Commit Graph

39585 Commits

Author SHA1 Message Date
Robin Ward 4a8f5dbfbd REFACTOR: Remove `.erb` file from javascript tests
We can't use erb in Ember CLI (since it does not have Ruby) so this has
been ported to use our `javascript:update_constants` rake test instead.

Note we don't have to run this every time a notification type as it's
only used by fixtures to fill in some specific types we test against.
2020-10-08 18:36:09 -04:00
Robin Ward ef7d99b0a8 REFACTOR: Move test setup to a module
This is long overdue. We had a lot of (not linted) code to initialize
our test suite as part of the Ruby `test_helper.js` bundle.

This refactor moves that out to a `setup-tests` module, which imports
all the modules properly, rather than using `require`.

It also removes the global `server` variable which some tests were using
for pretender. Those tests are fixed, and in the case of widget tests,
support for a `pretend()` was added, which mimics our acceptance tests.

One problematic test was removed, which overwrites `/posts` - this could
break tons of other tests depending on order.
2020-10-08 15:11:51 -04:00
Penar Musaraj 5130b4d674
Ignore disabled out-of-date remote themes (#10870)
No need to alert in admin dashboard about out of date remote themes
that are disabled.
2020-10-08 13:48:16 -04:00
David Taylor e47b847ac2
FIX: Use scope name when serializing UserApiKeys (#10871)
This issue was introduced in 1ba9b34b03, when the scopes were changed from an array of strings to a dedicated table
2020-10-08 18:12:24 +01:00
dependabot-preview[bot] 68524f72aa Build(deps): Bump rubocop from 0.92.0 to 0.93.0
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.92.0 to 0.93.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.92.0...v0.93.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-10-08 12:49:06 -04:00
Joffrey JAFFEUX 8520096043
FIX: ensures insert hyperlink works with mailto (#10867)
The prefixing logic is moved into a `prefixProtocol` function in lib:url.

This commit also renames an incorrectly named test and uses https as default instead of http, in 2020 it's reasonable to think we most likely want https and not http. User can still specify http if required.
2020-10-08 13:16:07 +02:00
Joffrey JAFFEUX c3e8bc0280
FIX: ensures category chooser is working with non english char (#10866)
This commit is also moving one test to a component test.

A followup to this commit would be to ensure every dropdowns are using a regex instead of the normalize/lowercase system we have now.
2020-10-08 13:10:09 +02:00
Martin Brennan f63da1c146
FIX: Confirm new email not sent for staff if email disabled with "non-staff" option (#10794)
See https://meta.discourse.org/t/email-address-change-confirmation-email-not-sent-but-every-other-notification-emails-are/165358

In short: with disable emails set to non-staff, email address change confirmation emails (those sent to the new address) are not sent for staff or admin members.

This was happening because we were looking up the staff user with the to_address of the email, but the to address was the new email address because we are sending a confirm email change email, and thus the user could not be found. We didn't need to do this anyway because we are passing the user into the Email::Sender class anyway.
2020-10-08 13:52:17 +10:00
Sam Saffron cd3254e170 DEV: remove legacy code
This code is a no-op on all sites, even though it looks rather dangerous
this migration has long run prior to people trying exploit it.

That said ... hygiene here ... is not good.

Remove this legacy, we do not want it, even in historical migrations.
2020-10-08 10:53:07 +08:00
Guo Xiang Tan 2607bb602e Fix broken spec.
Follow-up to 3c678df942
2020-10-08 10:52:46 +08:00
Guo Xiang Tan cabbc32024 FIX: Scheduled jobs not showing up in /sidekiq/schedule in dev. 2020-10-08 10:24:51 +08:00
Sam 3c678df942
PERF: avoid lookbehinds when indexing search (#10862)
* PERF: avoid lookbehinds when indexing search

Previously we used a `EmailCook.url_regexp` this regex used lookbehinds

Unfortunately certain strings could lead to pathological behavior causing
CPU to skyrocket and regex replace to take a very very long time.

