fix: update usage of sort map

Includes transpiled JS/TS, and Typescript declaration files (typings).

[skip ci]

.github/workflows/test.yml

@@ -8,7 +8,7 @@ jobs:
 
     strategy:
       matrix:
-        php: [7.3, 7.4, '8.0']
+        php: [7.3, 7.4, '8.0', '8.1']
         service: ['mysql:5.7', mariadb]
         prefix: ['', flarum_]
 

CHANGELOG.md

@@ -1,5 +1,60 @@
 # Changelog
 
+
+## [1.1.0](https://github.com/flarum/core/compare/v1.0.4...v1.1.0)
+
+### Added
+- Info command now displays MySQL version, queue driver, mail driver (https://github.com/flarum/core/pull/2991)
+- Use organization Prettier config (https://github.com/flarum/core/pull/2967)
+- Support for global typings in extensions (https://github.com/flarum/core/pull/2992)
+- Typings for class component state attribute (https://github.com/flarum/core/pull/2995)
+- Custom colorising with CSS custom properties (https://github.com/flarum/core/pull/3001)
+- Theme Extender to allow overriding LESS files (https://github.com/flarum/core/pull/3008)
+- Update lastSeenAt when authenticating via API (https://github.com/flarum/core/pull/3058)
+- NoJs Admin View (https://github.com/flarum/core/pull/3059)
+- Preload FontAwesome, JS and CSS, and add `preload` extender (https://github.com/flarum/core/pull/3057)
+
+### Changed
+- Move Day.js plugin types import to global typings (https://github.com/flarum/core/pull/2954)
+- Avoid resolving excluded middleware on each middleware items
+- Allow extra attrs provided to `<Select>` to be passed through to the DOM element (https://github.com/flarum/core/pull/2959)
+- Limit height of code blocks (https://github.com/flarum/core/pull/3012)
+- Update normalize.css from v3.0.2 to v8.0.1 (https://github.com/flarum/core/pull/3015)
+- Permission Grid: stick the headers to handle a lot of tags (https://github.com/flarum/core/pull/2887)
+- Use `ItemList` for `DiscussionPage` content (https://github.com/flarum/core/pull/3004)
+- Move email confirmation to POST request (https://github.com/flarum/core/pull/3038)
+- Minor CSS code cleanup (https://github.com/flarum/core/pull/3026) 
+- Replace username with display name in more places (https://github.com/flarum/core/pull/3040) 
+- Rewrite Button to Typescript (https://github.com/flarum/core/pull/2984)
+- Rewrite AdminPage abstract component into Typescript (https://github.com/flarum/core/pull/2996)
+- Allow adding page parameters to PaginatedListState (https://github.com/flarum/core/pull/2935)
+- Pass filter params to getApiDocument (https://github.com/flarum/core/pull/3037)
+- Use author filter instead of gambit to get a user's discussions (https://github.com/flarum/core/pull/3068)
+- [A11Y] Accessibility improvements for the Search component (https://github.com/flarum/core/pull/3017)
+- Add determinsm to extension order resolution (https://github.com/flarum/core/pull/3076)
+- Add cache control headers to the admin area (https://github.com/flarum/core/pull/3097)
+
+### Fixed
+- HLJS 11 new styles resulting in double padding (https://github.com/flarum/core/pull/2909)
+- Internal API client attempting to load an uninstantiated session
+- Empty post footer taking visual space (https://github.com/flarum/core/pull/2926)
+- Unrecognized component class custom attribute typings (https://github.com/flarum/core/pull/2962)
+- User edit groups permission not visually depending on view hidden groups permission (https://github.com/flarum/core/pull/2880)
+- Event post excerpt preview triggers error (https://github.com/flarum/core/pull/2964)
+- Missing settings defaults for display name driver and User slug driver (https://github.com/flarum/core/pull/2971)
+- [A11Y] Icons not hidden from screenreaders (https://github.com/flarum/core/pull/3027)
+- [A11Y] Checkboxes not focusable (https://github.com/flarum/core/pull/3014)
+- Uploading ICO favicons resulting in server errors (https://github.com/flarum/core/pull/2949)
+- Missing proper validation for large avatar upload payload (https://github.com/flarum/core/pull/3042)
+- [A11Y] Missing focus rings in control elements (https://github.com/flarum/core/pull/3016)
+- Unsanitised integer query parameters (https://github.com/flarum/core/pull/3064)
+
+###### Code Contributors
+@lhsazevedo, @Ornanovitch, @pierres, @the-turk, @iPurpl3x
+
+###### Issue Reporters
+@uamv, @dannyuk1982, @BurnNoticeSpy, @haarp, @peopleinside, @matteocontrini
+
 ## [1.0.4](https://github.com/flarum/core/compare/v1.0.3...v1.0.4)
 
 ### Fixed

js/dist-typings/common/utils/formatNumber.d.ts

@@ -1,9 +1,9 @@
 /**
  * The `formatNumber` utility localizes a number into a string with the
- * appropriate punctuation.
+ * appropriate punctuation based on the provided locale otherwise will default to the users locale.
  *
  * @example
  * formatNumber(1234);
  * // 1,234
  */
-export default function formatNumber(number: number): string;
+export default function formatNumber(number: number, locale?: string): string;

js/package.json

@@ -32,7 +32,7 @@
     "prettier": "^2.3.0",
     "typescript": "^4.2.4",
     "webpack": "^4.46.0",
-    "webpack-cli": "^3.3.12",
+    "webpack-cli": "^4.9.0",
     "webpack-merge": "^4.2.2"
   },
   "scripts": {

js/src/admin/components/ExtensionPage.js

@@ -141,8 +141,8 @@ export default class ExtensionPage extends AdminPage {
     items.add('version', <span className="ExtensionVersion">{this.extension.version}</span>);
 
     if (!this.isEnabled()) {
-      const uninstall = () => {
-        if (confirm(app.translator.trans('core.admin.extension.confirm_uninstall'))) {
+      const purge = () => {
+        if (confirm(app.translator.trans('core.admin.extension.confirm_purge'))) {
           app
             .request({
               url: app.forum.attribute('apiUrl') + '/extensions/' + this.extension.id,
@@ -154,10 +154,11 @@ export default class ExtensionPage extends AdminPage {
         }
       };
 
