From 15ca460c8f144c3167249b135902ac59289ca2f8 Mon Sep 17 00:00:00 2001
From: Opliko <opliko.reg@protonmail.com>
Date: Sat, 13 Aug 2022 15:29:56 +0200
Subject: [PATCH 1/7] fix: return at least one in sizeCalculation (#10832)

if post content is empty post cache should still consider its size to be at least one. fixes #10831
---
 src/posts/cache.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/posts/cache.js b/src/posts/cache.js
index 888fba6424..7f4711d0cd 100644
--- a/src/posts/cache.js
+++ b/src/posts/cache.js
@@ -6,7 +6,7 @@ const meta = require('../meta');
 module.exports = cacheCreate({
 	name: 'post',
 	maxSize: meta.config.postCacheSize,
-	sizeCalculation: function (n) { return n.length; },
+	sizeCalculation: function (n) { return n.length || 1; },
 	ttl: 0,
 	enabled: global.env === 'production',
 });

From 7f5ff2e613322530bcb9f9fdaa76d3d2c62b3bc9 Mon Sep 17 00:00:00 2001
From: Misty Release Bot <deploy@nodebb.org>
Date: Sun, 14 Aug 2022 00:18:24 +0000
Subject: [PATCH 2/7] chore: incrementing version number - v2.4.1

---
 install/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/package.json b/install/package.json
index ff4b2c4814..e9debbe6bd 100644
--- a/install/package.json
+++ b/install/package.json
@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "2.4.0",
+    "version": "2.4.1",
     "homepage": "http://www.nodebb.org",
     "repository": {
         "type": "git",

From 4b6baabbbf5e69b6191b4a8382e97a7fe1df89f3 Mon Sep 17 00:00:00 2001
From: Misty Release Bot <deploy@nodebb.org>
Date: Sun, 14 Aug 2022 00:18:25 +0000
Subject: [PATCH 3/7] chore: update changelog for v2.4.1

---
 CHANGELOG.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 57f2822f2d..636fe4278b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+#### v2.4.1 (2022-08-14)
+
+##### Chores
+
+* **deps:**
+  *  update docker/build-push-action action to v3 (bfd6318c)
+  *  update docker/login-action action to v2 (3d68accf)
+  *  update docker/setup-buildx-action action to v2 (371ac032)
+*  incrementing version number - v2.4.0 (4834cde3)
+*  update changelog for v2.4.0 (c4714ff7)
+*  incrementing version number - v2.3.1 (d2425942)
+*  incrementing version number - v2.3.0 (046ea120)
+
+##### Bug Fixes
+
+*  return at least one in sizeCalculation (#10832) (15ca460c)
+
 #### v2.4.0 (2022-08-10)
 
 ##### Chores

From 6b2a6f9006602796666e72c6a4f530b726409bf2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sat, 13 Aug 2022 20:24:42 -0400
Subject: [PATCH 4/7] test: passport0.6 (#10638)

* test: passport0.6

* test: make logout async, fix lint

* test: keepSessionInfo flag

* revert: csrf load
---
 install/package.json              | 2 +-
 src/controllers/authentication.js | 5 +++--
 src/middleware/header.js          | 6 ++++--
 src/middleware/user.js            | 2 +-
 src/routes/authentication.js      | 2 +-
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/install/package.json b/install/package.json
index e9debbe6bd..c7248c007b 100644
--- a/install/package.json
+++ b/install/package.json
@@ -104,7 +104,7 @@
         "nodebb-widget-essentials": "6.0.0",
         "nodemailer": "6.7.7",
         "nprogress": "0.2.0",
-        "passport": "0.5.2",
+        "passport": "0.6.0",
         "passport-http-bearer": "1.0.1",
         "passport-local": "1.0.0",
         "pg": "8.7.3",
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index b97b0ca8c2..7b8af8e885 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -351,7 +351,7 @@ authenticationController.doLogin = async function (req, uid) {
 		}
 	}
 
-	await loginAsync({ uid: uid });
+	await loginAsync({ uid: uid }, { keepSessionInfo: true });
 	await authenticationController.onSuccessfulLogin(req, uid);
 };
 
@@ -459,6 +459,7 @@ authenticationController.localLogin = async function (req, username, password, n
 };
 
 const destroyAsync = util.promisify((req, callback) => req.session.destroy(callback));
+const logoutAsync = util.promisify((req, callback) => req.logout(callback));
 
 authenticationController.logout = async function (req, res, next) {
 	if (!req.loggedIn || !req.sessionID) {
@@ -470,7 +471,7 @@ authenticationController.logout = async function (req, res, next) {
 
 	try {
 		await user.auth.revokeSession(sessionID, uid);
-		req.logout();
+		await logoutAsync();
 
 		await destroyAsync(req);
 		res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
diff --git a/src/middleware/header.js b/src/middleware/header.js
index f5722508b0..1086318d57 100644
--- a/src/middleware/header.js
+++ b/src/middleware/header.js
@@ -41,8 +41,10 @@ middleware.buildHeader = helpers.try(async (req, res, next) => {
 	]);
 
 	if (!canLoginIfBanned && req.loggedIn) {
-		req.logout();
-		return res.redirect('/');
+		req.logout(() => {
+			res.redirect('/');
+		});
+		return;
 	}
 
