Commit Graph

4118 Commits

Author SHA1 Message Date
Guo Xiang Tan d2a7f29595 Revert "REFACTOR: remove unnecessary parentheses attempt 2 (follow-up on 154f503d)"
This reverts commit 7db2dc717e.

Commit breaks post edits for regular users.
2019-03-14 08:15:40 +08:00
Neil Lalonde 7db2dc717e REFACTOR: remove unnecessary parentheses attempt 2 (follow-up on 154f503d) 2019-03-13 15:33:46 -04:00
Maja Komel 65f3ed0689 UX: make name optional for confirmation user field (#7149) 2019-03-13 18:40:43 +01:00
David Taylor 420c6f8102
FEATURE: Skip sending emails to domains on the `.invalid` TLD (#7162)
This is a reserved TLD which we use when importing users without an email address. https://tools.ietf.org/html/rfc2606
2019-03-13 16:17:59 +00:00
Joffrey JAFFEUX d32557ea32 Revert "FIX: Better emoji escaping for topic title"
This reverts commit 35426b5ad6.
2019-03-13 13:02:56 +01:00
Tim Lange 35426b5ad6 FIX: Better emoji escaping for topic title
This commit also puts emojiVersion in its own erb file.
2019-03-13 11:17:59 +01:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Neil Lalonde e9ba4c74f7 Revert "REFACTOR: remove unnecessary parentheses"
Specs fail
2019-03-12 15:00:58 -04:00
Saurabh Patel a901527057 DEV: remove user_profile events added for akismet (#7044) 2019-03-12 17:51:09 +01:00
Régis Hanol 154f503d2e
REFACTOR: remove unnecessary parentheses 2019-03-12 17:13:21 +01:00
Tarek Khalil 28384ba62c
FEATURE: Add `Top Ignored Users` report (#7153)
* FEATURE: Add `Top Ignored Users` report

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8), and also part of [this PR](https://github.com/discourse/discourse/pull/7144).

We want to send a System Message daily when a specific count threshold for an ignored is reached. To make this system message informative, we want to link to a report for the Top Ignored Users too.
2019-03-12 16:01:58 +00:00
Tarek Khalil 4a00772c19
FIX: invite approval `StaffActionLogger` bug (#7151)
* FIX: invite approval `StaffActionLogger` bug
2019-03-12 13:32:25 +00:00
Bianca Nenciu e6c2faf186 FIX: Disable 'Create Topic' button if tag is staff-only. (#6984)
* FIX: Disable 'Create Topic' button if tag is staff-only.

* FIX: Staff-only tags should always return 404.
2019-03-12 19:23:36 +11:00
Bianca Nenciu 191e31dccf FEATURE: Log user approvals. (#7121) 2019-03-12 19:16:56 +11:00
Dan Ungureanu 32bae48fd3 DEV: Use User#human? User#bot? (#7140) 2019-03-12 07:58:14 +08:00
Dan Ungureanu b28b418363
FIX: Various improvements to post notices.
- Notices are visible only by poster and trust level 2+ users.
- Notices are not generated for non-human or staged users.
- Notices are deleted when post is deleted.
2019-03-11 11:19:58 +02:00
Robin Ward 57ee779b1e FIX: Job exception: undefined method `email' for nil:NilClass
It seems that due to jobs being asynchronous and wrapping code in a
DistributedMutex that by the time we run the
`UserAvatar#update_gravatar!` job that the user/user email might be
destroyed.

