Quantcast
Channel: Discourse Meta - Latest topics
Viewing all 60309 articles
Browse latest View live

Creating badge via API query works, but returns 422

0
0

@pfaffman wrote:

I want a way to make groups of badges:

  • bronze -> submitted with certain tag
  • silver -> submitted tag, liked by me
  • gold -> submitted tag, liked by me and 3 other people

I need to make a bunch of them and it's tedious doing it from the web interface. One day I'll write a plugin, but until then, I thought I'd do a quick Python script.

I had given up, as it fails with

urllib.error.HTTPError: HTTP Error 422: Unprocessable Entity

but when I glanced again at the badges admin page, I found that my badge had indeed been created. I guess maybe I don't care, as it does work, but any ideas on why I get this error?

I added a bunch of headers thinking that might somehow help. It didn't seem to (but they don't seem to have hurt, either).

Code

#!/usr/bin/python3
from urllib.request import Request, urlopen
from urllib.error import URLError
import urllib.parse
API_USERNAME = 'pfaffman'
API_KEY = 'KEY'
BADGE = 'API BADGE2.2'

url = 'https://literatecomputing.com/admin/badges'

values = {'allow_title' : 'true',
          'multiple_grant' : 'true',
          'listable' : 'true',
          'auto_revoke' : 'false',
          'enabled' : 'false',
          'show_posts' : 'true',
          'target_posts' : 'true',
          'icon' : 'fa-certificate',
          'image' : '',
          'name' : BADGE,
          'description' : 'testing 1, 2, 3',
          'query' : """SELECT p.user_id, min(p.created_at) granted_at, MIN(p.id) post_id
FROM badge_posts p
JOIN topics t ON t.id = p.topic_id
JOIN topic_custom_fields tcf on t.id = tcf.topic_id
JOIN post_actions pa ON pa.post_id = p.id AND
      post_action_type_id = (
                SELECT id FROM post_action_types WHERE name_key = 'like'
       ) AND
       pa.user_id IN (
           SELECT gu.user_id
           FROM group_users gu
           WHERE gu.group_id = ( SELECT id FROM groups WHERE name ilike 'Leader' )
       )
WHERE category_id = ANY (
  SELECT id FROM categories WHERE name ilike '%completions%'
) AND p.post_number = 1
AND p.like_count > 0
AND tcf.name LIKE 'tags' and tcf.value LIKE '%wordpress-basics%'
and (:backfill OR ( p.id IN (:post_ids) ))
GROUP BY p.user_id
""",
'badge_grouping_id' : '7',
'trigger' : '2',
'badge_type_id' : '1',
'api_username' : API_USERNAME,
'api_key' : API_KEY
}

headers = {'content-type' : 'application/x-www-form-urlencoded; charset=UTF-8',
           'x-requested-with' : 'XMLHttpRequest',
           'referer' :'https://literatecomputing.com/admin/badges/new',
           'origin' : 'https://literatecomputing.com',
           'user-agent' : 'discourseBadgeCreator',
           'referer' : 'https://literatecomputing.com/admin/badges/new',
           'content-type' : 'application/x-www-form-urlencoded; charset=UTF-8'}


data = urllib.parse.urlencode(values)
data = data.encode('ascii')
req = urllib.request.Request(url, data, headers)

print("\n\nvalues: ", data)

try: urllib.request.urlopen(req)
except URLError as e:
    print ("\n\n--------------------YO!--------------------\n\n" , e.reason)
    print ("\n\nHeaders:\n\n ", e.headers)

with urllib.request.urlopen(req) as response:
    if response.code == '200':
        print ("It worked!")
    else:
        print ("Darn.")

Posts: 1

Participants: 1

Read full topic


What to do if your Discourse is compromised

0
0

@codinghorror wrote:

We've recently had two reports of Discourse sites that were compromised, likely due to weak admin account passwords. So we'd like to document:

  • what to do when compromise happens

  • what we can do to better prevent this in the future

The Database

:warning: In case of compromise, you should always assume that a rogue admin account has downloaded a full copy of the site database / backup.

Account Passwords in the Database

Per our security doc, Discourse uses very strong, slow to attack hashes on passwords stored in the database:

Discourse uses the PBKDF2 algorithm to encrypt salted passwords. This algorithm is blessed by NIST. Security experts on the web tend to agree that PBKDF2 is a secure choice.

And the minimum default password length is 8 -- so this makes it difficult to brute force reverse the password hashes to get the hash. But that doesn't prevent users from setting a password of monkey1 or something else that is trivial to reverse, even with a strong hash.

Emails in the Database

The attacker can see all email addresses for all users on your site. This is normally privileged info that even moderators have to click a button to reveal.

