Commit Graph

53025 Commits

Author SHA1 Message Date
Penar Musaraj 974b3a2a6f
DEV: Do not require session confirmation for new users (#24799)
When making sensitive changes to an account (adding 2FA or passkeys), we
require users to confirm their password. This is to prevent an attacker
from adding 2FA to an account they have access to.

However, on newly created accounts, we should not require this, it's an
extra step and it doesn't provide extra security (since the account was
just created). This commit makes it so that we don't require session
confirmation for accounts created less than 5 minutes ago.
2024-02-15 12:29:16 -05:00
chapoi 292685d3de
UX: Chat browse redesign (#25698)
* UX: fix search input placeholder cutoff

* UX: use transparent button for new-channel

* UX: remove settings link

* UX: removed joined tag

* UX: increase lock icon size

* UX: use grid for channel card

* UX: chat-channel-card styling + cleanup

* UX: dont space about tabs on mobile

* specs

* PR feedback

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* PR feedback > translation

* Remove import

* UX: update copy

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-02-15 18:00:22 +01:00
dependabot[bot] 95bf1e1e9a
Build(deps): Bump logster from 2.17.1 to 2.18.0 (#25702)
Bumps [logster](https://github.com/discourse/logster) from 2.17.1 to 2.18.0.
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.17.1...v2.18.0)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-15 16:44:36 +00:00
Kris 9374baab93
UX: clean up some label and form inconsistencies, reduce excess bolding (#25701) 2024-02-15 11:27:51 -05:00
Osama Sayegh cfdb461e9a
PERF: Pass the `-ping` option to the `identify` ImageMagick command to speed it up (#25697)
The `-ping` option significantly speeds up the ImageMagick `identify` command per our testing and the [documentation](https://imagemagick.org/script/command-line-options.php#ping):

> -ping
Efficiently determine these image characteristics: image number, the file name, the width and height of the image, whether the image is colormapped or not, the number of colors in the image, the number of bytes in the image, the format of the image (JPEG, PNM, etc.). Use +ping to ensure accurate image properties.

We already pass the `-ping` option in other places where the `identify` command is used, so it makes sense to use the option everywhere.

Internal topic: t/121431.
2024-02-15 18:55:39 +03:00
chapoi 4deacc4aa8
UX: prevent groupname from wrapping (#25696) 2024-02-15 14:13:21 +01:00
Jarek Radosz 368551da2f
FIX: A regression in b797434 (#25694)
This resulted in showing the unread count on the "Latest" nav item on desktop.
2024-02-15 11:45:36 +01:00
dependabot[bot] cb8958f204
Build(deps): Bump rack-mini-profiler from 3.3.0 to 3.3.1 (#25693)
Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases)
- [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MiniProfiler/rack-mini-profiler/compare/v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: rack-mini-profiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-15 11:29:17 +01:00
Alan Guo Xiang Tan c30aeafd9d
DEV: Block all incoming requests before resetting Capybara session (#25692)
Why this change?

We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690
that ActiveRecord connection checkout timeouts are encountered because
the Capybara server thread is processing requests even after
`Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call.
The theory here is that an inflight request can still hit the Capybara
server even after `Capybara.reset_session!` has been called and end up
eating up an ActiveRecord connection for too long and also messing with
the database outside of a transaction.

What does this change do?

This change adds a `BlockRequestsMiddleware` middleware in the test
environment which is enabled to reject all incoming requests at the end
of each system test and before `Capybara.reset_session!` is called. At
the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
Sam 4346abe260
FEATURE: apply pinning to hot topic lists (#25690)
pinned topics should be pinned even on hot lists so it can be used as a
home page
2024-02-15 18:27:54 +11:00
Alan Guo Xiang Tan 55df52b56d
DEV: Skip consitently flaky tests on CI (#25689)
Why this change?

The tests are consistently flaky and failing with the following error:

```
CapybaraTimeoutExtension::CapybaraTimedOut:
  This spec passed, but capybara waited for the full wait duration (10s) at least once. This will slow down the test suite. Beware of negating the result of selenium's RSpec matchers.
```
2024-02-15 14:14:53 +08:00
Alan Guo Xiang Tan 796af077c5
DEV: Debug AR connection pool queue on CI (#25687)
Why this change?

On CI, we have been seeing flaky system tests because ActiveRecord is
unable to checkout a connection. This patch is meant to help us debug
which thread is not returning the connection to the queue.
2024-02-15 14:00:30 +08:00
Penar Musaraj c1577019c8
DEV: Add post_id parameter to reset_bump_date route (#25372)
This would allow a theme component (or an API call) to reset the bump
date of a topic to a given post's created_at date.