This patch checks before a call to `user.email_hash` to make sure
the user and primary email exist to prevent the exception. If not
present, the job exits as there's nothing to do because we are
probably running after the user was destroyed for some reason.
2019-03-08 13:39:56 -05:00
Osama Sayegh 5e58cedfbd
FIX: retranspile theme JS when settings YAML changes (#7131) 2019-03-08 17:49:06 +03:00
Régis Hanol ad12b2a23d
FIX: only call 'unlink' for tempfiles 2019-03-08 11:22:20 +01:00
Dan Ungureanu 2312caccdc
FEATURE: Skip small actions when counting replies in PMs. (#7108) 2019-03-08 10:49:34 +02:00
Dan Ungureanu 35942f7c7c
FEATURE: Special call-out for new / returning posters. (#7115) 2019-03-08 10:48:35 +02:00
Gerhard Schlager f6ef4f8c3f FEATURE: Add missing S3 regions 2019-03-07 22:42:20 +01:00
David Taylor fc7938f7e0
REFACTOR: Migrate GoogleOAuth2Authenticator to use ManagedAuthenticator (#7120)
https://meta.discourse.org/t/future-social-authentication-improvements/94691/3
2019-03-07 11:31:04 +00:00
Arpit Jalan 2c8e1d3578 FEATURE: remove all expired invitations by default 2019-03-07 15:28:39 +05:30
Vinoth Kannan 167d85c21f FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 22:52:54 +05:30
Sam 8d7c10f7f2 FIX: allow moderators to create categories setting broken
Mods require visibility to everyone group cause category dialogs need to
know about this.

If the site setting `allow moderators to create categories` will not function
without this

Note there is no security expansion of rights here, the group is technically
empty anyway and it always looks exactly the same on all discourse instances
2019-03-06 17:44:18 +11:00
Maja Komel fea5d4f3ec FIX: any subcategory permissions are valid if everyone has access to parent category (#7097) 2019-03-04 14:49:26 +11:00
Joffrey JAFFEUX 1cd64f68f1
FIX: staff/admin shouldn’t be able to create uncategorized topics (#7077) 2019-02-28 15:51:13 +01:00
Arpit Jalan c02956e29c
FIX: when posts are moved to a message then small action post should not be publicly visible (#7085)
This fix is inspired from what we do in discourse-assigned plugin.
https://github.com/discourse/discourse-assign/blob/master/lib/topic_assigner.rb#L184
https://github.com/discourse/discourse-assign/blob/master/assets/javascripts/discourse-assign/initializers/extend-for-assigns.js.es6#L125-L133
2019-02-28 19:49:26 +05:30
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Dan Ungureanu f68a7a16a4 FIX: Use field name to name files in theme export. (#7009) 2019-02-27 10:45:22 +01:00
David Taylor a8ffc02d06 PERF: Reduce N+1s on theme admin page 2019-02-26 14:22:02 +00:00
Robin Ward 90c09d17b6 FIX: Heisentest - don't memoize on a class variable
Repeated usage of the same class will have the same memoized results
even if the data has changed.
2019-02-25 14:49:01 -05:00
David Taylor 260398d706 FIX: Live refresh parent themes when editing child themes 2019-02-22 21:13:07 +00:00
Vinoth Kannan d1bad881ea
FEATURE: Allow moderators to change topic timestamps (#7053) 2019-02-22 14:33:52 +05:30
Gerhard Schlager f8e498f6ad DEV: Fix random build error 2019-02-21 14:53:29 +01:00
Guo Xiang Tan 58b0e945bd
UX: Lightbox support for image uploader. (#7034) 2019-02-21 10:13:37 +08:00
Gerhard Schlager 66901f67f6 UX: Moderator post wasn't completely translatable 2019-02-20 16:37:47 +01:00
Sam 1f4ace4f56 FEATURE: autocomplete usernames early in topic based on participation
Following this change when a user hits `@` and is replying to a topic they
will see usernames of people who were last seen and participated in the topic

This is somewhat experimental, we may tweak this, or make it optional.

Also, a regression in a423a938 where hitting TAB would eat a post you were writing:

