Commit Graph

10281 Commits

Author SHA1 Message Date
Krzysztof Kotlarek cd077ef93b
FIX: visual regression for new features (#29359)
Bug introduced in this PR https://github.com/discourse/discourse/pull/29244

When the experiment toggle button was introduced, new features did not look right when the toggle button was not available.

In addition, the plugin name can be an empty string. In that case, information about new features should be displayed.
2024-10-23 16:16:19 +11:00
Loïc Guitaut f79dd5c8b5 DEV: Stop injecting a service result object in the caller object
Currently, when calling a service with its block form, a `#result`
method is automatically created on the caller object. Even if it never
clashed so far, this could happen.

This patch removes that method, and instead use a more classical way of
doing things: the result object is now provided as an argument to the
main block. This means if we need to access the result object in an
outcome block, it will be done like this from now on:
```ruby
MyService.call(params) do |result|
  on_success do
    # do something with the result object
    do_something(result)
  end
end
```

In the same vein, this patch introduces the ability to match keys from
the result object in the outcome blocks, like we already do with step
definitions in a service. For example:
```ruby
on_success do |model:, contract:|
  do_something(model, contract)
end
```
Instead of
```ruby
on_success do
  do_something(result.model, result.contract)
end
```
2024-10-22 16:58:54 +02:00
Gerhard Schlager 07ff21d045
FIX: Restoring backup could fail due to missing `discourse_functions` (#29332)
Database dumps sometimes reference functions in the `discourse_functions` schema. It's possible that some of these functions have been dropped in a newer version of Discourse. In that case, restoring an older backup will fail with a `ERROR:  function discourse_functions.something_something() does not exist` error. The restore functionality contains a workaround for that problem, but it didn't work with functions created in plugin migrations.

This commit adds support for temporarily creating missing `discourse_functions` from plugins. And it adds a simple check if the DB migration file even contains the required `DROPPED_TABLES` or `DROPPED_COLUMNS` constant. We don't need to create an instance of the DB migration class unless one of those constants is used. This makes the restore slightly faster and works around a problem with migrations that execute without `up` or `down` methods (e.g. `BackfillChatChannelAndThreadLastMessageIdsPostMigrate`).
2024-10-22 16:13:01 +02:00
Krzysztof Kotlarek 433fadbd52
FEATURE: allow admins to enable announced experimental features (#29244)
Toggle the button to enable the experimental site setting from "What's new" announcement.

The toggle button is displayed when:
- site setting exists and is boolean;
- potentially required plugin is enabled.
2024-10-22 10:56:58 +11:00
Régis Hanol 88449541a5
FIX: participating users statistics... (#29293)
* FIX: participating users statistics...

... was (mis-)counting

- bots
- anonymous users
- suspended users

There's now a "valid_users" function that holds the AR query for valid users and which is used in all "users", "active_users", and "participating_users" queries.

Internal ref - t/138435
2024-10-21 18:18:42 +02:00
David Taylor b3b0695bb1
PERF: Optimize themes:update task (#29290)
- Add concurrency when running on multisite clusters (default 10, configurable via THEME_UPDATE_CONCURRENCY env)

- Add a version cache for the duration of the rake task. This avoids duplicating work when many sites in the cluster have the same theme installed, and it is already up-to-date

- Updates output to be more concurrent friendly (all `puts`, no `print`)
2024-10-21 12:36:40 +01:00
Régis Hanol 97ba39e60f
FIX: bump the number of svg icons we return to first 500 (#29286)
instead of the first 200 which would "hide" some icons from the list when picking an icon for a badge or a sidebar link.

Internal ref - t/119652
2024-10-18 19:22:13 +02:00
Gabriel Grubba fe4e2a17cb
FEATURE: Create rake for db migration in plugins (#29163)
* FEATURE: Create rake for db migration in plugins

before the dev-xp was clunky, we had to create a migration file in core and
move it to the plugin.

Now we automated this process, we still create the migration file in core
but the rake task will move it to the plugin.

the usage is:

```
rake plugin:generate_migration[plugin_name,migration_name,migration_args]

rake plugin:generate_migration[discourse-automation,add_group_id_to_automation_rule,"group_id:integer"]
```

* DEV: change rake to be a generator for plugin migrations

* DEV: trying to add extra class option to migration generator

* DEV: revert to have only `plugin_migration_generator`

* DEV: remove rake task for plugin migration creation

* DEV: remove migration_generator.rb

* DEV: remove if because options with `plugin_name` will always be true
2024-10-18 11:43:45 -03:00
David Battersby 48308a5ee6
FIX: show lightbox for small images (#29140)
We want to allow lightboxing of smaller images, even if they are below the minimum size for image thumbnail generation.

