Commit Graph

26027 Commits

Author SHA1 Message Date
Martin Brennan
3b13f1146b
FIX: Add random suffix to outbound Message-ID for email (#15179)
Currently the Message-IDs we send out for outbound email
are not unique; for a post they look like:

topic/TOPIC_ID/POST_ID@HOST

And for a topic they look like:

topic/TOPIC_ID@HOST

This commit changes the outbound Message-IDs to also have
a random suffix before the host, so the new format is
like this:

topic/TOPIC_ID/POST_ID.RANDOM_SUFFIX@HOST

Or:

topic/TOPIC_ID.RANDOM_SUFFIX@HOST

This should help with email deliverability. This change
is backwards-compatible, the old Message-ID format will
still be recognized in the mail receiver flow, so people
will still be able to reply using Message-IDs, In-Reply-To,
and References headers that have already been sent.

This commit also refactors Message-ID related logic
to a central location, and adds judicious amounts of
tests and documentation.
2021-12-06 10:34:39 +10:00
David Taylor
972d7cb1d6
DEV: Fix mini-profiler location for custom (or missing) d-headers (#15192) 2021-12-04 23:33:07 +00:00
Jarek Radosz
d3912075b6
FIX: PWA badges were not updating (#15191)
That regressed in #7714, over two years ago. :P
2021-12-05 00:15:51 +01:00
Kris
03f3d79388
UX: remove style that breaks composer on pm page (#15189) 2021-12-03 21:56:37 -05:00
Kris
6d2eae27a6
UX: reduce composer jumpiness on android (#15184) 2021-12-03 17:02:22 -05:00
Kris
657c137384
UX: Prevent overflow on mobile timeline dates (#15182) 2021-12-03 13:48:26 -05:00
Kris
b01ded9c89
UX: Improve tag info style (#15177) 2021-12-03 10:22:05 -05:00
Joffrey JAFFEUX
f9e2ab570b
FIX: allows more precise placement strategy on mobile (#15171)
* FIX: allows more precise placement strategy on mobile

- default to absolute on mobile, fixed on desktop
- allows to set a global `placementStrategy` or a specific to each view `mobilePlacementStrategy` `desktopPlacementStrategy`

This is mainly used to allow a proper composer-actions positioning in mobile.

Note this commit also fixes a mouseDown event which could propagate quote-button event and cause the composer to close full screen on mobile

* mobile only
2021-12-03 11:47:33 +11:00
Mark VanLandingham
7e005f2ea3
DEV: Don't error when emoji-picker is used outside composer (#15172) 2021-12-02 14:50:30 -06:00
Jordan Vidrine
9ecf454074
DEV: Invite page changes (#15175) 2021-12-02 13:18:11 -06:00
Jarek Radosz
7456a59022
FEATURE: Add the ability to go back and forth between PM and New Topic (#15173)
Before this, if you were composing a new topic and then switched the mode to "New Message", the dropdown would disappear.

So if you changed your mind, you'd have to copy the text you typed, cancel, click "New Topic" again, and then paste the text. (and if you already had a title entered too, things would be more complicated…)
2021-12-02 19:46:40 +01:00
Daniel Waterworth
bd10f113e9
DEV: Raise errors for (black|white)list accesses (#15174)
These have been deprecated for a while
2021-12-02 12:16:55 -06:00
Michelle Bueno Saquetim Vendrame
9b5836aa1d
Add three reports (#14338)
* Add report top_users_by_received_likes

* Add report top_users_by_received_likes_from_inferior_trust_level

* Add report top_users_by_likes_received_from_a_variety_of_people

* Add test to report_top_users_by_received_likes

* add top_users_by_likes_received_from_a_variety_of_people report test

* add top_users_by_likes_received_from_inferior_trust_level report tests
2021-12-02 22:41:55 +05:30
Daniel Waterworth
2f04a9b9fb
DEV: Remove site_setting_saved event (#15164)
We said we would drop it from 2.4, so this is long overdue

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-02 09:33:03 -06:00
David Taylor
cfb6199a95
FIX: Don't redirect XHR/JSON requests when login is required (#15093)
When redirecting to login, we store a destination_url cookie, which the user is then redirected to after login. We never want the user to be redirected to a JSON URL. Instead, we should return a 403 in these situations.

