Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also .
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
39
contributors
This comparison is big! We’re only showing the most recent
250
commits
Commits on Jan 22, 2021
* A11Y: Structure user menu as tabs. Although the user menu content has the appearance of tabs and relies on the functionality of tabs to make sense in terms of content and focus order, it is not marked up correctly as tabs and tab panels. See [WAI-ARIA Authoring Practices 1.1](https://www.w3.org/TR/wai-aria-practices-1.1/#tabpanel) and the [example](https://www.w3.org/TR/wai-aria-practices-1.1/examples/tabs/tabs-2/tabs.html) for details. * Make plugin api backwards compatible
Commits on Jan 23, 2021
Commits on Jan 24, 2021
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 4.5.0 to 4.5.1. - [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases) - [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/master/CHANGELOG.md) - [Commits](thoughtbot/shoulda-matchers@v4.5.0...v4.5.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ast](https://github.com/whitequark/ast) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/whitequark/ast/releases) - [Changelog](https://github.com/whitequark/ast/blob/master/CHANGELOG.md) - [Commits](whitequark/ast@v2.4.1...v2.4.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [oj](https://github.com/ohler55/oj) from 3.11.0 to 3.11.1. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md) - [Commits](ohler55/oj@v3.11.0...v3.11.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases) - [Changelog](https://github.com/rubocop-hq/rubocop-ast/blob/master/CHANGELOG.md) - [Commits](rubocop-hq/rubocop-ast@v1.4.0...v1.4.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fix for `bookmark.js` model. Most logic was moved to `topic` controller
Commits on Jan 25, 2021
A simplified version of the logic used in the function before my fix is as follow: ```ruby result = [] things = [0,1,2,3] max_values = 2 every = (things.size.to_f / max_values).ceil things.each_with_index do |t, index| next unless (t % every) === 0 result << t end p result # [0, 2] # 3 doesn’t get included ``` The problem is that if you get unlucky two times you won't get last tuple(s) and might get a very erroneous date. Double unlucky: - last tuple index % computed every !== 0 and you don't get the last tuple - the last tuple is related to a post with a very different date than the previous tuples (on year difference in our case)
This commit also better explains in spec why max_values might be off by one.
This commits add missing router service to the mixin. It did not work because 'router' was undefined.
The default locale `en_US` has been renamed into `en`. This tries to migrate existing search data to avoid resource intensive reindexing.
This cookie is only used during login. Having it persist after that can cause some unusual behavior, especially for sites with short session lengths. We were already deleting the cookie following a new signup, but not for existing users. This commit moves the cookie deletion logic out of the erb template, and adds logic and tests to ensure it is always deleted consistently. Co-authored-by: Jarek Radosz <jradosz@gmail.com>
…11835) Previously, when both `enable_local_logins` and `email_editable` are disabled still user can change the email in user activation page.
Bumps [mini_suffix](https://github.com/discourse/mini_suffix) from 0.3.0 to 0.3.2. - [Release notes](https://github.com/discourse/mini_suffix/releases) - [Changelog](https://github.com/discourse/mini_suffix/blob/master/CHANGELOG.md) - [Commits](https://github.com/discourse/mini_suffix/commits/v0.3.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
When doing a user search (eg. when mentioning a user) we will not prioritie users who hasn't been seen in over a year. REFACTOR the user-search specs to be more precise regarding the ordering
Not when doing a site-wide search like we do in the Directory.
This solves the following specfailure:
1) DirectoryItemsController with data finds user by name
Failure/Error: expect(json['directory_items'].length).to eq(1)
expected: 1
got: 0
(compared using ==)
# ./spec/requests/directory_items_controller_spec.rb:88:in `block (3 levels) in <main>'
# ./spec/rails_helper.rb:271:in `block (2 levels) in <top (required)>'
# ./bundle/ruby/2.7.0/gems/webmock-3.11.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
Run the 'MigrateSearchDataAfterDefaultLocaleRename' post migration in batches of 500k records. This will hopefully prevent any potential deadlocks on large tables.
Commits on Jan 26, 2021
These headers are useful for debugging and performance analysis
Follow-up to 77c4864.
