Commit Graph

36641 Commits

Author SHA1 Message Date
Jeff Wong
a1f9b1a7fc
FIX: correctly remove authentication_data cookie on oauth login flow (#9238)
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:
* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-19 09:00:46 -07:00
Vinoth Kannan
aad12822b7
FEATURE: automatically delete replies on a topic after N days. (#9209) 2020-03-19 21:06:31 +05:30
Martin Brennan
0cd502a558
FIX: N1 issues for bookmark list (#9236)
* Preload custom fields for BookmarkQuery and add preload callback. Copy TopicQuery preload methodology to allow plugins to preload data for the BookmarkQuery. This fixes assigned plugin custom fields N1
* Include topic tags in initial query to avoid tags N1

Related: discourse/discourse-assign#63
2020-03-19 15:48:23 +10:00
Martin Brennan
8769ca08bb SECURITY: Prevent access to other user's bookmark lists 2020-03-19 10:59:32 +10:00
Rafael dos Santos Silva
8ae472bc41 FEATURE: Google Calendar doesn't support URL in iCalendar, add fallback description 2020-03-18 17:51:16 -03:00
Rafael dos Santos Silva
d6838608ff FEATURE: iCalendar feed for Bookmark reminders 2020-03-18 17:51:16 -03:00
Blake Erickson
1c7680c568 FIX: Use id instead of elementId in hbs file
I think this issue is caused by a current regression in ember

https://github.com/emberjs/ember.js/issues/18147

but using `id` works just fine in templates. This also appears to be the
only template file we are using `elementId` directly in the template.
2020-03-18 13:44:35 -06:00
Dan Ungureanu
1393950dbc
FIX: Improve HTML to Markdown conversion (#9231)
This commit ensures that whitespaces are preserved in <pre>, but removed
inside text paragraphs.
2020-03-18 19:31:10 +02:00
Bianca Nenciu
778454e26b
FIX: Condense line codes in emails (#9225) 2020-03-18 16:21:24 +02:00
Martin Brennan
9b4b690bba FIX: Prevent mobile bookmark modal cutoff 2020-03-18 15:54:50 +10:00
Kane York
8e98f39d9f Add spec for CSP subfolder 2020-03-17 19:09:06 -07:00
Kane York
ccc9b64a99 FIX: theme-javascripts using incorrect subfolder setting 2020-03-17 19:09:06 -07:00
Martin Brennan
e2ce12d414
FIX: Broken computing of userHasTimezone in bookmark modal and missing tap-tile templates for regular users (#9229)
Based on reports here https://meta.discourse.org/t/improved-bookmarks-with-reminders/144542

* Because the `userHasTimezone` property was computed and we were checking on an (essentially) global object, ember was not aware that the user timezone had changed because it changed in a different place. instead set the timezone as internal state for the modal on show and base the computed property off of that so it mutates correctly
* The tap-tile components were in the admin folder completely unnecessarily, move them out into the main discourse folder otherwise noone else can use the new bookmarks (icon + text is missing)
2020-03-18 11:12:23 +10:00
Vinoth Kannan
45ce9876cc Fix the build. Remove the branch value if available.
48d690ae01
2020-03-18 04:13:00 +05:30
Vinoth Kannan
48d690ae01 FIX: Remote themes Github link should go to custom branch #9184 2020-03-18 03:57:54 +05:30
dependabot-preview[bot]
0b2e6f4301
Build(deps): Bump aws-partitions from 1.283.0 to 1.284.0 (#9227)
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.283.0 to 1.284.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-17 17:22:50 -04:00
Justin DiRose
9101227266
FEATURE: Demote muted categories on category list (#9226) 2020-03-17 15:33:15 -05:00
dependabot-preview[bot]
9d8eabd32f
Build(deps): Bump aws-partitions from 1.281.0 to 1.283.0 (#9217)
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.281.0 to 1.283.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-17 15:30:12 -04:00
dependabot-preview[bot]
125c9966f1
Build(deps): Bump rspec-expectations from 3.9.0 to 3.9.1 (#9211)
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/rspec/rspec-expectations/releases)
- [Changelog](https://github.com/rspec/rspec-expectations/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-expectations/compare/v3.9.0...v3.9.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-17 15:17:29 -04:00
David Taylor
92e9fa70c7
DEV: Add class to backup restore buttons, for easier targeting 2020-03-17 18:46:17 +00:00
Jeff Wong
8e6be1c353 FIX: consistency to show mute/ignore menu in user profile
Show the mute/ignore menu for another user even when the current user
cannot message them.
2020-03-17 11:22:34 -07:00
Blake Erickson
919e405c48
FIX: Don't display webhooks for inactive plugins (#9206)
* FIX: Don't display webhooks for inactive plugins

