Commit Graph

43247 Commits

Author SHA1 Message Date
dependabot[bot] f00053e414
Build(deps): Bump zeitwerk from 2.4.2 to 2.5.0 (#14670)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.4.2 to 2.5.0.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.4.2...v2.5.0)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-21 10:46:32 +08:00
Martin Brennan 0f03884375
DEV: Refactor bookmark modal code (#14654)
We had code to open the bookmark modal in two places -- the bookmark
list and also from within a topic. This caused the two code paths to
drift, as in the bookmark list we were not passing in the forTopic or
autoDeletePreferences data into the modal, and we were also not refreshing
the bookmark list when the bookmark was deleted from within the modal.

This commit moves the modal opening code into an importable
function from the controllers/bookmark module, and all callers
have to do is pass it an instance of Bookmark and also options
for what to do for the following:

* onAfterSave
* onAfterDelete
* onCloseWithoutSaving
2021-10-21 09:02:35 +10:00
David Taylor aac3547cc2
DEV: Update AWS API stub following gem version bump (#14673)
The latest version of the gem doesn't send whitespace in this request body, so we need to update the test stub accordingly
2021-10-20 23:04:08 +01:00
Neil Lalonde ae91818c19
Version bump to v2.8.0.beta7 (#14667) 2021-10-20 17:29:41 -04:00
David Taylor 010309d108
SECURITY: Improve validation of SNS subscription confirm (#14671)
An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
2021-10-20 22:20:52 +01:00
Osama Sayegh 8fb823c30f
FIX: Make the `verbose_auth_token_logging` setting off by default (#14664)
The `generate`, `rotate` and `suspicious`  auth token logs are now always logged regardless of the `verbose_auth_token_logging` setting because we rely no these to detect suspicious logins.
2021-10-20 17:20:39 +03:00
Penar Musaraj 1f8939c0f1
FIX: Show search context only in topic routes (#14650) 2021-10-20 09:48:26 -04:00
Penar Musaraj 3e86ec3e4e
FIX: Broken quick search on iPadOS (#14663)
This also reverts back to selecting the search input text when reopening
the search panel.
2021-10-20 09:31:53 -04:00
Joffrey JAFFEUX c2d4638ee1
DEV: drops jquery usage from wizard-canvas (#14662) 2021-10-20 14:42:06 +02:00
Joffrey JAFFEUX adb302f801
DEV: drops jquery usage un admin-report-chart (#14661) 2021-10-20 14:28:49 +02:00
Bhanu ae45c5efb5
Simplification of install Guide (#13716)
* [WIP] Simplification of install Guide

Working with @osioke to simplify a few pain areas of the install guide. 

Still a Work in progress, More changes incoming.

* Update install wording and links

To improve how it reads for a non-technical user looking to start their first Discourse community

* Update community install link

Update community install link to point to the Meta marketplace so more community contributors can help installs

* Copyedit for Branch change from master to main

* Some minor copyedits

Changes references from master to main
Changes a few commands from `apt-get` to just `apt` and from `yum` to `dnf` 
Also added first party reference to yum-cron

Added a small note and steps to perform rebuilds

* Copyedits take #2

more refined details

* Revert community install link and copyedits

Revert community install link, fix typo and add a link to the migration guide

* Remove optional info on maxmind

Remove optional info on maxmind to really simplify the guide and reduce the "yet another thing to configure" issue for self hosters

* fix capitalization

Co-authored-by: Osioke Itseuwa <osioke@users.noreply.github.com>
Co-authored-by: Rishabh <rishabhn@protonmail.com>
2021-10-20 17:41:54 +05:30
Arpit Jalan 1b8feae0bc
FIX: reset sso email and payload when user navigates away (#14658) 2021-10-20 17:21:32 +05:30
Joffrey JAFFEUX d18e3a45b9
FIX: none row doesn’t have a value, use class to target it (#14659) 2021-10-20 13:07:58 +02:00
dependabot[bot] 020ae3e0ff
Build(deps): Bump racc from 1.5.2 to 1.6.0 (#14652)
Bumps [racc](https://github.com/tenderlove/racc) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/tenderlove/racc/releases)
- [Changelog](https://github.com/ruby/racc/blob/master/ChangeLog)
- [Commits](https://github.com/tenderlove/racc/compare/v1.5.2...v1.6.0)

---
updated-dependencies:
- dependency-name: racc
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-20 12:50:37 +08:00
Alan Guo Xiang Tan e74e3fa043
FIX: Topic timeline not updating in megatopics. (#14645)
Before this fix, jumping to posts using the topic timeline scrollbar
will not update the counts since the topic scrollarea is not rerendered.

Follow-up to db337b10ee
2021-10-20 11:42:22 +08:00
tshenry 9bc68a5502
DEV: Mark discourse-category-experts official (#14655) 2021-10-19 19:04:54 -07:00
Martin Brennan ecee9d000b
FEATURE: Allow recovery of deleted small action posts (#14643)
Previously when clicking the Delete button for small action posts
there was no way to recover this post if the action was accidental.
Now if canRecover is true on the post, which it is just after it
is deleted and the post is fetched from the server again, we show
an undo button which calls the recover endpoint for the post.