- Create helper wrapper method `load_spec_schema(name)` - A minor change to tag_group_create response schema - Document the uploads endpoint
Includes: * FIX: Don't override computed properties * FIX: Prevent a set-after-destroy error * FIX: Get rid of select-kit deprecations * FIX: Replace removed admin-group-selector * FIX: Provide onChange action to fix warnings * FIX: Remove an element with an invalid id * DEV: Remove topic-notifications-button from dropdowns It has its own styleguide section under "Molecules". * UX: Styleguide tweaks * DEV: Make the dropdowns useable
And reduce the size of the batches to 100k. That should hopefully make the migrations run smoother...
* Add an acceptance test * FIX: polls extending in post reply histories
User title in the current-user header-dropdown was sometimes `title="null"` if user doesn’t have a name. This is fixed as part of this commit to improve accessibility of this part of the UI.
The user summary's delete button UX relied on the "admin-user.js" destroy function, which was called through the "admin-tools" service. After #11724, we no longer put UX behavior on Ember models.
…11822) This change fixes an issue with the user group chooser of a tag group's settings. It was impossible to clear any selected groups through the UI. The `setPermissionsGroups` function determines which groups appear selected in the group-chooser based on the passed-in `groupIds` array. It starts with `updatedPermissions` being set to the group permissions as they were prior to the action that called the function. From there, we were correctly adding a group permission to `updatedPermissions` whenever a group appeared in `groupIds`. This addressed newly added groups and also maintained any group permissions that had been set before. The problem was that there was no logic to remove a group permission when the associated group no longer appeared in `groupIds`. If a group isn't included in `groupIds`, we can simply attempt to delete an associated group permission if it exists.
This ensures that the logs will still work, even if the headers are hidden with `proxy_hide_header`
Commits on Jan 27, 2021
It depends on the route, but sometimes 'id' parameter can contain a slug-like value and sometimes it is just an ID. This should work in both cases.
There's no real need to cache these, and the caching can introduce problems when different sites/users are using different locales.
After this, the only remaining issue preventing Discourse from booting on apple silicon is mini_racer/libv8. See upstream discussion at rubyjs/mini_racer#186 for an experimental solution.
For now only attempts to use it in pre-commit hook
Bumps [msgpack](https://github.com/msgpack/msgpack-ruby) from 1.3.3 to 1.4.1. - [Release notes](https://github.com/msgpack/msgpack-ruby/releases) - [Changelog](https://github.com/msgpack/msgpack-ruby/blob/master/ChangeLog) - [Commits](msgpack/msgpack-ruby@v1.3.3...v1.4.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md) - [Commits](Shopify/bootsnap@v1.5.1...v1.6.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Jan 28, 2021
Bumps [puma](https://github.com/puma/puma) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v5.1.1...v5.2.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Background: I wanted to see `categories.latest_by` translation in context in a live app but couldn't find it, so I traced it throughout the code. My step-by-step reasoning for the removal is: 1. `categories-only` does not use `latestTopicOnly`, so there's no need to call it with that argument 2. `parent-category-row` is never called with `latestTopicOnly` argument, so the reference to that arg can be removed from its template 3. after that, `featured-topic` is now no longer ever called with `latestTopicOnly` argument (except in the `ghost` theme, but that's because its override of `categories-only` template https://github.com/discourse/ghost/blob/4e2fba963c5f3fa6159c1a14d45ac9e82ce7b214/common/header.html#L119 is based on the old version of that template from core), so it seems safe to remove it there too (`categories.latest_by` i18n string is also no longer needed) 4. then, nothing is using `latestTopicOnly` anymore so it can be removed from `categories` hbs/js I checked in each step that there are no plugins or themes (in all-the-plugins/all-the-themes) using those properties/arguments/strings.
When we made rejection emails optional we accidentally changed the default for approval emails from true to false.
If visible is undefined, then invisible should be too.
… uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
Bumps [rswag-specs](https://github.com/rswag/rswag) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/rswag/rswag/releases) - [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md) - [Commits](rswag/rswag@2.3.1...2.3.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…11877) Adds a new column/setting to groups, allow_unknown_sender_topic_replies, which is default false. When enabled, this scenario is allowed via IMAP: * OP sends an email to the support email address which is synced to a group inbox via IMAP, creating a group topic * Group user replies to the group topic * An email notification is sent to the OP of the topic via GroupSMTPMailer * The OP has several email accounts and the reply is sent to all of them, or they forward their reply to another email account * The OP replies from a different email address than the OP (gloria@gmail.com instead of gloria@hey.com for example) * The a new staged user is created, the new reply is accepted and added to the topic, and the staged user is added to the topic allowed users Without allow_unknown_sender_topic_replies enabled the new reply creates an entirely new topic (because the email address it is sent from is not previously part of the topic email chain).
