Commit Graph

35124 Commits

Author SHA1 Message Date
Sam Saffron
7d389df5e7 DEV: correct spec to allow for new default
b4bfc27b changes the default so the spec should be changed as well.
2019-11-18 16:05:58 +11:00
Sam Saffron
b4bfc27b19 FEATURE: introduce default application level rate limiting by IP
We have tested rate limiting with admin accounts with block rate limiting for
close to 12 months now on meta.discourse.org.

This has resulted in no degradation of services even to admin accounts that
request a lot of info from the site.

The default of 200 requests a minute and 50 per 10 seconds is very generous.
It simply protects against very aggressive clients.

This setting can be disabled or tweaked using:

DISCOURSE_MAX_REQS_PER_IP_MODE and family.

The only big downside here is in cases when a very large number of users tend
to all come from a single IP.

This can be the case on sites accessing Discourse from an internal network
all sharing the same IP via NAT. Or a misconfigured Discourse that is unable
to resolve IP addresses of users due to proxy mis-configuration.
2019-11-18 15:54:50 +11:00
Sam Saffron
e2ccb0c608 DEV: remove NGINX performance report
This report is no longer supported or tested, it was moved to:

https://github.com/SamSaffron/discourse-nginx-performance-report

The new home for the performance report means this is no longer an official
Discourse plugin
2019-11-18 15:30:57 +11:00
Martin Brennan
af091c49e9
FIX: Ensure revisions are made to store edit reasons and no reasons get wiped (#8363)
* Fix an issue where if an edit was made to a post with a reason provided, and then another edit was made with no reason, the original edit reason got wiped out
* We now always make a post revision (even with ninja edits) if an edit reason has been provided and it is different from the current edit reason

Co-Authored-By: Sam <sam.saffron@gmail.com>
2019-11-18 13:08:54 +10:00
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Vinoth Kannan
56b19ba740 UX: instead of total user count display only the count of users going to be affected.
edec922803
2019-11-18 00:09:38 +05:30
Robin Ward
397852a9a6 FIX: Support for rake db:rollback with plugins
For this to work we need to overwrite `db:rollback` in our Rakefile like
we do for migrate, so that it removes the load_config dependency. This
allows our custom migration paths to work.
2019-11-15 16:38:46 -05:00
Blake Erickson
eb4d8a43e3 DEV: Improve mail-receiver update instructions 2019-11-15 13:57:43 -07:00
Penar Musaraj
99b4f79a90 FIX: Include 5 participants in topic summary 2019-11-15 15:11:09 -05:00
Roman Rizzi
4cf3c9cccb
FEATURE: Filter reviewables by date range (#8354) 2019-11-15 15:29:59 -03:00
Penar Musaraj
20f5a062f4 Fix Prettier in poll plugin 2019-11-15 11:01:22 -05:00
Penar Musaraj
6e74350f18 Fix Prettier again
Not sure how I missed a few files in the last commit
2019-11-15 10:52:06 -05:00
Penar Musaraj
cc8baa1a7c Fix Prettier using correct version (1.19.1) 2019-11-15 10:34:26 -05:00
Penar Musaraj
655e610357 Fix Prettier 2019-11-15 10:28:46 -05:00
Martin Brennan
abf215a0e4 Bump prettier to 1.19.1 and lock dependency (#8350) 2019-11-15 10:07:45 -05:00
Penar Musaraj
16cdf94001 DEV: Fix files targetted by Lefthook Prettier
The previous glob rule was skipping files in sub-subfolders, causing discrepancies between Travis and Jenkins results.
2019-11-15 09:21:51 -05:00
Daniel Waterworth
676a1c8749 FIX: Use this.content.category instead of this.category on navigation-item
this.category isn't always available.
2019-11-15 13:47:55 +00:00
Daniel Waterworth
337fdccfeb DEV: Make context available to ExtraNavItems
This context is available to other NavItems so this makes things more
consistent.
2019-11-15 13:46:49 +00:00
Martin Brennan
5c59247c3a Block enabling force 2FA if local logins disabled & vice-versa (#8355) 2019-11-15 17:05:10 +11:00
Sam Saffron
e7cf4579a8 DEV: improve usability of subfolder specs
Previously people were not consistent about mocking which left internals in
a fragile state when running subfolder specs.

This introduces a simple helper `set_subfolder` which you can use to set
the subfolder for the spec. It takes care of proper configuration of subfolder
and teardown.

```
# usage
set_subfolder "/my_amazing_subfolder"
```

You should no longer stub base_uri or global_settings
2019-11-15 16:48:24 +11:00
Jeff Wong
40d14ba166 Fix the actual failing test 2019-11-14 16:20:45 -08:00
Jeff Wong
25dd045ba5 Fix failing test 2019-11-14 16:11:42 -08:00
Jeff Wong
786fcceb62 Return full URLs in review serializer for both post and topic
Return full URLs, this fixes reviewable links to support subfolder
2019-11-14 15:58:21 -08:00
Blake Erickson
3b16eb7abb FIX: Confirm new email with backup codes enabled
This is a fix for this bug:

https://meta.discourse.org/t/-/133185?u=blake

where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.

