Commit Graph

2958 Commits

Author SHA1 Message Date
Martin Brennan f753643cb1
FIX: Unread topics not clearing when whisper is last post (#8271)
Meta thread: https://meta.discourse.org/t/cant-dismiss-unread-if-last-post-is-an-assign-or-whisper/131823/7

* when sending a whisper, the highest_staff_post_number is set
in the next_post_number method for a Topic, but the
highest_post_number is left alone. this leaves a situation
where highest_staff_post_number is > highest_post_number
* when TopicsBulkAction#dismiss_posts was run, it was only setting the topic_user
highest_seen_post_number using the highest_post_number from the topic, so if
the user was staff and the last post in a topic was a whisper
their highest seen number was not set, and the topic stayed unread

Found through testing that the bug wasn't to do with Assign/Unassign as they do not affect the post numbers, only whispering does.
2019-11-01 09:19:43 +10:00
Neil Lalonde d777844ed6 FEATURE: categories can require topics have a tag from a tag group
In a category's settings, the Tags tab has two new fields to
specify the number of tags that must be added to a topic
from a tag group. When creating a new topic, an error will be
shown to the user if the requirement isn't met.
2019-10-31 16:10:19 -04:00
David Taylor 1f88ecf6d8
FIX: Cache `Discourse.system_user` separately for each multisite tenant (#8276)
This was not causing any known issue, because the system user ID is always the same across all sites. However, we should cache this on a per-site basis to be safe.
2019-10-31 15:16:26 +00:00
Sam Saffron d8f7f363cd FEATURE: stop updating last_posted_at on users for messages and whispers
This ensures we only update last_posted_at which is user facing for non messages
and non whispers.

We still update this date for secure categories, we do not revert it for
deleted posts.
2019-10-31 09:01:26 +11:00
Krzysztof Kotlarek c32bd8ae48 FEATURE: Remove attachments and truncate raw field for incoming emails (#8253)
Adds the settings: 

raw_email_max_length, raw_rejected_email_max_length, delete_rejected_email_after_days. 

These settings control retention of the "raw" emails logs.

raw_email_max_length ensures that if we get incoming email that is huge we will truncate it removing uploads from the raw log.

raw_rejected_email_max_length introduces an even more aggressive truncation for rejected incoming mail. 

delete_rejected_email_after_days controls how many days we will keep rejected emails for (default 90)
2019-10-30 16:54:35 +11:00
Jeff Wong 74dc37c07c FIX: upserting custom fields using keywords converts the array key to a string 2019-10-29 11:35:38 -07:00
Mark VanLandingham 4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Leo McArdle e7ff6809a3 FEATURE: add SES spam header to recognised spam headers (#8254) 2019-10-28 12:46:53 -04:00
Roman Rizzi 070a3dcf9b
FIX: When running the wizard and using a custom theme, fallback to the color_scheme name if the base_scheme_id is nil (#8236) 2019-10-25 09:29:51 -03:00
Sam Saffron 950da34826 DEV: waiting for 10ms is hardly enough
tests that test thread behavior and rely on scheduling need to allow for
a wider amount of error margin
2019-10-23 16:18:41 +11:00
Arpit Jalan 1e9d9d9346
FIX: respect `tl3 links no follow` setting (#8232) 2019-10-22 22:41:04 +05:30
Vinoth Kannan 5e55e75aed FIX: 'only_hidden_tags_changed?' method returned 'true' even when tags are not changed.
While editing the first post it does't bumped the topic when the new post revision created. Because we wrongly assumed that the hidden tags are changed even when no tags are updated.
2019-10-21 17:57:31 +05:30
Daniel Waterworth 55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Rafael dos Santos Silva 2304dcf993 FIX: Do not truncate encoded slugs
Trying to truncate encoded slugs will mean that we have to keep the URL
valid, which can be tricky as you have to be aware of multibyte
characters.

Since we already have upper bounds for the title, the slug won't grow
for more than title*6 in the worst case. The slug column in the topic
table can store that just fine.