Commits on Jan 29, 2021
Currently, it creates a CORS error while accessing those static files.
Bumps [omniauth-oauth](https://github.com/intridea/omniauth-oauth) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/intridea/omniauth-oauth/releases) - [Commits](omniauth/omniauth-oauth@v1.1.0...v1.2.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [oj](https://github.com/ohler55/oj) from 3.11.1 to 3.11.2. - [Release notes](https://github.com/ohler55/oj/releases) - [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md) - [Commits](ohler55/oj@v3.11.1...v3.11.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 1.8.1 to 1.9.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop-hq/rubocop@v1.8.1...v1.9.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Quite a few Ember-CLI / Upgrade related changes They should all be backwards compatible. This is all to help merge our branches. * REFACTOR: DRY up username validation Also avoids overwriting computed properties for compatibility with newer Ember releases.
* document user endpoints, allow for empty request/response bodies * document more user endpoints, improve debugging output if no details are specified * document some more user endpoints * minor cleanup * FIX: flakey tests due to bad regex
because users were having trouble figuring out how to expand the hidden post to determine "what post of mine was removed??", per customer reports
Commits on Jan 30, 2021
Commits on Jan 31, 2021
Bumps [fastimage](https://github.com/sdsykes/fastimage) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/sdsykes/fastimage/releases) - [Commits](sdsykes/fastimage@v2.2.1...v2.2.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-support](https://github.com/rspec/rspec-support) from 3.10.1 to 3.10.2. - [Release notes](https://github.com/rspec/rspec-support/releases) - [Changelog](https://github.com/rspec/rspec-support/blob/main/Changelog.md) - [Commits](rspec/rspec-support@v3.10.1...v3.10.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-mocks](https://github.com/rspec/rspec-mocks) from 3.10.1 to 3.10.2. - [Release notes](https://github.com/rspec/rspec-mocks/releases) - [Changelog](https://github.com/rspec/rspec-mocks/blob/main/Changelog.md) - [Commits](rspec/rspec-mocks@v3.10.1...v3.10.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases) - [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md) - [Commits](MiniProfiler/rack-mini-profiler@v2.3.0...v2.3.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…k modal controller into component which uses time shortcut picker (#11802) This PR moves all of the time picking functionality from the bookmark modal and controller into a reusable time-shortcut-picker component, which will be used for the topic timer UI revamp. All of the utility JS for getting dates like tomorrow/next week/next month etc. have also been moved into a separate utility lib. The time-shortcut-picker has a couple of options that can be passed in: * prefilledDatetime - The date and time to parse and prefill into the custom date and time section, useful for editing interfaces. * onTimeSelected (callback) - Called when one of the time shortcuts is clicked, and passes the type of the shortcut (e.g. tomorrow) and the datetime selected. * additionalOptionsToShow - An array of option ids to show (by default `later_today` and `later_this_week` are hidden) * hiddenOptions - An array of option ids to hide * customOptions - An array of custom options to display (e.g. the option to select a post date for the bookmarks modal). The options should have the below properties: * id * icon * label (I18n key) * time (moment datetime object) * timeFormatted * hidden The other major work in this PR is moving all of the bookmark functionality out of the bookmark modal controller and into its own component, where it makes more sense to be able to access elements on the page via `document`. Tests have been added to accompany this move, and existing acceptance tests for bookmark are all passing.
Commits on Feb 01, 2021
* sometimes the AJAX promise to create/save the bookmark did not come back before the component destroyed, causing an error when trying to set the model id afterward. this just eliminates the set code and uses the response.id instead
…tem's user avatar. Using "UrlHelper#absolute" returns the S3 URL, which is fine for the client because it modifies it to use the CDN instead. On the other hand, this replacement doesn't happen when the URL is server-side rendered, returning a 403 for the system's avatar.
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
It seems like 1.4.1 was yanked.