This commit ensures that we don't show webhooks for plugins that are not
installed or that are disabled.

Bug report:

https://meta.discourse.org/t/webhookeventtype-and-the-solved-and-assign-plugins/144180

* rename to just 'active', it's cleaner
2020-03-17 10:39:24 -06:00
Jarek Radosz
e950471c0f
DEV: Replace User.unstage and User#unstage API with User#unstage! (#8906)
* DEV: Replace User.unstage and User#unstage API with User#unstage!

Quoting @SamSaffron:

> User.unstage mixes concerns of both unstaging users and updating params which is fragile/surprising.
> u.unstage destroys notifications and raises a user_unstaged event prior to the user becoming unstaged and the user object being saved.

User#unstage! no longer updates user attributes and saves the object before triggering the `user_unstaged` event.

* Update one more spec

* Assign attributes after unstaging
2020-03-17 16:48:24 +01:00
Bianca Nenciu
43b38dbbc2
FIX: Dismiss notifications on middle click (#9098) 2020-03-17 17:48:12 +02:00
dependabot-preview[bot]
1b2019e7eb
Build(deps): Bump rack-mini-profiler from 1.1.6 to 2.0.1 (#9222)
* Build(deps): Bump rack-mini-profiler from 1.1.6 to 2.0.1

Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler) from 1.1.6 to 2.0.1.
- [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases)
- [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MiniProfiler/rack-mini-profiler/compare/v1.1.6...v2.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Enable rails patches