This change sets a minimum threshold of 100 x 100 pixels for triggering the lightbox.

---------

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-10-18 09:45:08 +04:00
Loïc Guitaut 23c486799f DEV: Improve `array` type in service contracts
This patch improves the custom `array` type available in contracts.
It’s now able to split strings on `|` on top of `,`, and to be more
consistent, it also tries to cast the resulting items to integers.
2024-10-17 17:02:02 +02:00
Sam c08c40dc23
FEATURE: theme_modifiers can depend on theme settings (plus serialize_post_user_badges) (#29227)
Theme modifiers can now be defined as theme settings, this allows for
site operators to override behavior of theme modifiers.

New syntax is:

```
{
    ...
   "modifiers": {
      "modifier_name": {
         "type": "setting",
         "value": "setting_name"
      }
   }
}
```

This also introduces a new theme modifier for serialize_post_user_badges. Name of badge must match the name of the badge in the badges table. The client-side is updated to load this new data from the post-stream serializer.

Co-authored-by: David Taylor <david@taylorhq.com>
2024-10-17 15:16:16 +01:00
Juan David Martínez Cubillos 789aa2d9de
DEV: Add PluginRegistry modifiers to #review and #recalculate (#29128)
* DEV: Add PluginRegistry modifiers to #review and #recalculate

* added tests

* changed added registry logic
2024-10-16 10:26:10 -05:00
David Taylor 7dc60d0c99
DEV: Remove discourse-encrypt from core CI suite (#29230)
This plugin is prone to causing flaky test runs, and is in the process of being deprecated
2024-10-16 11:47:02 +01:00
Alan Guo Xiang Tan 322a3be2db
DEV: Remove logical OR assignment of constants (#29201)
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Penar Musaraj 80ac3275ba
DEV: update rake task to disable 2FA for a user (#29052)
- limits security key deletes to second factor keys
- also deletes backup codes (lingering backup codes break login flow entirely)

* Add spec for rake task to disable 2FA for a user
2024-10-16 09:11:29 +11:00
Loïc Guitaut 281570226b DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.

---

The previous implementation of this patch had a bug: it wasn’t handling
locales with country/region code properly. So instead of iterating over
the problematic keys, it was raising an error.
2024-10-15 12:45:23 +02:00
Jeff Wong d92d65fe73
Revert "DEV: Output failing MF keys when compilation fails" (#29200)
This reverts commit 8eff922ace.
2024-10-14 17:42:36 -07:00
Juan David Martínez Cubillos d3f09f8f61
DEV: Add discourse-hcaptcha plugin to the metadata list of official plugins (#29177) 2024-10-11 15:35:12 -05:00
Martin Brennan 2193667e1f
FIX: Plugin JS failing to load would break admin interface (#29139)
If a plugin's JS fails to load for some reason, most commonly
ad blockers, the entire admin interface would break. This is because
we are adding links to the admin routes for plugins that define
them in the sidebar.

We have a fix for this already in the plugin list which shows a warning
to the admin. This fix just prevents the broken link from rendering
in the sidebar if the route is not valid.
2024-10-11 09:26:10 +10:00
Mark VanLandingham 882c2da29e
DEV: Add modifier to SuggestedTopicsBuilder#add_results (#29164) 2024-10-10 10:03:26 -05:00
Kelv 32e261ef73
DEV: Migrate user passwords data to UserPassword table (#28746)
* Add migrations to ensure password hash is synced across users & user_passwords

* Persist password-related data in user_passwords instead of users

* Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed

* Add post deploy migration to mark password-related columns from users table as read-only

* Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
2024-10-10 09:23:06 +08:00
Alan Guo Xiang Tan c1f25cdf5b
FIX: Unicorn master and Sidekiq reopening logs at the same time (#29137)
In our production environment, we have been seeing Sidekiq processes
getting stuck randomly when a USR1 signal is sent to the Unicorn master
process. We have not been able to identify the root cause of why the
Sidekiq process gets stuck. We however noticed that when the Unicorn
master process receives a USR1 signal, it will reopen the logs for the
Unicorn master process first before sending a USR1 signal for the
Unicorn worker processes to reopen the logs. We figured that we should
do the same for the Sidekiq process as well when a USR1 signal.