This PR is the first step towards replacing our `{{user-selector}}` and eventually deprecating and removing it from our codebase. Some of `{{user-selector}}` problems are:
1. It's called `{{user-selector}}`, but in reality in can also select groups and emails.
2. It's an Ember component, yet it doesn't have a handlebars template and uses jQuery to render itself and modify the DOM. An example of this problem is when you want to clear the selected users programmatically, see [this](https://github.com/discourse/discourse/blob/6c155dba775441ccef9ac21c770102857978286d/app/assets/javascripts/discourse/app/components/user-selector.js#L179-L185).
3. We now have select kit which does very similar things but a lot better.
This PR introduces `{{email-group-user-chooser}}` which is meant to replace `{{user-selector}}`. It extends select kit and has the same features that `{{user-selector}}` has. `{{user-selector}}` is still used in a few places in core, but they'll all be replaced with the new component in a separate commit.
Once `{{user-selector}}` is not used anywhere in core, it'll be deprecated and then removed after the 2.7 release.
This should be fully backwards compatible. Co-authored-by: Jarek Radosz <jradosz@gmail.com> Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Disabling shared drafts used to leave topics in an inconsistent state where they were not displayed as shared drafts and thus there was no way of publishing them. Moreover, they were accessible just to users who have permissions to create shared drafts. This commit adds another permission check that is used for most operations and the old can_create_shared_draft? remains used just when creating a new shared draft.
It always showed shared drafts if no category was set. Follow-up to dd17553.
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md) - [Commits](Shopify/bootsnap@v1.6.0...v1.7.0) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [excon](https://github.com/excon/excon) from 0.78.1 to 0.79.0. - [Release notes](https://github.com/excon/excon/releases) - [Changelog](https://github.com/excon/excon/blob/master/changelog.txt) - [Commits](excon/excon@v0.78.1...v0.79.0) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webmock](https://github.com/bblimke/webmock) from 3.11.1 to 3.11.2. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](bblimke/webmock@v3.11.1...v3.11.2) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop-hq/rubocop@v1.9.0...v1.9.1) Signed-off-by: dependabot[bot] <support@github.com>
This moves the way we add the user avatar and site logo to the discobot certificates from embeded base64 png to just using the files urls in the href to the image tag. This will make generation faster and the certificate smaller overall, but it can't be used in a `img` tag anymore, since SVGs in `img` tags don't load the external images In order to work around that we will move the certificate in posts to an iframe, which works fine without any user visible changes. For this to be possible the plugin automatically adds the site current domain to the list of allowed iframe origins.
Commits on Feb 02, 2021
This PR makes it so the bookmark name shows on hover in the quick access menu. A change was necessary to quick-access-item for the title to render for the link.
To prevent opaque cache files, now all the CDN files will be requested in 'cors' mode if the cdn_cors_enabled global setting is enabled. Before enabling the setting, should enable the cors in the CDN server by adding the response header `access-control-allow-origin: *` or `access-control-allow-origin: https://discourse.example.com.` And other external file requests other than CDN will not be cached if the response type is opaque.
* Pluralize `groups.errors.adding_too_many_users` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#53882 * Pluralize `js.composer.error.title_too_short` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41172 * Pluralize `js.composer.error.title_too_long` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41174 * Pluralize `js.composer.error.post_length` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41178 * Pluralize `js.topic.progress.jump_prompt_of` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#41958 * Use translations to join strings about posters This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/248/en-ar#49334 It also makes some changes to the crawler view: * Removes `poster.moreCount` which is only available on the client for PMs * CSS class names are actually stored in `poster.extras` instead of `poster.extraClasses` * Stop concatenating category stats This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40740 * Pluralize `js.summary.description` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40782 * Pluralize `js.summary.description_time_MF` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#40784 * Use translation to join list of tags This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43372 * Pluralize `admin_js.admin.groups.manage.membership.automatic_membership_user_count` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#43720 * Pluralize `js.post.controls.delete_topic_confirm_modal` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#54804 * Stop concatenating `js.post.last_edited_on` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42358 * Stop concatenating `js.post.wiki_last_edited_on` This fixes https://discourse.crowdin.com/translate/f3230e7607a36bb0a2f97fd90605a44e/246/en-ar#42356 It also fixes a regression because `js.post.wiki_last_edited_on` wasn't used anymore since 2017.
