Commit Graph

48796 Commits

Author SHA1 Message Date
Kris ce601ac84c
UX: improve composer control spacing on mobile (#21021) 2023-04-11 14:11:00 -05:00
Penar Musaraj 0ab3ba5f0d
SECURITY: strip `xlink:href` from uploaded SVGs (#21057)
This was inadvertently removed in 4c46c7e. In very specific scenarios,
this could be used execute arbitrary JavaScript.

Only affects instances where SVGs are allowed as uploads and CDN is not
configured.
2023-04-11 14:10:44 -04:00
Rafael dos Santos Silva 087ee8c5e2
DEV: Experimental JS plugin API for topic summary HTML (#20963) 2023-04-11 11:22:34 -04:00
Jan Cernik a3801a9e16
DEV: Stop event propagation in `DTooltip` (#20897) 2023-04-11 12:07:03 -03:00
Discourse Translator Bot 9a562f54d7
Update translations (#21055) 2023-04-11 15:45:03 +02:00
David Taylor ba5b035f6e
FEATURE: Increase pbkdf2 iterations to 600k (#20981)
Existing passwords will continue to work. Hashes will be regenerates on a user's next login.
2023-04-11 11:56:20 +01:00
Jan Cernik 352bd35bf6
Add RenderGlimmer support for embedded posts (#21046) 2023-04-11 06:22:42 -03:00
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
Jarek Radosz b6cfcdfbb3
DEV: Force an upgrade of watch-detector (#21053)
Fixes the unnecessary message when starting ember server:

```
Invalid watchman found, version: [2023.04.03.00] did not satisfy [>= 3.0.0].
Visit https://ember-cli.com/user-guide/#watchman for more info.
```
2023-04-11 11:14:57 +02:00
NullVoxPopuli c320c286f9
DEV: Use patch-package to apply ember-jquery workaround
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-11 10:12:30 +01:00
dependabot[bot] 47eced2050
Build(deps): Bump terser in /app/assets/javascripts (#21042)
Bumps [terser](https://github.com/terser/terser) from 5.16.8 to 5.16.9.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.8...v5.16.9)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 10:38:49 +02:00
Joffrey JAFFEUX f55266e1ca
UX: chat mobile tweaks (#21041)
- rounded active style for messages
- better active state on chat message actions rows
- ensures long press on a message is not selecting text
- slightly improved messages actions animation and background fading
- ensures chat emoji picker is not cutoff on right side
- removes old legacy code related to hovered message
2023-04-11 09:03:12 +02:00
Martin Brennan e34fb7e0b2
DEV: Chat thread reply counter cache (#21050)
Similar to 22a55ef0ce,
this commit adds a replies_count to the Chat::Thread
table, which is updated every 15 minutes via PeriodicalUpdates.
This is done so the new thread indicator for the UI can
show the count without intense serializer queries, but
in future we likely want this to update more frequently.
2023-04-11 15:40:25 +10:00
Alan Guo Xiang Tan 90172e5a9e
FIX: Incorrect message inbox displayed due to username case sensitivity (#21049) 2023-04-11 11:31:10 +08:00
Martin Brennan 7ae716fa69
FIX: Multiple channels marked active in sidebar (#21045)
Followup to c1dc6a2db4,
this commit just missed removing one of the @computed
decorators which was causing multiple active channels
to show in the sidebar. Fix the issue and introduce a
system spec to catch this.
2023-04-11 12:31:17 +10:00
Krzysztof Kotlarek 63a0466548
FIX: improve performance of UserStat.ensure_consistency (#21044)
Optimize `UserStatpost_read_count` calculation.

In addition, tests were updated to fail when code is not evaluated. Creation of PostTiming was updating `post_read_count`. Count it has to be reset to ensure that ensure_consitency correctly calculates result.

Extracting users seen in the last hour to separate Common Table Expression reduces the amount of processed rows.