 	res.locals.config = config;
diff --git a/src/middleware/user.js b/src/middleware/user.js
index 827e1e204a..db3a97ef08 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -35,7 +35,7 @@ module.exports = function (middleware) {
 	async function authenticate(req, res) {
 		async function finishLogin(req, user) {
 			const loginAsync = util.promisify(req.login).bind(req);
-			await loginAsync(user);
+			await loginAsync(user, { keepSessionInfo: true });
 			await controllers.authentication.onSuccessfulLogin(req, user.uid);
 			req.uid = user.uid;
 			req.loggedIn = req.uid > 0;
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index b2b4f0bf6d..b3f9bcba40 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -139,7 +139,7 @@ Auth.reloadRoutes = async function (params) {
 			})(req, res, next);
 		}, Auth.middleware.validateAuth, (req, res, next) => {
 			async.waterfall([
-				async.apply(req.login.bind(req), res.locals.user),
+				async.apply(req.login.bind(req), res.locals.user, { keepSessionInfo: true }),
 				async.apply(controllers.authentication.onSuccessfulLogin, req, req.uid),
 			], (err) => {
 				if (err) {

From 4a3e36a766dd45f51d653978520a1106ac94bb37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sun, 14 Aug 2022 20:18:18 -0400
Subject: [PATCH 5/7] fix: don't crash if post is undefined

---
 src/posts/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/posts/index.js b/src/posts/index.js
index 7b6d3ac787..196ebfc65a 100644
--- a/src/posts/index.js
+++ b/src/posts/index.js
@@ -93,7 +93,7 @@ Posts.getPostIndices = async function (posts, uid) {
 };
 
 Posts.modifyPostByPrivilege = function (post, privileges) {
-	if (post.deleted && !(post.selfPost || privileges['posts:view_deleted'])) {
+	if (post && post.deleted && !(post.selfPost || privileges['posts:view_deleted'])) {
 		post.content = '[[topic:post_is_deleted]]';
 		if (post.user) {
 			post.user.signature = '';

From 72e7b9f7d87306a7d41021bc63c0baf3fe485ac3 Mon Sep 17 00:00:00 2001
From: Opliko <opliko.reg@protonmail.com>
Date: Tue, 16 Aug 2022 21:57:24 +0200
Subject: [PATCH 6/7] docs: explain what export routes actually do in OpenAPI
 documentation (#10836)

---
 public/openapi/read/user/userslug/export/posts.yaml   | 1 +
 public/openapi/read/user/userslug/export/profile.yaml | 1 +
 public/openapi/read/user/userslug/export/uploads.yaml | 1 +
 3 files changed, 3 insertions(+)

diff --git a/public/openapi/read/user/userslug/export/posts.yaml b/public/openapi/read/user/userslug/export/posts.yaml
index ce2da2309a..80132ab8ad 100644
--- a/public/openapi/read/user/userslug/export/posts.yaml
+++ b/public/openapi/read/user/userslug/export/posts.yaml
@@ -2,6 +2,7 @@ get:
   tags:
     - users
   summary: Export a user's posts (.csv)
+  description: This route retrieves an existing export of user's posts. To create one go to `/user/{userslug}/consent`
   parameters:
     - name: userslug
       in: path
diff --git a/public/openapi/read/user/userslug/export/profile.yaml b/public/openapi/read/user/userslug/export/profile.yaml
index ffa6b105cc..da0b6bec45 100644
--- a/public/openapi/read/user/userslug/export/profile.yaml
+++ b/public/openapi/read/user/userslug/export/profile.yaml
@@ -2,6 +2,7 @@ get:
   tags:
     - users
   summary: Export a user's profile data (.json)
+  description: This route retrieves an existing export of user's profile data. To create one go to `/user/{userslug}/consent`
   parameters:
     - name: userslug
       in: path
diff --git a/public/openapi/read/user/userslug/export/uploads.yaml b/public/openapi/read/user/userslug/export/uploads.yaml
index 1f29cce6a2..cbe7a9aefa 100644
--- a/public/openapi/read/user/userslug/export/uploads.yaml
+++ b/public/openapi/read/user/userslug/export/uploads.yaml
@@ -2,6 +2,7 @@ get:
   tags:
     - users
   summary: Export a user's uploads (.zip)
+  description: This route retrieves an existing export of user's profile data. To create one go to `/user/{userslug}/consent`
   parameters:
     - name: userslug
       in: path

From ec048a01ba9f2dbc17064427bdcafd88e7271c88 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 17 Aug 2022 15:32:36 -0400
Subject: [PATCH 7/7] fix: #10841, incorrect conditional in email interstitial
 partial

---
 src/views/partials/email_update.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/views/partials/email_update.tpl b/src/views/partials/email_update.tpl
index bdf70d6ac0..5e2d77f183 100644
--- a/src/views/partials/email_update.tpl
+++ b/src/views/partials/email_update.tpl
@@ -11,7 +11,7 @@
 		<p class="help-block">[[user:emailUpdate.change-instructions]]</p>
 	</div>
 
-	{{{ if update }}}
+	{{{ if issuePasswordChallenge }}}
 	<div class="form-group">
 		<label for="password">[[register:password]]</label>
 		<input class="form-control" type="password" id="password" name="password" />