Commit Graph

3426 Commits

Author SHA1 Message Date
Gerhard Schlager 8a99d59422 FIX: seed data classes couldn't always be found 2019-03-18 23:13:47 +01:00
Gerhard Schlager 3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Penar Musaraj 2506acae80
FIX: Respect permalinks starting with "/category" (#7171) 2019-03-18 10:24:46 -04:00
Guo Xiang Tan 5e410dc5e0
FEATURE: Ability to exclude category from search results. (#7194)
This commit also adds `Category#search_priority` which sets the ground
work to enable prioritizing of posts for certain categories when searching.
2019-03-18 15:25:45 +08:00
Rafael dos Santos Silva 8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Penar Musaraj 9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Tarek Khalil f8480ed911
FEATURE: Exposing a way to add a generic report filter (#6816)
* FEATURE: Exposing a way to add a generic report filter

## Why do we need this change?

Part of the work discussed [here](https://meta.discourse.org/t/gain-understanding-of-file-uploads-usage/104994), and implemented a first spike [here](https://github.com/discourse/discourse/pull/6809), I am trying to expose a single generic filter selector per report.

## How does this work?

We basically expose a simple, single generic filter that is computed and displayed based on backend values passed into the report.

This would be a simple contract between the frontend and the backend.

**Backend changes:** we simply need to return a list of dropdown / select options, and enable the report's newly introduced `custom_filtering` property.

For example, for our [Top Uploads](https://github.com/discourse/discourse/pull/6809/files#diff-3f97cbb8726f3310e0b0c386dbe89e22R1423) report, it can look like this on the backend:

```ruby
report.custom_filtering = true
report.custom_filter_options = [{ id: "any", name: "Any" }, { id: "jpg", name: "JPEG" } ]
```

In our javascript report HTTP call, it will look like:

```js
{
  "custom_filtering": true,
  "custom_filter_options": [
    {
      "id": "any",
      "name": "Any"
    },
    {
      "id": "jpg",
      "name": "JPG"
    }
  ]
}
```

**Frontend changes:** We introduced a generic `filter` param and a `combo-box` which hooks up into the existing framework for fetching a report.

This works alright, with the limitation of being a single custom filter per report. If we wanted to add, for an instance a `filesize filter`, this will not work for us. _I went through with this approach because it is hard to predict and build abstractions for requirements or problems we don't have yet, or might not have._

## How does it look like?

![a1ktg1odde](https://user-images.githubusercontent.com/45508821/50485875-f17edb80-09ee-11e9-92dd-1454ab041fbb.gif)

## More on the bigger picture

The major concern here I have is the solution I introduced might serve the `think small` version of the reporting work, but I don't think it serves the `think big`, I will try to shed some light into why.

Within the current design, It is hard to maintain QueryParams for dynamically generated params (based on the idea of introducing more than one custom filter per report).

To allow ourselves to have more than one generic filter, we will need to:

a. Use the Route's model to retrieve the report's payload (we are now dependent on changes of the QueryParams via computed properties)
b. After retrieving the payload, we can use the `setupController` to define our dynamic QueryParams based on the custom filters definitions we received from the backend
c. Load a custom filter specific Ember component based on the definitions we received from the backend
2019-03-15 12:15:38 +00:00
Bianca Nenciu d352baa1a2
FEATURE: Enforce two-factor authentication. (#6348) 2019-03-15 13:09:37 +02:00
Penar Musaraj d6d4a5ba4a FEATURE: support custom icons in themes (#7155)
* First take

* Add support for sprites in themes

Automatically register any custom icons added via themes or plugins

* Fix theme sprite caching

* Simplify test

* Update lib/svg_sprite/svg_sprite.rb

Co-Authored-By: pmusaraj <pmusaraj@gmail.com>

* Fix /svg-sprite/search request
2019-03-15 17:16:15 +11:00
Guo Xiang Tan b9ab393d70 Fix favicon not updating on the client side when changed.
Regression from 1c6a2262b3.

Documented the rational for include the url since we can't really test
this properly.
2019-03-14 15:37:43 +08:00
Guo Xiang Tan 1c6a2262b3
FIX: `StaticController#favicon` reads from disk when using local store. (#7160)
Since uploads site settings are now backed by an actual upload, we don't
have to reach over the network just to fetch the favicon. Instead, we
can just read the upload directly from disk.
2019-03-14 04:17:36 +08:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Bianca Nenciu e6c2faf186 FIX: Disable 'Create Topic' button if tag is staff-only. (#6984)
* FIX: Disable 'Create Topic' button if tag is staff-only.

* FIX: Staff-only tags should always return 404.
2019-03-12 19:23:36 +11:00
venarius dc4541a95c FIX: Text content search warning if more than 50 results 2019-03-11 12:56:15 -04:00
Joffrey JAFFEUX 7ae1afa7d9
FIX: ensures tag-groups are used to allow category edit on topics (#7141) 2019-03-11 15:02:27 +01:00
Arpit Jalan 2c8e1d3578 FEATURE: remove all expired invitations by default 2019-03-07 15:28:39 +05:30
Gerhard Schlager 4000978452 FIX: Failed to save email template with pluralized subject 2019-03-06 16:51:04 +01:00
Tarek Khalil 0a9a11094d
FEATURE: Save ignored usernames in user preferences (#7117)
* FEATURE: Save ignored usernames in user preferences
2019-03-06 11:21:58 +00:00
Arpit Jalan 05ebb52ec4
FEATURE: defer flags when deleting child replies (#7111) 2019-03-06 14:32:25 +05:30
Tarek Khalil f19d36cbba
REFACTOR: Change `watch` wording to `unignore` (#7112)
* REFACTOR: Change `watch` wording to `unignore`
2019-03-05 14:40:31 +00:00
David Taylor 35275c137b PERF: Remove final N+1 from theme admin page
The rails bug previously mentioned only causes an issue when using `pluck`, so this controller is not affected.

Followup to a8ffc02d06
2019-03-05 12:10:53 +00:00
Arpit Jalan ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Maja Komel 6f427589b2 FIX: make it possible to use backup code everywhere where 2FA required (#7010) 2019-02-27 10:37:33 +01:00
Davide Porrovecchio 75aaae5d5c FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting (#6779) 2019-02-26 17:03:20 +01:00
David Taylor a8ffc02d06 PERF: Reduce N+1s on theme admin page 2019-02-26 14:22:02 +00:00
Joffrey JAFFEUX 7ccb0b882f
FIX: ensures topic’s category allows topics tags (#7060) 2019-02-26 11:21:55 +01:00
Gerhard Schlager dc961fecb9 FIX: Outgoing emails were not disabled after restoring backup 2019-02-25 16:07:24 +01:00
Vinoth Kannan d1bad881ea
FEATURE: Allow moderators to change topic timestamps (#7053) 2019-02-22 14:33:52 +05:30
Sam 667d3a3fd6 PERF: include content-length header for CDN
Attempt to force NGINX to include content length when doing X-SendFile
This does not seem to be required when bypassing NGINX.

Without this header some CDNs may have issues caching
2019-02-22 11:21:07 +11:00
Sam 31d41f532e PERF: do not include suggested topics when loading new posts
When a new post is triggered via message bus post stream will attempt to load
it, previously the `/topic/TOPIC_ID/posts.json` would unconditionally include
suggested topics, this caused excessive load on the server.

New pattern defaults to exclude suggested and related topics from this API
unless people explicitly ask for suggested.
2019-02-22 10:37:18 +11:00
Guo Xiang Tan 58b0e945bd
UX: Lightbox support for image uploader. (#7034) 2019-02-21 10:13:37 +08:00
Gerhard Schlager 6a8007e5fb FEATURE: Improve handling of backup storage errors 2019-02-20 15:16:49 +01:00
Sam 33269c4172 FEATURE: do no search for groups unless a term is specified
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.

Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
Joffrey JAFFEUX 9ade04b709
FIX: removes legacy browsers-refresh button (#7028) 2019-02-19 16:38:21 +01:00
David Taylor f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Sam ebd4140492 FIX: logspam due to 404s on CSS files
We had a missing formats: string on our render partial that caused logs to
spam when CSS files got 404s.

Due to magic discourse_public_exceptions.rb was actually returning the
correct 404 cause it switched format when rendering the error.
2019-02-14 17:58:16 +11:00
Maja Komel 39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Régis Hanol 4d674acc25 FEATURE: AWS SNS bounce notifications webhooks 2019-02-13 21:26:40 +01:00
David Taylor 59640ef373 DEV: Add additional hooks for theme-creator plugin 2019-02-12 14:17:34 +00:00
Dan Ungureanu 90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Robin Ward c719658f9f `human?` helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Robin Ward bc3efab816 FIX: When disagreeing with a flag that silenced a user, unsilence them
Previously it would unhide their post but leave them silenced.

This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)

This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
David Taylor f3cfce4a93
FEATURE: Calculate sprite-sheet based on currently active themes (#6973)
Previously there was only one sprite sheet, which always included icons from all themes even if they were disabled
2019-02-06 15:51:23 +00:00
Arpit Jalan 381793243e FIX: include error message if the "accept invite" process fails 2019-02-06 19:20:25 +05:30
Vinoth Kannan e7821a63e7 FIX: Users should able check the emails for self 2019-02-05 23:31:19 +05:30
David Taylor 7b7bc3db39 FIX: Rescue and display import errors when updating theme via git 2019-02-05 13:49:16 +00:00
Régis Hanol 1021a42b22 FIX: new mailgun webhooks 2019-01-31 17:52:33 +01:00
David Taylor d8bd3c32ca
DEV: Allow theme CLI to specify which theme to synchronize (#6963)
Currently the theme is matched by name, which can be fragile when there are many themes with the same name. This functionality will be used by the next version of theme CLI.
2019-01-30 14:17:04 +00:00
Guo Xiang Tan 60c1cd9f81 FIX: Return 400 when username params is invalid. 2019-01-30 16:06:55 +08:00
Robin Ward 6f656f6e7d FIX: Better error handling if a file cannot be sent
If for some reason `Discourse.store.path_for` returns `nil`, the
forum would throw an error rather than returning 404.

