Commit Graph

39778 Commits

Author SHA1 Message Date
Martin Brennan f63da1c146
FIX: Confirm new email not sent for staff if email disabled with "non-staff" option (#10794)
See https://meta.discourse.org/t/email-address-change-confirmation-email-not-sent-but-every-other-notification-emails-are/165358

In short: with disable emails set to non-staff, email address change confirmation emails (those sent to the new address) are not sent for staff or admin members.

This was happening because we were looking up the staff user with the to_address of the email, but the to address was the new email address because we are sending a confirm email change email, and thus the user could not be found. We didn't need to do this anyway because we are passing the user into the Email::Sender class anyway.
2020-10-08 13:52:17 +10:00
Sam Saffron cd3254e170 DEV: remove legacy code
This code is a no-op on all sites, even though it looks rather dangerous
this migration has long run prior to people trying exploit it.

That said ... hygiene here ... is not good.

Remove this legacy, we do not want it, even in historical migrations.
2020-10-08 10:53:07 +08:00
Guo Xiang Tan 2607bb602e Fix broken spec.
Follow-up to 3c678df942
2020-10-08 10:52:46 +08:00
Guo Xiang Tan cabbc32024 FIX: Scheduled jobs not showing up in /sidekiq/schedule in dev. 2020-10-08 10:24:51 +08:00
Sam 3c678df942
PERF: avoid lookbehinds when indexing search (#10862)
* PERF: avoid lookbehinds when indexing search

Previously we used a `EmailCook.url_regexp` this regex used lookbehinds

Unfortunately certain strings could lead to pathological behavior causing
CPU to skyrocket and regex replace to take a very very long time.

EmailCook still needs a fix, but it is less urgent cause it already splits
to single lines. That said we will correct that as well in a seperate PR.

New implementation is far more naive and relies on the extra spaces search
indexer inserts.
2020-10-08 11:40:13 +11:00
jbrw a1918801a4
FIX - downcase strings consistently (#10861)
ruby and postgres can treat certain characters differently when downcasing them. So do all the downcasing in ruby so that we get consistent results.
2020-10-08 11:28:07 +11:00
Gerhard Schlager bdbee36961 DEV: Fix typo 2020-10-07 23:43:11 +02:00
Penar Musaraj 40460fa00a
FIX: missing SVG mask asset in wizard (#10856)
The dark-mode-friendly SVG mask for the wizard's background image
introduced in 8fcfb9586c does not work with
CDNs, because CORS restrictions apply to SVG masks.

It would be complicated to modify CDN access origin rules for this one
specific assets, so instead, this PR moves the contents of the SVG file
inside the stylesheet.
2020-10-07 16:23:14 -04:00
Robin Ward cee80b0e44 FIX: Group Requests loading was broken
We were referencing the wrong property, which meant the footer was
always being hidden and we were trying to load more requests when we'd
already loaded them all.

see:
https://meta.discourse.org/t/constant-loading-on-group-membership-request-tab/166284
2020-10-07 14:54:17 -04:00
Penar Musaraj ddd6c990f6
FIX: Respect show_category_definitions_in_topic_lists in category lists (#10853)
When that site setting is enabled, the category counts (new/unread)
include the subcategory definition topics, but the topics aren't included
in the list. This fixes that discrepancy.
2020-10-07 14:19:48 -04:00
Robin Ward 3e8561daaf REFACTOR: Some qunit `module` imports were missing
These are tricky because `module.exports` is used by nodejs files as a
global, which is OK. But we don't want to allow `module` in JS tests
for qunit without importing it first.
2020-10-07 13:25:25 -04:00
Penar Musaraj 2ad7d98990
FIX: Include topics from subcategories in tracked list (#10850) 2020-10-07 12:15:28 -04:00
David Taylor 16daf3c986
FIX: Compare Jobs::UserEmail type argument as string (#10851)
In specs, symbols are passed through correctly. But in production, all arguments are provided to jobs as strings.

Followup to c0293339b8
2020-10-07 16:55:32 +01:00
Robin Ward 71d37953d5 REFACTOR: Import `QUnit` and related helpers rather than globals
We used many global functions to handle tests when they should be
imported like other libraries in our application. This also gets us
closer to the way Ember CLI prefers our tests to be laid out.
2020-10-07 11:50:49 -04:00
David Taylor c0293339b8
PERF: Do not enqueue digest emails when attempted recently (#10849)
Previously, Jobs::EnqueueDigestEmails would enqueue a digest job for every user, even if there are no topics to send. The digest job would exit, no email would send, and last_emailed_at would not change. 30 minutes later, Jobs::EnqueueDigestEmails would run again and re-enqueue jobs for the same users.

120fa8ad introduced a temporary mitigation for this issue, by randomly selecting a subset of those users each time.