Eg this would eat a post:

``` text
@hello, testing 123 <tab>
```
2019-02-20 13:34:43 +11:00
Gerhard Schlager 5d75bd4831 FIX: Don't try to rename group when username is taken
FIX: Always rename groups with the default locale instead of using the user's locale
2019-02-19 22:31:03 +01:00
David Taylor 7878e5007a
FIX: Refactor to prevent themes affecting core stylesheets (#7029)
If a theme setting contained invalid SCSS, it would cause an error 500 on the site, with no way to recover. This commit stops loading theme settings in the core stylesheets, and instead only loads the color scheme variables. This change also makes `common/foundation/variables.scss` available to themes without an explicit import.
2019-02-19 15:55:59 +00:00
Gerhard Schlager 84c56e16f9 REFACTOR: Use keyword argument for fallback_to_english flag 2019-02-19 15:28:47 +01:00
Vinoth Kannan 27e7f2bee0 DEV: call 'enqueue_hooks' method only if active webhooks exist 2019-02-19 12:43:08 +05:30
Vinoth Kannan f2c3415548 FIX: Should not generate payload until active webhooks are exist 2019-02-19 12:23:42 +05:30
Guo Xiang Tan 7da7a30e02 PERF: Restore `exists?` in favor of `blank?`.
Regression from dcd7b92532.
2019-02-18 10:04:21 +08:00
Sam f8b70f4ca3 FIX: unable to create new categories
Previous attempt at 70adb940 missed the critical "everyone" group from
staff, leading to a case where staff was no longer able to create categories
2019-02-15 10:24:29 +11:00
Bianca Nenciu 70adb94008 SECURITY: Do not leak private group names. (#7008) 2019-02-14 15:35:58 +01:00
Maja Komel 39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Saurabh Patel ed6f4dfc40 FEATURE: trigger user profile create and update event (#6958)
Adds `user_profile_created` DiscourseEvent on profile creation and `user_profile_updated` on profile update
2019-02-14 15:45:12 +11:00
Arpit Jalan b651605d6e FIX: tags added while editing a pending approval topic do not show up (#6959) 2019-02-14 15:42:40 +11:00
Joffrey JAFFEUX fe4254b8f3
FIX: reverse consolidated pageviews stacked chart order (#7001) 2019-02-13 12:24:18 +01:00
Sam 641b079c78 FIX: add support for missing verbs in user api key
Previously "write" scope was missing put and delete verbs which should be
allowed.

Also closes: #6982
2019-02-13 15:49:43 +11:00
Robin Ward c23411cc69 FIX: Heisentest - suspicious logins report was not ordered by date
The specs needed an order even though none was supplied.
2019-02-12 13:17:29 -05:00
David Taylor 86fe423f5e FIX: Clear the cache after destroying theme_fields 2019-02-12 16:39:40 +00:00
David Taylor 91f0468f4e FIX: Allow unbaked theme fields to be destroyed
The after_commit hook was attempting to re-bake theme_fields after they were destroyed, which caused an exception to be thrown
2019-02-12 16:14:43 +00:00
Arpit Jalan dcd7b92532 FIX: some posters were not getting added to topic_allowed_users when moving posts to a new PM
If a user posted twice in a topic then subsequent posters were not getting added as topic_allowed_users.
2019-02-11 17:05:21 +05:30
Penar Musaraj c50db76f5d FIX: do not treat TIFF, BMP, WEBP as images
Treating TIFF and BMP as images cause us to add them to IMG tags, this is very inconsistent across browsers.

You can still upload these files they will simply not be displayed in IMG tags.
2019-02-11 16:28:43 +11:00
Robin Ward c719658f9f `human?` helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Robin Ward 72b5ab0454 Don't wrap exceptions in test mode unless specifically requested.
This helps debugging reports with invalid SQL, which would otherwise
return no results instead of a useful error message while running
tests.
2019-02-08 11:26:26 -05:00
Robin Ward bc3efab816 FIX: When disagreeing with a flag that silenced a user, unsilence them
Previously it would unhide their post but leave them silenced.

This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)

