Commit Graph

226 Commits

Author SHA1 Message Date
Roman Rizzi 835d2be4da
FIX: Rate limit and hijack certificate generation. (#8215)
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-21 13:14:15 -03:00
Robin Ward 74207ef03a Refactor `search_answer` to be dynamically inserted so it can be changed 2019-10-16 14:37:17 -04:00
Robin Ward a37dafdd4d FIX: Use the quote generator in the example text
This way if a plugin customizes the quotes the example will match.
2019-10-16 13:40:44 -04:00
Krzysztof Kotlarek e2f9b7dd6f FIX: Narrative Bot certificates are ERB templates (#8174)
There are at least two ways of rendering templates outside of the controller. The first one is Rails way enabled with Rails 5 https://evilmartians.com/chronicles/new-feature-in-rails-5-render-views-outside-of-actions
The downside of this method is that all variables need to be passed as params (I could find a way to pass the whole context)

Another way is to use instance_eval described in Erubi documentation
https://github.com/jeremyevans/erubi#usage - it works perfectly fine, however, I didn't feel very confident about using eval unless necessary.

An additional benefit of using `ApplicationController.render` is that if Rails would change the ERB engine in the future, this code should still work.

If you want to test it on your local, you need to be signed in and then that two URLs are generating certificates:
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=standard&user_id=1
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=advanced&user_id=1

Dev: https://dev.discourse.org/t/discourse-narrative-bot-should-not-be-storing-giant-strings/17130
2019-10-09 17:45:01 +11:00
Gerhard Schlager 3dfe9f3b8d Update translations 2019-10-08 12:25:24 +02:00
Robin Ward f5d391a48a
REFACTOR: Move `app-events:main` to `service:app-events` (#8152)
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.

In the future we should also deprecate `this.appEvents` without an
explicit injection too.
2019-10-04 10:06:08 -04:00
Vinoth Kannan 5a919c2211 DEV: use 'user_created' discourse event instead of 'after_commit' model callback. 2019-10-04 10:48:49 +05:30
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Rafael dos Santos Silva 45ff119f27 FIX: Try to match advanced tutorial reset first (#8048)
Advanced trigger is currently broken on:

    ca
    es
    et
    fr
    he
    it
    pt_BR

And that is because the translation levels for the plugin are kinda low, so I would guess it's broken for half the languages.

Since we have only two tracks for a while now, a quick fix to me is inverting the selectors.

This patch works because the advanced key is "larger" than the new user one.
2019-10-02 11:55:47 +10:00
Gerhard Schlager 8adec48b33 Update translations 2019-09-26 04:29:44 +02:00
Bianca Nenciu 0d22beb81d
FIX: Improve Onebox detection (#8019)
Follow-up to 7c83d2eeb2.
2019-09-10 13:59:48 +03:00
Neil Lalonde 930e70aba9 Update translations 2019-09-04 10:24:43 -04:00
Gerhard Schlager 8841563f8a Update translations 2019-08-26 14:36:46 +02:00
Guo Xiang Tan 636b6c3a5a FIX: Wrong discobot tutorial started for certain locales.
If a locale has triggers that start with the same word, our regexp will
always end up matching the first trigger. For example,

`start tutorial` and `start tutorial advanced`

To support the change, we have to make the match on triggers more
restrictive. `@discobot quote here` will no longer work like `@discobot
quote`.
2019-08-08 10:53:58 +08:00
Guo Xiang Tan b574276e6e DEV: Correct hardcoded value in discobot tests. 2019-08-08 10:53:58 +08:00
Guo Xiang Tan 1267185a07 DEV: Remove unused option.
Follow up to 18ed03e044.
2019-07-30 21:12:13 +08:00
Ned Batchelder 18ed03e044 Clarify how to start a tutorial
https://meta.discourse.org/t/does-the-advanced-user-tutorial-still-exist/123661/14
2019-07-30 21:10:22 +08:00
Neil Lalonde 97e9599ecc Update translations 2019-07-15 09:43:22 -04:00
AhmadF.Cheema bfbd97d3b5 Remove extra whitespaces from locale files
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2019-07-04 13:48:17 +02:00
Gerhard Schlager a5e80079d6 FEATURE: Add Belarusian language 2019-07-04 11:37:37 +02:00
Neil Lalonde 7e884cce6b Update translations 2019-06-25 10:57:18 -04:00
Neil Lalonde dbc59cfe61 Update translations 2019-06-17 13:25:37 -04:00
Neil Lalonde 5d7e34e0ad Update translations 2019-06-10 10:36:08 -04:00
Neil Lalonde dbfdce95c9 Update translations 2019-05-30 10:40:16 -04:00
Jeff Atwood dc43828905 add trust level blog link to discobot PM welcome 2019-05-29 18:19:35 -07:00
Sam Saffron 1efed6e527 DEV: amend test for anonymous handling to use real data
Previously we relied on fabrication on anonymous, we can not get the
transaction commit pipeline to work as it does in production, cleanly

This amends it so our anonymous user is created using the core APIs

Signed-off-by: Sam Saffron <sam.saffron@gmail.com>
2019-05-29 15:05:37 +10:00
Gerhard Schlager b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Gerhard Schlager a58aa9b4bf Update translations 2019-05-20 13:42:05 +02:00
Guo Xiang Tan c00dab89e4 Fix the build take 2. 2019-05-13 11:22:48 +08:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 41f4f9302d UX: Rename discobot tutorial triggers.
We found the previous triggers less straight forward than just calling
it tutorial.

`start new user` -> `start tutorial`
`start new advanced user` -> `start advanced tutorial`
2019-05-10 09:08:16 +08:00
Guo Xiang Tan c72f16d927 Follow up to 329969ea20. 2019-05-08 15:36:12 +08:00
Guo Xiang Tan 329969ea20 FIX: Discobot mention tutorial should be case insensitive. 2019-05-07 10:54:22 +08:00
Guo Xiang Tan 61cc0f8c5f Follow up to 152238b4cf. 2019-05-07 09:57:27 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Tim Lange d5d784b9f2 FIX: Narration Bot now gets site setting for automatic post deletion (#7432) 2019-04-25 07:29:20 +08:00
Joffrey JAFFEUX 0284910125
Update translations 2019-04-24 15:02:04 +02:00
Kris 99efd12376 FIX: Url in Russian translation 2019-04-18 17:10:58 -04:00
Neil Lalonde e7a6f0698d Update translations 2019-04-05 10:02:54 -04:00
Robin Ward fd6513b516 FIX: Incorrect API in narrative bot 2019-03-28 14:29:33 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Neil Lalonde 4a7e83d880 Update translations 2019-03-28 10:07:51 -04:00
Gerhard Schlager d43f4206c7 FEATURE: Add Armenian language 2019-03-28 14:24:14 +01:00
Penar Musaraj 9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Robin Ward fa5a158683 REFACTOR: Move `queue_jobs` out of `SiteSetting`
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Robin Ward d1d9a4f128 Add new `run_jobs_synchronously!` helper for tests
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.

I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
Neil Lalonde 9c54447ca7 Update translations 2019-03-11 13:55:45 -04:00
Neil Lalonde aabc3375c6 Update translations 2019-03-01 11:28:07 -05:00
Robin Ward c719658f9f `human?` helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00