hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
20,811 Commits
2 Branches
0 Tags
158 MiB
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '20f4fe085f'
${ noResults }
Commit Graph

156 Commits (20f4fe085fd5a8a4a9f12d38d2a3498afca648af)

Author SHA1 Message Date
Julian Lam 512f6de6de
feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 4 years ago
Barış Soner Uşaklı a05905f196
performance improvements (#8795) 
* perf: nconf/winston/render

cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests

* fix: copy paste fail

* refactor: style and fire hook only log in dev mode

* fix: cache key, header changes based on template

* perf: change replace

* fix: add missing await

* perf: category

* perf: lodash clone

* perf: remove escapeRegexChars
 4 years ago
Julian Lam e98285dbbb fix: reimplementing isPrivilegedOrSelfAndPasswordMatch 4 years ago
Barış Soner Uşaklı 84a179f48c Merge branch 'master' of https://github.com/NodeBB/NodeBB 4 years ago
Julian Lam 222b4c9533 fix: broken tests from api change 4 years ago
Barış Soner Uşaklı 7d86be2bc2 fix: tests 4 years ago
Barış Soner Uşaklı 872bacf1c4
Admin/users (#8762) 
* feat: wip admin/users

* feat: more work

* feat: more fixes

* feat: #8662, verified/unverified user groups

* feat: add filter

* feat: change user search to use filters array

* refactor: remove unused search call

* fix: tests

* fix: cant join system groups

* fix: upgrade script
 4 years ago
Barış Soner Uşaklı 1ee9384875 fix: #8757, allow all slashes in category route 4 years ago
Barış Soner Uşaklı ac43cd8b6f fix: #8665, trim email before checking validity 4 years ago
Barış Soner Uşaklı 38d3982bf1 fix: #8418 
allow updating other profile fields when username isnt being changed
 4 years ago
Barış Soner Uşaklı 4be693f2e7
feat: fullname search (#8641) 
* feat: fullname search

* fix: take last element

* fix: attempt to fix psql like query

* feat: upgrade sript, another fix attempt

* fix: psql test

* fix: psql scan

* feat: add debug for test

* feat: test collate

* feat: cleanup

* fix: upgrade script
 4 years ago
Barış Soner Uşaklı 5f10d67db5
Remove sounds (#8617) 
* feat: remove sounds

* feat: remove more sounds

* feat: disable sounds plugin

* fix: openapi
 4 years ago
Barış Soner Uşaklı 9f9164a9be fix: #8582 5 years ago
Barış Soner Uşaklı 846b7d2430 refactor: change pwd change logic 
add one more test
 5 years ago
Barış Soner Uşaklı a333cb6ca4 feat: one more test 5 years ago
Barış Soner Uşaklı ecda4ad8ad feat: tests for password change 5 years ago
Barış Soner Uşaklı b9cff5775c fix: edge case in test 
if user is created the other one will be renamed
 5 years ago
Barış Soner Uşaklı 02ac44cc5a fix: dont allow searching by ip/banned/flagged for regular users 5 years ago
Barış Soner Uşaklı 48b41debe6
fix: vulnerability in cover and admin uploads (#8419) 
* fix: vulnerability in cover and admin uploads

* fix: remove old test

* fix: update tests
 5 years ago
Barış Soner Uşaklı bef37e27cb
fix: test lock for user create (#8415) 
* fix: test lock for user create

* fix: redis hdel with undefined

* feat: add test for undefined key in deleteObjectFields
 5 years ago
Barış Soner Uşaklı 18d892398f fix: add timestamp to initial username history 5 years ago
Barış Soner Uşaklı 9d153fd388 fix: #8287, dont readd user after deletion 
don't add user uid back to users:* sorted sets if they are deleted
upgrade script to fix users:* sorted sets
 5 years ago
Barış Soner Uşaklı 4d0636f847 fix: #8163, prevent account deletion 5 years ago
Barış Soner Uşaklı 66febb8071 feat: add test for isOnline 5 years ago
Barış Soner Uşaklı e06c1bfcd2 fix: escape config.userLang/acpLang, don't allow invalid language codes 5 years ago
Barış Soner Uşaklı 9d074731f4 fix: login with weak password 5 years ago
Barış Soner Uşaklı 75bcb0f484 fix: remove unused data from post/topic/user hashes 5 years ago
Barış Soner Uşaklı cd80c2638c feat: #7743 
user/password
user/picture
 6 years ago
Barış Soner Uşaklı fe4c048198 feat: #7743 
user/index.js
user/info.js
user/invite.js
user/jobs.js
 6 years ago
Barış Soner Uşaklı 4b843ba16f fix: #7567, allow invite and approval at the same time 6 years ago
Julian Lam 808c4909a4
fix: #6438 only apply whitelist when fields request empty (#7528) 
* fix: #6438 only apply whitelist when fields request empty

* feat: explicit password retrieval denied via getUsersFields
 6 years ago
Aziz Khoury 3fbb6faf28 feat: update unban logic/invocation and refactor User.bans module 
* auto unban when User.getUsersFields is called and the user is banned but has expired

* cleanups and removal of expiry_readable

* expiry_readable make an alias for backward compatibility

* User.bans.func vs User.*ban*Func

* console.log cleanups, plus todo message added

* use code util.deprecate

* fix: remove ununsed winston require
 6 years ago
Barış Soner Uşaklı c6ad8fae2a fix: #7354 6 years ago
Barış Soner Uşaklı 5353960ae7 fix: #7316 6 years ago
Julian Lam 70a87d4399
feat: support for one-click unsubscribe from email clients (#7203) 
* feat: sending notifs via ACP creates real notification

re: #7202

* feat: basic integration for one-click unsubscription #7202

* feat: tests for #7202 + bugfix

* feat: added and organized digest unsub tests

closes #7202
 6 years ago
Barış Soner Uşaklı 9d28b935fd dont load uid 0, -1 from db 6 years ago
Barış Soner Uşaklı a6864a8055 add groupTitle test for guests 6 years ago
Baris Usakli b83e50f286 remove delayImageLoading from api @julianlam 6 years ago
Barış Soner Uşaklı 19e6c61244 add new test for queue 6 years ago
Barış Soner Uşaklı f3a679e268 remove parseInts 6 years ago
Barış Soner Uşaklı 9c022afae1
Parse int (#6853) 
* Store config fields as JSON in the db

Fewer parseInts

* Remove unnecessary parseInts

* remove some dupe code add tests

* remove console.log

* remove more parseInts

* WIP: read meta.configs defaults from defaults.json

remove more parseInts

* more work

* add log for failing test

* update admin pwd

* fix tests, dont require posts/cache before configs are initialized

* handle saves

* Test boolean conditions

* remove more parseInts

* Fix boolean values

* remove lots more parseInts

* removed json parsing

* renamed var to number

* categories dont have timestamp
 6 years ago
Barış Soner Uşaklı 805da98a36 remove unnecessary groups.resetCache calls 6 years ago
Barış Soner Uşaklı 2a2e8136cd
fix tests 7 years ago
Baris Usakli 546b13b897 fix lint and tests 7 years ago
Barış Soner Uşaklı 3449cf321b add back cache and pubsub 7 years ago
Barış Soner Uşaklı ae0563375e derp 7 years ago
Baris Usakli 584f88e092 blocks WIP 7 years ago
Baris Usakli be1e83bfc1 fix tests 7 years ago
Barış Soner Uşaklı 82b2a20d0c user tests 7 years ago
Barış Soner Uşaklı a7267df404 closes #6464 7 years ago