IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 10:20:58 -06:00
Code Issues Packages Projects Releases Wiki Activity
d04ba4b3b2
discourse/lib
History
Blake Erickson d04ba4b3b2
DEPRECATION: Remove support for api creds in query params (#9106) 
* DEPRECATION: Remove support for api creds in query params

This commit removes support for api credentials in query params except
for a few whitelisted routes like rss/json feeds and the handle_mail
route.

Several tests were written to valid these changes, but the bulk of the
spec changes are just switching them over to use header based auth so
that they will pass without changing what they were actually testing.

Original commit that notified admins this change was coming was created
over 3 months ago: 2db2003187

* fix tests

* Also allow iCalendar feeds

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2020-04-06 16:55:44 -06:00
..
active_record/connection_adapters FIX: Race-condition in fallback handlers (#8005) 2019-08-21 15:47:44 +02:00
auth DEPRECATION: Remove support for api creds in query params (#9106) 2020-04-06 16:55:44 -06:00
autospec DEV: adjust rake autospec to work with renamed es6 files 2020-03-31 14:40:58 +11:00
backup_restore PERF: Backup with lots of uploads stored on S3 was slow 2020-04-03 18:13:34 +02:00
common_passwords DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
compression FIX: Decompressing lots of small files triggered error 2020-01-09 15:11:31 +01:00
content_security_policy DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
demon PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
email FIX: Use correct spacing in emails with code (#9274) 2020-03-26 14:24:07 +02:00
emoji DEV: supports unicorn emoji 13.0beta (#8402) 2019-11-25 10:23:18 +01:00
file_store FIX: The migrate_to_s3 rake task couldn't find the AWS SDK 2020-03-26 16:41:10 +01:00
freedom_patches REFACTOR: Move the multisite middleware to the front 2020-04-02 16:44:44 +01:00
generators FIX plugin generator: mobile, desktop stylesheets registering (#9039) 2020-02-25 11:43:17 +01:00
guardian FEATURE: Allow admins to disable self-service account deletion 2020-04-01 15:16:07 -07:00
highlight_js DEV: already defined constant 'HIGHLIGHTJS_DIR' 2019-01-21 10:12:23 +01:00
i18n DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
import DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export FIX: Import sub-sub-categories (#8810) 2020-01-30 18:46:33 +02:00
javascripts Rename the server side widget hbs compiler 2020-03-27 12:06:14 -04:00
middleware REFACTOR: Move the multisite middleware to the front 2020-04-02 16:44:44 +01:00
migration REFACTOR: Restoring of backups and migration of uploads to S3 2020-01-14 11:41:35 +01:00
onebox DEV: hbs extensions are misleading in this case (#9170) 2020-03-11 14:42:14 +01:00
plugin FEATURE: allows multiple custom emoji groups (#9308) 2020-03-30 20:16:10 +02:00
pretty_text FIX: Use full URL for secure attachments when secure media enabled (#9037) 2020-03-04 10:11:08 +11:00
rate_limiter DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable Improve spam_hosts copy (#8203) 2019-10-18 09:31:15 -07:00
scheduler FEATURE: log long running jobs in the defer queue 2018-10-12 17:03:47 +11:00
search FIX: skip invalid URLs when checking for audio/video in search blurbs 2019-11-06 10:32:15 -05:00
seed_data FIX: Consistently handle category param 2019-05-27 16:39:56 +08:00
sidekiq DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_settings UX: adds support for a color setting type (#9016) 2020-03-09 10:07:03 +01:00
stylesheet FIX: Plugins may have relative symlinks 2020-03-15 11:26:25 +00:00
svg_sprite DEV: adds a loading property to d-button (#9072) 2020-03-30 23:17:00 +02:00
tasks DEV: use REPORT_REQUESTS=1 to find all requests 2020-04-02 16:01:49 +11:00
theme_store FIX: don't break the private key when writing it out during theme import 2020-03-10 13:20:11 -04:00
turbo_tests FIX: Migration paths were being forgotten 2019-12-16 14:13:47 -05:00
validators FEATURE: add setting auto_approve_email_domains to auto approve users (#9323) 2020-03-31 23:59:15 +05:30
webauthn SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
wizard FIX: Default to light theme in wizard so that previews are displayed 2020-04-02 18:37:45 +01:00
admin_confirmation.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
admin_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
admin_user_index_query.rb FEATURE: Approve suspect users is now true by default. The suspect users list was removed (#9151) 2020-03-10 08:56:42 -03:00
age_words.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
archetype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
auth.rb DEV: Drop legacy OpenID 2.0 support (#8894) 2020-02-07 17:32:35 +00:00
avatar_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
backup_restore.rb FIX: Restore failed if schema contained objects not owned by the current DB user 2020-04-01 18:04:43 +02:00
badge_posts_view_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
badge_queries.rb FIX: ensure wiki editor is assigned consistently 2020-03-27 12:41:06 +11:00
base62.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmark_manager.rb SECURITY: Respect topic permissions when loading bookmark metadata 2020-03-23 11:30:48 +00:00
bookmark_query.rb FEATURE: Add lazy loading to user bookmarks list (#9317) 2020-04-01 14:09:07 +10:00
bookmark_reminder_notification_handler.rb Make sure reminder not sent for deleted post bookmark 2020-03-12 16:10:56 +10:00
browser_detection.rb FIX: Detect DiscourseHub user agent. 2019-08-09 11:58:15 +03:00
cache.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
canonical_url.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_badge.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
comment_migration.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_finder.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
