Commit Graph

5895 Commits

Author SHA1 Message Date
David Taylor 9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
michael@discoursehosting.com 81188060d6 Add S3 region eu-west-3 (Paris) 2018-07-09 14:18:35 +10:00
Sam 4f41ccd975 FEATURE: MauiBot is abusive and is now blocked
We have now seen multiple forums where MauiBot uses a large amount of
traffic, due to this bad behavior it is blocked out-of-the-box
2018-07-06 16:46:33 +10:00
Neil Lalonde eabc8f7fbd
Merge pull request #6023 from misaka4e21/only-staff-can-create-tag
FEATURE: Support disabling tag creation for non-staff users.
2018-07-05 11:12:44 -04:00
Patrick Gansterer 28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Maja Komel cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
Guo Xiang Tan b59c17d484 Update title site setting defaults for ja locale.
https://meta.discourse.org/t/updating-title-when-using-japanese-characters-does-not-work/88718/7
2018-06-28 23:23:00 +08:00
Arpit Jalan a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Dax74 ccc2d94ae8
Update link
See https://meta.discourse.org/t/wrong-link-on-manual-admin-creation/90849
2018-06-27 11:38:01 +02:00
misaka4e21 47cb46671a FEATURE: Support disabling tag creation for non-staff users. 2018-06-27 07:15:02 +08:00
Jeff Atwood 7dce8290ed copyedit on category drop down 2018-06-26 12:43:45 -07:00
Jeff Atwood 67a986f30d centralize trust level doc to blog 2018-06-25 17:34:47 -07:00
Neil Lalonde b3073175a7 FIX: missing translations for mobile flag modal 2018-06-25 10:59:44 -04:00
Ernesto Serrano d1297b7296 Update server.en.yml 2018-06-25 16:18:07 +10:00
Gerhard Schlager e5f62f7965 Update server.es.yml (reverted from commit 1ea380e30e) 2018-06-25 16:18:07 +10:00
Ernesto Serrano 64941e7f91 Update server.en.yml 2018-06-25 16:18:07 +10:00
Ernesto Serrano 8809984d83 Update server.es.yml 2018-06-25 16:18:07 +10:00
Ernesto Serrano f57375a5ce Update site_settings.yml 2018-06-25 16:18:07 +10:00
Jeff Atwood 549a47e801 copyedit on TL1 welcome (again) 2018-06-23 22:29:13 -07:00
Jeff Atwood d634486870 copyedit on TL1 congrats PM 2018-06-23 14:30:04 -07:00
Jeff Wong 41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Robin Ward c08c725c54 Allow plugins to omit base locales if they want 2018-06-22 09:46:23 -04:00
Joffrey JAFFEUX fed86225c8
FEATURE: differentiate total and total for period on admin table report 2018-06-21 22:46:53 +02:00
Joffrey JAFFEUX a41057aa6e
FEATURE: display report total value when showing report 2018-06-21 18:17:22 +02:00
Neil Lalonde 072659c22a Update translations 2018-06-21 10:34:09 -04:00
Sam f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Sam 591512fcb8 adjust defaults for search log retention 2018-06-20 10:46:07 +10:00
riking 38a8e52ca4 FIX: Add time retention limit to search logs
3 years is a very conservative limit that allows for a very wide buffer
for year-over-year analysis. The max is set to 5 years because that is
the policy listed for logging in hosted Discourse.
2018-06-20 10:44:11 +10:00
Arpit Jalan aedc61a3b4 FEATURE: allow large icon to be uploaded in wizard 2018-06-19 21:08:02 +05:30
Michael Brown ae5d255f83 FIX: Reference example.com instead of somesite.com in examples
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Neil Lalonde 320cd9a19e UX: rate limiter message will say to wait "a few seconds" instead of 0 to 3 seconds 2018-06-18 14:14:47 -04:00
Joffrey JAFFEUX 3fc82bf200
FIX: adds a title to composer actions header 2018-06-18 19:01:37 +02:00
Joffrey JAFFEUX f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Arpit Jalan f1d1207725 FIX: improve context when user deletes self 2018-06-18 11:36:22 +05:30
Arpit Jalan c7ee70941e FEATURE: show category page options on wizard 'homepage' step 2018-06-15 19:11:41 +05:30
Sam 87fabdc2f3 FIX: correct pool reaper
This removes a freedom patch and replaces with a custom reaper thread
it also captures an issue where reaper would fail when connections where
empty
2018-06-14 18:22:02 +10:00
Rafael dos Santos Silva 8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Sam 66982c7800 FIX: stop using Rails connection reaper in multisite
The Rails 5.2 connection reaper appears to be leaking threads
this is a quick fix to stop it, though we need to make sure we
never leak connection pools as well.
2018-06-14 12:49:30 +10:00
Robin Ward fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Jeff Atwood 0dee603ffc
Merge pull request #5985 from featheredtoast/pm-participants-two-lines
FIX: PM participants listed inline
2018-06-11 18:33:15 -07:00