Added a test to ensure that a generated slug is a valid URL too, so we
don't introduce regressions in the future.
2019-10-17 13:38:31 -03:00
Daniel Waterworth 7a0c06691c FIX: Account for nil when looking up subcategories 2019-10-16 20:04:54 +01:00
Neil Lalonde 5ef49692e0 FIX: tag cannot be used if it belongs to two tag groups with parent tag
If two tag groups exist with a mandatory parent tag, and one tag is
added to both tag groups, then the tag couldn't be used on any topics.
2019-10-16 14:28:04 -04:00
Neil Lalonde 61f6a6e836 Remove focus from specs 2019-10-16 14:28:04 -04:00
Vinoth Kannan 519fe290e3 SPEC: 'lookup_upload_urls' method should use cdn url if available.
e4fe864c0b
2019-10-14 12:57:33 +05:30
Vinoth Kannan 129e308dac fix the incorrect specs
Previously the 'local_cdn_url' method didn't returned the correct cdn url. So we written few incorrect spec tests too.\n\nf92a6f7ac5228342177bf089d269e2f69a69e2f5
2019-10-14 12:49:11 +05:30
Vinoth Kannan f92a6f7ac5 FIX: 'local_cdn_url' method should work for local relative urls too. 2019-10-14 11:39:16 +05:30
Roman Rizzi 01bc465db8
DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00
Rafael dos Santos Silva 76ab0350f1
FIX: Properly encoded slugs when configured to (#8158)
When an admin changes the site setting slug_generation_method to
encoded, we weren't really encoding the slug, but just allowing non-ascii
characters in the slug (unicode).

That brings problems when a user posts a link to topic without the slug, as
our topic controller tries to redirect the user to the correct URL that contains
the slug with unicode characters. Having unicode in the Location header in a
response is a RFC violation and some browsers end up in a redirection loop.

Bug report: https://meta.discourse.org/t/-/125371?u=falco

This commit also checks if a site uses encoded slugs and clear all saved slugs
in the db so they can be regenerated using an onceoff job.
2019-10-11 12:38:16 -03:00
Nacho Caballero 7d2f5240d9 FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
Régis Hanol 349c1cd085 FIX: remove site setting 'shadowed-by-global' option (#8061) 2019-10-08 12:43:26 -04:00
David Taylor d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
tshenry df02930c67
Correct filename typo 2019-10-03 15:08:56 -07:00
Roman Rizzi 10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Gerhard Schlager 9e4fb262cf FIX: Respect unicode whitelist when suggesting username 2019-10-01 20:33:09 +02:00
Jarek Radosz d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
Daniel Waterworth 7f8cdea924 FIX: Cleanup DiscoursePluginRegistry state after tests that use it
This was causing some heisentests
2019-09-20 13:32:54 +01:00
Penar Musaraj c6cfbebf1f
FIX: ignore min_trust_to_send_messages when messaging groups (#8104)
This means that TL0 users can message groups with "Who can message this
group?" set to "Everyone".

It also means that members of a group with "Who can message this
group?" set to "members, moderators and admins" can also message the
group, even when their trust level is below min_trust_to_send_messages.
2019-09-18 15:23:13 -04:00
Penar Musaraj 3debdc8131 SECURITY: XSS when oneboxing user profile location field
The XSS here is only possible if CSP is disabled. Low impact since CSP is enabled by default in SiteSettings.
2019-09-17 16:12:50 -04:00
David Taylor 081c36a459 FIX: Do not include theme variables in plugin SCSS, and fix register_css 2019-09-17 09:54:52 +01:00
Roman Rizzi 568232052e
DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
David Taylor 67a98946b8 FIX: Do not log 'pull_hotlinked_images' edits in the staff action log 2019-09-12 15:55:45 +01:00
Krzysztof Kotlarek 32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Robin Ward ddd45d1419 FIX: Broken spec 2019-09-09 15:07:40 -04:00
Rimian Perkins 6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Sam Saffron ed00f35306 FEATURE: improve performance of anonymous cache
This commit introduces 2 features:

1. DISCOURSE_COMPRESS_ANON_CACHE (true|false, default false): this allows
you to optionally compress the anon cache body entries in Redis, can be
useful for high load sites with Redis that lives on a separate server to
to webs

2. DISCOURSE_ANON_CACHE_STORE_THRESHOLD (default 2), only pop entries into
redis if we observe them more than N times. This avoids situations where
a crawler can walk a big pile of topics and store them all in Redis never
to be used. Our default anon cache time for topics is only 60 seconds. Anon
cache is in place to avoid the "slashdot" effect where a single topic is
hit by 100s of people in one minute.
2019-09-04 17:18:32 +10:00
Sam Saffron dc9110cc43 FEATURE: track date api key was last used
Start tracking the date an api key was last used. This has already been
the case for user_api_keys.

