6f73261186
fix: extra ')'
4 years ago
d07229aa6b
chore: fix indentation
4 years ago
edcba61aa9
fix: disallow editing of other users' notes
...
Feel free to close this if it is intentional, but as you are not allowed to delete other users notes I expect you shouldn't be able to edit them. Editing another users post also changes ownership, allowing you to then delete it.
I also added `error:` to the errormessage so that they display properly.
4 years ago
ca72aa93d7
Locks bug failing test ( #9595 )
...
* test: failing test for issue
* fix : #9593 , don't lock if email is identical to username
* fix: lock calls after first call
* fix: add back email check
* test: remove invalid test
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
816856b0c6
feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing)
...
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95 ) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.
Session sharing now sets `reroll` to `false` if re-validate is enabled.
4 years ago
286644d0b8
fix : #9592 , check session
4 years ago
3717df610a
fix: don't crash if session doesn't exist
4 years ago
66cae54ee3
fix: lint
4 years ago
57e46e41e3
feat: allow modifying default category privileges
4 years ago
16e0bca570
fix: improper use of filename extensions
4 years ago
d8d6c98970
fix: return null
4 years ago
ac7b093f99
feat: add filter:notifications.create
4 years ago
3fb7444580
fix: returnOriginal deprecation
...
https://github.com/mongodb/node-mongodb-native/pull/2808
4 years ago
3d5fef6e80
feat: pass req.query to getUnreadData
4 years ago
d2960aeb09
feat: added GET user route for api v3
4 years ago
48b8e3bb3f
fix: error when trying to trim an object
4 years ago
9ebfdeb7ee
fix : #9580 , proper 404 when ajaxifying
4 years ago
09f5179216
fix: lint
4 years ago
77dde41f7b
feat: keep query string when redirecting category
4 years ago
951e71a0e5
fix : #9567 fix tests
4 years ago
5215c30ade
fix : #9567 , use regular 404
4 years ago
3d6bdeb3df
feat: add req.query to flags.list/getCount
4 years ago
d35c64b1a2
feat: add filter:flags.getFlagIdsWithFilters
4 years ago
1ec9739629
switch to request-promise-native ( #9561 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
* refactor: use request-promise-native
4 years ago
ac86937c88
refactor: cli/upgrade async/await ( #9558 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
4 years ago
1ce595083a
fix: ioredis upgrade fix, maybe
4 years ago
4afca6900b
feat: add filter:user.getWatchedCategories
4 years ago
1d9cfe1e96
fix: bug where interstitial errors were not properly passed to the front-end via req.flash
4 years ago
518157d9fa
feat: pass req.query to getUserDataByUserSlug
4 years ago
0551642a35
fix : #9553 , use same fields for user search results in acp
4 years ago
94c12e3771
feat: #9508 , add cluster support
4 years ago
a3d6c56ec3
feat: #9551
4 years ago
ffa8016355
fix: lint
4 years ago
fad5988ed6
fix: tests
4 years ago
074ee859c4
fix: tests
4 years ago
1f3e660108
feat: add template to hook
4 years ago
a2442ee914
feat: add filter:account.getPostsFromUserSet
4 years ago
dd81dd03e0
fix( #9508 ): switch to ioredis ( #9545 )
...
* switch to ioredis
also need this fix in redisearch:
redis-search.js:98
```
redisClient.multi(cmds).exec(function(err, ids) {
if (err) {
return callback(err);
}
var errRes = ids[resultIndex];
if (errRes[0]) {
return callback(errRes[0]);
}
callback(null, errRes[1]);
});
```
* dbsearch compatible with ioredis
* fixed dbsearch?
4 years ago
0096cf178a
refactor: bubble other errors
4 years ago
a9bb108802
fix: wrong error message checked
4 years ago
ec6d1e2321
fix : #9507 session reroll causes socket.io to become confused ( #9534 )
...
* fix : #9507 session reroll causes socket.io to become confused
* fix: added return
* fix: simpler logic for error handling
* fix: overly sensitive catch
4 years ago
f6b583bb9d
feat: #9533 , allow redirect in build hooks
4 years ago
2c22b06feb
fix: isObjectField(s) empty field
4 years ago
7c1e163d82
Revert "feat: add _hooks metadata object to all hooks that have object-type params"
...