This commit adds a new `digest_attempted_at` column to the `user_stats` table. This column is updated every time a digest job completes for a user. Using this, we can avoid scheduling digest jobs for the same user every 30 minutes. This also removes the random user selection in 120fa8ad, and instead prioritizes users who had digests attempted the longest time ago.
2020-10-07 15:30:38 +01:00
dependabot-preview[bot] 68d4b92bba
Build(deps-dev): Bump rspec-html-matchers from 0.9.2 to 0.9.4 (#10842)
Bumps [rspec-html-matchers](https://github.com/kucaahbe/rspec-html-matchers) from 0.9.2 to 0.9.4.
- [Release notes](https://github.com/kucaahbe/rspec-html-matchers/releases)
- [Changelog](https://github.com/kucaahbe/rspec-html-matchers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucaahbe/rspec-html-matchers/compare/v0.9.2...v0.9.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-07 15:51:10 +02:00
Joffrey JAFFEUX 82031aaf16
DEV: makes discourse-styleguide core (styleguide) (#10847)
This plugin is only useful for developers, however, making it core allows us to centralize any component modification in one commit.

This integration also adds a new site_setting: `styleguide_admin_only` which allows to enable a styleguide on a live site while restricting visibility to admins only.

By default, styleguide is disabled.
2020-10-07 14:48:38 +02:00
Dan Ungureanu 9c0892c47c
FIX: Use getAttribute instead of dataset (#10848)
IE10 does not have dataset field.
2020-10-07 13:49:19 +03:00
Sam 120fa8ad2f
PERF: Introduce absolute limit of digests per 30 minutes (#10845)
To avoid blocking the sidekiq queue a limit of 10,000 digests per 30 minutes
is introduced.

This acts as a safety measure that makes sure we don't keep pouring oil on
a fire.

On multisites it is recommended to set the number way lower so sites do not
dominate the backlog. A reasonable default for multisites may be 100-500.

This can be controlled with the environment var

DISCOURSE_MAX_DIGESTS_ENQUEUED_PER_30_MINS_PER_SITE
2020-10-07 17:30:15 +11:00
Martin Brennan 6e2be3e60b
FIX: When admin changes an email for the user the user must confirm the change (#10830)
See https://meta.discourse.org/t/changing-a-users-email/164512 for additional context.

Previously when an admin user changed a user's email we assumed that they would need a password reset too because they likely did not have access to their account. This proved to be incorrect, as there are other reasons a user needs admin to change their email. This PR:

* Changes the admin change email for user flow so the user is sent an email to confirm the change
* We now record who the email change request was requested by
* If the requested by user is admin and not the user we note this in the email sent to the user
* We also make the confirm change email route open to anonymous users, so it can be clicked by the user even if they do not have access to their account. If there is a logged in user we make sure the confirmation matches the current user.
2020-10-07 13:02:24 +10:00
dependabot-preview[bot] 3303b7f9d0 Build(deps): Bump parser from 2.7.1.5 to 2.7.2.0
Bumps [parser](https://github.com/whitequark/parser) from 2.7.1.5 to 2.7.2.0.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v2.7.1.5...v2.7.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-10-07 08:38:18 +08:00
Kane York 68e87bb58e
User export: profile as json, export auth token logs (#10819)
* FEATURE: Export the entire user profile as json, not just bio/website

* FEATURE: Add session log information to user export

Even though the columns are named 'auth_token' etc, the content is not actually usable to log into the forum with. Despite all that, it is still truncated for export, to avoid any 'token hash cracking' situations.
2020-10-06 15:51:53 -07:00
Joffrey JAFFEUX 7b34433fc2
REVERT: revert change from action + mut to mut (#10844)
* Revert "FIX: fixes regression where wizard dropdown couldn't update (#10838)"

This reverts commit e3b2fc6074.

* Revert "DEV: replaces unecessary (action (mut .*)) by (mut .*) (#10822)"

This reverts commit c0350dc362.
2020-10-06 23:50:05 +02:00
Roman Rizzi a8c47e7c7f
SECURITY: Ensure users can see the topic before setting a topic timer. (#10841) 2020-10-06 16:49:06 -03:00
Joffrey JAFFEUX e3b2fc6074
FIX: fixes regression where wizard dropdown couldn't update (#10838) 2020-10-06 13:33:37 -04:00
Jarek Radosz 34c99da205
FIX: Correctly render title-less poll widgets (#10837)
`RawHtml` does not like receiving undefined values as `html`.
2020-10-06 19:27:03 +02:00
Arpit Jalan f4c7c7bff3
FEATURE: bulk remove tags (#10831)
https://meta.discourse.org/t/bulk-actions-remove-tags-in-addition-to-change-tags/52145
2020-10-06 22:41:55 +05:30
Dan Ungureanu 340d979357
FIX: Find noscript element with crawler content (#10834)
There can be more than one noscript element on a page (from various
plugins), but only the one with data-path attribute as set in
application.html.erb contains the crawler content.
2020-10-06 19:12:12 +03:00
Penar Musaraj e175c467cc
DEV: Do not render header in wizard preview when logo is missing (#10835)
This can happen if a plugin skips the logo step of the wizard.
2020-10-06 12:08:41 -04:00
Joffrey JAFFEUX c0350dc362
DEV: replaces unecessary (action (mut .*)) by (mut .*) (#10822) 2020-10-06 17:17:45 +02:00
Discourse Translator Bot 29a9ae1b50 Update translations 2020-10-06 15:43:13 +02:00
Jarek Radosz 5c3f1202cf
FIX: Handle poll titles when headings are present (#10832)
Poll markdown processing failed when there were any heading elements preceding a poll.