+      // TODO v2.0: rename `uninstall` to `purge`
       items.add(
         'uninstall',
-        <Button icon="fas fa-trash-alt" className="Button Button--primary" onclick={uninstall.bind(this)}>
-          {app.translator.trans('core.admin.extension.uninstall_button')}
+        <Button icon="fas fa-trash-alt" className="Button Button--primary" onclick={purge.bind(this)}>
+          {app.translator.trans('core.admin.extension.purge_button')}
         </Button>
       );
     }

js/src/admin/components/HeaderSecondary.js

@@ -23,7 +23,7 @@ export default class HeaderSecondary extends Component {
 
     items.add(
       'help',
-      <LinkButton href="https://docs.flarum.org/troubleshoot.html" icon="fas fa-question-circle" external={true} target="_blank">
+      <LinkButton href="https://docs.flarum.org/troubleshoot/" icon="fas fa-question-circle" external={true} target="_blank">
         {app.translator.trans('core.admin.header.get_help')}
       </LinkButton>
     );

js/src/admin/components/MailPage.js

@@ -79,7 +79,7 @@ export default class MailPage extends AdminPage {
 
                 return [
                   this.buildSettingComponent({
-                    type: typeof this.setting(field)() === 'string' ? 'text' : 'select',
+                    type: typeof fieldInfo === 'string' ? 'text' : 'select',
                     label: app.translator.trans(`core.admin.email.${field}_label`),
                     setting: field,
                     options: fieldInfo,

js/src/admin/components/PermissionDropdown.js

@@ -38,6 +38,7 @@ export default class PermissionDropdown extends Dropdown {
 
     attrs.className = 'PermissionDropdown';
     attrs.buttonClassName = 'Button Button--text';
+    attrs.lazyDraw = true;
   }
 
   view(vnode) {

js/src/admin/components/PermissionGrid.js

@@ -144,6 +144,7 @@ export default class PermissionGrid extends Component {
               { value: '1', label: app.translator.trans('core.admin.permissions_controls.signup_open_button') },
               { value: '0', label: app.translator.trans('core.admin.permissions_controls.signup_closed_button') },
             ],
+            lazyDraw: true,
           }),
       },
       90
@@ -191,6 +192,7 @@ export default class PermissionGrid extends Component {
               { value: '10', label: app.translator.trans('core.admin.permissions_controls.allow_ten_minutes_button') },
               { value: 'reply', label: app.translator.trans('core.admin.permissions_controls.allow_until_reply_button') },
             ],
+            lazyDraw: true,
           });
         },
       },

js/src/common/components/Dropdown.js

@@ -38,11 +38,12 @@ export default class Dropdown extends Component {
 
   view(vnode) {
     const items = vnode.children ? listItems(vnode.children) : [];
+    const renderItems = this.attrs.lazyDraw ? this.showing : true;
 
     return (
       <div className={'ButtonGroup Dropdown dropdown ' + this.attrs.className + ' itemCount' + items.length + (this.showing ? ' open' : '')}>
         {this.getButton(vnode.children)}
-        {this.getMenu(items)}
+        {renderItems && this.getMenu(items)}
       </div>
     );
   }
@@ -54,13 +55,25 @@ export default class Dropdown extends Component {
     // bottom of the viewport. If it does, we will apply class to make it show
     // above the toggle button instead of below it.
     this.$().on('shown.bs.dropdown', () => {
+      const { lazyDraw, onshow } = this.attrs;
+
       this.showing = true;
 
-      if (this.attrs.onshow) {
-        this.attrs.onshow();
+      // If using lazy drawing, redraw before calling `onshow` function
+      // to make sure the menu DOM exists in case the callback tries to use it.
+      if (lazyDraw) {
+        m.redraw.sync();
       }
 
-      m.redraw();
+      if (typeof onshow === 'function') {
+        onshow();
+      }
+
+      // If not using lazy drawing, keep previous functionality
+      // of redrawing after calling onshow()
+      if (!lazyDraw) {
+        m.redraw();
+      }
 
       const $menu = this.$('.Dropdown-menu');
       const isRight = $menu.hasClass('Dropdown-menu--right');

js/src/common/components/LinkButton.js

@@ -27,6 +27,7 @@ export default class LinkButton extends Button {
 
     vdom.tag = Link;
     vdom.attrs.active = String(vdom.attrs.active);
+    delete vdom.attrs.type;
 
     return vdom;
   }

js/src/common/models/Post.js

@@ -10,9 +10,11 @@ Object.assign(Post.prototype, {
 
   createdAt: Model.attribute('createdAt', Model.transformDate),
   user: Model.hasOne('user'),
+
   contentType: Model.attribute('contentType'),
   content: Model.attribute('content'),
   contentHtml: Model.attribute('contentHtml'),
+  renderFailed: Model.attribute('renderFailed'),
   contentPlain: computed('contentHtml', getPlainContent),
 
   editedAt: Model.attribute('editedAt', Model.transformDate),

js/src/common/models/User.js

@@ -89,8 +89,18 @@ Object.assign(User.prototype, {
     const user = this;
 
     image.onload = function () {
-      const colorThief = new ColorThief();
-      user.avatarColor = colorThief.getColor(this);
+      try {
+        const colorThief = new ColorThief();
+        user.avatarColor = colorThief.getColor(this);
+      } catch (e) {
+        // Completely white avatars throw errors due to a glitch in color thief
+        // See https://github.com/lokesh/color-thief/issues/40
+        if (e instanceof TypeError) {
+          user.avatarColor = [255, 255, 255];
+        } else {
+          throw e;
+        }
+      }
       user.freshness = new Date();
       m.redraw();
     };

js/src/common/utils/formatNumber.ts

@@ -1,11 +1,13 @@
+import app from '../../common/app';
+
 /**
  * The `formatNumber` utility localizes a number into a string with the
- * appropriate punctuation.
+ * appropriate punctuation based on the provided locale otherwise will default to the users locale.
  *
  * @example
  * formatNumber(1234);
  * // 1,234
  */
-export default function formatNumber(number: number): string {
-  return number.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ',');
+export default function formatNumber(number: number, locale: string = app.data.locale): string {
+  return new Intl.NumberFormat(locale).format(number);
 }

js/src/forum/components/ChangeEmailModal.js

@@ -77,6 +77,7 @@ export default class ChangeEmailModal extends Modal {
               type="password"
               name="password"
               className="FormControl"
+              autocomplete="current-password"
               placeholder={app.translator.trans('core.forum.change_email.confirm_password_placeholder')}
               bidi={this.password}
               disabled={this.loading}

js/src/forum/components/CommentPost.js

@@ -100,6 +100,7 @@ export default class CommentPost extends Post {
       ' ' +
       classList({
         CommentPost: true,
+        'Post--renderFailed': post.renderFailed(),
         'Post--hidden': post.isHidden(),
         'Post--edited': post.isEdited(),
         revealContent: this.revealContent,

js/src/forum/components/IndexPage.js

@@ -217,34 +217,33 @@ export default class IndexPage extends Page {
    */
   viewItems() {
     const items = new ItemList();
-    const sortMap = app.discussions.sortMap();
 