We also now disallow the editing of the post if it is deleted, and
show the proper deleted red CSS on the small action post when deleted.
2021-10-20 08:13:27 +10:00
Faris Masad 3fbfec06fc Update replit onebox to accept .com 2021-10-19 16:37:33 -04:00
Penar Musaraj a1daf9fe53
FIX: Do not query backend when searching "in this topic" (#14649) 2021-10-19 13:01:42 -04:00
Discourse Translator Bot 25097fa0af
Update translations (#14648) 2021-10-19 15:23:54 +02:00
Arpit Jalan d1fc759ac4
FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
Andrei Prigorshnev b9164d22ee
FEATURE: add a hidden setting that enables using email as a source for username suggestions (#14623)
This is a follow-up to https://github.com/discourse/discourse/pull/14541. This adds a hidden setting for restoring the old behavior for those users who rely on it. We'll likely deprecate this setting at some point in the future.
2021-10-19 14:37:39 +04:00
Joffrey JAFFEUX a5eba43a65
FIX: only replaces double quotes and uses unicode (#14644)
`’` is actually not converted and doesn’t need to be normalised to `'`
2021-10-19 11:01:46 +02:00
Martin Brennan d3678f6930
FIX: Do not show recipient user in email participants list (#14642)
This commit removes the recipient's username from the
respond to / participants list that is shown at the bottom
of user notification emails. For example if the recipient's
username was jsmith, and there were participants ljones and
bmiller, we currently show this:

> "reply to this email to respond to jsmith, ljones, bmiller"

or

> "Participants: jsmith, ljones, bmiller"

However this is a bit redundant, as you are not replying to
yourself here if you are the recipient user. So we omit the
recipient user's username from this list, which is only used
in the text of the email and not elsewhere.
2021-10-19 15:26:22 +10:00
Martin Brennan 2364626ded
FEATURE: Change all core to use uppy-image-uploader (#14428)
Instead of using image-uploader, which relies on the old
UploadMixin, we can now use the uppy-image-uploader which
uses the new UppyUploadMixin which is stable enough and
supports both regular XHR uploads and direct S3 uploads,
controlled by a site setting (default to XHR).

At some point it may make sense to rename uppy-image-uploader
back to image-uploader, once we have gone through plugins
etc. and given a bit of deprecation time period.

This commit also fixes `for_private_message`, `for_site_setting`,
and `pasted` flags not being sent via uppy uploads onto the
UploadCreator, both via regular XHR uploads and also through
external/multipart uploads.

The uploaders changed are:

* site setting images
* badge images
* category logo
* category background
* group flair
* profile background
* profile card background
2021-10-19 13:25:42 +10:00
Joshua Rosenfeld 92afa74d92
Mark shared-edits plugin as official (#14639) 2021-10-19 10:38:06 +08:00
Alan Guo Xiang Tan 903a9e1c0d
DEV: Centralize logic for applying order to filtered posts. (#14634)
Instead of leaking ordering of the posts all around the class, we
centralize it in a method making the code easier to understand. In a
future PR, we will also introduce a plugin API to allow custom ordering
and the change in this commit helps to faciliate that.
2021-10-19 10:37:46 +08:00
Martin Brennan 1d131fcaff
FIX: Clarify None Needed option when editing bookmarks (#14633)
This commit makes the following change to the Edit Bookmark
modal window for clarity:

* If the user is editing an existing bookmark without a reminder set,
hide the "none needed" option. This will draw more attention to the
delete button.
* If the user is editing an existing bookmark with a reminder set for the
future, change the "none needed" option to say "remove reminder, keep bookmark"

To do this, I needed to provide an option to override the labels
for time shortcuts in certain cases, so I could keep the NONE shortcut
but have the different wording.
2021-10-19 10:32:20 +10:00
Penar Musaraj 560216b6a1
UX: Adjust quick search input width (#14640)
Ensures input takes up all available space (without contents overlapping icons).
2021-10-18 17:01:08 -07:00
Penar Musaraj 919a9a902a
FIX: Hide full screen toggle button when textarea is disabled (#14638) 2021-10-18 16:00:22 -04:00
Penar Musaraj 073e5ccd83
UX: Better topic search experience (#14625) 2021-10-18 13:17:27 -04:00
Penar Musaraj 7a4a1744a2
UX: Show fewer toolbar icons in mobile composer (#14621) 2021-10-18 10:16:10 -04:00
Jarek Radosz 70634198a4
UX: Display full-page user search in a grid (#14636)
Two reasons for this change:
1. Better utilization of the screen space (i.e. displaying more than 5 entries on a 13" display)
2. Making user link elements smaller fixes user-card positioning (it no longer displays far to the right, away from the user name/avatar)
2021-10-18 15:36:30 +02:00
Jean 6275658e3d
FEATURE: Add setting to disable notifications for topic category edits (#14632) 2021-10-18 09:04:01 -04:00
Alan Guo Xiang Tan fb5a062b1f
DEV: Remove `TopicView#first_post_id`. (#14631)
The method was only used for mega topics but it was redundant as the
first post can be determined from using the condition where
`Post#post_number` equal to one.
2021-10-18 14:47:47 +08:00
Martin Brennan b69c2f7311
DEV: Fix wasm_bindgen double loading errors in Firefox (#14630)
When we are calling the loadLibs function, which in turn calls:

importScripts(settings.mozjpeg_script);
importScripts(settings.resize_script);

For the media-optimization-worker service worker, we are getting
an error in Firefox, which balks at wasm_bindgen, a global
variable defined with let, being redefined when the module loads.
This causes image processing to fail in Firefox when more than one
image is uploaded at a time.

