Commit Graph

21605 Commits

Author SHA1 Message Date
Martin Brennan 0388653a4d
DEV: Upload and secure media retroactive rake task improvements (#9027)
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-03 10:03:58 +11:00
Joffrey JAFFEUX 11425f8adc
FEATURE: alows to add a description link to a report (#9065)
This commit adds a description link to users_per_trust_level report linking to our blog  article on the subject https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
2020-03-02 14:30:51 -05:00
Robin Ward a653737a66
FIX: Add aria-labels to topic list items (#9048)
* FIX: Add aria-labels to topic list items

Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.

context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539

* Update app/assets/javascripts/discourse/lib/utilities.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Multiline fix

* Fix more tests

Co-authored-by: Régis Hanol <regis@hanol.fr>
2020-03-02 14:28:54 -05:00
Joffrey JAFFEUX f17459c620
UX: attempts to increate popup menu hitzone on mobile (#9038) 2020-03-02 14:27:50 -05:00
Jarek Radosz fedd8e3e3a
DEV: Remove uses of deprecated `Ember.copy` and `Copyable` (#8978) 2020-03-02 14:24:05 -05:00
Jarek Radosz 76a06dfa03
DEV: Remove the last (defunct) use of Ember.View (#8976)
This codepath has been deprecated 3 years ago in c5687100b0.

Ember.View has been removed in Ember 2.0.
2020-03-02 14:23:46 -05:00
David Taylor f9cc3dc4b7
PERF: Allow passing an existing list of user field ids when loading (#8970)
* PERF: Allow passing an existing list of user field ids when loading

This avoids the need for running `UserField.pluck(:id)` for each user that is serialized

* Memoize user_fields to avoid rebuilding hash ever time
2020-03-02 14:22:49 -05:00
tshenry a09e5d12c2
FIX: Topics should honor auto-close when published to category (#8963)
* FIX: Topics should honor auto-close when published to category

* Add test
2020-03-02 14:21:35 -05:00
Gerhard Schlager 5c39e21c18
UX: Allow correct pluralization for "too few topics and posts" notices (#8947) 2020-03-02 14:20:37 -05:00
Joffrey JAFFEUX ed85cfe141
FIX: prevents click on sk header to bubble (#9084) 2020-03-02 20:06:02 +01:00
Rafael dos Santos Silva d05142d3f7 FEATURE: Enable service worker on iOS PWA 2020-03-02 15:55:09 -03:00
Rafael dos Santos Silva fd38ed3631
DEV: Fix lint error introduced in 58f16f2 2020-03-02 13:04:52 -03:00
Rafael dos Santos Silva 58f16f2e2b
FIX: Make FooterNav work with PWAs on iPadOS 2020-03-02 12:56:37 -03:00
Martin Brennan 8123538c94
DEV: Minor review fixes and fix bookmark spec logging (#9045)
As per:

https://review.discourse.org/t/fix-never-allow-custom-emoji-to-be-marked-secure-8965/9072
https://review.discourse.org/t/feature-improving-bookmarks-part-2-topic-bookmarking-8954/9038
2020-03-02 15:40:29 +10:00
Joffrey JAFFEUX 2db8ada222
FIX: ensures category url of category drop is built using slug and id (#9069) 2020-02-28 17:58:22 +01:00
David Taylor 0903aa44bb
FEATURE: Always disable customizations on the `/safe-mode` route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
Dan Ungureanu 60184a290c
FIX: Sync preload key format for category topic lists
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.

This commit is an addition to 374534f00e.
2020-02-28 11:10:03 +02:00
Sam Saffron 8e5edae093
FEATURE: unconditionally skip indexing on search controller
There are absolutely no actions in search that need indexing

Also no point adding this header on non get requests
2020-02-28 09:21:31 +11:00
Mark VanLandingham f358114361
FIX: Prettier on iframed-html component (#9062) 2020-02-27 11:56:13 -06:00
Mark VanLandingham 337b823ec6
Merge pull request from GHSA-vw39-6w7q-gfx5
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-27 11:47:15 -06:00
Roman Rizzi 87f15f9ed6
FIX: When appending tags to restricted category posts, we need to pass the category id, or it won't work. (#9020) 2020-02-27 14:10:14 -03:00
Joffrey JAFFEUX 501936f0da
FIX: prevents loading to show during debouncing (#9060)
This will also fix a bug in IE11 where click event would not be triggered on row
2020-02-27 15:20:04 +01:00
romanrizzi 4673f31c75 FIX: Bulk badge awards should work even if the CSV has nil values 2020-02-27 11:08:24 -03:00
adam j hartz 0af2f5db64
UX: Differentiate Between PMs and Topics in Search Results (#8933)
PMs will now display an envelope icon next to the topic title in search results. This is especially useful when searching using `in:all`.