Message Content in the Database

Since the attacker has a copy of the database, they can see all information stored in all posts.

  • If you have external passwords or account info relayed in your replies, private or public, you should change those passwords immediately.

  • If you have sensitive information in your replies, private or public, be aware that the attacker can see that information.

I'll continue to update this topic as we think about this more, and @sam will reply with recommended steps to take if this happens to you (putting up a site banner, logging out all users, forcing password reset for all users, etc)

Posts: 2

Participants: 1

Read full topic

Consequences of not validating email addresses

0
0

@fefrei wrote:

I'm using Discourse with SSO. The guidelines say:

I'm tempted to :fire: open the gates of hell :fire: and not send require_activation=true although I'm not validating addresses. There are good reasons why I cannot force email address validation in my SSO provider, and I'd really like my users to have a fully set-up Discourse account with a single click.

What terrible consequences will this have?

  • Users can sign up with a developer email address and become admins.
    Solution: All developer addresses are taken already.
  • I make spam sign-ups easier.
    Solution: Registration on the parent site is only open for a limited amout of time and to a limited set of people.
  • If I ever disable SSO, password recovery mails go to the wrong address.
    Solution: I will never disable SSO. Instead, the Discourse instance will be :bomb: when it is no longer needed.
  • Users can sign up with addresses they do not own and spam the owner of the address.
    Workaround: Not a new problem, they can already do that on the parent site. It has never been a problem.
  • Users can sign up with incorrect addresses accidentally and miss important emails.
    Workaround: Missing emails from the parent site is probably the bigger problem for these users :wink:

I know that I'm leaving the safe, established path if I go ahead. Still, does anyone see a significant problem with this?

Posts: 2

Participants: 2

Read full topic

Mandrill is going to paid plans on MailChimp

0
0

@justin_gordon wrote:

http://blog.mailchimp.com/important-changes-to-mandrill/

Today, my team is sending an email to all Mandrill users about some changes our business is making in the coming weeks. I’ll explain the changes in detail below, but here’s a summary: Mandrill is becoming a transactional email add-on to paid MailChimp accounts instead of a completely separate product.

Going forward, all Mandrill users will be required to have a paid monthly MailChimp account. We want to give everyone plenty of time to research their options and decide whether they’d like to create a MailChimp account, so here’s the timeline and important details:

  • Starting March 16, all new Mandrill users will create accounts through MailChimp.
  • Also starting March 16, Mandrill users can merge their existing Mandrill account with a MailChimp account.
  • Current users will have until April 27 to merge the accounts.

This is a big change, so I’d like to provide some context for our customers who want to know the “why” behind strategic decisions like this one.

For those of us that send less than a couple hundred emails a month, what's the best choice?

Does anybody use a google apps account?

Posts: 14

Participants: 11

Read full topic

Solved plugin: post menu button now hidden at far right, used to be on the left?

0
0

@tobiaseigen wrote:

With Discourse Solved (Accepted answer plugin) installed, is there any particular reason why now the solved button on the post menu is on the far right for posts by others, when it used to be on the far left? On my own posts it is in the far left position as usual. Other buttons appear to be unchanged.

This feels like a new change, perhaps related to @eviltrout's post rendering engine work and related plugin updates?

I went to look at my post menu ordering and solved isn't even available as one of the options there. It was always just automatically positioned on the far left from the beginning.

See screenshot:

Posts: 5

Participants: 3

Read full topic

Letsencrypt.ssl.template.yml with web.socketed.template.yml

0
0

@webeindustry wrote:

Has anyone had success using the letsencrypt template with the websocket template?

I've been trying this for hours now and can't get the https websocket to work. The only socket that shows is http.

I've tried using them all together from a fresh install, or using one or the other first then adding the next, but no matter which way there has been no success.

This seems like it should work:

letsencrypt template first with ports 80, 443 exposed

after see the certs issued in ssl directory add the websocket template, remove exposed ports, install nginx, and use this configuration:

server {
    listen 80; listen [::]:80;
    server_name forum.example.com;  # <-- change this

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl spdy;  listen [::]:443 ssl spdy;
    server_name forum.example.com;  # <-- change this

   ssl on;
    ssl_certificate      /var/discourse/shared/standalone/ssl/ssl.cer;
    ssl_certificate_key  /var/discourse/shared/standalone/ssl/ssl.key;
    ssl_dhparam          /var/discourse/shared/standalone/ssl/dhparams.pem;
    ssl_session_tickets off;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

    # enable SPDY header compression
   spdy_headers_comp 6;
    spdy_keepalive_timeout 300; # up from 180 secs default

    location / {
        proxy_pass https://unix:/var/discourse/shared/standalone/nginx.https.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

I rebuild after this, but only the http socket shows in the shared directory.

Why would this happen?