The solution to this is to just check whether the scripts are
already imported, and if so do not import them again.

Chrome doesn't seem to care about this variable redefinition
and does not error, and it seems to be expected behaviour that
the script can be loaded multiple times (see https://github.com/w3c/ServiceWorker/issues/1041)
2021-10-18 15:47:50 +10:00
Martin Brennan ca7fd77a94
DEV: Bump uppy module versions for retryable prepareUploadParts (#14629)
This commit bumps the following uppy modules:

* @uppy/aws-s3
* @uppy/aws-s3-multipart
* @uppy/core
* @uppy/drop-target
* @uppy/xhr-upload

This is done so we can use the new functionality for retrying
failed prepareUploadParts calls, introduced in
e435f4a917.

I also needed to make some changes to composer-upload-uppy to
support this retrying, while at the same time being able to
throw a bootbox with the error message if the number of retries
are exceeded.
2021-10-18 15:28:27 +10:00
Alan Guo Xiang Tan 235d069300
DEV: Reduce an additional DB query in `TopicView` for ignored users. (#14619)
`TopicView#first_post_id` does a pluck which we can avoid because the
first post will always have a `Post#post_number` of 1.
2021-10-18 09:58:13 +08:00
dependabot[bot] 779eeb65b3
Build(deps): Bump redis from 4.4.0 to 4.5.1 (#14627)
Bumps [redis](https://github.com/redis/redis-rb) from 4.4.0 to 4.5.1.
- [Release notes](https://github.com/redis/redis-rb/releases)
- [Changelog](https://github.com/redis/redis-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/redis-rb/compare/v4.4.0...v4.5.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-18 09:57:23 +08:00
dependabot[bot] b11b8f001c
Build(deps): Bump openssl from 2.2.0 to 2.2.1 (#14628)
Bumps [openssl](https://github.com/ruby/openssl) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/ruby/openssl/releases)
- [Changelog](https://github.com/ruby/openssl/blob/master/History.md)
- [Commits](https://github.com/ruby/openssl/compare/v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-18 09:57:00 +08:00
Qursch 11763a5e8d
FEATURE: Add reversed and type to allowed attributes (#14626) 2021-10-18 12:11:13 +11:00
Penar Musaraj 7c7dd2335b
FIX: Category and tag picker alignment on mobile (#14622) 2021-10-15 10:25:11 -04:00
Mark VanLandingham 69381663eb
REVERT: "DEV: APIs to disable PWA badging and unsubscribe from user notifications (#14595)" (#14620)
This reverts commit e1d3175668.
2021-10-15 08:45:55 -05:00
dependabot[bot] 2427ea6613
Build(deps): Bump json from 2.5.1 to 2.6.0 (#14612)
Bumps [json](https://github.com/flori/json) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/flori/json/releases)
- [Commits](https://github.com/flori/json/commits)

---
updated-dependencies:
- dependency-name: json
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-15 09:51:13 +02:00
Alan Guo Xiang Tan baae453012
DEV: Remove useless assignment in `TopicView#filter_posts_paged`. (#14618)
Assignment is already done in `TopicView#filter_posts_by_ids`
2021-10-15 15:49:22 +08:00
Rafael dos Santos Silva 6ad76520b8
FEATURE: Cache CORS preflight for MessageBus (#14616)
* FEATURE: Cache CORS preflight for MessageBus

Followup for b301a6b for MessageBus
2021-10-15 00:23:53 -03:00
Alan Guo Xiang Tan c34c24ffe4
DEV: Remove unused code from `TopicView`. (#14605) 2021-10-15 10:23:13 +08:00
Alan Guo Xiang Tan 316e4daa19
DEV: Refactor `TopicView#filter_posts` for readability. (#14606) 2021-10-15 10:22:49 +08:00
Rafael dos Santos Silva b301a6b3db
FEATURE: Cache CORS preflight requests for 2h (#14614)
* FEATURE: Cache CORS preflight requests for 2h

Browsers will cache this for 5 seconds by default. If using MessageBus
in a different domain, Discourse will issue a new long polling, by
default, every 30s or so. This means we would be issuing a new preflight
request **every time**. This can be incredibly wasteful, so let's cache
the authorization in the client for 2h, which is the maximum Chromium
allows us as of today.

* fix tests
2021-10-14 22:37:53 -03:00
Krzysztof Kotlarek 7c7e03e54b
FIX: correct api version after minor bump (#14615) 2021-10-15 09:21:51 +08:00