Before
```
Update on user_stats  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12606.121..12606.127 rows=0 loops=1)
  ->  Hash Join  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12561.814..12603.689 rows=10 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 67
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.014..39.173 rows=75534 loops=1)
        ->  Hash  (cost=267455.80..267455.80 rows=2901 width=48) (actual time=12558.613..12558.617 rows=77 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 39kB
              ->  Subquery Scan on x  (cost=267376.03..267455.80 rows=2901 width=48) (actual time=12168.601..12558.572 rows=77 loops=1)
                    ->  GroupAggregate  (cost=267376.03..267426.79 rows=2901 width=12) (actual time=12168.595..12558.525 rows=77 loops=1)
                          Group Key: pt.user_id
                          ->  Sort  (cost=267376.03..267383.28 rows=2901 width=4) (actual time=12100.490..12352.106 rows=2072830 loops=1)
                                Sort Key: pt.user_id
                                Sort Method: external merge  Disk: 28488kB
                                ->  Nested Loop  (cost=1.28..267209.18 rows=2901 width=4) (actual time=0.040..11528.680 rows=2072830 loops=1)
                                      ->  Nested Loop  (cost=0.86..261390.02 rows=13159 width=8) (actual time=0.030..3492.887 rows=3581648 loops=1)
                                            ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..89.71 rows=28 width=4) (actual time=0.010..0.201 rows=78 loops=1)
                                                  Index Cond: (last_seen_at > '2023-04-11 00:22:49.555537'::timestamp without time zone)
                                            ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..9287.60 rows=4455 width=8) (actual time=0.081..38.542 rows=45919 loops=78)
                                                  Index Cond: (user_id = u.id)
                                      ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=3581648)
                                            Index Cond: (id = pt.topic_id)
                                            Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                            Rows Removed by Filter: 0
Planning Time: 0.692 ms
Execution Time: 12612.587 ms
```
After
```
Update on user_stats  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=677.724..677.729 rows=0 loops=1)
  ->  Hash Join  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=672.536..677.706 rows=1 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 54
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.012..23.977 rows=75534 loops=1)
        ->  Hash  (cost=9438.24..9438.24 rows=2829 width=48) (actual time=647.818..647.822 rows=55 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 37kB
              ->  Subquery Scan on x  (cost=9381.66..9438.24 rows=2829 width=48) (actual time=647.409..647.805 rows=55 loops=1)
                    ->  HashAggregate  (cost=9381.66..9409.95 rows=2829 width=12) (actual time=647.403..647.786 rows=55 loops=1)
                          Group Key: pt.user_id
                          Batches: 1  Memory Usage: 121kB
                          ->  Nested Loop  (cost=1.86..9367.51 rows=2829 width=4) (actual time=0.056..625.245 rows=120022 loops=1)
                                ->  Nested Loop  (cost=1.44..3692.96 rows=12832 width=8) (actual time=0.047..171.754 rows=217440 loops=1)
                                      ->  Nested Loop  (cost=1.00..254.63 rows=25 width=12) (actual time=0.030..1.407 rows=56 loops=1)
                                            Join Filter: (u.id = user_stats_1.user_id)
                                            ->  Nested Loop  (cost=0.71..243.08 rows=25 width=8) (actual time=0.018..1.207 rows=87 loops=1)
                                                  ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..86.71 rows=27 width=4) (actual time=0.009..0.156 rows=87 loops=1)
                                                        Index Cond: (last_seen_at > '2023-04-11 00:47:07.437568'::timestamp without time zone)
                                                  ->  Index Only Scan using user_stats_pkey on user_stats us  (cost=0.29..5.79 rows=1 width=4) (actual time=0.011..0.011 rows=1 loops=87)
                                                        Index Cond: (user_id = u.id)
                                                        Heap Fetches: 87
                                            ->  Index Scan using user_stats_pkey on user_stats user_stats_1  (cost=0.29..0.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=87)
                                                  Index Cond: (user_id = us.user_id)
                                                  Filter: (posts_read_count < 10000)
                                                  Rows Removed by Filter: 0
                                      ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..92.98 rows=4455 width=8) (actual time=0.036..2.492 rows=3883 loops=56)
                                            Index Cond: (user_id = user_stats_1.user_id)
                                ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=217440)
                                      Index Cond: (id = pt.topic_id)
                                      Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                      Rows Removed by Filter: 0
Planning Time: 1.406 ms
Execution Time: 677.817 ms
```
2023-04-11 12:28:08 +10:00
Alan Guo Xiang Tan 2809d7ba8e
DEV: Support `in:<notification level>` filter on `/filter` route (#21038)
This commit adds support for the `in:<topic notification level>` query
filter. As an example, `in:tracking` will filter for topics that the
user is watching. Filtering for multiple topic notification levels can
be done by comma separating the topic notification level keys. For
example, `in:muted,tracking` or `in:muted,tracking,watching`.
Alternatively, the user can also compose multiple filters with `in:muted
in:tracking` which translates to the same behaviour as
`in:muted,tracking`.
2023-04-11 08:48:07 +08:00
Daniel Waterworth c68497159f
FIX: Use string for postgres recently readonly DistributedCache (#21040)
Since DistributedCaches don't marshal timestamps
2023-04-10 13:54:55 -05:00
Daniel Waterworth fcc73b441d
FIX: Make emoji cache store marshalled objects (#21029)
We only marshal arrays, hashes and sets, which meant that the emojis
here were just getting `to_s`ed.