This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
David Taylor 95b5c5898e FIX: Prevent duplicate params for raw template theme handlebars helpers 2019-02-08 12:54:00 +00:00
Gerhard Schlager e9ec5238fc DEV: Remove ignored columns 2019-02-08 12:12:38 +01:00
Arpit Jalan ab2c2ea605
FIX: validate Invite email against `EmailValidator.email_regex` (#6975) 2019-02-06 22:38:06 +05:30
David Taylor f3cfce4a93
FEATURE: Calculate sprite-sheet based on currently active themes (#6973)
Previously there was only one sprite sheet, which always included icons from all themes even if they were disabled
2019-02-06 15:51:23 +00:00
Gerhard Schlager ba724d7f25 FIX: S3 endpoint broke bucket creation in non-default region 2019-02-05 18:17:02 +01:00
Robin Ward e75b240390 FIX: Some brittle tests with hardcoded ids
If we're going to use hardcoded ids, we should make sure the records are
not saved, or that the ID will not come up during normal use.
2019-02-01 11:44:37 -05:00
David Taylor 43f3bf71ba FIX: Imported themes should set their color scheme automatically 2019-01-31 17:45:11 +00:00
David Taylor d8bd3c32ca
DEV: Allow theme CLI to specify which theme to synchronize (#6963)
Currently the theme is matched by name, which can be fragile when there are many themes with the same name. This functionality will be used by the next version of theme CLI.
2019-01-30 14:17:04 +00:00
Guo Xiang Tan 0e5c7f5da7 DEV: Update annotations. 2019-01-30 09:34:51 +08:00
Guo Xiang Tan ac004297fa PERF: Add index on `user_id` to `single_sign_on_records`. 2019-01-30 09:34:19 +08:00
David Taylor fb5c94246c DEV: Remove underscore from `learn_more` key in theme export
Follow up from 033cd4f3
2019-01-28 16:00:33 +00:00
David Taylor 0d0ca4f070 DEV: Automatically remove placeholder 'URL' metadata values from themes 2019-01-28 11:55:58 +00:00
David Taylor 033cd4f31d DEV: Include "_learn_more" key in theme `about.json`
This does not serve any technical purpose. It is there to provide a signpost for any user/developer that wants to know what to do with a theme archive.
2019-01-28 11:34:11 +00:00
David Taylor 2e48c43546 FIX: Fix safe mode regression
Follow up from a48731e
2019-01-25 17:00:30 +00:00
David Taylor a48731e359
FEATURE: Support additional metadata in theme about.json (#6944)
New `about.json` fields (all optional):
 - `authors`: An arbitrary string describing the theme authors
 - `theme_version`: An arbitrary string describing the theme version
 - `minimum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.
 - `maximum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.

A localized description for a theme can be provided in the language files under the `theme_metadata.description` key

The admin UI has been re-arranged to display this new information, and give more prominence to the remote theme options.
2019-01-25 14:19:01 +00:00
Vinoth Kannan 2d6aa2aea2 FEATURE: Add recipient avatars in PM topic list even if they not yet replied 2019-01-25 19:41:49 +05:30
Joffrey JAFFEUX f461a9971f
FIX: makes staff_logins show only admins (#6948) 2019-01-25 11:28:52 +01:00
Joffrey JAFFEUX 49193ca3bf
FIX: includes staff in staff_logins report (#6945) 2019-01-24 14:46:56 +01:00
David Taylor afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
David Taylor 2e59a37687
FEATURE: List unused theme components (#6924) 2019-01-23 09:20:13 +00:00
Jeff Wong 3359b3baca FEATURE: Do not autoclose topics due to user flagging that are authored by staff 2019-01-21 15:50:53 -08:00
Gerhard Schlager d82628987a FIX: Badges appeared in wrong badge group
Some badges always appeared in the "Other" group (the default group) and some badges were always moved back into the original group during seeding.

