Commit Graph

26372 Commits

Author SHA1 Message Date
Roman Rizzi b7b61d4b56
FEATURE: A notification consolidation plan for keeping the latest one. (#15249)
We previously used ConsolidateNotifications with a threshold of 1 to re-use an existing notification and bump it to the top instead of creating a new one. It produces some jumpiness in the user notification list, and it relies on updating the `created_at` attribute, which is a bit hacky.

As a better alternative, we're introducing a new plan that deletes all the previous versions of the notification, then creates a new one.
2021-12-10 10:32:15 -03:00
Roman Rizzi 3602f83cf4
FEATURE: Delete previous reviewable reminders. (#15250)
We send the reminder using the GroupMessage class, which supports removing previous messages. We can't match them by raw because they could mention different moderators. Also, I had to change the subject to remove dynamically generated values, which is necessary for finding them.
2021-12-10 10:17:39 -03:00
Joffrey JAFFEUX ac31c2bbb2
FIX: only consider it handled by composer when a composer (#15254) 2021-12-10 13:07:54 +01:00
Penar Musaraj f24027b453
UX: Fix topic status icon size in mobile search results (#15251) 2021-12-09 14:32:12 -05:00
Kerry Liu c8af3e7bc1
UX: only apply link formats on paste to selections that do not contain bbcode-like tags (#15204) 2021-12-09 16:41:44 +00:00
Joffrey JAFFEUX e0ea16f05d
DEV: removes jquery usage from admin-watched-words (#15246) 2021-12-09 17:06:54 +01:00
Joffrey JAFFEUX 3052eb6ae6
DEV: fixes test as bodyClass is sometimes "foo bar" (#15248) 2021-12-09 15:34:50 +01:00
Joffrey JAFFEUX adb23636e6
DEV: minor full page search refactoring (#15242)
- drops jquery usage
- shows clear all/ select all only when appropriate
- removes ~ char apparently un-needed
2021-12-09 13:48:08 +01:00
Joffrey JAFFEUX f889ec2fcd
DEV: refactors admin-plugins/admin-site-settings (#15244)
- drops jQuery usage
- removes apparently useless clearfix
- uses @action
- drops unused clearFilter function in admin-plugins
2021-12-09 13:47:56 +01:00
Joffrey JAFFEUX 5d44adb9b9
DEV: refactors d-section (#15245)
- go tagless
- properly declares properties
- deprecates "false" in favour of false
- drops jquery
2021-12-09 13:47:47 +01:00
Joffrey JAFFEUX 76dff7fd9e
DEV: drops jquery usage from discovery-categories (#15243) 2021-12-09 13:47:13 +01:00
Angus McLeod df3886d6e5
FEATURE: Experimental support for group membership via google auth (#14835)
This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. 

The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future.

https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 12:30:27 +00:00
Jeff Wong 347669ef04
DEV: Add keyboard:move selection event (#15241)
allows plugin event hook for keyboard:move-selection. Passes raw selected and all articles through named params.
2021-12-08 23:38:25 -08:00
Joffrey JAFFEUX 828e75c2f3
DEV: minor choose topic refactoring (#15233)
* DEV: minor choose topic refactoring

- prevents category to be clickable to make clicking topics easier
- drops jQuery
- uses @action
- uses ? operator where possible
- drops un-needed next/schedule usage

* uses topic-status component and prevents pinned icon to be focusable

* Update app/assets/javascripts/discourse/app/templates/components/choose-topic.hbs

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-09 14:08:21 +11:00
Alan Guo Xiang Tan 4d1c84f15f
UX: Make toggling to filtered replies mode less jumpy. (#15240)
Previously we would jump to the first two replies but it made the
transition very jumpy depending on how long the post being selected is.
2021-12-09 10:03:22 +08:00
Alan Guo Xiang Tan e668b3dc71
DEV: Remove unnecessary element. (#15225)
This was added 6 years ago in d1e85bdd8b
and I can't see how this is useful for any customizations at all.
2021-12-09 08:40:23 +08:00
Alan Guo Xiang Tan ae88b52370
DEV: Fix position of avatar flair to be based on the actual avatar. (#15226)
Previously, it was based on the container of the avatar. However, the
container of the avatar can be extended to contain more than just the
avatar itself. This resulted in the positioning of the avatar flair to
be off.
2021-12-09 08:38:39 +08:00
Jeff Wong 51abcd7524
DEV: add app event for user-card:after-show (#15227)
Adds user-card:after-show event for when a usercard is fully loaded and shown.
2021-12-08 15:23:39 -08:00
Osama Sayegh aec9ce9819
A11Y: Move focus to highlighted post when visiting a topic (#15236)
Meta topic: https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/87?u=osama.
2021-12-08 21:33:15 +03:00
Andrei Prigorshnev 4e8983036a
DEV: do not return no_result_help from the server (#15220)
We don't need it anymore. Actually, I removed using of it on the client side a long time ago, when I was working on improving blank page syndrome on user activity pages (see https://github.com/discourse/discourse/pull/14311).

This PR also removes some old resource strings that we don't use anymore. We have new strings for blank pages.
2021-12-08 21:46:54 +04:00
David Taylor a6230b8138
UX: Improve composer presence-display positioning (#15235)
Previously the discourse-presence plugin was using a `position: absolute` hack to display the 'replying...' users in the top right of the composer. This commit adds a more suitable plugin outlet, and updates the discourse-presence styling so it slots into the flex-box layout at the top of the composer
2021-12-08 16:18:49 +00:00
Dan Ungureanu d8fe0f4199
FEATURE: Restrict link invites to email domain (#15211)
Allow multiple emails to redeem a link invite only if the email domain
name matches the one specified in the link invite.
2021-12-08 17:06:57 +02:00
Joffrey JAFFEUX e1b4e2e034
DEV: removes jquery usage from add-category-tag-classes (#15232)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-08 14:32:27 +01:00
Bianca Nenciu b1c11d5787
FIX: Select correct topic draft for user (#15234)
The old query could return multiple rows.
2021-12-08 15:23:44 +02:00
Bianca Nenciu 049bc33838
FIX: Update has_topic_draft when draft is updated (#15219)
Current user state regarding the new topic draft was not updated when
the draft was created or destroyed.
2021-12-08 14:40:35 +02:00
Joffrey JAFFEUX a144f49ec2
UX: scroll row to top of container in select-kit (#15230) 2021-12-08 12:22:18 +01:00
Loïc Guitaut 74387e83b6 DEV: Stop polluting all Ruby classes
The `ReviewableScore` model was defining class methods on `self.class`
from a singleton context so instead of defining methods on
`ReviewableScore` it was defining them on `Class`, so basically on every
existing class.

This patch resolves this issue. Using `enum` from `ActiveRecord` in the
future will avoid this kind of problems.
2021-12-08 11:32:25 +01:00
Jarek Radosz 301d5657fe
FIX: --header-offset didn't account for overscroll (#15221)
Fixes miniprofiler badge sliding away from the header when you rubber-band overscroll on the top of the page (in Safari)
2021-12-08 01:40:49 +01:00
Mark VanLandingham a7fdcb921a
DEV: Sniff isPwa for capabilities (#15218) 2021-12-07 15:35:06 -06:00
David Taylor f3d480dacb
DEV: Allow PresenceChannel to specify custom activity thresholds (#15217)
This allows consumers to vary the parameters on a per-channel basis. e.g. if you wanted a channel to consider someone 'away' after 10 minutes, and another channel to consider someone 'away' after 1 minute, that is now possible.
2021-12-07 20:57:57 +00:00
Jarek Radosz 6e8df3d66b
DEV: Deprecate `registerOption()` (#15209)
It's been a no-op for 5 years now.
2021-12-07 18:33:45 +01:00
Penar Musaraj 03b0c9f267
A11Y: Remove dupe label on signup confirm field (#15212) 2021-12-07 11:40:00 -05:00
Loïc Guitaut d0888c190e FIX: Display pending posts in a moderated category
Currently we display pending posts in topics (both for author and staff
members) but the feature is only enabled when there’s an enabled global site
setting related to moderation.

This patch allows to have the same behavior for a site where there’s
nothing enabled globally but where a moderated category exists. So when
browsing a topic of a moderated category, the presence of pending posts
will be checked whereas nothing will happen in a normal category.
2021-12-07 10:14:45 +01:00
Krzysztof Kotlarek 412a6c0e8c
FIX: edit tag test (#15207)
Broken with PR https://github.com/discourse/discourse/pull/15149
2021-12-07 07:24:55 +01:00
Krzysztof Kotlarek a616bc296a
FIX: tag transition only if tag name changed (#15149)
We need to change path only if tag name is changed. If a description is added, we don't need to reload.
2021-12-07 05:44:55 +01:00
Dan Ungureanu 9a6ec1d0c6 PERF: Add index on email_tokens.token_hash 2021-12-07 10:17:45 +08:00
Alan Guo Xiang Tan 4e67297a7c FIX: Missing allowed urls when displaying granualar API key scopes.
Follow-up to 3791fbd919
2021-12-07 10:17:17 +08:00
Alan Guo Xiang Tan 44588255fc FEATURE: Introduce API scopes for badges. 2021-12-07 10:17:17 +08:00
Andrei Prigorshnev f3508065a3
FIX: auth incorrectly handles duplicate usernames (#15197) 2021-12-06 20:49:04 +04:00
Penar Musaraj bf18145e70
UX: Fix flair dropdown styling in user account (#15201) 2021-12-06 11:28:10 -05:00
Roman Rizzi 43903f8dfe
FIX: Updating a consolidated notification should bump it to the top. (#15199)
In the future, it would be better to have a consolidated_at timestamp instead of updating created_at.
2021-12-06 12:31:44 -03:00
David Taylor 0b364140ec
DEV: Add :before_email_login event for plugins (#15187) 2021-12-06 09:38:37 +08:00
Andrei Prigorshnev ce074d118e
DEV: drop unused method (#15190)
There are no usages in Core and plugins.
The last usage was removed in https://github.com/discourse/discourse/pull/9369.
2021-12-06 09:37:54 +08:00
Jarek Radosz 28bf9599f5
FEATURE: Pre-setting user locale via bulk invite (#15195) 2021-12-06 02:08:21 +01:00
Jarek Radosz 4bb91754ad
FIX: Make user themes sort order case insensitive (#15193)
That's the order they appear in a dropdown in user preferences.
2021-12-06 01:55:34 +01:00
Martin Brennan 3b13f1146b
FIX: Add random suffix to outbound Message-ID for email (#15179)
Currently the Message-IDs we send out for outbound email
are not unique; for a post they look like:

topic/TOPIC_ID/POST_ID@HOST

And for a topic they look like:

topic/TOPIC_ID@HOST

This commit changes the outbound Message-IDs to also have
a random suffix before the host, so the new format is
like this:

topic/TOPIC_ID/POST_ID.RANDOM_SUFFIX@HOST

Or:

topic/TOPIC_ID.RANDOM_SUFFIX@HOST

This should help with email deliverability. This change
is backwards-compatible, the old Message-ID format will
still be recognized in the mail receiver flow, so people
will still be able to reply using Message-IDs, In-Reply-To,
and References headers that have already been sent.