Guo Xiang Tan 805fd17b23 ActiveRecord in Rails 5.2 discards connection pools after fork. 2018-06-12 09:30:52 +08:00
Jeff Wong 4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Gerhard Schlager 8fc6605d4f UX: No need to warn about username changes anymore 2018-06-11 18:43:56 +02:00
Gerhard Schlager 150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00
OsamaSayegh 1dbe13886f REFACTOR: admin site texts controller specs to requests (#5958) 2018-06-11 12:59:21 +08:00
Guo Xiang Tan 8a2c5fbebb Remove unused lines. 2018-06-11 08:44:41 +08:00
Neil Lalonde 79854198c1 Update translations 2018-06-08 10:27:53 -04:00
Arpit Jalan f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan 01f126e38f Simplify unicorn config. 2018-06-07 09:03:16 +08:00
Guo Xiang Tan a50cd8675a FIX: Permalink route matcher should always be last. 2018-06-06 14:55:22 +08:00
Guo Xiang Tan a4e6662833 FIX: Disconnects all connections in the pool before forking.
* We were leaking connections as a result. Connections opened
  before the fork were never closed.
2018-06-06 14:45:05 +08:00
Arpit Jalan d069f4ecba Revert "Revert "allow codepen iframe by default""
This reverts commit 174bf98572.
2018-06-06 06:48:08 +05:30
Régis Hanol dc61eaad37 FEATURE: new 'min ratio to crop' site setting 2018-06-05 17:13:00 +02:00
Arpit Jalan 174bf98572 Revert "allow codepen iframe by default"
This reverts commit dc00089ab2.
2018-06-05 18:21:21 +05:30
Arpit Jalan dc00089ab2 allow codepen iframe by default 2018-06-05 18:17:23 +05:30
Arpit Jalan 46fc57222f FEATURE: improve handling of site setting secrets 2018-06-04 21:31:34 +05:30
Arpit Jalan 36f9af4fa4 minor optimizations for post rejected logs 2018-06-02 09:44:55 +05:30
Arpit Jalan 89eca87f16 FEATURE: add staff action log for post rejections 2018-06-01 21:48:27 +05:30
Guo Xiang Tan 12a0f12530 Fix the build. 2018-06-01 11:24:32 +08:00
Guo Xiang Tan 50be06af47 Remove stale code. 2018-06-01 08:18:59 +08:00
Neil Lalonde dee9af2877 Update translations 2018-05-31 17:03:38 -04:00
Gerhard Schlager b7bf0e96aa Update translations 2018-05-29 22:01:57 +02:00
Gerhard Schlager 864ada835b FEATURE: Add Bulgarian language 2018-05-29 21:07:17 +02:00
Gerhard Schlager ce687f334b UX: The "enable 2FA" string was hard to translate 2018-05-29 16:25:43 +02:00
Joffrey JAFFEUX 16d0ab5654 Revert "UX: localizes titles in dashboard table reports"
This reverts commit 409c0ddf85.
2018-05-28 20:35:22 +02:00
Joffrey JAFFEUX 409c0ddf85
UX: localizes titles in dashboard table reports 2018-05-28 20:03:05 +02:00
Guo Xiang Tan 0b55416742 UX: Don't display `all groups` option if group directory is disabled.a
https://meta.discourse.org/t/all-groups-option-leads-to-access-denied-page/88464
2018-05-28 11:32:55 +08:00
Sam c677877e4f FIX: Korean needs no word segmentation 2018-05-28 09:37:57 +10:00
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Neil Lalonde 30fbf6fe81 Add min and max to digest topic and post settings. Email clients may truncate messages that are too long. 2018-05-24 14:39:28 -04:00
Sam ed08545d1f FEATURE: allow searching in title in advanced search
Add UI for matching in title only in advanced search options
2018-05-24 12:34:53 +10:00
Guo Xiang Tan 2aad91d4a2 PERF: Don't bloat the Sidekiq queue with `Jobs::SendPushNotification`. 2018-05-24 10:04:09 +08:00
Jeff Wong ebd966fbdb Feature: Add warning banner in email settings when mailing list mode enabled 2018-05-23 18:54:10 -07:00
Joe 9df6b2c00b
FIX: clarify badge image field help text 2018-05-23 21:34:16 +08:00
Ryan Mulligan fac4bf2f85 ignore emails that are from the reply by email addresses (#5843) 2018-05-23 10:04:45 +02:00
Sam 6974b7d6a8 FIX: run deferred jobs inline in sidekiq 2018-05-23 12:05:37 +10:00
Neil Lalonde 79d202a73c FIX: update Indonesian translations to fix date translations 2018-05-22 12:00:34 -04:00
Joshua Rosenfeld d86bd48397
Copyedit 2018-05-22 11:14:16 -04:00
Joe 3ef3b5b67a
FIX: both icon and image fields used the same string.
Added new string for image field and edited the current string for the icon field.
2018-05-22 16:02:50 +08:00
Sam 39bfd836c6 FEATURE: do not boot Ruby if not on 2.4 or up 2018-05-22 09:21:47 +10:00
Guo Xiang Tan 467d91347a Missing specs for `Group`, `Tag`, `Category` and `Flag` web hooks. 2018-05-21 17:29:58 +08:00
Guo Xiang Tan bf84037f79 FIX: Payload for webhooks should be current as of the time the event was triggered.
https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752
2018-05-21 17:29:58 +08:00
Sam ec337bbcb3 DEV: attempt to report last exception as the "cause" for failures
This allows our request specs to report exceptions so we can debug