This is a hack.
2023-04-10 10:44:11 -05:00
Blake Erickson d289b20858
DEV: Add fetching likes info to api docs (#21028)
This commit adds some more detailed information about how to actually
get the number of likes for a post.

Also refactors some requests and responses into json schema files to
clean up the specs a bit.

See https://meta.discourse.org/t/69017/4?u=blake
2023-04-10 09:07:10 -06:00
David Battersby 569b923fb6
FIX: staff_counters should be pluralized strings (#21039)
Small change to format the staff counter template to apply the correct pluralization for flagged posts/topics.
2023-04-10 17:00:31 +08:00
Joffrey JAFFEUX c1dc6a2db4
FIX: ensures activeMessage is reset with channel (#21031) 2023-04-10 08:10:01 +02:00
Joffrey JAFFEUX c7b49a14c7
Chat/drawer ux tweaks (#21032)
- clicking empty area on the header will toggle collapse/expand it
- applies a background on hover of the channel title
- active state for small buttons
- the back button now has the correct icon color when hovered
- adds missing focus state for heade buttons icons
2023-04-10 07:43:11 +02:00
dependabot[bot] bb94cc0251
Build(deps): Bump eslint from 8.37.0 to 8.38.0 in /app/assets/javascripts (#21033)
Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.38.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.37.0...v8.38.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:09:09 +08:00
dependabot[bot] 0a5240d629
Build(deps): Bump sass-embedded from 1.60.0 to 1.61.0 (#21034)
Bumps [sass-embedded](https://github.com/ntkme/sass-embedded-host-ruby) from 1.60.0 to 1.61.0.
- [Release notes](https://github.com/ntkme/sass-embedded-host-ruby/releases)
- [Commits](https://github.com/ntkme/sass-embedded-host-ruby/compare/v1.60.0...v1.61.0)

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:08:54 +08:00
dependabot[bot] 33d67807f8
Build(deps-dev): Bump yard from 0.9.28 to 0.9.32 (#21035)
Bumps [yard](https://github.com/lsegal/yard) from 0.9.28 to 0.9.32.
- [Release notes](https://github.com/lsegal/yard/releases)
- [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lsegal/yard/compare/v0.9.28...v0.9.32)

---
updated-dependencies:
- dependency-name: yard
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:08:34 +08:00
dependabot[bot] 1456aa3a04
Build(deps): Bump rails_failover from 0.8.1 to 1.0.0 (#21036)
Bumps [rails_failover](https://github.com/discourse/rails_failover) from 0.8.1 to 1.0.0.
- [Release notes](https://github.com/discourse/rails_failover/releases)
- [Changelog](https://github.com/discourse/rails_failover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/rails_failover/compare/v0.8.1...v1.0.0)

---
updated-dependencies:
- dependency-name: rails_failover
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:08:19 +08:00
dependabot[bot] 681283abd9
Build(deps): Bump addressable from 2.8.3 to 2.8.4 (#21037)
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/sporkmonger/addressable/releases)
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.8.3...addressable-2.8.4)

---
updated-dependencies:
- dependency-name: addressable
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:06:29 +08:00
Jan Cernik 768851920e
DEV: Add `overflow-x: hidden` to chat message containers (#21030) 2023-04-08 13:37:13 -03:00
Jan Cernik a6cba32e57
FIX: Resize chat collapser when using small width drawer (#21017) 2023-04-08 10:43:17 -03:00
Kris e823ac7ff8
UX: truncate theme toggle text to avoid overflow (#21022) 2023-04-07 17:16:44 -04:00
Kris ba119555fe
A11Y: increase contrast of elements in wcag scheme (#21025) 2023-04-07 17:16:27 -04:00
Joffrey JAFFEUX 3176d4cb5a
FIX: ensures message actions are bounded (#21027) 2023-04-07 20:54:41 +02:00
Joffrey JAFFEUX 720cf24659
FIX: shows a message as hovered when hovering actions (#21026)
When hovering the chat message actions we are technically not hovering the message anymore, which was removing the background and is slightly unexpected. This commit ensures we keep this background until closing the message actions.
2023-04-07 20:29:33 +02:00
Joffrey JAFFEUX 6d99e6408f
FIX: correctly show user info (#21023)
This PR primarily fixes this case:

- USER A message
- USER B message
- USER B reply to USER A message <-- not showing user info when it should

Moreover, this commit also improves the spec to correctly test more cases.
2023-04-07 20:08:31 +02:00
Kris 1f0aff2719
UX: remove extra space from emoji in notifications (#21024) 2023-04-07 13:55:11 -04:00
Sérgio Saquetim f8fb7ee9f3
DEV: Introduced topic_query_create_list_topics modifier (#21016)
Introduced a modifier on topic_query to change list while they're created