Bootsnap started printing these warnings: ``` [DEPRECATED] Bootsnap's `autoload_paths_cache:` option is deprecated and will be removed. If you use Zeitwerk this option is useless, and if you are still using the classic autoloader upgrading is recommended. [DEPRECATED] Bootsnap's `disable_trace:` option is deprecated and will be removed. If you use Ruby 2.5 or newer this option is useless, if not upgrading is recommended. ```
I don't have a clear reproduction ATM, but I imagine that in fast tests element can get destroyed before we get to use it.
…11937) Using this added a temporary query param to force browsers to redownload all CDN endpoints.
Bumps [rubocop-rspec](https://github.com/rubocop-hq/rubocop-rspec) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/rubocop-hq/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop-hq/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop-hq/rubocop-rspec@v2.1.0...v2.2.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This ensures we rate limit on logins where possible, we also normalize logins for the rate limiters centrally.
Commits on Feb 03, 2021
This PR revamps the topic timer UI, using the time shortcut selector from the bookmark modal. * Fixes an issue where the duration of hours/days after last reply or auto delete replies was not enforced to be > 0 * Fixed an issue where the timer dropdown options were not reloaded correctly if the topic status changes in the background (use `MessageBus` to publish topic state in the open/close timer jobs) * Moved the duration input and the "based on last post" option from the `future-date-input` component, as it was only used for topic timers. Also moved out the notice that is displayed which was also only relevant for topic timers.
The changes were not visible immediately after saving reordered categories.
This pull requests contains a series of improvements to groups settings and member management such as: - Showing which users have set a group as primary - Moving similar settings together under Effects - Adding bulk select and actions to members page
We want to allow developers to customize their own vscode environment. Including launch.json/tasks.json files in the repository makes this very difficult. These were originally added for GitHub codespaces. Once codespaces is more widely available, we can look into automatically copying the `.vscode-sample` directory to `.vscode` when the codespace boots.
Bumps [i18n](https://github.com/ruby-i18n/i18n) from 1.8.7 to 1.8.8. - [Release notes](https://github.com/ruby-i18n/i18n/releases) - [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md) - [Commits](ruby-i18n/i18n@v1.8.7...v1.8.8) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
It will add CORS header `Access-Control-Allow-Origin: '*'` to the files inside `public/javascripts` folder.
This is a regression from 98201ec. Meta topic: https://meta.discourse.org/t/-/178167?u=osama. Signed-off-by: OsamaSayegh <asooomaasoooma90@gmail.com>
* FIX: In FastImage 2.2.2 an error is raised with a `nil` path Sometimes Discourse.store.path_for would return `nil`, which the job handled gracefully before, but raises an error with the new version of the gem. Note the logic of this job is a bit awkward since it depends on `nil` being a string, but at least now it's no longer filling logs with errors. * Update app/jobs/onceoff/fix_invalid_gravatar_uploads.rb Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com> Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>
…#11950) Issue originally reported in https://meta.discourse.org/t/bypass-sso-by-adding-unkown-email-to-group/177339 Inviting people via email address to a group when SSO is enabled (or local logins are disabled) led to a situation where user records were being created bypassing single sign-on. We already prevent that in most places. This adds required checks to `GroupsController`.
#11951) A more general, lower-level change in addition to #11950. Most code paths already check if SSO is enabled or if local logins are disabled before trying to create an email invite. This is a safety net to ensure no invalid invites sneak by. Also includes: FIX: Don't allow to bulk invite when SSO is on (or when local logins are disabled) This mirrors can_invite_to_forum? and other email invite code paths.
This encompasses a lot of work done over the last year, much of which has already been merged into master. This is the final set of changes required to get Ember CLI running locally for development. From here on it will be bug fixes / enhancements. Co-authored-by: Jarek Radosz <jradosz@gmail.com> Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com> Co-authored-by: Jarek Radosz <jradosz@gmail.com> Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
…1941) This moves all the rate limiting for user second factor (based on `params[:second_factor_token]` existing) to the one place, which rate limits by IP and also by username if a user is found.
Commits on Feb 04, 2021
* DEV: Documented several group endpoints * documented some more endpoints * document more api endpoints * Document backup endpoints * remove puts
This is a try to simplify logic around dismiss new topics to have one solution to work in all places - dismiss all-new, dismiss new in a specific category or even in a specific tag.