-    const sortOptions = {};
-    for (const i in sortMap) {
-      sortOptions[i] = app.translator.trans('core.forum.index_sort.' + i + '_button');
-    }
+    const sortOptions = Object.values(app.discussions.sortMap().toObject());
+
+    // Chooses the sort option with highest priority for now
+    const defaultSortMethod = sortOptions.reduce((acc, option) => (acc.priority > option.priority ? acc : option), { priority: -9e10 });
+
+    // Find the selected search method, otherwise heed the default
+    const activeSearchMethod = sortOptions.find((opt) => opt.itemName === app.search.params().sort) || defaultSortMethod;
 
     items.add(
       'sort',
       Dropdown.component(
         {
           buttonClassName: 'Button',
-          label: sortOptions[app.search.params().sort] || Object.keys(sortMap).map((key) => sortOptions[key])[0],
+          label: app.translator.trans(`core.forum.index_sort.${activeSearchMethod.itemName}_button`),
           accessibleToggleLabel: app.translator.trans('core.forum.index_sort.toggle_dropdown_accessible_label'),
         },
-        Object.keys(sortOptions).map((value) => {
-          const label = sortOptions[value];
-          const active = (app.search.params().sort || Object.keys(sortMap)[0]) === value;
-
-          return Button.component(
+        sortOptions.map(({ itemName: sortingId, content: sortType }) =>
+          Button.component(
             {
               icon: active ? 'fas fa-check' : true,
-              onclick: app.search.changeSort.bind(app.search, value),
+              onclick: app.search.changeSort.bind(app.search, sortType),
               active: active,
             },
-            label
-          );
-        })
+            app.translator.trans(`core.forum.index_sort.${sortingId}_button`)
+          )
+        )
       )
     );
 

js/src/forum/components/LogInModal.js

@@ -83,6 +83,7 @@ export default class LogInModal extends Modal {
           className="FormControl"
           name="password"
           type="password"
+          autocomplete="current-password"
           placeholder={extractText(app.translator.trans('core.forum.log_in.password_placeholder'))}
           bidi={this.password}
           disabled={this.loading}

js/src/forum/components/SignUpModal.js

@@ -104,6 +104,7 @@ export default class SignUpModal extends Modal {
             className="FormControl"
             name="password"
             type="password"
+            autocomplete="new-password"
             placeholder={extractText(app.translator.trans('core.forum.sign_up.password_placeholder'))}
             bidi={this.password}
             disabled={this.loading}

js/src/forum/states/DiscussionListState.ts

@@ -1,6 +1,7 @@
 import app from '../../forum/app';
 import PaginatedListState, { Page } from '../../common/states/PaginatedListState';
 import Discussion from '../../common/models/Discussion';
+import ItemList from '../../common/utils/ItemList';
 
 export default class DiscussionListState extends PaginatedListState<Discussion> {
   protected extraDiscussions: Discussion[] = [];
@@ -14,9 +15,9 @@ export default class DiscussionListState extends PaginatedListState<Discussion>
   }
 
   requestParams() {
-    const params: any = { include: ['user', 'lastPostedUser'], filter: {} };
+    const params: any = { include: ['user', 'lastPostedUser'], filter: this.params.filter || {} };
 
-    params.sort = this.sortMap()[this.params.sort];
+    params.sort = this.sortMap().get(this.params.sort);
 
     if (this.params.q) {
       params.filter.q = this.params.q;
@@ -45,21 +46,22 @@ export default class DiscussionListState extends PaginatedListState<Discussion>
   }
 
   /**
-   * Get a map of sort keys (which appear in the URL, and are used for
+   * Get a list of sort keys (which appear in the URL, and are used for
    * translation) to the API sort value that they represent.
    */
-  sortMap() {
-    const map: any = {};
+  sortMap(): ItemList<string> {
+    const sortItems = new ItemList<string>();
 
     if (this.params.q) {
-      map.relevance = '';
+      sortItems.add('relevance', '', 100);
     }
-    map.latest = '-lastPostedAt';
-    map.top = '-commentCount';
-    map.newest = '-createdAt';
-    map.oldest = 'createdAt';
 
-    return map;
+    sortItems.add('latest', '-lastPostedAt', 80);
+    sortItems.add('top', '-commentCount', 60);
+    sortItems.add('newest', '-createdAt', 40);
+    sortItems.add('oldest', 'createdAt', 20);
+
+    return sortItems;
   }
 
   /**

less/common/Search.less

@@ -1,6 +1,12 @@
 .Search {
   position: relative;
 
+  // TODO v2.0 check if this is supported by Firefox,
+  // if so, consider switching to it.
+  ::-webkit-search-cancel-button {
+    display: none;
+  }
+
   &-clear {
     // It looks very weird due to the padding given to the button..
     &:focus {

less/forum/Post.less

@@ -185,6 +185,10 @@
   }
 }
 
+.Post--renderFailed {
+  background-color: @control-danger-bg;
+}
+
 .Post--hidden {
   .Post-header, .Post-header a, .PostUser h3, .PostUser h3 a {
     color: @muted-more-color;

locale/core.yml

@@ -115,7 +115,7 @@ core:
     # These translations are used on default extension pages.
     extension:
       configure_scopes: Configure Scopes
-      confirm_uninstall: Uninstalling will remove all database entries and assets related to the extension. Are you sure you want to continue?
+      confirm_purge: Purging will remove all database entries and assets related to the extension. It will not uninstall the extension; that must be done via Composer. Are you sure you want to continue?
       disabled: Disabled
       enable_to_see: Enable the extension to view and change settings.
       enabled: Enabled
@@ -130,7 +130,7 @@ core:
       no_settings: This extension has no settings.
       open_modal: Open Settings
       permissions_title: Permissions
-      uninstall_button: Uninstall
+      purge_button: Purge
 
     # These translations are used in the secondary header.
     header:
@@ -516,6 +516,7 @@ core:
       title: => core.ref.edit_user
       username_heading: => core.ref.username
       username_label: => core.ref.username
+      nothing_available: You are not allowed to edit this user.
 
