Commit Graph

29245 Commits

Author SHA1 Message Date
Kris af58dbeb24
UX: update ring animation to avoid scroll (#21150) 2023-04-19 09:13:50 -04:00
Jarek Radosz 9a34625cb8
DEV: Update ember-cli to 4.12.0 (#21074)
It's backward compatible so still supports our 3.28 ember-source.

The visible change is finally getting rid of this message:

```
WARNING: Node v18.12.0 is not tested against Ember CLI on your platform. We recommend that you use the most-recent "Active LTS" version of Node.js. See https://git.io/v7S5n for details.
```

---

`@ember/string` dependency is added for future compatibility. See: https://github.com/ember-cli/ember-cli/pull/10125

---

`tests/helpers/index.js` is unused for now, but is a nice pattern. We could move some of our test setup into local `setupApplicationTest/setupRenderingTest/setupTest` helpers.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-19 12:58:29 +02:00
dependabot[bot] 1139478a8c
Build(deps): Bump terser in /app/assets/javascripts (#21168)
Bumps [terser](https://github.com/terser/terser) from 5.17.0 to 5.17.1.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.17.0...v5.17.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-19 11:37:51 +02:00
dependabot[bot] ade35c7973
Build(deps): Bump terser in /app/assets/javascripts (#21159)
Bumps [terser](https://github.com/terser/terser) from 5.16.9 to 5.17.0.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.9...v5.17.0)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-19 09:49:03 +02:00
Keegan George fb21d7bb2d
FIX: Quote button doesn't press on mobile (#21149) 2023-04-18 22:30:24 -07:00
Jarek Radosz 0cd8659b06
DEV: Add a test for the "duplicate link" message (#21139)
A followup to cb1e95cd3d

---

`warning_message = nil` in the rb file was an unused variable
2023-04-18 22:23:20 +02:00
Jarek Radosz 0650504bf5
DEV: Remove `after-transition` function (#21142)
All supported browsers use `transitionend` event now, so this code is not necessary and makes it difficult to use that event in tests (you'd have to trigger all variants to cover the bases)

That function was used only in core (no hits in all-the*) in two places, so I think it's rather safe to just trash it without deprecating it first.

(History Corner – this helper was originally added in the initial commit of Discourse! 1839614bcc/app/assets/javascripts/discourse/components/transition_helper.js.coffee)
2023-04-18 20:45:20 +02:00
NullVoxPopuli e2f65cd170
DEV: Replace virtual-dom fork with patch-package (#21007)
Using patch-package is much easier to reason with than maintaining a full fork of virtual-dom.

Original reasoning for the fork can be found in e216a98f

Patch is based on the diff at c64007150a (diff-f648eb0588a88af826e29622f64aca611e191c66eb9e79396d559edaef622313)
2023-04-18 19:42:25 +01:00
David Taylor 7a8ed517a4
DEV: Improve modifyClass warning message (#21140)
- Print warning when it affects user/currentUser
- Improve description and link to Meta topic
2023-04-18 11:41:38 +01:00
Joffrey JAFFEUX 4fee0fc333
UX: ensures cursor is pointer over custom sections (#21138) 2023-04-18 11:23:09 +02:00
chapoi fbdafd712b
UX: improve contrast of overridden setting indicator dot (#21128) 2023-04-18 09:09:38 +02:00
Ted Johansson f3f30d6865
SECURITY: Encode embed url (#21133)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:29 +08:00
Ted Johansson 437b73e322
SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
Penar Musaraj b869d35f94
FIX: Dismiss modal when "Keep Editing" is used (#21117)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-04-17 17:44:21 -04:00
Keegan George d3f3914ade
DEV: Add an offset mobile devices (#21119) 2023-04-17 13:35:11 -07:00
Arpit Jalan 8405ae7733
FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110)
* FEATURE: add a setting to allowlist DiscourseConnect return path domains

This commit adds a site setting to allowlist DiscourseConnect return
path domains. The setting needs supports exact domain or wildcard
character (*) to allow for any domain as return path.

* Add more specs to clarify what is allowed in site setting

* Update setting description to explain what is allowed
2023-04-17 22:53:50 +05:30
Meghna 68549fe54e
UX: Vertical alignment issues on mobile (#21118)
Vertical alignment fixes for topic closed small message and poll info.
2023-04-17 22:51:13 +05:30
Loïc Guitaut a5235f7d16
DEV: Refactor STI/polymorphic associations in chat (#20789) 2023-04-17 15:41:56 +02:00
Kris 87515b1aa0
FIX: composer collapse position while uploading (#21101) 2023-04-17 09:21:32 -04:00
Mark VanLandingham ae5aa0c79f
DEV: Plugin API addQuickAccessProfileItem adds to revamped user menu (#21084) 2023-04-17 06:15:16 -05:00
Joffrey JAFFEUX 2535381f44
FIX: ensures tag notification level is changed (#21106)
Following a change in e9f7262813 which prevents the notification level to be returned from the update endpoint, the model couldn't update itself. This commit makes the update manually and adds a test to prevent future regressions.

