Commit Graph

23375 Commits

Author SHA1 Message Date
Robin Ward 30e9112535 Create proper shim for xss library 2020-09-14 15:57:32 -04:00
Robin Ward 7699b90f1a FIX: Wizard does not include `discourse-shims`
This allowed tests to pass even when wizard was broken, which is
obviously very bad.
2020-09-14 12:34:16 -04:00
Joffrey JAFFEUX 9238a9e427
FIX: adds shims for popper in wizard (#10658) 2020-09-14 12:33:14 -04:00
Faizaan Gagan 21adc07057
FIX: upload errors were sometimes not displayed properly (#10605) 2020-09-14 00:13:38 -07:00
Joffrey JAFFEUX e02da64091
FIX: Make form use /u/admin-login instead of /users/admin-login (#10663) 2020-09-14 12:27:06 +10:00
Martin Brennan 5268568d23
FEATURE: Remove user topic timers and migrate to bookmarks with reminders (#10474)
This PR removes the user reminder topic timers, because that system has been supplanted and improved by bookmark reminders. The option is removed from the UI and all existing user reminder topic timers are migrated to bookmark reminders.

Migration does this:

* Get all topic_timers with status_type 5 (reminders)
* Gets all bookmarks where the user ID and topic ID match
* Loops through the found topic timers
  * If there is no bookmark for the OP of the topic, then we just create a bookmark with a reminder
  * If there is a bookmark for the OP of the topic and it does **not** have a reminder set, then just 
update it with the topic timer reminder
  * If there is a bookmark for the OP of the topic with a reminder then just discard the topic timer
* Cancels all outstanding user reminder topic timers
* **Trashes (not deletes) all user reminder topic timers**

Notes:

* For now I have left the user reminder topic timer job class in place; this is so the jobs can be cancelled in the migration. It and the specs will be deleted in the next PR.
* At a later date I will write a migration to delete all trashed user topic timers. They are not deleted here in case there are data issues and they need to be recovered.
* A future PR will change the UI of the topic timer modal to make it look more like the bookmark modal.
2020-09-14 11:11:55 +10:00
Joffrey JAFFEUX 0a4a273ccc
FEATURE: adds support for mobile view on page publishing (#10662) 2020-09-13 13:50:23 +02:00
Joffrey JAFFEUX e8053d17f6
FIX: selected diversity was off by one (#10659) 2020-09-12 09:44:45 +02:00
Robin Ward 24f19e8372 Revert "FIX: Was using a global `Popper` variable"
This reverts commit 05831c2b42.
2020-09-11 17:30:53 -04:00
Robin Ward 7887aaf587 FIX: `isVisible` is no longer allowed even if used properly
This changes it to `shouldShow` instead.
2020-09-11 15:05:50 -04:00
Robin Ward 05831c2b42 FIX: Was using a global `Popper` variable 2020-09-11 15:02:12 -04:00
Robin Ward ac08dfac45 FIX: Ember has deprecated `isVisible` in newer versions 2020-09-11 14:53:44 -04:00
Joffrey JAFFEUX 07d7adb8b4
UX: makes emoji picker case insensitive (#10655) 2020-09-11 19:54:19 +02:00
jbrw 033cebf978
DEV - versions of JS files written to a JS file to be included by loa… (#10649)
* DEV - versions of JS files written to a JS file to be included by load-script and appended as params to URLs

