Merge branch 'master' of github.com:discourse/discourse

2025-02-25 18:55:32 -06:00 · 2020-02-03 15:13:33 +10:00
parent 89cb8f769a dd3a7f4825
commit baca59c1a6
11 changed files with 22 additions and 13 deletions
--- a/app/serializers/admin_user_list_serializer.rb
+++ b/app/serializers/admin_user_list_serializer.rb
@@ -109,7 +109,7 @@ class AdminUserListSerializer < BasicUserSerializer
  def include_second_factor_enabled?
    !SiteSetting.enable_sso &&
      SiteSetting.enable_local_logins &&
-      object.totps.present?
+      object.has_any_second_factor_methods_enabled?
  end

  def second_factor_enabled
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -1534,7 +1534,6 @@ en:
    content_security_policy_collect_reports: "Enable CSP violation report collection at /csp_reports"
    content_security_policy_script_src: "Additional whitelisted script sources. The current host and CDN are included by default. See <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy.</a>"
    invalidate_inactive_admin_email_after_days: "Admin accounts that have not visited the site in this number of days will need to re-validate their email address before logging in. Set to 0 to disable."
-    allow_embedding_site_in_an_iframe: "Enable embedding of the site in iframes."
    top_menu: "Determine which items appear in the homepage navigation, and in what order. Example latest|new|unread|categories|top|read|posted|bookmarks"
    post_menu: "Determine which items appear on the post menu, and in what order. Example like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "The menu items to hide by default in the post menu unless an expansion ellipsis is clicked on."
--- a/config/locales/server.es.yml
+++ b/config/locales/server.es.yml
@@ -1419,7 +1419,6 @@ es:
    content_security_policy_collect_reports: "Habilitar la recolección de reportes de violación de CSP en /csp_reports"
    content_security_policy_script_src: "Fuentes de script adicionales en la lista blanca. El host actual y CDN se incluyen por defecto. Leer <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy.</a>"
    invalidate_inactive_admin_email_after_days: "Las cuentas administrativas que no hayan visitado la página en este número de días deberán validar de nuevo su dirección de correo electrónico antes de iniciar sesión. Establecer a 0 para desactivar."
-    allow_embedding_site_in_an_iframe: "Habilitar la inserción del sitio en iframes."
    top_menu: "Determinar los elementos que aparecen en el menú de navegación de la página de inicio y su orden. Ejemplo últimos|nuevos|no leídos|categorías|destacados|leídos|publicados|marcadores"
    post_menu: "Determinar los elementos que aparecen en el menú de publicación  y su orden. Ejemplo: me gusta|editar|reportar|eliminar|compartir|guardar en marcadores|responder"
    post_menu_hidden_items: "Los elementos del menú que se ocultan por defecto en el menú de publicación a menos que se haga clic en el botón para expandir las opciones."
--- a/config/locales/server.fi.yml
+++ b/config/locales/server.fi.yml
@@ -1406,7 +1406,6 @@ fi:
    content_security_policy_collect_reports: "Ota käyttöön CSP-seulontojen kerääminen lokiin /csp_reports"
    content_security_policy_script_src: "Muut sallitut skriptien lähteet. Nykyinen webhotelli ja CDN ovat sallittuja oletuksena. Ks. <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy.</a>"
    invalidate_inactive_admin_email_after_days: "Ylläpitäjätunnukset jotka eivät ole vierailleet sivustolla näin moneen päivään joutuvat vahvistamaan sähköpostiosoitteensa uudelleen ennen sisäänkirjautumista. Aseta 0 poistaaksesi käytöstä."
-    allow_embedding_site_in_an_iframe: "Salli sivuston upottaminen iframeihin."
    top_menu: "Mitkä painikkeet näytetään kotisivun navigointipalkissa, ja missä järjestyksessä. Esimerkiksi latest|new|unread|categories|top|read|posted|bookmarks"
    post_menu: "Mitkä painikkeet näytetään viestin valikossa, ja missä järjestyksessä. Esimerkiksi like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "Piilotettavat painikkeet viestin valikosta, kunnes '...' klikataan."
--- a/config/locales/server.he.yml
+++ b/config/locales/server.he.yml
@@ -1490,7 +1490,6 @@ he:
    content_security_policy_collect_reports: "הפעלת איסוף דוחות הפרה של CSP (מדיניות אבטחת תוכן) תחת ‎/csp_reports"
    content_security_policy_script_src: "מקורות נוספים לסקריפטים שעברו אישור. המארח וה־CDN הנוכחיים נכללים כבררת מחדל. ניתן לעיין ב<a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>התקפות XSS בעזרת CSP - מדיניות אבטחת תוכן.</a>"
    invalidate_inactive_admin_email_after_days: "חשבונות מנהלים שלא ביקרו באתר מעל כמות כזו של ימים יאלצו לאמת מחדש את כתובת הדוא״ל שלהם כדי לשוב ולהיכנס. להגדיר כ־0 כדי לנטרל."
