Commit Graph

2780 Commits

Author SHA1 Message Date
Osama Sayegh 7bd3986b21
FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131)
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
Penar Musaraj d99deaf1ab
FEATURE: show recent searches in quick search panel (#15024) 2021-11-25 15:44:15 -05:00
janzenisaac 8c7cc426b7
FEATURE: Notify responders of post removal (#15049)
- Notify users whose posts were cascade deleted due to a flagged post
2021-11-24 09:28:20 -06:00
Bianca Nenciu 3ea8937157
FEATURE: Add email normalization rules setting (#14593)
When this setting is turned on, it will check that normalized emails
are unique. Normalized emails are emails without any dots or plus
aliases.

This setting can be used to block use of aliases of the same email
address.
2021-11-24 11:30:06 +02:00
Bianca Nenciu 73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Arpit Jalan 34354353ff
Update email deliverability mail template (#15064) 2021-11-23 18:07:36 +05:30
Martin Brennan fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Martin Brennan f52e1258f7
DEV: mutlipart -> multipart spelling fix (#14963) 2021-11-16 13:58:33 +10:00
tshenry 5467bfb7d6
Remove Internet Explorer reference (#14879)
Discourse no longer supports Internet Explorer, so we can remove the IE-specific warning in this site setting description.
2021-11-11 09:10:20 +08:00
Leonardo Mosquera b1dc0dc944
Small copy fixes (#14826)
* FIX: small copy fix for embedding.sample

* FIX: improve copy for site_description and short_site_description

As part of the setup wizard, improve the description of these two
strings to add context on where they will be used, so that it is
clearer how to write each one.

Meta discussion: https://meta.discourse.org/t/unclear-double-question-in-setup-wizard/208344/
2021-11-08 09:32:44 +08:00
Jean 8d73730c44
FEATURE: Add setting to disable notifications for topic tags edits (#14794) 2021-11-02 13:53:21 -04:00
Vinoth Kannan c62242c6b3
FIX: should not receive topic invites from ignored users. (#14746)
Previously, ignored users can send notifications by inviting the ignorer to topics or PMs.
2021-10-28 21:03:00 +05:30
Joshua Rosenfeld 61a7fbdd9e
FIX: Correct site setting name (#14686) 2021-10-21 16:32:27 -04:00
Simon Cossar 7eea58ca9e
Update copy of the max_new_accounts_per_registration_ip description to indicate that the setting can be disabled (#14687) 2021-10-21 13:15:04 -07:00
Jean 6275658e3d
FEATURE: Add setting to disable notifications for topic category edits (#14632) 2021-10-18 09:04:01 -04:00
Bianca Nenciu c4843fc1c1
FEATURE: Allow admins to permanently delete posts and topics (#14406)
Sometimes administrators want to permanently delete posts and topics
from the database. To make sure that this is done for a good reasons,
administrators can do this only after one minute has passed since the
post was deleted or immediately if another administrator does it.
2021-10-13 12:53:23 +03:00
Roman Rizzi 7bc7e1aceb
FIX: update translation key to match flag reason. (#14573)
The refactor introduced in https://github.com/discourse/discourse/pull/14475 made this visible. Adds a safeguard to make sure translation is present before trying to linkify backticks.
2021-10-11 10:24:41 -03:00
Roman Rizzi 9f3b82eeb2
DEV: Move settings to linkify to the serializer code. (#14553)
We aren't translating these settings, so it makes more sense to move them into the code. I added an instance method so plugins can add mappings for custom reasons.
2021-10-07 12:41:57 -03:00
Roman Rizzi e5c257e5b5
FIX: Reenable global setting HTML support. (#14521) 2021-10-05 16:25:41 -03:00
Roman Rizzi 437410e269
UX: Global notice no longer accepts HTML. (#14515) 2021-10-05 10:34:26 -03:00
Meghna 1552d06008
UX: capitalize unsubscribed email locale (#14512)
https://meta.discourse.org/t/unsubscribed-description-text-needs-a-capital-letter/205239
2021-10-05 17:13:22 +05:30
Roman Rizzi a9d20610d4
FIX: Make score's reason link building more explicit (#14475)
We relied on backticks to identify and replace site setting names with links. Unfortunately, some translations don't follow this convention, breaking this feature.

Additionally, this lets us linkify `category settings` and `watched words` without using HTML in the translations.

You may notice that I split the texts we want to linkify into two groups. I did this on purpose to emphasize those that should be translated (regular_links) from those who don't (site_settings_link). If you can think of a better solution, I'm open to suggestions.
2021-10-04 16:55:09 -03:00
Andrei Prigorshnev 149e869c22
FEATURE: make username suggester suggest `user1`, `user2` etc. for input that contains invalid characters only (#14179)
We were suggesting 111, 1111, 1112 before.

See the discussion on Meta – https://meta.discourse.org/t/curious-account-creation-behaviour/199970/14.
2021-10-04 16:47:55 +04:00
Joffrey JAFFEUX dd091fbf36
FEATURE: enables fast edit by default (#14417) 2021-09-22 10:15:17 +02:00
Martin Brennan dba6a5eabf
FEATURE: Humanize file size error messages (#14398)
The file size error messages for max_image_size_kb and
max_attachment_size_kb are shown to the user in the KB
format, regardless of how large the limit is. Since we
are going to support uploading much larger files soon,
this KB-based limit soon becomes unfriendly to the end
user.

For example, if the max attachment size is set to 512000
KB, this is what the user sees:

> Sorry, the file you are trying to upload is too big (maximum
size is 512000KB)

This makes the user do math. In almost all file explorers that
a regular user would be familiar width, the file size is shown
in a format based on the maximum increment (e.g. KB, MB, GB).

This commit changes the behaviour to output a humanized file size
instead of the raw KB. For the above example, it would now say:

> Sorry, the file you are trying to upload is too big (maximum
size is 512 MB)

This humanization also handles decimals, e.g. 1536KB = 1.5 MB
2021-09-22 07:59:45 +10:00
Martin Brennan 0c42a1e5f3
FEATURE: Topic-level bookmarks (#14353)
Allows creating a bookmark with the `for_topic` flag introduced in d1d2298a4c set to true. This happens when clicking on the Bookmark button in the topic footer when no other posts are bookmarked. In a later PR, when clicking on these topic-level bookmarks the user will be taken to the last unread post in the topic, not the OP. Only the OP can have a topic level bookmark, and users can also make a post-level bookmark on the OP of the topic.

I had to do some pretty heavy refactors because most of the bookmark code in the JS topics controller was centred around instances of Post JS models, but the topic level bookmark is not centred around a post. Some refactors were just for readability as well.

Also removes some missed reminderType code from the purge in 41e19adb0d
2021-09-21 08:45:47 +10:00
Penar Musaraj ab9c63e4ee
UX: Optionally show a "Summarize" button in topic timeline (#13533) 2021-09-16 15:15:00 -04:00
Arpit Jalan d5424161f8
FIX: add locales for group mention PM variants (#14358) 2021-09-16 23:07:45 +05:30
Andrei Prigorshnev 477bbc372e
FEATURE: improve blank page syndrome on the user activity pages (#14311)
This improves blank page syndrome on the next pages:
* activity
* activity/replies
* activity/drafts
* activity/likes-given
2021-09-16 21:35:34 +04:00
Joffrey JAFFEUX b83868bfb0
FEATURE: experimental fast edit (#14340)
Fast edit allows you to quickly edit a typo in a post, this is experimental ATM and behind a site setting: `enable_fast_edit` (default false)
2021-09-15 17:10:30 +02:00
Martin Brennan 22208836c5
DEV: Ignore bookmarks.topic_id column and remove references to it in code (#14289)
We don't need no stinkin' denormalization! This commit ignores
the topic_id column on bookmarks, to be deleted at a later date.
We don't really need this column and it's better to rely on the
post.topic_id as the canonical topic_id for bookmarks, then we
don't need to remember to update both columns if the bookmarked
post moves to another topic.
2021-09-15 10:16:54 +10:00
Jean 34ff7bfeeb
FEATURE: Hide suspended users from site-wide search to regular users (#14245) 2021-09-06 09:59:35 -04:00
Penar Musaraj 85b8fea262
UX: Add Styling step to wizard (#14132)
Refactors three wizard steps (colors, fonts, homepage style) into one new step called Styling.
2021-08-25 17:10:12 -04:00
Martin Brennan d295a16dab
FEATURE: Uppy direct S3 multipart uploads in composer (#14051)
This pull request introduces the endpoints required, and the JavaScript functionality in the `ComposerUppyUpload` mixin, for direct S3 multipart uploads. There are four new endpoints in the uploads controller:

* `create-multipart.json` - Creates the multipart upload in S3 along with an `ExternalUploadStub` record, storing information about the file in the same way as `generate-presigned-put.json` does for regular direct S3 uploads
* `batch-presign-multipart-parts.json` - Takes a list of part numbers and the unique identifier for an `ExternalUploadStub` record, and generates the presigned URLs for those parts if the multipart upload still exists and if the user has permission to access that upload
* `complete-multipart.json` - Completes the multipart upload in S3. Needs the full list of part numbers and their associated ETags which are returned when the part is uploaded to the presigned URL above. Only works if the user has permission to access the associated `ExternalUploadStub` record and the multipart upload still exists.

  After we confirm the upload is complete in S3, we go through the regular `UploadCreator` flow, the same as `complete-external-upload.json`, and promote the temporary upload S3 into a full `Upload` record, moving it to its final destination.
* `abort-multipart.json` - Aborts the multipart upload on S3 and destroys the `ExternalUploadStub` record if the user has permission to access that upload.