Now badges are either in the correct, seeded group or stay in a custom group if the admin moved the badge into a custom group.
2019-01-21 21:09:33 +01:00
Joffrey JAFFEUX 3e1e9fce7e
FIX: better legend labels for stacked-charts (#6914) 2019-01-21 17:10:10 +01:00
Joffrey JAFFEUX a9edcb2e10
fixes few icons deprecations warnings (#6915) 2019-01-21 16:56:05 +01:00
Joffrey JAFFEUX b95165b838
FEATURE: adds a new chart report to track pageviews (#6913) 2019-01-21 15:17:04 +01:00
David Taylor 59028035df FIX: Update about/license URLs when updating theme from remote source 2019-01-18 17:46:57 +00:00
Joffrey JAFFEUX 95f9a369a5
FIX: ensures visits reports are correcttly differencing mobile/all (#6905) 2019-01-18 17:24:18 +01:00
David Taylor b1b8c37e62 FIX: Correctly import theme assets with spaces in filename
This issue is caused by the filename restrictions in `OptimizedImage#ensure_safe_paths!`. Difficult to add a test for this because image optimization is bypassed in test mode.
2019-01-18 15:20:11 +00:00
David Taylor f40c97c367 Remove support for `theme_var` and `theme_color_var` fields
These are remnants of the old 'customization' system, and have been superseded by theme settings
2019-01-18 12:04:23 +00:00
Guo Xiang Tan 95e3841974 FIX: Remove old reference and use `MiniScheduler::Stat`. 2019-01-18 16:36:11 +08:00
Vinoth Kannan 2818afb267 FIX: Do not hide posts automatically when flagged by staff user 2019-01-18 01:33:55 +05:30
Kris 675bf94133 UX: Bump up base font size 1px, add smaller text size option 2019-01-17 10:30:34 -05:00
David Taylor 24b59afe2a FIX: Wrap theme javascript inside IIFE to prevent using global namespace 2019-01-17 14:44:10 +00:00
David Taylor 5bfa661a87 FIX: Theme settings are referenced in JS by `settings`, not `themeSetting` 2019-01-17 12:24:21 +00:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Guo Xiang Tan aa2cc4ab31 FIX: Liked notification consolidation has to account for user like frequency setting. 2019-01-17 14:33:23 +08:00
Sam 384135845b FEATURE: introduce ultra_low priority queue
This commit introduces an ultra low priority queue for post rebakes. This
way rebakes can never interfere with regular sidekiq processing for cases
where we perform a large scale rebake.

Additionally it allows Post.rebake_old to be run with rate_limiter: false
to avoid triggering the limiter when rebaking. This is handy for cases
where you want to just force the full rebake and not wait for it to trickle
2019-01-17 14:53:19 +11:00
Bianca Nenciu 7d84648d11 FEATURE: Remove full quotes only from new posts. (#6862) 2019-01-17 13:24:32 +11:00
Sam d5ecf8e8c2 FIX: properly clean out post and user actions on destroy user
This corrects 2 issues:

First is a regression with d7c08e21 for some reason dependent :delete_all
respects default scopes where-as dependent :destroy bypasses it.

Secondly, we were keeping orphan user actions around on user destroy, this
ensures we remove all the user actions not only ones that originated by
the user.

So for example: if I like a post of user A we create a user action saying I
did that, but once user A is deleted we were not removing the action leading
to an orphan action in the database.
2019-01-17 12:40:30 +11:00
Sam d7c08e217a PERF: delete user and post actions vs destroy on user destroy
Users can have 100s of thousands of post and user actions, we do not want
to destroy each individually cause the tracking is enormous and the amount
of queries we would need is enormous.

This gives up on the `after_commit` hook on `post_actions` which ships a message
to clients to synchronize a post, so some phantom post_actions may remain
in the UX in the rare occasion we delete a user. The phantoms will be gone
on reload.
2019-01-17 11:19:37 +11:00
Régis Hanol 58008dd2fe FIX: sort topics/posts/links in descending order in user summaries
This should only change the order on freshly imported instances with no likes.
This makes the user summary show the latest topics/posts/links instead of the firsts until the users get some likes.
2019-01-16 23:58:46 +01:00
David Taylor b46b6e72d1 FIX: Only add the trust level name for numeric trust levels
Previously the TrustLevelAndStaffSetting would display 'new user' for staff/admin
2019-01-16 12:04:12 +00:00
Guo Xiang Tan f06b773d25 FIX: Don't show liked consolidated notification when frequency is never. 2019-01-16 17:08:59 +08:00
Guo Xiang Tan ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Arpit Jalan c4422fdc13 UX: sort admins and moderators by last seen date on /about page
UX: only show active admins and moderators on /about page
2019-01-15 17:26:11 +05:30
Vinoth Kannan 59e5af466b FIX: call method only if it exists
discourse-objects creating empty Discourse object in window. It fails the _registerPluginCode method call since it is not exist.
2019-01-15 15:55:32 +05:30
David Taylor 1ebd3dbbd0
FEATURE: Allow the base font size to be changed on a per-user basis (#6859) 2019-01-14 13:21:46 +00:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Guo Xiang Tan 2956c52e57 FIX: Show title as home logo if title has been set and logo is blank.
https://meta.discourse.org/t/default-text-logo-not-working/103936
2019-01-11 15:46:58 +08:00
Joffrey JAFFEUX 1fdbf0fc9b
FIX: uses compiler version to force rebaking of themes (#6870)
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 12:36:13 +01:00
Joffrey JAFFEUX f9648de897
DEV: upgrades from Ember 2.13 to Ember 3.5.1 (#6808)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 11:06:01 +01:00
Guo Xiang Tan d10694150e Revert "FIX: Partial reply key search in email sent logs."
This reverts commit e9b2018bc8.
2019-01-10 10:05:56 +08:00
Guo Xiang Tan cb0f6d653b DEV: Minor fixes to b63b399799. 2019-01-10 09:38:22 +08:00
Saurabh Patel b63b399799 DEV: remove uploaded_meta_id column from category (#6725)
* DEV: remove uploaded_meta_id column from category

