020-01-09 12:04:17 -05:00
Jarek Radosz 531016f99b
DEV: Add missing indexes to user_profiles (#8691)
* DEV: Update model annotations
* DEV: Add missing indexes to user_profiles

The columns were changed in 24347ace10 (diff-baa5914c0c7cddf3c8b5cd9139e0d091)
2020-01-09 17:08:55 +01:00
Régis Hanol 92a9ae6ab0
REFACTOR: isValidLink
- Reduced verbose comments
- Merged 2 `if` which had the same logic
2020-01-08 18:14:24 +01:00
David Taylor 5eda44f8f2 FIX: Do not redirect to `/auth/*` urls after authentication
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
2020-01-08 17:06:03 +00:00
Robin Ward e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
David Taylor 4d5b142f1d DEV: Allow `doLogin` to be called with a set of parameters
This can be used for themes/plugins to specify additional URL parameters to be used when starting authentication. Example usage:

```
LoginMethod.findAll()[0].doLogin({params: {mydata: "myvalue"}});
```
2020-01-08 16:13:12 +00:00
Jarek Radosz 502f154cfc
FIX: Don't leak event listeners in user-activity-drafts (#8682) 2020-01-08 16:55:10 +01:00
David Taylor cf60de59b1 FIX: Allow omniauth confirmation page to pass through GET parameters
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
Vinoth Kannan 13f229808a FIX: add noindex header to user profile pages. 2020-01-08 11:26:20 +05:30
Martin Brennan bdff4561d4 FIX: Make scrolling to bottom post in topic more consistent (#8671)
* Make scrolling to bottom post in topic more consistent

* when using the slider to scroll past the bottom post,
  we now scroll to the bottom of the post/page IF the
  post height is > the window height (e.g. really long
  posts). if the post height is smaller, then we lock
  onto and jump to the top of the post
* this also removes the mobile hack that would always jump
  to the top of the last post on mobile

* Prettier lint
2020-01-08 16:37:13 +11:00
Kris a8fbf7c128 minor subcategory box padding adjustments 2020-01-07 20:54:27 -05:00
Mark VanLandingham c01c937151
DEV: Allow returning non-objects from addToolbarPopupMenuOptionsCallback (#8677) 2020-01-07 16:01:11 -06:00
Kris cae60b5900 UX: Sub-sub categories in "Boxes with subcategories" + consistency 2020-01-07 16:38:17 -05:00
Robin Ward abff3716ba
Upgrade handlebars (#8675)
* Upgrade Handlebars to 4.3.0

* Upgrade Handlebars to the latest version
2020-01-07 15:37:37 -05:00
Kris e0539d7ffe remove log 2020-01-07 11:28:56 -05:00
Bianca Nenciu eef21625c6
Rename 'target usernames' with 'target recipients' in Composer (#8606)
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"

This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.

* DEV: Add test for replying to PM
2020-01-07 15:33:48 +02:00
Osama Sayegh d3a64e34e7
DEV: Remove unnecessary debugging line
I was playing with groups locally and saw this line. I suspect this method isn't needed at all because I don't see any reference to it anywhere in the code, and as far as I know ActiveRecord objects don't have an `id!` method so if this method is called dynamically somewhere it's most likely failing.
2020-01-07 15:04:43 +03:00
Joffrey JAFFEUX c495aed6ff
removes logging (#8673) 2020-01-07 12:01:21 +01:00
Joffrey JAFFEUX 7f00cefcac
FIX: onScroll method was not defined on mobile discovery (#8672) 2020-01-07 11:59:58 +01:00
Martin Brennan 5b75b8c135 Still redirect to signed URL for secure uploads
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
2020-01-07 14:02:17 +10:00
Martin Brennan abca91cc4d
FEATURE: Add rake task to disable secure media (#8669)
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-07 12:27:24 +10:00
Blake Erickson fc94b6cb9e
DEV: Remove buffered rendering from topic-list-item (#8589)
* DEV: Remove buffered rendering from topic-list-item

This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: 1c7305c0f1 in this
series.

This is just a refactor and should not change any functionality.

* apply prettier fix

* update syntax

* Use computed properties where possible

* switch to using didReceiveAttrs

* Simplify topic.pinned observer
2020-01-06 17:41:45 -07:00
David Taylor d1779346e8 FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
Penar Musaraj b1402d9f13 DEV: replace "warning" icons with "exclamation-triangle" 2020-01-06 12:51:44 -05:00
Penar Musaraj f755810906 DEV: replace "trash" icons with "trash-alt" 2020-01-06 12:35:00 -05:00
Penar Musaraj 93a556d9a2 DEV: replace "eye-slash" icons with "far-eye-slash" 2020-01-06 12:27:20 -05:00
Penar Musaraj e2e9420204 DEV: Update deprecated icon name 2020-01-06 11:43:32 -05:00
romanrizzi ca07a571c7 FIX: Only agree with the first post when using the 'Delete post + replies and agree' option 2020-01-06 13:38:23 -03:00
David Taylor 784da19e4c
FIX: Cached new topic data should not be deleted after dismiss new (#8660)
43ddf60cdf introduced a new method for dismissing new topics in topic-tracking-state, which works on a per-category basis.