Also added are a few new columns to `ExternalUploadStub`:

* multipart - Whether or not this is a multipart upload
* external_upload_identifier - The "upload ID" for an S3 multipart upload
* filesize - The size of the file when the `create-multipart.json` or `generate-presigned-put.json` is called. This is used for validation.

When the user completes a direct S3 upload, either regular or multipart, we take the `filesize` that was captured when the `ExternalUploadStub` was first created and compare it with the final `Content-Length` size of the file where it is stored in S3. Then, if the two do not match, we throw an error, delete the file on S3, and ban the user from uploading files for N (default 5) minutes. This would only happen if the user uploads a different file than what they first specified, or in the case of multipart uploads uploaded larger chunks than needed. This is done to prevent abuse of S3 storage by bad actors.

Also included in this PR is an update to vendor/uppy.js. This has been built locally from the latest uppy source at d613b849a6. This must be done so that I can get my multipart upload changes into Discourse. When the Uppy team cuts a proper release, we can bump the package.json versions instead.
2021-08-25 08:46:54 +10:00
Kris fdc9de3443
minor wording fix for get a room message (#14130) 2021-08-24 15:53:35 -04:00
Bianca Nenciu ff367e22fb
FEATURE: Make allow_uploaded_avatars accept TL (#14091)
This gives admins more control over who can upload custom profile
pictures.
2021-08-24 10:46:28 +03:00
Kris bde6f7e9b0
UX: Update "get a room" composer message (#14104) 2021-08-23 18:34:23 -04:00
David Taylor 46dc189850 DEV: Improve robustness of associate_accounts_controller
This handles a few edge cases which are extremely rare (due to the UI layout), but still technically possible:

- Ensure users are authenticated before attempting association.

- Add a message and logic for when a user already has an association for a given auth provider.
2021-08-10 15:07:40 +01:00
Andrei Prigorshnev 09ad3ed41d
FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970)
This reverts a part of changes introduced by https://github.com/discourse/discourse/pull/13947

In that PR I:
1. Disallowed topic feature links for TL-0 users
2. Additionally, disallowed just putting any URL in topic titles for TL-0 users

Actually, we don't need the second part. It introduced unnecessary complexity for no good reason. In fact, it tries to do the job that anti-spam plugins (like Akismet plugin) should be doing.

This PR reverts this second change.
2021-08-06 20:07:42 +04:00
Andrei Prigorshnev 0c0a11b66a
FEATURE: Disallow putting urls in the title for TL-0 users (#13947)
This disallows putting URLs in topic titles for TL0 users, which means that:

If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings)
Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users
TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected.

Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 13:38:39 +04:00
Bianca Nenciu e2c415457c
FEATURE: Attach backup log as upload (#13849)
Discourse automatically sends a private message after backup or
restore finished. The private message used to contain the log inline
even when it was very long. A very long log can create issues because
the length of the post will be over the maximum allowed length of a
post. When that happens, Discourse will try to create an upload with
the logs. If that fails, it will trim the log and inline it.
2021-08-03 20:06:50 +03:00
Martin Brennan b500949ef6
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)
This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads`  settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader.

A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. 

### Starting a direct S3 upload

When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded.

Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage.

### Completing a direct S3 upload

Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`.

1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this.

2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues.

    We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large.

3. Finally we return the serialized upload record back to the client

There are several errors that could happen that are handled by `UploadsController` as well.

Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-28 08:42:25 +10:00
Bianca Nenciu 18c32a809b
FIX: Validate email_accent_bg_color color (#13778)
Using an invalid value was allowed. This commit tries to automatically
fix the color by adding missing # symbol or will show an error to the
user if it is not possible and it is not a CSS color either.
2021-07-22 17:42:47 +03:00
Régis Hanol da81cfe317
Fixed a typo in the 'same_site_cookies' site setting description (#13809) 2021-07-21 17:21:04 +02:00
Kris 5f6b9e36ed
UX: New text and style for dominating topic message (#13789) 2021-07-20 13:58:38 -04:00
Andrei Prigorshnev 1a8c949900
UX: suspend forever time period messages (#13776)
When the Forever option is selected for suspending a user, the user is suspended for 1000 years. Without customizing the site’s text, this time period is displayed to the user in the suspension email that is sent to the user, and if the user attempts to log back into the site. Telling someone that they have been suspended for 1000 years seems likely to come across as a bad attempt at humour.

This PR special case messages when a user suspended or silenced forever.
2021-07-20 14:42:08 +04:00
Martin Brennan 0dadd61d27
FIX: Change email from to not have via site_name for group SMTP (#13788)
We now use the group's full name in group SMTP emails, so we are dropping the via #{site_name}. If group owners still want this they can just change the full name of the group.
2021-07-20 11:56:04 +10:00
Michael Brown 5f7e60d9dc discourse/discourse change from 'master' to 'main' 2021-07-19 11:46:15 -04:00
Gerhard Schlager ec9a2a04f3
Fix i18n issues reported on Crowdin (#13769)
* Removes unused strings
* Clarifies some of the strings
* Fixes typos

@discourse-translator-bot keep_translations_and_approvals
2021-07-19 09:30:48 +08:00
Neil Lalonde b0f06b8ed0
FIX: don't allow category and tag tracking settings on staged users (#13688)
Configuring staged users to watch categories and tags is a way to sign
them up to get many emails. These emails may be unwanted and get marked
as spam, hurting the site's email deliverability.
Users can opt-in to email notifications by logging on to their
account and configuring their own preferences.

If staff need to be able to configure these preferences on behalf of
staged users, the "allow changing staged user tracking" site setting
can be enabled. Default is to not allow it.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-07-16 14:50:40 -04:00
Rafael dos Santos Silva 216dc99f18
FIX: Media optimization setting was misnamed (#13766) 2021-07-16 15:13:16 -03:00
David Taylor 50b3d7708e DEV: Update discourse_connect_overrides_ setting copy 2021-07-16 16:19:09 +01:00
Osama Sayegh 31aa701518
FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571)
Currently when bulk-awarding a badge that can be granted multiple times, users in the CSV file are granted the badge once no matter how many times they're listed in the file and only if they don't have the badge already.

This PR adds a new option to the Badge Bulk Award feature so that it's possible to grant users a badge even if they already have the badge and as many times as they appear in the CSV file.
2021-07-15 05:53:26 +03:00
Guhyoun Nam 0dc96ce817
FEATURE: Setting to allow moderators to change post ownership (#13708) 2021-07-13 09:40:11 -05:00
Bianca Nenciu 21cf1b78da
FIX: Various translation string fixes (#13715)
Make small action post description a correct sentence. Replace true and
false in site settings description with enabled and disabled.
2021-07-13 12:52:13 +03:00
Jeff Wong d87a0216bb
FEATURE: Penalty history improvements (#13359)
* FEATURE: add penalty history when silencing a user

Display penalty history (last 6 months) when silencing/suspending a user

* FEATURE: allow default penalty values to be chosen

Adds a site setting that designates default penalty values in hours.

Silence/suspend modals will auto-fill in the default values, but otherwise
will still allow moderators to pick and overwrite values as normal.

First silence/suspend: first value
Second silence/suspend: second value
etc.

Penalty counts are forgiven at the same rate as tl3 promotion requirements do.

Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2021-07-12 11:36:56 -07:00
Bianca Nenciu 3ef44bd134
FIX: Various translation string fixes (#13681)
Do not use banner as a verb, remove unused translation strings and
fix wrong name of plural key.
2021-07-09 16:35:24 +03:00
David Taylor 04db58fbd8
UX: Translate the action type in watched words regex error (#13680)
Previously we were using the untranslated key from the code
2021-07-09 14:34:08 +01:00
Dan Ungureanu 34387c5a38
FEATURE: Warn if invited user cannot see topic (#13548)
Users can invite people to topics from secured category, but they will
not be redirected to the topic after signing up unless they have the
permissions to view the topic. This commit shows a warning when invite
is saved if the topic is in a secured category and none of the invite
groups are allowed to see it.
2021-07-06 12:49:26 +03:00
Martin Brennan 0f688f45bd
FIX: Handle edge cases for group SMTP email job (#13631)
Skip group SMTP email (and add log) if:

* topic is deleted
* post is deleted
* smtp has been disabled for the group

Skip without log if:

* enable_smtp site setting is false
* disable_emails site setting is yes

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-07-05 14:56:32 +10:00
mintsaxon 7d0d13c32e FEATURE: add slow_mode_prevents_editing setting..
..as per https://meta.discourse.org/t/slow-mode-for-a-category/179574/16
2021-06-28 13:08:10 -04:00
Martin Brennan d3e27cabf6
FIX: Improve participant display in group SMTP emails (#13539)
This PR makes several changes to the group SMTP email contents to make it look more like a support inbox message.

* Remove the context posts, they only add clutter to the email and replies
* Display email addresses of staged users instead of odd generated usernames
* Add a "please reply above this line" message to sent emails
2021-06-28 10:42:06 +10:00
Roman Rizzi 2c918a3161
FEATURE: Staff can receive pending user reminders more frequently. (#13422)
* FEATURE: Staff can receive pending user reminders more frequently.

We now express the "pending_users_reminder_delay"  in minutes instead of hours so staff can have finer control over the delay.

We need to keep in mind that the reminders could still take up to 20 minutes, even when using a lower value. We send them from a scheduled job.