* Formatting

* Incorporate feedback from PR

* Update filename of public-js-versions
2020-09-11 13:53:56 -04:00
Joffrey JAFFEUX 10bdf36a24
FIX: ensures focus is dropped before focus hyperlink input (#10653) 2020-09-11 16:45:51 +02:00
Joffrey JAFFEUX d9aa105c8e
FIX: wrap modal onShow inside next (#10651)
Before this commit, onShow code could be impacted by code happening after the onShow call. This should ensure this code works for example:

```
onShow() {
  afterRender(() => {
    someInput.focus();
  })
}
```
2020-09-11 16:00:31 +02:00
Roman Rizzi 636a3be827
UX: Make the api-keys new and show page a little more responsive (#10629) 2020-09-11 10:38:28 -03:00
Guo Xiang Tan 543e972fec
PERF: Remove category_user lookup when loading private messages.
Private messages do not belong to categories so the query is unnecessary
overhead.
2020-09-11 16:26:38 +08:00
Guo Xiang Tan cd78bcee3a
DEV: Avoid creating the same object repeatedly.
Less objects created per request means less objects for the GC to
collect.
2020-09-11 15:51:11 +08:00
Guo Xiang Tan dbc630f45b
PERF: Fix N+1 queries on private messages route. 2020-09-11 15:20:27 +08:00
Vinoth Kannan 9e4ed03b8f FEATURE: moderators allowed to view groups which members can see.
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.

This reverts commit 7fc7090. And fixed the spec test fails.
2020-09-11 08:20:13 +05:30
Guo Xiang Tan 245d29e5a3
SECURITY: Mod should not see `group_users` and `second_factor_enabled`.
Moderators should not be able to see `UserSerializer#group_users` and `UserSerializer#second_factor_enabled` of other users.

Impact of leaking this is low because the information leaked is not
exploitable.
2020-09-11 10:23:35 +08:00
Guo Xiang Tan 468417a716
PERF: Fix broken memoization in `GroupShowSerializer`. 2020-09-11 10:08:06 +08:00
Guo Xiang Tan 7fc70900d2
Revert "FEATURE: moderators allowed to view groups which members can see."
Build is broken.

This reverts commit 2bf0c4188b.
2020-09-11 10:04:54 +08:00
Kane York e0a0928420
FEATURE: Add bookmarks to the user export (#10591) 2020-09-11 11:03:22 +10:00
Vinoth Kannan 2bf0c4188b FEATURE: moderators allowed to view groups which members can see.
Currently, if a group's visibility is set to "Group owners, members" then the mods can't view those group pages. The same rule is applied for members visibility setting too.
2020-09-11 03:33:44 +05:30
Gerhard Schlager ac70c48be4 FIX: Prevent "uploads are missing in S3" alerts after restoring a backup
After restoring a backup it takes up to 48 hours for uploads stored on S3 to appear in the S3 inventory. This change prevents alerts about missing uploads by preventing the EnsureS3UploadsExistence job from running in the first 48 hours after a restore. During the restore it  deletes the count of missing uploads from the PluginStore, so that an alert isn't triggered by an old number.
2020-09-10 21:37:48 +02:00
Vinoth Kannan ba2f3119c0 UX: display moderators group name in the group dropdown menu. 2020-09-11 00:06:40 +05:30
Penar Musaraj 94ed54a616
DEV: Small refactor of topic progress wrapper positioning (#10646)
This moves the logic for horizontally placing the topic progress wrapper from the JS component to SCSS. Doing so means it is more easily overridable by themes and plugins.

This also changes the left/right spacing from 1em to 2em for non-mobile screens (it fits better on iPad portrait especially).
2020-09-10 13:29:14 -04:00
Ahmed Gagan ddab7cc239
DEV: Add plugin api to permit bulk_action parameters (#10638) 2020-09-10 17:18:45 +01:00
Arpit Jalan 296c707f55 FEATURE: show existing tag name on rename modal
FIX: tags_filter_regexp was not being applied on tag rename
2020-09-10 21:45:05 +05:30
Robert dee451605b
FEATURE: add user opt to select bookmarks as home (#10597)
Admins can currently add the bookmarks discovery route link
to the homepage interface, but users can't presently select
that as their default home view.  This change facilitates that,
adding the option to the existing Default Home Page dropdown on
the User Preferences Interface page.
2020-09-10 11:13:12 -04:00
Jordan Vidrine 5a34c7cc9e FIX: Adds important declaration to `.hidden` utility/helper class
This commit adds the `!important` declaration to `.hidden` utility/helper class. Without the `!important` declaration, it is not applied correctly across the site.
2020-09-10 11:06:50 -04:00
Neil Lalonde 53ffbc8d6e
DEV: add plugin outlet below the categories-only component 2020-09-10 10:39:04 -04:00
Joshua Rosenfeld 86764f3aac
Revert "PERF: Use 1 query to load group and tag notification default."
This reverts commit 5ef9d4d537.