     # These translations are displayed as error messages.
     error:
@@ -526,6 +527,7 @@ core:
       payload_too_large_message: The request payload was too large.
       permission_denied_message: You do not have permission to do that.
       rate_limit_exceeded_message: You're going a little too quickly. Please try again in a few seconds.
+      render_failed_message: Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.
 
     # These translations are used in the loading indicator component.
     loading_indicator:

src/Admin/AdminServiceProvider.php

@@ -61,7 +61,8 @@ class AdminServiceProvider extends AbstractServiceProvider
                 HttpMiddleware\CheckCsrfToken::class,
                 Middleware\RequireAdministrateAbility::class,
                 HttpMiddleware\ReferrerPolicyHeader::class,
-                HttpMiddleware\ContentTypeOptionsHeader::class
+                HttpMiddleware\ContentTypeOptionsHeader::class,
+                Middleware\DisableBrowserCache::class,
             ];
         });
 

src/Admin/Middleware/DisableBrowserCache.php

@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Admin\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\MiddlewareInterface as Middleware;
+use Psr\Http\Server\RequestHandlerInterface as Handler;
+
+class DisableBrowserCache implements Middleware
+{
+    public function process(Request $request, Handler $handler): Response
+    {
+        $response = $handler->handle($request);
+
+        return $response->withHeader('Cache-Control', 'max-age=0, no-store');
+    }
+}

src/Api/Client.php

@@ -132,6 +132,7 @@ class Client
 
         if ($this->parent) {
             $request = $request
+                ->withAttribute('ipAddress', $this->parent->getAttribute('ipAddress'))
                 ->withAttribute('session', $this->parent->getAttribute('session'));
             $request = RequestUtil::withActor($request, RequestUtil::getActor($this->parent));
         }

src/Api/Controller/ListGroupsController.php

@@ -10,8 +10,10 @@
 namespace Flarum\Api\Controller;
 
 use Flarum\Api\Serializer\GroupSerializer;
-use Flarum\Group\Group;
+use Flarum\Group\Filter\GroupFilterer;
 use Flarum\Http\RequestUtil;
+use Flarum\Http\UrlGenerator;
+use Flarum\Query\QueryCriteria;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -22,6 +24,38 @@ class ListGroupsController extends AbstractListController
      */
     public $serializer = GroupSerializer::class;
 
+    /**
+     * {@inheritdoc}
+     */
+    public $sortFields = ['nameSingular', 'namePlural', 'isHidden'];
+
+    /**
+     * {@inheritdoc}
+     *
+     * @var int
+     */
+    public $limit = -1;
+
+    /**
+     * @var GroupFilterer
+     */
+    protected $filterer;
+
+    /**
+     * @var UrlGenerator
+     */
+    protected $url;
+
+    /**
+     * @param GroupFilterer $filterer
+     * @param UrlGenerator $url
+     */
+    public function __construct(GroupFilterer $filterer, UrlGenerator $url)
+    {
+        $this->filterer = $filterer;
+        $this->url = $url;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -29,10 +63,25 @@ class ListGroupsController extends AbstractListController
     {
         $actor = RequestUtil::getActor($request);
 
-        $results = Group::whereVisibleTo($actor)->get();
+        $filters = $this->extractFilter($request);
+        $sort = $this->extractSort($request);
+        $sortIsDefault = $this->sortIsDefault($request);
 
-        $this->loadRelations($results, []);
+        $limit = $this->extractLimit($request);
+        $offset = $this->extractOffset($request);
 
-        return $results;
+        $criteria = new QueryCriteria($actor, $filters, $sort, $sortIsDefault);
+
+        $queryResults = $this->filterer->filter($criteria, $limit, $offset);
+
+        $document->addPaginationLinks(
+            $this->url->to('api')->route('groups.index'),
+            $request->getQueryParams(),
+            $offset,
+            $limit,
+            $queryResults->areMoreResults() ? null : 0
+        );
+
+        return $queryResults->getResults();
     }
 }

src/Api/Controller/ShowGroupController.php

@@ -0,0 +1,51 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Api\Controller;
+
+use Flarum\Api\Serializer\GroupSerializer;
+use Flarum\Group\GroupRepository;
+use Flarum\Http\RequestUtil;
+use Illuminate\Support\Arr;
+use Psr\Http\Message\ServerRequestInterface;
+use Tobscure\JsonApi\Document;
+
+class ShowGroupController extends AbstractShowController
+{
+    /**
+     * @var GroupRepository
+     */
+    protected $groups;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $serializer = GroupSerializer::class;
+
+    /**
+     * @param \Flarum\Group\GroupRepository $groups
+     */
+    public function __construct(GroupRepository $groups)
+    {
+        $this->groups = $groups;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function data(ServerRequestInterface $request, Document $document)
+    {
+        $id = Arr::get($request->getQueryParams(), 'id');
+        $actor = RequestUtil::getActor($request);
+
+        $group = $this->groups->findOrFail($id, $actor);
+
+        return $group;
+    }
+}

src/Api/Serializer/BasicPostSerializer.php

@@ -9,12 +9,30 @@
 
 namespace Flarum\Api\Serializer;
 
+use Exception;
+use Flarum\Foundation\ErrorHandling\LogReporter;
 use Flarum\Post\CommentPost;
 use Flarum\Post\Post;
 use InvalidArgumentException;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 class BasicPostSerializer extends AbstractSerializer
 {
+    /**
+     * @var LogReporter
+     */
+    protected $log;
+
+    /**
+     * @var TranslatorInterface
+     */
+    protected $translator;
+
+    public function __construct(LogReporter $log, TranslatorInterface $translator)
+    {
+        $this->log = $log;
+        $this->translator = $translator;
+    }
     /**
      * {@inheritdoc}
      */
@@ -41,7 +59,14 @@ class BasicPostSerializer extends AbstractSerializer
         ];
 
         if ($post instanceof CommentPost) {
-            $attributes['contentHtml'] = $post->formatContent($this->request);
+            try {
+                $attributes['contentHtml'] = $post->formatContent($this->request);
+                $attributes['renderFailed'] = false;
+            } catch (Exception $e) {
+                $attributes['contentHtml'] = $this->translator->trans('core.lib.error.render_failed_message');
+                $this->log->report($e);
+                $attributes['renderFailed'] = true;
+            }
         } else {
             $attributes['content'] = $post->content;
         }

src/Api/routes.php

@@ -224,6 +224,13 @@ return function (RouteCollection $map, RouteHandlerFactory $route) {
         $route->toController(Controller\CreateGroupController::class)
     );
 