* Migrate to a new site setting for the reminders delay
2021-06-24 10:02:56 -03:00
Rafael dos Santos Silva fa4a462517
FEATURE: Optimize images before upload (#13432)
Integrates [mozJPEG](https://github.com/mozilla/mozjpeg) and [Resize](https://github.com/PistonDevelopers/resize) using WebAssembly to optimize user uploads in the composer on the client-side.

NPM libraries are sourced from our [Squoosh fork](https://github.com/discourse/squoosh/tree/discourse), which was needed because we have an older asset pipeline.
2021-06-23 12:31:12 -03:00
Bianca Nenciu ee87d8c93b
FEATURE: Make max number of favorite configurable (#13480)
It used to be hardcoded to 2 and now it uses max_favorite_badges site
setting. When zero, it disables favorite badges.
2021-06-22 18:58:03 +03:00
Gerhard Schlager fa470cf6fe
Fix i18n issues reported on Crowdin (#13191)
* Pluralize `js.topics.bulk.dismiss_new_with_selected`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-fr#57320

* Pluralize `js.topics.bulk.dismiss_read_with_selected`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-fr#57316

* Pluralize `js.topics.bulk.dismiss_button_with_selected`

* Replaces concatenated string used by `js.topic.suggest_create_topic`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-fr#41834

* Less confusing `admin_js.admin.watched_words.test.modal_title`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-sv#44992

* Delete unused `backup.location.*` keys
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-fr#46330

* Replace "reviewable" with "reviewable items"
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-fr#56952

* Remove "ago" from `emails.incoming.missing_attachment`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-sv#46038

* Remove "/Posts" from `js.keyboard_shortcuts_help.application.dismiss_new_posts`
  Because the shortcut doesn't do anything to posts anymore.
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-de#43180

* Pluralize `user.cannot_delete_has_posts`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-he#57490
2021-06-22 11:29:35 +02:00
Kane York f25c55b5be FIX: Render detailed_404 page from 403 responses
This was previously broken by 59ef48c0b9 (#11425, #11424).

Centralize the logic into the exception controller, which avoids the problematic bug and makes it easy to add additional detailed 404 pages in the future.
2021-06-21 11:09:23 -07:00
Martin Brennan 22b96c9ce1
FIX: Prevent resurrecting old topics via email reply for group inboxes with SMTP enabled (#13382)
We already reject email replies to public topics via `SiteSetting.disallow_reply_by_email_after_days` and raising the `OldDestinationError`. This PR introduces similar behaviour for group inboxes, but without the rejection, and **only when SMTP is enabled for the group**.

If a reply is sent via email and the post is older than `SiteSetting.disallow_reply_by_email_after_days` days ago, then we create a new topic instead of making a reply in the old one and link back to the original topic. This is done to prevent long running group inbox discussions.
2021-06-21 11:45:00 +10:00
Roman Rizzi 4dc8c3c409
FEATURE: Blocking is optional when deleting a user from the review queue. (#13375)
Subclasses must call #delete_user_actions inside build_actions to support user deletion. The method adds a delete user bundle, which has a delete and a delete + block option. Every subclass is responsible for implementing these actions.
2021-06-15 12:35:45 -03:00
Kris 9190e4390f
UX: Remove reference to contact form in setting (#13380) 2021-06-15 15:29:33 +10:00
Vinoth Kannan cd6ab7bdd7
UX: improve user delete error message & return correct post count. (#13282)
Post count was incorrect on admin page causing confusion when admins attempted to delete users.
2021-06-11 15:07:34 +10:00
Bianca Nenciu d9484db718
FIX: Split link watched words from replace (#13196)
It was not clear that replace watched words can be used to replace text
with URLs. This introduces a new watched word type that makes it easier
to understand.
2021-06-02 15:36:49 +10:00
Gerhard Schlager 41ee5b7c86
FIX: Don't store translated trust level names in anonymous cache (#13224)
Refactors `TrustLevel` and moves translations from server to client

Additional changes:
  * "staff" and "admin" wasn't translatable in site settings
  * it replaces a concatenated string with a translation
  * uses translation for trust levels in users_by_trust_level report
  * adds a DB migration to rename keys of translation overrides affected by this commit
2021-06-01 22:11:48 +02:00
Bianca Nenciu 6879655455
DEV: Add deprecation notice to site setting description (#13212) 2021-06-01 11:13:54 +10:00
Andrei Prigorshnev 74f7150324
FEATURE: Automatically timed delete stub topics after entire topic is merged into another topic (#13187)
When a topic is fully merged into another topic we close it. Now we want also to set a timer for deleting this topic. By default, stub topics will be deleted in 7 days. Users can change this period or disable auto-deleting by setting the period to 0.
2021-05-28 17:33:10 +04:00
Martin Brennan 964da21817
FEATURE: Improve group email settings UI (#13083)
This overhauls the user interface for the group email settings management, aiming to make it a lot easier to test the settings entered and confirm they are correct before proceeding. We do this by forcing the user to test the settings before they can be saved to the database. It also includes some quality of life improvements around setting up IMAP and SMTP for our first supported provider, GMail. This PR does not remove the old group email config, that will come in a subsequent PR. This is related to https://meta.discourse.org/t/imap-support-for-group-inboxes/160588 so read that if you would like more backstory.

### UI

Both site settings of `enable_imap` and `enable_smtp` must be true to test this. You must enable SMTP first to enable IMAP.

You can prefill the SMTP settings with GMail configuration. To proceed with saving these settings you must test them, which is handled by the EmailSettingsValidator.

If there is an issue with the configuration or credentials a meaningful error message should be shown.

IMAP settings must also be validated when IMAP is enabled, before saving.

When saving IMAP, we fetch the mailboxes for that account and populate them. This mailbox must be selected and saved for IMAP to work (the feature acts as though it is disabled until the mailbox is selected and saved):

### Database & Backend

This adds several columns to the Groups table. The purpose of this change is to make it much more explicit that SMTP/IMAP is enabled for a group, rather than relying on settings not being null. Also included is an UPDATE query to backfill these columns. These columns are automatically filled when updating the group.

For GMail, we now filter the mailboxes returned. This is so users cannot use a mailbox like Sent or Trash for syncing, which would generally be disastrous.

There is a new group endpoint for testing email settings. This may be useful in the future for other places in our UI, at which point it can be extracted to a more generic endpoint or module to be included.
2021-05-28 09:28:18 +10:00
Bianca Nenciu 571ee4537a
FEATURE: Silence watched word (#13160)
This is a new type of watched word to replace auto_silence_first_post_
regex site setting.
2021-05-27 19:19:58 +03:00
Jeff Atwood b8a08d21e0
minor refinements to the Universal Rules (#13127)
.. of civilized discourse!
2021-05-24 15:09:01 -07:00
Bianca Nenciu 38af28d58b
FIX: Allow add email to group if user can invite (#13097)
It used to allow adding email addresses to a group even if invites were
disabled for the site. This does not allow user to input email address
if they cannot invite.

The second thing this commit improves is the message that is displayed
to the user when they hit the invite rate limit.
2021-05-21 11:34:17 +03:00
Andrei Prigorshnev 3e0f72f57f
FEATURE: Increase daily edit limits proportionally to trust level (#13090) 2021-05-19 13:57:21 +04:00
Martin Brennan 3d2cace94f
DEV: Add service to validate email settings (#13021)
We have a few places in the code where we need to validate various email related settings, and will have another soon with the improved group email settings UI. This PR introduces a class which can validate POP3, IMAP, and SMTP credentials and also provide a friendly error message for issues if they must be presented to an end user.

This PR does not change any existing code to use the new service. I have added a TODO to change POP3 validation and the email test rake task to use the new validator post-release.
2021-05-13 15:11:23 +10:00
Dan Ungureanu 60be1556fc
FIX: Various invite system fixes (#13003)
* FIX: Ensure the same email cannot be invited twice

When creating a new invite with a duplicated email, the old invite will
be updated and returned. When updating an invite with a duplicated email
address, an error will be returned.

* FIX: not Ember helper does not exist

* FIX: Sync can_invite_to_forum? and can_invite_to?

The two methods should perform the same basic set of checks, such as
check must_approve_users site setting.

Ideally, one of the methods would call the other one or be merged and
that will happen in the future.

* FIX: Show invite to group if user is group owner
2021-05-12 13:06:39 +03:00
Joffrey JAFFEUX 81bf581aa9
DEV: rescues site setting missing exception (#13022)
This will allow to correctly catch it client side and display a correct error.
2021-05-11 10:36:57 +02:00
Vinoth Kannan 10449ff794
UX: return correct error message if reviewable user is deleted already. (#12977)
Currently, when the target is not available we're returning the error message "`You are not permitted to view the requested resource`" which is not clear.
2021-05-07 22:00:04 +05:30
Régis Hanol cd93d1b5f7
FEATURE: new 'trim_incoming_emails' site setting (#12874)
This setting allows admin to de/activate automatic trimming of incoming email.
There are instances where it does wonders in trimming all the garbage content and other
instances where it's so bad that it trims the most important part of the email.

FIX: don't remove hidden content using the style attribute when converting HTML to Markdown.
The regexp used was doing more harm than good. It was way too broad.

FIX: properly elide signatures from emails sent with Front App.
This is fairly safe as Front App nicely identifies signatures in the HTML part.
2021-04-28 17:08:48 +02:00
Roman Rizzi 60059a7190
FEATURE: A low priority filter for the review queue. (#12822)
This filter hides reviewables with a score lower than the "reviewable_low_priority_threshold" setting. We only use reviewables that already met this threshold to calculate the Medium and High priority filters.
2021-04-23 15:34:24 -03:00
Dan Ungureanu cfee2728ce
FEATURE: New share topic modal (#12804)
The old share modal used to host both share and invite functionality,
under two tabs. The new "Share Topic" modal can be used only for
sharing, but has a link to the invite modal.