Note we could also change the backend endpoint, but this should work correctly with minimum risk.
2023-04-17 10:48:41 +02:00
Jarek Radosz dd98ecb7d1
DEV: Remove unnecessary `getURL("/")` (#21103)
Our `ajax()` prepends the protocol/host/subfolder path.
2023-04-15 14:34:25 +02:00
Jarek Radosz b8cf79895e
DEV: Set QUnit per-test timeout (#21102)
60s is a lot, and I'd prefer 15s, but the first test in a suite can take up to 40s. 60s is still better than `Infinity` 😌
2023-04-15 14:34:13 +02:00
dependabot[bot] d6b6041ae2
Build(deps): Bump webpack in /app/assets/javascripts (#21089)
Bumps [webpack](https://github.com/webpack/webpack) from 5.78.0 to 5.79.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.78.0...v5.79.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 13:22:33 +02:00
Krzysztof Kotlarek 933d276b7d
FIX: decrease reorder sidebar delay for desktop (#21098)
Delay to reorder links in custom sidebar section doesn't have to be that long for desktop compared to touch screen.
2023-04-14 12:31:21 +10:00
Canapin 4b9061ae3f
UX: Remove color attribute from `<kbd>` tag (#20429)
As a single example, if a `<kbd>` tag is wrapped by a `<a>` link, it doesn't inherit the link color:

`[<kbd> **Support**</kbd>](https://meta.discourse.org)`

It's because the `<kbd>` tag has a `color: var(--primary);` CSS rule which seems superfluous.

If we disable it, the `<kbd>` tag inherits all the normal colors (including the link color 👌).

The direct `<kbd>` parent that assigns the text color is `<html>` (can't go higher!) which has an identical `color: var(--primary);`. 

WCAG palettes don't seem to assign specific colors in this context.

It seems fairly safe to remove `color: var(--primary);` from `<kbd>` so it won't interfere anymore with its content.
2023-04-14 10:06:12 +08:00
Canapin b328ada667
UX: Prevents letters from being partially cut off on the profile summary page (#20715) 2023-04-14 10:04:05 +08:00
Canapin b9ca4c9031
UX: fix anchor z-index (#21002) 2023-04-14 10:02:57 +08:00
David Battersby 967010e545
FEATURE: Add an emoji deny list site setting (#20929)
This feature will allow sites to define which emoji are not allowed. Emoji in this list should be excluded from the set we show in the core emoji picker used in the composer for posts when emoji are enabled. And they should not be allowed to be chosen to be added to messages or as reactions in chat.

This feature prevents denied emoji from appearing in the following scenarios:
- topic title and page title
- private messages (topic title and body)
- inserting emojis into a chat
- reacting to chat messages
- using the emoji picker (composer, user status etc)
- using search within emoji picker

It also takes into account the various ways that emojis can be accessed, such as:
- emoji autocomplete suggestions
- emoji favourites (auto populates when adding to emoji deny list for example)
- emoji inline translations
- emoji skintones (ie. for certain hand gestures)
2023-04-13 15:38:54 +08:00
Jarek Radosz cb1e95cd3d
FIX: Educational composer messages regressed in 788dc0a (#21082)
Tests coming in another PR
2023-04-12 20:05:52 +02:00
David Taylor 93c33e02f0
PERF: Avoid full `posts` table scans during anonymisation (#21081)
2e78045a fixed the anonymization job so that it correctly updated self-mentions, which are not logged in the post_actions table. The solution was to scan the entire `posts` table with an `raw ILIKE` query. On sites with many posts, this can take a very long time.

This commit updates the job to take a two-pass approach:

First, we update posts based on the post_actions table. This is much more efficient than a full table scan, and takes care of all 'non-self' mentions.

Then, we make a second pass using the `raw ILIKE` approach. Since we already took care of most posts, we can scope this down to self-mentions only. By filtering the query to a specific posts.user_id, it is significantly more performant than a full table scan.
2023-04-12 18:39:10 +01:00
David Taylor fa5a423681
Revert "DEV: Support modifyClass for native class fields on EmberObjects (#20987)" (#21080)
This reverts commit a19efc4304.