+    // Show a single group
+    $map->get(
+        '/groups/{id}',
+        'groups.show',
+        $route->toController(Controller\ShowGroupController::class)
+    );
+
     // Edit a group
     $map->patch(
         '/groups/{id}',

src/Extend/Frontend.php

@@ -16,6 +16,7 @@ use Flarum\Foundation\ContainerUtil;
 use Flarum\Foundation\Event\ClearingCache;
 use Flarum\Frontend\Assets;
 use Flarum\Frontend\Compiler\Source\SourceCollector;
+use Flarum\Frontend\Document;
 use Flarum\Frontend\Frontend as ActualFrontend;
 use Flarum\Frontend\RecompileFrontendAssets;
 use Flarum\Http\RouteCollection;
@@ -33,6 +34,7 @@ class Frontend implements ExtenderInterface
     private $routes = [];
     private $removedRoutes = [];
     private $content = [];
+    private $preloadArrs = [];
 
     /**
      * @param string $frontend: The name of the frontend.
@@ -124,11 +126,45 @@ class Frontend implements ExtenderInterface
         return $this;
     }
 
+    /**
+     * Adds multiple asset preloads.
+     *
+     * The parameter should be an array of preload arrays, or a callable that returns this.
+     *
+     * A preload array must contain keys that pertain to the `<link rel="preload">` tag.
+     *
+     * For example, the following will add preload tags for a script and font file:
+     * ```
+     * $frontend->preloads([
+     *   [
+     *     'href' => '/assets/my-script.js',
+     *     'as' => 'script',
+     *   ],
+     *   [
+     *     'href' => '/assets/fonts/my-font.woff2',
+     *     'as' => 'font',
+     *     'type' => 'font/woff2',
+     *     'crossorigin' => ''
+     *   ]
+     * ]);
+     * ```
+     *
+     * @param callable|array $preloads
+     * @return self
+     */
+    public function preloads($preloads): self
+    {
+        $this->preloadArrs[] = $preloads;
+
+        return $this;
+    }
+
     public function extend(Container $container, Extension $extension = null)
     {
         $this->registerAssets($container, $this->getModuleName($extension));
         $this->registerRoutes($container);
         $this->registerContent($container);
+        $this->registerPreloads($container);
     }
 
     private function registerAssets(Container $container, string $moduleName): void
@@ -236,6 +272,25 @@ class Frontend implements ExtenderInterface
         );
     }
 
+    private function registerPreloads(Container $container): void
+    {
+        if (empty($this->preloadArrs)) {
+            return;
+        }
+
+        $container->resolving(
+            "flarum.frontend.$this->frontend",
+            function (ActualFrontend $frontend, Container $container) {
+                $frontend->content(function (Document $document) use ($container) {
+                    foreach ($this->preloadArrs as $preloadArr) {
+                        $preloads = is_callable($preloadArr) ? ContainerUtil::wrapCallback($preloadArr, $container)($document) : $preloadArr;
+                        $document->preloads = array_merge($document->preloads, $preloads);
+                    }
+                });
+            }
+        );
+    }
+
     private function getModuleName(?Extension $extension): string
     {
         return $extension ? $extension->getId() : 'site-custom';

src/Extend/ServiceProvider.php

@@ -21,7 +21,7 @@ class ServiceProvider implements ExtenderInterface
      *
      * Service providers are an advanced feature and might give access to Flarum internals that do not come with backward compatibility.
      * Please read our documentation about service providers for recommendations.
-     * @see https://docs.flarum.org/extend/service-provider.html
+     * @see https://docs.flarum.org/extend/service-provider/
      *
      * @param string $serviceProviderClass The ::class attribute of the service provider class.
      * @return self

src/Extension/Extension.php

@@ -283,6 +283,14 @@ class Extension implements Arrayable
     {
         $properties = $this->getIcon();
 
+        if (empty($properties)) {
+            return '';
+        }
+
+        $properties = array_filter($properties, function ($item) {
+            return is_string($item);
+        });
+
         unset($properties['name']);
 
         return implode(';', array_map(function (string $property, string $value) {

src/Filter/FilterServiceProvider.php

@@ -13,6 +13,8 @@ use Flarum\Discussion\Filter\DiscussionFilterer;
 use Flarum\Discussion\Query as DiscussionQuery;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Foundation\ContainerUtil;
+use Flarum\Group\Filter as GroupFilter;
+use Flarum\Group\Filter\GroupFilterer;
 use Flarum\Post\Filter as PostFilter;
 use Flarum\Post\Filter\PostFilterer;
 use Flarum\User\Filter\UserFilterer;
@@ -41,6 +43,9 @@ class FilterServiceProvider extends AbstractServiceProvider
                     UserQuery\EmailFilterGambit::class,
                     UserQuery\GroupFilterGambit::class,
                 ],
+                GroupFilterer::class => [
+                    GroupFilter\HiddenFilter::class,
+                ],
                 PostFilterer::class => [
                     PostFilter\AuthorFilter::class,
                     PostFilter\DiscussionFilter::class,

src/Foundation/Application.php

@@ -21,7 +21,7 @@ class Application
      *
      * @var string
      */
-    const VERSION = '1.0.5-dev';
+    const VERSION = '1.2.0-dev';
 
     /**
      * The IoC container for the Flarum application.

src/Frontend/Document.php

@@ -122,6 +122,28 @@ class Document implements Renderable
      */
     public $css = [];
 
+    /**
+     * An array of preloaded assets.
+     *
+     * Each array item should be an array containing keys that pertain to the
+     * `<link rel="preload">` tag.
+     *
+     * For example, the following will add a preload tag for a FontAwesome font file:
+     * ```
+     * $this->preloads[] = [
+     *   'href' => '/assets/fonts/fa-solid-900.woff2',
+     *   'as' => 'font',
+     *   'type' => 'font/woff2',
+     *   'crossorigin' => ''
+     * ];
+     * ```
+     *
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/preload
+     *
+     * @var array
+     */
+    public $preloads = [];
+
     /**
      * @var Factory
      */
@@ -203,6 +225,19 @@ class Document implements Renderable
         return $this->view->make($this->contentView)->with('content', $this->content);
     }
 