configurable_urls.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_buffer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_security_policy.rb FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
cooked_post_processor.rb FIX: get_size_from_image_sizes should return [width, height] or nil (#9298) 2020-03-28 20:20:51 +02:00
crawler_detection.rb FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
csrf_token_verifier.rb DEV: Provide method for auth plugins to generate a CSRF token 2019-08-13 01:13:08 +01:00
current_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_renderer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_setting_providers.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
db_helper.rb FEATURE: allows multiple custom emoji groups (#9308) 2020-03-30 20:16:10 +02:00
directory_helper.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_cookie_store.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_diff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
discourse_event.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_hub.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_ip_info.rb FIX: MaxMind DB file not downloading correctly 2020-01-05 22:08:13 +11:00
discourse_js_processor.rb Rename the server side widget hbs compiler 2020-03-27 12:06:14 -04:00
discourse_logstash_logger.rb FIX: Use 'hostname' when Discourse.os_hostname is not available 2020-02-18 13:37:39 +02:00
discourse_plugin_registry.rb Support for transpiling .js files (#9160) 2020-03-11 09:43:55 -04:00
discourse_plugin.rb DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
discourse_redis.rb Revert "FIX: Redis fallback handler refactoring (#8771)" (#8776) 2020-01-24 09:20:17 +11:00
discourse_tagging.rb FIX: tag topic counts wrong after adding synonyms 2020-02-14 12:15:29 -05:00
discourse_updates.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse.rb DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
disk_space.rb FIX: correct upload statistics report for external storage 2020-02-20 15:15:53 +11:00
distributed_cache.rb REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
distributed_memoizer.rb DEV: Replace Time.new with Time.now (#9142) 2020-03-09 17:37:49 +01:00
distributed_mutex.rb FIX: Off-by-one error setting the distributed mutex key to expire 2020-02-03 14:54:50 +00:00
edit_rate_limiter.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_backup_token.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
email_cook.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_updater.rb FIX: When admin changes staff email still enforce old email confirm (#9007) 2020-02-20 13:42:57 +10:00
email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
encodings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum_site_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
excerpt_parser.rb FIX: Spoiler logic should live inside of spoiler plugin 2020-02-06 07:46:46 -07:00
feed_element_installer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
feed_item_accessor.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
file_helper.rb FIX: Consider webp a supported image format for upload (#9015) 2020-02-21 13:08:01 +10:00
filter_best_posts.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
final_destination.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
flag_query.rb DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
flag_settings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
gaps.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
global_path.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
guardian.rb FIX: guardian always got user but sometimes it is anonymous (#9342) 2020-04-06 09:56:47 +10:00
has_errors.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
headless-ember.js JSHint headless-ember 2014-03-11 03:18:57 -04:00
hijack.rb Take 2 of 0f5161af19. 2019-04-29 16:41:35 +08:00
homepage_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
html_prettify.rb Revert "FEATURE: Use configured quotation marks in fancy topic title" 2019-07-18 11:55:49 +02:00
html_to_markdown.rb FIX: Improve HTML to Markdown conversion (#9231) 2020-03-18 19:31:10 +02:00
image_sizer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export.rb DEV: clean up dependencies in spec 2019-10-02 14:50:54 +10:00
inline_oneboxer.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
introduction_updater.rb FIX: replace default welcome topic post with new value from wizard 2020-04-01 15:42:45 -04:00
ip_addr.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
js_locale_helper.rb FEATURE: Load translation overrides without JS eval 2019-11-05 19:16:38 +01:00
json_error.rb FIX: Fix build. 2019-05-22 17:39:44 +03:00
letter_avatar.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
markdown_linker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mem_info.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
message_bus_diags.rb PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
method_profiler.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mini_sql_multisite_connection.rb DEV: remove deprecated syntax 2019-11-11 09:36:40 +11:00
mobile_detection.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
new_post_manager.rb enqueue spam/dmarc failing emails instead of hiding (#8674) 2020-01-21 11:12:00 -05:00
new_post_result.rb Support for custom messages and redirects when creating posts (#8434) 2019-11-29 09:30:54 -05:00
notification_levels.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
oneboxer.rb DEV: hbs extensions are misleading in this case (#9170) 2020-03-11 14:42:14 +01:00
onpdiff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
pbkdf2.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
permalink_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
pinned_check.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plain_text_to_markdown.rb FIX: use URI.regexp to find URLs in plain text 2019-06-07 01:26:06 +02:00