Among the sharing methods, there is also "Notify" which points out
that existing users will simply be notified (this was not clear
before). Staff members can notify as many users as they want, but
regular users are restricted to one at a time, no more than
max_topic_invitations_per_day. The user will not receive another
notification if they have been notified of the same topic in past hour.

The "Create Invite" modal also suffered some changes: the two radio
boxes for selecting the type (invite or email) have been replaced by a
single checkbox (is email?) and then the two labels about emails have
been replaced by a single one, some fields were reordered and the
advanced options toggle was moved to the bottom right of the modal.
2021-04-23 19:18:23 +03:00
Régis Hanol 3e6c39228d
COPY: Add a JIT when user hits likes rate limit (#12777) 2021-04-21 16:15:02 +02:00
Roman Rizzi 6b613e3076
FEATURE: Review every post using the review queue. (#12734)
* FEATURE: Review every post using the review queue.

If the `review_every_post` setting is enabled, posts created and edited by regular uses are sent to the review queue so staff can review them. We'll skip PMs and posts created or edited by TL4 or staff users.

Staff can choose  to:

- Approve the post (nothing happens)
- Approve and restore the post (if deleted)
- Approve and unhide the post (if hidden)
- Reject and delete it
- Reject and keep deleted (if deleted)
- Reject and suspend the user
- Reject and silence the user

* Update config/locales/server.en.yml

Co-authored-by: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2021-04-21 08:41:36 -03:00
Tobias Eigen 48d04e934d
added "in kB" to email total attachment limit (#12765) 2021-04-20 07:16:04 -07:00
Joffrey JAFFEUX 69f8c3b305
UX: displays a descriptive error when theme is not allowed (#12763) 2021-04-20 13:28:59 +02:00
Jeff Atwood 7439136f39
soften language around daily limits and add daily (#12749)
* soften language around daily limits and add daily

let's try to be as gentle as we can with new users

* better copy suggestion from Blake

* further copyedit improvements
2021-04-19 22:13:59 -07:00
Martin Brennan e3b1f5721b
FIX: Enforce tag group count validation before sending to review queue (#12728)
There is a category setting that enforces 1 or more tags must be added to a topic from a specific tag group before creating it. This validation was not being run before the topic was being sent to a review queue for categories that have that setting enabled.

There was an existing validation in `TopicCreator` but it was not correct; it was only validating when the tags did _not_ exist and also only happened on `create`. I now run the validation in `TopicCreator.valid?`

I also improved the error message shown to the user when they have not added the tags required (showing the tag names from the tag group), and changed the composer tag selector to not show "optional" if there are N tags required from a certain group.
2021-04-19 09:43:50 +10:00
Dan Ungureanu bfa301bd7b
FIX: Show invite validation errors to users (#12717)
The server used to respond with a generic 'error, contact admin' message
which did not offer any hint what the error was. This happened even when
the error could be easily corrected by the user (for example, if they
chose a very common password).
2021-04-15 15:23:49 +03:00
Dan Ungureanu 85d4b60a45
FIX: Improve error messages for invites (#12714)
The error messages used to include an unnecessary 'Validation failed:
Email' prefix which was removed.
2021-04-15 14:46:32 +03:00
Andrei Prigorshnev 3326d1ff73
FEATURE: Tweak slow mode messages and intervals (#12704) 2021-04-15 13:56:10 +04:00
David Taylor 9430185493
SECURITY: Improve theme git import (#12694) 2021-04-14 15:32:47 +01:00
Roman Rizzi 958fbfb719
FEATURE: Send an email notification when a post is approved. (#12665)
We now send an email when a queued post is approved, and we create a notification.
2021-04-12 12:08:23 -03:00
Martin Brennan 1ba5ccd8af
FIX: When user has already hit bookmark limit, do not error for clear_reminder! or other updates (#12658)
We introduced a cap on the number of bookmarks the user can add in be145ccf2f. However this has caused unintended side effects; when the `jobs/scheduled/bookmark_reminder_notifications.rb` runs we get this error for users who already had more bookmarks than the limit:

> Job exception: Validation failed: Sorry, you have too many bookmarks, visit #{url}/my/activity/bookmarks to remove some.

This is because the `clear_reminder!` call was triggering a bookmark validation, which raised an error because the user already had to many, holding up other reminders.

This PR also adds `max_bookmarks_per_user` hidden site setting (default 2000). This replaces the BOOKMARK_LIMIT const so we can raise it for certain sites.
2021-04-09 13:06:35 +10:00
Bianca Nenciu e026af11ac
FIX: Simplify send PM to email settings (#12583)
This feature used to be controlled by two site settings 
enable_personal_email_messages and min_trust_to_send_email_messages.
I removed enable_personal_email_messages and unhide 
min_trust_to_send_email_messages to simplify the process of 
enabling / disabling this feature.
2021-04-06 15:39:27 +03:00
Arpit Jalan 6234d7455b
FEATURE: add maximum limit for secondary emails (#12599) 2021-04-05 20:31:42 +05:30
Dan Ungureanu 81e5352e01
FIX: Better error message for redeemed invite (#12580)
This commit improves the error message when a user tries to redeem a
completely redeemed invite link.
2021-04-02 11:11:07 +03:00
Arpit Jalan 61860098d9
UX: move logs/watched_words to customize/watched_words in admin section (#12571)
https://meta.discourse.org/t/where-is-auto-tag-and-auto-replace/184261
2021-04-01 11:44:17 +05:30
Arpit Jalan c478ffc662
FIX: post merging was failing silently (#12566)
https://meta.discourse.org/t/merging-very-long-posts-removes-them/183597
2021-04-01 06:46:18 +05:30
Kris 9c8ec372f1
UX: remove reference to contact form in settings (#12554) 2021-03-30 14:18:06 -04:00
Bianca Nenciu 52a5c7e438
FIX: Improve error messages if user cannot send PM emails (#12547) 2021-03-30 12:18:57 +03:00
Bianca Nenciu 013b4f353b
FIX: Replace 'Chromebook' with 'Chrome OS' (#12508)
There are many Chrome OS devices and no way to determine the exact device.
2021-03-25 17:09:32 +02:00
Rafael dos Santos Silva fb4486d5f1
FEATURE: Add CSP frame-ancestors support (#12404) 2021-03-22 16:00:25 -03:00
Martin Brennan 355d51afde
FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)
This PR allows invitations to be used when the DiscourseConnect SSO is enabled for a site (`enable_discourse_connect`) and local logins are disabled. Previously invites could not be accepted with SSO enabled simply because we did not have the code paths to handle that logic.

The invitation methods that are supported include:

* Inviting people to groups via email address
* Inviting people to topics via email address
* Using invitation links generated by the Invite Users UI in the /my/invited/pending route

The flow works like this:

1. User visits an invite URL
2. The normal invitation validations (redemptions/expiry) happen at that point
3. We store the invite key in a secure session
4. The user clicks "Accept Invitation and Continue" (see below)
5. The user is redirected to /session/sso then to the SSO provider URL then back to /session/sso_login
6. We retrieve the invite based on the invite key in secure session. We revalidate the invitation. We show an error to the user if it is not valid. An additional check here for invites with an email specified is to check the SSO email matches the invite email
7. If the invite is OK we create the user via the normal SSO methods
8. We redeem the invite and activate the user. We clear the invite key in secure session.
9. If the invite had a topic we redirect the user there, otherwise we redirect to /

Note that we decided for SSO-based invites the `must_approve_users` site setting is ignored, because the invite is a form of pre-approval, and because regular non-staff users cannot send out email invites or generally invite to the forum in this case.

Also deletes some group invite checks as per https://github.com/discourse/discourse/pull/12353
2021-03-19 10:20:10 +10:00
Roman Rizzi 9a779ca99a
FIX: Show a proper error message when trying to bulk award a disabled badge. (#12384) 2021-03-12 14:28:27 -03:00
Roman Rizzi 8fcad73b36
FEATURE: Admins can flag posts so they can review them later. (#12311)
Staff can send a post to the review queue by clicking the "Flag Post" button next to "Take Action...". Clicking it flags the post using the "Notify moderators" score type and hides it. A custom message will be sent to the user.
2021-03-11 08:21:24 -03:00
Kris 83519e7f3a
FEATURE: Always show tag dropdown when tagging is enabled (#12209) 2021-03-10 21:13:15 -05:00
Simon Cossar 1a0cca5539
Update disable mailing list mode setting description (#12346) 2021-03-10 14:32:40 -08:00
Alan Guo Xiang Tan ce04db8610 FEATURE: Allow invites redemption with Omniauth providers. 2021-03-09 09:27:18 +08:00
Alan Guo Xiang Tan ebe4896e48 FEATURE: Change very high/low search priority to rank at absolute ends.
Prior to this change, we had weights for very_high, high, low and
very_low. This means there were 4 weights to tweak and what weights to
use for `very_high/high` and `very_low/low` pair was hard to explain.
This change makes it such that `very_high` search priority will always
ensure that the posts are ranked at the top while `very_low` search
priority will ensure that the posts are ranked at the very bottom.
2021-03-09 09:20:37 +08:00
Dan Ungureanu 7f3240ea31
FEATURE: Various improvements to invite system (#12298)
* FIX: Do not show expired invites under Pending tab

* DEV: Controller action was renamed in previous commit

* FEATURE: Add 'Expired' tab to invites

* FEATURE: Refresh model after removing expired invites

* FEATURE: Do not immediately add invite to the list

Opening the 'create-invite' modal used to automatically generate an
invite to reserve an invite link. If the user did not save it and
closed the modal, the invite would be destroyed. This operations caused
the invite list to change in the background and confuse users.