This is causing issues in production - reverting while we investigate
2023-04-12 17:38:44 +01:00
David Taylor a19efc4304
DEV: Support modifyClass for native class fields on EmberObjects (#20987)
EmberObject's `reopen` feature allows changes to be made to the prototype of the class, but it does not work with native class fields. Native class field values are set on the instance in the constructor, and therefore override any values from the prototype.

This commit implements a workaround which detects possible field overrides and then sets the values during the `init()` function of the EmberObject. This isn't perfect - old field values will still be present while any constructor function is running. But in the vast majority of cases, it should provide parity with old non-native-class EmberObject properties.

This commit also adds a warning when trying to override fields on non-EmberObject classes. There is no change in behavior here - we're just warning about the fact it doesn't work.
2023-04-12 16:49:57 +01:00
Jarek Radosz 788dc0a096
DEV: Refactor ComposerMessages (#21077)
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-12 17:02:37 +02:00
David Taylor db16700355
PERF: Memoize element references for `dockCheck` (#21079)
This is run frequently in a scroll listener. Removing the need for repeated `querySelector` calls makes those scroll handlers much faster.
2023-04-12 14:17:43 +01:00
David Taylor a328153ec2
DEV: Enable patch-package in production and in `javascripts/discourse` (#21078)
When running `yarn install` in a yarn workspace, the lifecycle hooks in the root package.json are not triggered. https://github.com/yarnpkg/yarn/issues/5790

As a workaround, we can additionally run `patch-package` from the `javascripts/discourse/package.json` `postinstall` hook. `patch-package` is idempotent, so it doesn't matter if it is triggered multiple times.

Longer term we intend to move to pnpm, which has built-in patch support.
2023-04-12 13:15:53 +01:00
David Battersby 7d34ba38a2
FIX: all staff_counters should be pluralized strings (#21048)
Make all staff_counters pluralized strings
2023-04-12 17:13:37 +08:00
Alan Guo Xiang Tan 2eb60c9713
DEV: Switch sidebar section link identifier to data attribute (#21051)
Data attribute is less restrictive than relying on the class attribute
2023-04-12 15:52:10 +08:00
Loïc Guitaut d151f4ee9d
FIX: Don’t assume post is available in UserEmail job (#21054)
Currently, we’re performing a check when a user is suspended in the
`UserEmail` job and we’re assuming a `post` is always available, which
is not the case. The code indeed breaks when the job is called with the
`account_suspended` type option.

This patch fixes this issue by making the check use the safe navigation
operator, thus making it working when `post` is not provided.
2023-04-12 12:34:22 +10:00
dependabot[bot] f0435844df
Build(deps): Bump sass from 1.61.0 to 1.62.0 in /app/assets/javascripts (#21063)
Bumps [sass](https://github.com/sass/dart-sass) from 1.61.0 to 1.62.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.61.0...1.62.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 09:08:49 +08:00
Kris ce601ac84c
UX: improve composer control spacing on mobile (#21021) 2023-04-11 14:11:00 -05:00
Rafael dos Santos Silva 087ee8c5e2
DEV: Experimental JS plugin API for topic summary HTML (#20963) 2023-04-11 11:22:34 -04:00
Jan Cernik a3801a9e16
DEV: Stop event propagation in `DTooltip` (#20897) 2023-04-11 12:07:03 -03:00
Jan Cernik 352bd35bf6
Add RenderGlimmer support for embedded posts (#21046) 2023-04-11 06:22:42 -03:00
David Taylor 9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
Jarek Radosz b6cfcdfbb3
DEV: Force an upgrade of watch-detector (#21053)
Fixes the unnecessary message when starting ember server:

```
Invalid watchman found, version: [2023.04.03.00] did not satisfy [>= 3.0.0].
Visit https://ember-cli.com/user-guide/#watchman for more info.
```
2023-04-11 11:14:57 +02:00
NullVoxPopuli c320c286f9
DEV: Use patch-package to apply ember-jquery workaround
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-11 10:12:30 +01:00
dependabot[bot] 47eced2050
Build(deps): Bump terser in /app/assets/javascripts (#21042)
Bumps [terser](https://github.com/terser/terser) from 5.16.8 to 5.16.9.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.8...v5.16.9)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 10:38:49 +02:00
Alan Guo Xiang Tan 90172e5a9e
FIX: Incorrect message inbox displayed due to username case sensitivity (#21049) 2023-04-11 11:31:10 +08:00
Krzysztof Kotlarek 63a0466548
FIX: improve performance of UserStat.ensure_consistency (#21044)
Optimize `UserStatpost_read_count` calculation.

In addition, tests were updated to fail when code is not evaluated. Creation of PostTiming was updating `post_read_count`. Count it has to be reset to ensure that ensure_consitency correctly calculates result.

