Commit Graph

54786 Commits

Author SHA1 Message Date
a1d2c46d28 FIX: increase secure session for OAuth expiration time (#27674)
By default, secure sessions expire after 1 hour.
For OAuth authentication it should expire at the same time when the authentication cookie expires - `SiteSetting.maximum_session_age.hours`.

It is possible that the forum will not have persistent sessions, based on `persistent_sessions` site setting. In that case, with next username and password authentication we need to reset information about OAuth.

Bug introduced in this PR - https://github.com/discourse/discourse/pull/27547
2024-07-02 11:43:59 +10:00
592b5ceed1 Build(deps-dev): Bump typescript from 5.5.2 to 5.5.3 (#27673)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-02 09:36:46 +08:00
7b94cfcb1e FIX: Hide message button for current user if can't message (#27672)
Hide message button for current user if can't message
2024-07-02 10:01:58 +10:00
0acd6bea4c PERF: Eager load field causing N+1 issue (#27626)
* PERF: Fix N+1 issue for javascript_cache

* FIX: missing upload fields should still appear in stylesheets

Sass is still expected to compile successfully even without uploads.
Revert a blank upload to have a blank URL

* DEV: remove unneeded test comment

---------

Co-authored-by: Jeff Wong <awole20@gmail.com>
2024-07-01 20:55:06 -03:00
947990b7f6 FIX: Small delay when auto-adding list item in composer (#27661)
Followup 30fdd7738ec942126bb055c9a6a8d69ddffba2da,

The issue with keyup is that it happens too late. maybeContinueList
itself runs in about 1 or 2 ms. But we show the linebreak in the
textarea on keydown and we handle it in keyup, which causes the “lag”.

The fix here is “hacking” itsatrap and textarea behavior to allow us to handle
it right away after the linebreak is inserted.

Full credit to Joffrey Jaffeux for this fix, I am making him
"co-author" below.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-02 09:37:10 +10:00
9e8d8d37fa UX: fix height of lazy youtube embeds (#27671) 2024-07-01 17:27:11 -04:00
1c67aab135 UX: prevent the tag bullet from shrinking (#27669) 2024-07-01 16:49:49 -04:00
4311e9df45 UX: truncate too-long names in usercard (#27650) 2024-07-01 16:29:18 -04:00
6599b85a75 DEV: Block accidental serialization of entire AR models (#27668) 2024-07-01 17:08:48 -03:00
1ae902fa60 FIX: Division by zero error on WebHookEventsDailyAggregate (#27667)
* FIX: Division by zero error on WebHookEventsDailyAggregate

* DEV: Update implementation of WebHookEventsDailyAggregate to handle division by zero error
2024-07-01 15:40:52 -03:00
88d259b73a Build(deps-dev): Bump @floating-ui/dom from 1.6.6 to 1.6.7 (#27653)
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.6 to 1.6.7.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.7/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:49 +08:00
7e27ca386d Build(deps-dev): Bump test-prof from 1.3.3 to 1.3.3.1 (#27654)
Bumps [test-prof](https://github.com/test-prof/test-prof) from 1.3.3 to 1.3.3.1.
- [Release notes](https://github.com/test-prof/test-prof/releases)
- [Changelog](https://github.com/test-prof/test-prof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/test-prof/test-prof/compare/v1.3.3...v1.3.3.1)

---
updated-dependencies:
- dependency-name: test-prof
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:39 +08:00
2586215fa1 Build(deps): Bump minitest from 5.24.0 to 5.24.1 (#27655)
Bumps [minitest](https://github.com/minitest/minitest) from 5.24.0 to 5.24.1.
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](https://github.com/minitest/minitest/compare/v5.24.0...v5.24.1)

---
updated-dependencies:
- dependency-name: minitest
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:23 +08:00
909901494a Build(deps-dev): Bump rubocop-rails from 2.25.0 to 2.25.1 (#27656)
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.25.0 to 2.25.1.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.25.0...v2.25.1)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:11 +08:00
703aeb9429 Build(deps): Bump sassc-embedded from 1.76.0 to 1.77.1 (#27657)
Bumps [sassc-embedded](https://github.com/sass-contrib/sassc-embedded-shim-ruby) from 1.76.0 to 1.77.1.
- [Commits](https://github.com/sass-contrib/sassc-embedded-shim-ruby/compare/v1.76.0...v1.77.1)

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:00 +08:00
bee7312f46 FIX: show group based notifications in chat summary email (#27641)
Follow up to #27631 to account for group mentions in channels.