* FEATURE: Sort redeemed users by creation time

* UX: Improve show / hide advanced options link

* FIX: Show redeemed users even if invites were trashed

* UX: Change modal title when editing invite

* UX: Remove Get Link button

Users can get it from the edit modal

* FEATURE: Add limit for invite links generated by regular users

* FEATURE: Add option to skip email

* UX: Show better error messages

* FIX: Show "Invited by" even if invite was trashed

Follow up to 1fdfa13a099d8e46edd0c481b3aaaafe40455ced.

* FEATURE: Add button to save without sending email

Follow up to c86379a465f28a3cc64a4a8c939cf32cf2931659.

* DEV: Use a buffer to hold all changed data

* FEATURE: Close modal after save

* FEATURE: Rate limit resend invite email

* FEATURE: Make the save buttons smarter

* FEATURE: Do not always send email even for new invites
2021-03-06 13:29:35 +02:00
Rafael dos Santos Silva 4af3c42904
FEATURE: Add opt-in screenshots to the web app manifest (#12288)
This will be used by Chrome on Android on the install prompt,
as show in https://twitter.com/alexey_rodionov/status/1349612958754762753

Follows the spec at https://www.w3.org/TR/manifest-app-info/
2021-03-04 18:39:58 -03:00
Bianca Nenciu b49b455e47
FEATURE: Autotag watched words (#12244)
New topics with be matched against a set of watched words and be
tagged accordingly.
2021-03-03 10:53:38 +02:00
Rafael dos Santos Silva 83f332b5a5
FEATURE: Add a site setting to allow emojis to come from an external URL (#12180) 2021-03-02 16:04:16 -03:00
David Taylor 8fd46c04ea
Drop flash video onebox (#12261)
Flash was discontinued by Adobe at the end of 2020. There is no need to continue OneBox support for it
2021-03-02 17:11:14 +00:00
Martin Brennan 6b4d066834
FIX: Skip sending PM email for user silence (#12240)
We were sending 2 emails for user silencing if a message was provided in the UI. Also always send email for user silence and user suspend with reason regardless of whether message provided.
2021-03-02 09:18:09 +10:00
Penar Musaraj 6809cccd88
DEV: Add experimental json_scheme site setting type (#12226) 2021-03-01 09:15:17 -05:00
Bianca Nenciu 4b0496b2fc
FIX: Reintroduce auto_silence_first_post_regex (#12223)
Follow-up to 533800a87b.
2021-02-26 15:07:04 +02:00
Arpit Jalan 93a0a906b5
FIX: allow adding user to PM when inviter is in allowed list (even (#12212)
though other participants are not in allowed list)

If you create an allowlist of users who can PM you, and use the function
“Only specific users can send me private messages”, then you can’t be
added to group messages unless everyone in that message is already in
your allow list.

This commit allows user to be added to a group message even when other
participants are not in allowed list
2021-02-25 22:56:49 +05:30
Bianca Nenciu 533800a87b
Add watched words of type "replace" (#12020)
This commit includes other various improvements to watched words.

auto_silence_first_post_regex site setting was removed because it overlapped
with 'require approval' watched words.
2021-02-25 14:00:58 +02:00
Sam c9256b717f
DEV: hide the site setting rebake_old_posts_count (#12181)
This setting is confusing admins, it is now hidden by default

It only applies to major updates of the rendering engine or imports and
very infrequently needs tweaking
2021-02-24 09:45:26 +11:00
David Taylor 3787bbc223
DEV: Remove unused `max_api_keys_per_user` site setting (#12185)
This was added in fc095acaaa, but a check was never implemented
2021-02-23 13:07:42 +00:00
Penar Musaraj 0620f6298e
UX: Remove emoji step in wizard (#12169) 2021-02-22 12:14:18 -05:00
Arpit Jalan f75e1867ff
FIX: do not send rejection emails to auto-deleted reviewable users (#12160)
FIX: add context when user is deleted via auto handle queued reviewable
FIX: do not delete email_log when a user is deleted
2021-02-22 18:37:47 +05:30
Bianca Nenciu 08acf51be0
FEATURE: Use diffhtml to update composer preview (#11237)
Displaying videos, animated GIFs or any kind of rich content in preview
used to refresh on every keystroke, which could cause performance
problems.
2021-02-18 16:07:26 +02:00
Martin Brennan e0f0fe5624
FIX: Bump max topic timer duration to 20 years (#12107)
This way it has some sort of cap, even if it seems pretty
high, and we don't have to worry about requests for increasing
it from 2 to 5 to 10 etc.
2021-02-18 11:52:30 +10:00
Simon Cossar 71904277e2
Add bad_destination_address template to email_templates_controller (#12102)
Add bad_destination_address template to email_templates_controller;
Update bad_destination_address email copy
2021-02-17 09:57:38 +01:00
Martin Brennan ff1ac57feb
FIX: Validate duration minutes values for topic timer (#12040)
Add server and client side validations to ensure topic timer durations cannot exceed 2 years and cannot be less than or equal to 0.
2021-02-12 09:05:14 +10:00
Blake Erickson 395a903cf6
DEV: Show warning message when using ember css selectors (#12036)
* DEV: Show warning message when using ember css selectors

When editing the theme css via the admin UI a warning message
will be displayed if it detects that the `#emberXXX` or `.ember-view`
css selectors are being used. These are dynamic selectors that ember
generates, but they can change so they should not be used.

* Update error message text to be more helpful

* Display a warning instead of erroring out

This allows the theme to still be saved, but a warning is displayed.

Updated the tests to check for the error message.

Updated the pre tags css so that it wraps for long messages.
2021-02-11 13:48:57 -07:00
David Taylor 821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
Jarek Radosz 704778f448
FIX: Don't invite new users via group with SSO on or local logins off (#11950)
Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339

Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on.

We already prevent that in most places. This adds required checks to `GroupsController`.
2021-02-03 18:13:00 +01:00
Jarek Radosz 39a9651847
DEV: Remove `update_mail_receiver` and `deprecated_api_usage` (#11947)
`update_mail_receiver`-related code was removed in 269ec70ba8 and `deprecated_api_usage`-related code was removed in d04ba4b3b2.
2021-02-03 17:41:47 +01:00
Gerhard Schlager d055552994
Fix i18n issues reported on Crowdin (#11747)
* Pluralize `groups.errors.adding_too_many_users`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#53882

* Pluralize `js.composer.error.title_too_short`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41172

* Pluralize `js.composer.error.title_too_long`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41174

* Pluralize `js.composer.error.post_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41178

* Pluralize `js.topic.progress.jump_prompt_of`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41958

* Use translations to join strings about posters
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#49334
  It also makes some changes to the crawler view:
    * Removes `poster.moreCount` which is only available on the client for PMs
    * CSS class names are actually stored in `poster.extras` instead of `poster.extraClasses`

* Stop concatenating category stats
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40740

* Pluralize `js.summary.description`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40782

* Pluralize `js.summary.description_time_MF`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40784

* Use translation to join list of tags
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43372

* Pluralize `admin_js.admin.groups.manage.membership.automatic_membership_user_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43720

* Pluralize `js.post.controls.delete_topic_confirm_modal`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#54804

* Stop concatenating `js.post.last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42358

* Stop concatenating `js.post.wiki_last_edited_on`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42356
  It also fixes a regression because `js.post.wiki_last_edited_on` wasn't used anymore since 2017.
2021-02-02 10:50:04 +01:00
Jeff Atwood 39ba3f8291
remove hidden area in flagged removed post msg (#11901)
because users were having trouble figuring out how to expand the hidden post to determine "what post of mine was removed??", per customer reports
2021-01-29 15:42:04 -08:00
Gerhard Schlager 3b2f6e129a
FEATURE: Add English (UK) as locale (#11768)
* "English" gets renamed into "English (US)"
* "English (UK)" replaces "English"

@discourse-translator-bot keep_translations_and_approvals
2021-01-20 21:32:22 +01:00
Martin Brennan be145ccf2f
FIX: Add bookmark limits (#11725)
Adds a bookmark search per page limit, a total bookmark creation limit, and a rate limit per day for bookmark creation.
2021-01-19 08:53:49 +10:00
Roman Rizzi 7ac9a4d2ec
FIX: Allow users to opt-out of using the site's small logo as the system user avatar. (#11744) 2021-01-18 14:09:07 -03:00
Krzysztof Kotlarek 06b7c44593
FEATURE: reason to reject user signup (#11700)
Feature for `Must Approve Users` setup. When a user is rejected, a staff member can optionally set a reason for audit purposes. In addition, feedback email can be sent to the user.

Meta: https://meta.discourse.org/t/account-rejection-email/103112/8
2021-01-15 09:43:26 +11:00
Arpit Jalan 25b4e82601
FEATURE: allow disabling self-deletions of posts (#11668)
https://meta.discourse.org/t/restoring-deleted-messages/173647/6?u=techapj
2021-01-08 20:35:13 +05:30
Jeff Atwood 3a0ea9ef22
remove anon download attachment warning (#11632)
.. as it is no longer applicable for the most part
2021-01-05 08:02:41 +05:30
Jeff Atwood 762eadb9b8
Update server.en.yml -- minor copyedit (#11631)
* Update server.en.yml

* Fix the build

Co-authored-by: Arpit Jalan <arpit@techapj.com>
2021-01-05 08:02:02 +05:30
Rafael dos Santos Silva 330ef3700f
FEATURE: Add dash warning for using S3 without CDN (#11561)
Over the years we had some admins complaining that most of their costs
running Discourse is on S3 uploads.