The reverted commit caused issues, https://meta.discourse.org/t/there-are-no-visible-groups/163604. Reverting until further fixes can be put in place.
2020-09-10 08:52:53 -04:00
Guo Xiang Tan f27de87bf3
FIX: Update first_pm_unread_at of user's groups without unread.
If a user always read all group messages, we will never update the
`first_pm_unread_at` column since the previous query will not return the
group_user. Instead, we should update `first_pm_unread_at` to the
current timestamp if the user has read everything.

Follow-up to 9b75d95fc6
2020-09-10 17:19:38 +08:00
Guo Xiang Tan 81d3c4a7a1
DEV: Remove unused function. 2020-09-10 15:11:35 +08:00
Guo Xiang Tan 5ef9d4d537 PERF: Use 1 query to load group and tag notification default. 2020-09-10 13:19:43 +08:00
Martin Brennan 40d5739a80
DEV: Review fixes for bookmark-list (#10642)
Make removeBookmark return a promise and do not use setProperties for no reason.

More context at https://review.discourse.org/t/fix-add-bookmark-list-component-10451/14450/3
2020-09-10 15:01:53 +10:00
Guo Xiang Tan 521782fc9c
FIX: Search checkboxes incorrectly being checked on similar prefix.
Incorrect search filters like `in:personalasd` will end up checking the
checkbox for `in:personal` because the regexp used was only doing prefix
matching.
2020-09-10 11:49:52 +08:00
Martin Brennan 7f2f87bf59
DEV: Review fixes (#10641)
See comments in https://review.discourse.org/t/dev-imap-log-to-database-10435/14337/6 for context.
2020-09-10 13:41:46 +10:00
Martin Brennan dede942007
FEATURE: Allow email image embed with secure media (#10563)
This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced:

* `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them.
* `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`.

`Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients.

All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`.

Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions.