Co-authored-by: adam j hartz <hz@mit.edu>
2020-02-27 13:25:32 +00:00
Joffrey JAFFEUX 56345faf9a
FIX: prevents row click event to be caught by filter input event (#9059)
This was causing some dropdowns to not work under IE11
2020-02-27 14:04:23 +01:00
Dan Ungureanu 60908a94ec
FIX: Skip 'invited' small action if user is in an invited group (#9056)
Inviting a user that is already invited through a group used to generate
a small action and a notification. This commit skips that small action.
2020-02-27 14:45:20 +02:00
Vinoth Kannan acf337d583
FEATURE: auto archive group message if topic is closed. (#9046)
Co-Authored-By: Régis Hanol <regis@hanol.fr>
2020-02-27 11:09:37 +05:30
Vinoth Kannan 5774107a2d
FIX: downloaded image URLs incorrectly replaced in post raw. (#9014)
Previously, while replacing the downloaded image URL `http://wiki.mozilla.org/images/2/2e/Longcat1.png` similar non-image URL `http://wiki.mozilla.org/images/2` was replaced wrongly.
2020-02-27 10:22:55 +05:30
Dan Ungureanu 3568f296a3
FIX: Another attempt at fixing reviewable claiming
Follow-up to 9314751e5c.
2020-02-26 10:46:10 +02:00
Dan Ungureanu 9314751e5c
FIX: Claim reviewable button did not show up for all topics
Follow-up to 514c22e64b.
2020-02-26 10:36:35 +02:00
Joffrey JAFFEUX baba1cc02e
FIX: ensures destroying a user with security keys doesn't fail (#9042) 2020-02-25 14:07:57 -05:00
David Taylor 96ac4fc072
FIX: Include `.json` suffix for email login route (#9041)
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. Adding the `.json` suffix ensures that the cache is not shared. Same root cause as b0211772
2020-02-25 18:01:33 +00:00
Dan Ungureanu 514c22e64b
FIX: Make reviewable claiming work with deleted topics (#9040)
This fixes the case when the reviewed topic is deleted (for example, in
discourse-akismet).
2020-02-25 15:49:23 +02:00
Dan Ungureanu 5905930c32
FIX: Sync Ember and non-Ember layouts (#9028) 2020-02-25 15:31:04 +02:00
Joffrey JAFFEUX a5c7f0c98d
UX: hides emoji picker from edit category tab topic template (#9036) 2020-02-25 00:49:41 +01:00
Joffrey JAFFEUX e303b4d181
UX: hides local-date picker when used outside of main composer 2020-02-25 00:17:43 +01:00
Joffrey JAFFEUX bd49368942
FIX: ensures topic count is correctly showing in box category badges (#9034) 2020-02-24 23:41:36 +01:00
Penar Musaraj d6a603cc50
FIX: Translate none-tag and all-tags labels in tag filter (#9030)
* FIX: Translate none-tag and all-tags labels in tag filter
* Add test
2020-02-25 07:57:24 +11:00
Joffrey JAFFEUX f336aeee6f
FIX: ensures scoped search category is searching in all categories (#9031) 2020-02-24 19:19:53 +01:00
Kris 832a0e410a UX: Restrict icon height in btn-small to prevent height inconsistency 2020-02-24 13:18:46 -05:00
Joffrey JAFFEUX 0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Sam Saffron 372f6f4f22
FEATURE: limit number of notifications per user to 10,000
Introduces a new site setting `max_notifications_per_user`.

Out-of-the-box this is set to 10,000. If a user exceeds this number of
notifications, we will delete the oldest notifications keeping only 10,000.

To disable this safeguard set the setting to 0.

Enforcement happens weekly.

This is in place to protect the system from pathological states where a
single user has enormous amounts of notifications causing various queries
to time out. In practice nobody looks back more than a few hundred notifications.
2020-02-24 11:42:50 +11:00
Kris e5bc649057 modal footer button height fix 2020-02-21 20:13:23 -05:00
Neil Lalonde f73ed45de9 FIX: blank popular posts in summary emails due to lightbox images
When looking for the first paragraph with content in a post,
it was matching the lightboxed image paragraph as "<p></p>".
Fix that and other potential empty paragraphs with the
p:not(:empty) selector.
Add a new selector to find the image links in lightboxed
images as valid content for emails.
2020-02-21 16:18:38 -05:00
Joffrey JAFFEUX 69a2ad626b
FIX: ensures group automatic membership dropdown works (#9022)
This commit also fixes a deprecation warning as the previous  component was overriding a computed property from the group model.