EmailCook still needs a fix, but it is less urgent cause it already splits
to single lines. That said we will correct that as well in a seperate PR.

New implementation is far more naive and relies on the extra spaces search
indexer inserts.
2020-10-08 11:40:13 +11:00
jbrw a1918801a4
FIX - downcase strings consistently (#10861)
ruby and postgres can treat certain characters differently when downcasing them. So do all the downcasing in ruby so that we get consistent results.
2020-10-08 11:28:07 +11:00
Gerhard Schlager bdbee36961 DEV: Fix typo 2020-10-07 23:43:11 +02:00
Penar Musaraj 40460fa00a
FIX: missing SVG mask asset in wizard (#10856)
The dark-mode-friendly SVG mask for the wizard's background image
introduced in 8fcfb9586c does not work with
CDNs, because CORS restrictions apply to SVG masks.

It would be complicated to modify CDN access origin rules for this one
specific assets, so instead, this PR moves the contents of the SVG file
inside the stylesheet.
2020-10-07 16:23:14 -04:00
Robin Ward cee80b0e44 FIX: Group Requests loading was broken
We were referencing the wrong property, which meant the footer was
always being hidden and we were trying to load more requests when we'd
already loaded them all.

see:
https://meta.discourse.org/t/constant-loading-on-group-membership-request-tab/166284
2020-10-07 14:54:17 -04:00
Penar Musaraj ddd6c990f6
FIX: Respect show_category_definitions_in_topic_lists in category lists (#10853)
When that site setting is enabled, the category counts (new/unread)
include the subcategory definition topics, but the topics aren't included
in the list. This fixes that discrepancy.
2020-10-07 14:19:48 -04:00
Robin Ward 3e8561daaf REFACTOR: Some qunit `module` imports were missing
These are tricky because `module.exports` is used by nodejs files as a
global, which is OK. But we don't want to allow `module` in JS tests
for qunit without importing it first.
2020-10-07 13:25:25 -04:00
Penar Musaraj 2ad7d98990
FIX: Include topics from subcategories in tracked list (#10850) 2020-10-07 12:15:28 -04:00
David Taylor 16daf3c986
FIX: Compare Jobs::UserEmail type argument as string (#10851)
In specs, symbols are passed through correctly. But in production, all arguments are provided to jobs as strings.

Followup to c0293339b8
2020-10-07 16:55:32 +01:00
Robin Ward 71d37953d5 REFACTOR: Import `QUnit` and related helpers rather than globals
We used many global functions to handle tests when they should be
imported like other libraries in our application. This also gets us
closer to the way Ember CLI prefers our tests to be laid out.
2020-10-07 11:50:49 -04:00
David Taylor c0293339b8
PERF: Do not enqueue digest emails when attempted recently (#10849)
Previously, Jobs::EnqueueDigestEmails would enqueue a digest job for every user, even if there are no topics to send. The digest job would exit, no email would send, and last_emailed_at would not change. 30 minutes later, Jobs::EnqueueDigestEmails would run again and re-enqueue jobs for the same users.

120fa8ad introduced a temporary mitigation for this issue, by randomly selecting a subset of those users each time.

This commit adds a new `digest_attempted_at` column to the `user_stats` table. This column is updated every time a digest job completes for a user. Using this, we can avoid scheduling digest jobs for the same user every 30 minutes. This also removes the random user selection in 120fa8ad, and instead prioritizes users who had digests attempted the longest time ago.
2020-10-07 15:30:38 +01:00
dependabot-preview[bot] 68d4b92bba
Build(deps-dev): Bump rspec-html-matchers from 0.9.2 to 0.9.4 (#10842)
Bumps [rspec-html-matchers](https://github.com/kucaahbe/rspec-html-matchers) from 0.9.2 to 0.9.4.
- [Release notes](https://github.com/kucaahbe/rspec-html-matchers/releases)
- [Changelog](https://github.com/kucaahbe/rspec-html-matchers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucaahbe/rspec-html-matchers/compare/v0.9.2...v0.9.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-07 15:51:10 +02:00
Joffrey JAFFEUX 82031aaf16
DEV: makes discourse-styleguide core (styleguide) (#10847)
This plugin is only useful for developers, however, making it core allows us to centralize any component modification in one commit.