This information can provide us with the ability to automatically expire
unused api keys after N days.
2019-09-03 18:11:30 +10:00
Sam Saffron b9954b53bb FIX: report cached controller and action to loggers
Previously we would treat all cached hits in anon cache as "other"

This hinders analysis of cache performance and makes logging inaccurate
2019-09-03 10:55:16 +10:00
Sam Saffron 08743e8ac0 FEATURE: anon cache reports data to loggers
This allows custom plugins such as prometheus exporter to log how many
requests are stored in the anon cache vs used by the anon cache.

This metric allows us to fine tune cache behaviors
2019-09-02 18:45:35 +10:00
David Taylor be96c4478e
FEATURE: Login with Discord (#8053)
This migrates the functionality of discourse-plugin-discord-auth into core. 

The plugin will automatically disable itself when core is updated: fd0867844d?w=1

For setup instructions, visit https://meta.discourse.org/t/configuring-discord-login-for-discourse/127129
2019-08-30 10:54:19 +01:00
Sam Saffron e9cf0de588 FEATURE: do not replace ↔ with an emoji
↔ technically can be an emoji, but usually will not be used in that way
2019-08-30 15:06:23 +10:00
Régis Hanol 00dbc260d3 FIX: ensure avatar sizes are integers 2019-08-27 17:03:20 +02:00
Roman Rizzi 7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
Sam Saffron bd5fa1737d FIX: add_to_serializer not correctly accounting for inheritance chains
This is a very long standing bug we had, if a plugin attempted to amend a
serializer core was not "correcting" the situation for all descendant classes
this often only showed up in production cause production eager loads serializers
prior to plugins amending them.

This is a critical fix for various plugins
2019-08-27 18:21:53 +10:00
Sam Saffron 7fe6d295b8 DEV: correct regression in registry test suite
Previously we started with a non blank registry, new code blanks it out
so we need to check for nils
2019-08-22 16:22:52 +10:00
Vinoth Kannan 1c79a6cc3a SPEC: fix the discourse_plugin_registry spec.
41f22946c3
2019-08-22 11:02:18 +05:30
Vinoth Kannan 5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
romanrizzi 36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi 5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi 67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi 1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Vinoth Kannan 88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
David Taylor 5755d3886f FIX: Do not raise exception if the authenticator email is missing
Followup to 296cdc53ee
2019-08-14 12:08:59 +01:00
Blake Erickson 296cdc53ee FIX: Downcase email coming back from auth-provider 2019-08-13 10:53:50 -06:00
Vinoth Kannan 9919ee1900 FIX: remove the tmp inventory files after the s3 uploads check. 2019-08-13 11:52:57 +05:30
Dan Ungureanu 2a98becfde
FIX: Do not create a double like notification. (#7999)
When a user liked, unliked and liked again the same post, the poster
would receive a notification such as "X and X liked ...". This happened
because PostActionNotifier.post_action_created was called twice.
2019-08-12 16:22:46 +03:00
Gerhard Schlager e4f14ca3d7 FIX: Disallow user self-delete when user posted in PMs
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
2019-08-10 12:30:16 +02:00
Gerhard Schlager 74d78e3636 FIX: Drop readonly function when dropping table 2019-08-09 11:39:46 +02:00
Bianca Nenciu 7c83d2eeb2 FIX: Award 'First Onebox' badge just for Oneboxed URLs. (#7974) 2019-08-08 18:45:18 +02:00
David Taylor 7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Gerhard Schlager 24877a7b8c FIX: Correctly encode non-ASCII filenames in HTTP header
Backport of fix from Rails 6: 890485cfce
2019-08-07 19:10:50 +02:00
Arpit Jalan b0e781e2d4 FIX: do not follow redirect on same host with path /login or /session 2019-08-07 16:26:55 +05:30
Leo McArdle 6296ae3d31 FEATURE: add setting to show content of forwarded emails in topics (#7935) 2019-08-07 12:32:19 +02:00
Joffrey JAFFEUX 5d72561f4f
FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
Daniel Waterworth 4ae8065f2c
DEV: Default to skipping creating a topic when fabricating categories (#7976)
This speeds up the test suite by 9%
2019-08-06 11:26:54 +01:00
Daniel Waterworth 9bb15efca7 DEV: Minor test clarification
Replace `(0...3)` for with `3.times`.
2019-08-05 12:16:44 +01:00
David Taylor 39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Daniel Waterworth b76a1df27d FIX: Don't reuse redis connections in different threads in tests
Redis connections aren't threadsafe since they have state, (watched
keys).
2019-08-01 09:51:22 +01:00
Daniel Waterworth 20bc4a38a5
FIX: DistributedMutex (#7953) 2019-08-01 09:12:05 +01:00
David Taylor 933d279811
FIX: Support multi-file stylesheets in theme components (#7950) 2019-07-29 10:28:24 +01:00
Gerhard Schlager fd12c414e7 DEV: Refactor helper methods for upload markdown
Follow-up to a61ff167
2019-07-25 16:36:35 +02:00
Gerhard Schlager 7e0eeed292 FEATURE: Add attachments to outgoing emails
This feature is off by default and can can be configured with the `email_total_attachment_size_limit_kb` site setting.

