7f5efc3e93
fix : #8992 , set email:confirmed for first admin user
4 years ago
80f0750bd4
fix: typo in upgrade script, closes #8990
4 years ago
9ab4fb412b
fix: order
4 years ago
d3c04afb98
fix : #8982 , copy color on tag rename, dont copy if target exists
...
refresh page on tag rename
4 years ago
acb576662e
fix(spec): from 6e6a7a8f8a
4 years ago
6e6a7a8f8a
fix : #8969 , export csv to file
4 years ago
007a3258a0
feat: add handler for 501 api response
4 years ago
f4d217d829
fix : #8980 , fix lang string
4 years ago
bf171adc83
fix : #8979
4 years ago
1e7cf1cbc4
fix : #8971 , disallow flags of privileged users (mods, gmods, admins)
4 years ago
dadb2527da
fix : #8974 , with password login for approval queue
4 years ago
ad8e770037
feat: add pinExpiry and pinExpiryISO to topic data
4 years ago
a56a657759
fix: missing select/clear all checkbox added to category privileges template ( #8967 )
4 years ago
ba3981e270
fix: use package.name for theme.id ( #8965 )
...
Prevents cases like #8953
4 years ago
07fe959ce5
chore: remove test code
4 years ago
b8cafefce2
fix: winston usages
4 years ago
414caac01b
fix : #8957
4 years ago
47a19d6763
fix: error message
4 years ago
5bb5ec4618
fix : #8954 , clear purged replies and toPids ( #8959 )
...
* fix : #8954 , clear purged replies and toPids
* fix: redis test
4 years ago
21d6225ce0
fix: 'already-deleting' error on subsequent account content deletions
4 years ago
93863bb3c6
fix : #8949 , faster upgrade script
4 years ago
6771ca150a
fix: add topic uid to infinitescroll
4 years ago
c037779fa1
feat: add topicOwnerPost #8778
4 years ago
ac734b8335
fix : #8912
4 years ago
4f37eddc5e
feat: clear reset tokens on user delete
4 years ago
e32cd31ec6
fix : #8918
4 years ago
3af4d13fa5
fix: basepath for r.js modules
4 years ago
00e75de736
feat: select/clear all checkboxes in privilege table ( #8941 )
4 years ago
1c0e8c1663
fix: move meta.getServerTime call to admin namespace
4 years ago
90434a4668
Revert "fix(spec): always show thumb in topic response"
...
This reverts commit 493c568a75
4 years ago
493c568a75
fix(spec): always show thumb in topic response
4 years ago
0ca40af834
fix : #8939 , fix username change notification getting filtered out
4 years ago
906d7d734b
refactor: move API banned response handler to separate internal method
4 years ago
afb26bfe48
feat: show ban reason and expiry in write api responses, if user is banned
4 years ago
eab4ca7104
fix: bug with Topics.resizeAndUploadThumb not checking for extension validity
4 years ago
2b73a14e42
fix : #8933
4 years ago
6e5ec3f895
feat: automatically unban users in onSuccessfulLogin
...
This allows write API (and probably SSO login) to go through unimpeded if a user's ban has expired. Closes nodebb/nodebb-plugin-write-api#126
4 years ago
77f0bff54f
fix : #8929 , fix popular, top rss feed urls
4 years ago
8f4060819f
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
5dd3b03125
fix: a derp
4 years ago
b18e7e319b
fix: spec
4 years ago
4ca62dc45b
fix: improper handling of scheme-relative URLs in topic thumb logic
4 years ago
3f337b5d7c
feat: #8925 , #8924
4 years ago
5fa098326f
fix: https://github.com/NodeBB/NodeBB/pull/8685
...
fix category link redirect on cold load
fix helpers.redirect if passed in url is external
fix ajaxify so it doesn't slice first character of external url
4 years ago
f33a9185ff
fix: on OP edit, call helper method to upload and resize thumb
4 years ago
9ee1fb490e
fix: https://github.com/NodeBB/NodeBB/pull/8759
4 years ago
672d4da078
feat: human readable uptime
4 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
4 years ago
3b1c03ed50
feat: allow ACP API access to bearer tokens
...
closes nodebb/nodebb-plugin-write-api#132
4 years ago
98a05e4dde
chore: add missing plugin hook deprecation warning
4 years ago
ef3df47a6d
refactor: remove breaking change in pin expiry
4 years ago
046d0b1637
feat: allow pins to expire (if set) ( #8908 )
...