This integration also adds a new site_setting: `styleguide_admin_only` which allows to enable a styleguide on a live site while restricting visibility to admins only.

By default, styleguide is disabled.
2020-10-07 14:48:38 +02:00
Dan Ungureanu 9c0892c47c
FIX: Use getAttribute instead of dataset (#10848)
IE10 does not have dataset field.
2020-10-07 13:49:19 +03:00
Sam 120fa8ad2f
PERF: Introduce absolute limit of digests per 30 minutes (#10845)
To avoid blocking the sidekiq queue a limit of 10,000 digests per 30 minutes
is introduced.

This acts as a safety measure that makes sure we don't keep pouring oil on
a fire.

On multisites it is recommended to set the number way lower so sites do not
dominate the backlog. A reasonable default for multisites may be 100-500.

This can be controlled with the environment var

DISCOURSE_MAX_DIGESTS_ENQUEUED_PER_30_MINS_PER_SITE
2020-10-07 17:30:15 +11:00
Martin Brennan 6e2be3e60b
FIX: When admin changes an email for the user the user must confirm the change (#10830)
See https://meta.discourse.org/t/changing-a-users-email/164512 for additional context.

Previously when an admin user changed a user's email we assumed that they would need a password reset too because they likely did not have access to their account. This proved to be incorrect, as there are other reasons a user needs admin to change their email. This PR:

* Changes the admin change email for user flow so the user is sent an email to confirm the change
* We now record who the email change request was requested by
* If the requested by user is admin and not the user we note this in the email sent to the user
* We also make the confirm change email route open to anonymous users, so it can be clicked by the user even if they do not have access to their account. If there is a logged in user we make sure the confirmation matches the current user.
2020-10-07 13:02:24 +10:00
dependabot-preview[bot] 3303b7f9d0 Build(deps): Bump parser from 2.7.1.5 to 2.7.2.0
Bumps [parser](https://github.com/whitequark/parser) from 2.7.1.5 to 2.7.2.0.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v2.7.1.5...v2.7.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-10-07 08:38:18 +08:00
Kane York 68e87bb58e
User export: profile as json, export auth token logs (#10819)
* FEATURE: Export the entire user profile as json, not just bio/website

* FEATURE: Add session log information to user export

Even though the columns are named 'auth_token' etc, the content is not actually usable to log into the forum with. Despite all that, it is still truncated for export, to avoid any 'token hash cracking' situations.
2020-10-06 15:51:53 -07:00
Joffrey JAFFEUX 7b34433fc2
REVERT: revert change from action + mut to mut (#10844)
* Revert "FIX: fixes regression where wizard dropdown couldn't update (#10838)"

This reverts commit e3b2fc6074.

* Revert "DEV: replaces unecessary (action (mut .*)) by (mut .*) (#10822)"