Why would it be `nil`? One cause could be changing the type of
file store and having the `url` field no longer be relative.
2019-01-29 16:47:25 -05:00
David Taylor 77d26b9df6 FIX: Support application/gzip theme imports, and improve error message 2019-01-28 11:51:14 +00:00
Blake Erickson de47b35b2d FIX: user_id handling on remove user from group
Under some conditions it was possible to pass in a user_id as an
integer, but we would try and parse it as a comma delimited string
resulting in an error. This has been fixed so that we are no longer
mapping the user_id param to user_ids.
2019-01-24 17:40:48 -07:00
David Taylor afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
David Taylor 2e59a37687
FEATURE: List unused theme components (#6924) 2019-01-23 09:20:13 +00:00
Guo Xiang Tan 2d354ec9b0 FIX: `ForumsController` doesn't need to inherit from `ApplicationController`.
Application controller has a whole bunch of before/after actions which
we have no need for.
2019-01-21 14:37:04 +08:00
Maja Komel 45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Gerhard Schlager 457e6c7b37 FIX: Mods weren't able to see emails in admin user list 2019-01-18 15:37:30 +01:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Guo Xiang Tan ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Arpit Jalan 0cb2b7d603 FIX: add meta details for user summary page 2019-01-14 19:49:14 +05:30
Arpit Jalan a121d40771
FIX: do not show PM topics when moving posts to an existing public topic (#6876) 2019-01-14 15:00:45 +05:30
Robin Ward dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Saurabh Patel 99856478d6 FIX: use discourse route_for function to check url route
it takes care if there is a relative url root
2019-01-11 14:58:45 +08:00
Guo Xiang Tan c2bca9cabe Make rubocop happy. 2019-01-10 10:52:15 +08:00
Guo Xiang Tan d10694150e Revert "FIX: Partial reply key search in email sent logs."
This reverts commit e9b2018bc8.
2019-01-10 10:05:56 +08:00
Saurabh Patel b63b399799 DEV: remove uploaded_meta_id column from category (#6725)
* DEV: remove uploaded_meta_id column from category

* remove uploaded_meta part
2019-01-10 09:37:21 +08:00
Guo Xiang Tan e9b2018bc8 FIX: Partial reply key search in email sent logs.
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Michael Brown c85b9c6ed3 FIX: searching email logs by reply key (#6868)
* you can't use LIKE or ILIKE on a UUID
2019-01-10 07:51:58 +08:00
Sam f947e3c6cc FIX: always serve new avatar for previous version
Previously we killed caching on old avatars cause we kept serving blank
this meant we would front many more avatar requests after a version change

This change ensures all old avatars do not cause a flood of requests on the
server
2019-01-08 19:51:33 +11:00
Arpit Jalan e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
cfitz 19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Vinoth Kannan 385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Arpit Jalan bea7a8a4d1 FIX: show accurate error message based on invite token validity 2019-01-03 07:46:05 +05:30
Sam 14911d50a1 DEV: improve comment explaining need for favicon proxy 2019-01-02 13:15:20 +11:00
Arpit Jalan 70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Saurabh Patel 0fca3205b5 FIX: show error msg on grant badge if message available from backend (#6801) 2018-12-31 10:46:39 +01:00
Joffrey JAFFEUX 1d62d3df6f
FIX: remove storage_stats from the list of reports, too specific (#6817) 2018-12-27 22:21:08 +01:00
Vinoth Kannan 2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
David Taylor 7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Vinoth Kannan e7e4074856 FIX: raises an error if q param is empty in search page 2018-12-20 21:43:14 +05:30
Arpit Jalan 1ea0cbece8 FIX: skip adding sso diagnostics if sso object is nil 2018-12-19 20:55:35 +05:30
Joffrey JAFFEUX e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Maja Komel 2fcbbead45 FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 10:22:10 +01:00
Neil Lalonde 6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Rishabh c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Vinoth Kannan a313b01148 DEV: raise error if search term length is less than required 2018-12-18 20:06:59 +05:30
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan e9ea0102a5 FIX: Consistency about our response for invalid user id in `Admin::UsersController`. 2018-12-15 08:01:35 +08:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Sam 94b8ba4f8f FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 13:57:05 +11:00
Maja Komel dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Guo Xiang Tan 86926f4aee DEV: Let `create!` handle the check for persistence.
This is unlikely to fail but we want to know when it does.
2018-12-12 08:36:13 +08:00
David Taylor 0f734e2ae2 FIX: Return authenticated=true when reconnecting
This prevents a registration popup on the client
2018-12-11 17:40:02 +00:00
Gerhard Schlager 688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754)
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.

Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
Gerhard Schlager 7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
Rafael dos Santos Silva efec2db859 FEATURE: Web Share Target Support
This adds a **very basic** support for share to Discourse.

Currently, this is only supported in Android + Chrome 71+.

After installing a Discourse site to the Home Screen, you will be
able to share from anywhere in the OS to the Discourse site.

Discourse will use the title and text from the share event.
2018-12-07 13:48:09 -02:00
Saurabh Patel 9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
David Taylor f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
Maja Komel 1d649e147b FEATURE: show avatar flair on group, badges and directory pages (#6732) 2018-12-06 12:18:52 +01:00
Bianca Nenciu 56890efd7a FEATURE: Add 'Advanced Test' for admin panel. 2018-12-05 21:56:18 +01:00
Bianca Nenciu 1a4f592749 FIX: Always allow admins upload selectable avatars. 2018-12-05 21:55:23 +01:00
Guo Xiang Tan 978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Vinoth Kannan d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Arpit Jalan 40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Maja Komel 4a8f21d387 FIX: prevent minimum_required_tags on category being set to null (#6703)
* FIX: prevent minimum_required_tags on category being set to null

* add migration for NOT_NULL constraint for minimum_required_tags

* add specs
2018-11-29 18:10:14 +01:00
Saurabh Patel 55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Gerhard Schlager e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Arpit Jalan 851ef14096 Revert "FIX: do not agree flags by default when deleting posts"
This reverts commit cb6fc8057b.
2018-11-28 10:21:11 +05:30
Arpit Jalan bdb1268528 FIX: static page title should be consistent on client side and server side 2018-11-27 22:03:52 +05:30
Arpit Jalan 6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
Arpit Jalan cb6fc8057b FIX: do not agree flags by default when deleting posts 2018-11-27 10:57:20 +05:30
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Arpit Jalan b5bf182ad5 FIX: validate topic deletion when acting on a flag 2018-11-25 23:24:03 +05:30
Guo Xiang Tan a1888b301b DEV: Don't require login for QUit test path. 2018-11-23 13:50:19 +08:00
Arpit Jalan 60941f214c FIX: remove unneeded keys from failed response 2018-11-22 14:59:50 +05:30
Guo Xiang Tan 6111b285d9 DEV: Remove comment that links to a private topic.
Not going to be useful for other developers.
2018-11-22 14:55:02 +08:00
Kyle Zhao 8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Arpit Jalan 61eff22b29 FIX: raise `Discourse::NotFound` unless the user is present 2018-11-21 10:57:42 +05:30
Arpit Jalan 10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
Arpit Jalan 539f1c6252 FIX: raise `Discourse::NotFound` unless the topic is present 2018-11-21 09:48:38 +05:30
Sam 20268385a5 FIX: never attempt to log invalid post numbers
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Arpit Jalan 5951e111ad FIX: handle nil topic value when removing allowed users 2018-11-20 22:55:39 +05:30
Arpit Jalan 22a7f1e7f2 FIX: handle nil user value on password reset 2018-11-20 21:49:47 +05:30
Joffrey JAFFEUX e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Sam 6556a87629 FIX: only check for conflict on edit drafts
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Leo McArdle 7bc121a065 allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
Régis Hanol c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu 34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor 17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Robin Ward 467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Sam 80ceb57c76 DEV: add API endpoint to destroy_timings only of last post
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Vinoth Kannan dda1824270 Use hijack in inline onebox controller 2018-11-13 02:39:20 +05:30
David Taylor d89ffbeffd
FEATURE: Add button to delete unused tags (#6587)
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu 5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Joffrey JAFFEUX 9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Gerhard Schlager 7c4d4331bc FEATURE: Better handling of quotation marks in site text search
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Sam 64d9be726f the protection I placed was in the wrong path moved to /session/sso
correct previous commit
2018-11-09 17:18:01 +11:00
Sam 3ae4fcd1f7 Improve redirect avoidance for /sso paths
e6b3310577 was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam e6b3310577 FIX: never redirect back to `/sso` it will cause a loop
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Sam 15991677d4 FIX: ensure we never cache login redirects by mistake 2018-11-09 11:14:35 +11:00
Robin Ward 242a5fc5ef Add DiscourseEvents for when users as unsuspended/unsilenced 2018-11-08 16:33:38 -05:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 09dc922b3b Fix several FontAwesome 5 issues
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Sam 0a442e319c FIX: correct svg handling for images
We regressed and optimized images no longer worked with svg