* fix: add back topic assert middleware for pin route
* feat: server-side handling of pin expiries
* refactor: togglePin to not require uid parameter [breaking]
* feat: automatic unpinning if pin has expiration set
* feat: client-side modal for setting pin expiration
* refactor: categories.getPinnedTids to accept multiple cids
... in preparation for pin expiry logic, direct access to *:pinned zsets is discouraged
* fix: remove references to since-removed jobs file for topics
* feat: expire pins when getPinnedTids is called
* refactor: make the togglePin change non-breaking
The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid
4 years ago
1be08b2e8b
fix: guest displayname
4 years ago
dbd814c25f
fix: spec, only call modifyUser on unique user objects
4 years ago
903e9d82b8
feat: #8637
4 years ago
ae5d4405c0
fix: setting
4 years ago
9ca44e6f54
feat: add displayname into user obj #8637 ( #8909 )
...
* feat: add displayname into user obj #8637
* fix: spec
* perf: dont load settings if acp setting is turned off
4 years ago
8d060065a0
fix: spec
4 years ago
e9585b9be2
fix: group userTitles translation escapes
4 years ago
965671a97b
fix: remove params from error log
4 years ago
fa4177c3bc
fix : #6407 , fix feeds
...
display latest posts instead of oldest in topic rss feed
fix missing await that was causing rss_tokens to not function
fix feed test
more tests for getTopicWithPosts
4 years ago
4e9b10ab76
feat: #5274
4 years ago
fb567a7a33
feat: #4456
4 years ago
a6afcfd531
feat: #8475 , allow flagging self posts
...
dont count flags towards self posts
dont allow flagging your own account
4 years ago
a87ccccc9c
fix: benchpress warnings
4 years ago
dfdc0c420c
fix: benchpress warnings
4 years ago
a0b7a82350
feat(api): account deletion routes for the Write API ( #8881 )
...
* feat(api): account deletion routes for the Write API
* refactor: rewrite client-side calls to account deletion to use api
* style: apply DRY
4 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
4 years ago
35f932cd64
feat: #8171 , add oldCategory if topic is moved
4 years ago
b44ddecdf8
feat: #8204 , separate notification type for group chats
4 years ago
1d6bcbebde
feat: https://github.com/NodeBB/NodeBB/issues/8147
4 years ago
e1d7c4d8aa
fix: internal helper method hasGlobalPrivilege, DRY
4 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
d30ea25629
feat(deps): benchpressjs@2.2.1 ( #8887 )
...
Better warnings, faster template compiles
4 years ago
452d7f2b17
Create verified/unverified user groups ( #8889 )
...
Co-authored-by: Tudor-Dan Ravoiu <tudor-dan.ravoiu@ubisoft.com>
4 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
4 years ago
5598130a92
refactor: async/await controllers/index.js
4 years ago
f14e42d8bc
fix : #8883
4 years ago
8fbe832460
refactor: less dupe code
4 years ago
8518404e22
feat: allow groups to specify which cids to show member posts from ( #8875 )
...
* feat: allow groups to specify which cids to show member posts from
* docs: fix tests for openapi
* fix: test breakage caused by improper conditional
* feat: server-side checking of memberPostCids for validity
* feat: admin panel template update to select categories to include
* refactor: privilege helpers.isUserAllowedTo
... to helpers.isAllowedTo, allowing group names to be passed in
4 years ago
51b7eca119
fix: run every hour, dont show message if average_time is 0
4 years ago
04f4429f72
Resolve #7514 - optional timer for registration queue ( #8796 )
...
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
4 years ago
bcccb331db
docs: openapi schema for user/group exist check, session deletion
4 years ago
dc9668e417
fix: pass length to messaging checkContent hook
4 years ago
567c5f2056
fix : #8869 , dont escape category title,description twice
4 years ago
f300c933a5
refactor: move session revocation route to write api
4 years ago
9c5c32d4a5
feat: #8864 , add action:events.log
4 years ago
62c0454cfe
feat: show db info side by side
4 years ago
a0164b1c38
fix: use header/footer cache in prod
4 years ago
05a92885f2
fix: add missing maxAge to cache
4 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
4 years ago
f1f9b225b0
feat: #8824 , cache refactor ( #8851 )
...