Finally a test has been added as this is the only place where we use list-setting outside of the settings, this was highly subject to regressions.
2020-02-21 22:14:24 +01:00
Kris 90e701b470 UX: Eliminate double modal scroll on long mobile create account forms 2020-02-21 16:08:19 -05:00
Kris 5b358a2ca7 Follow up padding fix to de559f3 2020-02-21 15:44:34 -05:00
Joffrey JAFFEUX 0b0290cddb
FIX: muted was not working in topic timeline (#9021) 2020-02-21 21:32:58 +01:00
Dan Ungureanu 533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Dan Ungureanu cf0c6d5761
FIX: Ensure web hooks are retried at most 5 times 2020-02-21 17:02:40 +02:00
Jarek Radosz 6ba326a9f4
DEV: Deprecate `ember` module imports (#9011)
Removes remaining `ember` module imports.
2020-02-21 15:56:49 +01:00
Jarek Radosz c607870f08
DEV: Add more `@ember` imports (#9012) 2020-02-21 14:27:04 +01:00
Joffrey JAFFEUX cb69e89d7c
FIX: correctly shows suggested topics label (#9017) 2020-02-21 12:35:49 +01:00
Joffrey JAFFEUX e807dff6fc
FIX: ensures mini-tag-chooser is respecting max_tags_per_topic (#9018) 2020-02-21 12:16:05 +01:00
Vinoth Kannan 8a031f19dc FIX: use dedicated site attribute in category + tag filtered pages too. 2020-02-21 15:55:17 +05:30
Martin Brennan 3af2670bd5
FIX: Consider webp a supported image format for upload (#9015)
* Also fixes an issue where if webp was a downloaded hotlinked
  image and then secure + sent in an email, it was not being
  redacted because webp was not a supported media format in
  FileHelper
* Webp originally removed as an image format in
  https://github.com/discourse/discourse/pull/6377
  and there was a spec to make sure a .bin webp
  file did not get renamed from its type to webp.

  However we want to support webp images now to make
  sure they are properly redacted if secure media is
  on, so change the example in the spec to use tiff,
  another banned format, instead
2020-02-21 13:08:01 +10:00
Robin Ward a47e0a3fda FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
2020-02-20 16:35:30 -05:00
David Taylor 19dcc6bb7b
FIX: Restore initState() call within discourse-location for subfolder
d7d4612b2d removed the duplicate call to initState(). However, we are relying on a side effect of the duplicate call for subfolder sites to function correctly when accessed without a trailing slash. To avoid a large refactor before the stable release, this commit restores the old behavior.

Long term we should look at migrating to Ember's built-in location library, rather than maintaining our own (very similar) version

https://github.com/emberjs/ember.js/blob/master/packages/%40ember/-internals/routing/lib/location/history_location.ts
2020-02-20 16:41:50 +00:00
Arpit Jalan 7b92280b97 UX: use same styling for username and user-name 2020-02-20 17:51:37 +05:30
Arpit Jalan f36719c1f5 FIX: respect prioritize_username_in_ux setting in email
UX: only the first attribute should be hyperlinked
UX: add margin based on attribute position
2020-02-20 17:47:16 +05:30
Martin Brennan 97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Dan Ungureanu 20b90afad9
FIX: Remove broken error dismiss button 2020-02-19 23:03:52 +02:00
Robin Ward 345764565f FIX: Respect muted tags for mailing list mode
If a user has a tag muted, don't send them emails about that tag.
We've done this forever for categories so it makes sense to do it
for tags too.
2020-02-19 15:14:42 -05:00
Kris 2a7f53065d FEATURE: Add plugin outlet below login/create, add outlet to mobile 2020-02-19 14:08:35 -05:00
Kris 5b0025c816 Additional padding follow up to de559f3 2020-02-19 13:50:12 -05:00
Dan Ungureanu fd1e04ba0a
UX: Improve small buttons appearance (#8990)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Kris  <kris.aubuchon@discourse.org>
2020-02-19 12:38:46 -05:00
David Taylor 8ec2d8a814
FIX: Disable save button for API key creation when invalid (#9005) 2020-02-19 16:33:09 +00:00
Kris fdb45f2ba1 Follow-up padding fix for de559f3 2020-02-19 11:24:45 -05:00
Kris de559f3fe3 FIX: Remove border-box from modal-body to avoid iOS fixed position bug 2020-02-19 11:08:15 -05:00
Robin Ward c954d083df Link website when reviewing users 2020-02-19 10:18:05 -05:00
Joffrey JAFFEUX 74f2d48018
FIX: makes setting-object capable of defining value/name properties itself (#9003) 2020-02-19 10:01:21 +01:00
Joffrey JAFFEUX 30e2867547
FIX: prevents setting default values on setting component to reload page
This would happen when clicking on "add all themes" for example.
2020-02-19 09:04:57 +01:00
jjaffeux 32b3f55ef6 Revert "FIX: enums should be treated as flat arrays (#8995)"
This reverts commit 05be9beefd.
2020-02-19 07:53:29 +01:00
Jarek Radosz 9f8a27a132
DEV: Import `makeArray` from `discourse-common` instead using `Ember` global (#8977) 2020-02-19 00:57:58 +01:00
Joffrey JAFFEUX 25ebfd5998
DEV: allows to import isPresent (#8993) 2020-02-18 23:41:15 +01:00
Joffrey JAFFEUX 8f82d790d4
FIX: prevents notifications button to be cutoff on mobile (#8998) 2020-02-18 23:40:10 +01:00
Joffrey JAFFEUX 05be9beefd
FIX: enums should be treated as flat arrays (#8995) 2020-02-18 23:25:12 +01:00
Joffrey JAFFEUX 67ee79f023
FIX: group members dropdown was broken on mobile (#8994) 2020-02-18 23:23:38 +01:00
Vinoth Kannan 7a054fc142 FIX: remove anchors from banner headings.
Else it will create UX issues when the banner is visible on top of the banner topic.
2020-02-19 02:55:04 +05:30
Robin Ward 53054b41d2 FIX: Mentions updater should work regardless of `.notify` 2020-02-18 16:02:26 -05:00
Robin Ward 041168c9b6 FIX: Group mentions were not being cooked the same was as previewed
If a group mention could be notified on preview it was given an `<a>`
tag with the `.notify` class. When cooked it would display differently.
This patch makes the server side cooking match the client preview.
2020-02-18 15:45:02 -05:00
Robin Ward 163cbb4aa7 UX: Show mentions properly in small post messages 2020-02-18 14:38:33 -05:00
Penar Musaraj 8a0abafc9d UX: Adjust width for topic notifications dropdown on mobile
Previously, the dropdown was set to 400px wide, which exceeds the available width on many mobile devices.
2020-02-18 14:17:34 -05:00
Joffrey JAFFEUX 99746c2850
FIX: ensures report-filter/category is correctly filtering (#8992) 2020-02-18 17:37:43 +01:00
Roman Rizzi 9441362c72
FEATURE: Support uploading a csv with either user emails or usernames (#8971) 2020-02-18 10:53:12 -03:00
Sam Saffron 64b3512084
DEV: use DiskSpace module for all disk space calculations
This normalizes it so we only carry one place for grabbing disk space size

