* feat: socket.io 3 changes
* feat: replace socketio-wildcard with socket.onAny
up socket.io-redis to 6.x
* feat: remove mongodb/psql socket.io adapters
* feat: show data on fail
* fix: tests
* fix: typo
* fix: logger test fix
* fix: logger.io_close
* chore: up deps
* chore: update readme to reflect redis requirement
* fix: increase timeout show data if test fails
fix category link redirect on cold load
fix helpers.redirect if passed in url is external
fix ajaxify so it doesn't slice first character of external url
display latest posts instead of oldest in topic rss feed
fix missing await that was causing rss_tokens to not function
fix feed test
more tests for getTopicWithPosts
* feat: #8444 Allow nested objects in translations
* feat: #8444 Allow nested objects in translations
* style: don't change formatting
* fix: don't use the first string match if key isn't finished
* feat: #8444 Allow nested objects in translations
* feat: #8444 Allow nested objects in translations
* style: don't change formatting
* fix: don't use the first string match if key isn't finished
* feat: add nested translations test
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
'node_redis: The HGET command contains a invalid argument type.\n' +
'Only strings, dates and buffers are accepted. Please update your code to use valid argument types.'
* feat: wip admin/users
* feat: more work
* feat: more fixes
* feat: #8662, verified/unverified user groups
* feat: add filter
* feat: change user search to use filters array
* refactor: remove unused search call
* fix: tests
* fix: cant join system groups
* fix: upgrade script
* feat: fullname search
* fix: take last element
* fix: attempt to fix psql like query
* feat: upgrade sript, another fix attempt
* fix: psql test
* fix: psql scan
* feat: add debug for test
* feat: test collate
* feat: cleanup
* fix: upgrade script
* refactor: socket posts delete/restore/purge so tid is not necessary
* refactor: stop trying to be fancy
* fix: tests to not pass in tid into posts.deletePosts
* fix: some more unnecessary tid passing
* feat: privileges save button, #8537, WIP
* fix: disable firefox autocomplete on privilege form fields
* feat: closes#8537 privilege changes commit on save
- new language strings for confirmation and success modals/toasts
- indeterminate privilege handling (/cc @psychobunny)
- added new discard button
- both discard and save buttons now have confirmation dialogs
* fix(tests): remove duplicate template helper test
* fix(tests): broken template helper test
* feat: confirm dialogs for all privilege copy actions
Also, ability to add user to a privilege table without needing
to refresh the privilege table.
* feat: group row addition w/o table refresh
breaking: helpers.getUserPrivileges and helpers.getGroupPrivileges
no longer make socket calls to the following hooks:
- filter:privileges.list, filter:privileges.admin.list,
filter:privileges.global.list, filter:privileges.groups.list,
filter:privileges.admin.groups.list,
filter:privileges.gloval.groups.list
The filters are still called, but done before the helper method
is called, and the results are passed in instead. This change
should only affect you if you directly call the helper methods,
otherwise the change is transparent.
* fix: stale ajaxify data on privilege category switch
* fix: implicit privileges not showing for user privs
* fix: groups, not group, also fix tests
* fix(tests): again
* fix: wrong tpl rendered when adding group to global priv table
make isPrimary and isCluster always booleans
they were strings when using ./nodebb start and boolean if they were in config.json and started with node app.js
allow selecting main topic to merge into
allow specifying a new title for merge topic
upon merge go to correct topic
new tests for merging with options
* feat: add privilege give/rescind hooks
action:privileges.categories.give/rescind
action:privileges.global.give/rescind
breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find`
* fix: tests, privileges renamed
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* feat: add assignee checking when updating flag
Prior to this, it was possible to update the assignee to any value (or
any user. This commit adds checking to allow only admins, global
moderators, or in the case of flagged posts, moderators.
Also some prep work was added for value checking `state`.
* feat: value checking `state` on flag update
The state should be one of the constants defined earlier in the file.
* feat: add failing test for pagination
* feat: test
* fix: redis tests
* refactor: remove logs
* fix: add new test
* feat: make sortedSetRangeByScore work with keys on redis
* fix: hardcoded set name
* feat: show topics from readable categories on recent/popular/top
* feat: rewrite unread topics
respect watched categories and followed topics
* fix: term + watched
* Add view users info global privilege
* Show user ip only to global mods and admins
* fix missing comma
* Hide link for users without correct privilege
* move getting privilege information to getAllData
* Hide the link from Global Moderators as well
* Give Global Moderator view:users:info privilege
* Restrict ip in post menu to view:users:info
* add some trailing commas....
* Add privilege to categories test
* Add group privilege to categories test
* add upgrade script
* fix style for TravisCI
* more styling - change spaces to tabs
* some more styling fixes (hopefully final one)
* fix style for Travis CI
* hide ip in chat messages
* Don't show even hidden ips on user profile page
Julian Lam
Peter Jaszkowiak
Barış Soner Uşaklı
Barış Soner Uşaklı
Opliko
gasoved
psychobunny
Timothy Fike