Merge commit 'ec048a01ba9f2dbc17064427bdcafd88e7271c88' into v2.x

3 years ago · 36523c67b8
parent 60cbd1480d ec048a01ba
commit 36523c67b8
11 changed files with 32 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,20 @@
 #### v2.4.1 (2022-08-14)
 ##### Chores
 * **deps:**
  *  update docker/build-push-action action to v3 (bfd6318c)
  *  update docker/login-action action to v2 (3d68accf)
  *  update docker/setup-buildx-action action to v2 (371ac032)
 *  incrementing version number - v2.4.0 (4834cde3)
 *  update changelog for v2.4.0 (c4714ff7)
 *  incrementing version number - v2.3.1 (d2425942)
 *  incrementing version number - v2.3.0 (046ea120)
 ##### Bug Fixes
 *  return at least one in sizeCalculation (#10832) (15ca460c)
 #### v2.4.0 (2022-08-10)
 ##### Chores
--- a/install/package.json
+++ b/install/package.json
@ -104,7 +104,7 @@
        "nodebb-widget-essentials": "6.0.0",
        "nodemailer": "6.7.7",
        "nprogress": "0.2.0",
-        "passport": "0.5.2",
+        "passport": "0.6.0",
        "passport-http-bearer": "1.0.1",
        "passport-local": "1.0.0",
        "pg": "8.7.3",
--- a/public/openapi/read/user/userslug/export/posts.yaml
+++ b/public/openapi/read/user/userslug/export/posts.yaml
@ -2,6 +2,7 @@ get:
  tags:
    - users
  summary: Export a user's posts (.csv)
  description: This route retrieves an existing export of user's posts. To create one go to `/user/{userslug}/consent`
  parameters:
    - name: userslug
      in: path
--- a/public/openapi/read/user/userslug/export/profile.yaml
+++ b/public/openapi/read/user/userslug/export/profile.yaml
@ -2,6 +2,7 @@ get:
  tags:
    - users
  summary: Export a user's profile data (.json)
  description: This route retrieves an existing export of user's profile data. To create one go to `/user/{userslug}/consent`
  parameters:
    - name: userslug
      in: path
--- a/public/openapi/read/user/userslug/export/uploads.yaml
+++ b/public/openapi/read/user/userslug/export/uploads.yaml
@ -2,6 +2,7 @@ get:
  tags:
    - users
  summary: Export a user's uploads (.zip)
  description: This route retrieves an existing export of user's profile data. To create one go to `/user/{userslug}/consent`
  parameters:
    - name: userslug
      in: path
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@ -351,7 +351,7 @@ authenticationController.doLogin = async function (req, uid) {
 		}
 	}
-	await loginAsync({ uid: uid });
+	await loginAsync({ uid: uid }, { keepSessionInfo: true });
 	await authenticationController.onSuccessfulLogin(req, uid);
 };
@ -459,6 +459,7 @@ authenticationController.localLogin = async function (req, username, password, n
 };
 const destroyAsync = util.promisify((req, callback) => req.session.destroy(callback));
 const logoutAsync = util.promisify((req, callback) => req.logout(callback));
 authenticationController.logout = async function (req, res, next) {
 	if (!req.loggedIn || !req.sessionID) {
@ -470,7 +471,7 @@ authenticationController.logout = async function (req, res, next) {
 	try {
 		await user.auth.revokeSession(sessionID, uid);
-		req.logout();
+		await logoutAsync();
 		await destroyAsync(req);
 		res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
--- a/src/middleware/header.js
+++ b/src/middleware/header.js
@ -41,8 +41,10 @@ middleware.buildHeader = helpers.try(async (req, res, next) => {
 	]);
 	if (!canLoginIfBanned && req.loggedIn) {
-		req.logout();
+		req.logout(() => {
-		return res.redirect('/');
+			res.redirect('/');
 		});
 		return;
 	}
 	res.locals.config = config;
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@ -35,7 +35,7 @@ module.exports = function (middleware) {
 	async function authenticate(req, res) {
 		async function finishLogin(req, user) {
 			const loginAsync = util.promisify(req.login).bind(req);
-			await loginAsync(user);
+			await loginAsync(user, { keepSessionInfo: true });
 			await controllers.authentication.onSuccessfulLogin(req, user.uid);
 			req.uid = user.uid;
 			req.loggedIn = req.uid > 0;
--- a/src/posts/index.js
+++ b/src/posts/index.js
@ -93,7 +93,7 @@ Posts.getPostIndices = async function (posts, uid) {
 };
 Posts.modifyPostByPrivilege = function (post, privileges) {
-	if (post.deleted && !(post.selfPost || privileges['posts:view_deleted'])) {
+	if (post && post.deleted && !(post.selfPost || privileges['posts:view_deleted'])) {
 		post.content = '[[topic:post_is_deleted]]';
 		if (post.user) {
 			post.user.signature = '';
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -139,7 +139,7 @@ Auth.reloadRoutes = async function (params) {
 			})(req, res, next);
 		}, Auth.middleware.validateAuth, (req, res, next) => {
 			async.waterfall([
-				async.apply(req.login.bind(req), res.locals.user),
+				async.apply(req.login.bind(req), res.locals.user, { keepSessionInfo: true }),
 				async.apply(controllers.authentication.onSuccessfulLogin, req, req.uid),
 			], (err) => {
 				if (err) {
--- a/src/views/partials/email_update.tpl
+++ b/src/views/partials/email_update.tpl
@ -11,7 +11,7 @@
 		<p class="help-block">[[user:emailUpdate.change-instructions]]</p>
 	</div>
-	{{{ if update }}}
+	{{{ if issuePasswordChallenge }}}
 	<div class="form-group">
 		<label for="password">[[register:password]]</label>
 		<input class="form-control" type="password" id="password" name="password" />