* remove uploaded_meta part
2019-01-10 09:37:21 +08:00
Guo Xiang Tan e9b2018bc8 FIX: Partial reply key search in email sent logs.
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Rafael dos Santos Silva f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Sam 7e4a43afc6 PERF: run ImageMagick conversions with nice 10
This lowers the priority of all image resizes so they do not clog CPU on
machines running low on resources
2019-01-09 09:21:58 +11:00
Sam e08a3f719c FEATURE: push post rebake regular task to low priority queue
This allows us to run regular rebakes without starving the normal queue.

It additionally adds the ability to specify queue with `Jobs.enqueue` so
we can specifically queue a job with lower priority using the `queue` arg.
2019-01-09 08:57:20 +11:00
Vinoth Kannan 8f602be2fe FEATURE: keep the topic in closed status until the community flags are handled 2019-01-08 16:13:10 +05:30
Maja Komel 6c8069c65a FIX: properly escape embed url 2019-01-07 18:11:43 +01:00
Robin Ward 5eaf3cb104 Adjusts the `minimum_flag_threshold` for TL3/TL4 actions
Before this patch, a high trust level user could flag something
and have an action be taken, as well as skipping the flag queue.

Now, if a TL3/TL4 cause an action, the flag will skip the minimum
visibility check and allow staff to review it.
2019-01-04 13:16:44 -05:00
Régis Hanol 95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
David Taylor 5bf16d7d10 FEATURE: Topic timer for bumping a topic in the future 2019-01-04 13:08:04 +00:00
Sam 9c91e68351 PERF: remove image optimization throttling from Sidekiq
Previously we only allowed one image optimization per machine, this meant there
was cross talk between avatar resizing and Sidekiq. This could lead to large
amounts of starvation when optimized image version changed which in turn could
block the Sidekiq queue.

This increases amount of allowed load on machines but this is preferable to
having crosstalk between avatar resizing and Sidekiq.
2019-01-04 18:44:44 +11:00
Vinoth Kannan 75dbb98cca FEATURE: Add S3 etag value to uploads table (#6795) 2019-01-04 14:16:22 +08:00
Sam 8b7a2d1cb7 FEATURE: add setting to bypass sending redis CLIENT commands
Some cloud providers (Google Memorystore) do not support any CLIENT commands

By setting :id to nil in the redis config hash we can avoid these commands.

This adds a special global setting GCE users can enable:
`DISCOURSE_REDIS_SKIP_CLIENT_COMMANDS = true`
2019-01-04 15:08:33 +11:00
Sam 70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Arpit Jalan d1597683f3 Revert "FIX: trim trailing slash from topic links"
This reverts commit 993f847a2c.

There is an edge case where the link click redirect fails when the URL has trailing slash. Need to figure out a better fix for this.
2019-01-03 17:29:22 +05:30
Arpit Jalan 993f847a2c FIX: trim trailing slash from topic links 2019-01-03 12:38:36 +05:30
Sam 570877da3c FEATURE: store thumbnail algorithm version in optimized image table
Previously we had no idea what algorithm generated thumbnails, this starts tracking the version.