Co-authored-by: Maja Komel <maja.komel@gmail.com>
2019-07-25 15:57:45 +02:00
romanrizzi c4be8541f6 FIX: use uniq instead of uniq! when checking for uncompressed root path. Use rails naming convention for ZipUtils 2019-07-23 07:57:50 -03:00
Osama Sayegh 5fc5a7f5ae FEATURE: Add search operator to see all direct messages from a user (#7913)
* FEATURE: Add search operator to see all direct messages from a user

* Only show message if related messages >= 5

* Make "all messages" the hyperlink

* Review
2019-07-22 10:55:49 -04:00
Robin Ward e47e0af123
FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910)
If a post arrives via email but must be reviewed, we now show an
icon that can be clicked to view the raw contents of the email.

This is useful if Discourse's email parser is acting odd and the user
reviewing the post wants to know what the original contents were before
approving/rejecting the post.
2019-07-19 11:56:14 -04:00
Bianca Nenciu 9ba2c7cd8b
FIX: Set a minimum reading time per post. (#7842)
Topics containing only images could generate a reading time of zero minutes.
2019-07-19 18:15:38 +03:00
Vinoth Kannan ad04ce9f43 FIX: remove post upload record creation inside 'find_missing_uploads' method. 2019-07-19 01:44:08 +05:30
Roman Rizzi f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Gerhard Schlager 9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
romanrizzi f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi 8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Penar Musaraj 7b0517895e FEATURE: Add "Group owners" to posting options for groups
Context: https://meta.discourse.org/t/121589

This new setting option lets group owners message/mention large groups
without granting that privilege to all members.
2019-07-08 17:14:11 -04:00
Penar Musaraj b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
Robin Ward a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Robin Ward c2c169f5b7 FIX: Fail if none of our tags could be updated
For example, if a category has a tag restriction and the API tries to
attempt to update it but cannot.

See:
https://meta.discourse.org/t/unallowed-tag-in-conversation-returns-200/122170
2019-07-05 11:40:18 -04:00
Osama Sayegh 65a6f3080e FIX: don't disable download_remote_images_to_local if site uses S3 (#7861) 2019-07-05 13:36:03 +10:00
Robin Ward 72bac61c90 FIX: Upsert a custom field if a unique constraint fails 2019-07-04 13:26:25 -04:00
Penar Musaraj 03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
Josh Moore 6c5689984f FEATURE: in:tagged search (srv side) (#7822)
* FEATURE: in:tagged and in:untagged advanced search filters

Similar to in:solved or in:unsolved, the filters check for an
existence of the topic_id in the topic_tags table.

see: https://meta.discourse.org/t/how-to-search-filter-untagged-topics/119641/2
2019-06-28 18:19:57 +10:00
Sam Saffron 8f7a387aa7 FEATURE: add support for tag group search
The behaviour of #TERM in search has been amended

1. We try category or subcategory slugs
2. We try tags
3. We try tag-groups

The term `hello #my-group` will search for all posts tagged with any of
the tags in the tag group `My Group`