May have a few false positives but generally should be quiet

TODO only wire magic in for request specs, currently happens for all
2018-05-21 17:01:50 +10:00
Guo Xiang Tan e78f1d7589 Fix the build take 2. 2018-05-21 14:35:59 +08:00
Guo Xiang Tan b7b08b4173 Fix regression introduced in 2ceb107074. 2018-05-21 13:26:23 +08:00
Guo Xiang Tan 2ceb107074 Refactor tests to use the json extension instead of headers. 2018-05-21 09:49:46 +08:00
Jeff Atwood 4329b484e8 minor copyedit on dashboard chart title 2018-05-18 16:04:33 -07:00
OsamaSayegh 0800098f1a FIX: don't allow duplicate watched words (#5844)
We already have logic in place for server side, this'll just display a little message that says the word already exists
2018-05-18 10:11:08 +02:00
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Sam 0db04956d7 update description of graph 2018-05-17 12:24:13 +10:00
Sam 6796d72e9d Shorten copy 2018-05-17 10:26:30 +10:00
Régis Hanol a9ebde5111 FEATURE: new 'staged' users list for admins 2018-05-17 01:52:49 +02:00
Jeff Atwood 7195bdf025 very minor copyedit 2018-05-16 16:08:14 -07:00
Gerhard Schlager 01b0d9d235 Update translations 2018-05-17 00:08:33 +02:00
Régis Hanol 489e7f220d UX: show a message when more than 30 site settings matches the current filter
UX: show the counts when displaying only overridden settings
UX: show 30+ count when more than 30 site settings matches the current filter
2018-05-16 15:37:40 +02:00
Sam 2271869c6b old dashboard needs a route 2018-05-16 11:42:45 +10:00
Jeff Atwood c0a87f1fbf very minor copyedit 2018-05-15 15:22:46 -07:00
Sam 4461de6281 improve tooltip 2018-05-15 10:32:41 +10:00
Joffrey JAFFEUX e474351ae4
inactive users report is not used anymore 2018-05-14 21:31:14 +02:00
Joffrey JAFFEUX ba0cec2091
UX: minor fixes to new dashboard UI
- adds a link to search log
- display a text if log search queries is disabled
- adds link to trust level and user types
- adds a description for eeach report when browsing a report directly
2018-05-14 14:23:51 +02:00
Gerhard Schlager 494fb36c77 UX: Remove obsolete warning about changing post ownership 2018-05-14 13:20:29 +02:00
Sam 6332d5040d UX: switch dashboard to be the new dashboard
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam 8a783412b7 UX: improvements to new dashboard
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Joshua Rosenfeld 52d6b0f948
Minor copyedit 2018-05-10 15:24:27 -04:00
Guo Xiang Tan 186623acd0 FEATURE: Keep `EmailLogs` records without a `reply_key` for 90 days by default. 2018-05-10 15:33:49 +08:00
Régis Hanol 86eb3528ec FEATURE: clearer error message when receiving a reply to an old notification 2018-05-09 18:51:01 +02:00
Régis Hanol 858ac6b61e FIX: prevent theme uploads from overwriting existing variables 2018-05-09 11:54:43 +02:00
Jeff Wong dc93c1b433 FIX: temporary redirect for service worker scripts 2018-05-08 10:40:02 -07:00
Arpit Jalan 83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Robin Ward 8262fc5d15
Merge pull request #5807 from discourse/min-flags-by-topic
FEATURE: New site setting `min_flags_staff_visibility`
2018-05-08 09:17:29 -04:00
Jeff Wong 2002a7c4ef FIX: regenerate vapid keys when the public key bytes is blank 2018-05-07 17:01:56 -07:00
Robin Ward ac60a84329 FEATURE: New site setting `min_flags_staff_visibility`
When set higher than 1, flags won't show up for staff in the admin
section unless the minimum threshold of flags on a post is reached.
2018-05-07 16:05:13 -04:00
Misaka 0x4e21 ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Jeff Wong 91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Robin Ward 84cc52d8fc FIX: Show a nicer message when there aren't any flagged topics. 2018-05-04 10:24:18 -04:00
Gerhard Schlager 7bf01fd769 Update translations 2018-05-04 10:58:21 +02:00
