Wouldn't it be handy if discourse will have the feature that will check the submitted link during the topic creation and will notify the author before he/she hits "create topic" that this link already exists in somewhere, in order to avoid similar topics?
Support for Active Directory / LDAP (see animated gif)
No matter if Discourse is on the cloud or on-prem, it will work transparently
Support for Kerberos too (configured by IP ranges)
Very easy configuration in the AD side, doesn't need open ports
Support for other enterprise logins like SAML Protocol, Windows Azure AD, Google Apps, Salesforce, etc. All supported here: https://docs.auth0.com/identityproviders.
Support for social providers without having to add OmniAuth strategies by hand. Just turn on/off social providers (see animated gif)
Support for Single Sign On with other Discourse instances and any other application in your account (see animated gif.
Using Discourse Login Dialog instead of the Auth0 widget
You can keep using Discourse Login dialog and integrate only a specific connection from Auth0. It will show up as another button like the social providers.
Go to admin site settings for Auth0 and change the auth0_connection with the connection name you want to use from Auth0.
Most of the engineers on my team have desktops. I.e., some of our meetings are without a computer. We've been using Discourse on my team for various technical discussions (I really like it and how much it has evolved, BTW). It would be nice to print out a thread from Discourse or to send as a PDF to someone outside the group. The way the print output is formatted precludes this. One page of text turns into four pages of oddly formatted whitespace and non-essential info. This screenshot is an example of Print to PDF (my coworker's name under his avatar has been blacked out). The hard copy prints in the same way.
First, I realize that Discourse is developed for use on Ubuntu, and I'm on my own venturing in the dangerous land of other distributions--let alone the BSDs. I know have a working installation of Discourse on a FreeBSD 10 server that didn't require massive fiddling (a few gems have issues compiling).
Second, I'm not a developer, and I have little (read none) Ruby experience. Sorry if I have missed something on the Kindergarden level.
Here's the situation:
ImageMagick 6.8.0.7 works from the command line.
The ImageMagick warning appears in the dashboard.
Yet, in the ruby console: 2.0.0-p353 :002 > system("command -v convert >/dev/null;") => true
I disabled the ImageMagick check in app/jobs/regular/generate_avatars.rb to get Discourse to attempt to use ImageMagick, but it fails. Here's the a sample of the log output:
Started POST "/users/johngrasty/preferences/avatar" for 71.85.54.229 at 2014-02-18 02:48:02 +0000 Processing by UsersController#upload_avatar as JSON Parameters: {"files"=>[#@tempfile=#, @original_filename="castle.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"files[]\"; filename=\"castle for prayer card.jpg\"\r\nContent-Type: image/jpeg\r\n">], "username"=>"johngrasty"} Completed 200 OK in 31ms (Views: 0.3ms | ActiveRecord: 18.5ms) Failed to create avatar 120 for /uploads/default/9/703d3afcaef170f4.jpg from /var/www/discourse/public/uploads/default/9/703d3afcaef170f4.jpg[0] Failed to create avatar 240 for /uploads/default/9/703d3afcaef170f4.jpg from /var/www/discourse/public/uploads/default/9/703d3afcaef170f4.jpg[0]
From the ruby console, this command works though Jobs::GenerateAvatars.new.perform(user_id: 2, upload_id: 8)
Is there any way to get more detailed logging to see why ImageMagick is not working? Once again, I know that this is an unsupported setup, so I don't expect any handholding, but a point in the right direction would be much appreciated.
First, some background: I'm Joel Uckelman, one of the developers of VASSAL, an open-source virtual tabletop program for boardgames. We used mail2forum to bridge our mailing list to our forum back when phpBB 2 was current. When phpBB went to version 3 and mail2forum didn't, I wrote a mailing list bridge which we've been using more or less successfully at our forum since 2009 or so. I would very much like to see Discourse have mailing list support so that switching to Discourse from phpBB is an option for us.
So, some thoughts, in no particular order:
Should mailing list support be integrated or work with existing lists? The list bridge I wrote for phpBB is truly just a bridge. Mailing list software (Mailman, in my case) provides the list. There were some advantages to this approach: It was a lot less work, since I could rely on Mailman to handle mail properly, and any PHP (blech!) I didn't have to write was welcome. On the other hand, bridging forum posts to an existing list means that the list software doesn't know anything about forum accounts, etc., and as a consequence, users have to subscribe to the list manually, so you can end up with list subscribers who don't have accounts on the forum. This hasn't been much of a problem for us because the number of subscribers to our list is small, but I could see there being issues (confusion, mainly) if there were more subscribers.
How granular should subscription be? My list bridge supports one list per subforum. It's not required that each subforum have a unique list, or any list at all. E.g. our Games in Progress subforum isn't hooked up to any list, the Test subforum has its own list, while the other eight subfora are bridged to the main list. The main list can be something of a firehose at times, but my reason for having it set up this way is that the list subscribers are mostly developers, team members, and some people who are a constant presence answering user questions---these are the people who want to see every message which comes through. But I could see someone wanting a bit more control over what they get by mail, too.