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-04-07 13:01:42 -03:00
Kris 18470c9195
UX: fix solo preference page layout (#21012) 2023-04-07 08:55:32 -04:00
Joffrey JAFFEUX 9117ea0e3f
FIX: scroll when clicking first emoji of section (#21020)
This bug was also happening when tabbing through sections
2023-04-07 14:11:25 +02:00
Jarek Radosz 584a3a4237
DEV: Remove unneeded optional chaining operators (#21019)
(and fix a typo, and remove an unnecessary `this.element` check)
2023-04-07 14:10:49 +02:00
Joffrey JAFFEUX 79cacba948
FIX: cancel editing should clear the composer (#21011) 2023-04-07 09:55:55 +02:00
dependabot[bot] 9d50e8189e
Build(deps): Bump stackprof from 0.2.24 to 0.2.25 (#21013)
Bumps [stackprof](https://github.com/tmm1/stackprof) from 0.2.24 to 0.2.25.
- [Release notes](https://github.com/tmm1/stackprof/releases)
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.24...v0.2.25)

---
updated-dependencies:
- dependency-name: stackprof
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-07 09:54:00 +02:00
dependabot[bot] 92420bad6f
Build(deps): Bump sass from 1.60.0 to 1.61.0 in /app/assets/javascripts (#21014)
Bumps [sass](https://github.com/sass/dart-sass) from 1.60.0 to 1.61.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.60.0...1.61.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-07 09:53:32 +02:00
Sérgio Saquetim a245b1d3c1
DEV: Make setting `top_page_default_timeframe` available in the client app (#21015) 2023-04-06 22:31:09 -03:00
Vinoth Kannan 7cedb911a7
FEATURE: add category name in articleSection meta tag for schema. (#21004)
https://schema.org/DiscussionForumPosting
2023-04-06 23:30:19 +05:30
Joffrey JAFFEUX fef279acd5
FIX: do not display the message content when it errors (#21008) 2023-04-06 19:32:21 +02:00
Daniel Waterworth 0ff86feb96
DEV: Rely on helpers for ajax error handling to reduce repetition (#20988) 2023-04-06 11:25:24 -05:00
NullVoxPopuli bdaaac9c9f
DEV: Setup lint to the future (#20990)
## How does this work?

Any time a lint rule is added or changed, you can run `yarn lint:fix` to handle all the auto-fixable situations.
But not all lints are auto-fixable -- for those, lint-to-the-future has tooling to automatically ignore present violations.
An alias has been added for lint-to-the-future to ignore new violations, `yarn lttf:ignore`.
The command will add lint-ignore declarations throughout all the files with present violations, which should then be committed.

An excerpt from lint-to-the-future's [README](https://github.com/mansona/lint-to-the-future#lint-to-the-future-dashboard):

> The point of Lint to the Future is to allow you to progressively update your codebase using new lint rules without overwhelming you with the task. You can easily ignore lint rules using project-based ignores in your config files but that doesn't prevent you from making the same errors in new files.

> We chose to do the ignores on a file basis as it is a perfect balance and it means that the tracking/graphing aspects of Lint to the Future provide you with achievable goals, especially in large codebases.

## How do I view progress?

lint-to-the-future provides graphs of violations-over-time per lint rule in a dashboard format, so we can track how well we're doing at cleaning up the violations.

To view the dashboard locally, run `yarn lint-progress` and visit `http://localhost:8084` (or whatever the port it chose, as it will choose a new port if 8084 is preoccupied)

Also there is a `list` command which shows a JSON object of:
```ts
{
  [date: string]: { // yyyy-mm-dd
    [pluginName: string]: {
      [fileName: string]: string[]; // list of files with violations
    }
  }
}
```


```bash
yarn lint-to-the-future list --stdout
```

## What about lint-todo?

Lint todo is another system available for both eslint and ember-template-lint that _forces_ folks to "leave things better than they found them" by being transparent / line-specific ignoring of violations. 
It was decided that for _this_ project, it made more sense, and would be less disruptive to new contributors to have the ignore declarations explicitly defined in each file (whereas in lint-todo, they are hidden).
To effectively use lint-todo, a whole team needs to agree to the workflow, and in open source, we want "just anyway" to be able to contribute, and throwing surprises at them can deter contributions.
2023-04-06 17:25:01 +01:00
Daniel Waterworth 355b44472b
DEV: Allow HTML errors whenever a popup is generated (#20989)
Follow-up-to: 6bbf832400
2023-04-06 10:00:54 -05:00
Joffrey JAFFEUX 5c2c1bf9a7
FIX: correct backdrop on mobile for the emoji picker (#21005) 2023-04-06 15:51:40 +02:00