This commit also refactors Message-ID related logic
to a central location, and adds judicious amounts of
tests and documentation.
2021-12-06 10:34:39 +10:00
David Taylor 972d7cb1d6
DEV: Fix mini-profiler location for custom (or missing) d-headers (#15192) 2021-12-04 23:33:07 +00:00
Jarek Radosz d3912075b6
FIX: PWA badges were not updating (#15191)
That regressed in #7714, over two years ago. :P
2021-12-05 00:15:51 +01:00
Kris 03f3d79388
UX: remove style that breaks composer on pm page (#15189) 2021-12-03 21:56:37 -05:00
Kris 6d2eae27a6
UX: reduce composer jumpiness on android (#15184) 2021-12-03 17:02:22 -05:00
Kris 657c137384
UX: Prevent overflow on mobile timeline dates (#15182) 2021-12-03 13:48:26 -05:00
Kris b01ded9c89
UX: Improve tag info style (#15177) 2021-12-03 10:22:05 -05:00
Joffrey JAFFEUX f9e2ab570b
FIX: allows more precise placement strategy on mobile (#15171)
* FIX: allows more precise placement strategy on mobile

- default to absolute on mobile, fixed on desktop
- allows to set a global `placementStrategy` or a specific to each view `mobilePlacementStrategy` `desktopPlacementStrategy`

This is mainly used to allow a proper composer-actions positioning in mobile.

Note this commit also fixes a mouseDown event which could propagate quote-button event and cause the composer to close full screen on mobile

* mobile only
2021-12-03 11:47:33 +11:00
Mark VanLandingham 7e005f2ea3
DEV: Don't error when emoji-picker is used outside composer (#15172) 2021-12-02 14:50:30 -06:00
Jordan Vidrine 9ecf454074
DEV: Invite page changes (#15175) 2021-12-02 13:18:11 -06:00
Jarek Radosz 7456a59022
FEATURE: Add the ability to go back and forth between PM and New Topic (#15173)
Before this, if you were composing a new topic and then switched the mode to "New Message", the dropdown would disappear.

So if you changed your mind, you'd have to copy the text you typed, cancel, click "New Topic" again, and then paste the text. (and if you already had a title entered too, things would be more complicated…)
2021-12-02 19:46:40 +01:00
Daniel Waterworth bd10f113e9
DEV: Raise errors for (black|white)list accesses (#15174)
These have been deprecated for a while
2021-12-02 12:16:55 -06:00
Michelle Bueno Saquetim Vendrame 9b5836aa1d
Add three reports (#14338)
* Add report top_users_by_received_likes

* Add report top_users_by_received_likes_from_inferior_trust_level

* Add report top_users_by_likes_received_from_a_variety_of_people

* Add test to report_top_users_by_received_likes

* add top_users_by_likes_received_from_a_variety_of_people report test

* add top_users_by_likes_received_from_inferior_trust_level report tests
2021-12-02 22:41:55 +05:30
Daniel Waterworth 2f04a9b9fb
DEV: Remove site_setting_saved event (#15164)
We said we would drop it from 2.4, so this is long overdue

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-02 09:33:03 -06:00
David Taylor cfb6199a95
FIX: Don't redirect XHR/JSON requests when login is required (#15093)
When redirecting to login, we store a destination_url cookie, which the user is then redirected to after login. We never want the user to be redirected to a JSON URL. Instead, we should return a 403 in these situations.

This should also be much less confusing for API consumers - a 403 is a better representation than a 302.
2021-12-02 15:12:25 +00:00
David Taylor 55cbc70f3f
DEV: Ensure redirects are passed through to the client by ember-cli (#15170)
By default, `fetch` will transparently follow redirects, even across domain boundaries
2021-12-02 15:03:45 +00:00
Penar Musaraj 732678f642
UX: Fix alignment in group navigation bar (#15169)
Same as #15145.
2021-12-02 09:45:33 -05:00
Andrei Prigorshnev 1c0022c195
FIX: extract and fix overriding of usernames by external auth (#14637) 2021-12-02 17:42:23 +04:00
David Taylor ceca34aca6
DEV: Ensure ember-cli does not attempt to bootstrap non-ember pages (#15168)
1b3d124a introduced a logic change which meant that we attempted to bootstrap, even on pages without any `preloadJson` (i.e. non-ember HTML pages from Discourse). This commit restores the original logic, making sure to avoid `?.`.
2021-12-02 10:58:54 +00:00
David Taylor 44d16fcd8e
DEV: Print full stack trace on ember-cli bootstrap error (#15167) 2021-12-02 10:58:03 +00:00
Sam 3a73028a70
PERF: migrate normalized_emails in a migrations (#15166)
Old OnceOff job could perform pretty slowly on sites with millions of emails

New implementation operates in batches in a migration, minimizing locking.
2021-12-02 15:08:22 +11:00
Jarek Radosz 1b3d124a4e
DEV: Don't use `?.` in bootstrap-json (#15162)
That code is not transpiled, so it doesn't work on older node versions.
2021-12-01 22:04:56 +01:00
Mark VanLandingham bd140948e3
DEV: Changes to support chat uploads (#15153) 2021-12-01 13:24:16 -06:00
David Taylor abe30a17da
DEV: Fix ember CLI bootstrap logic (#15160)
When 1fa7a87f was rebased onto `main`, it didn't take into account the recent changes in c0781d7d. This commit updates the logic to work properly.
2021-12-01 18:31:52 +00:00
Kerry Liu 64e1ca6daa UX: only apply link formats on paste to selections that do not contain links 2021-12-01 13:29:17 -05:00
Osama Sayegh 1d69261bc0
FIX: Set `auto_update` to false for non-git themes/components (#15157)
Related to: 20f736aa11.

`auto_update` is true by default at the database level, but it doesn't make sense for `auto_update` to be true on themes that are not imported from a Git repository.
2021-12-01 19:58:13 +03:00
David Taylor 1fa7a87f86
SECURITY: Remove ember-cli specific response from application routes (#15155)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
2021-12-01 16:10:40 +00:00
Andrei Prigorshnev f37375f582
DEV: avoid sending events to a destroying object and enable few skipped tests (#15030) 2021-12-01 18:21:44 +04:00
Martin Brennan 4bdb956a0d
Revert "UX: Fix alignment in group navigation bar (#15145)" (#15150)
This reverts commit 01830f9d28.

This broke sidebar and could have affected customer themes
on a full enterprise deploy.
2021-12-01 16:13:03 +11:00
Natalie Tay 0f598ca51e
SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
Penar Musaraj 01830f9d28
UX: Fix alignment in group navigation bar (#15145) 2021-12-01 11:49:34 +11:00
Martin Brennan d64323b4e6
DEV: Change create-invite-uploader to use uppy (#15088)
Part of overall strategy to remove jQuery file uploader
from the codebase. Also added some helper functionality to
the uppy mixin to allow for non-autostart uploads (all
previous upload changes have been for auto start components.)
2021-12-01 09:45:05 +10:00
Martin Brennan dce6c6fb50
FIX: Native File object was not passed to uploadHandler (#15146)
The commit 20b2a42f49 broke
upload handlers, because previously we passed through the
native File object to the handler, not the uppy-wrapped
File object.
2021-12-01 09:01:53 +10:00
Krzysztof Kotlarek 9cabd3721b
FEATURE: ability to add description to tags (#15125)
Ability to add description to tags, which will be displayed on hover.
2021-12-01 09:18:56 +11:00
Jarek Radosz 0bf30196c9
FIX: Broken css in #15141 (#15144) 2021-11-30 20:02:22 +01:00
Jarek Radosz feb9a3675d
UX: Tweak mobile composer styling (#15141)
A followup to #15117
2021-11-30 19:50:28 +01:00
Jarek Radosz ac79c5efc6
UX: Tweak composer styling (#15117)
* Even margins
* Slightly more muted and unified borders, separators, and icons
* Editor and preview area have same height
2021-11-30 17:41:22 +01:00
Jarek Radosz 7ce6971539
DEV: Add drop-date to drop-dateless deprecations (#15133) 2021-11-30 17:41:04 +01:00
Jarek Radosz c0781d7d23
DEV: Replace bent with node-fetch in bootstrap (#15139)
Drops the `acceptedStatusCodes` array.
2021-11-30 17:40:32 +01:00
Roman Rizzi 1fc06520bd
REFACTOR: Improve support for consolidating notifications. (#14904)
* REFACTOR: Improve support for consolidating notifications.

Before this commit, we didn't have a single way of consolidating notifications. For notifications like group summaries, we manually removed old ones before creating a new one. On the other hand, we used an after_create callback for likes and group membership requests, which caused unnecessary work, as we need to delete the record we created to replace it with a consolidated one.

We now have all the consolidation rules centralized in a single place: the consolidation planner class. Other parts of the app looking to create a consolidable notification can do so by calling Notification#consolidate_or_save!, instead of the default Notification#create! method.

Finally, we added two more rules: one for re-using existing group summaries and another for deleting duplicated dashboard problems PMs notifications when the user is tracking the moderator's inbox. Setting the threshold to one forces the planner to apply this rule every time.

I plan to add plugin support for adding custom rules in another PR to keep this one relatively small.

* DEV: Introduces a plugin API for consolidating notifications.

This commit removes the `Notification#filter_by_consolidation_data` scope since plugins could have to define their criteria. The Plan class now receives two blocks, one to query for an already consolidated notification, which we'll try to update, and another to query for existing ones to consolidate.

It also receives a consolidation window, which accepts an ActiveSupport::Duration object, and filter notifications created since that value.
2021-11-30 13:36:14 -03:00
Andrei Prigorshnev 284ab8cdf7
DEV: migrate (almost all) routes from `actions:` to `@action` syntax (#14722)
This should be safe, all these places are pretty straightforward. I've run into one problem when changing this, though. That problem was fixed in https://github.com/discourse/discourse/pull/14624
2021-11-30 17:01:06 +04:00
Andrei Prigorshnev 88f9bb3dc9
FIX: do not suggest "user1" as a username to invited users (#15031)
Recently, the wrong new behavior appeared – we started to suggest to invited users usernames like "user1".

To reproduce:
1. Create an invitation with default settings, do not restrict it to email
2. Copy an invitation link and follow it in incognito mode
See username already filled, with eg “user1”. See screenshot. Should be empty.