This commit removes the old mechanism, which was to delete all 'new' topics from the local tracking state, regardless of category.
2020-01-06 16:22:40 +00:00
David Taylor 5df815c2ee
FIX: New/unread count after dismissing new topics in a regular category (#8659)
6e1fe22 introduced the possiblity for category_users to have a NULL notification_level, so that we can store `last_seen_at` dates without locking the notification level. At the time, this did not affect the topic-tracking-state query. However, the query changes in f434de2 introduced a slight change in behavior.

Previously, a subquery would look for a category_user with notification_level=mute. f434de2 refactored this to remove the subquery, and inverted some of the logic to suit.

The new query checked for `notification_level <> :muted`. If `notification_level` is NULL, this comparison will return NULL. In this scenario, notification_level=NULL means that we should fall back to the default tracking level (regular), and so we want the expression to resolve as true, not false. There was already a check for the existence of the category_users row, but it did not check for the existence of a NOT NULL notification_level.

This commit amends the expression so that the notification_level will only be compared if it is non-null.
2020-01-06 16:15:24 +00:00
Joffrey JAFFEUX ff151cb580
FIX: allows scroll on load for discovery topic list (#8661) 2020-01-06 15:43:36 +01:00
Vinoth Kannan 7dbde18f02 FIX: keep 'rb' & 'rp' tags in html to markdown conversion. 2020-01-04 17:16:23 +05:30
Robin Ward f7a7263164 FIX: Show uncategorized description on categories page 2020-01-03 11:46:18 -05:00
Robin Ward fe7bb62387 FIX: Descriptions were blank for uncategorized in hamburger menu 2020-01-03 11:10:06 -05:00
Osama Sayegh fac71da605
FIX: Don't give error 500 when invalid date param is given to admin reports (#8658)
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
2020-01-03 17:01:38 +03:00
Sam Saffron 0d757814e5 FIX: correctly account for onebox height when lazy loading images
Page used to jitter when oneboxes loaded images lazily.

Previously we inserted the the "shadow" loading image before the "real" image.

This meant that certain styling with `firstChild` CSS selectors would apply
incorrectly to the shadow image.

Additionally we had special case code for onebox and quoted images that was
not really needed due to this fix.

We had an old fix that used computed style for image height and width in
specific scenarios, we now run it all the time.

On slow devices there was a possibility that the cache fetch after amending
src at the end of the process would cause a flash, this is avoided using a
new onload handler.
2020-01-03 15:15:42 +11:00
Joffrey JAFFEUX ec5418fbb4
FIX: any global notice text can contain HTML (#8655) 2020-01-02 19:58:27 +01:00
Roman Rizzi 98853b217f
FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
David Taylor b60b57cddd
FIX: Allow any protocol in wildcard url checker (#8651)
This is required for people using apps with custom protocols. We still verify the entire URL (including protocol) against the site setting value.

Refactored wildcard_url_checker so that it always returns a boolean, rather than sometimes returning a regex match.
2020-01-02 16:03:13 +00:00
David Taylor 45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Sam Saffron 34ede90927 FIX: under rare conditions saving a new draft could error temporarily
Under rare conditions due to bad HTTP timing and so on a draft could be
set at the exact same time from 2 unicorn workers.

When this happened and all the stars aligned, one of the sets would win
and the other would raise an error.

This transparently handles the situation without adding any cost to the
draft system.

The alternative is to add a distributed mutex, tricky DB transaction or handle
the error in the controller. However this seems like a reasonable way to
work around a pretty big edge case.
2020-01-02 11:38:14 +11:00
David Taylor c7a74e574f FIX: Only show admin wrench when there are actions on mobile
Corrects typo in logic from b725252cd0
2019-12-31 12:35:44 +00:00
David Taylor a4a0d12b39 DEV: Update deprecated FA4 icon name 2019-12-31 11:21:31 +00:00
Krzysztof Kotlarek fd8b98a55e
FIX: don't display cloak on admin tool when the right wrench is clicked (#8641) 2019-12-31 15:16:24 +11:00
Joe b7ed50fe56
prettier 2019-12-31 10:59:38 +08:00
Joe 23a4936826
UX: TMP fix (CSS revert) until translations are ready for flex 2019-12-31 10:43:16 +08:00