Future work may be introducing a slug cache here or caching it in the table
but the assumption is that the number of tag groups will not be huge
2019-06-27 17:53:26 +10:00
Jeff Wong 88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Régis Hanol 134a4c66b7 PERF: limit time spent diffing large blobs of text
REFACTOR: s/.length/.size/g
2019-06-27 01:45:52 +02:00
Arpit Jalan 3c64dc3e7d
FIX: do not allow creation of topic if there is no category available for posting (#7786) 2019-06-26 16:32:53 +05:30
Bianca Nenciu 557805249d
FIX: Ensure topic exists before making a banner. (#7781) 2019-06-25 13:49:29 +03:00
David Taylor afb5ec811d FIX: Don't use DistributedCache to store redis readonly state
This can cause unbound CPU usage in some cases, and excessive logging in other cases. This commit moves redis readonly information into the local process, but maintains the DistributedCache for postgres readonly state.
2019-06-25 11:20:34 +08:00
Penar Musaraj f51f37eddf FEATURE: apply a small penalty to closed topics when searching (#7782) 2019-06-21 12:03:45 +10:00
Robin Ward 0d84c5b894 FIX: If a user deletes a hidden post, it should not lose history 2019-06-20 12:38:16 -04:00
Robin Ward e8b9f38374 FIX: Don't allow users to edit topic information when the OP is locked
see:
https://meta.discourse.org/t/user-able-to-edit-title-of-locked-post/104826
2019-06-18 14:22:38 -04:00
Vinoth Kannan 35d6fff69e PERF: use url instead of file key in temporary inventory table. 2019-06-13 22:03:58 +05:30
Guo Xiang Tan 42ab016856 FIX: Use markdown for images and attachments in `Email::Receiver`. 2019-06-11 14:49:46 +08:00
Guo Xiang Tan 06d974d55c FEATURE: Add base62 sha1 to cooked data attribute
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.

* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan 799bd62803 DEV: Improve `PrettyText` spec to test for markdown image title attr. 2019-06-10 11:00:23 +08:00
Vinoth Kannan 45aebd00a5 SPEC: improve the spec using stubbed S3 client.
4d1204b5e8
2019-06-08 18:10:35 +05:30
Neil Lalonde a08b2589d4 FIX: removing hidden tag bumps topic when all tags are removed
JS sends empty string to remove all tags.
2019-06-07 14:25:46 -04:00
David Taylor e3a9a2d2dd FIX: Avoid infinite loop if disk space is low
We now continue to enqueue the pull_hotlinked_images job for optimized images, even if disk space is low
2019-06-07 14:24:22 +01:00
David Taylor 65b0cafc03 FIX: Always schedule pull_hotlinked_images in cooked_post_processor
The job is now used to pull optimized images, and images from other sites on the same CDN. This needs to run even if download_remote_images is false
2019-06-07 13:08:23 +01:00
Dan Ungureanu 8bd815dab2 FIX: Permit new tags when allow_global_tags true. (#7722) 2019-06-07 15:45:16 +10:00
Régis Hanol b1c5ea4289 FIX: use URI.regexp to find URLs in plain text 2019-06-07 01:26:06 +02:00
Vinoth Kannan b7830680b6 DEV: use cdn url to download the external uploads to local. 2019-06-06 19:17:19 +05:30
Penar Musaraj f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Gerhard Schlager a77d8bee68 FIX: Use correct locale when translating without cache
follow-up to 6d8eb9c1
2019-06-05 14:19:56 +02:00
Vinoth Kannan 4d1204b5e8 SPEC: Add bucket folder path only if not exists
be0555cc17
2019-06-05 17:21:51 +05:30
Sam Saffron 62141b6316 FEATURE: enable_performance_http_headers for performance diagnostics
This adds support for DISCOURSE_ENABLE_PERFORMANCE_HTTP_HEADERS
when set to `true` this will turn on performance related headers

```text
X-Redis-Calls: 10     # number of redis calls
X-Redis-Time: 1.02    # redis time in seconds
X-Sql-Commands: 102   # number of SQL commands
X-Sql-Time: 1.02      # duration in SQL in seconds
X-Queue-Time: 1.01    # time the request sat in queue (depends on NGINX)
```

To get queue time NGINX must provide: HTTP_X_REQUEST_START

We do not recommend you enable this without thinking, it exposes information
about what your page is doing, usually you would only enable this if you
intend to strip off the headers further down the stream in a proxy
2019-06-05 16:08:11 +10:00
Sam Saffron 6d8eb9c144 PERF: bypass slow locale lookups in various cases
Previously as soon as any override was defined we would regress to the slow
path for locale lookups. Additionally if `raise: true` was specified which
rails likes to add in views we would bypass the cache