The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Robin Ward 931c3d165b Revert "FIX: We shouldn't include topics when mobile view is enabled"
This reverts commit 2feadcdafb.
2018-11-02 10:29:44 -04:00
Robin Ward 2feadcdafb FIX: We shouldn't include topics when mobile view is enabled
This setting was set to be the opposite of what we want
2018-11-01 14:47:06 -04:00
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam aa044623bd FIX: do not create superflous sessions when logged on
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Blake Erickson 589e3fcaa0 FIX: return 400 for missing required params (#6546)
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Sam 32b1f34910 PERF: avoid DNS lookups when getting IP info
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 4b7ab97a01 FIX: Add 'log in via link' to email templates. (#6545) 2018-10-30 19:15:05 +00:00
Vinoth Kannan 92bf3c667e FIX: Flash authentication data not rendered in latest iOS safari browser 2018-10-30 04:00:36 +05:30
Rafael dos Santos Silva 84f858fc23 FIX: Remove orientation from the webmanifest
We don't really care about orientation, so let the user OS handle it.
2018-10-26 13:48:14 -03:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX 8e274f7296 UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
David Taylor 3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor 7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512)
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Blake Erickson 93485facaf FIX: lowercase username for add/rem group members
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Arpit Jalan 42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Sam a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu 048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Vinoth Kannan 39b7e32848 DEV: Require sso and sig query string params for sso_login 2018-10-12 05:03:30 +05:30
Blake Erickson 13b3cead06 FEATURE: Allow bulk removing users from a group
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Erin Kosewic 51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Jeff Wong e55f220b33 add category style boxes with featured topics option 2018-10-08 16:19:54 -07:00
Joffrey JAFFEUX 22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
David Taylor 9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Sam 5b630f3188 FIX: stop logging every time invalid params are sent
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Sam 0e9841b995 SECURITY: remove admin memory diagnostics routes 2018-09-18 08:35:09 +10:00
Neil Lalonde 6f1b8ad16d FIX: tag groups page should only be visible to staff
No security concern here because nothing private was visible,
and no actions could be taken by non-staff users.
2018-09-17 11:41:18 -04:00
Kyle Zhao 7b19ed06c1 reworked specs of existing group behavior 2018-09-17 17:46:43 +10:00
pmusaraj 5bdf476de7 raise error early in drafts controller 2018-09-13 08:40:57 -04:00
pmusaraj aa614e393c return 403 when trying drafts of another user 2018-09-12 13:08:02 -04:00
Sam d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan 71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan e1b16e445e Rename `FileHelper.is_image?` -> `FileHelper.is_supported_image?`. 2018-09-12 09:22:28 +08:00
Osama Sayegh 16bd3f2cf2 FIX: use current user color scheme when filling `theme-color` attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Neil Lalonde 9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Sam 879067d000 FIX: check admin theme cookie against user selectable
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager 797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Vinoth Kannan d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor 4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Sam 2f5c21e28c FIX: return a 400 error instead of 500 for null injections
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager f33433bf9e Validation of params should restrict to max int (#6331)
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan 59c9051a2e REFACTOR: Rescue error at the specific spot that is raising the error. 2018-09-03 11:04:58 +08:00
Bianca Nenciu f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Bianca Nenciu 931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam b3aab1770f FIX: set old last modified date for invalid avatars
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Blake Erickson ae532f8548 FIX: return 422 for an invalid group name on category create 2018-08-30 14:28:55 -06:00
David Taylor 103509b9dd SECURITY: Prevent users from modifying custom fields 2018-08-30 12:59:36 +01:00
Bianca Nenciu 72ffabf619 UX: Improve email testing admin tool. (#6308) 2018-08-29 23:14:16 +02:00
Neil Lalonde 9bf4333491 FIX: redirect to wrong URL after account creation on subfolder install 2018-08-24 10:34:44 -04:00
Joffrey JAFFEUX 82dcc5cbfa
FEATURE: makes reports loadable in bulk (#6309) 2018-08-24 15:28:01 +02:00
Osama Sayegh e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Sam 29315b73c2 FIX: improve last_modified date returned for avatars
instead of hard coding a date:

1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Osama Sayegh 2711f173dc FIX: don't allow inviting more than `max_allowed_message_recipients`
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
James Kiesel cdea969c6a FEATURE: Make initial admins TL1
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
Sam 5a6d1ee257 FIX: defer actions in a static method
This avoids capturing a huge closure and passing to defer
2018-08-22 14:36:56 +10:00
Gerhard Schlager 17dc8f2490 UX: Wizard resends activation email when user exists 2018-08-21 19:13:41 +02:00
Sam 2d96160192 FEATURE: improve API error reporting for invalid records 2018-08-21 11:54:34 +10:00
Bianca Nenciu dc5fddbfe6 FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 17:37:30 +02:00
Guo Xiang Tan b4f92a05b3 FIX: Load more on groups page does not account for params.
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
Sam ce4b12ae59 FIX: if we have not target available do not redirect 2018-08-20 13:10:59 +10:00
Joffrey JAFFEUX 37d4f27c44
FIX: quality/bugfix dashboard/reports pass (#6283) 2018-08-17 16:19:25 +02:00
Sam 9628c3cf97 FEATURE: automatically correct extension for bad uploads
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
Sam baa72d18f8 FIX: simplify so we ban all auth paths
previously plugins that have auth paths were not disallowed and robots
tend to call them
2018-08-16 19:16:47 +10:00
Sam 796164b58c FIX: automatically correct bad avatars on access
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Rafael dos Santos Silva c8b5e6baae FEATURE: Use `display: browser` in webmanifest for iOS devices
Since iOS doesn't have a back button and can have issues on log in.

See https://twitter.com/firt/status/1021477243909033984
2018-08-15 23:36:08 -03:00
Misaka 0x4e21 d4fd19d49a UX: Replace Google search with Discourse search on not found page
* UX: Replace Google search with Discourse search on not found page.

* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Régis Hanol 12bab65167 FIX: going from /categories to /latest on mobile might break infinite scrolling 2018-08-15 01:22:03 +02:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Sam ad5f502332 FIX: add a basic validator for topic params
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
Sam 6f6b4ff988 regression: don't return from a block
also clean up some warnings (shadowed var, unused var)
2018-08-10 14:53:55 +10:00
Gerhard Schlager b9072e8292 FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246) 2018-08-10 10:51:03 +10:00
Gerhard Schlager ef4b9f98c1 FEATURE: Allow admins to reply without topic bump 2018-08-10 10:48:30 +10:00
Neil Lalonde 2c4d7225d8 FIX: permalink redirects with subfolder 2018-08-09 11:05:27 -04:00
Sam ed4c0f256e FIX: check permalinks for deleted topics
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
Osama Sayegh 0d45826d22
fix theme previewing (#6245) 2018-08-08 10:58:45 +03:00
Osama Sayegh 0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Joffrey JAFFEUX 67ec81babf
FIX: fixes last backup/last_update dates (#6242) 2018-08-07 08:19:52 -04:00
Guo Xiang Tan 2b57239389 FIX: Upload's content is the only source of truth for the file type. 2018-08-07 13:15:00 +08:00
Sam 6797395bd0 FIX: staff should be allowed to agree and keep post 2018-08-07 10:05:43 +10:00
Joffrey JAFFEUX 7f2f3b8b22
FIX: improves reports resilience (#6239)
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
David Taylor 812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Régis Hanol 535732bdc1 FIX: ensure the 'email_revoked' PM template is customizable 2018-08-03 17:10:20 +02:00
Penar Musaraj 4a872823e7 Improvements to user drafts (#6226)
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Penar Musaraj 1f45215537 FEATURE: Drafts view in user profile
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Guo Xiang Tan 919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
Neil Lalonde c12a9279f6 post deleted notification regression because controller was agreeing with all flags too early 2018-07-30 16:45:46 -04:00
Guo Xiang Tan 87537b679c Drop `reply_key`, `skipped` and `skipped_reason` from `email_logs`. 2018-07-30 11:39:28 +08:00
Neil Lalonde 1708ff1808 UX: add a route /rules as an alias for /faq and /guidelines 2018-07-26 15:38:08 -04:00
Joffrey JAFFEUX 330cf78c83
FIX: don’t break browser history on dashboard visit (#6186) 2018-07-26 14:59:28 -04:00
David Taylor 0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
Gerhard Schlager 9989c8179d FIX: Translation for default (light) color scheme was missing 2018-07-25 11:28:14 +02:00
Gerhard Schlager 1ac643d71c FIX: Email template for "Queued Posts Reminder" was not found 2018-07-24 17:26:52 +02:00
Guo Xiang Tan fad9c2b971 PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Sam caa669cf29 FIX: if exclude_category_ids is specified pass it through
This allows us to optionally show all topics on latest even if stuff is
suppressed via a plugin
2018-07-23 17:23:00 +10:00
Blake Erickson 37b726982d Fix silence and unsilenced response bodies
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
Joffrey JAFFEUX 1d5096eb46 FIX: lazy load more reports in dashboard 2018-07-20 23:35:53 -04:00
Joffrey JAFFEUX 1a78e12f4e
FEATURE: part 2 of dashboard improvements
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
Joffrey JAFFEUX a2281fbb19
FEATURE: allows to jump to a date in a topic 2018-07-19 16:00:13 +02:00
Régis Hanol 6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Vinoth Kannan f3868fd646 FIX: Create empty user_avatar row if not exist 2018-07-16 14:06:49 +05:30
Sam ac0053f491 FEATURE: navigate to first post and auto bump category settings
### navigate_to_first_post_after_read setting for categories

When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)

### num_auto_bump_daily

Set a number of topics that will automatically bump daily on a category.

- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day

Also some minor organisation on category settings

Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Leo McArdle 21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Vinoth Kannan 06deffc9da FIX: returns provider_not_enabled error even if enabled 2018-07-13 22:49:30 +05:30
Guo Xiang Tan 9647a0a4bc Remove unnecessary complex method. 2018-07-13 15:34:28 +08:00
Guo Xiang Tan 711371e8c8 FIX: Select+below will ask server for post ids on megatopics. 2018-07-13 15:10:39 +08:00
Kyle Zhao 2901691e87 FEATURE: per-category approval settings (#5778)
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Guo Xiang Tan 258e9e35ca PERF: Make mega topics work without a stream.
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld.
2018-07-12 12:46:12 +08:00
OsamaSayegh decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
David Taylor 9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
Maja Komel 18f5f646b1 FEATURE: allow selecting a tag when moving posts to a new topic (#6072) 2018-07-06 18:21:32 +02:00
Arpit Jalan b9835cc392 FIX: do not use scheduler for uploading csv file for invite
Since the bulk invite process already happens in a dedicated Sidekiq job
2018-07-04 13:28:11 +05:30
Sam e72fd7ae4e FIX: move crawler blocking into anon cache
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
Sam 7f98ed69cd FIX: move crawler blocking to app controller
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
Sam 6a54da0902 FIX: raise invalid params for bad callback
Corrects it so we raise a 400 instead of logged 500 error
2018-06-29 10:43:33 +10:00
Sam 982df3c17b FIX: return status 400 for invalid member params
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
Robin Ward fd7bb8e656 FIX: Scope the `cn` to the subfolder 2018-06-28 11:03:36 -04:00
Arpit Jalan 2c971c41f6 FIX: post deletions rate limit per day was not working 2018-06-28 19:21:27 +05:30
Arpit Jalan a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Arpit Jalan c352f8eb15 FEATURE: rate limit post deletions to 50 per day 2018-06-28 16:38:58 +05:30
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Arpit Jalan 6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Arpit Jalan 7efdccdbc5 FIX: allow staff to remove tags from queued topics 2018-06-26 17:08:40 +05:30
Joffrey JAFFEUX 95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Guo Xiang Tan 0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Rafael dos Santos Silva 51cb38783e FIX: start_url was wrong in non-subfolder 2018-06-15 14:29:33 -03:00
Rafael dos Santos Silva 8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Sam Saffron 030e322a39 FEATURE: block top level /my/ routes 2018-06-12 19:47:45 +10:00
Jeff Wong 44ee26721a FIX: add check for missing assets file in development 2018-06-11 11:18:34 -07:00
Arpit Jalan f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Vinoth Kannan d8e641cd98 FIX: avatar_url includes upload_path twice when local storage used 2018-06-06 18:27:30 +05:30
Guo Xiang Tan a83ab01264 REFACTOR: Remove extra param for group mentionable and messableable route. 2018-06-06 09:42:09 +08:00
Arpit Jalan f8d82f135f FIX: do not verify group visibility when checking for mentionable/messageable 2018-06-05 16:59:21 +05:30
Guo Xiang Tan 95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Guo Xiang Tan 21e9315416 FIX: Use user account email instead of auth email when totp is enabled.
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Guo Xiang Tan a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
OsamaSayegh 449399bef3 return 403 forbidden when local logins disabled 2018-05-26 05:18:19 +03:00
Régis Hanol 5b2e7c8d10 fix the build 2018-05-26 03:11:10 +02:00
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Guo Xiang Tan 569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache
FIX: update cache times for service workers
2018-05-25 09:28:17 +08:00
Sam 53b97b28f0 FIX: in rare conditions post timing would miss the user 2018-05-24 15:38:33 +10:00
Neil Lalonde 3db1032bfd FIX: not found page shouldn't include the Google search form for sites with login_required enabled 2018-05-23 16:59:02 -04:00
Blake Erickson 3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts
See [this commit][1] for more info

[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
Sam 3e06def856 FIX: If we have no logo defined use sketch in manifest 2018-05-22 12:10:59 +10:00
Sam 788ca1f112 FIX: stop adding email to unsubscribe url
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
2018-05-22 09:07:03 +10:00
Guo Xiang Tan 467d91347a Missing specs for `Group`, `Tag`, `Category` and `Flag` web hooks. 2018-05-21 17:29:58 +08:00
Arpit Jalan 9f422c93f6 FIX: restrict updates on `confirm_old_email` email templates 2018-05-19 12:19:59 +05:30
Arpit Jalan 003b7f06ad FIX: rescue specific error 2018-05-18 09:52:16 +05:30
Jeff Wong 04c7dbafa3 FIX: manifest.json better detection at mime type. Find size if uploaded 2018-05-17 14:45:24 -07:00
Jeff Wong 41ffafb65e FIX: best effort at returning correct mime types in manifest.json 2018-05-17 12:14:39 -07:00
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan 9532d9a555 FIX: handle invalid tags 2018-05-17 19:33:12 +05:30
Régis Hanol 131b7f5da5 make 🤖 rubocop happy 2018-05-16 16:35:04 +02:00
Joe Buhlig 3cd4c82c49 Allow parameters for group and username filters on directory (#5815) 2018-05-16 16:20:17 +02:00
Régis Hanol 5e97a9bfb7 FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone 2018-05-16 09:48:19 +02:00
Sam ff90881238 DEV: fix live refresh if you have a custom theme selected in dev 2018-05-16 17:25:49 +10:00
Sam 21e0b7c818 avoid async report pattern and replace with simpler hijack 2018-05-16 16:05:03 +10:00
Sam 193b6d5651 UX: improve new dashboard
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
Jeff Wong e4a33cbc0a FIX: update cache times for service workers
Add a last modified time.

Register newer service workers and claim clients more quickly.
2018-05-14 12:29:24 -07:00
Régis Hanol e9abdaebbe UX: show an enveloppe icon when a badge is used in messages
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
Sam 6332d5040d UX: switch dashboard to be the new dashboard
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam bc9e0d46af PERF: use cached reports for dashboard if available 2018-05-14 12:01:44 +10:00
Régis Hanol 37232fcb58 FIX: staff members should see all tags 2018-05-13 17:50:21 +02:00
Régis Hanol 2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Régis Hanol be6404d651 FIX: redirect users after signing up with a social login when using SSO provider 2018-05-13 16:03:11 +02:00
Régis Hanol 09cf35c760 FIX: redirect users after signing up using SSO provider 2018-05-12 00:41:27 +02:00
Régis Hanol abda21a41f Revert "FIX: redirect to sso_destination_url after account activation"
This reverts commit 0402e97368.
2018-05-11 22:55:45 +02:00
Régis Hanol 0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Régis Hanol 2958e17cde remove duplicate code 2018-05-11 12:16:37 +02:00
Sam 8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Blake Erickson bd352a17bf FIX: Show a json api response when deleting a user with posts
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
Guo Xiang Tan bbc85258c9 Rename `display_plugins` -> `visible_plugins`. 2018-05-09 07:52:45 +08:00
Arpit Jalan 83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Guo Xiang Tan c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Arpit Jalan 3a6e137e70 FIX: add context for deactivated user logs 2018-05-08 08:18:04 +05:30
Misaka 0x4e21 ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan aa0d32231c FIX: Incorrect query when removing a group owner.
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Jeff Wong 91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Neil Lalonde a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Joffrey JAFFEUX 980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Neil Lalonde bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Robin Ward a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Gerhard Schlager ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Sam 146a6c3592 FIX: exclude topics from latest in /categories on refresh
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
Robin Ward fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam 54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Guo Xiang Tan 70d181bff8 FIX: Better error message in `GroupsController#add_members`.
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
Rafael dos Santos Silva 9014ca4624 FEATURE: Enable the Web Share Target API
This will allow a Discourse instance that was installed[1] to receive share events.

See https://wicg.github.io/web-share-target/ for the spec.