We only want to show mentions for groups that are currently mentionable and those that the current user belongs to.
2024-07-01 12:47:38 +04:00
ffc99253fa DEV: Resolve TODO comments for martin-brennan
I am changing many of these to notes or resolving them as is,
most of these I have not actively worked on in years so someone
else can work on them when we get to these areas again.
2024-07-01 15:32:30 +10:00
56f34e2d2b DEV: Unhide enable_direct_s3_uploads setting (#27659)
This has been around for a long time now and was mentioned
in https://meta.discourse.org/t/a-new-era-for-file-uploads-in-discourse/210469,
there is no need to hide it, self-hosters are free to enable
this.
2024-07-01 13:56:00 +10:00
4c1c25027d DEV: Wiring for the admin about config page (#27492)
This commit continues work laid out by ffec8163b0 for the admin config page for the /about page. The last commit set up the user interface, and this one sets up all the wiring needed to make the input fields and save buttons actually work.

Internal topic: t/128544.
2024-07-01 05:40:37 +03:00
e8a41011eb FIX: should not raise error when minimum_required_tags value not defined for category. (#27658)
While creating a new category if the user didn't specify a value for `minimum_required_tags` input but clicked it then it returned the "PG::NotNullViolation: null value in column 'minimum_required_tags'" error.
2024-07-01 07:14:34 +05:30
0b3b101c97 FIX: CalendarDateTimeInput renders the wrong day (#27639) 2024-06-28 19:18:01 -03:00
e161086630 FIX: User controls buttons order for admins (#27646) 2024-06-28 18:32:25 -03:00
8dc358e4d5 FIX: better iframe sanitization
This improves the way we sanitize `iframe` and correctly strips them from the "raw" before cooking it.

Otherwise, we would show an empty iframe box.

Internal ref - t/131430
2024-06-28 22:53:20 +02:00
307b207e91 UX: remove redundant nav-pill active border (#27649) 2024-06-28 16:29:50 -04:00
05a5f3c816 DEV: Extract top replies summary out of summary-box (#27647) 2024-06-28 10:43:47 -07:00
f6dfb9d63f DEV: Add topic-map-expanded-after plugin outlet (#27645) 2024-06-28 07:53:05 -07:00
423f92490c Update translations 2024-06-28 16:10:06 +02:00
232503b3df FIX: Render a 404 error on a bad redirect in list controller
When bad data is provided in the URI for redirecting to a category,
Rails raises an `ActionController::Redirecting::UnsafeRedirectError`
error, leading to a 500 error.

This patch catches the exception to render a 404 instead.
2024-06-28 10:42:10 +02:00
a442eeb0f4 FIX: Don’t raise an error on permalinks with external URL
Currently redirecting to an external URL through a permalink doesn’t
work because Rails raises a
`ActionController::Redirecting::UnsafeRedirectError` error.

This wasn’t the case before we upgraded to Rails 7.0.

This patch fixes the issue by using `allow_other_host: true` on the
redirect.
2024-06-28 10:09:37 +02:00
b9ade92856 Build(deps-dev): Bump sqlite3 from 1.7.3 to 2.0.2 (#27160)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.3 to 2.0.2.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.3...v2.0.2)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 09:32:01 +10:00
e6487aa6c3 Build(deps-dev): Bump qunit-dom from 3.1.2 to 3.2.0 (#27637)
Bumps [qunit-dom](https://github.com/mainmatter/qunit-dom) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/mainmatter/qunit-dom/releases)
- [Commits](https://github.com/mainmatter/qunit-dom/compare/v3.1.2...v3.2.0)

---
updated-dependencies:
- dependency-name: qunit-dom
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 01:10:46 +02:00
6a5ee0693d FIX: rescue mmdb download failure (#27556)
* rescue mmdb download failure

If mmdb database fails to download a bootstrap fails. This is a trivial fix for that problem. A more elegant solution might check whether the dataabase was downloaded and provide a helpful error message.

* linting

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-06-28 05:10:14 +08:00
9ab18ed2e3 UX: fix featured link alignment, hide participants wrapper outside of PMs (#27636) 2024-06-27 13:47:12 -04:00
3ce618e57a DEV: Update plugin-outlet tests (#27630)
qunit-dom, reformat hbs blocks, use `<template>` where possible
2024-06-27 19:36:55 +02:00
57eecbef4b FIX: invalid user locale when accepting group membership
If, for whatever reasons, the user's locale is "blank" and an admin is accepting their group membership request, there will be an error because we're generating posts with the locale of recipient.