That only happens when they are using S3 without a CDN, which is widely
considered a bad pratice for public websites, as egress bandwidth can
get expensive quite fast.

Related:

https://meta.discourse.org/t/download-avatars-locally-from-s3-shutting-down-s3-in-my-site/174001/3?u=falco

https://meta.discourse.org/t/use-webtorrent-to-load-media-objects/155873/2?u=falco
2020-12-28 12:43:48 -03:00
Jeff Atwood c92415d402
enhance TL2 congratulations PM (#11577)
add some detail to the TL2 congratulatory PM
2020-12-24 15:40:45 -08:00
Bianca Nenciu 755627caa5
FEATURE: Introduce skip_auto_delete_reply_likes site setting (#11562)
osts from topics with 'auto delete replies timer' with more than
skip_auto_delete_reply_likes likes will no longer be deleted. If 0,
all posts will be deleted.
2020-12-23 16:30:10 +11:00
Jeff Atwood 53f1811757
simplify copy slightly for new post / topic panel (#11565)
simplify copy slightly for new post / topic advice panel
2020-12-22 13:26:44 -08:00
Osama Sayegh 6eee731bf9
FEATURE: Include post number in inline Onebox titles (#11515) 2020-12-17 11:19:13 +11:00
Penar Musaraj 31fe0e91ad
UX: Tweaks to filtered replies (#11485)
Include the enable_filtered_replies_view site setting in the admin UI
Adds title label to in-reply-to widget
Invokes the filtered UI when using replies_to_post_number as a query
parameter
Replaces the "Show All" button icon
Fixes grammar for "Viewing 1 reply to..." label
2020-12-15 11:23:44 -05:00
Penar Musaraj adda53c462
FEATURE: Optional filtered replies view (#11387)
See PR for details
2020-12-10 12:02:07 -05:00
Vinoth Kannan eb60fc86dc
PERF: run user merging task in a background job. (#10961)
* PERF: run user merging task in a background job.

Currently, admin page is timing out while merging the users with lots of posts.
2020-12-10 15:52:08 +11:00
Roman Rizzi 9fb36290e3
FEATURE: Non-staff users can use shared drafts. (#11329)
You can let non-staff users use shared drafts by modifying the `shared_drafts_min_trust_level` site setting. These users must have access to the shared draft category.
2020-12-03 11:07:57 -03:00
Dan Ungureanu 123107c28f
UX: Add group name to error message (#11333)
The group name used to be part of the error message, but was removed
in a past commit.
2020-11-24 13:06:52 +02:00
tshenry 0ec62358d9
FEATURE: Add site setting to restrict ignore feature to trust level (#11297)
This adds a new min_trust_level_to_allow_ignore site setting that enables admins to control the point at which a user is allowed to ignore other users.
2020-11-20 10:05:20 -08:00
Martin Brennan a6f700d4ef
FIX: Show better error if no bookmarks found from search (#11284)
See https://meta.discourse.org/t/no-results-for-bookmarks-search-confusing-message/169763
2020-11-19 09:10:28 +10:00
jbrw 331236d6d7
Onebox improved error handling and support for Instagram Access Tokens (#11253)
* FEATURE: display error if Oneboxing fails due to HTTP error

- display warning if onebox URL is unresolvable
- display warning if attributes are missing

* FEATURE: Use new Instagram oEmbed endpoint if access token is configured

Instagram requires an Access Token to access their oEmbed endpoint. The requirements (from https://developers.facebook.com/docs/instagram/oembed/) are as follows:

- a Facebook Developer account, which you can create at developers.facebook.com
- a registered Facebook app
- the oEmbed Product added to the app
- an Access Token
- The Facebook app must be in Live Mode

The generated Access Token, once added to SiteSetting.facebook_app_access_token, will be passed to onebox. Onebox can then use this token to access the oEmbed endpoint to generate a onebox for Instagram.

* DEV: update user agent string

* DEV: don’t do HEAD requests against news.yahoo.com

* DEV: Bump onebox version from 2.1.5 to 2.1.6

* DEV: Avoid re-reading templates

* DEV: Tweaks to onebox mustache templates

* DEV: simplified error message for missing onebox data

* Apply suggestions from code review
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2020-11-18 12:55:16 -05:00
Arpit Jalan 0a56af49f3
FIX: add missing translation for 'views' key. (#11276) 2020-11-18 16:47:43 +05:30
Gerhard Schlager 6ff07bb73f
FEATURE: Create revision when bulk moving topics (#10802)
This behavior can be configured with the new "create_revision_on_bulk_topic_moves" site setting. It's enabled by default.
2020-11-12 13:57:12 +01:00
Roman Rizzi 331517abe6
UI: Blur review queue images. (#11187)
We blur images by default to protect reviewers against NSFW content. To see the image, they'll have to hover over it.
2020-11-11 14:09:42 -03:00
Bianca Nenciu a48f7ba61c
FEATURE: Improve errors when title is invalid (#11149)
It used to simply say "title is invalid" without giving any hint what
the problem could be. This commit adds different errors messages for
all caps titles, low entropy titles or titles with very long words.
2020-11-11 15:11:36 +02:00
Arpit Jalan 00b41437b0
FIX: hide sso email behind a button click and log views (#11186) 2020-11-11 00:42:44 +05:30
Penar Musaraj bfc3bc0733
FIX: Small copy change in wizard (#11174) 2020-11-09 12:19:58 -08:00
Penar Musaraj 57bd85af31
UX: Minor cosmetic fixes to the wizard (#11172)
- Does not force users to type a description or a welcome topic
- Adds * marker for required text fields (site title and email)
2020-11-09 15:14:57 -05:00
tshenry 6060f32970
Improve max_personal_messages_per_day description copy (#11155) 2020-11-06 17:42:26 -08:00
Justin DiRose 09b8a61f65
FEATURE: Add Google Universal Analytics v4 as an option (#11123)
Per Google, sites are encouraged to upgrade from Universal Analytics v3 `analytics.js` to v4 `gtag.js` for Google Analytics tracking. We're giving admins the option to stay on the v3 API or migrate to v4. Admins can change the implementation they're using via the `ga_version` site setting. Eventually Google will deprecate v3, but our implementation gives admins the choice on what to use for now.

We chose this implementation to make the change less error prone, as many site admins are using custom events via the v3 UA API. With the site stetting defaulted to `v3_analytics`, site analytics won't break until the admin is ready to make the migration.

Additionally, in the v4 implementation, we do not enable automatic pageview tracking (on by default in the v4 API). Instead we rely on Discourse's page change API to report pageviews on transition to avoid double-tracking.
2020-11-06 14:15:36 -06:00
Bianca Nenciu 0863c36221
FIX: Improve errors when invite to topic fails (#11133)
It used to simply say "not allowed" without giving any hint what the
problem could be. This commit refactors the code and tries to improve
readability.
2020-11-06 16:58:10 +02:00
Martin Brennan 00c8f520e9
FIX: Do not enable published page if secure media enabled (#11131)
There are issues around displaying images on published pages when secure media is enabled. This PR temporarily makes it appear as if published pages are enabled if secure media is also enabled.
2020-11-06 10:33:19 +10:00
Arpit Jalan 436bd48512
UX: update topic small action post to add link for new linked topic URL (#11132)
https://meta.discourse.org/t/linked-topics-splitting-and-managing-megatopics/168992/4?u=techapj
2020-11-05 22:39:21 +05:30
Arpit Jalan 24d1b1f159
UX: when creating linked topic use URL and let onebox work its magic (#11118)
When the linked topic is created we'll not hardcode the topic title and
let onebox work its magic instead so that the title can be updated
automatically.
2020-11-04 17:19:09 +05:30
Bianca Nenciu d2116f0029
FIX: Show error message if user is already silenced or suspended (#10988)
Users could be silenced or suspended by two staff members at the same time and
would not be aware of it. This commit shows an error message if another penalty
has been applied.
2020-11-03 17:38:56 +02:00
Arpit Jalan 1476e17c35
FEATURE: new setting to create a linked topic on autoclosing mega topics (#11001)
This commit adds a site setting `auto_close_topics_create_linked_topic`
which when enabled works in conjunction with `auto_close_topics_post_count`
setting and creates a new linked topic for the topic just closed.

The auto-created new topic contains a link for all the previous topics
and the topic titles are appended with `(Part {n})`.

The setting is enabled by default.
2020-11-02 12:18:48 +05:30
Roman Rizzi 7912ce4002
UI: Slow mode tweaks. (#11081)
We remove the slow mode composer message and provide better messages when rejecting new posts and edits. The client now validates if the user tries to post again immediately. Finally, we replaced the `hourglass-end` icon with the `hourglass-start` one.
2020-10-30 11:22:56 -03:00
Vinoth Kannan 347423007a
DEV: remove instagram login site settings and auth classes. (#11073)
Instagram removed the support for login and should use Facebook login instead.
2020-10-30 09:09:56 +05:30
Sam d10b6dc498
FEATURE: Allow admins to opt out of chunked encoding (#11060)
Most proxies out there will work with chunked encoding transfer. However
some proxies buffer, causing large delays which in turn force the message
bus client to disable chunked encoding. This wastes a request to the message
bus causing superfluous load on the server.