This bug was very likely introduced by my recent changes to UserNameSuggester.
2021-11-30 16:59:37 +04:00
Jarek Radosz 24356e339b
DEV: Fix pending posts page, make tests work in legacy env (#15132)
* Running the tests only in the ember cli env hid the fact that the pending posts feature wasn't working in the legacy environment
* Tests were using ember-cli-only APIs while there are widely used testing APIs in Discourse that support both ember envs
* `ember-test-selectors` was in both dependencies and devDependencies in discourse/package.json
* `qunit-dom` in package.json was not only unused but also defunct, as it wasn't pulled into the legacy env app

A followup to #14501, and #15128.
2021-11-30 13:01:39 +01:00
Osama Sayegh fced35de15
UX: Add title attribute to reports cells (#15137)
Some reports, like the Web Crawler User Agents report, have very long strings that need to be truncated when displayed. However, there is no way to see the full value without exporting the report or inspecting the elements using dev tools. This PR set a `title` attribute with the full value to the reports `<td>` elements so that the full value is shown on hover.
2021-11-30 14:58:42 +03:00
Joffrey JAFFEUX 77a1d8675c
FIX: adds 422 status code to bootstrap json (#15138)
A post error validation would return a 422 status code. This status code was not accepted with the recent changes to bootstrap-json/index.js and would return a "Discourse Build Error" string, preventing any kind of bootbox popup error in the composer.
2021-11-30 11:54:38 +01:00
Osama Sayegh 7bd3986b21
FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131)
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
Jeff Wong 9896fc7d33
FIX: allow staff to upload when they should and authorized_extensions is blank (#15136)
Allow staff to upload when authorized_extensions is blank, but
authorized_extensions_for_staff is not
2021-11-29 21:40:54 -08:00
David Taylor af4b8d0e21
DEV: Automatically leave PresenceChannels when in the background (#15047)
* DEV: Improve PresenceChannel state storage

Replaces some objects with Maps, and removes the redundant _presentChannels Set.

* DEV: Automatically leave PresenceChannels when in the background

If a tab has been in the background for 10s, or there has been no user activity for 60s, then the user will be removed from all PresenceChannels until activity resumes. Developers can opt-out of this by passing `{onlyWhileActive: false}` to the `enter` method.
2021-11-30 15:38:19 +11:00
Jarek Radosz 6662101208
DEV: Fix a test leak (#15135)
The leak was introduced in #11722 and a test was added that relied on it in #14563

This PR fixes the leak (bookmarks-test), fixes the test that relied on it (fast-edit-test), and repleces some ad-hoc code with cloneJSON helper (other files)
2021-11-30 13:45:26 +11:00
Martin Brennan 7e5f52a163
DEV: Use pushObject for inProgressUploads in uppy (#15134)
The inProgressUploads is meant to be used to display these uploads
in a UI, and Ember will only update the array in the UI if pushObject
is used to notify it.
2021-11-30 10:42:45 +10:00
Martin Brennan f70e6c302f
DEV: Switch to using uppy uploads in composer by default (#15058)
This is a big change to change over to using the uppy
upload mixin in the composer by default. This gets rid
of the temporary composer-editor-uppy component, as well
as removing the old ComposerUpload mixin and copying over
any missing functions that were not yet implemented by
ComposerUploadUppy. This has been working well on our
hosting for some time now and has led us to several
bug fixes.

This commit also deletes the old plugin API for adding
preprocessors for the uploads. The accepted method of doing
this now is via an uppy preprocessor plugin, which we have
several examples of in the core codebase.

Leaving the `enable_experimental_composer_uploader` site setting
intact for now because some plugins still rely on it, this
will be removed at a later date.

One step closer to ending the jQuery file uploader saga...
2021-11-30 08:33:06 +10:00
Joffrey JAFFEUX 3dc0b9e077
UX: closes multi-select on selection when maximum=1 (#15092) 2021-11-29 14:29:11 +01:00
Loïc Guitaut 354f88358c DEV: Add ember-test-selectors to production env 2021-11-29 11:31:31 +01:00
David Taylor 0ab57975a4
FIX: Ensure widget hooks always call the correct instance (#15127)
Widgets instances are ephemeral - they change on every re-render. We always want to notify the 'most recent' widget instance of events. This regressed in 1b9cf1b1 because the touchStart and drag hooks would persist the widget instance from the initial render. This commit switches TouchStart and Drag back to the pattern other events use, so that the most recent instance is always called. The performance benefits of per-element event listeners are retained.
2021-11-29 09:33:40 +00:00
Loïc Guitaut a5fbb90df4 FEATURE: Display pending posts on user’s page
Currently when a user creates posts that are moderated (for whatever
reason), a popup is displayed saying the post needs approval and the
total number of the user’s pending posts. But then this piece of
information is kind of lost and there is nowhere for the user to know
what are their pending posts or how many there are.

This patch solves this issue by adding a new “Pending” section to the
user’s activity page when there are some pending posts to display. When
there are none, then the “Pending” section isn’t displayed at all.
2021-11-29 10:26:33 +01:00
Joffrey JAFFEUX 6e603799eb
FIX: treats ipad as mobileView for popper positioning (#15091)
* FIX: treats ipad as mobileView for popper positioning

* ensures it doesn’t break wizard
2021-11-29 17:40:01 +11:00
Jarek Radosz 530eb0c9bd
DEV: Throw on non-xhr errors (#15123)
Makes it easier to debug post-stream problems when the issue isn't with the server response.
2021-11-29 17:36:48 +11:00
Jarek Radosz 5d643a498e
FIX: Global log notice regressed in #15000 (#15119)
Notice models didn't have the same injections as GlobalNotice components.
2021-11-29 17:13:35 +11:00
Martin Brennan 20b2a42f49
DEV: Send multiple files in batches to composer upload handlers when using uppy (#15124)
In jQuery file upload land, we were sending a single file through
at a time to matching upload handlers. This in turn required plugin
authors to marshal the files as they came through one by one if they
wanted to group them together to do something with them. Now that
we are using uppy, files come through in the groups they are added
in (for example dropping multiple, selecting multiple from the system
file dialogue).

This commit changes the matching upload handlers to send through
all matching files at once instead of piecemeal.
2021-11-29 11:19:02 +10:00
Jarek Radosz 13aed6fe3b
FIX: Setting bookmarks in some cases was broken (#15120)
Error introduced in #14781

```
Error: Assertion Failed: You attempted to update <(unknown):ember3217>.bookmarks to "<(unknown):ember3846>", but it is being tracked by a tracking context, such as a template, computed property, or observer. In order to make sure the context updates properly, you must invalidate the property when updating it. You can mark the property as `@tracked`, or use `@ember/object#set` to do this.
```
2021-11-28 23:34:51 +01:00
Martin Brennan e464958333
DEV: Fix uploadHandler impl. in composer-upload-uppy mixin (#15105)
In f6528afa01 I added parity support
for composer upload handlers to the uppy-ized composer. However the
way I assumed that it was only possible to handle a single file
upload at a time was false; it only appeared this way in the old
jQuery file upload composer because jQuery file upload sent through
files one at a time even if multiple were added at once. This caused
issues in certain plugins and themes by third parties.

This commit fixes the issue by making the uppy upload handler work
the same as the old one, by capturing all of the added files that
have matching handlers then going through them one by one and passing
them to the handler function.
2021-11-29 08:32:06 +10:00
Jarek Radosz fb5e871dff
DEV: Remove unnecessary functions (#15113) 2021-11-28 12:45:32 +01:00
David Taylor 1b9cf1b1c7
PERF: Update widget hooks to avoid global scroll-blocking events (#15116)
For widget event handlers, we register a single listener on the `<body>`, and then notify the relavent widget (if any) when the event fires.

`touchstart` and `touchmove` events are particularly performance sensitive because they block scrolling on mobile. Therefore we want to avoid registering global non-passive listeners for these events.

This commit updates the WidgetTouchStartHook and WidgetDragHook implementations to automatically register listeners on the specific widget DOM elements when required.

This commit removes the last global scroll-blocking event handler from Discourse core. That means that mobile scrolling is now completely decoupled from our JS app. Even if the JS app is completely blocked (e.g. during rendering), scrolling will now continue to work. This should make things feel a lot smoother, especially on lower performance devices.
2021-11-28 10:47:44 +00:00
David Taylor bca5c58c90
DEV: Disable 'passive' handlers for pan-events mixin (#15118)
These were set to `passive: true` in ff72522f.

However, two consumers of this mixin (topic-navigation and site-header) do need to call `e.preventDefault()`, so we can't use passive listeners here.

That's ok, because this mixin only applies to a specific component's element, not the entire page. So having these non-passive listeners doesn't affect the vast majority of scrolling
2021-11-28 10:42:59 +00:00
David Taylor 136189508b
DEV: Ensure scrolling-post-stream event listeners are removed correctly (#15115)
The method was switched from _debouncedScrollCallback to _debouncedScroll in ff72522f, but the cleanup was not updated to match.
2021-11-27 17:04:31 +00:00
David Taylor 1b184cefd0
PERF: Update scrolling mixin implementation (#15109)
This mixin calls the "scrolled" method of some object with no parameters, so there is no way that consumers would ever call `event.preventDefault()`. Therefore we can make the listeners passive, and improve scrolling performance on mobile.

This commit also updates the mixin to remove JQuery usage. The API is slightly modified to remove the need for an event 'name' for binding/unbinding.

The calls to `.bindScrolling` and `.unbindScrolling` in user-stream.js are removed because they are already called by the LoadMore mixin which is applied to the component.

The `bindScrolling` method claimed to offer debouncing-by-default. However, a bug in the `opts` parsing meant that debouncing was skipped if a 'name' was passed in. Therefore the only consumer actually being debounced was the LoadMore mixin. This commit fixes the opts parsing, so all consumers get the same behavior.

However, when scrolling, debounce is rarely what we want. The documentation of `bindScrolling` says "called every 100ms". In fact, debounce means that the functions were only called 'after the user **stops scrolling** for 100ms'. If you're scrolling very slowly (e.g. when using momentum-based scrolling on mobile), then this can be quite frustrating. This is why "Load more" is only triggered on topics/topic-lists when you completely stop scrolling.

Therefore, this commit also replaces the default 'debounce' with a 'throttle'. The 'throttle' is configured with `immediate = false`, so that it fires on the trailing edge, and therefore the final call will always be **after** we finish scrolling. (the default `immediate: true` would fire on the leading edge, and so the last call could be up to 100ms **before** we finish scrolling).
2021-11-26 20:22:50 +00:00
David Taylor 5d59b7e733
DEV: Make plugin api errors more descriptive (#15111)
With more descriptive errors, developers will know **why** a change is required, and may be more likely to take action.
2021-11-26 20:22:29 +00:00
David Taylor e8bb37bd89
PERF: Disable ember touchstart listener (#15112)
Registering non-passive listeners for the touchstart event can affect scroll performance on mobile devices, and now shows a warning in Chrome. Our current version of Ember unconditionally registers all event listeners, even if they're unused. It also doesn't support passive event listeners. Once we get to Ember 4.0, it lazily registers event listeners, and supports passive listeners via the `{{on` helper.