The new design manages to use the fast path for many more cases
2019-06-05 14:30:25 +10:00
Neil Lalonde 1cf0b549ab FIX: don't send post edit notification when hidden tags are changed
Create a hidden revision so staff can see the changed, but don't send
notifications to non-staff.
2019-06-04 15:48:15 -04:00
Neil Lalonde dd1a034e7b Revert "FIX: don't send post edit notification when hidden tags are changed" 2019-06-04 15:48:15 -04:00
Gerhard Schlager 98a3e61a2d FIX: Remapping URLs didn't affect upload site settings 2019-06-04 18:37:10 +02:00
Régis Hanol 9756e35956 REVERT: FIX: handle clicks counters in quotes
Not quite a full revert of 7696b92c8c that isn't
actually required.
2019-06-04 11:59:44 +02:00
David Taylor 0508546fd2 FIX: Accept github theme urls with a trailing slash 2019-06-04 10:28:36 +01:00
Guo Xiang Tan 6ad58913c8 DEV: Prefer `save!` over `save`. 2019-06-04 16:59:29 +08:00
Maja Komel 87d3b86484 FIX: better error message when user without permissions replies via email 2019-06-04 16:39:41 +08:00
Sam Saffron 6300d978e2 FIX: correctly escape regex url
duplicate link detection could fail in certain cases
2019-06-04 16:21:03 +10:00
David Taylor 5e61893cb2 FIX: Display generic descriptor for associated account with no info 2019-06-03 12:14:02 +01:00
Dan Ungureanu c1e7a1b292 UX: Merge settings related to muted tags. (#7656) 2019-06-03 12:23:23 +10:00
Maja Komel 42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
Guo Xiang Tan 0eb8d74284 DEV: Reduce object fabrication in `CookedPostProcessor` spec. 2019-05-30 08:50:10 +08:00
romanrizzi 2fa8df7cd2 New: can_see_groups? method for better perf 2019-05-30 08:45:20 +08:00
Dan Ungureanu 8728850452 FEATURE: Mute topics tagged with both muted and unmuted tags. 2019-05-30 07:58:17 +08:00
Guo Xiang Tan 8858dbb5b8 DEV: Refactor `SystemMessage#create` specs. 2019-05-30 07:56:36 +08:00
Arpit Jalan 23fdaf07f2 FIX: create system message in user selected locale
DEV: refactor `create_from_system_user` to use `create` method
2019-05-29 21:43:43 +05:30
Guo Xiang Tan 8d1b0224ac Fix the build a3938f98f8. 2019-05-29 18:53:31 +08:00
Guo Xiang Tan f0620e7118 FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2.
Previous attempt was missing `post_uploads` records.
2019-05-29 09:26:32 +08:00
Guo Xiang Tan 6cceb72173 DEV: Reduce verbosity in `TopicQuery` spec. 2019-05-29 08:32:10 +08:00
Penar Musaraj 7c9fb95c15 Temporarily revert "FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603)"
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
2019-05-28 16:37:01 -04:00
Guo Xiang Tan b1d3c678ca FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603) 2019-05-28 11:18:21 -04:00
Penar Musaraj 42818b810e Better handling of custom SVG sprites in themes when using S3 2019-05-28 10:58:19 -04:00
Sam Saffron 3d2c3bd478 FIX: username suggester incorrectly skipping over whitelisted username
SSO uses a special param to username suggester that whitelists a username
due to previous work we amended our lookup logic and started ignoring this
whitelist.

The fix ensures we always respect it, and also improves on the original
implementation that forgot to normalize the username.
2019-05-28 16:48:46 +10:00
Sam Saffron a02a7d66a9 DEV: properly clean up temp files in FileHelper spec
Followup to 74297003 , also noticed other specs were not properly cleaning
up so fixed that as well.
2019-05-28 11:33:08 +10:00
Sam Saffron 7429700389 FIX: ensure we can download maxmind without redis or db config
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
2019-05-28 10:28:57 +10:00
Blake Erickson 373b8a2139 FIX: Consistently handle category param
See https://meta.discourse.org/t/api-post-to-posts-json-inconsistent-between-users/118571
for more info.

This commit removes a 5 year old temporary fix that is no longer needed.

bc1824a6ed (diff-d8c648926664f849aec050757bfcb6f9R72)