Extracting users seen in the last hour to separate Common Table Expression reduces the amount of processed rows.

Before
```
Update on user_stats  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12606.121..12606.127 rows=0 loops=1)
  ->  Hash Join  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12561.814..12603.689 rows=10 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 67
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.014..39.173 rows=75534 loops=1)
        ->  Hash  (cost=267455.80..267455.80 rows=2901 width=48) (actual time=12558.613..12558.617 rows=77 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 39kB
              ->  Subquery Scan on x  (cost=267376.03..267455.80 rows=2901 width=48) (actual time=12168.601..12558.572 rows=77 loops=1)
                    ->  GroupAggregate  (cost=267376.03..267426.79 rows=2901 width=12) (actual time=12168.595..12558.525 rows=77 loops=1)
                          Group Key: pt.user_id
                          ->  Sort  (cost=267376.03..267383.28 rows=2901 width=4) (actual time=12100.490..12352.106 rows=2072830 loops=1)
                                Sort Key: pt.user_id
                                Sort Method: external merge  Disk: 28488kB
                                ->  Nested Loop  (cost=1.28..267209.18 rows=2901 width=4) (actual time=0.040..11528.680 rows=2072830 loops=1)
                                      ->  Nested Loop  (cost=0.86..261390.02 rows=13159 width=8) (actual time=0.030..3492.887 rows=3581648 loops=1)
                                            ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..89.71 rows=28 width=4) (actual time=0.010..0.201 rows=78 loops=1)
                                                  Index Cond: (last_seen_at > '2023-04-11 00:22:49.555537'::timestamp without time zone)
                                            ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..9287.60 rows=4455 width=8) (actual time=0.081..38.542 rows=45919 loops=78)
                                                  Index Cond: (user_id = u.id)
                                      ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=3581648)
                                            Index Cond: (id = pt.topic_id)
                                            Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                            Rows Removed by Filter: 0
Planning Time: 0.692 ms
Execution Time: 12612.587 ms
```
After
```
Update on user_stats  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=677.724..677.729 rows=0 loops=1)
  ->  Hash Join  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=672.536..677.706 rows=1 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 54
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.012..23.977 rows=75534 loops=1)
        ->  Hash  (cost=9438.24..9438.24 rows=2829 width=48) (actual time=647.818..647.822 rows=55 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 37kB
              ->  Subquery Scan on x  (cost=9381.66..9438.24 rows=2829 width=48) (actual time=647.409..647.805 rows=55 loops=1)
                    ->  HashAggregate  (cost=9381.66..9409.95 rows=2829 width=12) (actual time=647.403..647.786 rows=55 loops=1)
                          Group Key: pt.user_id
                          Batches: 1  Memory Usage: 121kB
                          ->  Nested Loop  (cost=1.86..9367.51 rows=2829 width=4) (actual time=0.056..625.245 rows=120022 loops=1)
                                ->  Nested Loop  (cost=1.44..3692.96 rows=12832 width=8) (actual time=0.047..171.754 rows=217440 loops=1)
                                      ->  Nested Loop  (cost=1.00..254.63 rows=25 width=12) (actual time=0.030..1.407 rows=56 loops=1)
                                            Join Filter: (u.id = user_stats_1.user_id)
                                            ->  Nested Loop  (cost=0.71..243.08 rows=25 width=8) (actual time=0.018..1.207 rows=87 loops=1)
                                                  ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..86.71 rows=27 width=4) (actual time=0.009..0.156 rows=87 loops=1)
                                                        Index Cond: (last_seen_at > '2023-04-11 00:47:07.437568'::timestamp without time zone)
                                                  ->  Index Only Scan using user_stats_pkey on user_stats us  (cost=0.29..5.79 rows=1 width=4) (actual time=0.011..0.011 rows=1 loops=87)
                                                        Index Cond: (user_id = u.id)
                                                        Heap Fetches: 87
                                            ->  Index Scan using user_stats_pkey on user_stats user_stats_1  (cost=0.29..0.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=87)
                                                  Index Cond: (user_id = us.user_id)
                                                  Filter: (posts_read_count < 10000)
                                                  Rows Removed by Filter: 0
                                      ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..92.98 rows=4455 width=8) (actual time=0.036..2.492 rows=3883 loops=56)
                                            Index Cond: (user_id = user_stats_1.user_id)
                                ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=217440)
                                      Index Cond: (id = pt.topic_id)
                                      Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                      Rows Removed by Filter: 0
Planning Time: 1.406 ms
Execution Time: 677.817 ms
```
2023-04-11 12:28:08 +10:00