-    allow_embedding_site_in_an_iframe: "לאפשר הטמעה של האתר בתוך מסגרות iframes."
    top_menu: "החליטו אילו פריטים יופיעו בניווט עמוד הבית ובאיזה סדר לדוגמה |אחרונים|חדשים|קטגוריות|מובילים|נקראו|פורסמו|סימניות"
    post_menu: "החליטו אילו פריטים מופיעים בתפריט הפוסט, ובאיזה סדר. למשל like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "פריטי התפריט להסתרה כברירת מחדל בתפריט הפוסט, אלא אם כן נלחץ לחצן ההרחבה."
--- a/config/locales/server.nl.yml
+++ b/config/locales/server.nl.yml
@@ -1420,7 +1420,6 @@ nl:
    content_security_policy_collect_reports: "Rapportverzameling voor CSP-schendingen inschakelen via /csp_reports"
    content_security_policy_script_src: "Aanvullende scriptbronnen op de whitelist. De huidige host en CDN zijn standaard inbegrepen. Zie <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy</a>."
    invalidate_inactive_admin_email_after_days: "Beheerdersaccounts die de website dit aantal dagen niet hebben bezocht, dienen hun e-mailadres voor het aanmelden opnieuw te valideren. Stel dit in op 0 om uit te schakelen."
-    allow_embedding_site_in_an_iframe: "Inbedding van de website in iframes inschakelen."
    top_menu: "Bepalen welke items in het hoofdnavigatiemenu verschijnen, en in welke volgorde. Voorbeeld: latest|new|unread|categories|top|read|posted|bookmarks"
    post_menu: "Bepalen welke items in het berichtmenu verschijnen, en in welke volgorde. Voorbeeld: like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "De menu-items die standaard in het berichtmenu moeten worden verborgen, totdat er op een uitvouw-ellipsis wordt geklikt."
--- a/config/locales/server.sv.yml
+++ b/config/locales/server.sv.yml
@@ -1172,7 +1172,6 @@ sv:
    moderators_create_categories: "Tillåt moderatorer att skapa nya kategorier"
    cors_origins: "Tillåtna ursprung för cross-ursprungsbegäran (CORS). Varje ursprung måste inkludera http:// eller https://. DISCOURSE_ENABLE_CORS env variabeln måste sättas till true för att aktivera CORS."
    use_admin_ip_whitelist: "Administratörer kan bara logga in om de är på en IP-adress definierad i listan över granskade IP-adresser (Admin > Loggar > Granskade IP-adresser)."
-    allow_embedding_site_in_an_iframe: "Aktivera inbäddning av webbplatsen i iframes."
    top_menu: "Bestäm vilka objekt som visas i hemsidans navigation, och i vilken ordning. Exempel: latest|new|unread|categories|top|read|posted|bookmarks"
    post_menu: "Bestäm vilka objekt som visas i inläggsmenyn och i vilken ordning. Exempel: like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "Standardinställning för vilka menyobjekt som döljs i inläggsmenyn om inte utvidgnings-ellipsen har klickats på."
--- a/config/locales/server.tr_TR.yml
+++ b/config/locales/server.tr_TR.yml
@@ -1407,7 +1407,6 @@ tr_TR:
    content_security_policy_collect_reports: "/ Csp_reports adresinde CSP ihlali raporu toplamayı etkinleştir"
    content_security_policy_script_src: "Beyaz listeye eklenen ek komut dosyası kaynakları. Geçerli ana sunucu ve CDN varsayılan olarak dahil edilmiştir. Bkz <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>. İçerik Güvenliği İlkesi ile XSS Saldırılarını Azaltma.</a>"
    invalidate_inactive_admin_email_after_days: "Bu günlerde siteyi ziyaret etmeyen yönetici hesaplarının giriş yapmadan önce e-posta adreslerini yeniden doğrulamaları gerekir. Devre dışı bırakmak için 0 olarak ayarlayın."
-    allow_embedding_site_in_an_iframe: "Sitenin iframe'lere yerleştirilmesini etkinleştir."
    top_menu: "Anasayfa gezingesinde nelerin, hangi sırada yer alacağını belirleyin. Örneğin en sonIyeniIokunmamışIkategorilerIgözdeIokunmuşlarIgönderilenlerIimlenenler"
    post_menu: "Gönderi menüsündeki öğelerin hangi sırada yer alacağını belirleyin. Örnek: beğen|düzenle|bildir|sil|paylaş|imle|cevapla"
    post_menu_hidden_items: "Gönderi menüsündeki maddeler, genişletme üç noktasına tıklanmadığı takdirde otomatik olarak gizlenir. "
--- a/config/locales/server.zh_CN.yml
+++ b/config/locales/server.zh_CN.yml
@@ -1365,7 +1365,6 @@ zh_CN:
    content_security_policy_collect_reports: "在/csp_reports上启用内容安全策略违规报告收集"
    content_security_policy_script_src: "其它脚本来源白名单。默认包含当前主机和CDN。<a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>使用内容安全策略缓解XSS攻击</a>"
    invalidate_inactive_admin_email_after_days: "在此天数内未访问过网站的管理员帐户需要在登录前重新验证邮件地址。设置为0禁用。"
-    allow_embedding_site_in_an_iframe: "启用将网站嵌入iframe中。"
    top_menu: "确定在主页导航条包含哪些条目，以及排列顺序。例如：latest|new|unread|categories|top|read|posted|bookmarks"
    post_menu: "确定在帖子菜单条包含哪些条目，以及排列顺序。例如：like|edit|flag|delete|share|bookmark|reply"
    post_menu_hidden_items: "帖子菜单中默认隐藏的按钮，点击省略号后显示。"
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1413,6 +1413,7 @@ security:
    max: 2000
  allow_embedding_site_in_an_iframe:
    default: false
+    hidden: true