In this commit, we introduce an arbitrary delay of 1 second before we
the Sidekiq process reopens its log files so as to allow enough time for the Unicorn
master to finish reopening it logs first.

We also do not send reopen logs for the Sidekiq process if the `DISCOURSE_LOG_SIDEKIQ`
env is not present because there is no need to reopen any logs.
2024-10-10 08:01:40 +08:00
Alan Guo Xiang Tan ed6c9d1545
DEV: Call Discourse.redis.flushdb after the end of each test (#29117)
There have been too many flaky tests as a result of leaking state in
Redis so it is easier to resolve them by ensuring we flush Redis'
database.

Locally on my machine, calling `Discourse.redis.flushdb` takes around
0.1ms which means this change will have very little impact on test
runtimes.
2024-10-09 07:19:31 +08:00
Loïc Guitaut 229773e7a8 DEV: Drop `OpenStruct` for the context object in services
While using `OpenStruct` is nice, it’s generally not a very good idea as
it usually leads to performance problems.

The `OpenStruct` source code even says basically to avoid it.

Since the context object is crucial in our services, this patch replaces
`OpenStruct` with a custom implementation instead.
2024-10-08 10:34:55 +02:00
Alan Guo Xiang Tan 4ba8d3b76b
Bump version to v3.4.0.beta3-dev 2024-10-07 12:14:10 +08:00
Alan Guo Xiang Tan 9cfe725b37
Bump version to v3.4.0.beta2 2024-10-07 12:14:09 +08:00
Penar Musaraj 92ac6be82a
SECURITY: prevent topic list filtering by hidden tags for unathorized users
This fixes an issue where unathorized users were able to filter topics
by tags that are hidden from them.
2024-10-07 11:48:55 +08:00
OsamaSayegh d7164d57ec
SECURITY: Block registrations for encoded emails that are invalid 2024-10-07 11:48:52 +08:00
Régis Hanol 34d04e7507
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773

FIX: Duplicated parent posts

DEV: Query refactor
2024-10-07 11:48:48 +08:00
Bianca Nenciu e081cc14fb
SECURITY: Use different anon cache keys for XHR requests
XHR requests are handled differently by the application and the
responses do not have any preloaded data so the cache key needs to
differntiate between those requests.
2024-10-07 11:48:45 +08:00
Jeff Wong 91ac382d83
DEV: update compile steps (#29031)
Remove emoji.clear cache calls as data.js.es6.erb hasn't existed in a while.
Emoji data is now compiled separately via javascript rake tasks.

Skip db and redis precompilation when no db is present
2024-10-05 09:50:33 +10:00
Loïc Guitaut 8eff922ace DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.
2024-10-04 23:38:27 +09:00
Loïc Guitaut ad8f46f4f1 DEV: Make params explicit for services in controllers 2024-10-03 16:56:39 +09:00
Jarek Radosz 53e6e32b2d
DEV: Attempt to fix `about` model flakes (#29057)
My theory is that there were nil entries (that we were filtering out) that then changed and we weren't resetting them properly.

(the failure no longer repro'd in 30 CI runs in this PR)
2024-10-03 03:19:34 +02:00
Keegan George 53d41d0727
DEV: Add missing x icon to `svg_sprite.rb` (#29059) 2024-10-02 16:20:24 -04:00
Loïc Guitaut fc1c5f6a8d DEV: Have `contract` take a block in services
Currently in services, the `contract` step is only used to define where
the contract will be called in the execution flow. Then, a `Contract`
class has to be defined with validations in it.

This patch allows the `contract` step to take a block containing
validations, attributes, etc. directly. No need to then open a
`Contract` class later in the service.

It also has a nice side effect, as it’s now easy to define multiples
contracts inside the same service. Before, we had the `class_name:`
option, but it wasn’t really useful as you had to redefine a complete
new contract class.
Now, when using a name for the contract other than `default`, a new
contract will be created automatically using the provided name.