How should bounces be handled? What I'm doing right now is letting Mailman handle bounces.
Being able to start topics and reply to posts by mail, as well as suppressing reply notifications for list subscribers (you don't need to be emailed about replies if you're already geting posts by mail!) are mandatory features. Being able to unsubscribe from the list by mail is close behind, for me. Nothing else strikes me as terribly urgent.
There are various things which can come in from the list side which we have to think about how to handle: attachments, quoting, ugly MIME parts (base64, quoted-printable, HTML), bounces, forgeries, spam. If you want to see what I did with, e.g., quoting, browse around the posts in our forum. It's not the prettiest thing in the world, but it's functional.
Determining where incoming mail goes in the forum is not that hard, so long as we construct Message-Ids from which we can recover post IDs. We do have to decide what to do with incoming messages which aren't In-Reply-To any message we already have. Most of the time, these will be starting new topics, but it is possible that the message was sent by a broken mail client...
I suspect that a lot of the infrastructure for handing email would also work for NNTP. (I think supporting NNTP would be neat, too, but email is my priority.)
Discourse now ships with official hooks to perform auth offsite.
The Problem
Many sites wish to integrate with a Discourse site, however want to keep all user registration in a separate site. In such a setup all Login operations should be outsourced to a different site.
What if I would like SSO in conjunction with existing auth?
enable_sso : must be enabled, global switch sso_url: the offsite URL users will be sent to when attempting to log on sso_secret: a secret string used to hash SSO payloads. Ensures payloads are authentic.
Once enable_sso is set to true:
Clicking on login or avatar will, redirect you to /session/sso which in turn will redirect users to sso_url with a signed payload.
Users will not be allowed to "change password". That field is removed from the user profile.
Users will no longer be able to use Discourse auth (username/password, google, etc)
What if you check it by mistake?
If you check enable_sso by mistake and need to revert to the original state and no longer have access to the console
run:
RAILS_ENV=production bin/rails c
irb > SiteSetting.enable_sso = false
Implementing SSO on your site
Discourse will redirect clients to sso_url with a signed payload: (say sso_url is https://somesite.com/sso)
You will receive incoming traffic with the following
https://somesite.com/sso?sso=PAYLOAD&sig=SIG
The payload is a Base64 encoded string comprising of a nonce and return_url. The payload is always a valid querystring.
For example, if the nonce is ABCD and return url is http://somesite.com. raw_payload will be:
nonce=ABCD&return_url=http%3A%2F%2Fsomesite.com, this raw payload is base 64 encoded.
The endpoint being called must
Validate the signature, ensure that SHA256 of PAYLOAD+sso_secret is equal to the sig
Perform whatever authentication it has to
Create a new payload with nonce, email, external_id and optionally (username, name, return_url)
Base64 encode the payload
Calculate a SHA256 hash of the Base64 encoded payload + sso_secret
Redirect back to http://discourse_site/session/sso_login?sso=payload&sig=sig
Discourse will validate that the nonce is valid (if valid it will expire it right away so it can no longer be used) it will attempt to:
Log the user on by looking up an already associated external_id in the SingleSignOnRecord model
Log the user on by using the email provided (updating external_id)
Create a new account for the user providing (email, username, name) updating external_id
Security concerns
The nonce (one time token) will expire automatically after 10 minutes. This means that as soon as the user is redirected to your site they have 10 minutes to log in / create a new account.
The protocol is safe against replay attacks as nonce may only be used once.
Reference implementation
Discourse contains a reference implementation of the SSO class:
A trivial implementation would be:
class DiscourseSsoController < ApplicationController
def sso
secret = "MY_SECRET_STRING"
sso = SingleSignOn.parse(request.query_string, secret)
sso.email = "user@email.com"
sso.name = "Bill Hicks"
sso.username = "bill@hicks.com"
sso.external_id = "123" # unique to your application
sso.sso_secret = secret
redirect_to sso.to_url("http://l.discourse/session/sso_login")
end
end
Future work
We would like to gather more reference implementations for SSO on other platforms. If you have one please post to the extensiblity category.
Add session expiry and/or revalidation logic, so users are not logged in forever.
Create an API endpoint to log off users, in case somebody logs off the main site.
Consider adding a discourse_sso gem to make it easier to implement in Ruby.
We have created a plugin which allows remote sites to log in a user while linking to Discourse.
It does require the remote site to have some knowledge about the user being present in Discourse. Currently this can be done by looking up the user in the Discourse user database, or requiring certain usernames or email addresses to be present. (That's a different problem, and we will provide some remote API calls for that soon)
How about a page that has nice color selectors and then nicely named coloring categories, like:
Primary background color
Secondary background color
Tertiary background color
Primary text color
Secondary text color
Primary link color
Secondary link color
Button background
Button background hover
Button text
Button text hover
Last poster highlight color
It doesn't need to be super detailed or advanced or able to do everything. Let people choose the colors on that page, and then click "Generate Style" which outputs a CSS page on the pre-existing Style page which they can then apply.