(Issue originally reported in babbebfb35 (commitcomment-42983768))
2020-10-06 13:24:38 +02:00
dependabot-preview[bot] e639472fdd Build(deps): Bump message_bus from 3.3.2 to 3.3.4
Bumps [message_bus](https://github.com/SamSaffron/message_bus) from 3.3.2 to 3.3.4.
- [Release notes](https://github.com/SamSaffron/message_bus/releases)
- [Changelog](https://github.com/discourse/message_bus/blob/master/CHANGELOG)
- [Commits](https://github.com/SamSaffron/message_bus/compare/v3.3.2...v3.3.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-10-06 09:59:54 +08:00
Penar Musaraj f7a464e52d
Bump discourse-fonts to 0.0.5 (#10829)
Should fix an issue with missing NotoSansJP .otf font files.
2020-10-06 12:53:29 +11:00
Penar Musaraj 4efbf8dc4f
Remove "further reading" step from wizard (#10825)
Instead, add link to top themes on meta in wizard's last step.
2020-10-05 15:06:05 -04:00
Robin Ward 00afd308c1 FIX: Escaped `mailto` URLs would raise an exception
This prevents exceptions from being raised if a URL has an invalid
component.
2020-10-05 14:42:44 -04:00
Robin Ward 39ad9a4734 REFACTOR: Support importing of `Pretender`
We shouldn't be using global variables for libraries.
2020-10-05 14:33:55 -04:00
Gerhard Schlager f30c5a5c3a REFACTOR: Removes double check of site setting in badge granter
...and uses `update!` because the result of `update` isn't used
2020-10-05 19:59:57 +02:00
Jarek Radosz 8e47532304
DEV: Add template linting to the CI workflow (#10821) 2020-10-05 19:52:39 +02:00
Robin Ward 4dec7d85d0 REFACTOR: Removes `Discourse.SiteSettings` constant from tests
This does not work in the Ember CLI world.
2020-10-05 13:52:13 -04:00
Penar Musaraj a4356b99af
FEATURE: Separate base and heading font site_settings (#10807)
Allows site administrators to pick different fonts for headings in the wizard and in their site settings. Also correctly displays the header logos in wizard previews.
2020-10-05 13:40:41 -04:00
Bianca Nenciu bdfb370f19
FIX: Disallow email invites if enable_local_logins is disabled (#10805)
allowEmails used to always be set to true and did not use
can_invite_via_email, which checks for enable_local_logins.

It was a problem because on sites with local logins
disabled users were allowed to enter email addresses, but
received a generic error "error inviting that user".
2020-10-05 19:38:22 +03:00
Bianca Nenciu 318efa8093
FIX: Always let moderators to see their group PMs (#10813)
When enable_personal_messages was disabled, moderators could not see
the private messages for the "moderators" group. The link was displayed
on the client side, but the checks on the server side did not allow it.
2020-10-05 19:38:08 +03:00
Robin Ward 969917c4a2 Hide large refactor commit from blame
It's mostly about moving tests from one place to another and needn't
pollute the git history.
2020-10-05 12:09:34 -04:00
Robin Ward 80a5482f28 Embedded topics are now unlisted by default
Previously this site setting `embed unlisted` defaulted to false and
empty topics would be generated for embed, but those topics tend to take
up a lot of room on the topic lists.

This new default creates invisible topics by default until they receive
their first reply.
2020-10-05 12:09:20 -04:00
Robin Ward 070fe7f45d FIX: Deprecated overwriting of computed property
We can set `hide` to true instead of overwriting the property on
dismiss.
2020-10-05 12:09:01 -04:00
Joffrey JAFFEUX e6821fbaae
DEV: fixes linting of hbs files in core plugins (#10820) 2020-10-05 14:42:36 +02:00
Jarek Radosz cf44cdb082
FIX: Validate category name on parent change (#10815)
Previously, moving a category into another one, that already had a child category of that name (but with a non-conflicting slug) would cause a 500 error:

```
# PG::UniqueViolation:
#   ERROR:  duplicate key value violates unique constraint "unique_index_categories_on_name"
#   DETAIL:  Key (COALESCE(parent_category_id, '-1'::integer), name)=(5662, Amazing Category 0) already exists.
```

It now returns 422, and shows the same message as when you're renaming a category: "Category Name has already been taken".
2020-10-05 11:50:05 +02:00
Joffrey JAFFEUX 702f7a5a67
FIX: makes dashboard periods use current day and weekly 7 days (#10817)
Prior to this fix, weekly could be 8 days and we could have differences between period chooser text and actual results in the chart.

A good followup to this PR would be to add custom date ranges in period-chooser component.
2020-10-05 10:32:12 +02:00
Jarek Radosz 4b5358bb42
FIX: Preload uploads in groups#search to stop N+1 (#10814)
`BasicGroupSerializer` includes `flair_url` which uses `flair_upload` relation, so the N in N+1 in this case was the number of groups with flair in the forum.
2020-10-05 10:22:55 +02:00