+    protected function makePreloads(): array
+    {
+        return array_map(function ($preload) {
+            $attributes = '';
+
+            foreach ($preload as $key => $value) {
+                $attributes .= " $key=\"".e($value).'"';
+            }
+
+            return "<link rel=\"preload\"$attributes>";
+        }, $this->preloads);
+    }
+
     /**
      * @return string
      */
@@ -216,6 +251,8 @@ class Document implements Renderable
             $head[] = '<link rel="canonical" href="'.e($this->canonicalUrl).'">';
         }
 
+        $head = array_merge($head, $this->makePreloads());
+
         $head = array_merge($head, array_map(function ($content, $name) {
             return '<meta name="'.e($name).'" content="'.e($content).'">';
         }, $this->meta, array_keys($this->meta)));

src/Frontend/FrontendServiceProvider.php

@@ -54,9 +54,58 @@ class FrontendServiceProvider extends AbstractServiceProvider
                 $frontend->content($container->make(Content\CorePayload::class));
                 $frontend->content($container->make(Content\Meta::class));
 
+                $frontend->content(function (Document $document) use ($container) {
+                    $default_preloads = $container->make('flarum.frontend.default_preloads');
+
+                    // Add preloads for base CSS and JS assets. Extensions should add their own via the extender.
+                    $js_preloads = [];
+                    $css_preloads = [];
+
+                    foreach ($document->css as $url) {
+                        $css_preloads[] = [
+                            'href' => $url,
+                            'as' => 'style'
+                        ];
+                    }
+                    foreach ($document->js as $url) {
+                        $css_preloads[] = [
+                            'href' => $url,
+                            'as' => 'script'
+                        ];
+                    }
+
+                    $document->preloads = array_merge(
+                        $css_preloads,
+                        $js_preloads,
+                        $default_preloads,
+                        $document->preloads,
+                    );
+                });
+
                 return $frontend;
             };
         });
+
+        $this->container->singleton(
+            'flarum.frontend.default_preloads',
+            function (Container $container) {
+                $filesystem = $container->make('filesystem')->disk('flarum-assets');
+
+                return [
+                    [
+                        'href' => $filesystem->url('fonts/fa-solid-900.woff2'),
+                        'as' => 'font',
+                        'type' => 'font/woff2',
+                        'crossorigin' => ''
+                    ], [
+                        'href' => $filesystem->url('fonts/fa-regular-400.woff2'),
+                        'as' => 'font',
+                        'type' => 'font/woff2',
+                        'crossorigin' => ''
+                    ]
+                ];
+            }
+        );
     }
 
     /**

src/Group/Filter/GroupFilterer.php

@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Group\Filter;
+
+use Flarum\Filter\AbstractFilterer;
+use Flarum\Group\GroupRepository;
+use Flarum\User\User;
+use Illuminate\Database\Eloquent\Builder;
+
+class GroupFilterer extends AbstractFilterer
+{
+    /**
+     * @var GroupRepository
+     */
+    protected $groups;
+
+    /**
+     * @param GroupRepository $groups
+     * @param array $filters
+     * @param array $filterMutators
+     */
+    public function __construct(GroupRepository $groups, array $filters, array $filterMutators)
+    {
+        parent::__construct($filters, $filterMutators);
+
+        $this->groups = $groups;
+    }
+
+    protected function getQuery(User $actor): Builder
+    {
+        return $this->groups->query()->whereVisibleTo($actor);
+    }
+}

src/Group/Filter/HiddenFilter.php

@@ -0,0 +1,26 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Group\Filter;
+
+use Flarum\Filter\FilterInterface;
+use Flarum\Filter\FilterState;
+
+class HiddenFilter implements FilterInterface
+{
+    public function getFilterKey(): string
+    {
+        return 'hidden';
+    }
+
+    public function filter(FilterState $filterState, string $filterValue, bool $negate)
+    {
+        $filterState->getQuery()->where('is_hidden', $negate ? '!=' : '=', $filterValue);
+    }
+}

src/Group/GroupRepository.php

@@ -21,7 +21,7 @@ class GroupRepository
      */
     public function query()
     {
-        return User::query();
+        return Group::query();
     }
 
     /**

src/Http/RouteCollection.php

@@ -121,11 +121,17 @@ class RouteCollection
         return $this->dataGenerator->getData();
     }
 
-    protected function fixPathPart(&$part, $key, array $parameters)
+    protected function fixPathPart($part, array $parameters, string $routeName)
     {
-        if (is_array($part) && array_key_exists($part[0], $parameters)) {
-            $part = $parameters[$part[0]];
+        if (! is_array($part)) {
+            return $part;
         }
+
+        if (! array_key_exists($part[0], $parameters)) {
+            throw new \InvalidArgumentException("Could not generate URL for route '$routeName': no value provided for required part '$part[0]'.");
+        }
+
+        return $parameters[$part[0]];
     }
 
     public function getPath($name, array $parameters = [])
@@ -151,9 +157,11 @@ class RouteCollection
                 }
             }
 
-            array_walk($matchingParts, [$this, 'fixPathPart'], $parameters);
+            $fixedParts = array_map(function ($part) use ($parameters, $name) {
+                return $this->fixPathPart($part, $parameters, $name);
+            }, $matchingParts);
 
