2334 Commits (0d694c781cd1194800b867376394a0a360c63707)

Author SHA1 Message Date
Barış Soner Uşaklı 794bf01b21 feat: allow changing default search in 4 years ago
Barış Soner Uşaklı 9de64bf516 fix: #9698, pass along query params in redirect 4 years ago
Barış Soner Uşaklı 358ad74054 feat: closes #9684, allow event deletion
fix: topic events appearing before necro messages
feat: add move topic event
feat: add ability to delete specific topic events via events.purge
4 years ago
Barış Soner Uşaklı 42dbd40253 refactor: remove unused async 4 years ago
Barış Soner Uşaklı 6b6a7d4b8a refactor: remove waterfall 4 years ago
Julian Lam 4a521ea218 fix: email update interstitial to not error on empty email field (on new registration) 4 years ago
Julian Lam 70a04bc105 feat: removed registerAndLoginUserCallback local helper, added handling if a bad interstitial doesn't go away nor throw errors 4 years ago
Julian Lam 0e05cbe1f7 feat: show instructional modal after email change request 4 years ago
Julian Lam 324a12b6c3 feat: return back to profile after editing email 4 years ago
Julian Lam b3c916414b feat: allow registration interstitial abort to also follow returnTo 4 years ago
Julian Lam f53fc1ad0b feat: return generic 404 on invalid confirm code 4 years ago
gasoved a917210c5b feat: invites no longer require email 4 years ago
Julian Lam 81611ae1c4 fix(emails): broken test for api/user/email/:email
+ fixed broken tests due to unexpected behaviour for email confirmation
4 years ago
Julian Lam c4e3362bd3 feat(emails): restore ability for admins to edit a user's email address [breaking]
The edited user's email will be automatically confirmed
4 years ago
Julian Lam afd2d8dab1 feat(emails): pass req in to filter:registration.interstitial 4 years ago
Barış Soner Uşaklı 7d115c8ef2 fix(emails): dont allow retrieving user data if showemail is false @julianlam 4 years ago
Julian Lam 69c96dd23c refactor(emails): more work in update email interstitial, interstitial skipping, email change on confirmation, deprecation of requireEmailConfirmation 4 years ago
Julian Lam f365bc4600 refactor(emails): interstitial for adding/updating email 4 years ago
Julian Lam 74aaa0a926 feat: show different registration intersitial lead text on new account vs. existing 4 years ago
Julian Lam 7c1d1c777b refactor(emails): remove email validation on client and server side 4 years ago
Julian Lam 340ccb2498 style: lint fix 4 years ago
Julian Lam d1959a258b fix: #9670 return 4xx errors instead of 5xx on flag routes, when unauthenticated or not privileged [breaking] 4 years ago
Julian Lam cc6cbfcdc4
Flags API (#9666)
* feat: new routes for flags API

+ flag get
+ flag creation, migration from socket method
+ flag update, migration from socket method
* fixed bug where you could not unassign someone from a flag

* feat: tests for new flags API

added missing files for schema update

* fix: flag tests to use Write API instead of sockets

* feat: flag notes API + tests

* chore: remove debug line

* test: fix breaking test on mongo
4 years ago
Barış Soner Uşaklı 4a56388ec3
feat: store topic tags in topic hash (#9656)
* feat: store topic tags in topic hash

breaking: remove color info from tags (use css)

