Commit Graph

34272 Commits

Author SHA1 Message Date
Rishabh
f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Régis Hanol
53667a01c2 FIX: ensure extra locales are only available to staff 2019-08-20 12:38:46 +02:00
Régis Hanol
d18c9b2d4d FIX: ensure offset is always positive 2019-08-20 12:03:16 +02:00
Régis Hanol
727430aacf SECURITY: bump nokogiri
We're not using the vulnerable method but there's no harm in upgrading.
2019-08-20 10:58:18 +02:00
Sam Saffron
8db38de9d7 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:29:11 +10:00
Rafael dos Santos Silva
0a5b332b8c
FEATURE: Incorporate PWA install prompt into Discourse UI (#8013)
* FEATURE: Incorporate PWA install prompt into Discourse UI

This is mainly done so Discourse forums stop nagging people to install
on the very first visits to a website.

We will prevent the native install "mini-info" bar from ever appearing,
capture the event that pops with it, and delay it until the user meets
our criteria, which currently is trust_level 1.

If the event happens and the user meets our criteria we show a Discourse
alert banner proposing the install to the user. Dismissal of the banner
is recorded so the user ins't bothered anymore on the same device.


Co-Authored-By: Gerhard Schlager <mail@gerhard-schlager.at>
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-08-19 14:09:21 -03:00
Joffrey JAFFEUX
6f70138f4a
DEV: injects router in customHref/customFilter of addNavigationBarItem (#8018) 2019-08-19 18:33:12 +02:00
Arpit Jalan
f27564a0a0 Bump onebox version.
- normalize and decode html entities for image URL
2019-08-19 19:01:23 +05:30
Joffrey JAFFEUX
08e7211d7d
DEV: attempts to fix an heisentest in date-time-input-range (#8017) 2019-08-19 12:39:30 +02:00
Dan Ungureanu
0b1146add4
UX: Hide "Create Tag" option if user cannot create tag. (#7723) 2019-08-19 11:40:56 +03:00
Joffrey JAFFEUX
1a731dcff1
FIX: prevents mobile nav to create an error when unregistering click events (#8016)
This what happening when clickin on "All groups", as it was trying to get element of a destroying component.
2019-08-19 09:33:54 +02:00
Sam Saffron
47638ffea4 Merge branch 'master' of github.com:discourse/discourse 2019-08-19 17:21:17 +10:00
Sam Saffron
accbbded15 PERF: avoid N+1 on topic view
Serializer is injecting information into cooked and reaching direct to
custom fields that were not preloaded

This amends it so basic post serializer can use the proper interface

That said we should probably follow this up so we don't reach for this
info on every post.
2019-08-19 17:20:56 +10:00
Arpit Jalan
24f94c40a6 SECURITY: don't reveal category details to users that do not have access 2019-08-19 12:38:28 +05:30
Joffrey JAFFEUX
897cdfb596 FIX: uses simpler pattern for custom href on extra nav items (#8015)
THe main advantage of this solution is that it will be called on each rerendered whereas the other is not once href has been set.

Example API:
```
      api.addNavigationBarItem({
        name: "foo",
        displayName: "Foo",
        customHref: function(category, args) {
          const router = api.container.lookup("service:router");
          const queryParams = { bar: "1" };
          return router.urlFor(router.currentRouteName, category, {
            queryParams
          });
        }
      });
```
2019-08-19 16:27:16 +10:00
Sam Saffron
10b36c6446 FIX: rack-mini-profiler not showing plugin frames
Previously the default stack suppressor in rack-mini-profiler was excluding
the plugin directory.

This made islolating issues more complicated cause you needed to defer to
pp=full-backtrace which is both slow and noisy
2019-08-19 15:47:53 +10:00
Blake Erickson
2fd654a4ae Ran prettier to fix build
Not sure why lefthook didn't pick this up before on my previous commit,
but manually running prettier found this.

Followup to: 893d30fb92
2019-08-16 13:03:01 -06:00
Blake Erickson
893d30fb92 REVERT: External auth when redeeming invites
Reverting this commit:

87a0a6664e

because I'm extracting all of this logic into a plugin instead.
2019-08-16 12:44:14 -06:00
Dan Ungureanu
ab7038bfc2
DEV: User simulator tried to modify frozen string. 2019-08-16 17:32:17 +03:00
Dan Ungureanu
df6630f868
FIX: J/K navigation resets current selection when scrolling fast.
Sometimes, when keeping J or K pressed and scrolling fast, the current
selection would go out of the viewport for a few moments and the
algorithm would try selecting the "best" element that is in viewport.

This bug is reproducible only on certain machines. For example, Linux
machines seem to be passing key events faster to the browser.
2019-08-16 17:28:25 +03:00
Joffrey JAFFEUX
936d4ce17a
FEATURE: favorites emojis will also show in composer autocomplete (#8011) 2019-08-16 11:47:03 +02:00
Sam Saffron
9a9e31f927 FIX: properly set notification levels on group invite
Previously we relied on side effects to set tracking state correctly
when inviting groups to messages

Also has a minor optimisation in that we use pluck instead of pulling in
full record
2019-08-16 18:23:51 +10:00
Sam Saffron
a590061aae FIX: when inviting groups to message respect tracking state
Previously we would unconditionally issue an "invited_to_pm" notification
to all non muting users.