1: https://developers.google.com/web/fundamentals/app-install-banners/
2018-04-19 17:00:05 -03:00
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX 0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX 01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Robin Ward 3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Arpit Jalan 9353ae4b5d Remove obsolete per topic unsubscribe page. 2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX 0e15a575f4
EXPERIMENTAL: new dashboard UI
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Arpit Jalan a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Arpit Jalan a8a12eb2d9 SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users 2018-04-15 18:01:58 +05:30
Arpit Jalan 18f50ca01a FIX: parameterize tag_id 2018-04-14 16:42:53 +05:30
Sam 3632b8d8d6 FEATURE: provide extra signal about content age to crawlers
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Régis Hanol df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Arpit Jalan 9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Arpit Jalan 3a86a2588c FIX: bulk append/replace tags was not working 2018-04-10 13:01:03 +05:30
Sam 5925a581db array is not supported here, use a simple comma delimited list 2018-04-10 14:37:10 +10:00
Guo Xiang Tan d9d86577ff FIX: Staff users are not affected by `enable_group_directory` site setting. 2018-04-10 09:22:01 +08:00
Guo Xiang Tan c82b2dcc24 Remove admin group management pages. 2018-04-09 15:14:50 +08:00
Arpit Jalan 185d6ac747 FIX: use safe navigation operator when checking for totp_enabled 2018-04-09 12:33:41 +05:30
Guo Xiang Tan 0623785f69 FIX: Prevent group owners from editing admin only settings. 2018-04-06 11:44:58 +08:00
Sam 3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Gerhard Schlager cd6a99a027 FEATURE: Send a different PM when a post has been hidden more than once 2018-04-05 14:03:21 +02:00
Guo Xiang Tan e36e9de28a Allow admin to view logs of automatic groups. 2018-04-05 16:31:55 +08:00
Guo Xiang Tan 8760c4d68c Fix `GroupsController#group_params` to allow more group attributes to be updated. 2018-04-05 13:53:00 +08:00
Vinoth Kannan 434cbc649f FEATURE: Webhook for tag events 2018-04-04 17:49:20 +05:30
Vinoth Kannan 16341219ab Log exception if remote theme importing failed 2018-04-02 20:10:18 +05:30
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Vinoth Kannan efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Guo Xiang Tan 87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
Robin Ward 22b631510c FIX: Silenced user wasn't being linked properly 2018-03-29 17:07:09 -04:00
Neil Lalonde 73c1d3e7fe FIX: tag notification preferences were being cleared when other preferences were changed 2018-03-29 15:08:32 -04:00
Guo Xiang Tan 52e75eaee9 UX: Tweaks to group pages. 2018-03-29 17:04:48 +08:00
Robin Ward eab64710ff FIX: Shared draft performance fix + missing avatars 2018-03-28 16:11:43 -04:00
Robin Ward 4b5977aa6a Revert "PERF: Don't join on shared drafts unless you have to"
This reverts commit efedd9745f.
2018-03-28 15:35:13 -04:00
Robin Ward efedd9745f PERF: Don't join on shared drafts unless you have to 2018-03-28 13:57:39 -04:00
Guo Xiang Tan 21ae49ab92 Simplify log in for request specs. 2018-03-28 11:32:47 +08:00
Guo Xiang Tan 70be8124a3 SECURITY: Don't expose development route in production. 2018-03-28 11:32:47 +08:00
Neil Lalonde 7311023a52
Merge pull request #5700 from discourse/crawl-block
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Vinoth Kannan ff9d7a9bfb FIX: authComplete query param should carry-forward to login page 2018-03-27 17:22:07 +05:30
Guo Xiang Tan 7edab1c0b9 UX: Add `groups/custom/new` route for admins to create a new group. 2018-03-27 17:39:05 +08:00
Gerhard Schlager 558914b986 Fix random spec errors 2018-03-27 11:14:06 +02:00
Vinoth Kannan e7407d0adc FEATURE: Webhook for group and category events 2018-03-27 11:53:35 +05:30
Guo Xiang Tan 2ecd234e27 UX: Consolidation group manangement into a single tab. 2018-03-27 13:34:46 +08:00
Neil Lalonde f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Guo Xiang Tan dcd1d422d1 UX: Allow admins to set users as owners while adding users.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Guo Xiang Tan 35745166b5 UX: New group membership management workflow.
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Kevin Elliott fa0868fc3f Explicit param permit and assignment cleanup. 2018-03-23 09:59:31 -07:00
Robin Ward 5f19ad9507 FIX: allow destination categories to be set if not at first 2018-03-23 11:33:02 -04:00
Robin Ward 38af67eb73 Update the destination category id when a user changes it 2018-03-23 11:12:56 -04:00
Guo Xiang Tan 7a4b70ef58 UX cleanup changes to 2FA flow. 2018-03-23 11:05:36 +08:00
Neil Lalonde ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Guo Xiang Tan f3b402ffd5 UX: Allow users to filter members on group page.
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Arpit Jalan d96c1058a2 FEATURE: add staff action log for 'restore topic' 2018-03-21 18:04:13 +05:30
Guo Xiang Tan a23509cbf3 UX: Limit the number of group names displayed on user page. 2018-03-21 16:38:33 +08:00
Guo Xiang Tan 9f216ac182 FIX: Infinite loading more on groups page. 2018-03-21 09:25:42 +08:00
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Guo Xiang Tan 15bcfcd182 UX: Allow users to filter by different group types on groups page. 2018-03-20 17:38:11 +08:00
Guo Xiang Tan 41b0fbe001 UX: Indicate user's group membership on groups page. 2018-03-19 18:29:30 +08:00
Guo Xiang Tan 05ea034490 UX: Allow groups page to be searchable. 2018-03-19 17:16:51 +08:00
Guo Xiang Tan 0522aabaab UX: Allow user_count on groups page to be sortable. 2018-03-19 16:15:13 +08:00
Guo Xiang Tan c1bf707e7d PERF: N+1 queries on badges page. 2018-03-19 14:36:09 +08:00
Guo Xiang Tan 52b9af10a1 PERF: PG queries for the `UserEmail#email` column was not using the index. 2018-03-19 11:31:14 +08:00
Arpit Jalan f053e4cf37
Merge pull request #5682 from techAPJ/allowed-tags-page
FIX: show only allowed tags on PM tags page and display correct count
2018-03-17 08:29:00 +05:30
Régis Hanol 89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Arpit Jalan e9bc763440 FIX: show only allowed tags on PM tags page and display correct count
FIX: tags page should link to user profile we are browsing
2018-03-17 00:17:48 +05:30
Guo Xiang Tan fe96ef6ed2 UX: Use topic list for displaying group messages on group page.
https://meta.discourse.org/t/group-inbox-on-a-groups-page-mockup/71319
2018-03-16 11:56:40 +08:00
Sam ba15273d3f FEATURE: maintain preview theme, while previewing
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
Rafael dos Santos Silva 2097f5330c FIX: Login redirect path was broken in subfolder installs 2018-03-15 11:49:35 +08:00
Guo Xiang Tan a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Robin Ward d31dfe0e84 FIX: Silencing / Suspending a user should not send a hidden message 2018-03-14 14:39:52 -04:00
Kyle Zhao f7bd05e534 FEATURE: set 'Retry-After' header for 429 responses (#5659) 2018-03-13 23:12:41 +08:00
Arpit Jalan 7d375690c1
Merge pull request #5667 from techAPJ/pm-tags-page
FEATURE: replace PM tags dropdown with a dedicated tags page
2018-03-13 13:08:21 +05:30
Arpit Jalan 24338fbbe8 FEATURE: replace PM tags dropdown with a dedicated tags page 2018-03-13 13:06:58 +05:30
Robin Ward 65ac80b014 FEATURE: Log Staff edits in Staff Action Logs
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
Sam 758b9a7dda FEATURE: prototype of local theme directory watcher
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
Arpit Jalan aac7796124 FIX: do not show tags with 0 count on /tags page 2018-03-09 20:57:31 +05:30
Sam 7c0e6b820e move key so it does not interfere with other errors 2018-03-09 16:42:11 +11:00
Sam 39e679d3cb FEATURE: allow themes to live in private git repos
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
Arpit Jalan c29660c8f1 FEATURE: filter personal messages by tags 2018-03-08 14:42:07 +05:30
Guo Xiang Tan 1365bab0d7 FEATURE: Live updates for user's messages page.
https://meta.discourse.org/t/group-inbox-messages-not-updated-for-new-posts/38189
2018-03-06 18:15:21 +08:00
Sam f0d5f83424 FEATURE: limit assets less that non asset paths
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
2018-03-06 15:20:39 +11:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Robin Ward 13eda41ff5 Fix lint errors 2018-03-03 14:34:19 -05:00
Robin Ward 31e3bf6d8d FEATURE: New "Categories and Top" homepage style
Select this option if you want to show top topics on the homepage
instead of latest topics.
2018-03-03 14:26:57 -05:00
Guo Xiang Tan 939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan fb75f188ba FEATURE: Disallow login via omniauth when user has 2FA enabled. 2018-03-01 15:47:07 +08:00
Guo Xiang Tan 947b6fdf46 FIX: Incorrect rate limit applied to topics invitation flow. 2018-03-01 12:50:00 +08:00
Guo Xiang Tan 5a462b930d REFACTOR: Prefer `exists?` over `present`. 2018-03-01 10:22:41 +08:00
Guo Xiang Tan c64f09b6b7 REFACTOR: Simplify and DRY `Group#invite`. 2018-02-26 11:59:07 +08:00
Régis Hanol 0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Sam a94dc0c731 Revert "FIX: preview theme not working consistently"
This reverts commit 845cec3ba0.
was not a needed change, but was elsewhere
2018-02-23 17:59:00 +11:00
Sam 845cec3ba0 FIX: preview theme not working consistently
Avoid flash, this makes debugging much simpler as well.

Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
Guo Xiang Tan dd26bbe868
Merge pull request #5610 from discourse/pm-tags
FEATURE: Allow staffs to tag PMs
2018-02-23 07:07:41 +08:00
Maja Komel 76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan 964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Sam 720e1965e3 FEATURE: add category suppress from latest
In the past we used suppress_from_homepage, it had mixed semantics
it would remove from category list if category list was on home and
unconditionally remove from latest.

New setting explicitly only removes from latest list but leaves the
category list alond
2018-02-22 09:56:35 +11:00
Robin Ward 83d8fa2892 FIX: Allow customized usernames to work in this route
Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2018-02-21 13:37:14 -05:00
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Guo Xiang Tan b16471edfb FIX: Invalid token error incorrectly displayed on email login page. 2018-02-21 15:46:53 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Régis Hanol 60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Robin Ward 02093ecbdd Extensibility: Allow plugins to munge user params 2018-02-16 19:12:02 -05:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Guo Xiang Tan 96e5a7da46 Prefer `success_Json` over custom success JSON payload. 2018-02-15 07:47:35 +08:00
Robin Ward a3e5a31674 FIX: Allow 404 pages to use the current theme 2018-02-14 15:29:01 -05:00
Sam 38f4acd55a FIX: rate limiter text is confusing, should not say daily
Also, adds easily parseable JSON so users can figure out
how long to wait when the API is limited. ("extras" "wait_seconds")
2018-02-14 15:29:50 +11:00
Sam f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward 7348513848 FIX: Include post in staff action logs when silencing a user 2018-02-13 15:59:10 -05:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Guo Xiang Tan f9280617d0 Remove redundant comment. 2018-02-13 15:58:13 +08:00
Muhlis Cahyono cc3cf6588b FEATURE: Notification API Endpoints for Admins
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Sam b34b1b6fe3 FIX: invite to message was not allowing groups
Previously we were incorrectly checking mentionable instead of messageable