We also bumped up the version to force all optimized images to be generated. This is important cause we recently introduced pngquant which results in much smaller images.
2019-01-03 17:07:30 +11:00
Gerhard Schlager e8053d6e7d FIX: Polls didn't work in imported posts
Imports skip validation of posts, but polls are only created during the validation phase.
2019-01-02 15:26:57 +01:00
Sam 766e67ce57 FEATURE: introduce lossy color optimization on resized pngs
This feature ensures optimized images run via pngquant, this results extreme amounts of savings for resized images. Effectively the only impact is that the color palette on small resized images is reduced to 256.

To ensure safety we only apply this optimisation to images smaller than 500k.

This commit also makes a bunch of image specs less fragile.
2019-01-02 17:20:02 +11:00
Arpit Jalan 70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Joffrey JAFFEUX f1269fa807
FEATURE: Add `Top Uploads` report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Vinoth Kannan 2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
Régis Hanol 5381096bfd PERF: new 'migrate_to_s3' rake task 2018-12-26 17:34:49 +01:00
Sam Saffron 303a535dba PERF: automatic upload size calculation not persisted
Previously if upload had missing width and height we would calculate
on first use BUT we (me) forgot to save this to the database

This was particularly bad on home page cause category images (when old)
miss dimensions.
2018-12-26 17:19:29 +02:00
Joffrey JAFFEUX f637286db5
UX: improves flags-status report (#6773)
- link to post
- cover more post action types
2018-12-26 10:29:33 +01:00
Joffrey JAFFEUX 0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Kyle Zhao 61dcd7c52c FIX: validate YAML before save to avoid race condition 2018-12-25 15:08:17 +02:00
Vinoth Kannan a16bb32865 FIX: Do not raise error if most liked user is deleted 2018-12-25 01:04:55 +05:30
Gerhard Schlager 126be6c478 FIX: Resetting bump date shouldn't fail when first post is hidden 2018-12-21 17:43:52 +01:00
David Taylor 7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Vinoth Kannan 2909e7fbdf FIX: Subfolder path is missing in category permalinks after slug update 2018-12-21 09:29:54 +05:30
Arpit Jalan bb67ca9d21 FIX: use correct post object when logging exception 2018-12-19 22:17:37 +05:30
Bianca Nenciu 2eefe6d5d6 FIX: Use CDN for logos and icons. (#6698) 2018-12-19 10:20:48 +01:00
Vinoth Kannan 9c6f77f9da DEV: Remove the unique_searches column from select query 2018-12-19 02:45:48 +05:30
Robin Ward 6080e3a2c0 FIX: Broken spec 2018-12-18 14:55:09 -05:00
Robin Ward 662cfc416b FEATURE: Show a blurry preview when lazy loading images
This generates a 10x10 PNG thumbnail for each lightboxed image.
If Image Lazy Loading is enabled (IntersectionObserver API) then
we'll load the low res version when offscreen. As the image scrolls
in we'll swap it for the high res version.