I picked `post_id` as the parameter here because it provides a bit of
extra protection against accidentally resetting the bump date to a date
that doesn't make sense.
2024-02-15 16:42:42 +11:00
Krzysztof Kotlarek 2b30cca0e4
DEV: bump Logster version to 2.17.1 (#25688) 2024-02-15 16:36:20 +11:00
Krzysztof Kotlarek 52777e2de4
FIX: Logster backlink config in production (#25685)
Bug introduced in this PR https://github.com/discourse/discourse/pull/25669

Config should apply to development and production modes, not just the development environment.
2024-02-15 13:48:36 +11:00
Krzysztof Kotlarek e61a2fc355
FEATURE: backlink to the site from Logster (#25669)
Configure the backlink to the site from Logster.
Related PR https://github.com/discourse/logster/pull/220
2024-02-15 10:26:30 +11:00
Isaac Janzen e54c07cf49
FIX: Make similar topics selectable (#25682)
I attempted to add a test for related topics, as they are untested. This was a massive challenge as related topics are only rendered after 
- a user has stopped typing
- there is a timeout after typing

Between system tests, acceptance tests, and stubbing requests, this was difficult. So here is the pr san test.
2024-02-14 16:01:30 -07:00
Kris 41cd01c83a
UX: fix group search result alignment and styles (#25681) 2024-02-14 17:51:44 -05:00
Alan Guo Xiang Tan a8b4d2e82c
DEV: Drop distributed mutex from`SidebarSiteSettingsBackfiller#backfill!` (#25674)
Why this change?

Backfilling can take a long time on a site with many users. As a
result, the `DistriburedMutex` will warn in the logs when the block takes
more than 60 seconds to complete. We can increase the lock validity but
the method is currently only called from a job which has a
`cluster_concurrency` set to `1`. Therefore, it is actually not
necessary for us to hold a `DistributedMutex` here.

What does this change do?

1. Removes the distributed mutex and adds a comment about the risk of
   calling the `SidebarSiteSettingsBackfiller#backfill!` method.a

2. Delete old sidebar category section links in batches for all users
   to avoid a single long running query.
2024-02-15 06:21:03 +08:00
Kris 52fb523bbb
UX: show the full mobile read-state indicator (#25678) 2024-02-14 15:52:02 -05:00
Blake Erickson bb261094cf
FEATURE: Auto generate and display video preview image (#25633)
This change will allow auto generated video thumbnails to be used
instead of the black video thumbnail that overlays videos.

Follow up to: 2443446e62
2024-02-14 13:43:53 -07:00
Andrei Prigorshnev e83d8fb3e2
FIX: Allow several chat channels to have an empty slug (#25680)
In certain cases, chat channels may have empty slugs, it happens when:

1. The `slug_generation_method` setting is set to `None`
2. `slug_generation_method` is set to `ASCII` and a channel with 
a Unicode name and an empty slug is created (in this case, the code 
that creates channels tries to generate a slug and fallbacks to an empty slug)

At the moment, we have a unique index on the `chat_channels.slug` column 
which leads to errors when creating several channels with empty slugs 
(Discourse is able to create one such channel, but when trying to create 
the second one fails because of the unique constraint). This PR fixes that 
by adding a `where` condition to the index. Slugs still have to be unique, 
but now many channels may have empty slugs.

This fix is similar to the one we made to the category slugs – 7ba914f1e1.
2024-02-15 00:39:39 +04:00
Keegan George 10b33bc601
DEV: API extra markup to image wrapper (#25575) 2024-02-14 12:20:53 -08:00
Shane Scanlon 53a198ad55
FIX: Hide timer info on topic status toggle (#25596)
Use topic.topic_status_update value to hide timer info after status
change.
2024-02-14 11:40:40 -05:00
Kris 2323f09eb0
A11Y: change composer role to dialog, improve aria-labels (#25666) 2024-02-14 11:09:54 -05:00
Ella E acca39036b
Update INSTALL-cloud.md screenshots and copy when landed on the forum homepage (#25671) 2024-02-14 07:31:44 -07:00
Ted Johansson 7522957aaa
FIX: Touch up illegal flag type translations (#25670)
When we launched the new illegal flag type, there were a few problems with the translations:

The translation for the message in the e-mail was missing and in the review queue, the message read: "Is this it's illegal?"

In this PR the missing translation key has been added. For the review queue there was a coupling of the name rendering to whether the flag is of "custom" type, but this is also used for deciding whether we render the textbox for additional details. I think these two things should not be coupled together. For now I have instead hard-coded the existing "custom" types when formatting the name. We can potentially improve this later.
2024-02-14 18:44:32 +08:00
David Taylor 915f7cdb27
FIX: Do not add `"tag-"` class to pages with no tag filter (#25677) 2024-02-14 10:24:02 +00:00
David Taylor 02177bb46d
UX: Add loading indicator to 'new or updated' PM banner (#25676)
Same as 9883e6a0c8, but for lists of PMs
2024-02-14 10:08:31 +00:00
Krzysztof Kotlarek c03d22f633
FIX: serialize can_ignore_users (#25672)
Bug introduced in this PR https://github.com/discourse/discourse/pull/25585/files#diff-55dea7dea5b8655da575a2f23156240686c956d081d36ea9976d38b29b72b5d2R130