Also fix edge case where multiple groups sharing a name mean that exact match override is not working

Also cleans up params sent to user selector
2018-02-13 13:28:46 +11:00
Robin Ward 569e57f0a9 FIX: Delete the invalid auth cookie even if you hit the rate limit 2018-02-09 19:09:54 -05:00
Gerhard Schlager 8765279c90 FIX: Customizing site texts ignored current locale for _MF keys 2018-02-07 16:57:08 +01:00
Robin Ward 8ff4104555 Many enhancements to the flagging / suspending interface. 2018-02-01 17:13:02 -05:00
Neil Lalonde 9fa71e198e FIX: admin reports charts should use same time of day as dashboard numbers 2018-02-01 15:59:39 -05:00
Sam 41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward 2d340d1122 FIX: Don't allow username update via update route
It's not using the UsernameChanger
2018-01-26 16:53:43 -05:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol e2d82b882e FIX: redirect to original URL after social login 2018-01-26 18:52:27 +01:00
Gerhard Schlager 683be5e555 FIX: Application should not crash when selected locale is missing 2018-01-25 14:57:41 +01:00
Sam 2437b0d531 FIX: regression, missing 404 page 2018-01-23 09:00:28 +11:00
Régis Hanol 5c1eaeca9e FIX: prevent users from moving whispers to new topic 2018-01-22 17:23:19 +01:00
Gerhard Schlager dde0fcc658 FEATURE: Allow sending invites to staged users 2018-01-22 15:37:18 +01:00
Régis Hanol f74ac826c5 slightly more meaningful error message 2018-01-22 12:20:53 +01:00
Sam 12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Robin Ward 34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Arpit Jalan e04fb9a877 fix the build 2018-01-17 12:57:33 +05:30
Arpit Jalan 79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam b2009d6e32 PERF: bypass theme handling on static routes 2018-01-17 16:33:17 +11:00
Sam 72b592c395 PERF: add frozen string literals to app controller 2018-01-17 16:32:52 +11:00
Sam d7657d8e47 correct specs, ensure crawler layout only applies to html 2018-01-16 16:28:11 +11:00
Arpit Jalan 6177fb80eb UX: switch to quartlerly period view for search log term graphs 2018-01-16 07:53:22 +05:30
Sam e3a616764e PERF: add frozen strings 2018-01-15 12:44:54 +11:00
Neil Lalonde 6d68275ef9 don't show tag groups if they're restricted to categories you can't access 2018-01-12 14:25:42 -05:00
Neil Lalonde 2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Neil Lalonde 4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Robin Ward dd33050e10 Add discourse events for when a user is suspended/silenced 2018-01-11 12:56:45 -05:00
Robin Ward e904d92b98 FIX: Suspension / Silence reasons were incorrect on save 2018-01-11 10:54:47 -05:00
Vinoth Kannan b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Sam daad2291ba simplify production switch and serve extra locales from actual site 2018-01-10 08:19:51 +11:00
Vinoth Kannan 61384c8026 Skip CDN for admin locales since it is login required 2018-01-10 01:24:03 +05:30
Arpit Jalan 672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Sam c9f42506b7 If login is required skip CDN 2018-01-09 17:51:53 +11:00
Sam 6b8320fea6 PERF: use cdn for extra locales 2018-01-09 17:00:42 +11:00
Sam ea63abf0f7 bypass mini profiler for locales
bypass cdn for now
2018-01-09 11:30:59 +11:00
Sam b0a7ee1aec FIX: source admin locale from cdn 2018-01-09 10:27:33 +11:00
Sam 8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Joffrey JAFFEUX 642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Arpit Jalan ed4b845930 FIX: render error message when backup download fails 2018-01-05 19:46:43 +05:30
Sam 5ad1709dba PERF: cache service worker for 1 hour 2017-12-28 08:31:01 +11:00
Régis Hanol f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Sam 3937ff0425 FIX: don't preload json on static routes 2017-12-27 14:33:36 +11:00
Robin Ward 69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Sam 62a27f9d57 FEATURE: warn if attempting to mention a group with too many members 2017-12-21 16:13:57 +11:00
Régis Hanol 7f69362d9d FIX: external links in whisper ended up in a white page
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
Philipp Daniels 6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Arpit Jalan eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Guo Xiang Tan 97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam 433ef4513b FEATURE: upload images and fonts in themes via hijack 2017-12-18 10:40:10 +11:00
Sam 5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Joffrey JAFFEUX 001abfc4cb Revert "FIX: not permitted theme params when importing theme"
This reverts commit 813df1a3fb.
2017-12-14 11:40:14 +01:00
Joffrey JAFFEUX 041deac67a Revert "FIX: constant lookup error when exporting theme"
This reverts commit 1eda8c50f0.
2017-12-14 11:40:08 +01:00
Joffrey JAFFEUX 813df1a3fb
FIX: not permitted theme params when importing theme 2017-12-14 11:25:58 +01:00
Joffrey JAFFEUX 1eda8c50f0
FIX: constant lookup error when exporting theme 2017-12-14 11:25:11 +01:00
Guo Xiang Tan f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam 14cfce2827 Merge branch 'master' of github.com:discourse/discourse 2017-12-14 17:17:02 +11:00
Sam 96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Guo Xiang Tan 34342ad0d8 FIX: `User#user_avatar` may be nil. 2017-12-14 13:23:03 +08:00
Régis Hanol 1b4483c942 FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts 2017-12-13 22:12:06 +01:00
Sam a393d3bcbb FIX: ensure staged accounts are always inactive
If for any reason active is stored in the user model, clear it out
prior to creating an account
2017-12-13 14:22:16 +11:00
Arpit Jalan 492af81e67 FIX: save registration_ip_address for staged users logging in via social auth 2017-12-12 17:41:16 +05:30
Guo Xiang Tan e2b64257b3 Fix undefined method for `NilClass` error. 2017-12-12 18:54:29 +08:00
Arpit Jalan b014540fde FIX: view was getting rendered twice for rate limiting error 2017-12-12 14:48:58 +05:30
Arpit Jalan 3c230d8f97 FIX: 'redirect_to :back' is deprecated 2017-12-11 12:18:19 +05:30
Robin Ward 74b9828731 FIX: Remove mentions filters from user and groups
Additionally return no data if disabled
2017-12-07 16:29:02 -05:00
Arpit Jalan 5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Joffrey JAFFEUX f0ef307d2d
FIX: topic timer offset applied two times
timezone offset was calculated and sent from browser to server, it would be applied on utc time generated from '2013-11-22 5:00' format for example and then sent back to browser which would display it thinking it's UTC time using `moment(utc time)` when it's in fact an UTC time we have offseted with the initial user timezone.

This is impossible to automatically test in the current app state. Easiest reproduction is in live browser after setting your timezone to `America/New_York`, when setting a topic timer to later_today, after save, the time under the topic should be off to something roughly equal +1/-1  hour to your timezone offset.
2017-12-07 14:42:58 +01:00
Robin Ward 410994b7f5 FEATURE: Show a button to Staff for "Moderation History" on posts/topics
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
Vinoth Kannan 6e054b2572 FEATURE: Convert HTML to Markdown while pasting in composer 2017-12-05 12:23:39 -05:00
Guo Xiang Tan e73fbfe265 FIX: `Topic#featured_link_root_domain` extracts URL before parsing. 2017-12-04 10:00:07 +08:00
Arpit Jalan 496cd3b4df
Merge pull request #5385 from techAPJ/search-logs-improvements
FEATURE: support search click through tracking for user, category and tags
2017-12-01 12:08:38 +05:30
Arpit Jalan e3925278e2 FEATURE: support search click through tracking for user, category and tags
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj

This commit adds following features:

- support for tracking click through to user, tag and category
- new filter for search type (header, full page)

This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
Guo Xiang Tan f7f743970b Just use space to prettify SSO verbose error logging. 2017-11-30 15:10:00 +08:00
Régis Hanol 0d34caff85 UX: show error message when no gravatar is associated 2017-11-29 18:09:44 +01:00
Régis Hanol 1218ead355 UX: preloaded gravatar was appearing on the right instead of the left 2017-11-29 18:07:09 +01:00
Guo Xiang Tan 1d8b834301
Merge pull request #5369 from vinothkannans/queued
FIX: Error if queued post not found while updating
2017-11-28 17:51:05 +08:00
Guo Xiang Tan 7b8699f3be FIX: Can't load `service-worker.js` in production. 2017-11-28 15:40:57 +08:00
Jeff Wong b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward 77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Vinoth Kannan 31aa21b5a4 FIX: Error if queued post not found while updating 2017-11-27 19:25:51 +05:30
Sam 608207b2e5 FEATURE: avatar proxy happens in background
This ensures that even if it is slow to download avatars site will
continue to work

Also simplifies hijack pattern
2017-11-27 17:43:24 +11:00
Sam d5e7691ae9 favicon proxy now uses hijack 2017-11-27 14:51:14 +11:00
Sam eb428ef54d FEATURE: uploads are processed a faster
Also cleans up API to always return 422 on upload error. (previously returned 200)