It also normalizes the command made so it uses Discourse.execute_command
which splits off params in a far cleaner way.
2020-02-18 15:13:19 +11:00
Sam Saffron 28292d2759
PERF: avoid shelling to get hostname aggressively
Previously we had many places in the app that called `hostname` to get
hostname of a server. This commit replaces the pattern in 2 ways

1. We cache the result in `Discourse.os_hostname` so it is only ever called once

2. We prefer to use Socket.gethostname which avoids making a shell command

This improves performance as we are not spawning hostname processes throughout
the app lifetime
2020-02-18 15:13:19 +11:00
Kris ca9a5b8458 Increase topic breakpoint width to avoid small range where layout wraps 2020-02-17 16:04:24 -05:00
Kris 1e20bdec57 UX: Keep mobile composer category and tag inputs on one line 2020-02-17 13:55:04 -05:00
Kris 42729e6a27 Minor mobile alignment fixes 2020-02-17 13:00:31 -05:00
Kris 0c94e7b089 FIX: Some select-kit dropdowns were cut-off by hidden overflow in modals 2020-02-17 11:51:26 -05:00
Vinoth Kannan 2e397c78c4 FIX: use separate site attribute for single category "top tags" list.
And use it only in the single category pages.
38dd184a16
2020-02-17 21:09:27 +05:30
David Taylor f1f9648e88
Revert "FIX: sk body should follow wrapper width (#8984)"
This was causing very narrow dropdowns in the composer and notification level dropdowns.

This reverts commit d33aaa0292.
2020-02-17 13:10:26 +00:00
Joffrey JAFFEUX d33aaa0292
FIX: sk body should follow wrapper width (#8984) 2020-02-17 10:39:20 +01:00
Joffrey JAFFEUX 9feace3388
FIX: prevents error when loading tag groups (#8983) 2020-02-17 10:39:04 +01:00
Joffrey JAFFEUX d827430ea6
FIX: prevents expand post to trigger page routing (#8982) 2020-02-17 10:06:38 +01:00
Kris cd5b7109d0 UX: Cap height of user fields on mobile user-cards, add line-clamp mixin 2020-02-14 16:19:11 -05:00
Kris f81bebf93f UX: Cap staff action detail height 2020-02-14 14:23:31 -05:00
Kris 103af2dcce FIX: Toolbar menu specificity 2020-02-14 13:44:38 -05:00
Roman Rizzi 99305511bc
DEV: Remove unused BreakString class (#8942) 2020-02-14 15:32:59 -03:00