* fix: remove unused tag modal

* fix: tag search
4 years ago
Julian Lam 415416d2a7 fix: translate language keys if passed in to formatApiResponse 4 years ago
Julian Lam 7036c3751e feat: internationalize API error messages 4 years ago
Julian Lam a54a3ee1ca fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 4 years ago
Barış Soner Uşaklı ff78969c2c fix: lint 4 years ago
Barış Soner Uşaklı 55d7e55867 fix: tests 4 years ago
Barış Soner Uşaklı 6ed7e937ce refactor: fix wording 4 years ago
Barış Soner Uşaklı 47c8c69264 fix: keep query string on redirects 4 years ago
gasoved 97c8569a79 fix: hide private user data in api/v3/users/[uid] 4 years ago
Anton Grigoryev db65360c0d
fix(post-queue): moderatedCids is an array of numbers (#9631) 4 years ago
Barış Soner Uşaklı 0d975bc4fb fix: dont show system tags in whitelist dropdown to regular users 4 years ago
Barış Soner Uşaklı c92fc19b5c fix: #9619, add group chat filter to /notifications 4 years ago
Barış Soner Uşaklı 46a454f194 feat: add bodyClass to 500 page 4 years ago
Julian Lam f9728aff2c feat: clear reset tokens on successful login 4 years ago
Barış Soner Uşaklı 8ea58432c9 feat: show ip on acp manage users
update url on search
show matching ip when searching by ip
add ip to export csv
4 years ago
Barış Soner Uşaklı 6695927ea9 fix: pagination on acp users search 4 years ago
psychobunny 05cc7ccb60 feat: make undoTimeout configurable, closes #9599 4 years ago
Julian Lam 816856b0c6 feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing)
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.

Session sharing now sets `reroll` to `false` if re-validate is enabled.
4 years ago
Julian Lam d2960aeb09 feat: added GET user route for api v3 4 years ago
Julian Lam 48b8e3bb3f fix: error when trying to trim an object 4 years ago
Barış Soner Uşaklı 9ebfdeb7ee fix: #9580, proper 404 when ajaxifying 4 years ago
Barış Soner Uşaklı 09f5179216 fix: lint 4 years ago
Barış Soner Uşaklı 77dde41f7b feat: keep query string when redirecting category 4 years ago
Barış Soner Uşaklı 3d6bdeb3df feat: add req.query to flags.list/getCount 4 years ago
Julian Lam 1d9cfe1e96 fix: bug where interstitial errors were not properly passed to the front-end via req.flash 4 years ago
Barış Soner Uşaklı 518157d9fa feat: pass req.query to getUserDataByUserSlug 4 years ago
Barış Soner Uşaklı 0551642a35 fix: #9553, use same fields for user search results in acp 4 years ago
Barış Soner Uşaklı ffa8016355 fix: lint 4 years ago
Barış Soner Uşaklı fad5988ed6 fix: tests 4 years ago
Barış Soner Uşaklı 074ee859c4 fix: tests 4 years ago
Barış Soner Uşaklı 1f3e660108 feat: add template to hook 4 years ago
Barış Soner Uşaklı a2442ee914 feat: add filter:account.getPostsFromUserSet 4 years ago
Barış Soner Uşaklı 2ea468daa3 test: clear cache between runs, require middleware later in helpers 4 years ago
gasoved 8faa6e4515
feat: filter flags by username #8489 (#9451)
* feat: filter flags by username #8489

* feat: toggle flag filter text
4 years ago
Julian Lam 1fee6a702a fix: #9487, session data gathered during a session is lost upon login
e.g. returnTo, tids_viewed, etc.
4 years ago
Julian Lam 697ed3bf37 feat: roll session identifier on login, as security best practice
see: https://owasp.org/www-community/attacks/Session_fixation
4 years ago
Julian Lam e845c34b52 fix: registration interstitials not handling promise rejections properly 4 years ago
Barış Soner Uşaklı 4494728cf8 feat: allow different slugs 4 years ago
Barış Soner Uşaklı 036f935fa9
fix: #9473 (#9476) 4 years ago
Julian Lam f65d2162f8 feat: update hook
Hook payload updated to pass login strategy (if overridden, this value will be something other than 'local'), and explicitly pass error if the login failed.
4 years ago
Barış Soner Uşaklı f32ea1737a fix: #9466, don't call leaveRoom in maintenance mode 4 years ago
gasoved 077330b764
feat: scheduled topics (#9399)
* feat: scheduled topics