Uploads are processed using new hijack pattern
2017-11-27 12:43:35 +11:00
Sam e0e99d4bbd PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-24 15:31:40 +11:00
Sam 49f97d75b7 FIX: make uploads safe for block that can run later 2017-11-23 17:28:18 +11:00
Sam d43a54e83a FIX: use current_user.id in onebox instead of param 2017-11-23 15:32:19 +11:00
Régis Hanol 4addc5e329 Add missing contexts when destroying users 2017-11-22 15:43:54 +01:00
Sam a92f61e926 FIX: allow login required sites access to attachements 2017-11-22 10:50:55 +11:00
Robin Ward 8d98752b57 Allow sites to bootstrap the error page.
This will display working dropdowns and such even if the page is a 404.
2017-11-21 16:13:09 -05:00
Robin Ward 628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Régis Hanol 2d48caffdf FIX: be more lenient when deleting a custom emoji 2017-11-20 23:50:23 +01:00
Robin Ward 0a9daba627 FIX: Support for long suspension emails 2017-11-20 12:45:46 -05:00
Gerhard Schlager 92a831bae6 FEATURE: user directory returns staged users during search 2017-11-19 01:17:31 +01:00
Gerhard Schlager 8f6d35aa59 FEATURE: category setting for mailinglist mirror 2017-11-17 15:29:14 +01:00
Robin Ward cef64e8f03 UX: Use `no_ember` styling for omniauth error page 2017-11-15 14:04:26 -05:00
OsamaSayegh 4c4410225e UX: cap likes 2 (#5237) 2017-11-15 11:28:54 +11:00
Arpit Jalan 3831663fea FEATURE: search logs page (#5313) 2017-11-15 11:13:50 +11:00
Robin Ward 971e302ff2 FEATURE: Support an end date for user silencing 2017-11-14 13:20:19 -05:00
Sam 4b42a0abc9 FIX: add error for suspended users attempting to login via sso 2017-11-14 16:52:00 +11:00
Sam 47e4c9bb46 FIX: import/export theme should work with uploads 2017-11-14 16:30:23 +11:00
Sam dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Michael Howell 38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268)
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Guo Xiang Tan ed16cba77f REFACTOR: Raise error if email token fails to create. 2017-11-08 12:02:33 +08:00
Neil Lalonde d7880af0bb FIX: change password form validation should instruct admins to use min password length for admin accounts 2017-11-07 16:14:56 -05:00
Robin Ward 2f0c9793f1 FEATURE: Allow multiple html builders to be registered via plugins 2017-11-03 11:32:32 -04:00
Guo Xiang Tan d320f4840d FIX: Unable to invite groups that are not public visible into pms.
https://meta.discourse.org/t/inviting-groups-broken-in-head/73346/6
2017-11-03 21:40:33 +08:00
Sam 56412adad5 FEATURE: custom setting for large square site icon
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Guo Xiang Tan edf4af608e FIX: Better match when searching for groups. 2017-11-02 10:20:14 +08:00
Guo Xiang Tan ab2a5cef38 FIX: Can't edit membership request template on group page. 2017-11-02 08:51:43 +08:00
Rafael dos Santos Silva 3c8b376e4a FIX: Coalesce properly logos for the mobile manifest 2017-11-01 02:28:09 -02:00
Rafael dos Santos Silva 32b3847d52 FIX: Update mobile logo resolution
This makes Discourse compliant with latest Google PWA requirements,
so we get the App Install banner back.

Should bump our Lighthouse PWA Audit score to 11/11.
2017-11-01 01:51:51 -02:00
Robin Ward 076df104dc FEATURE: Support filtering of groups page by category if in url 2017-10-31 17:50:06 -04:00
Sam 1bd9e64a36 FIX: offline controller regression 2017-10-31 15:44:50 +11:00
Penar Musaraj bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Sam fab3e25101 FIX: badge selector showing up for anon 2017-10-30 16:21:31 +11:00
Arpit Jalan 33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Guo Xiang Tan f1615c2148 Merge pull request #5263 from tgxworld/improve_pattern
REFACTOR: Always validate email by default.
2017-10-26 14:34:09 +08:00
Rafael dos Santos Silva 5d5268a82b Feature: Group handling 2017-10-25 22:49:17 -02:00
Guo Xiang Tan defea6245c REFACTOR: Always validate email by default. 2017-10-25 13:48:34 +08:00
Robin Ward 23dce88f5f FIX: Removed a line by accident, broke tests 2017-10-23 14:49:14 -04:00
Robin Ward 89a1b34480 FIX: Show the deleted icon if the quote expands a deleted topic 2017-10-23 13:41:41 -04:00
Arpit Jalan 804b4f32f8 better error message when API authentication fails 2017-10-20 20:05:34 +05:30
Guo Xiang Tan 989280a222 FIX: Don't rotate session in reaodnly mode. 2017-10-20 17:15:28 +08:00
Guo Xiang Tan 25c25ae423 FEATURE: Allow user to leave a PM. 2017-10-19 12:32:55 +08:00
Arpit Jalan f50d447881 FIX: render secure category topics in RSS if the user can view the topics 2017-10-18 14:23:30 +05:30
Neil Lalonde 2db66072d7 SECURITY: signup without verified email using Google auth 2017-10-16 13:51:41 -04:00
Arpit Jalan a2183c3f1d SECURITY: verify that inviter can invite new user to a topic 2017-10-09 15:59:41 +05:30
Guo Xiang Tan a6f2533d38 SECURITY: Fix XSS on unsubscribed page. 2017-10-09 09:04:46 +08:00
Guo Xiang Tan 6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan 190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Guo Xiang Tan 3efde2618d UX: Do not display non-human users on group page.
https://meta.discourse.org/t/members-of-groups-staff/71437
2017-10-06 10:35:40 +08:00
Régis Hanol 4771b0a99f FIX: user fields in invite signups were broken 2017-10-04 23:04:24 +02:00
Neil Lalonde 1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Neil Lalonde e47f5cedd2 FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup 2017-10-03 15:28:30 -04:00
Régis Hanol daf1dda700 FIX: username autocomplete in assign modal wasn't working 2017-10-03 12:49:45 +02:00
Guo Xiang Tan a966f2134c Merge pull request #5215 from gschlager/email_templates
Add specs for EmailTemplatesController
2017-10-03 14:30:19 +08:00
Arpit Jalan 469c6776c6 FIX: exporting admin dashboard reports were broken
http://eileencodes.com/posts/actioncontroller-parameters-now-returns-an-object-instead-of-a-hash/
2017-10-02 19:30:23 +05:30
Gerhard Schlager 5bb326a452 Add specs for EmailTemplatesController 2017-10-02 14:53:27 +02:00
Guo Xiang Tan 8140e54675 FIX: More fixes for `Group#mentionable` and `Group#messageable` feature. 2017-10-02 17:45:58 +08:00
Guo Xiang Tan 4e07bbfbbf FIX: Only allow intergers for page params. 2017-10-02 10:45:54 +08:00
Eleanor Demis ac04f5e0cc update response error when deleting tags (#5213) 2017-09-30 16:31:32 +02:00
Régis Hanol f6c484881b FIX: wasn't able to save watched/tracked/muted categories/tags 2017-09-29 13:09:48 +02:00
Guo Xiang Tan 6baea9948b Revert "fix the build"
This reverts commit 8b74c7d325.
2017-09-29 08:57:06 +08:00
Régis Hanol 8b74c7d325 fix the build 2017-09-28 15:50:01 +02:00
Régis Hanol cd6dff58dd FIX: add user option/profile fields that were not permitted 2017-09-28 14:59:53 +02:00
Guo Xiang Tan 5d53eefcab Fix broken test. 2017-09-28 16:09:58 +08:00
Guo Xiang Tan 5f1c29e424 FIX: Display json response when `Discourse::InvalidAccess` is raised for
non json requests.
2017-09-28 15:31:16 +08:00
Guo Xiang Tan 373fd8990e PERF: N+1 when generating not found page. 2017-09-28 15:31:16 +08:00
Guo Xiang Tan 4319d8a142 FIX: Missing template error when rendering `topics#show` error message. 2017-09-28 11:06:44 +08:00
Régis Hanol 6a7920ad75 FIX: wasn't able to change default theme 2017-09-27 20:05:31 +02:00
Gerhard Schlager 1a37812625 FIX: show error message when keys are missing in email template
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
Guo Xiang Tan 2568312475 FIX: Use exact patht to ensure we always redirect with the right format. 2017-09-27 11:55:06 +08:00
Régis Hanol af01e62b14 FIX: wasn't allowed to set a user's title anymore 2017-09-26 20:13:24 +02:00
Régis Hanol 28c54b42c5 FIX: wasn't able to update user options anymore 2017-09-26 20:00:10 +02:00
Robin Ward 460ed3c8cf Revert "Allow `NotFound` to specify an optional `Location` for the resource"
This reverts commit 4ae66c9e01.
2017-09-26 12:58:24 -04:00
Robin Ward 4ae66c9e01 Allow `NotFound` to specify an optional `Location` for the resource 2017-09-26 09:10:18 -04:00
Guo Xiang Tan 6f5051861c Remove unused option. 2017-09-26 14:47:38 +08:00
Guo Xiang Tan 5d37f8673b PERF: Only send down suggested payload when loading last chunk. 2017-09-26 14:42:27 +08:00
Robin Ward d1ebc62065 The ability to display errors on flagging actions. 2017-09-25 12:28:01 -04:00
Robin Ward 09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Robin Ward 6bce3004d9 UX: Nicer selection of suspend duration 2017-09-25 12:28:00 -04:00
Robin Ward 677b016387 Send a suspension message via email to a user 2017-09-25 12:26:41 -04:00
Robin Ward 2a56cf8bb6 Tests + Refactoring for Suspension Modal 2017-09-25 12:26:06 -04:00
Robin Ward d7c37d9369 Add front end service for staff controls 2017-09-25 12:25:14 -04:00
Robin Ward 5cf50f0034 Adjust flagged posts to use the store 2017-09-25 12:25:14 -04:00
Robin Ward 5e69217793 Add filtering support to flags 2017-09-25 12:25:14 -04:00
Robin Ward 40eba8cd93 FEATURE: View flags grouped by topic 2017-09-25 12:25:14 -04:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Régis Hanol 8ed318c4fe display 'similar to' earlier when composing a post 2017-09-16 01:03:29 +02:00
Régis Hanol 797936d2c5 FIX: don't leak whisper count in user card 2017-09-14 20:08:16 +02:00
Arpit Jalan 4e49b3b140 FIX: do not create new email token if there already exists a confirmed one 2017-09-14 10:52:29 +05:30
Leo McArdle 104d97695d FIX: don't activate un-confirmed email on omniauth authentication (#5176) 2017-09-12 17:36:17 +02:00
Robin Ward 171d9e5aed SECURITY: Prevent users from updating to blacklisted email domains 2017-09-12 10:11:08 -04:00
Neil Lalonde d7d9923b8e FIX: display email validation error messages 2017-09-11 13:22:14 -04:00
Guo Xiang Tan 5d4221fbe1 PERF: Avoid calling expensive `PostGuardian#can_see_post?` multiple times.
Before

```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
  50: 19
  75: 19
  90: 21
  99: 27
topic:
  50: 56
  75: 62
  90: 64
  99: 99
timings:
  load_rails: 1262
ruby-version: 2.4.1-p111
rss_kb: 198432
pss_kb: 136612
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_9877: 327892
pss_kb_9877: 263671
rss_kb_9946: 325468
pss_kb_9946: 261671
rss_kb_10153: 326456
pss_kb_10153: 262657
```