#11971) If a list of email addresses is pasted into a group’s Add Members form that has one or more email addresses of users who already belong to the group and all other email addresses are for users who do not yet exist on the forum then no invites were being sent. This commit ensures that we send invites to new users.
UX: update label for "Remove Tags" action
…#11972) Some plugins (like discourse-calendar) import things from `@ember/string` and `rsvp`, so we need to add them in order for the plugins to work with Ember CLI.
- ignores errors when including component SCSS in parent theme - adds support for SCSS `@import`s in components' `color_definitions.scss` files
The definition of 'multiple_files' did not consider that 'spec' refers to the entire `spec/` directory, and therefore includes multiple files
Fixes an issue introduced in 0f31a22.
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md) - [Commits](Shopify/bootsnap@v1.7.0...v1.7.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [css_parser](https://github.com/premailer/css_parser) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/premailer/css_parser/releases) - [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md) - [Commits](premailer/css_parser@v1.8.0...v1.9.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/resque/redis-namespace/releases) - [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md) - [Commits](resque/redis-namespace@v1.8.0...v1.8.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
`fondu` is no longer available via homebrew: `Error: fondu has been disabled because it is not maintained upstream!` (since Homebrew/homebrew-core#66396) and the `pkg` file available on `fondu`'s site doesn't seem to work on Big Sur. An alternative option is to use `fontforge`, which a little `python` script (it's definitely less short an harder to read, but it works). Additionally, it looks like the file *might* be called `ttc` instead. I have also updated the URL for ImageMagick's `type_gen` because it now lives under `legacy.imagemagick.org` which causes `curl` to capture a 301 page instead.
Commits on Feb 05, 2021
…duration is specified (auto delete replies, close based on last post) (#11961) This PR allows entering a float value for topic timers e.g. 0.5 for 30 minutes when entering hours, 0.5 for 12 hours when entering days. This is achieved by adding a new column to store the duration of a topic timer in minutes instead of the ambiguous both hours and days that it could be before. This PR has ommitted the post migration to delete the duration column in topic timers; it will be done in a subsequent PR to ensure that no data is lost if the UPDATE query to set duration_mintues fails. I have to keep the old keyword of duration in set_or_create_topic_timer for backwards compat, will remove at a later date after plugins are updated.
* DEV: Add description and logo to api docs * Rename method to avoid name collision
This is a revert of d8c796b and 5bf0a08. Linking to the post within a topic that has the highest rank was confusing users and hard to explain because ranking is determined via the PG ranking function. See the following meta topics for the complaints after we switch to the new ordering: 1. https://meta.discourse.org/t/title-search-not-working-as-expected/157737 2. https://meta.discourse.org/t/search-results-should-prioritize-first-post-in-topic-when-title-matches-search-term/175154
`emailOrUsername` was renamed to `invitee` in a recent change to app/assets/javascripts/discourse/app/components/invite-panel.js and needed to be updated in client.en.yml
…requests. (#11986) `script_name` env variable would be empty for public static assets.
If both category and tag are selected then we shouldn't display a notification menu.
…11985) Previously it was using various willTransition and didTransition hooks which can be quite fragile, especially when removing the intermediate loading state.
Arial is more consistently available across operating systems and aligns better.
Signed-off-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Commits on Feb 06, 2021
Commits on Feb 07, 2021
Bumps [rswag-specs](https://github.com/rswag/rswag) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/rswag/rswag/releases) - [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md) - [Commits](rswag/rswag@2.3.2...2.3.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because of a where clause of duration_minutes != duration, where duration_minutes was NULL, the previous migration to fill the new duration_minutes column failed. This corrects the failed migration by just running the update where duration_minutes is NULL and duration IS NOT NULL. Previous commit is 4af77f1
Commits on Feb 08, 2021
Bumps [nio4r](https://github.com/socketry/nio4r) from 2.5.4 to 2.5.5. - [Release notes](https://github.com/socketry/nio4r/releases) - [Changelog](https://github.com/socketry/nio4r/blob/master/CHANGES.md) - [Commits](socketry/nio4r@v2.5.4...v2.5.5) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [puma](https://github.com/puma/puma) from 5.2.0 to 5.2.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](puma/puma@v5.2.0...v5.2.1) Signed-off-by: dependabot[bot] <support@github.com>
Previous markup used to be
```
<div>
<div>
<li>
```
Instead we will now have:
```
<ul>
<li>
<div>
```
Note this commit also adds two things:
- ability to override tagName of a widget when attaching it
- ability to pass opts and otherOpts to {{attach}}, it could be useful in templates but is mostly useful to test `tagName` for now
This commit also uses this new feature for the expand/collapse control of the user activity page.