-            return '/'.ltrim(implode('', $matchingParts), '/');
+            return '/'.ltrim(implode('', $fixedParts), '/');
         }
 
         throw new \RuntimeException("Route $name not found");

src/Install/DatabaseConfig.php

@@ -87,8 +87,8 @@ class DatabaseConfig implements Arrayable
         }
 
         if (! empty($this->prefix)) {
-            if (! preg_match('/^[\pL\pM\pN_-]+$/u', $this->prefix)) {
-                throw new ValidationFailed('The prefix may only contain characters, dashes and underscores.');
+            if (! preg_match('/^[\pL\pM\pN_]+$/u', $this->prefix)) {
+                throw new ValidationFailed('The prefix may only contain characters and underscores.');
             }
 
             if (strlen($this->prefix) > 10) {

src/Install/Prerequisite/WritablePaths.php

@@ -53,7 +53,7 @@ class WritablePaths implements PrerequisiteInterface
             })->map(function ($path, $index) {
                 return [
                     'message' => 'The '.$this->getAbsolutePath($path).' directory is not writable.',
-                    'detail' => 'Please make sure your web server/PHP user has write access to this directory'.(in_array($index, $this->wildcards) ? ' and its contents' : '').'. Read the <a href="https://docs.flarum.org/install.html#folder-ownership">installation documentation</a> for a detailed explanation and steps to resolve this error.'
+                    'detail' => 'Please make sure your web server/PHP user has write access to this directory'.(in_array($index, $this->wildcards) ? ' and its contents' : '').'. Read the <a href="https://docs.flarum.org/install/#folder-ownership">installation documentation</a> for a detailed explanation and steps to resolve this error.'
                 ];
             });
     }

src/User/AvatarValidator.php

@@ -16,6 +16,11 @@ use Symfony\Component\Mime\MimeTypes;
 
 class AvatarValidator extends AbstractValidator
 {
+    /**
+     * @var \Illuminate\Validation\Validator
+     */
+    protected $laravelValidator;
+
     /**
      * Throw an exception if a model is not valid.
      *
@@ -23,6 +28,8 @@ class AvatarValidator extends AbstractValidator
      */
     public function assertValid(array $attributes)
     {
+        $this->laravelValidator = $this->makeValidator($attributes);
+
         $this->assertFileRequired($attributes['avatar']);
         $this->assertFileMimes($attributes['avatar']);
         $this->assertFileSize($attributes['avatar']);
@@ -69,15 +76,21 @@ class AvatarValidator extends AbstractValidator
         $maxSize = $this->getMaxSize();
 
         if ($file->getSize() / 1024 > $maxSize) {
-            $this->raise('max.file', [':max' => $maxSize]);
+            $this->raise('max.file', [':max' => $maxSize], 'max');
         }
     }
 
-    protected function raise($error, array $parameters = [])
+    protected function raise($error, array $parameters = [], $rule = null)
     {
-        $message = $this->translator->trans(
-            "validation.$error",
-            $parameters + [':attribute' => 'avatar']
+        // When we switched to intl ICU message format, the translation parameters
+        // have become required to be in the format `{param}`.
+        // Therefore we cannot use the translator to replace the string params.
+        // We use the laravel validator to make the replacements instead.
+        $message = $this->laravelValidator->makeReplacements(
+            $this->translator->trans("validation.$error"),
+            'avatar',
+            $rule ?? $error,
+            array_values($parameters)
         );
 
         throw new ValidationException(['avatar' => $message]);

tests/integration/api/groups/ListTest.php

@@ -65,6 +65,148 @@ class ListTest extends TestCase
         $this->assertEquals(['1', '2', '3', '4', '10'], Arr::pluck($data['data'], 'id'));
     }
 
+    /**
+     * @test
+     */
+    public function filters_only_public_groups_for_admin()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups', [
+                'authenticatedAs' => 1,
+            ])
+            ->withQueryParams([
+                'filter' => ['hidden' => 0],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // The four default groups created by the installer without our hidden group
+        $this->assertEquals(['1', '2', '3', '4'], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function filters_only_hidden_groups_for_admin()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups', [
+                'authenticatedAs' => 1,
+            ])
+            ->withQueryParams([
+                'filter' => ['hidden' => 1],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Only our hidden group
+        $this->assertEquals(['10'], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function filters_only_public_groups_for_guest()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups')
+            ->withQueryParams([
+                'filter' => ['hidden' => 0],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // The four default groups created by the installer without our hidden group
+        $this->assertEquals(['1', '2', '3', '4'], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function hides_hidden_groups_when_filtering_for_guest()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups')
+            ->withQueryParams([
+                'filter' => ['hidden' => 1],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // When guest attempts to filter for hidden groups, system should
+        // still apply scoping and exclude those groups from results
+        $this->assertEquals([], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function paginates_groups_without_filter()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups')
+            ->withQueryParams([
+                'page' => ['limit' => '2', 'offset' => '2'],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Show second page of groups
+        $this->assertEquals(['3', '4'], Arr::pluck($data['data'], 'id'));
+    }
+
+    /**
+     * @test
+     */
+    public function paginates_groups_with_filter()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups')
+            ->withQueryParams([
+                'filter' => ['hidden' => 1],
+                'page' => ['limit' => '1', 'offset' => '1'],
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Show second page of groups. Because there is only one hidden group,
+        // second page should be empty.
+        $this->assertEmpty($data['data']);
+    }
+
+    /**
+     * @test
+     */
+    public function sorts_groups_by_name()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups', [
+                'authenticatedAs' => 1,
+            ])
+            ->withQueryParams([
+                'sort' => 'nameSingular',
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Ascending alphabetical order is: Admin - Guest - Hidden - Member - Mod
+        $this->assertEquals(['1', '2', '10', '3', '4'], Arr::pluck($data['data'], 'id'));
+    }
+
     protected function hiddenGroup(): array
     {
         return [

tests/integration/api/groups/ShowTest.php

@@ -0,0 +1,126 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\integration\api\groups;
+
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class ShowTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->prepareDatabase([
+            'groups' => [
+                $this->hiddenGroup(),
+            ],
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function shows_public_group_for_guest()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups/1')
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Default group created by the installer should be returned
+        $this->assertEquals('1', Arr::get($data, 'data.id'));
+    }
+
+    /**
+     * @test
+     */
+    public function shows_public_group_for_admin()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups/1', [
+                'authenticatedAs' => 1,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Default group created by the installer should be returned
+        $this->assertEquals('1', Arr::get($data, 'data.id'));
+    }
+
+    /**
+     * @test
+     */
+    public function hides_hidden_group_for_guest()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups/10')
+        );
+
+        // Hidden group should not be returned for guest
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function shows_hidden_group_for_admin()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups/10', [
+                'authenticatedAs' => 1,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        // Hidden group should be returned for admin
+        $this->assertEquals('10', Arr::get($data, 'data.id'));
+    }
+
+    /**
+     * @test
+     */
+    public function rejects_request_for_non_existing_group()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/groups/999', [
+                'authenticatedAs' => 1,
+            ])
+        );
+
+        // If group does not exist in database, controller
+        // should reject the request with 404 Not found
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    protected function hiddenGroup(): array
+    {
+        return [
+            'id' => 10,
+            'name_singular' => 'Hidden',
+            'name_plural' => 'Ninjas',
+            'color' => null,
+            'icon' => 'fas fa-wrench',
+            'is_hidden' => 1
+        ];
+    }
+}