After

```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
  50: 18
  75: 18
  90: 20
  99: 28
topic:
  50: 41
  75: 42
  90: 46
  99: 49
timings:
  load_rails: 1201
ruby-version: 2.4.1-p111
rss_kb: 187936
pss_kb: 123596
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_26478: 342360
pss_kb_26478: 276696
rss_kb_26547: 340368
pss_kb_26547: 275930
rss_kb_26747: 338964
pss_kb_26747: 274466
```
2017-09-08 14:07:24 +08:00
Guo Xiang Tan 4d840d10db PERF: Reduce number of Redis hits per requests. 2017-09-07 13:34:27 +08:00
Guo Xiang Tan 8463b676df Revert "Activate mini-profiler when in profiling env."
This reverts commit d61109388c.
2017-09-06 11:26:03 +08:00
Guo Xiang Tan d61109388c Activate mini-profiler when in profiling env. 2017-09-06 11:19:20 +08:00
Guo Xiang Tan 5c1143cd55 Add missing test case for `PostController#timings`. 2017-09-04 16:36:02 +08:00
Sam 9f0f086b3e FEATURE: allow API to mark accounts as approved on creation 2017-08-28 15:36:46 -04:00
Bianca Nenciu 6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Bianca Nenciu bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan 4b4169c8fd Merge pull request #5053 from fantasticfears/session-controller
Spec for local auth check
2017-08-24 09:42:54 +09:00
Guo Xiang Tan 91d3929f52 Merge pull request #5078 from lelelelemon/master
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang 8124f26a6e change count>0 to exists 2017-08-23 22:54:51 +00:00
Sam 8dfb1be4d1 FEATURE: unlisted *only* means not listed in topic lists
Remove security by obscurity feature that tries for exact slug match

If you need to hide a topic from users either move to a secure category
or convert to a PM
2017-08-22 17:53:54 -04:00
Sam d7a2584c6e FEATURE: image uploads now have short urls
Shorten all image uploads to use short urls, this is the client
side implementation.
2017-08-22 16:40:08 -04:00
Sam 2f0c6c99e0 FIX: ip lookup not working
Also add a powered by line so it is clear this makes an external service call
2017-08-21 14:18:49 -04:00
Mudasir Raza 84c83afd35 Allow optional import_mode param for posts in api (#4952) 2017-08-17 07:53:04 -04:00
Erick Guan c7a101476e Spec for local auth check 2017-08-16 11:01:00 +02:00
Guo Xiang Tan b77aa29e71 Merge pull request #5013 from LeoMcA/alternate-emails-phase-1.5
FIX: add additional email to tests and clean up resulting mess
2017-08-16 16:19:28 +09:00
Kyle Zhao c3249f6e93 FEATURE: add full editing access to queued posts (#5047)
For pending new topics: the body of the post, title, categories
and the tags are editable.

For pending new replies: only the body is applicable and thus
editable

DISCUSSION: https://meta.discourse.org/t/66754
2017-08-15 12:44:05 -04:00
Régis Hanol 4f09a5a7a5 Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post 2017-08-12 04:10:45 +02:00
Arpit Jalan bf2c35aa99 FEATURE: add RSS feed for badge pages 2017-08-09 13:43:49 +05:30
Guo Xiang Tan 898c6ba037 Merge pull request #5033 from tgxworld/reason_when_requesting_to_join_a_group
FEATURE: Force user to enter reason when requesting for group members…
2017-08-09 15:54:21 +09:00
Guo Xiang Tan a9613163b5 FEATURE: Force user to enter reason when requesting for group membership. 2017-08-09 15:45:28 +09:00
Arpit Jalan e36a20660d FIX: handle topics without excerpt for meta description tag 2017-08-08 22:17:05 +05:30
Régis Hanol d182f0f2d1 Add support for preloaded custom_fields on Group 2017-08-08 15:45:27 +02:00
Robin Ward 2e4b3e9b06 Don't include all html builders on client and server side 2017-08-07 11:29:35 -04:00
Guo Xiang Tan 3f24ed2b3e Can't revert due to incompatibility of new site setting types.
Revert "Revert "FEATURE: Site settings defaults per locale""

This reverts commit 439fe8ba24.
2017-08-07 10:43:09 +09:00
Guo Xiang Tan 439fe8ba24 Revert "FEATURE: Site settings defaults per locale"
This reverts commit 468a8fcd20.
2017-08-07 10:31:50 +09:00
Régis Hanol 3c0de22bf0 FIX: wasn't able to remove a user's primary group 2017-08-04 18:13:20 +02:00
Erick Guan 468a8fcd20 FEATURE: Site settings defaults per locale
This change-set allows setting different defaults for different locales. 

It also:

- Adds extensive testing around site setting validation

- raises deprecation error if site setting has the default property based on env

- relocated site settings for dev and tests in the initializer

- deprecated client_setting in the site setting's loading process

- ensure it raises when a enum site setting being set

- default_locale is promoted to `required` category.

- fixes incorrect default setting and validation

- fixes ensure type check for site settings

- creates a benchmark for site setting

- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Guo Xiang Tan 33e22cf598 Add back `Admin::GroupsController#index` route for now.
* The endpoint is being used by discourse_api.
2017-08-03 00:24:23 +09:00
Matt Palmer 67882ec37d Hunt-and-kill a few more mis-encoded params
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217/6?u=mpalmer
2017-08-01 18:03:44 +10:00
Matt Palmer 7ee861f457 FIX: Return a UTF-8 string in tag notifications
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217
2017-08-01 16:27:52 +10:00
Neil Lalonde fa3c240e8b Merge pull request #4981 from dmacjam/fix_limited_search_results
FIX: limited search results
2017-07-31 20:23:57 -04:00
Leo McArdle 836dee1120 FIX: add additional email to tests and clean up resulting mess 2017-07-31 22:27:29 +00:00
Neil Lalonde 7c1d7fb423 Merge branch 'master' into fix_limited_search_results 2017-07-31 15:55:31 -04:00
Arpit Jalan 6c997b65d9 optimize enqueuing activation email code 2017-07-31 22:57:39 +05:30
Arpit Jalan 0b01d0e95d FIX: staff cannot manually activate accounts after 48 hours has elapsed
https://meta.discourse.org/t/staff-cannot-manually-activate-invited-accounts-after-48-hours-has-elapsed/66292/14?u=techapj
2017-07-31 22:24:09 +05:30
Arpit Jalan 2e2b5e28aa FIX: add slight delay when enqueuing activation email 2017-07-31 16:52:07 +05:30
Guo Xiang Tan 4620dfe92d FEATURE: Add group settngs to allow users to leave a group freely.
https://meta.discourse.org/t/split-join-leave-freely-setting-on-groups/65565
2017-07-28 15:00:25 +09:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward 5cfc2d8972 Run wizard specs in docker:test 2017-07-27 11:29:18 -04:00
Guo Xiang Tan 2442bba131 UX: Better group creation workflow.
* Owners and users can now be added to a group during creation.

https://meta.discourse.org/t/you-cannot-allow-membership-requests-without-any-owners/64760/3
2017-07-27 16:12:42 +09:00
Neil Lalonde 24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Guo Xiang Tan b59dfb86f4 UX: Include group name in email when group is invited to a PM.
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
Guo Xiang Tan e3ac6585bd FIX: Search by topic_id should not be restricted by `SiteSetting.min_search_term_length`. 2017-07-26 09:52:39 +09:00
Guo Xiang Tan 6c0a29698b Fix JS tests failing when running in `RAILS_ENV=test`.
Fixes the following error:

```
phantomjs /home/tgxworld/work/discourse/vendor/assets/javascripts/run-qunit.js http://localhost:60099/qunit
2017-07-25 16:27:41 +0900: Rack app error handling request { GET /stylesheets/desktop.css }
<Errno::ENOENT: No such file or directory @ rb_sysopen - /home/tgxworld/work/discourse/tmp/stylesheet-cache/desktop.css>
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `write'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `show_resource'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:9:in `show'
```
2017-07-25 16:31:31 +09:00
Guo Xiang Tan 1b0750d7ef Merge pull request #4983 from tgxworld/group_owners_can_invite_users_to_groups
Group owners can invite users to groups
2017-07-24 16:21:19 +09:00
Leo McArdle 407a23663d FEATURE: send rejection email for unrecognized errors 2017-07-21 18:26:52 +01:00