Commit Graph

33656 Commits

Author SHA1 Message Date
David Taylor e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor 52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor 5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Robin Ward 89e0d8c521 FIX: There is new behavior on a live site, staff are granted access. 2019-06-17 08:17:39 -04:00
Arpit Jalan 863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Joffrey JAFFEUX 59e84e8e05
DEV: skip tests instead of commenting them (#7774) 2019-06-17 10:24:20 +02:00
Arpit Jalan 102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Sam Saffron 10b94e4530 Attempt to get travis to run tests correctly 2019-06-17 16:14:26 +10:00
Sam Saffron 704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Sam Saffron fe4f0a4369 FIX: staged users should not be included in TL groups
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
Joffrey JAFFEUX 32cd9ba59b
FIX: ensures local-dates modal is not taking full height on mobile (#7772) 2019-06-16 08:48:07 +02:00
Arpit Jalan 48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris 9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Penar Musaraj 4bbb43cb2b DEV: pull plugin repos before linting them 2019-06-14 13:50:15 -04:00
Robin Ward 035e63c81f FIX: Allow the clear callbacks to execute in acceptance tests 2019-06-14 13:29:13 -04:00
Penar Musaraj 73bce82c82 Exclude plugins from RuboCop checks
Since official plugins are now in the discourse_test image, rubocop catches issues in plugins.

This is a temporary measure.
2019-06-14 10:06:26 -04:00
Robin Ward a8793d0d9a REFACTOR: Test Memory Usage Fixes (#7769)
* Calling `Discourse.reset()` creates a new container
We should run our de-initializers only after acceptance tests,
since initializers are not run outside of acceptance tests anyway,
and the container at this point can be passed properly to the
`teardown()` method.

* Remove `Discourse.reset` from tests
This would cause a new container to be created which leaks many objects.

* `updateCurrentUser` is more accurate than `replaceCurrentUser`
2019-06-14 14:54:20 +02:00
Guo Xiang Tan c3381b845b DEV: Install diffy in production for `rake posts:inline_uploads` task. 2019-06-14 14:42:53 +08:00
Guo Xiang Tan 77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan 5d16d10a9e DEV: Fix edge case for `InlineUploads`. 2019-06-14 13:48:03 +08:00
Sam Saffron ecb2fd8222 DEV: improve db:create to catch all cases
- No RAILS_ENV - create multisite / dev / test
- `test` RAILS_ENV - create multisite / test
2019-06-14 15:47:05 +10:00
Guo Xiang Tan befb074c98 DEV: `InlineUploads` should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Sam Saffron a01488ae67 DEV: improve on rake db:create
Followup on 3af00a65 which broke build
2019-06-14 15:06:07 +10:00
Guo Xiang Tan 41abebcbce DEV: Support both `http` and `https` for `InlineUploads`. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan 7bb94e8716 DEV: Increase wait duration between smoke test further during edit.
Otherwise, the app detects that we're replying too quickly.
2019-06-14 12:21:54 +08:00
Sam Saffron 3af00a65e6 FIX: site settings loading default values when no db
This fixes a condition where an intermittent db connection could cause
invalid site settings to be stored

It also removes a catch all we had.

Somewhere around Rails 5 `db:create` started wanting full environment
this is a problem for Discourse since it needs to boot up data from the
db.

This removes the catch all and surgically adds a db / redis bypass to
db:create task.
2019-06-14 14:21:07 +10:00
Sam Saffron 62f4284865 DEV: 302 status is normal in smoke test
Login can redirect there are potentially other cases
2019-06-14 14:21:07 +10:00
Guo Xiang Tan eaa7527933 DEV: Switch `posts:inline_uploads` scope to be more generic. 2019-06-14 11:53:34 +08:00
Guo Xiang Tan c9db897777 FIX: Remove onebox src from `Jobs::PullHotlinkedImages`.
The test that was added is incorrect because the post was not cooked.
2019-06-14 09:21:25 +08:00
Sam Saffron 457be89445 DEV: only skip migration if a non seeded upload exists
Followup to 667b9801
2019-06-14 09:52:02 +10:00
Sam Saffron 667b98017a FIX: do not attempt to migrate pre-existing uploads
This makes this job re-runnable just in case cause it will skip creation
of new uploads if an upload already exists
2019-06-14 09:39:22 +10:00
Penar Musaraj 4182d8638c Remove duplicate entry for discourse-yearly-review 2019-06-13 13:56:38 -04:00
Vinoth Kannan 35d6fff69e PERF: use url instead of file key in temporary inventory table. 2019-06-13 22:03:58 +05:30
David Taylor ed21128ee6 FIX: Do not change directory when decompressing S3 inventory
In sidekiq, jobs are run in multiple threads within the same process. `cd` affects the entire process, so can cause unexpected issues in other running jobs.
2019-06-13 17:13:50 +01:00
Penar Musaraj 66b15b9d87 DEV: support installing plugin gems in test images
- adds plugin:install_all_gems rake task

- adds UPDATE_ALL_PLUGINS env variable in docker:test
2019-06-13 09:58:57 -04:00
Arpit Jalan efc05e7224 FIX: remove topic timer info on completion 2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX fbbce235ce
UX: improves change-timestamp modal (#7766) 2019-06-13 13:30:33 +02:00
Guo Xiang Tan 9bce3d5e65 DEV: Multisite support for `rake posts:inline_uploads`. 2019-06-13 16:13:45 +08:00
Sam Saffron 215216df48 FIX: stop re-downloading backup maxmind
We omitted updating the mmdb_time which changed causing a constant
re-download of the maxmind db
2019-06-13 17:42:26 +10:00
Arpit Jalan 77f5577e30 DEV: Improvements to AnswerHub import script. 2019-06-13 11:46:17 +05:30
Sam Saffron 3ef4ae08f1 DEV: check for specifics when looking at ENABLE_LOGRAGE
prior to this change ENABLE_LOGRAGE=0 some_command would enable lograge
2019-06-13 15:59:20 +10:00
Guo Xiang Tan 9daed05ad0 Fix the build. 2019-06-13 13:53:43 +08:00
Guo Xiang Tan 7a0d031bc4 FIX: `InlineUploads` matching on external bbcode img url. 2019-06-13 13:47:36 +08:00
Guo Xiang Tan 782e583844 FIX: Edge cases with markdown references for `InlineUploads`. 2019-06-13 12:08:01 +08:00
Guo Xiang Tan 93c552afda FIX: `InlineUploads` does not correct urls with uppercase extension. 2019-06-13 11:19:33 +08:00
Sam fa2a5f6f56
FEATURE: SKIP_DB_AND_REDIS env var (#7756)
Sometimes we would like to create a base image without any DB access, this
assists in creating custom base images with custom plugins that already
includes `public/assets`

Following this change set you can run:

```
SPROCKETS_CONCURRENT=1 DONT_PRECOMPILE_CSS=1 SKIP_DB_AND_REDIS=1 RAILS_ENV=production bin/rake assets:precompile
```

Then it is straight forward to create a base image without needing a DB or
Redis.
2019-06-13 12:58:27 +10:00
Guo Xiang Tan 5b55252e10 DEV: Add more wait between edit so we don't end up replying too quickly. 2019-06-13 09:14:17 +08:00
Penar Musaraj e47ca6633b DEV: Fix plugin:update_all task
Reenable subtask so it loops through all plugins.

Only run for plugins that are git repositories.
2019-06-12 17:21:56 -04:00