We use a WeakMap to track the old image attributes. It's much less
memory than storing them as `data-*` attributes and swapping them
back and forth all the time.
2018-12-19 01:57:30 +08:00
Robin Ward e593d68beb Use an options hash instead of boolean parameters 2018-12-19 01:57:30 +08:00
Vinoth Kannan 341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Maja Komel 98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Bianca Nenciu 1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Neil Lalonde ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
David Taylor 1960236822
FIX: Suspicious login detection (#6772) 2018-12-14 16:30:34 +00:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Sam 7ee9a6a7ec SECURITY: do not delete avatars uploads when deleting accounts
We rely on the clean up uploads job to do this safely
2018-12-13 16:26:07 +11:00
Gerhard Schlager 688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor 3fedb2ad20 DEV: Style and performance improvements
Follow-up from 9db8291
2018-12-11 09:58:20 +00:00
Sam 671469bcc7 FIX: URLs containing two # would fail to work
Some URLs in browsers are non compliant and contain twos `#` this commit adds
special handling for this edge case by auto encoding any fragments containing `#`
2018-12-11 18:03:13 +11:00
Gerhard Schlager 7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
David Taylor 9db829134c
FIX: Use database to persist metadata during social registration (#6750)
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 15:10:06 +00:00
David Taylor 160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Saurabh Patel 9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
Guo Xiang Tan dcf9c6da59 DEV: Don't publish post messages to non-human users. 2018-12-06 08:24:13 +08:00
Régis Hanol aea2d8bbeb FIX: properly secure poll message bus
Co-authored-by: Sam <sam.saffron@gmail.com>
2018-12-05 21:27:49 +01:00
David Taylor a1d9aeda8b REFACTOR: split `TopicLink#extract_from` into multiple methods
Also rename some confusing variables
2018-12-05 18:54:30 +01:00
David Taylor 37249c9a32 FIX: Do not reset link counts when post is rebaked
This was an indentation mistake introduced in 44eba0b. Pretty understandable, considering we are indented 8 levels deep in this method. Will follow-up with a refactor to improve this.
2018-12-05 18:54:30 +01:00
Guo Xiang Tan 978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Vinoth Kannan 57ba4b7cb2
DEV: remove unnecessary safe nav operators (#6730) 2018-12-05 20:07:18 +05:30
Vinoth Kannan fb78414229 Add missing safe navigation operator 2018-12-05 16:23:43 +05:30
Vinoth Kannan d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Sam aa97f6fdba FEATURE: disable notifications for small actions that are whispers
Previously we would notify on small actions if they were whispers
this inconsistently lead to all sorts of problems including

- collapsed "N replies" after assign
- empty push notifications

New behavior adds an api to explicitly send push notifications as well
if needed: create_notification_alert
2018-12-04 17:54:42 +11:00
David Taylor 9248ad1905 DEV: Enable `Style/SingleLineMethods` and `Style/Semicolon` in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Penar Musaraj f8e6a37858 FIX: raise exception when getting dimensions of missing image
- follow-up on 0eacd45ab1
2018-12-03 10:19:49 -05:00
Guo Xiang Tan 125bb46052 Remove unused constant in the codebase. 2018-12-03 11:04:47 +08:00
Sam 236c755d62 FIX: do not store key tracking last seen time indefinitely
UserStat has some special logic to keep adding time read if repeat calls
are made in intervals less than 100 seconds. This is called regularly
when we update read timings on a topic.

We only need to cache this key in redis for 100 seconds, however previously
we would keep it forever, 1 key per user. This has potential of bloating
a very large amount of keys for no longer active users in redis.
2018-12-03 08:35:26 +11:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
David Taylor 208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor 534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Penar Musaraj 0eacd45ab1 FIX: refactor ImageSizer.resize
reverts 140d9c2
2018-11-29 15:28:45 -05:00
Penar Musaraj 140d9c2910 FIX: call ImageSizer only if width/height are available 2018-11-29 15:03:02 -05:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Bianca Nenciu 172b3bf4d3 FIX: Fix broken theme field URLs. (#6622) 2018-11-23 16:11:05 +01:00
Guo Xiang Tan 3f636b2d19 FIX: Check whether group is mentionable by user when cooking post. 2018-11-22 16:16:33 +08:00
Saurabh Patel d984323e23 FEATURE: Show change name of user in staff logs (#6647)
https://meta.discourse.org/t/admins-changing-users-name-not-username-should-be-logged/99511
2018-11-22 10:13:02 +08:00
Joffrey JAFFEUX e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Joffrey JAFFEUX 078705bcc0
minor refactoring (#6615) 2018-11-15 21:41:05 +01:00
Joffrey JAFFEUX 761003c8bd
FIX: makes sure an hex is always at 6 chars (#6608)
eg: #aaa should be converted to #aaaaaa
2018-11-15 00:52:47 +01:00
Maja Komel c701036034 FIX: reset bump date resets bumped_at to the last regular post in topic (#6605) 2018-11-14 18:56:22 +01:00
Régis Hanol c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Guo Xiang Tan 2220345a8b Fix the build. 2018-11-14 17:32:32 +08:00
Guo Xiang Tan 72370b9c36 Add deprecation warnings for url based site settings. 2018-11-14 16:09:26 +08:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00