This reverts commit c0350dc362.
2020-10-06 23:50:05 +02:00
Roman Rizzi a8c47e7c7f
SECURITY: Ensure users can see the topic before setting a topic timer. (#10841) 2020-10-06 16:49:06 -03:00
Joffrey JAFFEUX e3b2fc6074
FIX: fixes regression where wizard dropdown couldn't update (#10838) 2020-10-06 13:33:37 -04:00
Jarek Radosz 34c99da205
FIX: Correctly render title-less poll widgets (#10837)
`RawHtml` does not like receiving undefined values as `html`.
2020-10-06 19:27:03 +02:00
Arpit Jalan f4c7c7bff3
FEATURE: bulk remove tags (#10831)
https://meta.discourse.org/t/bulk-actions-remove-tags-in-addition-to-change-tags/52145
2020-10-06 22:41:55 +05:30
Dan Ungureanu 340d979357
FIX: Find noscript element with crawler content (#10834)
There can be more than one noscript element on a page (from various
plugins), but only the one with data-path attribute as set in
application.html.erb contains the crawler content.
2020-10-06 19:12:12 +03:00
Penar Musaraj e175c467cc
DEV: Do not render header in wizard preview when logo is missing (#10835)
This can happen if a plugin skips the logo step of the wizard.
2020-10-06 12:08:41 -04:00
Joffrey JAFFEUX c0350dc362
DEV: replaces unecessary (action (mut .*)) by (mut .*) (#10822) 2020-10-06 17:17:45 +02:00
Discourse Translator Bot 29a9ae1b50 Update translations 2020-10-06 15:43:13 +02:00
Jarek Radosz 5c3f1202cf
FIX: Handle poll titles when headings are present (#10832)
Poll markdown processing failed when there were any heading elements preceding a poll.

(Issue originally reported in babbebfb35 (commitcomment-42983768))
2020-10-06 13:24:38 +02:00
dependabot-preview[bot] e639472fdd Build(deps): Bump message_bus from 3.3.2 to 3.3.4
Bumps [message_bus](https://github.com/SamSaffron/message_bus) from 3.3.2 to 3.3.4.
- [Release notes](https://github.com/SamSaffron/message_bus/releases)
- [Changelog](https://github.com/discourse/message_bus/blob/master/CHANGELOG)
- [Commits](https://github.com/SamSaffron/message_bus/compare/v3.3.2...v3.3.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-10-06 09:59:54 +08:00
Penar Musaraj f7a464e52d
Bump discourse-fonts to 0.0.5 (#10829)
Should fix an issue with missing NotoSansJP .otf font files.
2020-10-06 12:53:29 +11:00
Penar Musaraj 4efbf8dc4f
Remove "further reading" step from wizard (#10825)
Instead, add link to top themes on meta in wizard's last step.
2020-10-05 15:06:05 -04:00
Robin Ward 00afd308c1 FIX: Escaped `mailto` URLs would raise an exception
This prevents exceptions from being raised if a URL has an invalid
component.
2020-10-05 14:42:44 -04:00
Robin Ward 39ad9a4734 REFACTOR: Support importing of `Pretender`
We shouldn't be using global variables for libraries.
2020-10-05 14:33:55 -04:00
Gerhard Schlager f30c5a5c3a REFACTOR: Removes double check of site setting in badge granter
...and uses `update!` because the result of `update` isn't used
2020-10-05 19:59:57 +02:00
Jarek Radosz 8e47532304
DEV: Add template linting to the CI workflow (#10821) 2020-10-05 19:52:39 +02:00
Robin Ward 4dec7d85d0 REFACTOR: Removes `Discourse.SiteSettings` constant from tests
This does not work in the Ember CLI world.
2020-10-05 13:52:13 -04:00
Penar Musaraj a4356b99af
FEATURE: Separate base and heading font site_settings (#10807)
Allows site administrators to pick different fonts for headings in the wizard and in their site settings. Also correctly displays the header logos in wizard previews.
2020-10-05 13:40:41 -04:00
Bianca Nenciu bdfb370f19
FIX: Disallow email invites if enable_local_logins is disabled (#10805)
allowEmails used to always be set to true and did not use
can_invite_via_email, which checks for enable_local_logins.

It was a problem because on sites with local logins
disabled users were allowed to enter email addresses, but
received a generic error "error inviting that user".
2020-10-05 19:38:22 +03:00
Bianca Nenciu 318efa8093
FIX: Always let moderators to see their group PMs (#10813)
When enable_personal_messages was disabled, moderators could not see
the private messages for the "moderators" group. The link was displayed
on the client side, but the checks on the server side did not allow it.
2020-10-05 19:38:08 +03:00