From 44ca29020b01fe83fad15cc58d6bab2dec9d5b4f Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Sun, 20 Aug 2023 04:14:33 +0000 Subject: [PATCH 1/7] chore: incrementing version number - v3.3.4 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 2f063c10de..2e730573ac 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "3.3.3", + "version": "3.3.4", "homepage": "https://www.nodebb.org", "repository": { "type": "git", From c44ddb10e7ef5b822781e7e6b6e4859d5edc223d Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Sun, 20 Aug 2023 04:14:33 +0000 Subject: [PATCH 2/7] chore: update changelog for v3.3.4 --- CHANGELOG.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a6366c7a0..712773e010 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,31 @@ +#### v3.3.4 (2023-08-20) + +##### Chores + +* incrementing version number - v3.3.3 (f94d239b) +* update changelog for v3.3.3 (38149a57) +* incrementing version number - v3.3.2 (ec9dac97) +* incrementing version number - v3.3.1 (151cc68f) +* incrementing version number - v3.3.0 (fc1ad70f) +* incrementing version number - v3.2.3 (b06d3e63) +* incrementing version number - v3.2.2 (758ecfcd) +* incrementing version number - v3.2.1 (20145074) +* incrementing version number - v3.2.0 (9ecac38e) +* incrementing version number - v3.1.7 (0b4e81ab) +* incrementing version number - v3.1.6 (b3a3b130) +* incrementing version number - v3.1.5 (ec19343a) +* incrementing version number - v3.1.4 (2452783c) +* incrementing version number - v3.1.3 (3b4e9d3f) +* incrementing version number - v3.1.2 (40fa3489) +* incrementing version number - v3.1.1 (40250733) +* incrementing version number - v3.1.0 (0cb386bd) +* incrementing version number - v3.0.1 (26f6ea49) +* incrementing version number - v3.0.0 (224e08cd) + +##### Bug Fixes + +* upgrade script, get rid of nested processSortedSet (78a7cfe9) + #### v3.3.3 (2023-08-19) ##### Chores From 8aacc8f89cf7dcf6295831dbe0aed4b15aa793cd Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 21 Aug 2023 15:26:22 -0400 Subject: [PATCH 3/7] fix: #11906, remove retrieval of SSO data in getAllData internal method, only retrieve for calling user or admins, and only on edit page --- src/controllers/accounts/edit.js | 8 +++++++- src/controllers/accounts/helpers.js | 11 ----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/controllers/accounts/edit.js b/src/controllers/accounts/edit.js index 84763a6e71..9b6526ad80 100644 --- a/src/controllers/accounts/edit.js +++ b/src/controllers/accounts/edit.js @@ -5,6 +5,7 @@ const meta = require('../../meta'); const helpers = require('../helpers'); const groups = require('../../groups'); const privileges = require('../../privileges'); +const plugins = require('../../plugins'); const accountHelpers = require('./helpers'); const file = require('../../file'); @@ -19,9 +20,10 @@ editController.get = async function (req, res) { groups: _groups, groupTitleArray, allowMultipleBadges, - }, canUseSignature] = await Promise.all([ + }, canUseSignature, canManageUsers] = await Promise.all([ accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, req.query), privileges.global.can('signature', req.uid), + privileges.admin.can('admin:users', req.uid), ]); const payload = {}; @@ -38,6 +40,10 @@ editController.get = async function (req, res) { payload.groups = _groups.filter(g => g && g.userTitleEnabled && !groups.isPrivilegeGroup(g.name) && g.name !== 'registered-users'); + if (req.uid === res.locals.uid || canManageUsers) { + payload.sso = await plugins.hooks.fire('filter:auth.list', { uid: res.locals.uid, associations: [] }); + } + if (!allowMultipleBadges) { payload.groupTitle = groupTitleArray[0]; } diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js index 4ac8042eba..592d3011db 100644 --- a/src/controllers/accounts/helpers.js +++ b/src/controllers/accounts/helpers.js @@ -104,16 +104,6 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {}) canViewInfo: canViewInfo, }); - userData.sso = results.sso.associations.map((association) => { - if (!isSelf) { - delete association.deauthUrl; - if (!association.associated) { - delete association.url; - } - } - - return association; - }); userData.banned = Boolean(userData.banned); userData.muted = parseInt(userData.mutedUntil, 10) > Date.now(); userData.website = escape(userData.website); @@ -162,7 +152,6 @@ async function getAllData(uid, callerUID) { ips: user.getIPs(uid, 4), profile_menu: getProfileMenu(uid, callerUID), groups: groups.getUserGroups([uid]), - sso: plugins.hooks.fire('filter:auth.list', { uid: uid, associations: [] }), canEdit: privileges.users.canEdit(callerUID, uid), canBanUser: privileges.users.canBanUser(callerUID, uid), canMuteUser: privileges.users.canMuteUser(callerUID, uid), From df65c60081e515f23c5e8e470559b3e2d6198b57 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 21 Aug 2023 15:38:41 -0400 Subject: [PATCH 4/7] fix: improper SSO format (regression), update openapi schema --- public/openapi/components/schemas/UserObject.yaml | 15 --------------- public/openapi/read/user/userslug/edit.yaml | 15 +++++++++++++++ src/controllers/accounts/edit.js | 3 ++- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/public/openapi/components/schemas/UserObject.yaml b/public/openapi/components/schemas/UserObject.yaml index d10acf63bc..c2b3177637 100644 --- a/public/openapi/components/schemas/UserObject.yaml +++ b/public/openapi/components/schemas/UserObject.yaml @@ -512,21 +512,6 @@ UserObjectFull: - name - visibility - public - sso: - type: array - items: - type: object - properties: - associated: - type: boolean - url: - type: string - name: - type: string - icon: - type: string - deauthUrl: - type: string websiteLink: type: string websiteName: diff --git a/public/openapi/read/user/userslug/edit.yaml b/public/openapi/read/user/userslug/edit.yaml index 734ea32abf..8ba486b5e8 100644 --- a/public/openapi/read/user/userslug/edit.yaml +++ b/public/openapi/read/user/userslug/edit.yaml @@ -47,6 +47,21 @@ get: type: number defaultAvatar: type: string + sso: + type: array + items: + type: object + properties: + associated: + type: boolean + url: + type: string + name: + type: string + icon: + type: string + deauthUrl: + type: string groupSelectSize: type: number title: diff --git a/src/controllers/accounts/edit.js b/src/controllers/accounts/edit.js index 9b6526ad80..8560f043e8 100644 --- a/src/controllers/accounts/edit.js +++ b/src/controllers/accounts/edit.js @@ -41,7 +41,8 @@ editController.get = async function (req, res) { payload.groups = _groups.filter(g => g && g.userTitleEnabled && !groups.isPrivilegeGroup(g.name) && g.name !== 'registered-users'); if (req.uid === res.locals.uid || canManageUsers) { - payload.sso = await plugins.hooks.fire('filter:auth.list', { uid: res.locals.uid, associations: [] }); + const { associations } = await plugins.hooks.fire('filter:auth.list', { uid: res.locals.uid, associations: [] }); + payload.sso = associations; } if (!allowMultipleBadges) { From a6da10efe1c3ff1668b8bbff3e482d634f4ae63d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Tue, 22 Aug 2023 11:32:43 -0400 Subject: [PATCH 5/7] chore: up composer --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 2e730573ac..8c562ec733 100644 --- a/install/package.json +++ b/install/package.json @@ -93,7 +93,7 @@ "multiparty": "4.2.3", "nconf": "0.12.0", "nodebb-plugin-2factor": "7.2.1", - "nodebb-plugin-composer-default": "10.2.11", + "nodebb-plugin-composer-default": "10.2.12", "nodebb-plugin-dbsearch": "6.2.0", "nodebb-plugin-emoji": "5.1.5", "nodebb-plugin-emoji-android": "4.0.0", From 055762e69e66d8a4fb30755a7b84bf52613c9e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Tue, 22 Aug 2023 12:48:11 -0400 Subject: [PATCH 6/7] chore: up version number --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 8c562ec733..9eaf0ffdb9 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "3.3.4", + "version": "3.3.5", "homepage": "https://www.nodebb.org", "repository": { "type": "git", From db55f18ae535e050b2a816b47c9b8897d6f53803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Tue, 22 Aug 2023 18:58:59 -0400 Subject: [PATCH 7/7] chore: up deps --- install/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/package.json b/install/package.json index 9eaf0ffdb9..311be0891d 100644 --- a/install/package.json +++ b/install/package.json @@ -93,7 +93,7 @@ "multiparty": "4.2.3", "nconf": "0.12.0", "nodebb-plugin-2factor": "7.2.1", - "nodebb-plugin-composer-default": "10.2.12", + "nodebb-plugin-composer-default": "10.2.13", "nodebb-plugin-dbsearch": "6.2.0", "nodebb-plugin-emoji": "5.1.5", "nodebb-plugin-emoji-android": "4.0.0", @@ -102,7 +102,7 @@ "nodebb-plugin-ntfy": "1.4.0", "nodebb-plugin-spam-be-gone": "2.1.1", "nodebb-rewards-essentials": "0.2.3", - "nodebb-theme-harmony": "1.1.38", + "nodebb-theme-harmony": "1.1.41", "nodebb-theme-lavender": "7.1.3", "nodebb-theme-peace": "2.1.12", "nodebb-theme-persona": "13.2.19",