I see in the web.socketed template this:

- replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: /listen 443 ssl http2;/
     to: |
       listen unix:/shared/nginx.https.sock ssl http2;
       set_real_ip_from unix:;

However when:

./launcher enter app

the listen 443 ssl http2:/
is still there, and the unix:/shared/nginx.https.sock ssl http2;

is missing.

I have tried to manually replace this and

sv restart nginx without success.

It seems there is a conflict in the two templates.

Posts: 2

Participants: 1

Read full topic

Discourse does not start after fresh installation

0
0

@Semaphorism wrote:

I have a VPS setup (Ubuntu 14.04 with Docker pre-installed),

Docker version 1.6.2

The installation of Discourse was perfectly fine, and went without issue.However the ./launcher start app does not output anything, sits there, and nothing happens. I can't connect to it, or anything.

I followed the instructions from digitalocean, specifically this one https://www.digitalocean.com/community/tutorials/how-to-install-discourse-on-ubuntu-14-04

I don't have an SMTP server, if thats the issue, well I can't exactly get one. Though I could possibly set one up on my VPS if that is possible.

If any other information is needed, I will provide it.

Posts: 11

Participants: 2

Read full topic

One-click install or Docker install?

0
0

@mansoorix wrote:

Hi Folks,

I am going to install Discourse on Digital Ocean. Just figured out that they have a One-click install through their own panel. I also noticed this tutorial by Docker.

Which one do you recommend? First one seems more seamless. Am I wrong?

Posts: 2

Participants: 2

Read full topic


How to remove the plugin config from the WP database

0
0

@jacotec wrote:

Hi,

unfortunately I did a mistake in my wordpress database and as a result the plugin seems to write some data into a wrong section :frowning:

Each time a comment of a news article is pulled to the Wordpress installation, my Theme's settings in the wp_options table get corrupted.

Removing and reinstalling the plugin does not help, there are still configs of the plugin remaining after reinstall, so it does not seem to cleanup its MYSQL data when it's removed.

I need to fresh-install the plugin to get the issue solved, how can I remove its data from the WP database?

Posts: 3

Participants: 2

Read full topic

Discourse installation on CentOS 6.5

0
0

@Niki wrote:

Dear Discourse community,

I would like to install Discourse software on my dedicated server that uses CentOS 6.7, but I have received the following reply from my support team:

** In order to install discourse, it will require to install docker demon but it requires a 64-bit installation regardless of CentOS version. Also, kernel must be 3.10 at minimum and current kernel version is "2.6.32-573.7.1.el6.x86_64". CentOS 7 runs the 3.10 kernel but installed CentOS 6.7 does not. **

So I have asked my support to upgrade kernel to 3.10 since I can't upgrade the server to CentOS 7.
Also, can docker daemon 64-bit be installed on CentOS 6.7 version?

Thanks in advance,
Nik

Posts: 3

Participants: 2

Read full topic

Staged users are emailed a link to visit topics in private categories they can't access

0
0

@wityr wrote:

Not actually sure if this is a bug or a UX issue. Please move the post as needed.

Use case is a private email support portal. We're on v1.5.0.beta11 +164

We have a private category that a handful of users can access. The general public can send emails to info@foo.bar and they are posted in our public emails category. When one of the discourse users replies, it gets posted in the topic, and the member of the public (now a staged user) gets the reply in an email. This all works well.

The problem is that the email to the staged user contains "Visit Topic or reply to this email to respond", where Visit Topic is a link to the topic they unknowingly created on discourse. They can't actually visit the topic because it in in a private group, instead they get sent to a "You need to log in to see that topic." page. Further the random member of the public thinks they emailed a regular email address, and expects a reasonably regular email response. We've had some people be so confused that they send a fresh email because they can't log in to reply to us.

I think the simple fix is to remove that "Visit Topic" link for staged users. There are still links to the user profile of whichever discourse user wrote the reply, but I don't think most people will click these, and if they do it isn't going to complicate replying to the email.

A better fix, as far as the email support portal usage goes, would be to sanitize the emails going to staged users so they don't appear to be coming from discourse at all.

Posts: 3

Participants: 2

Read full topic

Disable the "Topic similar to"

0
0

@mike88544 wrote:

Hello,

First and foremost, congratulations for Discourse, it's awesome !

I have four questions :

1/ Is it possible to disable the "topic similar to" functionnality ? I will be the one creating 99% of the topics of my forum and most of the topics will have similarity so everytime I will get the "Your topic is similar to.." popup that I have to hide in order to see my preview...

2/ Whenever I type a colon ":" then press "enter", it's like I want an Emoji, although I just want for example to have a list ! Is there anything I can do to stop "colon + enter" being an Emoji ?