 onebox:
  enable_flash_video_onebox: false
--- a/spec/serializers/admin_user_list_serializer_spec.rb
+++ b/spec/serializers/admin_user_list_serializer_spec.rb
@@ -3,7 +3,7 @@
 require 'rails_helper'

 describe AdminUserListSerializer do
-  fab!(:user) { Fabricate(:user_second_factor_totp).user }
+  fab!(:user) { Fabricate(:user) }
  fab!(:admin) { Fabricate(:admin) }
  let(:guardian) { Guardian.new(admin) }

@@ -11,10 +11,26 @@ describe AdminUserListSerializer do
    AdminUserListSerializer.new(user, scope: guardian, root: false)
  end

-  it "returns the right values when user has second factor totp enabled" do
-    json = serializer.as_json
+  context "when totp enabled" do
+    before do
+      Fabricate(:user_second_factor_totp, user: user)
+    end
+    it "returns the right values" do
+      json = serializer.as_json

-    expect(json[:second_factor_enabled]).to eq(true)
+      expect(json[:second_factor_enabled]).to eq(true)
+    end
+  end
+
+  context "when security keys enabled" do
+    before do
+      Fabricate(:user_security_key, user: user)
+    end
+    it "returns the right values" do
+      json = serializer.as_json
+
+      expect(json[:second_factor_enabled]).to eq(true)
+    end
  end

  context "emails" do