`can_ignore_users` method was created but not added to attributes and therefore it was not serialized.
2024-02-14 15:17:19 +11:00
Tobias Eigen 709bed5d1c
removed broken link and comments from no_index.erb (#25648)
We intend to move guidance about how to configure robots.txt to the admin interface and a documentation topic on meta.
2024-02-14 12:09:24 +08:00
Jeff Wong cd99e20fd1
DEV: Add conflict resolution to migration min trust level for here mention to group (#25667) 2024-02-13 17:19:17 -08:00
Kris 037def8624
UX: clarify old dates with YYYY instead of 'YY (#25661)
* UX: clarify old dates with YYYY instead of 'YY

* update formatter test
2024-02-14 10:32:50 +11:00
Mark VanLandingham 4f75cee6d2
FIX: Don't unnecessarily scrub query params from homepage (#25665)
Seems like an accident that the homepage route will always strip all query params from the URL.. This fixes that :)
2024-02-13 14:50:27 -06:00
Daniel Waterworth d1ebca90ff
DEV: Convert sidebar edit navigation modal/categories modal to gjs (#25662) 2024-02-13 13:22:31 -06:00
Bianca Nenciu 9a6406d4bb
FIX: Preload user-specific category fields (#25663)
This is used when lazy_load_categories is enabled to fetch more info
about the category.
2024-02-13 20:00:44 +02:00
Ella E 1f50e7e38f
UX: Set width for the new feature items (#25657) 2024-02-13 10:17:17 -07:00
Kris faf0807b37
FIX: email category badges shouldn't use category text color (#25655) 2024-02-13 10:18:36 -05:00
Discourse Translator Bot 8eab06cb2f
Update translations (#25659) 2024-02-13 16:11:30 +01:00
David Taylor 061e79297f
DEV: Convert User model to native class syntax (#25628)
This commit was created with a combination of the ember-native-class-codemod and manual cleanup.

User-status-related functionality was previously encapsulated in its own `User.reopen` call, which is essentially an 'inline mixin'. This commit refactors it into a utility class, with an instance accessible on `User#statusManager`
2024-02-13 10:49:18 +00:00
David Taylor 9883e6a0c8
UX: Add loading indicator when loading 'new or updated topics' (#25649)
Also improves error handling so that the action can be retried if the network request fails
2024-02-13 10:41:22 +00:00
Joffrey JAFFEUX 06bbed69f9
DEV: allows a context when creating a message (#25647)
The service `Chat::CreateMessage` will now accept `context_post_ids` and `context_topic_id` as params. These values represent the topic which might be visible when sending a message (for now, this is only possible when using the drawer).

The `DiscourseEvent` `chat_message_created` will now have the following signature:

```ruby
on(:chat_message_created) do | message, channel, user, meta|
  p meta[:context][:post_ids]
end
```
2024-02-13 11:37:15 +01:00
chapoi 2bd0a8f432
UX: Onebox container sizing (#25658)
* UX: scope onebox container size to not images

* UX: increase max-width for onebox img
2024-02-13 10:06:29 +01:00
chapoi 7cd5d646d2
UX: set zindex of chat action menu higher (#25645) 2024-02-13 09:25:42 +01:00
David Battersby d7dd871d9f
FIX: quoted private topic url respects subfolder install (#25643)
Fixes an issue where private topics that are quoted have an incorrectly formatted url when using a subfolder install.

This update returns a relative url that includes the base_path rather than a combination of base_url + base_path.
2024-02-13 13:20:24 +08:00
David Battersby 85001a27e9
FIX: sort chat channels by slug (#25656)
Channels can include emojis in front of the channel title which causes problems when sorting.

Using the channel slug is a more reliable way to sort and avoid these kind of issues.
2024-02-13 12:59:46 +08:00
Krzysztof Kotlarek 949b5f3fa9
FIX: no reply as a new topic without permission (#25641)
`create topic allowed groups` site setting controls permission to create a new topic.

If a user cannot create a topic, a reply as a new topic button should not be visible as well.
2024-02-13 09:26:13 +11:00
Penar Musaraj 021a02c3d8
FIX: Webauthn origin was incorrect for subfolder setups (#25651) 2024-02-12 16:27:24 -05:00
dependabot[bot] 7eb1215cb1
Build(deps-dev): Bump @floating-ui/dom from 1.6.2 to 1.6.3 in /app/assets/javascripts (#25653)
* Build(deps-dev): Bump @floating-ui/dom in /app/assets/javascripts

Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.3/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-12 22:20:12 +01:00
Isaac Janzen 6acc203786
DEV: Only autocomplete search result when suggestion keyword present (#25652) 2024-02-12 13:54:03 -07:00