This should also be much less confusing for API consumers - a 403 is a better representation than a 302.
2021-12-02 15:12:25 +00:00
David Taylor
55cbc70f3f
DEV: Ensure redirects are passed through to the client by ember-cli (#15170)
By default, `fetch` will transparently follow redirects, even across domain boundaries
2021-12-02 15:03:45 +00:00
Penar Musaraj
732678f642
UX: Fix alignment in group navigation bar (#15169)
Same as #15145.
2021-12-02 09:45:33 -05:00
Andrei Prigorshnev
1c0022c195
FIX: extract and fix overriding of usernames by external auth (#14637) 2021-12-02 17:42:23 +04:00
David Taylor
ceca34aca6
DEV: Ensure ember-cli does not attempt to bootstrap non-ember pages (#15168)
1b3d124a introduced a logic change which meant that we attempted to bootstrap, even on pages without any `preloadJson` (i.e. non-ember HTML pages from Discourse). This commit restores the original logic, making sure to avoid `?.`.
2021-12-02 10:58:54 +00:00
David Taylor
44d16fcd8e
DEV: Print full stack trace on ember-cli bootstrap error (#15167) 2021-12-02 10:58:03 +00:00
Sam
3a73028a70
PERF: migrate normalized_emails in a migrations (#15166)
Old OnceOff job could perform pretty slowly on sites with millions of emails

New implementation operates in batches in a migration, minimizing locking.
2021-12-02 15:08:22 +11:00
Jarek Radosz
1b3d124a4e
DEV: Don't use ?. in bootstrap-json (#15162)
That code is not transpiled, so it doesn't work on older node versions.
2021-12-01 22:04:56 +01:00
Mark VanLandingham
bd140948e3
DEV: Changes to support chat uploads (#15153) 2021-12-01 13:24:16 -06:00
David Taylor
abe30a17da
DEV: Fix ember CLI bootstrap logic (#15160)
When 1fa7a87f was rebased onto `main`, it didn't take into account the recent changes in c0781d7d. This commit updates the logic to work properly.
2021-12-01 18:31:52 +00:00
Kerry Liu
64e1ca6daa UX: only apply link formats on paste to selections that do not contain links 2021-12-01 13:29:17 -05:00
Osama Sayegh
1d69261bc0
FIX: Set auto_update to false for non-git themes/components (#15157)
Related to: 20f736aa11.

`auto_update` is true by default at the database level, but it doesn't make sense for `auto_update` to be true on themes that are not imported from a Git repository.
2021-12-01 19:58:13 +03:00
David Taylor
1fa7a87f86
SECURITY: Remove ember-cli specific response from application routes (#15155)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
2021-12-01 16:10:40 +00:00
Andrei Prigorshnev
f37375f582
DEV: avoid sending events to a destroying object and enable few skipped tests (#15030) 2021-12-01 18:21:44 +04:00
Martin Brennan
4bdb956a0d
Revert "UX: Fix alignment in group navigation bar (#15145)" (#15150)
This reverts commit 01830f9d28.

This broke sidebar and could have affected customer themes
on a full enterprise deploy.
2021-12-01 16:13:03 +11:00
Natalie Tay
0f598ca51e
SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
Penar Musaraj
01830f9d28
UX: Fix alignment in group navigation bar (#15145) 2021-12-01 11:49:34 +11:00
Martin Brennan
d64323b4e6
DEV: Change create-invite-uploader to use uppy (#15088)
Part of overall strategy to remove jQuery file uploader
from the codebase. Also added some helper functionality to
the uppy mixin to allow for non-autostart uploads (all
previous upload changes have been for auto start components.)
2021-12-01 09:45:05 +10:00
Martin Brennan
dce6c6fb50
FIX: Native File object was not passed to uploadHandler (#15146)
The commit 20b2a42f49 broke
upload handlers, because previously we passed through the
native File object to the handler, not the uppy-wrapped
File object.
2021-12-01 09:01:53 +10:00
Krzysztof Kotlarek
9cabd3721b
FEATURE: ability to add description to tags (#15125)
Ability to add description to tags, which will be displayed on hover.
2021-12-01 09:18:56 +11:00
Jarek Radosz
0bf30196c9
FIX: Broken css in #15141 (#15144) 2021-11-30 20:02:22 +01:00
Jarek Radosz
feb9a3675d
UX: Tweak mobile composer styling (#15141)
A followup to #15117
2021-11-30 19:50:28 +01:00
Jarek Radosz
ac79c5efc6
UX: Tweak composer styling (#15117)
* Even margins
* Slightly more muted and unified borders, separators, and icons
* Editor and preview area have same height
2021-11-30 17:41:22 +01:00
Jarek Radosz
7ce6971539
DEV: Add drop-date to drop-dateless deprecations (#15133) 2021-11-30 17:41:04 +01:00
Jarek Radosz
c0781d7d23
DEV: Replace bent with node-fetch in bootstrap (#15139)
Drops the `acceptedStatusCodes` array.
2021-11-30 17:40:32 +01:00
Roman Rizzi
1fc06520bd
REFACTOR: Improve support for consolidating notifications. (#14904)
* REFACTOR: Improve support for consolidating notifications.

Before this commit, we didn't have a single way of consolidating notifications. For notifications like group summaries, we manually removed old ones before creating a new one. On the other hand, we used an after_create callback for likes and group membership requests, which caused unnecessary work, as we need to delete the record we created to replace it with a consolidated one.