* feat: #8824 , cache refactor
ability to disable caches
ability to download contents of cache
refactor cache modules to remove duplicated code
* fix: remove duplicate hit/miss tracking
check cacheEnabled in getUncachedKeys
4 years ago
6255874e32
feat: move mkdirp to beforeBuild so it doesnt get called twice
4 years ago
74951f5967
fix : #8846 , possible fix
4 years ago
0b30efba31
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
16d03975a0
fix: winston error message
4 years ago
d263192271
feat: group exists API call in write api
4 years ago
1446cec77f
feat: user exist route in write api
4 years ago
6b196a207f
fix: permanent redirect on user api redirect shorthand
4 years ago
f2bb42c076
fix: user exist route needs no authentication
4 years ago
60e1e99b4f
feat: new shorthand route /api/v3/users/bySlug/:userslug
...
closes #8844
4 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
4 years ago
c61dee4b62
fix : #8840 , don't crash if /compose route is called with no query params
4 years ago
9e3eb5d41a
feat: #8821 , allow guest topic views
4 years ago
f68bce86a9
fix: XSS in event:banned messaging modal
4 years ago
76cd5b0fc1
fix : #8836 , truncate fullname
4 years ago
eec630f1ef
fix(acp): max-height for plugin menu list
4 years ago
891a1ea2af
fix : #8827 , do not require admin:users privilege to ban users
4 years ago
4b63f9937c
fix: check is banned in buildHeader
...
remove unused banReason
remove generateHeader function
4 years ago
a338f52780
feat: #8823 , remove hardcoded write concern
4 years ago
08ff4041aa
fix: missing await
4 years ago
c0f699e655
fix: disallow registration attempts with password length > 4096
...
This is a stopgap measure for v1.15.0
4 years ago
4818ec377e
fix: missing await
4 years ago
6e85920cb6
feat: allow mods/admins to see deleted posts on user profile
4 years ago
87bff6cd65
fix: broken test
4 years ago
dda5d42610
fix: restore old behaviour of empty json w/ 401 code in admin middleware
4 years ago
15e0731dd9
fix: deprecate middleware.isAdmin
...
Also, handle admin logout timer in middleware.admin.checkPrivileges
4 years ago
4439864ce0
fix: post editing not taking plugin hook results into account
4 years ago
a02ae6f5df
refactor: simpler check in user.blocks.filter
4 years ago
27016d221c
feat: rearrange buttons on manage/users
4 years ago
57ed6be78b
fix : #8805 define our own name for write API v3
4 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
4 years ago
a6a52430ce
fix: remove setCategorySort and setTopicSort
4 years ago
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
4 years ago
6ac73ccb7e
feat: #8801 , disable express compression by default
4 years ago
3c98cd3d95
fix: topic object in post editing data return
4 years ago
1392d064a1
fix(writeapi): normalizing data
4 years ago
ec03af7a38
feat: allow passing subset of user settings on update route
4 years ago
618e098305
fix: bug where token generation route would fail on null case
4 years ago
b156b8b573
feat: wip, write api tests framework
...
re-using read api tests if possible
4 years ago
2e9f27d8ff
fix: typo
4 years ago
93bdfe2f10
perf: reorder async calls
4 years ago
88a07e69b5
feat: add filter:category.getFields
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
4 years ago
0db0231cff
feat: move postercount to topic hash
4 years ago
203db47b30
fix: return early for guests/spiders
4 years ago
156e1396f2
fix: #8789,cache meta.settings
4 years ago
a7b6d0dfe5
feat: add free and total mem usage to info
4 years ago
c26f2b6599
feat(writeapi): user settings API
4 years ago
db63f5e3f0
fix : #8781
4 years ago
177a961000
feat: new filter filter:teasers.configureStripTags
4 years ago
d68ffea80d
feat: send 'Vary' header when ACAO header set
4 years ago
1f43e98f8b
fix: allow admins adding users to global moderators
...
add new test
4 years ago
bbafa1b82a
Revert "fix: [breaking] send configured config URL as origin if not custom"
...
This reverts commit 205a10308e
4 years ago
a691be5952
fix: incorrect logic for post history editable bool
4 years ago
205a10308e
fix: [breaking] send configured config URL as origin if not custom
...