We already disable the ember `mousemove` and `touchmove` events for performance, so it makes sense to do the same for `touchstart`. We are not using `touchstart` anywhere in core, and I cannot find any official/unofficial plugins which use it. If a `touchstart` event is required, plugins/themes can always register their own listeners (preferably on a specific element, rather than the whole `document`)
2021-11-26 20:22:02 +00:00
Jarek Radosz fac6cc0778
DEV: Make `@afterRender` do just that, no extra `next()` (#15086) 2021-11-26 20:16:08 +01:00
David Taylor 4229e3f22c DEV: Set `passive: false` on composer grippie events
We do call `event.preventDefault()` on these events. They're limited to a single element, so performance impact should be negligable. Adding `passive: false` prevents the chrome dev tools warning.
2021-11-26 18:03:39 +00:00
David Taylor ff72522f30 PERF: Use passive event listeners for touchstart, touchmove
None of these places call `event.preventDefault()`. Therefore we can register the event listeners as 'passive', and improve scroll performance on mobile devices.
2021-11-26 18:03:39 +00:00
Penar Musaraj a12b73f881
UX: Fix extra indent on lists when supporting mixed text direction (#15110) 2021-11-26 12:32:45 -05:00
Robin Ward f1178514fa Segment Ember CLI tests
Note `/topics/bulk` missing the first slash seems to expose an error not
present without segmentation.
2021-11-26 12:14:30 -05:00
Jarek Radosz 2971d03307
DEV: Don't create unnecessary scope methods (#15104)
Skipping methods we don't use gives us mem/perf gains (minuscule but still), but more importantly fixes warnings about `Poll#open` (created by `enum :status`) conflicting with some internal AR method. 😃
2021-11-26 16:34:07 +01:00
David Taylor 4d3eb3f1ac
PERF: Set --header-offset property only when changed (#15107)
Calling `setProperty("--header-offset", newValue)` will always cause a 'Recalculate Style' event, even if the value is unchanged. On my browser, these 'Recalculate Style' events take about 6-7ms each time the `dockCheck` function is run.

This commit stores the 'previous' value in an instance variable, and only calls setProperty if the value has changed. This brings the total runtime of `dockCheck` down to about 70µs on my machine.
2021-11-26 15:25:03 +00:00
Jarek Radosz 1441226b1a
DEV: Don't polute all ActiveRecord classes (#15103)
`pending`, `approved`, `rejected`, `ignored`, and `deleted` scope method were accessible on all model classes… 😂

Fixes `Creating scope :pending. Overwriting existing method DiscoursePostEvent::EventDate.pending.` warnings.
2021-11-26 10:17:10 +08:00
Martin Brennan 73db60ad2a
DEV: Add 201 to bootstrap-json accepted status codes (#15102)
The theme creator endpoints return JSON with a 201 CREATED
status code. With the recent changes to bootstrap-json/index.js
for the Ember CLI proxy, these endpoints were broken because
201 was not an accepted status code. This commit simply
adds 201 to the array, but prettier forced a reformat as well!
2021-11-26 11:13:15 +10:00
Robin Ward 9123f471e8 FIX: Don't throw errors on duplicate keys in Yaml
We shouldn't have them, but they shouldn't break a build either.
2021-11-25 16:56:02 -05:00
Jarek Radosz c3eb75bf00
DEV: Don't crash on empty plugin translations (#15097)
ember build would throw and exit on:

```yml
# plugins/my_plugin/config/locales/client.en.yml
en:
  js:
    my_plugin:

```
2021-11-25 22:55:37 +01:00
Penar Musaraj d99deaf1ab
FEATURE: show recent searches in quick search panel (#15024) 2021-11-25 15:44:15 -05:00
Rafael dos Santos Silva 5647819de4
FEATURE: Send a 'noindex' header in non-canonical responses (#15026)
* FEATURE: Optionally send a 'noindex' header in non-canonical responses

This will be used in a SEO experiment.

Co-authored-by: David Taylor <david@taylorhq.com>
2021-11-25 16:58:39 -03:00
Penar Musaraj 1166afa4e8
FIX: Software update prompt position on themes with extra header (#15094) 2021-11-25 11:16:55 -05:00
Jarek Radosz cabacb5c48
DEV: Drop non-visualViewport Safari hacks (#15007)
Those were required pre-iOS 13.
2021-11-25 16:56:11 +01:00
David Taylor 03998e0a29
FIX: Use CDN URL for internal onebox avatars (#15077)
This commit will also trigger a background rebake for all existing posts with internal oneboxes
2021-11-25 12:07:34 +00:00
David Taylor fd93d6f955
DEV: `lib/user-presence` improvements (#15046)
- Remove JQuery
- Remove legacy `document.webkitHidden` support. None of our currently supported browsers need this
- Use `passive` event listeners. These allows the browser to process the events first, before passing control to us
- Add a new `unseenTime` parameter. This allows consumers to request a delay before being notified about the browser going into the background
- Add a method for removing a callback
- Fire the callback when presence changes in either direction. Previously it would only fire when the user becomes present after a period of inactivity.
- Ensure callbacks are only called once for each state change. Previously they would be called every 60s, regardless of the value
- Listen to the `visibilitychanged` and `focus` events, treating them as equivalent to user action. This will make messagebus re-activate more quickly when switching back to a stale tab
- Add test helpers
- Delete the unused `discourse/lib/page-visible` module.
- Call message-bus's onVisibilityChange API directly, rather than dispatching a fake event on the `document`
2021-11-25 12:07:07 +00:00
Dan Ungureanu 6e2d4a14ac
FIX: Delete unconfirmed AND expired email tokens only (#15089) 2021-11-25 10:34:30 +02:00
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
Natalie Tay 4c46c7e334
DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
Jordan Vidrine 09260148b1
DEV: Add cta app event (#15051)
Add app event for when CTA is triggered for anon users
2021-11-25 15:10:26 +11:00
Alan Guo Xiang Tan db5edc713b
DEV: Make it clear that plugin-api on the client side follows semver. (#15070) 2021-11-25 09:26:28 +08:00
Jarek Radosz 704974da6a
DEV: Allow using incorrect headers with ember-cli (#15085)
Makes it possible to pass-through invalid headers, e.g. `Content-Type: multipart/form-data;;`

That ability regressed with the latest changes.
2021-11-25 00:45:55 +01:00
Robin Ward c27e324bd1 FEATURE: Support i18n in Ember CLI plugin tests 2021-11-24 15:19:36 -05:00
Jarek Radosz de3680eb5c
DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
Jarek Radosz e41f98bf96
DEV: Fix set-after-destroy issues (#15078)
Fixes broken tests on the legacy ember env.
2021-11-24 20:13:52 +01:00
Jarek Radosz 9380c1273e
DEV: Fix another form of sending data in ember-cli (#15079) 2021-11-24 18:54:15 +01:00
Osama Sayegh 8fd10e6414
FIX: Don't crash the browser when tapping autocomplete suggestions on Android/Gboard (#15076)
This is a workaround for an annoying bug that crashes the browser when an autocomplete suggestion is selected on Android if the virtual keyboard is Gboard. It's specific to Gboard because it sometimes sends `keydown` and `keyup` events twice for a single key press, more details can be found here: https://meta.discourse.org/t/emoji-selector-crashes-the-message-editor-in-android-chrome/187009/24?u=osama.
2021-11-24 20:44:46 +03:00
Kerry Liu ded9fe950a UX: add additional tests for pasting a link on a selection 2021-11-24 12:33:22 -05:00
Kerry Liu f37bffdf6c UX: when pasting a link use linkify rules 2021-11-24 12:33:22 -05:00
Kerry Liu 0009498901 UX: pasting links on a selection will apply a link format 2021-11-24 12:33:22 -05:00
Jarek Radosz c75224e3d9
DEV: Update supported node versions (#15073)
13 and 15 are no longer supported by node, and issues with discourse dependencies prevent us from using 17. (for now)
2021-11-24 18:18:35 +01:00
Bianca Nenciu 59e0ed8820
FEATURE: Highlight changed tags in post revisions (#15072) 2021-11-24 18:51:25 +02:00
Jarek Radosz 1ab4b1a4a8
DEV: Minor cleanup of create-account tests (#14989) 2021-11-24 16:43:25 +01:00
Jarek Radosz 9105163882
DEV: Fix the /tests path in ember-cli server (#15075) 2021-11-24 15:34:04 +01:00
Jarek Radosz e217364a46
DEV: Fix ember-cli proxy issues (#15071)
* DEV: Fix ember-cli proxy compat with node < 16
* DEV: Fix uploading via ember-cli
* DEV: Fix proxying /logs & other CSP-enabled pages
2021-11-24 12:52:25 +01:00
Bianca Nenciu 3ea8937157
FEATURE: Add email normalization rules setting (#14593)
When this setting is turned on, it will check that normalized emails
are unique. Normalized emails are emails without any dots or plus
aliases.

This setting can be used to block use of aliases of the same email
address.
2021-11-24 11:30:06 +02:00
Alan Guo Xiang Tan 057ef55684
DEV: Allow callback to be registered to remove post menu button. (#15061)
This will allow buttons in the post menu to be remove based on a post's
attributes or site settings.
2021-11-24 13:26:52 +08:00
Jarek Radosz 3172e08b6d
DEV: Fix ember-cli proxying to production sites (#15042) 2021-11-23 23:31:54 +01:00
Bianca Nenciu 73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Vinoth Kannan 0ededb1454
UX: timestamp should not hide handle of topic timeline in mobile. (#15066)
Previously, since the space of the timestamp is big in some locales, it blocked the visibility of topic timeline handle in mobile view.
2021-11-23 23:24:58 +05:30
David Taylor c749b41163
UX: Fallback to regular title if screen-reader title is unavailable (#15048)
c401d641 introduced a new translation key for auth providers, and provided new strings for core providers. However, not all plugins have added this string. This commit makes the screenreader title fallback to the regular title in those cases.
2021-11-23 11:12:54 +00:00
Natalie Tay adf6498fe2
FEATURE: Show browser search tip when discourse search shows up in a topic (#15055) 2021-11-23 13:11:17 +08:00
Alan Guo Xiang Tan 8226ab1099
PERF: Updating first unread PM for user not respecting limits. (#15056)
In b8c8909a9d, we introduced a regression
where users may have had their `UserStat.first_unread_pm_at` set
incorrectly. This commit introduces a migration to reset `UserStat.first_unread_pm_at` back to
`User#created_at`.

Follow-up to b8c8909a9d.
2021-11-23 12:51:54 +08:00
Martin Brennan db4c52ca26
DEV: Add single file progress and cancel for uppy in composer (#15053)
This commit adds handlers for the composer uppy mixin to allow
for cancelling individual file uploads, not just all of them
at once. This is also combined with better tracking of in progress
uploads along with their progress percentage, for UI that needs
to be able to display the progress for individual files and
also cancel individual files.

To use this, a cancel button in the UI should call a function like this:

```javascript
cancelSingleUpload(fileId) {
  this.appEvents.trigger(`${this.eventPrefix}:cancel-upload`, {
    fileId,
  });
},
```

Additionally, the `inProgressUploads` can be shown in the UI. It is an array of objects with the file name, ID, and the progress percentage. We can add more data to this if needed down the line.
2021-11-23 14:00:23 +10:00
Kris 52532758f7
DEV: add plugin outlet before topic list views (#15054) 2021-11-22 22:52:46 -05:00
Natalie Tay 340901c913
DEV: Add if a user is using an Apple device in widget capabilities (#15021)
* Consolidate device capability sniffing in caps
2021-11-23 11:21:31 +08:00
Martin Brennan 49c49e8ae0
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
This takes the uppy chunking algorithm and combines it with some
form submission from resumable.js for parity with the current
backup controller to make local backup uploads work with uppy.
We can then use this to replace the resumable-upload component
and the resumable.js library from our codebase, once stable.