We now have all the consolidation rules centralized in a single place: the consolidation planner class. Other parts of the app looking to create a consolidable notification can do so by calling Notification#consolidate_or_save!, instead of the default Notification#create! method.

Finally, we added two more rules: one for re-using existing group summaries and another for deleting duplicated dashboard problems PMs notifications when the user is tracking the moderator's inbox. Setting the threshold to one forces the planner to apply this rule every time.

I plan to add plugin support for adding custom rules in another PR to keep this one relatively small.

* DEV: Introduces a plugin API for consolidating notifications.

This commit removes the `Notification#filter_by_consolidation_data` scope since plugins could have to define their criteria. The Plan class now receives two blocks, one to query for an already consolidated notification, which we'll try to update, and another to query for existing ones to consolidate.

It also receives a consolidation window, which accepts an ActiveSupport::Duration object, and filter notifications created since that value.
2021-11-30 13:36:14 -03:00
Andrei Prigorshnev
284ab8cdf7
DEV: migrate (almost all) routes from actions: to @action syntax (#14722)
This should be safe, all these places are pretty straightforward. I've run into one problem when changing this, though. That problem was fixed in https://github.com/discourse/discourse/pull/14624
2021-11-30 17:01:06 +04:00
Andrei Prigorshnev
88f9bb3dc9
FIX: do not suggest "user1" as a username to invited users (#15031)
Recently, the wrong new behavior appeared – we started to suggest to invited users usernames like "user1".

To reproduce:
1. Create an invitation with default settings, do not restrict it to email
2. Copy an invitation link and follow it in incognito mode
See username already filled, with eg “user1”. See screenshot. Should be empty.

This bug was very likely introduced by my recent changes to UserNameSuggester.
2021-11-30 16:59:37 +04:00
Jarek Radosz
24356e339b
DEV: Fix pending posts page, make tests work in legacy env (#15132)
* Running the tests only in the ember cli env hid the fact that the pending posts feature wasn't working in the legacy environment
* Tests were using ember-cli-only APIs while there are widely used testing APIs in Discourse that support both ember envs
* `ember-test-selectors` was in both dependencies and devDependencies in discourse/package.json
* `qunit-dom` in package.json was not only unused but also defunct, as it wasn't pulled into the legacy env app

A followup to #14501, and #15128.
2021-11-30 13:01:39 +01:00
Osama Sayegh
fced35de15
UX: Add title attribute to reports cells (#15137)
Some reports, like the Web Crawler User Agents report, have very long strings that need to be truncated when displayed. However, there is no way to see the full value without exporting the report or inspecting the elements using dev tools. This PR set a `title` attribute with the full value to the reports `<td>` elements so that the full value is shown on hover.
2021-11-30 14:58:42 +03:00
Joffrey JAFFEUX
77a1d8675c
FIX: adds 422 status code to bootstrap json (#15138)
A post error validation would return a 422 status code. This status code was not accepted with the recent changes to bootstrap-json/index.js and would return a "Discourse Build Error" string, preventing any kind of bootbox popup error in the composer.
2021-11-30 11:54:38 +01:00
Osama Sayegh
7bd3986b21
FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131)
We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down.

When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively.

This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. 

The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed:

1) each value added to setting must 3 characters or longer
2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 12:55:25 +03:00
Jeff Wong
9896fc7d33
FIX: allow staff to upload when they should and authorized_extensions is blank (#15136)
Allow staff to upload when authorized_extensions is blank, but
authorized_extensions_for_staff is not
2021-11-29 21:40:54 -08:00
David Taylor
af4b8d0e21
DEV: Automatically leave PresenceChannels when in the background (#15047)
* DEV: Improve PresenceChannel state storage

Replaces some objects with Maps, and removes the redundant _presentChannels Set.

* DEV: Automatically leave PresenceChannels when in the background

If a tab has been in the background for 10s, or there has been no user activity for 60s, then the user will be removed from all PresenceChannels until activity resumes. Developers can opt-out of this by passing `{onlyWhileActive: false}` to the `enter` method.
2021-11-30 15:38:19 +11:00
Jarek Radosz
6662101208
DEV: Fix a test leak (#15135)
The leak was introduced in #11722 and a test was added that relied on it in #14563

This PR fixes the leak (bookmarks-test), fixes the test that relied on it (fast-edit-test), and repleces some ad-hoc code with cloneJSON helper (other files)
2021-11-30 13:45:26 +11:00
Martin Brennan
7e5f52a163
DEV: Use pushObject for inProgressUploads in uppy (#15134)
The inProgressUploads is meant to be used to display these uploads
in a UI, and Ember will only update the array in the UI if pushObject
is used to notify it.
2021-11-30 10:42:45 +10:00