Also

- enableLongPolling is already default true in the client, no need to set it
- remove confusing comment about zepto
2020-10-29 16:25:46 +11:00
Krzysztof Kotlarek 8e7c746e56
FEATURE: Ask user to confirm topic deletion when views exceed a certain amount (#11006)
Before deleting a topic that has a high number of views (default of 5000), the user will be prompted with a confirmation popup. This works for all delete buttons on the topic located in: topic-timeline, topic-admin-menu, topic-footer-buttons, and post-menu if the post's ID is 1.

The delete button will be disabled while deletion is in progress, to prevent any unwanted behavior.

A site setting is also available to change the minimum amount of views required to display the confirmation popup.

All kudos are going to @RickyC0626. I only rebased with master and added few qunit tests to ensure that this feature works as expected.

Original PR: #10459
2020-10-29 14:18:43 +11:00
Vinoth Kannan 72810853ea
FIX: strip the trailing slash (/) of cors origins. (#10996)
Strips trailing `/` from global settings
Provides a validation for site settings to ensure a trailing `/` is not added
2020-10-29 13:01:06 +11:00
Roman Rizzi 2f32336081
FIX: Staff can create and edit posts even if a topic is in slow mode. (#11057)
Additionally, ninja edits are no longer restricted.
2020-10-28 16:47:50 -03:00
Prayag Verma 66402abe9a Fix typos
occured ---> occurred
embeded ---> embedded
2020-10-27 09:55:57 -04:00
Arpit Jalan 9aa2723d57
UX: improve error message for already logged in users (#11020) 2020-10-24 21:21:01 +05:30
jbrw 2bcca46cc5
FEATURE - ImageMagick jpeg quality (#11004)
* FEATURE - Add SiteSettings to control JPEG image quality

`recompress_original_jpg_quality` - the maximum quality of a newly
uploaded file.

`image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-23 12:38:28 -04:00
Jahan Gagan cce03de616 EDIT: specs and translation updated 2020-10-22 10:42:17 -04:00
Jahan Gagan fab67fafc1 FIX: invite users with sufficient trust level 2020-10-22 10:42:17 -04:00
Roman Rizzi fbb1fb9270
FIX: Ensure slow mode duration is correctly edited and displayed. (#10945)
* FIX: Ensure slow mode duration is correctly edited and displayed.

This commit fixes a bug where you were forced to set hours, minutes, and seconds or you won't be able to set the slow mode. Also, the duration was not displayed correctly due to the seconds not being truncated.

Additionally, we'll always display the hours, minutes, and seconds inputs for clarity and remove the blue banner.

* Set slow mode modal tweaks.

Uses labels instead of placeholders.
Input fields only visible when custom option selected.
Replace "Custom Duration" with "Pick Duration".

Additionally, place the `Set slow mode` button at the bottom of the topic actions menu.

* Perform the slow_mode validation also on the client-side before saving trying to save the post. This way, the post won't be staged.
2020-10-20 06:52:03 -03:00
David Taylor 23e5c605f6 DEV: Add support for allowed parameters in user api key scopes
Initially, this feature is only intended for use in core/plugins, so there is no API for requesting a parameter-scoped key. That may change in future.
2020-10-19 10:40:55 +01:00
Roman Rizzi 21c53ed249
FEATURE: Topic slow mode. (#10904)
Adds a new slow mode for topics that are heating up. Users will have to wait for a period of time before being able to post again.

We store this interval inside the topics table and track the last time a user posted using the last_posted_at datetime in the TopicUser relation.
2020-10-16 16:24:38 -03:00
Gerhard Schlager 7adf71a203
Fix i18n issues reported on Crowdin (#10925)
* Pluralize `discourse_narrative_bot.dice.not_enough_dice`
  The number of dice requires a pluralized string.
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/278/en-ar#51346

* Always use "two-factor" instead of "second factor" or "two factor"
  Using different terms for the same thing is quite confusing.
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#40096

* Remove whitespace before ellipsis for consistency
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#53978

* Remove unused strings from locale file

* Correct grammar in `site_settings.review_media_unless_trust_level`
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54018

* Correct grammar in `reviewables.reasons.contains_media`
  Fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54020

* Correct grammar in user notifications
  It also adds a link to the /about page in order to give the user a clue who the site admins are.
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#54084

* Use "log in" instead of "login" when it's a verb
  This fixes multiple issues:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-nl#40940
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#47858
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-nl#49458

* Replace "Github" with "GitHub"

* Remove "discourse.org" from title of 503 error page

* Replace weirdly formatted multi line string

* Pluralize `js.composer.group_mentioned_limit`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41158

* Remove unused string and pluralize `js.topic.feature_topic.confirm_pin_globally`
  This kinda fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42114 as `js.topic.feature_topic.confirm_pin` wasn't used anymore.

* Pluralize `js.user.second_factor_backup.remaining_codes`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40054

* Pluralize `js.composer.error.tags_missing`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41184

* Pluralize `js.post.errors.too_many_dragged_and_dropped_files`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42408

* Remove unused `js.posts_long` and `js.likes_long`
  This fixes the following issues in an unexpected way:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42974
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42994

* Pluralize `js.bootstrap_mode_enabled`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#38726

* Remove unused `long_form` from `post_action_types`
  This more or less fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#47158

* Pluralize `js.presence.replying` and `js.presence.replying`
  This fixes the following issues:
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/282/en-ar#51588
  * https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/282/en-ar#51590

* Pluralize `js.user.second_factor_backup.manage`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40044

* Stop using concatenated strings for "Recently Used Devices"
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40308

* Pluralize `js.category_row.topic_count`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41056

* Pluralize `js.select_kit.invalid_selection_length`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41072

* Pluralize `js.notifications.membership_request_consolidated`
  This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41416
2020-10-16 15:24:58 +02:00
Bianca Nenciu 43e52a7dc1
DEV: Remove gifsicle dependency (#10357)
Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails
site settings were all removed. Animated GIF images are still allowed, but
the generated optimized images are no longer animated for those (which were
used for avatars and thumbnails).

The added 'animated' is populated by extracting information using FastImage.
This field was used to selectively reoptimize old animations. This process
happens in the background.
2020-10-16 13:41:27 +03:00
Penar Musaraj 5763309953
FEATURE: WCAG compliant color schemes (#10882)
Co-authored-by: Kris <kris.aubuchon@discourse.org>
2020-10-15 14:05:48 -04:00
jbrw 099bf97dca
Tag groups can belong to groups (#10854) 2020-10-14 13:15:54 -04:00
Penar Musaraj 74de7a49f5
Simplify theme and color scheme seeding (#10872)
Now that we have support for user-selectable color schemes, it makes sense
to simplify seeding and theme updates in the wizard. 

We now:

- seed only one theme, named "Default" (previously "Light")
- seed a user-selectable Dark color scheme
- rename the "Themes" wizard step to "Colors"
- update the default theme's color scheme if a default is set
(a new theme is created if there is no default)
2020-10-14 10:18:02 -04:00
Justin DiRose 8c77b84aac
Revert "FEATURE: Upgrade analytics.js to gtag.js (#10893)" (#10910)
Reverting due to a few unforseen issues with customizations.
2020-10-13 12:20:41 -05:00
Justin DiRose f4034226c2
FEATURE: Upgrade analytics.js to gtag.js (#10893)
Per Google, sites are encouraged to upgrade from `analytics.js` to `gtag.js` for Google Analytics tracking. This commit updates core Discourse to use the new `gtag.js` API Google is asking sites to use. This API has feature parity with `analytics.js` but does not use trackers.
2020-10-13 11:24:06 -05:00
jbrw ac31fe8321
FEATURE - SiteSetting to disable user option to hide their profiles and presences (#10885)
* FEATURE - SiteSetting to disable user option to hide their profiles and presences
2020-10-09 17:18:44 -04:00
Arpit Jalan 4326827a4e
FIX: second factor cannot be enabled if SSO is enabled (#10880)
* FIX: second factor cannot be enabled if SSO is enabled

If `enable_sso` setting is enabled then admin should not be able to
enable `enforce_second_factor` setting as that will lock users out.

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-09 22:36:38 +05:30
Martin Brennan 6e2be3e60b
FIX: When admin changes an email for the user the user must confirm the change (#10830)
See https://meta.discourse.org/t/changing-a-users-email/164512 for additional context.

Previously when an admin user changed a user's email we assumed that they would need a password reset too because they likely did not have access to their account. This proved to be incorrect, as there are other reasons a user needs admin to change their email. This PR:

* Changes the admin change email for user flow so the user is sent an email to confirm the change
* We now record who the email change request was requested by
* If the requested by user is admin and not the user we note this in the email sent to the user
* We also make the confirm change email route open to anonymous users, so it can be clicked by the user even if they do not have access to their account. If there is a logged in user we make sure the confirmation matches the current user.
2020-10-07 13:02:24 +10:00
Penar Musaraj 4efbf8dc4f
Remove "further reading" step from wizard (#10825)
Instead, add link to top themes on meta in wizard's last step.
2020-10-05 15:06:05 -04:00
Penar Musaraj a4356b99af
FEATURE: Separate base and heading font site_settings (#10807)
Allows site administrators to pick different fonts for headings in the wizard and in their site settings. Also correctly displays the header logos in wizard previews.
2020-10-05 13:40:41 -04:00
Arpit Jalan 9b45391cf9
FEATURE: explain why invites are disabled to staff users (#10810)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-03 13:05:26 +05:30
Robin Ward a3c81a85cd
Update server.en.yml 2020-09-30 14:11:26 -04:00
Robin Ward e2b9d93556
Update server.en.yml 2020-09-30 14:11:12 -04:00
Jeff Atwood 8fd8114e97 minor copyedit 2020-09-30 10:46:27 -07:00
Arpit Jalan ff44515a18
FIX: better error message if invite is expired (#10783)
https://meta.discourse.org/t/invite-token-is-invalid/165270/5?u=techapj
2020-09-30 20:32:33 +05:30
Joffrey JAFFEUX 318dadaf37
FIX: correct value of auto and adds nohighlight to the description (#10771) 2020-09-30 15:39:47 +10:00
Jeff Atwood a0bbc346cb minor copyedit 2020-09-29 16:47:54 -07:00
David Taylor f1d64bbbe5
FEATURE: Add a site setting to control automatic auth redirect (#10732)
This allows administrators to stop automatic redirect to an external authenticator. It only takes effect when there is a single authentication method, and the site is login_required
2020-09-24 17:06:07 +01:00
Simon Cossar 0f04864da1
Improve staff_like_weight copy to indicate how the value is applied (#10726) 2020-09-22 14:57:56 -07:00
Krzysztof Kotlarek 0bb51dcbfa
FIX: TL2 promotion message and advance training (#10679)
This is a little bit of refactoring. Core Discourse should have default promotion message for TL2.