![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 09:50:16 +10:00
Ahmed Gagan 097f06b4fa
DEV: Add plugin api for adding to search-advanced-options dropdowns (#10606) 2020-09-09 15:17:39 +01:00
Joffrey JAFFEUX 38c934e1e1
UX: prevents auto capitalize/correct in the emoji picker (#10636) 2020-09-09 15:43:18 +02:00
Guo Xiang Tan 4994b0ed34
PERF: Remove an unncessary query when check for dark mode. 2020-09-09 15:18:52 +08:00
Guo Xiang Tan fb7bbae3f4
PERF: Memoize calls to `ApplicationHelper#scheme_id`.
The same query was executed 4 times per full page load.
2020-09-09 15:15:15 +08:00
Guo Xiang Tan 9b75d95fc6 PERF: Keep track of first unread PM and first unread group PM for user.
This optimization helps to filter away topics so that the joins on
related tables when querying for unread messages is not expensive.
2020-09-09 14:05:41 +08:00
Robin Ward 4dd07843c6 FIX: We have changed the way `__widget_helpers` are resolved 2020-09-08 12:10:59 -04:00
Joffrey JAFFEUX 8413d27cf2
FIX: handles different cases of canInvite/canRemove states in PM (#10607) 2020-09-08 16:35:59 +02:00
dependabot[bot] d21119ee4f Build(deps): Bump lodash in /app/assets/javascripts/pretty-text
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.20.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.20)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-08 10:25:45 -04:00
dependabot[bot] 00e2339e82 Build(deps): Bump lodash in /app/assets/javascripts/discourse-common
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.20.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.20)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-08 10:25:31 -04:00
Joffrey JAFFEUX 02495510e8
FIX: workaround constructor name not available after transpilation (#10623)
This is only reproducible en production build. In this case, constructor.name could be any value like "i" for example.
2020-09-08 10:14:41 +02:00
Guo Xiang Tan b0f22f2523
SECURITY: Remove indication that a group exists if user can't see it.
Minor security fix but we should not leak any hints that a group exists
even if a user does not have access to the group.
2020-09-08 10:53:48 +08:00
Guo Xiang Tan 5ed84d9885
SECURITY: Don't allow moderators to list PMs of all groups.
* Also return 404 when a user is trying to list PMs of a group that
cannot be accessed by the user.
2020-09-08 10:37:00 +08:00
Joffrey JAFFEUX 0b8e7d88fe
FIX: wraps popper call in afterRender and uses createPopper (#10621)
Before this fix, popper was sometimes not applied.
2020-09-07 13:33:52 +02:00
dependabot[bot] 27751ca69f
Build(deps): Bump websocket-extensions (#10617)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:38 +02:00
dependabot[bot] b191ea4f59
Build(deps): Bump websocket-extensions (#10615)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:27 +02:00
dependabot[bot] 2cb0f013cc
Build(deps): Bump elliptic in /app/assets/javascripts/pretty-text (#10611)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:09 +02:00
dependabot[bot] 6bff8636e2
Build(deps): Bump elliptic in /app/assets/javascripts/discourse-common (#10612)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:01:37 +02:00
dependabot[bot] 9b187b7e11
Build(deps): Bump http-proxy in /app/assets/javascripts/discourse-common (#10613)
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:00:25 +02:00
dependabot[bot] c119c07fa4
Build(deps): Bump http-proxy in /app/assets/javascripts/pretty-text (#10614)
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:00:10 +02:00
awesomerobot 13c9d7e704 UX: Add missing labels to mobile composer buttons 2020-09-04 22:18:29 -04:00
Robin Ward da918ac43e FIX: Allow us to call `script_asset_url` in controllers
Without this patch fingerprinting was not applied in production.
2020-09-04 15:23:01 -04:00
Robin Ward 0f9a58e06f FEATURE: Add stylesheets to bootstrap.json endpoint
This allows API consumers (such as Ember CLI) to dynamically get a list
of styles to embed.
2020-09-04 14:12:49 -04:00
Joffrey JAFFEUX c5b8a47901
FIX: ensures we don't attempt to concat an empty list (#10600) 2020-09-04 19:08:07 +02:00
Bianca Nenciu d4471e0316
FIX: Preload bold fonts in wizard
The bold fonts are used in previews for topic title.
2020-09-04 19:23:46 +03:00
Joffrey JAFFEUX ed05839dfc
FIX: prevents error when opening a composer from a tag page (#10596) 2020-09-04 15:47:22 +02:00
Bianca Nenciu 58b97ace23
DEV: Use a special import to declare font faces (#10583)
Update discourse-fonts to v0.0.3.