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does **not** aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
{{d-button ariaExpanded=xxx}} only accepts Boolean now.
A user browser may rotate a user subscription endpoint/keys anytime. Currently, Discourse will receive a 4XX response while trying to deliver a push notification and silently unsubscribe the device. With this change, we will gracefully handle desativating the old subscription and the replacement creation with the need for the user to resubscribe manually every time it breaks. https://meta.discourse.org/t/-/125179?u=falco
* DEV: Escape backslashes in curl example We need to escape these backslashes otherwise they get filtered out when generating the api docs. * FIX: uniqItems should be uniqueItems
We didn't run some of the plugin tests since #11899. I'd file that under "whoops".
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/Shopify/bootsnap/releases) - [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md) - [Commits](Shopify/bootsnap@v1.7.1...v1.7.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FEATURE: Ability to dismiss new topics in a specific tag Follow up of #11927 Using the same mechanism to disable new topics in a tag. * FIX: respect when category and tag is selected
Commits on Feb 09, 2021
This little helper script allows for easy ember cli development. To see the options run `bin/ember-cli -h` It allows you to proxy try.discourse.org with the `bin/ember-cli --try` switch, which effectively allows for some development without a rails installed. It passes on arguments to ember-cli so you can customize port and so on. It makes the assumption that on local people are using `bin/unicorn` for development. (it includes some extra discourse specific helpers)
Currently, it's returning 403 invalid access error which causes issue in Google webmaster tools.
Updated the category api docs to follow the new validation format.
…12015) You can use `discourse restore --location=local FILENAME` if you want to restore a backup that is stored locally even though the `backup_location` has the value `s3`.
Clearing theme and emoji cache might require uploaded files.
Commits on Feb 10, 2021
Bumps [rswag-specs](https://github.com/rswag/rswag) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/rswag/rswag/releases) - [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md) - [Commits](rswag/rswag@2.3.3...2.4.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* tasks/emails.rake: catch exception and puts message * add username and auth
This PR re-styles the login and create account modals.
The bug was mentioned on meta https://meta.discourse.org/t/users-are-seeing-handling-of-unhandled-tag-again/155367 It was related to users who are watching a specific topic. In that case, when the hidden tag was added or removed to the topic they were notified by `NotifyTagChangeJob`. That job should take hidden tags into consideration. If all changed tags are in a hidden group, it should exclude user not belong to that group. At the same time, if visible to anyone tag is added or removed users watching topic should be notified.
Commits on Feb 11, 2021
This commit adjusts the height of the left side of the login modal, and changes the scroll gradient positioning.
Follow up #11968 Dismiss all new topics using the same DismissTopicService. In addition, MessageBus receives exact topic ids which should be marked as `seen`.
Using our testing Docker image (`discourse/discourse_test:release`) allows us to drop "Update imagemagick" step which shaves ~10 minutes from all runs.
…12044) Previously we would always take the first image in a post to use as the thumbnail. On media-heavy sites, users may want to manually select a specific image as the topic thumbnail. This commit allows this to be done via a `|thumbnail` attribute in markdown. For example, in this case, bbb would be chosen as the thumbnail: ```   ```
This commit adjusts the scroll gradient on the login modal, changes `email / username` to `Email / Username` and adjusts the color of social button icons on hover in the login modal.
If no email is provided, email_valid should be set false, so that Discourse can prompt the user for an email and verify it. This fixes signups via twitter for accounts with no email address.
…12049) Normally we look at where the cursor is, but when the composer is closed we don't have a cursor and just append at the end. This fix adds a new line to make sure quotes will always work when inserted when the composer is closed.
Still excludes GitHub avatars. Those were the original reason for adding this broad exclusion. Context at https://meta.discourse.org/t/165713/4 If we find more oneboxes which are unsuitable for thumbnails, we can add them to this selector.