The web interface uses category_id when creating a topic so I think we
should unify on category_id when using the api.
2019-05-27 16:39:56 +08:00
Sam Saffron 170c66c190 DEV: correct flaky test, insufficient timeout
In some cases with all the new mitigations the 10ms delay is no longer
enough. Wait up to 1 second here instead.
2019-05-27 17:08:35 +10:00
Guo Xiang Tan f54e4b71b1 DEV: Make `CookedPostProcessor#post_process_images` method private. 2019-05-27 11:28:37 +08:00
Dan Ungureanu da39d66e83
DEV: Improve support for plugins. (#7332)
* DEV: Allow NewPostManager handlers handle PMs.
* DEV: Add custom fields topic option to PostCreator.
* DEV: Add topic_id to serializer data.
* DEV: Wrap topic title from notification item in a span.
2019-05-25 16:53:03 +03:00
Gerhard Schlager e224100023 FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled 2019-05-22 11:44:39 +02:00
Gerhard Schlager b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Vinoth Kannan 2a7065c505 FIX: skip uploads without etag in s3 inventory check. 2019-05-20 00:09:52 +05:30
Régis Hanol 7696b92c8c FIX: handle clicks counters in full quotes 2019-05-17 14:17:29 +02:00
David Taylor ef660d5a3e FIX: Return consistent character encodings when downloading S3 uploads
Net::HTTP always returns ASCII-8BIT encoding. File.read auto-detects the encoding. This leads to an encoding inconsistency between a fresh download, and a cached download. This commit ensures all downloaded files are treated equally, by always returning the cached version from the filesystem, even during initial download.

One symptom of this problem is during theme exports: https://meta.discourse.org/t/116907

Related ruby ticket: https://bugs.ruby-lang.org/issues/2567
2019-05-17 11:27:00 +01:00
Guo Xiang Tan 148bfc9be5 DEV: Simplify client and server side code to support removing tags.
Follow up to 834c86678f.
2019-05-17 16:39:20 +08:00
Sam Saffron a8fbb19e7c FEATURE: allow a huge number of users to share common prefix
Previously username suggester would give up after 100 attempts at getting
a username and fallback to random string.

This amends the logic so we do all the work of figuring out a good username
in SQL and avoids a large amount of queries in cases where a lot of usernames
were used up.

This corrects an issue on sites with large numbers of anon users
2019-05-16 17:15:16 +10:00
Régis Hanol fd5c5e326f FIX: remove full quote on direct replies when "typographed"
Use the cooked version of the post and the quote to compare their content in
order to take into account the "typographer" option of the markdown pipeline.
2019-05-15 17:49:29 +02:00
Neil Lalonde 6f747c6b71 FIX: don't allow username to be changed to same as password
We were blocking user registrations with same username and password,
but allowing usernames to be changed to be same as password later.
Also disallow names to be the same as password.
2019-05-13 16:43:40 -04:00
Gerhard Schlager 13e54bca3d DEV: Add specs for handling InvalidPluralizationData exception
follow-up to 6d44be51
2019-05-13 22:07:42 +02:00
Gerhard Schlager 73015521e2 FIX: Correctly calculate fallback locale list
* English shouldn't fallback to any other locale
* Calculate fallback for default locale if it isn't English (useful for en_US)
* Reuse the fallback locale list when outputting translations to JavaScript
2019-05-13 09:36:05 +02:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Daniel Waterworth 6e11ae06d8 Prefabricate admin in wizard_spec.rb 2019-05-10 08:34:04 -04:00
Daniel Waterworth bc4748571e Moved fabrication of topic to top level in topics_bulk_action_spec.rb 2019-05-10 08:34:04 -04:00
Daniel Waterworth 90c226949c prefabricate admin in search_spec.rb 2019-05-10 08:34:04 -04:00
Daniel Waterworth 6f5fb020d2 Prefabricate users in post_revisor_spec.rb 2019-05-10 08:34:04 -04:00
Daniel Waterworth cbcfc89fac prefabrication of users in flag_query_spec.rb 2019-05-10 08:34:04 -04:00
David Taylor 2c6b595eed FIX: Process image onebox correctly when image is wrapped in a link
The instagram onebox sometimes surrounds the image with an `<a>` tag, which was breaking the aspect ratio logic, and therefore causing posts to change height on load.
2019-05-10 10:02:40 +01:00
Gerhard Schlager 4a1755b780 FIX: Don't create staged users when processing forwarded email fails 2019-05-09 23:47:47 +02:00
Arpit Jalan 9758857a78 FIX: escape Vimeo iframe URL 2019-05-09 23:01:50 +05:30
Guo Xiang Tan 4e91839c97 FIX: Remove default val for colors step if a default theme has been set.
Running through the wizard after a default theme has been configured
will always revert the default theme to the light theme.
2019-05-09 17:25:09 +08:00
Guo Xiang Tan d110f252bb DEV: Remove unsued option from spec. 2019-05-09 17:25:09 +08:00
Sam Saffron 88650a1259 PERF: avoid checking for consecutive replies in test
This check can issue up to 2 queries per post created, we have specific
tests for it so we can avoid.