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2020-03-17 14:09:45 +03:00
David Taylor
e72c0544b0
UX: Refresh group membership list when removing users or changing owners 2020-03-17 11:06:17 +00:00
dependabot-preview[bot]
12c29ae955 Build(deps): Bump rbtrace from 0.4.11 to 0.4.12
Bumps [rbtrace](https://github.com/tmm1/rbtrace) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/tmm1/rbtrace/releases)
- [Commits](https://github.com/tmm1/rbtrace/compare/v0.4.11...v0.4.12)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-17 10:15:36 +00:00
Martin Brennan
949bb74add FIX: Add basePath to link for "no timezone" in bookmark modal 2020-03-17 16:53:12 +10:00
Martin Brennan
16799da580
FIX: Improve bookmark modal on mobile and bookmark sync rake task (#9221)
* Improve the bookmark mobile on modal so it doesn't go all the way to the edge and the custom datetime input is easier to use
* Improve the rake task for syncing so it does not error for topics that no longer exist and batches 2000 inserts at a time, clearing the array each time
2020-03-17 15:15:22 +10:00
Rafael dos Santos Silva
e50abe1317
FIX: sync-alt is used on composer draft indicator 2020-03-16 15:32:38 -03:00
Blake Erickson
269ec70ba8 DEV: Only show deprecation message for non-whitelisted requests
As another step toward fully dreprecating query parameter authentication
in API requests this change prevents an admin dashboard message from
showing up if using a whitelisted route like rss feeds or the
mail-receiver route.
2020-03-16 12:05:24 -06:00
David Taylor
610261f48e
DEV: Bump omniauth from 1.9.0 to 1.9.1 2020-03-16 13:12:10 +00:00
Roman Rizzi
4663304775
FEATURE: Show rejected posts count in user summary (#9204) 2020-03-16 09:52:08 -03:00
Roman Rizzi
c02273eb8b
FIX: Use delete_all_posts_max to improve consistency when using the delete button from the admin view (#9194) 2020-03-16 09:51:28 -03:00
David Taylor
ce50695bff
DEV: Bump OAuth2 from 1.4.2 to 1.4.4 2020-03-16 12:42:23 +00:00
David Taylor
fb8b0ca197
DEV: Remove unused middleware (#9203)
This has not been used since January 2014, per 166a8d29
2020-03-16 12:37:43 +00:00
Bianca Nenciu
5e4cf244a5
FIX: Show time input in poll builder (#9128) 2020-03-16 13:25:45 +01:00
dependabot-preview[bot]
453c3b6157
Build(deps): Bump zeitwerk from 2.2.2 to 2.3.0 (#9102)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.2.2...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-03-16 13:19:05 +01:00
dependabot-preview[bot]
aad43a6223
Build(deps-dev): Bump parallel_tests from 2.31.0 to 2.32.0 (#9210)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.31.0 to 2.32.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.31.0...v2.32.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-16 13:18:07 +01:00
dependabot-preview[bot]
81ba516741
Build(deps): Bump rubyzip from 2.2.0 to 2.3.0 (#9208)
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-03-16 13:17:41 +01:00
Faizaan Gagan
ef40b46611
DEV: fix "addNavigationBarItem" documentation (#9207)
* the filter should return the boolean result
* custom href should return the relative url value
2020-03-16 13:12:04 +01:00
Rishabh
0c71f7bbd1 UX: Improve suspect user copy on /review 2020-03-16 16:08:58 +05:30
Arpit Jalan
f861345888 FIX: check for existence of post before creating notification 2020-03-16 14:11:36 +05:30
Martin Brennan
4cce564b35
FIX: Bookmark reminders and improvements changes (#9213)
* Cosmetic fixes for the bookmark modal
* Do not show "later today" when the later time will be > 5pm
* When a custom reminder time is selected, store it in localStorage. The next time the modal is opened, if the last datetime is > now, then a new tile with "Last" will be shown that lets the user reselect that same time.
* Also add an explicit "No Reminder" option that is selected by default
2020-03-16 16:05:44 +10:00
Martin Brennan
a6e9057609
FIX: Ensure show_short URLs handle secure uploads using multisite (#9212)
Meta report: https://meta.discourse.org/t/short-url-secure-uploads-s3/144224
* if the show_short route is hit for an upload that is
  secure, we redirect to the secure presigned URL. however
  this was not taking into account multisite so the db name
  was left off the path which broke the presigned URL
* we now use the correct url_for method if we know the
  upload (like in the show_short case) which takes into
  account multisite
2020-03-16 11:54:14 +10:00
Daniel Waterworth
d4595fbf29 FIX: Fix html response in development after ApplicationController reload
In development, if the ApplicationController is reloaded, then, previous
to this commit we were emitting an instance of the previous RenderEmpty
class, but rescuing from the reloaded instance.

Looking up RenderEmpty by its fully qualified name fixes this.
2020-03-15 21:00:42 +00:00
Penar Musaraj
39a7b93c4a UX: Remove "Live Notifications" user profile section on iOS 2020-03-15 11:09:57 -04:00
Daniel Waterworth
15ae3145ec FIX: Plugins may have relative symlinks 2020-03-15 11:26:25 +00:00
Sam Saffron
a1d660d951
FEATURE: optional global invite_code for account registration
On some sites when bootstrapping communities it is helpful to bootstrap
with a "light weight" invite code.

Use the site setting `invite_code` to set a global invite code.

In this case the administrator can share the code with
a community which is very easy to remember and then anyone who has
that code can easily register accounts.

People without the invite code are not allowed account registration.

Global invite codes are less secure than indevidual codes, in that they
tend to leak in the community however in some cases when starting a brand
new community the security guarantees of invites are not needed.
2020-03-15 21:17:28 +11:00
Sam Saffron
a14313e9d0
FIX: RANDOM_PASSWORD not working rake admin:create
We regressed behavior of this env var which enable admin account
creation with a random password
2020-03-15 17:24:11 +11:00