A topic with the slug 'topic' might exist and may end up being linked to by mistake when malformed (i.e. cross-site) quotes are posted.
This commit adds more specificity to the social buttons styling.
* DEV: Show warning message when using ember css selectors When editing the theme css via the admin UI a warning message will be displayed if it detects that the `#emberXXX` or `.ember-view` css selectors are being used. These are dynamic selectors that ember generates, but they can change so they should not be used. * Update error message text to be more helpful * Display a warning instead of erroring out This allows the theme to still be saved, but a warning is displayed. Updated the tests to check for the error message. Updated the pre tags css so that it wraps for long messages.
This migration is quite heavy because of join to all potential topics which should be `dismissed` for each user. To make it a little bit more efficient I did two things: - move conditions to join so it should use fewer rows - do that in batches - 1000 users at the time
…2056) Bumps [openssl-signature_algorithm](https://github.com/cedarcode/openssl-signature_algorithm) from 1.0.0 to 1.1.1. - [Release notes](https://github.com/cedarcode/openssl-signature_algorithm/releases) - [Changelog](https://github.com/cedarcode/openssl-signature_algorithm/blob/master/CHANGELOG.md) - [Commits](cedarcode/openssl-signature_algorithm@v1.0.0...v1.1.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add server and client side validations to ensure topic timer durations cannot exceed 2 years and cannot be less than or equal to 0.
Commits on Feb 12, 2021
…er-chooser}} (#12042) `{{user-selector}}` is now deprecated and it will be removed from core in Discourse 2.8. All instances of `{{user-selector}}` has been replaced with `{{email-group-user-chooser}}`.
equal to theads posts can be soft-deleted which results in a visibile = 2 state. at the moment those posts will be imported fully visible.
This test failure was caused by rails calling `.debug` on our FakeLogger which was not supporting it, resulting in more errors than what the test was expecting.
Currently, we're unable to search users by their username with the `@` symbol in "Posted by" filter on advanced search page.
`convert_to_jpeg!` is only called if `convert_png_to_jpeg?` and/or `should_alter_quality?` is true. `convert_png_to_jpeg?` can be disabled by setting `SiteSetting.png_to_jpg_quality` to 100. However, `should_alter_quality?` could be true if `SiteSetting.recompress_original_jpg_quality` was lower than the quality of the uploaded file, regardless of file type. This commits changes `should_alter_quality?` so that uploaded png files will use the `SiteSetting.png_to_jpg_quality` value, rather than ``SiteSetting.recompress_original_jpg_quality` value.
* UX: Second Factor + Alert Display This commit removes JS edits of the modal-alert and uses CSS instead. This commit also adds some styling to the 2FA login when using a key instead of a 2FA authenticator.
Showing you all comments on commits in this comparison.
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/change-email-address-button-shows-even-when-edit-email-is-off/168770/4 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/automatic-upgrade-from-2-6-0-beta5-to-2-7-0-beta3-failed/177790/6 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/wrong-category-grouping-after-update/177998/3 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/brand-header-theme-component/77977/207 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/messaging-multiple-members/178167/2 |
This comment has been minimized.
This comment has been minimized.
|
please use @action |
This comment has been minimized.
This comment has been minimized.
|
Done in #11955 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/messaging-multiple-members/178167/4 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/custom-css-isnt-applied-to-my-discourse/178241/5 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/custom-css-isnt-applied-to-my-discourse/178241/6 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/filtered-replies-view-issue/178359/4 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/experiment-on-meta-loading-slider/177939/83 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/height-problem-on-category-breadcrumb/178543/2 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/job-delete-replies-error/178692/1 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/sidekiq-error-for-jobs-deletereplies-job/178588/4 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/restore-failed-please-check-log/178811/4 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/embercli-coming-to-a-discourse-near-you/143528/8 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/topic-list-thumbnails-theme-component/150602/126 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/using-onebox-images-for-topic-thumbnails/165713/20 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/rss-url-show-403-error-in-google-console/177759/9 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/problem-with-category-image-transparency/124389/12 |
This comment has been minimized.
This comment has been minimized.
|
This commit has been mentioned on Discourse Meta. There might be relevant details there: https://meta.discourse.org/t/restore-backup-is-broken/179514/1 |
This file was deleted.
This file was deleted.