In order to fix this, we now use the `user.effective_locale` which takes care of multiple things, including returning the default locale when the user's locale is blank.

Internal ref - t/132347
2024-06-27 19:22:55 +02:00
a56321efb5 FIX: topic search order
When using the full page search and filtering down to a specific topic, the sort order was overwritten to by by "post_number".

This was confusing because we allow different type of sort order in the full search page.

This fixes it by only sorting by post_number when there's no "global" sort order defined.

Since the "new topic map" uses the search endpoint behind the scene, this also fixes the "most likes" popup.

Context - https://meta.discourse.org/t/searching-order-seems-to-be-broken-when-searching-in-topic/312303
2024-06-27 18:13:26 +02:00
4b111626cb DEV: Remove invalid content_security_policy_script_src site setting values from DB (#27588)
* DEV: add db migration to filter out invalid csp script source values

* DEV: insert UserHistory row during data migration to track old value for content_security_policy_script_src site setting
2024-06-27 22:17:56 +08:00
8d28038666 FEATURE: Add WebHookEventsDailyAggregate report page (#27573)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* FEATURE: Add WebHookEventsDailyAggregate report page

Add locales for the new report page
Reorder imports in the report.rb

* DEV: Remove logger line

* FEATURE: Add `auto_insert_none_item` option to `report-filters` components

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-27 10:26:42 -03:00
580bad3c02 FIX: only show relevent chat channel mentions in summary email (#27631)
Chat summary email should only contain mentions that are relevant to the current user.
2024-06-27 15:53:40 +04:00
4a6b79dead FIX: "in posts by" user search (#27628)
When visiting a user profile, and then opening the search, there's an option to filter down by posts made by that user.

When clicking that option, it used to pre-fill the "search bar" with "@<username>" to filter down the search.

This restore this behaviour and add a system spec to ensure it doesn't regress.

Context - https://meta.discourse.org/t/in-posts-by-search-option-does-not-work-when-clicked/312916
2024-06-27 14:20:18 +10:00
e92a82aa1d FIX: update id types in API docs to integers (#27412) 2024-06-26 20:44:39 -06:00
cada172981 FIX: Do not capture OAuth user on 2FA page (#27617)
If the `enforce_second_factor_on_external_auth` setting
is disabled and a user logs in with an OAuth method,
they don't automatically get redirected to /preferences/second-factor
on login. However, they can get there manually, and once there
they cannot leave.

This commit fixes the issue and allows them to leave
and also does some refactors to indicate to the client
what login method is used as a followup to
0e1102b3326ace878c357301e108154051d37c31
2024-06-27 10:27:49 +10:00
89df5761ff Build(deps-dev): Bump puppeteer-core from 22.12.0 to 22.12.1 (#27629)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.12.0 to 22.12.1.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.12.0...puppeteer-core-v22.12.1)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:46:48 +02:00
d99ea68282 Build(deps): Bump google-protobuf from 4.27.1 to 4.27.2 (#27627)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.1 to 4.27.2.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:41:16 +02:00
964f47e795 FIX: Correctly highlight new topic-list-items in glimmer (#27623) 2024-06-26 20:04:33 +02:00
f58b844f45 Revert "DEV: Upgrade Rails to version 7.1" (#27625)
This reverts commit ce00f83173863c3151f21c5cd03f24e3f6617e5c.
2024-06-26 18:55:05 +02:00
099cf71bcc FIX: Topic embedding importer should accept string tags (#27624)
* FIX: Embedding importer should accept string tags
2024-06-26 12:34:55 -04:00
01e36cbb47 FIX: correctly show validation errors in automation (#27622)
A previous refactor has prevented errors to show correctly. The guilt of the issue is that we were not calling the error variable correctly in the templates.

This commit also adds a spec for this case, and removes the need for `I18n.backend.store_translations` in specs so we don't have to write too much boilerplate each time we write a spec.
2024-06-26 14:09:26 +02:00
54a59be617 FEATURE: new 'should_add_email_attachments' plugin modifier
That can be used by plugins to control whether email attachments should be sent.

Internal ref - t/132149
2024-06-26 12:36:35 +02:00
8cfae168d1 Build(deps-dev): Bump @floating-ui/dom from 1.6.5 to 1.6.6 (#27616)
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.5 to 1.6.6.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.6/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 10:34:55 +02:00