plugin_gem.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_initialization_guard.rb DEV: Add a plugin incompatibility message (#8151) 2019-10-06 20:47:33 +02:00
post_action_creator.rb REFACTOR: separate post_can_act logic in post action creator (#9103) 2020-03-03 14:56:37 -10:00
post_action_destroyer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_result.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_creator.rb FIX: Change secure media to encompass attachments as well (#9271) 2020-03-26 07:16:02 +10:00
post_destroyer.rb FIX: Various fixes to support posts with no user (#8877) 2020-03-11 14:03:20 +02:00
post_jobs_enqueuer.rb FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025) 2019-08-27 09:09:00 -03:00
post_locker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_merger.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_revisor.rb FIX: Various fixes to support posts with no user (#8877) 2020-03-11 14:03:20 +02:00
pretty_text.rb Migrate pretty-text to .js extensions (#9243) 2020-03-20 09:55:42 -04:00
primary_group_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
promotion.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
quote_comparer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
rake_helpers.rb Try fix upload_spec flakys and remove logging from tasks/uploads_spec 2020-02-18 15:08:58 +10:00
rate_limiter.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
read_only_header.rb DEV: rename ReadOnly module to ReadOnlyHeader 2019-05-06 16:07:49 +02:00
retrieve_title.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
route_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
rtl.rb Check site default locale if Rtl class is initialized without a user (#8417) 2019-11-26 15:01:37 -05:00
s3_helper.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
s3_inventory.rb FIX: Use updated_at in the S3 inventory job (#8823) 2020-01-31 11:02:44 +01:00
score_calculator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
screening_model.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
search.rb FIX: add support for sub-sub category slugs in search 2020-03-20 15:36:50 +11:00
secure_session.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
single_sign_on_provider.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
single_sign_on.rb FEATURE: Add logout functionality to SSO Provider protocol (#8816) 2020-02-03 12:53:14 -05:00
site_icon_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_setting_extension.rb DEV: use Discourse.cache over Rails.cache 2019-11-27 12:36:19 +11:00
slug.rb FIX: If a prettified slug is a number, return defaultt (#8554) 2019-12-17 10:34:20 +10:00
socket_server.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
spam_handler.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
sql_builder.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
staff_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
staff_message_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
suggested_topics_builder.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
system_message.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
text_cleaner.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
text_sentinel.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_javascript_compiler.rb Support for transpiling .js files (#9160) 2020-03-11 09:43:55 -04:00
theme_modifier_helper.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_settings_manager.rb FEATURE: Load theme setting descriptions from theme locale files 2019-05-31 14:49:59 +01:00
theme_settings_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
timeline_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_creator.rb FIX: Preserve TopicCreator's timestamp resolution (#9158) 2020-03-10 15:35:40 +01:00
topic_list_responder.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_publisher.rb FIX: Use destroy_all instead of delete_all for shared drafts 2020-03-05 11:13:43 -08:00
topic_query_params.rb FEATURE: Embed topics list on remote sites via Javascript API. (#8008) 2019-08-15 13:41:06 -04:00
topic_query_sql.rb DEV: Rails 5.2 upgrade and global gem upgrade 2018-06-07 14:21:33 +10:00
topic_query.rb FIX: Topic.time_to_first_response should include sub-sub-categories (#9349) 2020-04-04 13:31:34 +03:00
topic_retriever.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic_subtype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_upload_security_manager.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_view.rb DEV: Move requested_group_id custom field from post to topic (#9127) 2020-03-24 11:12:52 +02:00
topics_bulk_action.rb FIX: Unread topics not clearing when whisper is last post (#8271) 2019-11-01 09:19:43 +10:00
trust_level.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
turbo_tests.rb FIX: Made turbo_rspec display errors in shared groups correctly 2019-08-29 12:41:14 +01:00
twitter_api.rb Fix DiscourseCops/NoURIEscapeEncode errors and re-enable 2019-12-12 14:54:26 +10:00
unread.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
upload_creator.rb FIX: Fix image optimization pipeline (#9257) 2020-03-25 12:59:16 +02:00
upload_fixer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
upload_markdown.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_recovery.rb FEATURE: allow UploadRecovery to be run on a single post (#8094) 2019-10-02 14:57:36 +10:00
upload_security.rb FIX: Change secure media to encompass attachments as well (#9271) 2020-03-26 07:16:02 +10:00
url_helper.rb Minor change to case-insensitive regex for s3_presigned_url? 2020-02-03 14:22:35 +10:00
user_name_suggester.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
version.rb Version bump to v2.5.0.beta2 2020-03-05 16:10:28 -05:00
webauthn.rb SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
wizard.rb DEV: Allow plugins to add wizard steps after specific steps (#9315) 2020-04-01 08:36:50 -05:00