New behavior

- Watching and Watching first post get notified
- Tracking get a new "summary" message
- The rest get nothing

This is consistent with topic creation and way clearer
2019-08-16 17:22:18 +10:00
Sam Saffron
096f932ef2 Lint files
Both needed some prettier tlc
2019-08-16 13:06:51 +10:00
tshenry
82e07cb0f4 UX: Consistent placement of category-title-before plugin outlet (#8010) 2019-08-16 09:04:50 +10:00
Robin Ward
b4878cde6f FEATURE: Add a webhook for user notifications
If enabled, this will fire a webhook whenever a user's notification has
been created. This could potentially be a lot of data depending on your
forum, and should be used carefully since it includes everything all users
will see in their feeds.
2019-08-15 14:47:25 -04:00
Blake Erickson
69498a58e9
FEATURE: Staff only poll results (#7984)
* FEATURE: Staff only poll results

These changes allow only staff to see the results of a poll.

Non-staff users will be shown a screen like this:

1b8bd76013.png

The "Votes are public" message has been removed from the info section,
and the button to show the votes has been replaced with a message
stating the results will only be shown to staff.

* Update PR based on feedback

* Update plugins/poll/app/models/poll.rb

make sure we return a boolean

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-08-15 12:27:18 -06:00
Joffrey JAFFEUX
00b91de5e8 DEV: allows customHref for extra nav items (#8012)
* DEV: allowes customHref for extra nav item

* linting

* uses value not key
2019-08-15 12:26:21 -06:00
Robin Ward
b8f21ea962 FIX: Explicitly require topic_query_params 2019-08-15 13:54:52 -04:00
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
David Taylor
fafc6bcde0 FIX: Clear banner topic cache after remapping 2019-08-15 11:24:20 +01:00
Joffrey JAFFEUX
0a6d1b687c FIX: ensures reports can't modify records (#8006) 2019-08-15 17:27:53 +10:00
OsamaSayegh
50368940f7 DEV: Bump Logster version to 2.3.1
Commits since last version bump: 5cdcb76...c5bcb8e
2019-08-15 07:21:34 +00:00
Sam Saffron
d05b724c4e FIX: correct race condition loading library
In some very rare cases CssParser could be loaded but CssParser::Parser not
this ensures we check for the actual constant we plan to call for concurrent
digest generations
2019-08-15 17:16:41 +10:00
Kris
f7c648e3af update color variable 2019-08-14 22:57:13 -04:00
Sam Saffron
e53a171916 FIX: hold s3 related distributed locks longer
These operations are pretty expensive and can take multiple minutes due to
networking.

Hold distributed mutex for much longer.
2019-08-15 11:48:44 +10:00
Roman Rizzi
79957706b1
FIX: Store custom attributes that are needed by plugins in queuedpost payload (#8009) 2019-08-14 15:02:59 -03:00
Joffrey JAFFEUX
a5542768ea
FIX: attempts to use params from addDiscoveryQueryParam (#8007)
This commit will for example allow this:

```
api.addDiscoveryQueryParam("my_param", { persist: true });
```

If you page is forum.foo.bar/?my_param=1, when clicking on an "unread" link for example this query string will be kept.
2019-08-14 19:56:02 +02:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
David Taylor
f4aa6096ab FIX: Convert omniauth authenticator names to symbols before comparing
This is necessary because some auth plugins define their name as a string
2019-08-14 12:57:11 +01:00
David Taylor
5755d3886f FIX: Do not raise exception if the authenticator email is missing
Followup to 296cdc53ee
2019-08-14 12:08:59 +01:00
David Taylor
92f2202e4a SECURITY: Restrict message-bus access on login_required sites 2019-08-14 09:43:12 +01:00
Gerhard Schlager
888b635cfc Import avatars and likes in the Zendesk AP importer
Co-authored-by: Justin DiRose <justin@justindirose.com>
2019-08-14 10:42:52 +02:00
Kyle Zhao
2fbafd077c DEV: Mount plugin symlinks to dev docker container (#8002)
When developing using docker, in order to support symlinks in the
`plugins/` directory, this reads the symlinks' values and mounts them to
the dev docker container.
2019-08-14 18:13:01 +10:00
Bianca Nenciu
ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
Blake Erickson
296cdc53ee FIX: Downcase email coming back from auth-provider 2019-08-13 10:53:50 -06:00
Régis Hanol
c628166bb4 FIX: replace model usage with SQL query
Follow-up to b500ef77
2019-08-13 18:32:24 +02:00
David Taylor
961213ba52 FIX: Correct ordering for post_edits report, and remove query limit 2019-08-13 16:53:16 +01:00
David Taylor
572e928cba FIX: Correct query for post_edits dashboard report
- Use query builder to improve readability
- Remove subquery, so that all `where` filters happen alongside the limit
- Add 'edited at' column to the report
2019-08-13 16:11:17 +01:00
Jarek Radosz
6a65e5312b FEATURE: Add a preview to the poll builder (#7988)
* FEATURE: Add a preview to the poll builder

* Use selectKit helper in the poll preview test

* Extract the mobile-specific poll builder form CSS
2019-08-13 09:49:40 -04:00