Most of the hours of work in theming Discourse are "replace #fff with #333, replace link colors with orange, replace #333/other dark with #ccc/other light". Having a simple styling CSS generator would get us 80% of the way there, and then we would be able to just fine-tune the colors of things.
(this text belongs to @DanYouhon but I really wanted it here for discussion and could not wait, sorry Dan!)
Hello, me and my colleagues have faced difficulties with the Discourse server, the back button does not work sometimes. The speed of the forum is very slow. May be there is a problem with the set up? Can you please have look at our website and give me some solutions? This is our page: http://forum.rentalsunited.com/
This is the "I have no idea what I'm doing; I'm just pushing buttons until the lights are on" edition. My distro of choice is Fedora, and I wanted to play with Discourse, so I tried getting it to work on my own machine for checking it out. This is probably definitely not how you would set Discourse up to actually run a public instance on Fedora or other RedHat-ish distros like CentOS, unless you feel like getting pwned.
I have never in my life used Postgres nor Ruby, so whatever I'm doing here is probably the opposite of what you should be doing. But I did manage to get a Discourse homepage at localhost:3000, so if that's all you care about, read on.
That said
This is a pretty fresh install of Fedora 18, so chances are that I caught the necessary packages for running discourse. Here they are:
Run postgresql-setup initdb, then edit /var/lib/pgsql/data/pg_hba.conf, replacing "ident" with "trust" for the 127.0.0.1/32 and ::1/128 entries.
Next, service postgresql start and service redis start.
From this point on, you don't need elevated privileges anymore.
Run pgAdmin III (just type "pgad" on the activities screen). File -> Add Server. Enter "localhost" for Host (and for Name, I guess), and click Ok. The server should now be in the list on the left. Expand, right click "Databases" -> New Database. The Database name is discourse_development. The same way, add a database named discourse_test.
Now right click "login roles", then "New login role". Enter your user id as the role's name, and on the "privileges" tab choose "superuser" (yeah, that sounds like something your local DB admin is going to chastise you for. Do not blame me.), then "Ok". Do the same thing with the name "vagrant".
Yes! Since plugins are now able to override handlebars templates (thanks again, @zogstrip ) we have finally been able to create a clean Google AdSense plugin for Discourse.
Currently, when clicking the back button(on posts in particular), it scrolls to the top of the page, and just sits there until the previous page appears. It shows no signs of work being done and can get quite confusing at times because of the extra scroll to top which can look like a page load in itself. (Which makes the brain think you have accidentally double-clicked the back button)
What about fading out the current page (or just the content) and showing a loading icon until the previous page is ready to be shown?
I love the new plugin interface you guys build, but one thing that still boggles me is how you were planning on supporting custom database models and migrations through plugins.
Sure there is the PluginStore but that only does key-value-mappings, which for some cases - knowing we have a SQL-Database to our disposal – is just a cumbersome solution. Especially since rails with the whole Models and Migrations has a decent system to even manage updates. There are few plugins in the back of my head, I'd like to work on which would require some more extended usage of Database access but I'm not sure how to structure those or if that is even possible. But I'm not an expert in Rails interna, so I was wondering if you had any example plugin using the SQL-Database, Models and Migration structure that I could look at.
It doesn't suggest that you can even create a new account from here. A simple string like "Select your preferred service to login or create a new account." would make things a bit clearer IMO.
When I try to edit any field in the UI on a iPhone then the UI focuses on a different field which makes it really hard (almost impossible) to use any input field. Including the login form and the new topic form. Do you have the same issue? Is this only a iOS issue?
I would like to custom navigation bar area, which are navigation-bar tab elements. Besides standard navigation bar elements shows after installation: Latest, New, Unread, StarredThis forum has tab Top added and categories is removed I wonder how to make this happens, either by admin configuration/ plugin/ modify source code? I am also not sure if I post this top at right category. If not, please advice me too. Many thanks!
So I had big plans to tinker with my little test setup on Digital Ocean to force Discourse to serve purely with SSL, but I must admit defeat, mainly due to a bit of an energy deficit at this point. But I'd like to get my install usable and secure for more people, so I'd really like a step-by-step guide on enabling SSL in a Docker install.
There are already tutorials on setting up a self-signed cert on a DO Ubuntu droplet, so that stage could be readily duplicated or just pointed to. Maybe something on non-self-signed certs would be useful too.
I figure it's mostly a case of altering one of the yml config files, but it's the whole "do a regex to find a bit of a config file to override" part that spooks me a bit.
Hope this isn't unreasonable, but it's probably the only serious sticking point with Discourse on Docker right now.