Follow-up to 7b7357147e.
2020-09-04 16:25:50 +03:00
Joffrey JAFFEUX 52672b9eab
DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
awesomerobot e4ebc303bb FEATURE: Add below-static plugin outlet 2020-09-03 22:58:58 -04:00
Vinoth Kannan ea423b471a FIX: make crawler linkback list compatible with google schema guidelines. 2020-09-04 04:35:32 +05:30
Robin Ward 8c0f18794e FEATURE: Deprecate lodash so we can remove it.
It's currently 240k of Javascript we don't need anymore. It's been
replaced by ES6 and a couple helper functions.
2020-09-03 10:03:33 -04:00
Robin Ward 3a46e44ed8 Rename `merge` to `deepMerge` so it's more clear what it's doing 2020-09-03 10:03:33 -04:00
Robin Ward f365d4639a REFACTOR: Remove `_.isEqual` 2020-09-03 10:03:33 -04:00
Robin Ward c4079780be REFACTOR: Remove `_.merge` 2020-09-03 10:03:33 -04:00
Robin Ward 720cd57fb5 FIX: Convert jQuery array to JS array 2020-09-03 10:03:33 -04:00
Robin Ward 5e5d5b4f35 REFACTOR: Remove `_.last` 2020-09-03 10:03:33 -04:00
Robin Ward 0da953b40e REFACTOR: Remove `_.compact` 2020-09-03 10:03:33 -04:00
Robin Ward c2cfa62000 REFACTOR: Remove `_.intersection` 2020-09-03 10:03:33 -04:00
Robin Ward 0b098566ff REFACTOR: Remove `_.union` 2020-09-03 10:03:33 -04:00
Robin Ward e60d06d880 REFACTOR: Remove `_.isString` 2020-09-03 10:03:33 -04:00
Robin Ward b4444070b3 REFACTOR: Remove `_.groupBy` 2020-09-03 10:03:33 -04:00
Robin Ward 1265a5f7c0 REFACTOR: Remove `_.max` 2020-09-03 10:03:33 -04:00
Robin Ward d06deb0c4f REFACTOR: Remove `_.chain` 2020-09-03 10:03:33 -04:00
Robin Ward 71ddcefffa REFACTOR: Remove `_.filter` 2020-09-03 10:03:33 -04:00
Robin Ward 87b3caf927 REFACTOR: Remove `_.reject` 2020-09-03 10:03:33 -04:00
Robin Ward 2a4dfa83b0 REFACTOR: Remove `_.omit` 2020-09-03 10:03:33 -04:00
Robin Ward 17bca14c4b REFACTOR: Remove `_.sortBy` 2020-09-03 10:03:33 -04:00
Robin Ward 2353794a30 REFACTOR: Remove `_.findIndex` 2020-09-03 10:03:33 -04:00
Robin Ward e3ec7b72d0 REFACTOR: Remove `_.uniq` and use ember version 2020-09-03 10:03:33 -04:00
Robin Ward 66021abe41 REFACTOR: Remove `_.first` from codebase 2020-09-03 10:03:33 -04:00
Robin Ward 55c9c54b8b REFACTOR: Remove `_.range` and use ES6 instead 2020-09-03 10:03:33 -04:00
Robin Ward 115b3b6921 REFACTOR: Remove `_.isEmpty` in favor of the existing version 2020-09-03 10:03:33 -04:00
Robin Ward 65f6a92129 REFACTOR: Replace `_.extend` with `Object.assign` 2020-09-03 10:03:33 -04:00
Robin Ward 2f11457263 REFACTOR: Use `Array.isArray` instead of `_.isArray` 2020-09-03 10:03:33 -04:00
Blake Erickson 67dec38f31 FIX: Gravatar download attempt if user is missing their email
It is possible that a user could exist without an email, if so we should
not enqueue a job to download their gravatar.

This commit resolves this error that can occur:

```
Job exception: undefined method `email' for nil:NilClass
/var/www/discourse/app/models/user.rb:1204:in `email'
/var/www/discourse/app/jobs/regular/update_gravatar.rb:12:in `execute'
```

This commit also fixes the original spec which actually was wrong. The
job never enqueued in the original spec and so the gravatar was never
actually updated and the test was checking if the two values were the
same, but they were both null and never updated, so of course they were
the same!

A new test has also been added to make sure the gravatar job isn't
enqueued when a user's email is missing.
2020-09-02 20:19:46 -06:00
Krzysztof Kotlarek 9954a677ab
FIX: don't send mailing list for post with empty content (#10577)
discourse-assign is creating posts with empty content to show that a specific user was assign/unassigned for a specific topic.

It is causing confusing emails with empty content

The bug was mentioned here: https://meta.discourse.org/t/again-on-empty-emails-and-notifications-generated-on-topic-assignment/162213
2020-09-03 08:58:25 +10:00
Joffrey JAFFEUX de038c0eab
FIX: highlightjs 10 requires some languages to be loaded before others (#10584)
cs is also not present in 10 and relies only on csharp file, but for cs alias to work csharp has to be loaded.
2020-09-02 21:32:57 +02:00
Penar Musaraj 6a837c32e4
DEV: Add class to wizard HTML element 2020-09-02 14:53:38 -04:00
Penar Musaraj 50827684d5
UX: Hide category settings badges checkbox when enable_badges is off 2020-09-02 11:23:59 -04:00