Example:
```ruby
contract(:user) do
  attribute :user_id, :integer

  validates :user_id, presence: true
end
```
This will create a `UserContract` class and use it, also putting the
resulting contract in `context[:user_contract]`.
2024-10-02 17:00:01 +09:00
Sam baeca887d9
FEATURE: improve the suppression for admins when required (#29041)
Previously admins could still click on topics when `suppress_secured_categories_from_admin` was set

This change improves the block so admins without permission will not be allowed to click through till they add themselves to appropriate groups

Keep in mind this setting is a quality of life setting and not a SECURITY
setting, admins have an infinite way of bypassing visiblity limits
2024-10-02 10:52:02 +10:00
Daniel Waterworth c544686540
DEV: Add expires flag to enable_readonly (#29033)
... to control whether readonly mode expires or not.
2024-09-30 13:59:51 -05:00
Linca a1e5796ba1
FEAT: Allow admin delete user's associated accounts (#29018)
This commit introduces a feature that allows an admin to delete a user's
associated account. After deletion, a log will be recorded in staff
actions.

ref=t/136675
2024-09-27 20:08:05 +08:00
Loïc Guitaut 78d9f9fa40 DEV: Rename `ServiceRunner` to `Service::Runner` for consistency 2024-09-20 10:04:42 +02:00
Loïc Guitaut afdb1ac0a0 DEV: Disallow default params in service steps
With the current implementation, a service step can be written as:
```ruby
def my_step(a_default_value: 2)
  …
end
```
That’s a pattern we want to avoid as default values (if needed) should
be probably defined in a contract.

This patch makes a service raise an exception if a default value is
encountered.
2024-09-19 14:47:55 +02:00
Loïc Guitaut fe1098ebac FIX: Don’t raise on some search terms
Currently, when certain search terms are provided, this can lead to
`Search.need_segmenting?` raising an error because it makes `URI#path`
to return `nil` instead of a string.

This patch forces a cast to string so it won’t raise anymore.
2024-09-19 11:35:10 +02:00
Ted Johansson e68748318e
DEV: Remove FileStore#download deprecation warning (#28971)
At a point we split FileStore#download into two methods, one which returns nil (#download) and one which raises an exception (#download!) if there's a download error.

When we did this we added a deprecation warning to the #download method.

It has now been over a year and I have checked all relevant internal cases, so I think it's about time we remove this warning.
2024-09-19 11:08:26 +08:00
Loïc Guitaut 05b8ff436c DEV: Introduce a `Service::ActionBase` class for service actions
This will help to enforce a consistent pattern for creating service
actions.

This patch also namespaces actions and policies, making everything
related to a service available directly in
`app/services/<concept-name>`, making things more consistent at that
level too.
2024-09-18 17:02:46 +02:00
Linca 741e9d70ad
FIX: Don't show move topic for private messages for TL4 (#28871)
In TopicController, in addition to ensure_can_move_posts!, we also
checked if the topic is private message in this line:

```ruby
raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff?
```

However, this was not present in `guardian.can_move_posts?`. As a result,
the frontend topic view got an incorrect serialized result, thinking
that TL4 could move the private message post. In fact, once they tried
to move it, they got the `InvalidAccess` error message.

This commit fixes that TL4 will no longer sees the "move to" option in
the "select post" panel for a private message.
2024-09-16 11:30:05 +08:00
Kris a914d3230b
DEV: remap all core icons for fontawesome 6 upgrade (#28715)
Followup to 7d8974d02f

Co-authored-by: David Taylor <david@taylorhq.com>
2024-09-13 16:50:52 +01:00
Osama Sayegh 64b67e0a4f
FIX: Exclude inactive and silenced users from /about page stats (#28877)
The user directory (`/u`) excludes inactive and silenced users from the list, so for the sake parity, it makes sense to also exclude those users from the /about page stats.

Internal topic: t/70928.
2024-09-12 22:28:49 +03:00
Loïc Guitaut b806dce13d DEV: Refactor suspend/silence user services
- fetch models inside services
- validate `user_id` in contracts
- use policy objects
- extract more logic to actions
- write specs for services and action
2024-09-12 10:28:48 +02:00
Jarek Radosz e87d0addf7
DEV: Run theme tests in random order (#28841)
that is: randomize the order in which theme test suites are scheduled
2024-09-11 10:45:12 +02:00
Bianca Nenciu 38592dc48e
PERF: Preload user options when status is enabled (#28827)
The user option 'hide_profile_and_presence' is necessary to figure out
if the user status has to be displayed or not. In order to avoid N+1s
generated by `include_status?` method, both `user_status` and
`user_option` relations have to be included.
2024-09-11 10:39:14 +03:00