This is disabled by default, so people using local backups will not
be affected. The enable_experimental_backup_uploader site setting
must be enabled for this to work.
2021-11-23 08:45:42 +10:00
Jarek Radosz 68b0fdd2b3
DEV: Fix silence user context message (#15040) 2021-11-22 19:44:20 +01:00
Jarek Radosz bd2e1a8c38
FIX: Don't hit permalink-check if not authorized (#15039) 2021-11-22 19:44:00 +01:00
Jarek Radosz ceed48f321
UX: Make banner full-width (#15038) 2021-11-22 19:43:45 +01:00
Dan Ungureanu d420a7b2c8
DEV: Reuse code for TrustLevelAndStaffSetting (#15044)
The code that checked this permission was duplicated everytime a new
settings of this type was added. This commit changes the behavior of
some functionality because some feature checks were bypassed for staff
members.
2021-11-22 20:18:53 +02:00
RogerBW fd66df5997
FEATURE: adds uploads scope for API keys (#14941)
* FEATURE: adds uploads scope for API keys

* Add basic test, change "image" to "file"
2021-11-22 10:49:08 -07:00
Jarek Radosz d91d67a442
FEATURE: Allow theme settings to request refresh (#15037)
Similar to site settings, adds support for `refresh` option to theme settings.

```yaml
super_feature_enabled:
  type: bool
  default: false
  refresh: true
```
2021-11-22 13:16:56 +01:00
Martin Brennan 9f8ee8f137
FIX: Don't publish notifications to MessageBus for inactive users (#15035)
We are pushing /notification-alert/#{user_id} and /notification/#{user_id}
messages to MessageBus from both PostAlerter and User#publish_notification_state.
This can cause memory issues on large sites with many users. This commit
stems the bleeding by only sending these alert messages if the user
in question has been seen in the last 30 days, which eliminates a large
chunk of users on some sites.
2021-11-22 14:38:49 +11:00
Natalie Tay 9015183942
Always show input when editing text by removing hover (#15034) 2021-11-22 10:23:42 +08:00
Natalie Tay d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Penar Musaraj 10a57825c8
UX: Fix fast edit save button color in dark schemes (#15027) 2021-11-19 16:15:10 -05:00
jbrw 97b27a7426
FIX: Remove 'Open Draft' label after topic draft deleted (#14997)
* FIX: Remove 'Open Draft' label after topic draft deleted
2021-11-19 11:00:11 -05:00
David Taylor e906596942
FIX: Ensure mobile topic-list links are treated as Ember transitions (#15022)
In the topic lists, it's important that we apply `pointer-events: none;` to the links. 0e371d4 updated the selector used for this css.

In `templates/list/topic-list-item.hbs`, `.main-link` is applied to the same element as `.topic-list-data`, so the new selector applied correctly.

In `templates/mobile/list/topic-list-item.hbr`, `.main-link` is nested within `.topic-list-data`, so the new selector did not apply correctly.

This commit switches the selector back to simply `.main-link`, so that it works for both mobile and desktop.
2021-11-19 13:47:53 +00:00
Andrei Prigorshnev b0d8d9e73d
FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
David Taylor 2153011cdb
PERF: Use more efficient text-direction check in select-kit init (#15015)
Calling `window.getComputedStyle` during initialization causes the browser to pause and 'Recalculate Style'. On my machine, this adds about 7ms to boot time. Instead, we can check for the `rtl` class on the html element, which is added by the server, and doesn't require computing styles.
2021-11-19 10:17:23 +00:00
Alan Guo Xiang Tan 1566cd2048
DEV: Return promise for toggleFilteredRepliesView widget action. (#15020)
This allows plugin to wait on the promise when the widget action is
called.
2021-11-19 15:40:35 +08:00
Alan Guo Xiang Tan 4b4973ee0d
PERF: Reduce records queried in `UserStat.update_first_unread_pm`. (#15016)
The inefficiency here is that we were previously fetching all the
records from `TopicAllowedUser` before filtering against a limited subset of
users based on `User#last_seen_at`.
2021-11-19 15:30:39 +11:00
Natalie Tay da9a9a8e65
FIX: Add a confirm and cancel button when editing alt text (#15003) 2021-11-19 10:57:09 +08:00
David Taylor 254689b1fb
DEV: Remove JQuery from discourse/lib/text-direction (#15014) 2021-11-19 01:09:36 +00:00
jbrw 9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Jarek Radosz e6670393df
DEV: Refactor `logs-notice`/`global-notice` (#15000) 2021-11-18 21:49:58 +01:00
Robin Ward 2c045c6368 FIX: Don't overwrite computed property for loading spinner fix
This fixes an issue CvX found on PR #14666 where a previous fix
overwrote a computed property.

The better fix (as is often the case with Ember) is to remove an
observer and call methods when things change ourselves.
2021-11-18 15:04:11 -05:00
Jordan Vidrine 9ebfcbb867
FIX: Topic list separator fix (#15011) 2021-11-18 13:32:44 -06:00
Dan Ungureanu 6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
David Taylor ed2c3ebd71
PERF: Move `preload` hints to the `<head>` (#15008)
We have two JS assets which are included in the `<body>` of responses. We were including the `<link rel='preload'` hint alongside the script tag in the body. Instead, we can move the preload hint to the `<head>` so that the browser discovers it earlier, and can start preloading the assets while the body is loading.
2021-11-18 18:02:16 +00:00
David Taylor 135fdd59ed
PERF: Improve JS app boot speed by optimizing `customResolve()` (#14990)
Time spent in the 'find module with suffix' portion of our `customResolve` function were adding up to around 100ms-150ms when booting the app. This time is spread over 150+ calls, so it's not immediately obvious in flamegraphs.

This commit implements a (reversed) [Trie](https://en.wikipedia.org/wiki/Trie) which enables fast suffix-based lookups on a list of strings.

In my tests, this requires < 5ms to initialize, and brings the cumulative 'find module with suffix' time down to `< 5ms`. This corresponds to a ~100ms improvement in LCP metrics in my browser.

The only behavior change is to remove support for module filenames which are **not** dasherized. I haven't found any core/theme/plugin modules which are not dasherized in their filenames.
2021-11-18 16:38:00 +00:00
Jarek Radosz a102673522
DEV: Avoid unnecessary `site-settings:main` lookups (#15006) 2021-11-18 17:11:59 +01:00
Jarek Radosz 8dc9e0f4bd
DEV: Use `class` syntax in key-value-store (#15005) 2021-11-18 16:54:47 +01:00
Jarek Radosz 82c72a46d1
DEV: Fix `castInteger` deprecations (#15004) 2021-11-18 16:52:14 +01:00
Jarek Radosz 4021842628
DEV: Make `search` an actual service (#14998) 2021-11-18 16:52:03 +01:00
Jarek Radosz 42fff92d9f
DEV: Make `store` an actual service (#14996)
`store:main` was unofficially deprecated 4 years ago in fbd5f1e411 (diff-b19dd1d6a5c7938fda9ae317136bbbb82339946ab457c9b95af936a47276c3ddR22)
2021-11-18 16:51:20 +01:00
Kris 19627eca4b
DEV: add outlet for extra categories column (#15002) 2021-11-18 09:46:59 -05:00
Vinoth Kannan fc1c76cfcc
FIX: exclude moderator_action post for reply count in user summary. (#14991)
Previously, incorrect reply counts are displayed in the "top categories" section of the user summary page since we included the `moderator_action` and `small_action` post types.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-11-18 13:42:03 +05:30
Alan Guo Xiang Tan db24c9b94e
FIX: Incorrect title and chevron when filtering by post number. (#14985)
The widget's state did not reflect the state of the controller.
2021-11-18 09:19:00 +08:00
Krzysztof Kotlarek eb82849ccb
FIX: none and all categories filter (#14999)
parentCategory is passed to drop-category componen: https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/templates/components/bread-crumbs.hbs#L11

However, it is not available if it is not explicitly allow listed in selectKitOptions
2021-11-18 10:21:34 +11:00
Martin Brennan b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz 9be69b603c
DEV: Make `screen-track` a regular service (#14983) 2021-11-17 20:56:06 +01:00
Bianca Nenciu 186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz bf34d3524b
DEV: Fix a `userFields` computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX 439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX 113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Krzysztof Kotlarek 9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00
Penar Musaraj 2ff7f105d9
UX: launch full page search on second `Enter` hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00
Martin Brennan 515acb8fc4
FIX: Error when SMTP enabled in PostAlerter with no incoming email (#14981)
When 31035010af
was done it failed to take into account the case where the smtp_enabled
site setting was true, but the topic had no allowed groups / no
incoming email record, which caused errors for topics even with
nothing to do with group SMTP.
2021-11-17 09:24:17 +10:00
Martin Brennan e7a4742490
FIX: Clean up emoji name which is file name (#14980)
Uppy adds the file name as the "name" parameter in the
payload by default, which means that for things like the
emoji uploader which have a name param used by the controller,
that param will be passed as the file name. We already use
the existing file name if the name param is null, so this
commit just does further cleanup of the name param, removing
the extension if it is a filename so we don't end up with
emoji names like blah_png.
2021-11-17 09:20:44 +10:00
Jarek Radosz bf33d2cd4b
FIX: Include all categories in sortedCategories (#14979)
Fixes the issue where categories over two levels deep were missing.
2021-11-17 00:12:04 +01:00
Martin Brennan 7e39910de6
DEV: Refactor uppy s3 mulipart mixin to not use self = this (#14960)
We no longer use this pattern, so we can replace with function
binding instead.
2021-11-17 09:03:10 +10:00
Jordan Vidrine aa31fbe29a
REFACTOR: Continued topic-list tweaks (#14977)
* REFACTOR: Prep for topic-list refactor
2021-11-16 14:44:04 -06:00
Mark VanLandingham 1b752a5dec
DEV: Export add emoji logic in textarea manipulation mixin (#14976) 2021-11-16 13:42:21 -06:00
Jordan Vidrine 19fb97bb13
FIX: Adjust topic list header alert (#14974) 2021-11-16 11:09:07 -06:00
jbrw e306d84c56
FEATURE: display warning when sharing a topic in a restricted category (#14820)
* FEATURE: display warning when sharing a topic in a restricted category

If a topic belongs to a category that is not readable by everyone, display a text warning of "Only visible to members of groups: [group_a], [group_b]"