This also rolls back #4da6ca4d
2019-05-09 13:28:53 +10:00
Daniel Waterworth 4da6ca4d9f PERF: Skip post validation by default when fabricating posts (#7508)
This speeds up tests by 10%
2019-05-09 10:15:38 +10:00
Penar Musaraj a4eb523af6 Track Discourse user agent pageviews as crawler
Since 5bfe051e, Discourse user agents are marked as non-crawlers (to avoid accidental blacklisting). This makes sure pageviews for these agents are tracked as crawler hits.
2019-05-08 10:38:55 -04:00
Penar Musaraj 8f2c442435 Fix tests 2019-05-08 09:58:47 -04:00
Robin Ward 5af7c90bab FEATURE: Hide Reviewable scores, change score filter to Priority
We found score hard to understand. It is still there behind the scenes
for sorting purposes, but it is no longer shown.

You can now filter by minimum priority (low, med, high) instead of
score.
2019-05-07 14:05:23 -04:00
Bianca Nenciu 98a75906c8
FIX: Close topics deleted by users and ensure topic stubs are destroyed. (#7430) 2019-05-07 16:25:52 +03:00
Daniel Waterworth 32e0c4997c Prefabricated posts 2019-05-07 08:39:45 -04:00
Daniel Waterworth d3a59a43a1 Prefabricated anonymous 2019-05-07 08:39:45 -04:00
Daniel Waterworth 033d584275 Prefabricated topic 2019-05-07 08:39:45 -04:00
Daniel Waterworth 3e2f7d800a Replaced create_topic with Fabricate(:topic) 2019-05-07 08:39:45 -04:00
Daniel Waterworth e79421abb7 Prefabricated users 2019-05-07 08:39:45 -04:00
Daniel Waterworth c9dedd7d72 Removed unnecessary fab! 2019-05-07 08:38:55 -04:00
Daniel Waterworth da31661b80 Prefabricate category 2019-05-07 08:38:55 -04:00
Daniel Waterworth cdf17986aa Removed unnecessary let 2019-05-07 08:38:55 -04:00
Daniel Waterworth b95a5330b7 Moved automatic_group fabrication to top level 2019-05-07 08:38:55 -04:00
Daniel Waterworth 5af63def61 Prefabricate group at the top level 2019-05-07 08:38:55 -04:00
Daniel Waterworth df63080bca Prefabricate staff_post at the top level 2019-05-07 08:38:55 -04:00
Daniel Waterworth db64bee0c4 Use prefabricated user 2019-05-07 08:38:55 -04:00
Daniel Waterworth 30676e8a56 Brought prefabrication of another_user to the top level 2019-05-07 08:38:55 -04:00
Daniel Waterworth 2c7ed7b848 Use prefabricated admin instead of creating new ones 2019-05-07 08:38:55 -04:00
Daniel Waterworth 2f706be43a Reuse prefabricated moderator instead of creating new ones 2019-05-07 08:38:55 -04:00
Daniel Waterworth 16c7b86c86 Use prefabricated user and moderator 2019-05-07 08:38:55 -04:00
Daniel Waterworth e219588142 DEV: Prefabrication (test optimization) (#7414)
* Introduced fab!, a helper that creates database state for a group

It's almost identical to let_it_be, except:

 1. It creates a new object for each test by default,
 2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
Sam Saffron 9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Robin Ward 31e100530f FEATURE: Flag count in post menu
This change shows a notification number besides the flag icon in the
post menu if there is reviewable content associated with the post.
Additionally, if there is pending stuff to review, the icon has a red
background.

We have also removed the list of links below a post with the flag
status. A reviewer is meant to click the number beside the flag icon to
view the flags. As a consequence of losing those links, we've removed
the ability to undo or ignore flags below a post.
2019-05-06 16:13:31 -04:00
Neil Lalonde e6843afa9e FIX: don't send post edit notification when hidden tags are changed 2019-05-06 15:45:06 -04:00
Neil Lalonde 5de750d373 FIX: don't bump topics when hidden tags are added or removed 2019-05-06 14:52:18 -04:00
Vinoth Kannan e8fafbc123 List and restore missing post uploads from S3 inventory. 2019-05-04 01:16:20 +05:30
David Taylor 0644c10bfe FIX: Prioritize VERP key over final_recipient header in bounced email
Per RFC3464 2.3.2, the final_recipient header may not match the address we originally sent the email to.
2019-05-03 12:12:44 +01:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Robin Ward 0f01c9d25f FIX: Posts in the approval queue were sometimes dropping category 2019-05-01 14:40:38 -04:00