Merge commit 'db55f18ae535e050b2a816b47c9b8897d6f53803' into v3.x

CHANGELOG.md

@@ -1,3 +1,31 @@
+#### v3.3.4 (2023-08-20)
+
+##### Chores
+
+*  incrementing version number - v3.3.3 (f94d239b)
+*  update changelog for v3.3.3 (38149a57)
+*  incrementing version number - v3.3.2 (ec9dac97)
+*  incrementing version number - v3.3.1 (151cc68f)
+*  incrementing version number - v3.3.0 (fc1ad70f)
+*  incrementing version number - v3.2.3 (b06d3e63)
+*  incrementing version number - v3.2.2 (758ecfcd)
+*  incrementing version number - v3.2.1 (20145074)
+*  incrementing version number - v3.2.0 (9ecac38e)
+*  incrementing version number - v3.1.7 (0b4e81ab)
+*  incrementing version number - v3.1.6 (b3a3b130)
+*  incrementing version number - v3.1.5 (ec19343a)
+*  incrementing version number - v3.1.4 (2452783c)
+*  incrementing version number - v3.1.3 (3b4e9d3f)
+*  incrementing version number - v3.1.2 (40fa3489)
+*  incrementing version number - v3.1.1 (40250733)
+*  incrementing version number - v3.1.0 (0cb386bd)
+*  incrementing version number - v3.0.1 (26f6ea49)
+*  incrementing version number - v3.0.0 (224e08cd)
+
+##### Bug Fixes
+
+*  upgrade script, get rid of nested processSortedSet (78a7cfe9)
+
 #### v3.3.3 (2023-08-19)
 
 ##### Chores

install/package.json

@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "3.3.4",
+    "version": "3.3.5",
     "homepage": "https://www.nodebb.org",
     "repository": {
         "type": "git",
@@ -93,7 +93,7 @@
         "multiparty": "4.2.3",
         "nconf": "0.12.0",
         "nodebb-plugin-2factor": "7.2.1",
-        "nodebb-plugin-composer-default": "10.2.11",
+        "nodebb-plugin-composer-default": "10.2.13",
         "nodebb-plugin-dbsearch": "6.2.0",
         "nodebb-plugin-emoji": "5.1.5",
         "nodebb-plugin-emoji-android": "4.0.0",
@@ -102,7 +102,7 @@
         "nodebb-plugin-ntfy": "1.4.0",
         "nodebb-plugin-spam-be-gone": "2.1.1",
         "nodebb-rewards-essentials": "0.2.3",
-        "nodebb-theme-harmony": "1.1.38",
+        "nodebb-theme-harmony": "1.1.41",
         "nodebb-theme-lavender": "7.1.3",
         "nodebb-theme-peace": "2.1.12",
         "nodebb-theme-persona": "13.2.19",

public/openapi/components/schemas/UserObject.yaml

@@ -512,21 +512,6 @@ UserObjectFull:
           - name
           - visibility
           - public
-    sso:
-      type: array
-      items:
-        type: object
-        properties:
-          associated:
-            type: boolean
-          url:
-            type: string
-          name:
-            type: string
-          icon:
-            type: string
-          deauthUrl:
-            type: string
     websiteLink:
       type: string
     websiteName:

public/openapi/read/user/userslug/edit.yaml

@@ -47,6 +47,21 @@ get:
                     type: number
                   defaultAvatar:
                     type: string
+                  sso:
+                    type: array
+                    items:
+                      type: object
+                      properties:
+                        associated:
+                          type: boolean
+                        url:
+                          type: string
+                        name:
+                          type: string
+                        icon:
+                          type: string
+                        deauthUrl:
+                          type: string
                   groupSelectSize:
                     type: number
                   title:

src/controllers/accounts/edit.js

@@ -5,6 +5,7 @@ const meta = require('../../meta');
 const helpers = require('../helpers');
 const groups = require('../../groups');
 const privileges = require('../../privileges');
+const plugins = require('../../plugins');
 const accountHelpers = require('./helpers');
 const file = require('../../file');
 
@@ -19,9 +20,10 @@ editController.get = async function (req, res) {
 		groups: _groups,
 		groupTitleArray,
 		allowMultipleBadges,
-	}, canUseSignature] = await Promise.all([
+	}, canUseSignature, canManageUsers] = await Promise.all([
 		accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, req.query),
 		privileges.global.can('signature', req.uid),
+		privileges.admin.can('admin:users', req.uid),
 	]);
 
 	const payload = {};
@@ -38,6 +40,11 @@ editController.get = async function (req, res) {
 
 	payload.groups = _groups.filter(g => g && g.userTitleEnabled && !groups.isPrivilegeGroup(g.name) && g.name !== 'registered-users');
 
+	if (req.uid === res.locals.uid || canManageUsers) {
+		const { associations } = await plugins.hooks.fire('filter:auth.list', { uid: res.locals.uid, associations: [] });
+		payload.sso = associations;
+	}
+
 	if (!allowMultipleBadges) {
 		payload.groupTitle = groupTitleArray[0];
 	}

src/controllers/accounts/helpers.js

@@ -104,16 +104,6 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
 		canViewInfo: canViewInfo,
 	});
 
-	userData.sso = results.sso.associations.map((association) => {
-		if (!isSelf) {
-			delete association.deauthUrl;
-			if (!association.associated) {
-				delete association.url;
-			}
-		}
-
-		return association;
-	});
 	userData.banned = Boolean(userData.banned);
 	userData.muted = parseInt(userData.mutedUntil, 10) > Date.now();
 	userData.website = escape(userData.website);
@@ -162,7 +152,6 @@ async function getAllData(uid, callerUID) {
 		ips: user.getIPs(uid, 4),
 		profile_menu: getProfileMenu(uid, callerUID),
 		groups: groups.getUserGroups([uid]),
-		sso: plugins.hooks.fire('filter:auth.list', { uid: uid, associations: [] }),
 		canEdit: privileges.users.canEdit(callerUID, uid),
 		canBanUser: privileges.users.canBanUser(callerUID, uid),
 		canMuteUser: privileges.users.canMuteUser(callerUID, uid),