* refactor: linting fixes

* fix: tests

* fix(test): race condition

* fix: make a single request
4 years ago
Barış Soner Uşaklı 67b09cba5f fix: #9420, paginate after loading notifications 4 years ago
Julian Lam 98b72ca572 fix: allow local (and overridden) login strategies to pass Error objects back 4 years ago
Barış Soner Uşaklı 668508cc37 feat: closes #9380, add category filtering and topic tools to tag page 4 years ago
Julian Lam f71cb0e427 feat: pass interstital errors to individual partials as well as to registerComplete 4 years ago
Julian Lam 678e8f0fde fix: regression where login redirect for admin routes didn't go to local=1 4 years ago
Julian Lam 7da061f0d7
refactor: automatically authenticate all requests setup through route helpers (#9357)
* refactor: automatically authenticate all requests setup through route helpers

* fix: removed connect-ensure-login dependency

* fix: bug with some middlewares not defined outside route helper methods
4 years ago
Barış Soner Uşaklı 3aa26c4df2 fix: #9339, only log email errors once per digest, notification push
show notice in acp
4 years ago
Julian Lam c1b3079d93 feat: category privilege API routes
closes #9342
4 years ago
Julian Lam c8b78654d9 fix: bad assignment 4 years ago
Julian Lam fbe9215b17 fix: #9348 incorrect redirect via connect-ensure-login 4 years ago
Barış Soner Uşaklı a598abcd8e feat: use updateProfile for picture change
so it triggers action:user:updateProfile
4 years ago
Julian Lam f806befd2f fix: bug where loginSeconds setting was ignored for local login 4 years ago
Julian Lam 9bf94ad50f fix: allow interstitial callbacks to be functional (no cb required) 4 years ago
Barış Soner Uşaklı 293b7c2650
refactor: privileges, export modules directly (#9325)
fix unused/commented out methods in admin privileges
4 years ago
Julian Lam 0804d54759 spec: schema docs for new ACP dashboard subpage routes 4 years ago
Julian Lam 2f89b0d791 feat: recent logins sessions table in dashbaord subpage 4 years ago
Julian Lam e1ed514b10 feat: topics dashboard details subpage 4 years ago
Julian Lam cc93822436 feat: show list of recent users in dashboard/users 4 years ago
Julian Lam 6fdcae7320 feat: req.query parsing and dynamically loading data instead 4 years ago
Julian Lam f561799f74 refactor: abstract out some client side dashboard code into modules, analytics subpages for users, topics, and logins 4 years ago
Julian Lam 16d3c45782 feat: report login statistics from analytics data, instead of its own zset 4 years ago
Julian Lam 9a9f366d3b feat: track login sessions for admin dashboard reporting 4 years ago
Julian Lam 020f0b8322 fix: session not persisting to database in some scenarios
In some edge cases (e.g. SSO plugin redirecting the user immediately), with modern browsers, the request is never "completed" for speed. This causes a condition where the session object never persists to the database, even though it has changed. This added line forces a db persist on a successful login.

Context: https://github.com/expressjs/session/pull/484
4 years ago
Julian Lam 504fd107c7 feat: track successful logins in analytics 4 years ago
Julian Lam 955021247e feat(user): icon background selector in change picture modal 4 years ago
Julian Lam 2fef462782 fix: awaiting res.render in send404 controller
>
> A plugin wanted to use `response:rotuer.page` to 404 a specific page on some condition. res.render returns early in send404 and so must be awaited otherwise multiple responses will be sent
4 years ago
Barış Soner Uşaklı 9ce6f8ad93 feat: add tag filter to getSortedTopics 4 years ago
Julian Lam 7223074f1d feat: ability to re-order topic thumbnails 4 years ago
Julian Lam 3e6640efb2 refactor: thumbs.associate accepts both relative path and url in path arg 4 years ago
Julian Lam 36f2021186 refactor: move post queue retrival code to posts.getQueuedPosts 4 years ago
Julian Lam cc275e1016 Revert "feat: newsletter opt-in/out in UCP, closes #21"
This reverts commit 3c7cd9a6c4.
4 years ago
Julian Lam 3c7cd9a6c4 feat: newsletter opt-in/out in UCP, closes #21 4 years ago
Barış Soner Uşaklı b6493f896f fix: tests, only generate csrf_token on 404 gets 4 years ago
Barış Soner Uşaklı 94f72d6093 fix: #9287, generate csrf_token on 404 4 years ago
Peter Jaszkowiak cc9d6fd08b chore: eslint max-len 4 years ago