3/ How do I arrange the Emojis I add in one category ?

4/ Last question ! Is it possible to create multilevel lists ? I didn't manage to create one...

Thank you very much for your answers

Posts: 6

Participants: 3

Read full topic

Creating Auto login from android app to discourse

0
0

@chitale_prasad wrote:

Hi!

I have an android app. Inside android app I have called my Discourse forum using Web browser activity. My users need to login again in Discourse due to this. Is their any way by which I can auto login them if discourse is accessed from my android app?

Regards
Prasad

Posts: 1

Participants: 1

Read full topic

Limit for new topics when admin moves a post !?

0
0

@SidV wrote:

Hello, this is the case.

A new user registered into the forum.
That "new user" earn TL1, and replayed some thread.

An admin see that post (from "new user"), select the post, and check the options to "move to new topic".

When the admin try to post that new topic (from new user), the alert "rate_limiter.by_type.first_day_topics_per_day" shows and the action can not be done.

Is a bug?

Related discussion:


In this case, the admin wants to move the post.

If the is not a bug, and this is standar behavior. How could I modify temporarily the limit to new users topics to fix this situation?

Regards!

Posts: 2

Participants: 2

Read full topic

Split a post in two

0
0

@MiguelAngelLV wrote:

Any way of split a post / reply in two?

Sometimes, I need divide the first post in two for become the first post in wiki and hold the content of the first post as reply of this.

My actual "solution" is make a new thread and move the posts, but this method make a new thread with a new url...

Other way for "split" a post or insert a reply before other?

Posts: 2

Participants: 2

Read full topic


Behavior of iframes within oneboxes in emails

0
0

@fefrei wrote:

I've developed a small Onebox plugin that embeds an interactive element when certain links are posted. They look like this:

This is implemented by inserting an iframe into the onebox:

Obviously, this won't work in emails and needs special handling. There already is some special handling for this by default – the iframe is replaced by a paragraph with a very strange link inside it:

What is causing this replacement? How can I modify how the onebox behaves in email? Can I simply disable it for emails and show the original link instead?

Posts: 3

Participants: 2

Read full topic

Announcing DiscourseConsulting.org

0
0

@sebastianh wrote:

Hi everyone

with many years of community management up my sleeve, and recurring consulting gigs for a number of clients that keep centering around facilitating any given type of discourse - with clients, or withing a team, I spent a few nights piecing together something new. I love Discourse and I thought I would try something new here, so I offer some things I already offer clients under a new "umbrella", and I am calling it DiscourseConsulting.org

The idea is simple and affordable kick-start type advice and support for organizations without their own expertise (yet). With technical experts on hand (but technical support and consulting isn't the main selling point) and a very competent hosting partner, I will now see how services are being received.

I welcome feedback, mind you this is the chlid of some late night hacking, and by no means a systematic effort at starting a new consulting company (but who knows, haha).

@codinghorror I have a disclaimer in the footer, but of course if there's further clarification needed I will quickly adjust whatever is needed to make sure that obviously I am not affiliated with Discourse.org

Thanks

The venture can be found on Facebook here. I also plan to blog a bit around topics on community management, so this might be interesting even outside a client perspective.

Posts: 1

Participants: 1

Read full topic

Formatting for links to private topics

0
0

@bradydowling wrote:

I'm not quite sure what the formatting for a link needs to be in order for Discourse to style it appropriately. I think half the time I post a link, it ends up being posted directly as a link like in this thread.

Is there a certain format I need to post links in for them to be formatted attractively?

Posts: 5

Participants: 2

Read full topic

Users are not added to the moderators groups when registering with SSO

0
0

@fefrei wrote:

Steps to reproduce:

  1. Have SSO set up.
  2. Let a new user sign in, and specify that he is a moderator in the payload.

Expected results:

The users has exactly the same permissions as if he signed up and was instantly manually awarded moderator permissions.

Actual results:

The user is given the moderator flag, but is not added to the staff or moderator groups. This means that he cannot access categories requiring these permissions.

Here's a screenshot of the user settings:

It looks like hitting Refresh on /admin/groups/automatic fixes this for already created users.

Posts: 1

Participants: 1

Read full topic

Wordpress: how to display discourse after the WP header on a WP-page?

0
0

@internetman wrote:

Hello, and thanks for this great software!

I have been searching the support forum and how found many examples of sites which integrate WP and discourse like this: https://community.namati.org/

However, please excuse my lack of understanding, I cannot see how to do this on my own. Does this have to be specifically integrated per wordpress theme, or is there some generic code I can put in a special wordpress page which then shows discourse after the wordpress header on my page?

Cheers!

Posts: 3

Participants: 3

Read full topic

Viewing all 60309 articles
Browse latest View live




Latest Images