tests/integration/api/posts/ShowTest.php

@@ -0,0 +1,82 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\integration\api\posts;
+
+use Carbon\Carbon;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+
+class ShowTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->prepareDatabase([
+            'discussions' => [
+                ['id' => 1, 'title' => 'Discussion with post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 1, 'comment_count' => 1, 'is_private' => 0],
+            ],
+            'posts' => [
+                ['id' => 1, 'discussion_id' => 1, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>valid</p></t>'],
+                ['id' => 2, 'discussion_id' => 1, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<tMALFORMED'],
+            ],
+            'users' => [
+                $this->normalUser(),
+            ]
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function properly_formatted_post_rendered_correctly()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/posts/1', [
+                'authenticatedAs' => 2,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+
+        $body = (string) $response->getBody();
+        $this->assertJson($body);
+
+        $data = json_decode($body, true);
+
+        $this->assertEquals($data['data']['attributes']['contentHtml'], '<p>valid</p>');
+    }
+
+    /**
+     * @test
+     */
+    public function malformed_post_caught_by_renderer()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/posts/2', [
+                'authenticatedAs' => 2,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+
+        $body = (string) $response->getBody();
+        $this->assertJson($body);
+
+        $data = json_decode($body, true);
+
+        $this->assertEquals("Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.", $data['data']['attributes']['contentHtml']);
+    }
+}

tests/integration/extenders/FrontendPreloadTest.php

@@ -0,0 +1,93 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\integration\extenders;
+
+use Flarum\Extend;
+use Flarum\Testing\integration\TestCase;
+
+class FrontendPreloadTest extends TestCase
+{
+    private $customPreloadUrls = ['/my-preload', '/my-preload2'];
+
+    /**
+     * @test
+     */
+    public function default_preloads_are_present()
+    {
+        $response = $this->send(
+            $this->request('GET', '/')
+        );
+
+        $filesystem = $this->app()->getContainer()->make('filesystem')->disk('flarum-assets');
+
+        $urls = [
+            $filesystem->url('fonts/fa-solid-900.woff2'),
+            $filesystem->url('fonts/fa-regular-400.woff2'),
+        ];
+
+        $body = $response->getBody()->getContents();
+
+        foreach ($urls as $url) {
+            $this->assertStringContainsString("<link rel=\"preload\" href=\"$url\" as=\"font\" type=\"font/woff2\" crossorigin=\"\">", $body);
+        }
+    }
+
+    /**
+     * @test
+     */
+    public function preloads_can_be_added()
+    {
+        $urls = $this->customPreloadUrls;
+
+        $this->extend(
+            (new Extend\Frontend('forum'))
+                ->preloads(
+                    array_map(function ($url) {
+                        return ['href' => $url];
+                    }, $urls)
+                )
+        );
+
+        $response = $this->send(
+            $this->request('GET', '/')
+        );
+        $body = $response->getBody()->getContents();
+
+        foreach ($urls as $url) {
+            $this->assertStringContainsString("<link rel=\"preload\" href=\"$url\">", $body);
+        }
+    }
+
+    /**
+     * @test
+     */
+    public function preloads_can_be_added_via_callable()
+    {
+        $urls = $this->customPreloadUrls;
+
+        $this->extend(
+            (new Extend\Frontend('forum'))
+                ->preloads(function () use ($urls) {
+                    return array_map(function ($url) {
+                        return ['href' => $url];
+                    }, $urls);
+                })
+        );
+
+        $response = $this->send(
+            $this->request('GET', '/')
+        );
+        $body = $response->getBody()->getContents();
+
+        foreach ($urls as $url) {
+            $this->assertStringContainsString("<link rel=\"preload\" href=\"$url\">", $body);
+        }
+    }
+}

tests/unit/Http/RouteCollectionTest.php

@@ -44,4 +44,41 @@ class RouteCollectionTest extends TestCase
 
         $this->assertEquals('/posts', $routeCollection->getPath('forum.posts.delete'));
     }
+
+    /** @test */
+    public function must_provide_required_parameters()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage("Could not generate URL for route 'user': no value provided for required part 'user'.");
+
+        $routeCollection = (new RouteCollection)->addRoute('GET', '/user/{user}', 'user', function () {
+            echo 'user';
+        });
+
+        $routeCollection->getPath('user', []);
+    }
+
+    /** @test */
+    public function dont_need_to_provide_optional_parameters()
+    {
+        $routeCollection = (new RouteCollection)->addRoute('GET', '/user/{user}[/{test}]', 'user', function () {
+            echo 'user';
+        });
+
+        $path = $routeCollection->getPath('user', ['user' => 'SomeUser']);
+
+        $this->assertEquals('/user/SomeUser', $path);
+    }
+
+    /** @test */
+    public function can_provide_optional_parameters()
+    {
+        $routeCollection = (new RouteCollection)->addRoute('GET', '/user/{user}[/{test}]', 'user', function () {
+            echo 'user';
+        });
+
+        $path = $routeCollection->getPath('user', ['user' => 'SomeUser', 'test' => 'Flarum']);
+
+        $this->assertEquals('/user/SomeUser/Flarum', $path);
+    }
 }

views/reset-password.blade.php

@@ -19,11 +19,11 @@
     <input type="hidden" name="passwordToken" value="{{ $passwordToken }}">
 
     <p class="form-group">
-      <input type="password" class="form-control" name="password" placeholder="{{ $translator->trans('core.views.reset_password.new_password_label') }}">
+      <input type="password" class="form-control" name="password" autocomplete="new-password" placeholder="{{ $translator->trans('core.views.reset_password.new_password_label') }}">
     </p>
 
     <p class="form-group">
-      <input type="password" class="form-control" name="password_confirmation" placeholder="{{ $translator->trans('core.views.reset_password.confirm_password_label') }}">
+      <input type="password" class="form-control" name="password_confirmation" autocomplete="new-password" placeholder="{{ $translator->trans('core.views.reset_password.confirm_password_label') }}">
     </p>
 
     <p class="form-group">