Apparently this feature broke during this commit:

68d35b14f4

when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
2019-11-14 16:27:42 -07:00
romanrizzi
ff355ad204 FIX: Don't show bots as post readers 2019-11-14 17:53:52 -03:00
romanrizzi
f87d38fc7c Use correct variable name 2019-11-14 17:46:20 -03:00
Penar Musaraj
067696df8f DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
Penar Musaraj
be15abcf7f DEV: Add RedundantReturn style check to Rubocop 2019-11-14 14:42:36 -05:00
Penar Musaraj
6c16d5762c No need for return in last statement of method 2019-11-14 14:32:22 -05:00
Penar Musaraj
59ee89f0b7
UX: Adds +n indicator in PM topic list (#8353)
Shows the number of additional PM recipients in list when there are more than 5.
2019-11-14 14:14:23 -05:00
Robin Ward
d4b7c028fa REFACTOR: Move upload utilities to their own file 2019-11-14 12:51:08 -05:00
Gerhard Schlager
c83ae9a79f DEV: Add option to login at beginning of smoke tests
This is useful for testing sites which do not have any public topics.
2019-11-14 18:28:15 +01:00
Penar Musaraj
f175afa0d9 FIX: Revert mobile jump to last post behaviour
Disables jumping to bottom of the page (added in 87f0b56) for mobile devices.

Fixes a regression with the mobile jump tool, and avoids users having to scroll up lots on mobile, since suggested topics and site footers can be lengthy.
2019-11-14 11:15:11 -05:00
Blake Erickson
73e33ce243 DEV: send url string to FileHelper and refactor another open-uri call
FileHelper.download requires a string not a URI. I also found another
instance of using open-uri directly and swapped it out to use
FileHelper.

I also updated it to not `read` a file if it comes back nil.

Follow up to: fe01099a38
2019-11-14 08:25:30 -07:00
Gerhard Schlager
f72730703a Update translations 2019-11-14 15:41:42 +01:00
David Taylor
f2da630c19 FIX: SVG Sprite version hash should be based on bundle result
This version hash is used for the filename, and so browsers/CDNs cache based on it. Previously the version hash was based only on the list of requested icons. This can cause issues in a couple of situations, most commonly when developing themes with custom icons:

- A requested icon does not exist, and then later is added to the theme. The bundle output changes, but the hash did not
- The SVG content of an icon changes, but the name of the icon does not. The bundle output changes, but the hash did not
2019-11-14 13:20:16 +00:00
Blake Erickson
fe01099a38 DEV: Be sure to read the file into string before base64
Follow up to: 08b4753843

If you don't use `read` base64 will error out with: "no implicit
conversion of Tempfile into String"
2019-11-14 05:55:36 -07:00
Blake Erickson
08b4753843 DEV: Use FileHelper instead for downloading narrative bot avatar
Follow up to

b69450bee2

Using FileHelper here allows us to not have to use another require for
open-uri and gives us all the benefits of FileHelper.
2019-11-14 05:23:51 -07:00
Daniel Waterworth
0bb6b64747 DEV: Run prettier 2019-11-14 11:01:22 +00:00
Daniel Waterworth
7b63c92f47 DEV: Remove path building indirection
Tags are now handled just like other context information.
2019-11-14 10:47:14 +00:00
Daniel Waterworth
126b9bd16d FIX: Tag topic lists should pass on noSubcategories when building the top menu 2019-11-14 10:40:14 +00:00
Daniel Waterworth
a1cf0b88a8 DEV: Make NavItem.fromText take a filterType instead of a URL
This is step one of removing filterMode URLs entirely.
2019-11-14 09:43:15 +00:00
Krzysztof Kotlarek
f434de2536
FIX: Tracking Topic State know about category_seen_at (#8351)
If category got last_seen_at is set TrackingTopicState should know about it and exclude those topics from marking them as new
2019-11-14 16:11:34 +11:00
Blake Erickson
b69450bee2 FIX: need to require open-uri for discourse-narrative-bot plugin
By requiring open-uri this will fix the following error:

```
NoMethodError (private method `open' called for #<URI::Generic...
```

also switched to the shorter syntax and removed default options. Since
ruby 2.4 redirect is on by default.
2019-11-13 18:11:50 -07:00
Sam Saffron
03efbad932 DEV: lint files 2019-11-14 11:52:29 +11:00
Martin Brennan
e7226a8c84
FEATURE: Allow scoping search to tag (#8345)
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
2019-11-14 10:40:26 +10:00
Krzysztof Kotlarek
6e1fe22a9d
FEATURE: Dismiss new per category (#8330)
Ability to dismiss new topics per category.
2019-11-14 11:16:13 +11:00
David Taylor
d095c2cee7 FIX: Allow importing themes with subdirectories in extra_js
The folder/file detection was broken by 9fea43e46a. This commit fixes and adds relevant specs
2019-11-13 23:45:09 +00:00
romanrizzi
0ba0aa00e7 DEV: Use a bigger suite for warming up the tmp folder 2019-11-13 18:34:10 -03:00
Roman Rizzi
c63e84dc62
FEATURE: Send a message to new TL2 users and point them to the advanced tutorial (#8335)
* FEATURE: Send a message to new TL2 users and point them to the advanced tutorial

* DEV: Use a method to find the discobot user
2019-11-13 18:31:49 -03:00