Skip to content
Snippets Groups Projects
This project is mirrored from https://github.com/discourse/discourse. Pull mirroring updated .
  1. Jul 13, 2022
  2. Jul 04, 2022
  3. Jun 21, 2022
  4. Jun 13, 2022
  5. Jun 03, 2022
    • Alan Guo Xiang Tan's avatar
      FIX: Approves user when redeeming an invite for invites only sites (#16987) · 036467aa
      Alan Guo Xiang Tan authored
      When a site has `SiteSetting.invite_only` enabled, we create a
      `ReviewableUser`record when activating a user if the user is not
      approved. Therefore, we need to approve the user when redeeming an
      invite.
      
      There are some uncertainties surrounding why a `ReviewableRecord` is
      created for a user in an invites only site but this commit does not seek
      to address that.
      
      Follow-up to 7c4e2d33
    • Alan Guo Xiang Tan's avatar
      DEV: Fix auto start for wizard qunit tests (#16988) · 57635407
      Alan Guo Xiang Tan authored
      `run-qunit.js` does not expect QUnit tests to start automatically but
      our wizard QUnit setup did not respect the `qunit_disable_auto_start`
      URL param. Hence, tests would start running automatically and when a
      subsequent `QUnit.start()` function call is made, we ended up getting a
      `QUnit.start cannot be called inside a test context.` error.
      
      This error can be consistently reproduced in the `discourse:discourse_test` container but not in
      the local development environment. I do not know why and did not feel
      like it is important at this point in time to know why.
  6. Jun 02, 2022
    • Gerhard Schlager's avatar
      SECURITY: Remove auto approval when redeeming an invite (#16976) · 5c91d9a6
      Gerhard Schlager authored
      
      This security fix affects sites which have `SiteSetting.must_approve_users`
      enabled. There are intentional and unintentional cases where invited
      users can be auto approved and are deemed to have skipped the staff approval process.
      Instead of trying to reason about when auto-approval should happen, we have decided that
      enabling the `must_approve_users` setting going forward will just mean that all new users
      must be explicitly approved by a staff user in the review queue. The only case where users are auto
      approved is when the `auto_approve_email_domains` site setting is used.
      
      Co-authored-by: default avatarAlan Guo Xiang Tan <gxtan1990@gmail.com>
  7. May 06, 2022
    • David Taylor's avatar
      FIX: Ensure theme JavaScript cache get consistent SHA1 digest (stable backport) (#16669) · a0c141d6
      David Taylor authored
      
      (Stable backport of 7ed899fe)
      
      There is a couple of layers of caching for theme JavaScript in Discourse:
      
      The first layer is the `javascript_caches` table in the database. When a theme
      with JavaScript files is installed, Discourse stores each one of the JavaScript
      files in the `theme_fields` table, and then concatenates the files, compiles
      them, computes a SHA1 digest of the compiled JavaScript and store the results
      along with the SHA1 digest in the `javascript_caches` table.
      
      Now when a request comes in, we need to render `<script>` tags for the
      activated theme(s) of the site. To do this, we retrieve the `javascript_caches`
      records of the activated themes and generate a `<script>` tag for each record.
      The `src` attribute of these tags is a path to the `/theme-javascripts/:digest`
      route which simply responds with the compiled JavaScript that has the requested
      digest.
      
      The second layer is a distributed cache whose purpose is to make rendering
      `<script>` a lot more efficient. Without this cache, we'd have to query the
      `javascript_caches` table to retrieve the SHA1 digests for every single
      request. So we use this cache to store the `<script>` tags themselves so that
      we only have to retrieve the `javascript_caches` records of the activated
      themes for the first request and future requests simply get the cached
      `<script>` tags.
      
      What this commit does it ensures that the SHA1 digest in the
      `javascript_caches` table stay the same across compilations by adding an order
      by id clause to the query that loads the `theme_fields` records. Currently, we
      specify no order when retrieving the `theme_fields` records so the order in
      which they're retrieved can change across compilations and therefore cause the
      SHA1 to change even though the individual records have not changed at all.
      
      An inconsistent SHA1 digest across compilations can cause the database cache
      and the distributed cache to have different digests and that causes the
      JavaScript to fail to load (and if the theme heavily customizes the site, it
      gives the impression that the site is broken) until the cache is cleared.
      
      This can happen in busy sites when 2 concurrent requests recompile the
      JavaScript files of a theme at the same time (this can happen when deploying a
      new Discourse version) and request A updates the database cache after request B
      did, and request B updates the distributed cache after request A did.
      
      Internal ticket: t60783.
      
      Co-authored-by: default avatarDavid Taylor <david@taylorhq.com>
      Co-authored-by: default avatarOsama Sayegh <asooomaasoooma90@gmail.com>
  8. Apr 28, 2022
  9. Apr 14, 2022
  10. Apr 12, 2022
  11. Apr 11, 2022
  12. Apr 08, 2022
  13. Apr 01, 2022
  14. Mar 31, 2022
  15. Mar 24, 2022
  16. Mar 22, 2022
  17. Mar 18, 2022
    • Alan Guo Xiang Tan's avatar
      DEV: Don't load bundler when installing plugin gem. (#16176) · 79da89fd
      Alan Guo Xiang Tan authored
      when bundler is loaded, it sets the `RUBYOPT` environment variable to setup bundler. However, it was causing weird errors like the following when we try to install
      custom plugin gems into a specific directory.
      
      ```
      /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/source/git.rb:214:in `rescue in load_spec_files': https://github.com/discourse/mail.git is not yet checked out. Run `bundle install` first. (Bundler::GitError)
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/source/git.rb:210:in `load_spec_files'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/source/path.rb:107:in `local_specs'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/source/git.rb:178:in `specs'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/lazy_specification.rb:88:in `__materialize__'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/spec_set.rb:75:in `block in materialize'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/spec_set.rb:72:in `map!'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/spec_set.rb:72:in `materialize'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/definition.rb:468:in `materialize'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/definition.rb:190:in `specs'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/definition.rb:238:in `specs_for'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/runtime.rb:18:in `setup'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler.rb:151:in `setup'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/setup.rb:20:in `block in <top (required)>'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/ui/shell.rb:136:in `with_level'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/ui/shell.rb:88:in `silence'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/gems/2.7.0/gems/bundler-2.3.5/lib/bundler/setup.rb:20:in `<top (required)>'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'
      	from /home/tgxworld/.asdf/installs/ruby/2.7.5/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'
      ```
    • Alan Guo Xiang Tan's avatar
      DEV: Pull compatible version for plugins in Github test workflow. (#16212) · 43c744cd
      Alan Guo Xiang Tan authored
      We have 3 branches which we care about, main, beta and stable.
      However, each of this branch has different compatibilties with plugins
      and we want to respect that.
  18. Mar 17, 2022
  19. Feb 18, 2022
  20. Feb 17, 2022
  21. Feb 15, 2022
  22. Feb 14, 2022
  23. Feb 09, 2022
  24. Feb 04, 2022
Loading