* DEV: Adding a new category means we need to bump this value

* DEV: pass category to showModal
2021-11-16 11:49:41 -05:00
Jarek Radosz b6677fb126
DEV: Use radix 10 in `parseInt()` (#14973) 2021-11-16 16:36:44 +01:00
Akshay Birajdar 6b5e8be25a Support parsing array in #param_to_integer_list
Co-authored-by: Akshay Birajdar <akshay.birajdar@coupa.com>
2021-11-16 10:27:00 -05:00
Joffrey JAFFEUX 035822d9e0
DEV: sticky avatar was retained during tests (#14969) 2021-11-16 14:33:06 +01:00
Joffrey JAFFEUX ff7e685a59
DEV: removes jquery usage from discourse-topic (#14964) 2021-11-16 13:17:44 +01:00
Joffrey JAFFEUX 0fbeb2e5a2
DEV: removes jquery usage from links-redirect (#14968) 2021-11-16 13:16:53 +01:00
Joffrey JAFFEUX f9682f1c69
DEV: removes jquery usage from html-with-links (#14966) 2021-11-16 13:16:43 +01:00
Andrei Prigorshnev 32c6c4f417
DEV: Remove unused action (#14889)
There are no usages in Core and plugins.
2021-11-16 15:49:59 +04:00
Jordan Vidrine 370c729160
FIX: Additional fixes for last-visited on topic list (#14962) 2021-11-16 12:34:29 +01:00
Joffrey JAFFEUX 2167d4d890
FIX: fix regressions introduced in ae16b0a (#14967)
- ensures arrow up/down doesn’t also apply to textarea while autocomplete is opened
- ensures esc is closing autocomplete and also not closing composer while autocomplete is opened
2021-11-16 12:19:14 +01:00
Joffrey JAFFEUX 49f09345c7
FIX: adds missing class for last visit separator (#14965) 2021-11-16 11:40:08 +01:00
Joffrey JAFFEUX ae16b0a9d4
DEV: reduces jquery usage and memory leaks in composer (#14924)
Removes more than 60 jquery function leaks in one `Acceptance: Composer` run.
2021-11-16 10:27:05 +01:00
Joffrey JAFFEUX ef881fdedc
DEV: drops jquery/simplify code/removes leaked event (#14947) 2021-11-16 10:26:39 +01:00
Joffrey JAFFEUX c768c2ab3a
DEV: drops jquery usage in stacked chart (#14946) 2021-11-16 10:26:26 +01:00
Joffrey JAFFEUX 43659a6de2
DEV: jquery removal/listeners/cleanup of permalink form (#14944)
- Removes jquery
- Removes a not unregistered listener and uses component event
- Removes external-url class as it was only valid in one case of the dropdown
- Uses @action
- Tagless
- Other minor changes
2021-11-16 10:25:54 +01:00
Joffrey JAFFEUX c9a84d8067
DEV: removes unnecessary jquery selector (#14945) 2021-11-16 10:25:34 +01:00
Bianca Nenciu 88523a6d6a
FIX: Redirect to homepage if no posts exist (#14951)
After permanently deleting the first post of a topic the user was
sometimes stuck on the page because of an infinite loop. This problem
happened more often in Firefox.
2021-11-16 11:10:07 +02:00
Loïc Guitaut c2be7c65e8 FEATURE: Move sticky avatars into core
This patch takes the small component we had for sticky avatars and adds
it into our core code base.

A small refactor has been made to have a `StickyAvatars` dedicated class.
2021-11-16 10:06:25 +01:00
Vinoth Kannan c47a526371
FIX: exclude topics from muted tag in category featured list. (#14925)
Topics from muted tags were visible in the categories page's featured topics section since we didn't filter it before.
2021-11-16 12:10:50 +05:30
Martin Brennan f52e1258f7
DEV: mutlipart -> multipart spelling fix (#14963) 2021-11-16 13:58:33 +10:00
Kris 8b5dec4607
UX: mobile topic list fixes follow-up to 0e371d4 (#14959) 2021-11-15 21:07:32 -05:00
Martin Brennan f61783a218
FIX: Emoji uploader not using data.name on uppy upload (#14958)
When uploading emoji with the new uppy upload mixin, we were
not sending the name of the emoji in the payload, or more
accurately uppy was already using the file name as the name
value and we were not overriding it from data. This commit
changes the behaviour for single files uploaded via the uppy
upload mixin, by merging the file's meta object with this.data
from the parent component.
2021-11-16 11:14:06 +10:00
Martin Brennan 31035010af
FIX: Use correct group out of multiple for SMTP sender (#14957)
When there are multiple groups on a topic, we were selecting
the first from the topic allowed groups to act as the sender
email address when sending group SMTP replies via PostAlerter.
However, this was not ordered, and since there is no created_at
column on TopicAllowedGroup we cannot order this nicely, which
caused just a random group to be used (based on whatever postgres
decided it felt like that morning).

This commit changes the group used for SMTP sending to be the
group using the email_username of the to address of the first
incoming email for the topic, if there are more than one allowed
groups on the topic. Otherwise it just uses the only SMTP enabled
group.
2021-11-16 10:21:49 +10:00
Jarek Radosz f4d1fe18f8
DEV: Don't use `$.isEmptyObject()` (#14953) 2021-11-15 23:17:56 +01:00
Martin Brennan eabe2df8d2
FIX: Drop malformed CC addresses in GroupSmtpEmail job (#14934)
Sometimes, a user may have a malformed email such as
`test@test.com<mailto:test@test.com` their email address,
and as a topic participant will be included as a CC email
when sending a GroupSmtpEmail. This causes the CC parsing to
fail and further down the line in Email::Sender the code
to check the CC addresses expects an array but gets a string
instead because of the parse failure.

Instead, we can just check if the CC addresses are valid
and drop them if they are not in the GroupSmtpEmail job.
2021-11-16 08:15:11 +10:00
Jordan Vidrine 0e371d4c6d
SYNTAX: Use classes instead of html element targeting (#14890)
* SYNTAX: Use classes instead of html element targeting
2021-11-15 14:49:45 -06:00
David Taylor 389a3ce389
DEV: Add basic theme support to the mini_profiler badge (#14952) 2021-11-15 18:39:11 +00:00
Robin Ward 5c43b8a572 DEV: Retry installation of ember exam
Let's try installing it by including it in dependencies AND dev
dependencies so it works in every environment.
2021-11-15 10:30:56 -05:00
Jarek Radosz 2bd2d0d474
FIX: A screen-track/appEvents regression in #14929 (#14943) 2021-11-15 15:04:49 +01:00
Jarek Radosz 67e38e81f7
DEV: Remove unnecessary test setup calls (#14940)
`setURLContainer()` and `setDefaultOwner()` are already called in an application initializer at the beginning of each test.
2021-11-15 13:46:09 +01:00
Jarek Radosz 985d079e47
DEV: Clean up `sniff-capabilities` (#14938)
Drop jQuery, remove unused caps (`canPasteImages` and `highRes`), enable `canVibrate` for Firefox (per the old comment), and other minor changes.
2021-11-15 13:41:55 +01:00
Arpit Jalan 8c4896f660
FIX: composer education message for group mentions were broken (#14937)
Composer education message for group mentions were broken because the
count parameter is a string instead of a number.
2021-11-15 17:12:06 +05:30
Jarek Radosz fc3a6e57e3
DEV: Drop support for removing all appEvent listeners (#14936)
Also removes "appEventsCache". (and reduces the reported test memory usage by ~33%)

There's no longer any need to remove appEvent listeners in application-instance initializers' `teardown`, as app instances are recreated before each test (in both legacy and ember cli envs)
2021-11-15 12:31:05 +01:00
Jarek Radosz f0d963faad
DEV: Use `@bind` instead of repeated `.bind(this)` (#14931)
Fixes some cases where event listeners weren't correctly removed. Also fixes a dependency tracking bug in user-private-messages
2021-11-15 10:07:53 +01:00
Martin Brennan 08e625c446
FIX: Use previous chunk to check if local backup chunk upload complete (#14896)
Uppy and Resumable slice up their chunks differently, which causes a difference
in this algorithm. Let's take a 131.6MB file (137951695 bytes) with a 5MB (5242880 bytes)
chunk size. For resumable, there are 26 chunks, and uppy there are 27. This is
controlled by forceChunkSize in resumable which is false by default. The final
chunk size is 6879695 (chunk size + remainder) whereas in uppy it is 1636815 (just remainder).

This means that the current condition of uploaded_file_size + current_chunk_size >= total_size
is hit twice by uppy, because it uses a more correct number of chunks. This
can be solved for both uppy and resumable by checking the _previous_ chunk
number * chunk_size as the uploaded_file_size.

An example of what is happening before that change, using the current
chunk number to calculate uploaded_file_size.

chunk 26: resumable: uploaded_file_size (26 * 5242880) + current_chunk_size (6879695) = 143194575 >= total_size (137951695) ? YES
chunk 26: uppy: uploaded_file_size (26 * 5242880) + current_chunk_size (5242880) = 141557760 >= total_size (137951695) ? YES
chunk 27: uppy: uploaded_file_size (27 * 5242880) + current_chunk_size (1636815) = 143194575 >= total_size (137951695) ? YES

An example of what this looks like after the change, using the previous
chunk number to calculate uploaded_file_size:

chunk 26: resumable: uploaded_file_size (25 * 5242880) + current_chunk_size (6879695) = 137951695 >= total_size (137951695) ? YES
chunk 26: uppy: uploaded_file_size (25 * 5242880) + current_chunk_size (5242880) = 136314880 >= total_size (137951695) ? NO
chunk 27: uppy: uploaded_file_size (26 * 5242880) + current_chunk_size (1636815) = 137951695 >= total_size (137951695) ? YES
2021-11-15 15:08:21 +10:00
Jarek Radosz 9c9ad22626
DEV: Fix `qunit/assert-args` (#14932)
Just a couple of invalid assertions.
2021-11-15 04:30:42 +01:00
Jarek Radosz b1c72282c9
DEV: Delete an old `appEvents.off` call (#14930)
There's no `composer:resize` anymore.
2021-11-15 02:38:10 +01:00
Jarek Radosz a817ee9f7c
DEV: Update `caniuse-lite` (#14926)
The repeated notices in the console were tiring…

```
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db

Why you should do it regularly:
https://github.com/browserslist/browserslist#browsers-data-updating
```
2021-11-15 01:18:11 +01:00
Jarek Radosz 047432735e
DEV: Don't create AppEvents instance in Eyeline (#14928)
Use `Evented` from `@ember/object/evented` instead.
2021-11-15 00:44:07 +01:00
Jarek Radosz 25251d4d00
DEV: Don't set appEvents on app, group injections (#14929) 2021-11-15 00:42:49 +01:00
Jarek Radosz 9711caf7ea
DEV: Fix a computed property overwrite (#14927)
There's a `category` computed property that already does what this piece of code did.
2021-11-15 00:39:20 +01:00
Vinoth Kannan 2b848213f7
FIX: set `null` to group if `groupAttrs` param is not available. (#14795)
Because of this bug "all groups" option in the group selector dropdown was not selectable on the user directory page.
2021-11-14 19:53:50 +05:30
Jarek Radosz 4f14e012a7
DEV: Replace `$.extend` with `Object.assign` (#14921) 2021-11-14 10:59:22 +01:00
Jarek Radosz 4938381b78
DEV: Fix a `computed-property.override` warning (#14922)
Regressed in #14307
2021-11-14 10:59:05 +01:00
Jarek Radosz 827b6c99ae
DEV: Fix a call-after-destroy issue (#14923)
Intersection observer callback can be called after the component gets destroyed:

```
Assertion Failed: calling set on destroyed object: <@ember/component:ember6019>.docked = false
    at assert (ember:37774:17)
    at _set2 (ember:17304:46)
    at Class.set (ember:29529:29)
    at Class._intersectionHandler (discourse/app/components/topic-progress:135:16)
    at Backburner._run (ember:56389:25)
    at Backburner._join (ember:56365:21)
    at Backburner.join (ember:56082:19)
    at join (ember:42874:28)
    at IntersectionObserver.eval (ember:42978:19)
```
2021-11-14 10:58:37 +01:00
Jarek Radosz 140ef0ebe7
DEV: Increase Chrome memory limit (#14918)
"Fixes" the build
2021-11-13 15:32:16 +01:00
Jarek Radosz 043e0dcad7
DEV: Don't try to load admin locales in tests (#14917)
It always fails with:

```
Failed to load resource: the server responded with a status of 403 (Forbidden), url: http://localhost:60099/extra-locales/admin?v=[…]
```
2021-11-13 15:31:55 +01:00
Jarek Radosz f414d5eace
DEV: Use method definition syntax consistently (#14915) 2021-11-13 14:01:55 +01:00
Jarek Radosz bdd2c888b0
DEV: Avoid using globals (#14909) 2021-11-13 13:10:13 +01:00
Jarek Radosz cb3cb96149
DEV: Fix Chrome flags (#14914)
```
Error: illegal value for flag --max_semi_space_size
```
2021-11-13 12:37:07 +01:00
Jarek Radosz 7ea2bf52cc
DEV: Fix `hljs.highlightBlock` deprecation (#14908) 2021-11-12 20:20:47 +01:00
Jarek Radosz 9ca93f57cc
DEV: Remove `jQuery` global usage where possible (#14905) 2021-11-12 19:23:20 +01:00
Jarek Radosz 97aa56bdc3
FIX: Prevent `PreloadStore` from calling the finder when value is falsy (#14899) 2021-11-12 17:45:06 +01:00
Joffrey JAFFEUX 79f49dfb7a
DEV: reduces jquery usage in composer-editor (#14903) 2021-11-12 16:40:10 +01:00
Daniel Waterworth 4724f3cbf7
DEV: Remove deprecated method (#14902) 2021-11-12 09:07:44 -06:00
Daniel Waterworth e7c0bbb9c0
DEV: Let's always give a drop_from param to deprecate (#14901)
So that we know when deprecations can be removed in the future.
2021-11-12 08:52:59 -06:00
Bianca Nenciu 32a174d883
FIX: Use Map instead of Object for caching (#14887)
Objects have default properties, such as "constructor" that can cause
issues when using similar texts as keys.
2021-11-12 15:18:07 +02:00
Joffrey JAFFEUX 904d509cce
FIX: ensures minimum tags logic is correct and shared (#14723)
Also fixes a bug where select-kit was not updating noneItem in multi-selects.
2021-11-12 14:04:48 +01:00
Joffrey JAFFEUX 362c47ce6a
DEV: adds a new topic footer dropdown api (#14747)
This api allows to add a dropdown at the bottom of a topic, note that this API is mobile only for now.

Also included in the commit:
- various doc fixes
- adding tests for both buttons and dropdowns APIs
- uses thrown instead of @ember/error to ensure execution is halted when incorrect parameters are given
2021-11-12 10:21:34 +01:00
Martin Brennan 2371da9f25
Revert "Add support for Ember Exam" (#14895)
This reverts commit d1dec23a93.

It was causing issues with internal builds.
2021-11-12 10:31:57 +10:00
Robin Ward d1dec23a93 Add support for Ember Exam
This allows us to partition and load balance tests, if we like.
2021-11-11 16:15:50 -05:00
Jarek Radosz 61d14a7694
DEV: Fix 3N+1 query in `/admin/customize/themes` (#14876) 2021-11-11 18:11:23 +01:00
Roman Rizzi a3814b1e56
FIX: Display top posts from private categories if the user has access. (#14878)
Users viewing the top topics from the categories page should see those belonging to a private category if they have access to it.
2021-11-11 13:35:03 -03:00
Alan Guo Xiang Tan 095255c8ec
FIX: Topic queryParams are removed from history state when scrolling. (#14881)
* Also fixed a bug where the queryParams are not removed when toggling
  between filters.
2021-11-11 16:10:00 +08:00
Martin Brennan 729043633e
DEV: Add missing IDs to uppy upload components (#14880) 2021-11-11 15:38:39 +10:00
Martin Brennan e4350bb966
FEATURE: Direct S3 multipart uploads for backups (#14736)
This PR introduces a new `enable_experimental_backup_uploads` site setting (default false and hidden), which when enabled alongside `enable_direct_s3_uploads` will allow for direct S3 multipart uploads of backup .tar.gz files.

To make multipart external uploads work with both the S3BackupStore and the S3Store, I've had to move several methods out of S3Store and into S3Helper, including:

* presigned_url
* create_multipart
* abort_multipart
* complete_multipart
* presign_multipart_part
* list_multipart_parts

Then, S3Store and S3BackupStore either delegate directly to S3Helper or have their own special methods to call S3Helper for these methods. FileStore.temporary_upload_path has also removed its dependence on upload_path, and can now be used interchangeably between the stores. A similar change was made in the frontend as well, moving the multipart related JS code out of ComposerUppyUpload and into a mixin of its own, so it can also be used by UppyUploadMixin.

Some changes to ExternalUploadManager had to be made here as well. The backup direct uploads do not need an Upload record made for them in the database, so they can be moved to their final S3 resting place when completing the multipart upload.

This changeset is not perfect; it introduces some special cases in UploadController to handle backups that was previously in BackupController, because UploadController is where the multipart routes are located. A subsequent pull request will pull these routes into a module or some other sharing pattern, along with hooks, so the backup controller and the upload controller (and any future controllers that may need them) can include these routes in a nicer way.
2021-11-11 08:25:31 +10:00
Rafael dos Santos Silva d4e35f50c2
PERF: Update like count in visible posts without an extra GET per like (#14869)
PERF: Update like count in visible posts without an extra GET per like

Currently when a user is reading a topic and some post in it receive a
like from another user, the Ember app will be notified via MessageBus
and issue a GET to `/posts/{id}` to get the new like count. This worked
fine for us until today, but it can easily create a self-inflicted DDoS
when a topic with a large number of visitors gets a large number of
likes, since we will issue `visitors * likes` GET requests requests.

This patch optimizes this flow, by sending the new like count down in
the MessageBus notification, removing any need for the extra request.

It shouldn't cause any drift on the count because we send down the full
count instead of the difference too.

Possible follow-ups could include handling like removal.
2021-11-10 13:22:26 -03:00
Bianca Nenciu 3791fbd919
FEATURE: Add read-only scope to API keys (#14856)
This commit adds a global read-only scope that can be used to create
new API keys.
2021-11-10 17:48:00 +02:00
Martin Brennan 23b7b42acd
DEV: Bump eslint-config-discourse (#14868)
Changes for 4f7aba06c0

Also fixes all of the object-shorthand violations in our JS code.
2021-11-10 09:31:41 +10:00
jbrw a8c63ddb54
FIX: Call `_clearFlash()` when displaying a modal (#14848)
`d-modal-body.js` was setting the text of a `modal-alert` element to `""`, but not removing any classes on that element. Changing this to call `_clearFlash()` ensures that a variety of styling classes are also removed from the element, which prevents empty alert elements being included on any subsequent modals that are displayed.

Several other controllers have also been modified to change the class of the error from `alert-error` to `error. The `alert-` is unnecessary, as it is added by `_flash(msg)` within `d-modal-body.js`.
2021-11-09 17:51:50 -05:00
Martin Brennan 6a68bd4825
DEV: Limit list multipart parts to 1 (#14853)
We are only using list_multipart_parts right now in the
uploads controller for multipart uploads to check if the
upload exists; thus we don't need up to 1000 parts.

Also adding a note for future explorers that list_multipart_parts
only gets 1000 parts max, and adding params for max parts
and starting parts.
2021-11-10 08:01:28 +10:00
Kris a87216f1f3
A11Y: set modal widths with EMs; improves scaling (#14863) 2021-11-09 14:56:05 -05:00
Penar Musaraj 3becc55833
FIX: Disable scroll events while on full screen (#14864) 2021-11-09 14:29:05 -05:00
Penar Musaraj ce91bf0775
Revert "FIX: Composer height issue in Safari on iOS 15 (#14282)" (#14847)
This reverts commit 0dab1634b0.
2021-11-09 13:10:07 -05:00
Kris cb997be513
UX: fix share/notify modal styles (#14861) 2021-11-09 12:44:01 -05:00
David Taylor 5ac10e2e79
DEV: Update DiscourseConnect nonce errors to be more descriptive (#14858) 2021-11-09 17:39:05 +00:00
Robin Ward 769d53ff09 FIX: In Ember CLI some plugin tests were referring to the wrong container 2021-11-09 12:06:05 -05:00
Jordan Vidrine 520a0cfa2b
"A11Y: Add prefers reduced motion" (#14859) 2021-11-09 10:24:31 -06:00
Bianca Nenciu b203e316ac
FEATURE: Add pagination to API keys page (#14777) 2021-11-09 12:18:23 +02:00
Bianca Nenciu 42f65b4c48
FIX: Show perma-delete in menu without refresh (#14740)
It needed a page refresh because the post was not updated on the client
side.
2021-11-09 11:50:45 +02:00
Natalie Tay 911f9b180a
FIX: Remove xlink:href to favour href due to deprecation (#14854)
Based on docs here https://developer.mozilla.org/en-US/docs/Web/SVG/Element/use#attributes,
the xlink:href attribute is deprecated and we should probably move away from it soon.
2021-11-09 17:49:37 +08:00
Vinoth Kannan d549022afb
FIX: use correct attribute method to get post id from dataset. (#14845)
Because of this bug, the post details were not included in the PMs which are initiated from the user cards in posts.
This reverts commit e3e0d025ea.
2021-11-09 12:24:50 +05:30
Natalie Tay 0b495e9ad4
FEATURE: Allow users to edit alt text from the image preview in the editor (#14480) 2021-11-09 14:34:09 +08:00
Jarek Radosz 34c955b5ec
DEV: Skip a test instead of commenting it out (#14836)
Fixes `qunit/no-commented-tests`
2021-11-08 21:13:58 +01:00
Penar Musaraj e90f506bf8
FIX: Keep topic context when redirecting to full search (#14846) 2021-11-08 15:07:02 -05:00
Bianca Nenciu 7fb693c8f6
FIX: Generate valid heading ids (#14840) 2021-11-08 20:44:46 +02:00
Penar Musaraj 9ddb3a9ca6
FIX: Restore animation for like action on mobile (#14844)
Regressed in 89a2cec7be
2021-11-08 13:21:16 -05:00
Penar Musaraj e0ced68eec
FIX: Persist notifications in OS X (#14843)
We were previously triggering the close event, which in OSX meant that
notifications would disappear from Notification Center.
2021-11-08 13:04:43 -05:00
Jarek Radosz d162229758
DEV: Replace `equal()` with `strictEqual()` (#14827) 2021-11-08 10:26:28 +01:00
Krzysztof Kotlarek 8b93da9fe0
FIX: rename action_code_href to action_code_path (#14834)
Small actions should use path instead of absolute url. getURL function is necessary to insert a potential subfolder prefix.
2021-11-08 14:32:17 +11:00
Jarek Radosz e6245bd603
DEV: Remove hints of jshint (#14828) 2021-11-08 09:12:37 +08:00
Joe 641f49748d
Revert "prevent auto-scroll when focus is set inside header panels" (#14829)
This reverts commit f444e3e3f7.
2021-11-08 09:11:26 +08:00
Martin Brennan 9a72a0945f
FIX: Ensure CORS rules exist for S3 using rake task (#14802)
This commit introduces a new s3:ensure_cors_rules rake task
that is run as a prerequisite to s3:upload_assets. This rake
task calls out to the S3CorsRulesets class to ensure that
the 3 relevant sets of CORS rules are applied, depending on
site settings:

* assets
* direct S3 backups
* direct S3 uploads

This works for both Global S3 settings and Database S3 settings
(the latter set directly via SiteSetting).