This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
4 years ago
7a019494e8
feat: add filter.topics.getPostReplies
4 years ago
7a8f704900
fix : #8776 some users unable to restore old versions via history
4 years ago
b26e9b5993
fix : #8595 , dont save escaped data when renaming groups
4 years ago
ea31f50554
refactor: show more lines of stack trace
4 years ago
7bddec93ec
fix: sortby
4 years ago
b3619d3d47
fix : #8774
4 years ago
ff4fcc23b6
Update bundled logos with new branding ( #8702 )
...
* feat: updating logo assets, square logos missing still
* fix: squared logo for touch icon and notification fallback
* fix: update link to favicon
* feat: add default touch icon sizes, if one isn't uploaded
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
4 years ago
e362c342a3
fix : #8630 , sort extra deps
4 years ago
d9a16855d0
refactor: posts api
4 years ago
272e73da53
refactor: post restore/delete/purge
4 years ago
9738e20207
refactor: merge post.edit
...
fix: dont fadeout/fadeint if title/post didnt change
4 years ago
2279e37261
refactor: deprecate socket.emit('users.search') use api route
4 years ago
083c74e059
refactor: api categories
4 years ago
e78c498e84
fix: missing doTopicAction, fix wrong api params
4 years ago
bc880ee0ca
refactor: remove sockets.reqFromSocket
4 years ago
9d81660e24
Revert "Revert "fix: appropriate 404 handling for write API calls""
...
This reverts commit 135c2d6c7d
4 years ago
135c2d6c7d
Revert "fix: appropriate 404 handling for write API calls"
...
This reverts commit b6cce75d97
4 years ago
9ee3cb9b62
refactor: topic follow/ignore to use api lib
4 years ago
68d6818bca
refactor: topic tools' actions to use api lib
4 years ago
21974a77f8
feat: topic reply to use api lib (also + missing file)
4 years ago
40598b368e
refactor: topic creation to use api lib
4 years ago
b6cce75d97
fix: appropriate 404 handling for write API calls
4 years ago
ede9435f0e
feat: send 401 for invalid-uid
4 years ago
c913900ed6
feat: async/await admin/search
4 years ago
bf480ee58b
refactor: setupApiRoute signature
4 years ago
688d7a2cc2
refactor: remove unused middleware
4 years ago
b2ff1594b8
fix: redis hget
...
'node_redis: The HGET command contains a invalid argument type.\n' +
'Only strings, dates and buffers are accepted. Please update your code to use valid argument types.'
4 years ago
e98285dbbb
fix: reimplementing isPrivilegedOrSelfAndPasswordMatch
4 years ago
84a179f48c
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
3f347baadb
fix: socket user bans
4 years ago
14f9d8b0e5
feat: send back 403 on no-privileges error
4 years ago
222b4c9533
fix: broken tests from api change
4 years ago
2d252f2fa4
refactor: user bans to use api lib
4 years ago
7d86be2bc2
fix: tests
4 years ago
e367c5403e
refactor: move groups.leave, fix some tests
4 years ago
bbbd9fee85
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
960e925e40
refactor: change password/user follow to use api lib
4 years ago
081c4fa6d4
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
430e7f5834
refactor: user deletion to use api lib
4 years ago
8ae1f81cf4
feat: refactor groups.delete
4 years ago
77481947f0
refactor: socket profile update to use api lib
4 years ago
31ae8a8323
refactor: socket profile update to use api lib
4 years ago
d69e503d21
feat: move groups.join to api
4 years ago
d07f0081b7
fix: add missing file
4 years ago
23086daead
refactor: user create and profile update to use api lib
4 years ago
5e2caf19f5
refactor: use single function for api code
4 years ago
25e4a09816
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
4418ff0716
fix : #8768
4 years ago
cc6e995ee2
fix: api bug where user profile editing continued even if not allowed
4 years ago
43afe7ffab
refactor: async/await src/user/approval
4 years ago
bae0f343e1
fix: module build
4 years ago
1fd2eba6f2
refactor: async/await
...
src/cli/manage.js
src/meta/build.js
src/meta/css.js
src/meta/js.js
4 years ago
b295d15eae
fix: tests
4 years ago
d89477cad0
refactor: use app.render
4 years ago
9dd3cc0483
feat: allow plugins to define api routes
...