Jeff Wong 62a8904729
Feature: Include participants at the bottom of PM emails (#5797)
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Neil Lalonde a0447b47e0 UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out. 2018-05-03 16:18:19 -04:00
Neil Lalonde 69a3ba0014 Update translations 2018-05-03 15:23:31 -04:00
Joffrey JAFFEUX 980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Michael Brown beef046259 Clarify user-to-user message report titles 2018-05-01 16:43:07 -04:00
Risto e686c5edb6
deferred -> ignored
Came across to an obsolete term.
2018-05-01 23:06:57 +03:00
Jeff Atwood f0bdca87d8 improve help copy on enable local logins 2018-04-28 23:27:16 -07:00
Gerhard Schlager 0e5104fa70 Update translations 2018-04-27 19:20:19 +02:00
Neil Lalonde bd77795d7a REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges 2018-04-26 13:25:24 -04:00
Joffrey JAFFEUX 9fabf2543b
dashboard next: activity metrics and new contributors
This commit also introduces a better grouping of data points.
2018-04-26 14:49:41 +02:00
Sam 88f5251415 FIX: disallow invalid top_menu and post_menu and share_links
In the past any text could be entered there causing big potential issues
2018-04-26 17:00:56 +10:00
Sam c7a0ced656 FIX: remove facebook_request_extra_profile_details
Since this no longer works
2018-04-26 14:14:35 +10:00
Jeff Atwood 0cad5b2125 missed a file somehow 2018-04-25 12:47:09 -07:00
Jeff Atwood 6fae1cee34 better help for typographer setting 2018-04-25 12:46:45 -07:00
Robin Ward 456e40a709 FIX: Don't allow a user to become TL3 if they've ever been penalized
Previously the code would only check if they were *currently* suspended
or silenced.
2018-04-24 15:15:32 -04:00
Arpit Jalan 4f55fbfefa FEATURE: include report title in PM subject and filename 2018-04-24 22:25:54 +05:30
Neil Lalonde 8babf1c1e1 Update translations 2018-04-24 11:08:45 -04:00
Gerhard Schlager ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Robin Ward fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam 54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Arpit Jalan 0a442977b3 FEATURE: add staff action log for post approvals 2018-04-23 11:28:44 +05:30
Sam ded84a4b58 PERF: improve performance once logged in rate limiter hits
If "logged in" is being forced anonymous on certain routes, trigger
the protection for any requests that spend 50ms queueing

This means that ...

1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval
2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected

This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 11:55:25 +10:00
Neil Lalonde 70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Guo Xiang Tan 45fe5dc793 `$redis.client` -> `$redis._client`.
See c239abb43c
2018-04-20 13:01:17 +08:00
Sam 26ce930ac6 FIX: remove auth cookie if we see InvalidAccess 2018-04-20 11:21:51 +10:00
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX 0e414d0890
dashboard next: trending search report
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX 01c061d20d
dashboard next: perf and UI tweaks
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Jeff Atwood 2e1454a6e2 very minor copyedit 2018-04-18 02:08:26 -07:00
Arpit Jalan dcf33e74d6 UX: update placeholder for full page search 2018-04-18 13:50:34 +05:30
Jeff Atwood 1b9647d124 minor copyedit 2018-04-18 01:04:14 -07:00
Sam 59cd7894d9 FEATURE: if site is under extreme load show anon view
If a particular path is being hit extremely hard by logged on users,
revert to anonymous cached view.

This will only come into effect if 3 requests queue for longer than 2 seconds
on a *single* path.

This can happen if a URL is shared with the entire forum base and everyone
is logged on
2018-04-18 16:58:57 +10:00