As it is, only one rule can be applied, which is generally
the assets rule as it is called first. This commit changes
the ensure_cors! method to be able to apply new rules as
well as the existing ones.

This commit also slightly changes the existing rules to cover
direct S3 uploads via uppy, especially multipart, which requires
some more headers.
2021-11-08 09:16:38 +10:00
Martin Brennan 18dc2c5040
FEATURE: Use uppy for tags uploader (#14821)
No other caveats or fixes.
2021-11-08 08:18:09 +10:00
Krzysztof Kotlarek fe8087e523
FEATURE: small action post accepts href (#14816)
Optionally add href to small action.
It can be used by discourse-assign to link to correct post from translation
2021-11-08 08:24:44 +11:00
Joe f444e3e3f7 prevent auto-scroll when focus is set inside header panels 2021-11-05 12:09:31 -04:00
Martin Brennan 8586088b87
FIX: Stop saving bookmark on modal press ESC (#14823)
Since db7be947df the functionality
to not save a bookmark when pressing ESC on the modal has been
broken, because a new initiatedByESC event was introduced there
in d-modal instead of clicking on the modal close button. This
commit fixes the issue by adding an initiatedByESC property
to onClose inside application.js, and checking for that OR
initiatedByCloseButton in the bookmark modal.
2021-11-05 13:43:19 +10:00
Martin Brennan 1dddbf3d47
FEATURE: Use uppy for watched word uploader (#14817)
This commit, while changing the watched word uploader to use
uppy, also fixes a minor bug with the UppyUploadMixin where
the file input's value was not cleared after reset, which
prevented subsequent file uploads. The composer mixin already
has this fix.
2021-11-05 09:23:28 +10:00
jbrw 6360d3d4e7
FIX: ensure required_tag_group_name is null if no value present (#14796)
* FIX: ensure required_tag_group_name is null if no value present

If the array was present but empty `required_tag_group_name` would be set to undefined, which would then be removed from the payload of the remote request.

Addming the length check ensures the value is set to null, which is sent as an empty value (which the backend sees, and can remove it and persist the change on the Category object).
2021-11-04 17:26:21 -04:00
Penar Musaraj 9b30103628
UX: Layout fixes for admin permalinks page (#14819) 2021-11-04 14:15:55 -04:00
Penar Musaraj 89a2cec7be
REFACTOR: Use CSS animations for likes (#14809) 2021-11-04 09:13:34 -04:00
Martin Brennan ccd259e2b5
FEATURE: Move avatar uploader to uppy (#14815)
Simple change, no further caveats for this one.
2021-11-04 14:40:20 +10:00
Martin Brennan fac9185421
FEATURE: Move emoji uploader to use uppy (#14814)
This commit changes the emoji uploader to use the UppyUploadMixin,
and makes some minor changes to the emoji uploader (tightening the
copy for drag and drop and adding a percentage for the upload).

Since no other uppy upload mixin components have needed to upload
multiple files so far, this necessitated adding a tracker for the
in progress uploads so we know when to reset the uploader once all
uploads are complete.

At the moment, the emoji uploader cannot be used for direct S3 uploads
because the admin emoji controller creates other records and does other
magic with the emojis. At some point we need to factor this kind of thing
into the ExternalUploadManager.transform! action to complete external
uploads.
2021-11-04 11:31:58 +10:00
Mark VanLandingham d9f02b635d
DEV: Allow tag to be passed in payload to PushNotificationPusher (#14810) 2021-11-03 14:18:48 -05:00
Mark VanLandingham 67265a5045
DEV: Plugin instance method for push_notification_filters (#14787) 2021-11-03 12:21:33 -05:00
Joe 046138314e fix test 2021-11-03 11:41:13 -04:00
Joe cc6b6b5b77 fix test 2021-11-03 11:41:13 -04:00
Joe 6252e166a9 Add tests 2021-11-03 11:41:13 -04:00
Joe c0cbfcc548 Add lazy loading to post avatars 2021-11-03 11:41:13 -04:00
Joe a3fe52dff3 Add lazy loading to topic list avatars 2021-11-03 11:41:13 -04:00
Vinoth Kannan 53b7220638
FIX: exclude suppressed category topics in digest even if unmuted. (#14793)
Previously, suppressed category topics are included in the digest emails if the user visited that topic before and the `TopicUser` record is created with any notification level except 'muted'.
2021-11-03 12:47:09 +05:30
Ryan Lerch 1fffe941bf
remove some hardcoded 'localhost's from dev environment (#14801)
Trying to use a local test hostname other than localhost
(e.g. discourse.test )for discourse development was difficult due
the fact that localhost was hardcoded in a few places. This patch
uses existing environment variables to allow a developer to use a
different domain when developing.

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2021-11-03 11:26:44 +08:00
Jean 734ba90afe
UX: remove tags chooser on PMs for non-staff users (#14800) 2021-11-02 21:44:11 -04:00
jbrw aec125b617
FIX: Display Instagram Oneboxes in an iframe (#14789)
We are no longer able to display the image returned by Instagram directly within a Discourse site (either in the composer, or within a cooked post within a topic), so:

- Display an image placeholder in the composer preview
- A cooked post should use an iframe to display the Instagram 'embed' content
2021-11-02 14:34:51 -04:00
Jean 8d73730c44
FEATURE: Add setting to disable notifications for topic tags edits (#14794) 2021-11-02 13:53:21 -04:00
Penar Musaraj 51233ae349
UX: Fix several issues with topic progress refactor (#14790) 2021-11-02 13:45:40 -04:00
Penar Musaraj 80c6f6a48b
FIX: Use mouse down event when cancelling search (#14788) 2021-11-02 09:26:06 -04:00
Arpit Jalan aeaf27b7dc
FIX: insert commas even when field value is null (#14791) 2021-11-02 14:59:24 +05:30
Penar Musaraj 7dcecef4c3
FIX: Prevent duplicate search requests to backend (#14786)
When sending a full search request to backend (i.e. when hitting Enter),
the debouncer needs to be cancelled, otherwise it will get invoked and
trigger a second search request to the backend.
2021-11-01 13:48:42 -04:00
Penar Musaraj 116b93595a
UX: Fix bar-style category dropdown (#14785) 2021-11-01 11:17:41 -04:00
Martin Brennan dcf3733c13
FIX: Deleting a for_topic bookmark caused JS error (#14781)
When deleting a for_topic bookmark, we were calling
bookmark.attachedTo() for the bookmarks:changed event,
but the bookmark was not always a Bookmark model instance,
so sometimes that call would error. Now we make sure that
the bookmarks in the topic.bookmarks JS array are all
bookmark model instances, and added a test to cover this
deleting for_topic bookmark case as well.
2021-11-01 13:31:17 +10:00
Jarek Radosz a7322aca77
DEV: Remove unnecessary `controllerFor` in tests (#14779) 2021-10-30 23:36:37 +02:00
Kris cd8822cb50
UX: better accommodate PM composer with tags (#14778) 2021-10-29 16:26:37 -04:00
Penar Musaraj f6a3c22a89
DEV: Allow replacing share icons separately (#14774) 2021-10-29 13:35:27 -04:00
Robin Ward e3e0d025ea FIX: Include topic details when PMing
We used to do this and at some point regressed when we lost a reference
to the `post` object. This restores the old behaviour.
2021-10-29 12:42:27 -04:00
jbrw cfc62dbace
FIX: allowed_theme_ids should not be persisted in GlobalSettings (#14756)
* FIX: allowed_theme_ids should not be persisted in GlobalSettings

It was observed that the memoized value of `GlobalSetting.allowed_theme_ids` would be persisted across requests, which could lead to unpredictable/undesired behaviours in a multisite environment.

This change moves that logic out of GlobalSettings so that the returned theme IDs are correct for the current site.

Uses get_set_cache, which ultimately uses DistributedCache, which will take care of multisite issues for us.
2021-10-29 11:46:52 -04:00
Penar Musaraj 724f1ee9d1
UX: Fix short post width on mobile (#14771) 2021-10-29 11:39:19 -04:00
Penar Musaraj 488511479e
UX: Show quick search hint more consistently (#14769) 2021-10-29 11:08:31 -04:00
Bianca Nenciu 1c3c0f04d9
FEATURE: Pull hotlinked images in user bios (#14726) 2021-10-29 17:58:05 +03:00
Bianca Nenciu 19ef6995a8
FIX: Do not replace words in hashtags and mentions (#14760)
Watched words were replaced inside mentions and hashtags when watched
word regular expressions were enabled.
2021-10-29 17:53:09 +03:00
Bianca Nenciu cb0958fcea
FIX: Hide links to muted topics and in categories list (#14761)
* FIX: Hide links to muted topics

* FIX: Hide muted topics in categories list on mobile
2021-10-29 17:52:23 +03:00
Penar Musaraj 095421a1e1
REFACTOR: Use IntersectionObserver to calculate topic progress position (#14698) 2021-10-29 09:23:15 -04:00
Jarek Radosz 19c9b892dc
DEV: Instantiate relation early to save a query (#14766)
Previously it would do `SELECT 1 AS one` and then `SELECT "color_scheme_colors".*`. Now it only does the latter.
2021-10-29 03:03:22 +02:00
Jarek Radosz 85d0ddb9eb
FIX: Avoid another N+1 query in `Site.json_for` (#14763)
A follow-up to #14729, this time for logged-in users and/or non-login-required sites.
2021-10-28 20:28:31 +02:00
Vinoth Kannan deee715a2c
FIX: update flair group of all members if primary group setting changed. (#14762)
Previously, if we enable the `primary_group` setting on a group then the `flair_group_id` of its' members are not affected.
2021-10-28 22:56:44 +05:30
Vinoth Kannan c62242c6b3
FIX: should not receive topic invites from ignored users. (#14746)
Previously, ignored users can send notifications by inviting the ignorer to topics or PMs.
2021-10-28 21:03:00 +05:30