via new plugin hook static:api.routes
4 years ago
a4ba23899e
feat: require https if nodebb is configured with https url
4 years ago
e6ea71c95a
fix: test
4 years ago
8c6a559188
fix: timestamp
4 years ago
331d236f6e
fix : #8763
4 years ago
a481024d27
fix: lastonline again
4 years ago
71d82ec8e0
fix: caret
4 years ago
97628e2ff2
fix: lastonline values
4 years ago
1289c10568
fix: upgrade script
4 years ago
59bbede8c7
fix: cant join system groups
4 years ago
a411df1321
fix: tests
4 years ago
dd7424e5b5
refactor: remove unused search call
4 years ago
2d6ea6e505
Merge branch 'master' into admin/users
4 years ago
a2edb86dfb
feat: change user search to use filters array
4 years ago
959314c921
feat: add filter
4 years ago
1e07886f30
feat: require csrf token if not using bearer token
4 years ago
933989e013
Merge branch 'master' into admin/users
4 years ago
682e926c6b
feat: #8662 , verified/unverified user groups
4 years ago
30b3fedca4
fix: password reset to invalidate all existing reset tokens for that uid
4 years ago
700e1e4340
feat: more fixes
4 years ago
40a05b70ef
feat: more work
4 years ago
b038ac07d8
feat: wip admin/users
4 years ago
7beaf49028
feat: set unread false for guests
4 years ago
30d6a2b84e
fix : #8756 , pass missing req to mock
4 years ago
1ee9384875
fix : #8757 , allow all slashes in category route
4 years ago
dc29f4dca2
refactor: switch to using slugify module
4 years ago
bddfcb5867
feat: #8734 , add slugify module, deprecate utils.slugify
4 years ago
f16c8268cf
feat: #8734 , move bootstrap-tagsinput to package.json
4 years ago
eab7489ec5
feat: #8734 , move deserialize/serialize to package.json
4 years ago
948f26143c
feat: #5964 , #8734 remove colorpicker
4 years ago
aedd28e0a6
fix: module name
4 years ago
cc705e5e2b
feat: #8734 , move sortable to package.json
4 years ago
300a87559f
feat: #8734 , move bootbox to package.json
4 years ago
420a312982
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
3b231360d3
feat: load jquery-form before using
4 years ago
fda2aedfd8
feat: #8734 , jquery-ui, jquery-form, timeago ( #8748 )
...
* feat: #8734 , jquery-ui, jquery-form, timeago
get rid of forum/footer.js move that code to app.js & wait for app to load before calling ajaxify.end
make sockets.js a requirejs module
move jquery-ui to node_modules and load via requirejs
move jquery-form to node_modules and load via requirejs
move timeago to node_modules and load via requirejs
only include the css for needed jquery-ui widgets
* feat: keep socket/io global for backwards compat
* refactor: move socket listener to chat
4 years ago
ae3a231fce
feat: #8734 , remove semver.browser
...
use compare-versions as a module
4 years ago
9a5b8a798a
fix: category RSS feed was displaying deleted topics
4 years ago
2c1897b373
feat: #8734 , move slideout to package.json
4 years ago
9c157de05d
feat: #8734 , move tinycon to package.json
4 years ago
45e8a4d588
fix : #8734 make nprogress module
4 years ago
43589a744d
feat: #8734 , move visibilityjs to package.json
4 years ago
8af30a51b5
fix: regression caused by 7545951725
...
/cc @psychobunny
4 years ago
a46cbb623d
feat: #8734 , move nprogress to package.json
4 years ago
aa08f8826c
feat: #8734 move r.js to package.json
4 years ago
b3ed26ac2c
feat: revoke user sessions above threshold ( #8731 )
...
* feat: revoke user sessions above threshold
* fix: removed translations from en-US
* fix: defined default maxUserSessions in install\data\defaults.json
4 years ago
4a63c20a72
chore: some optimizations for codeclimate
4 years ago
b8703ba9f6
fix(writeapi): tests
4 years ago
8ecef7b891
refactor: middleware.assert.*
4 years ago
cfee431c53
feat(writeapi): commented-out stub code for file upload
4 years ago
Barış Soner Uşaklı
Julian Lam
gasoved
Peter Jaszkowiak
Barış Soner Uşaklı
psychobunny
Tudor-Dan Ravoiu
Opliko
cryptoethic