In addition, when the Discobot plugin is enabled, the user is invited to advanced training
2020-09-22 10:17:52 +10:00
Roman Rizzi f85f73be88
FEATURE: Review posts with media. (#10693)
To check if a post contains any embedded media, we look if the "image_sizes" attribute is present in the new post manager arguments.

We want to see one boxed links, but we only store the raw content of the post. To work around this, I extracted the onebox logic from the composer editor into a module.
2020-09-18 12:45:09 -03:00
Sam Saffron 44fba9463b
FEATURE: Add support for not persistent sessions
In some cases Discourse admins may opt for sessions not to persist when a
browser is closed.

This is particularly useful in healthcare and education settings where
computers are shared among multiple workers.

By default `persistent_sessions` site setting is enabled, to opt out you
must disable the site setting.
2020-09-11 15:11:24 +10:00
Martin Brennan dede942007
FEATURE: Allow email image embed with secure media (#10563)
This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced:

* `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them.
* `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`.

`Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients.

All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`.

Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions.

![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 09:50:16 +10:00
Jarek Radosz 4f48304a44 DEV: Remove an unused i18n string
The related code was removed in 86cb5803ba
2020-09-03 16:32:46 +02:00
Gerhard Schlager 31c1d57228
FIX: System message wasn't fully translatable 2020-09-02 15:24:25 +02:00
Bianca Nenciu f2e14a3946
FEATURE: Add site setting and wizard step to set base font (#10250)
Co-authored-by: Neil Lalonde <neillalonde@gmail.com>
2020-08-31 13:14:09 +03:00
David Taylor a3577435f7
FEATURE: Additional control of iframes in oneboxes (#10523)
This commit adds a new site setting "allowed_onebox_iframes". By default, all onebox iframes are allowed. When the list of domains is restricted, Onebox will automatically skip engines which require those domains, and use a fallback engine.
2020-08-27 20:12:13 +01:00
Gerhard Schlager 6c09fd4289 DEV: Remove unused code and translations 2020-08-25 11:41:19 +02:00
Krzysztof Kotlarek 7b6f8517bf
FIX: limit number of users addable to group at once (#10510)
When someone wants to add > 1000 users at once they will hit a timeout.
Therefore, we should introduce limit and inform the user when limit is exceeded.
2020-08-25 08:55:21 +10:00
Vinoth Kannan 0b58fee424 minor copyedit on site setting and user option descriptions 2020-08-22 13:11:57 +05:30
Penar Musaraj 8b2c4b07a4
UX: Tweaks to admin color palette dropdown (#10502) 2020-08-21 09:30:11 -04:00
Vinoth Kannan 8348a41124
FEATURE: add `regular_categories` field in site setting & user option. (#10477)
Like "default watching" and "default tracking" categories option now the "regular" categories support is added. It will be useful for sites that are muted by default. The user option will be displayed only if `mute_all_categories_by_default` site setting is enabled.
2020-08-20 00:35:04 +05:30
Mark VanLandingham a3c0d4a8b5
FIX: Error message when setting enforce 2fa with social logins (#10479) 2020-08-19 13:16:31 -05:00
jbrw aa1fc01307
FEATURE - Moderators can create and manage groups (#10432)
Enabling the moderators_manage_categories_and_groups site setting will allow moderator users to create/manage groups.

* show New Group form to moderators

* Allow moderators to update groups and read logs, where appropriate

* Rename site setting from create -> manage

* improved tests

* Migration should rename old log entries

* Log group changes, even if those changes mean you can no longer see the group

* Slight reshuffle

* RouteTo /g if they no longer have permissions to view group
2020-08-19 10:41:40 -04:00
Penar Musaraj 328ad921fb
FIX: display label when theme uses default color scheme 2020-08-18 21:11:15 -04:00
Penar Musaraj 3745f2bb86
FEATURE: Dark mode alternative logos (#10441) 2020-08-17 15:43:20 -04:00
jahan-ggn 65649eaef0
User card settings (#10302)
* settings implemented

* prettier

* settings updated

* rubocop

* prettier

* Revert "rubocop"

This reverts commit 7805145a7d.

* Revert "prettier"

This reverts commit 2c53f4fa12.

* settings updated and changed

* rubocop

* changes applied

* final changes done

* Server side feature added

* spec changed

* changed user_updater and profile file

* Fix user card specs

* web hook serializer solved

* site-setting changed

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2020-08-17 12:37:45 -04:00
Vinoth Kannan 476d26159a
FEATURE: add new user option `skip_new_user_tips`. (#10437)
And add new site setting `default_other_skip_new_user_tips` in user preferences category.
2020-08-14 19:10:56 +05:30
Blake Erickson 2032c11f78
FIX: Return 422 when creating topics with tags w/out permission (#10400)
The UI prevents users from trying to create tags on topics when they
don't have permission, but if you are trying to add tags to a topic via
the API and you don't have permission before this change it would
silently succeed in creating the topic, but it wouldn't have any tags.

Now a 422 error will be returned with an error message when trying to
create a topic with tags when tagging is disabled or you don't have
enough trust level to add tags to a topic.

Bug report: https://meta.discourse.org/t/-/70525/14
2020-08-10 16:14:15 -06:00
jbrw 3593e582a3
FIX - limit number of embedded media items in a post (#10391)
* FIX - limit number of embedded media items in a post

* Add renamed settings to DeprecatedSettings
2020-08-07 12:08:59 -04:00
Penar Musaraj 9c9aa21726
Add site setting to pick dark mode color scheme (#10390)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-08-07 08:52:47 -04:00
Gerhard Schlager 81247c1f6a DEV: Remove mention of Transifex from locale files 2020-08-06 13:34:00 +02:00
Mark VanLandingham b76731d722
FEATURE: Invite emails to groups from add member modal (#10308) 2020-08-04 10:02:01 -05:00
Blake Erickson 8de635fe92
DEV: Show message when cannot invite user to PM (#10336)
* DEV: Show message when cannot invite user to PM

When inviting a user to a PM return a message that says, "Sorry, this
user can't be invited." if they have been muted or are not in a users
allowed pm users list.

* Minor refactor & improved some text
2020-07-31 09:52:19 -06:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Krzysztof Kotlarek 4b053462c0
FIX: display correct status on unsubscribe page (#10294)
There was a bug that even when `email_digest` was set to false but
`digest_after_minutes` was positive, we were not displaying correct
status.

In addition, the message is improved when the user is unsubscribed +
unsubscribe from all is hidden.
2020-07-23 16:20:10 +10:00
Penar Musaraj 7559758e10
FEATURE: Support converting HEIF images to JPEG (#10079) 2020-07-22 21:40:09 -04:00
David Taylor c09b5807f3
FIX: Include resolved locale in anonymous cache key (#10289)
This only applies when set_locale_from_accept_language_header is enabled
2020-07-22 18:00:07 +01:00
Penar Musaraj bf22f7080d
FEATURE: optional quote sharing buttons (#10254) 2020-07-17 14:44:31 -04:00
jbrw 06073fe8c6
FEATURE: Allow group moderators to close/archive topics
* FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
Arpit Jalan 7532f24668 UX: better error message if moderator is not allowed to invite to group
UX: do not show invite to group option if mod is not owner of any group
2020-07-13 18:09:36 +05:30
Dan Ungureanu c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
David Taylor 5284d41a8e
FEATURE: Optionally skip the create account popup for external auth 2020-07-06 10:18:57 +01:00
David Taylor 977766e7a8
FEATURE: sso_overrides_(email|username|name) for all auth methods
These settings previously applied only to discourse-sso. Now they work for all external authentication methods.
2020-07-06 10:18:45 +01:00
Bianca Nenciu 68f767a557
FEATURE: Check if selectable avatars exist before enabling them (#10032) 2020-06-22 16:58:26 +03:00
Robin Ward 494a27dc27 FIX: A much nicer error message if you can't ignore/mute a user 2020-06-18 13:41:27 -04:00
Bernhard Suttner e31471585a
DEV: allow to have duplicate topic titles if categegory is different (#10034)
Co-authored-by: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-06-18 11:19:47 -04:00
Jeff Atwood 978aba632e minor copyedit on site setting description 2020-06-17 14:13:52 -07:00
Joffrey JAFFEUX 9da3a7f436
FEATURE: allows published pages to be public (#10053) 2020-06-17 12:42:20 +02:00
Jeff Atwood 2bbb870b11 copyedit on push icon help text 2020-06-15 22:43:55 -07:00