This reverts commit 46899ccadb
4 years ago
46899ccadb
feat: add _hooks metadata object to all hooks that have object-type params
4 years ago
d8e4fd4cdd
feat: add filter:categories.copySettingsFrom
4 years ago
084c985117
feat: guard against multiple resolves
4 years ago
5fe97b9c2e
revert: sync hooks
4 years ago
6ed8890c2e
fix : #9512 , fix chat icon if no privileges
4 years ago
b40fc4b64d
feat: #9511 send notifications on accept/reject
4 years ago
a478dc7ee8
feat: add filter:middleware.autoLocale
4 years ago
308252f566
fix : #9503 , dont error in markUnread if room doesnt exist
...
this prevents deleting the user if they are the only person in the chat room
4 years ago
9e07efc126
fix: use socket.request.headers
4 years ago
ed534f34f5
fix: buildReqObject headers for socket.io calls
4 years ago
01956af43a
feat: remove sync hooks support
4 years ago
4e490f6058
test: fix redis tests
4 years ago
92de49be00
test: add test for undefined fields in getObjectsFields
4 years ago
1db8920b18
refactor: make debug handler async
4 years ago
8b79c7f139
fix: regress. rescheduling shouldn't add to sets that pinning removed… ( #9477 )
...
* fix: regress. rescheduling shouldn't add to sets that pinning removed from
* test: remove the also from tests
4 years ago
9b71b087ec
feat: lang strings
4 years ago
435067aa5f
test: remove logs
4 years ago
2ea468daa3
test: clear cache between runs, require middleware later in helpers
4 years ago
d15e27107e
test: log
4 years ago
354e0a822d
test: remove equals
4 years ago
4dd3844680
fix: logic is hard
4 years ago
2e9efc0e8a
fix: wrong variable for cache
4 years ago
fa0c92a7c4
fix: eslint
4 years ago
ea22cd302a
fix: use req.ip instead, since guests can upload as well
4 years ago
a9978fcfd2
feat: rate limit file uploads
4 years ago
36f119a96a
fix : #9492 , keep query params on redirect
4 years ago
8faa6e4515
feat: filter flags by username #8489 ( #9451 )
...
* feat: filter flags by username #8489
* feat: toggle flag filter text
4 years ago
1fee6a702a
fix : #9487 , session data gathered during a session is lost upon login
...
e.g. returnTo, tids_viewed, etc.
4 years ago
697ed3bf37
feat: roll session identifier on login, as security best practice
...
see: https://owasp.org/www-community/attacks/Session_fixation
4 years ago
e845c34b52
fix: registration interstitials not handling promise rejections properly
4 years ago
4494728cf8
feat: allow different slugs
4 years ago
60eed8d89f
fix: let recent replies respect oldest/newest sort settings
4 years ago
6907837fce
fix : #9483 , fix events count display
4 years ago
161081e960
fix: escape flag reason
4 years ago
fd3bc605c6
feat: remove sort again
4 years ago
2dc3283f19
fix: updateCategoryTagsCount
4 years ago
f9df6431c9
revert: revert tag sort
4 years ago
036f935fa9
fix : #9473 ( #9476 )
4 years ago
397baf0254
refactor: widgets ( #9471 )
4 years ago
f65d2162f8
feat: update hook
...
Hook payload updated to pass login strategy (if overridden, this value will be something other than 'local'), and explicitly pass error if the login failed.
4 years ago
f32ea1737a
fix : #9466 , don't call leaveRoom in maintenance mode
4 years ago
a0dd90804c
fix: exempt ST from being del/res via last main posts ( #9468 )
4 years ago
784600d930
fix : #9462 , on install copy default favicon
4 years ago
05f2236193
feat: add reverse of recent to getSortedTopics
4 years ago
9c52fd2e74
fix : #9450 express session saved even if saveUninitialized explicitly passed in
4 years ago
285aa36556
feat: allow exists methods to work with arrays and single id
4 years ago
d16b45fd2d
feat: pass all data to filter:category.get
4 years ago
aa0137b1c4
feat: rescheduling (editing ST) ( #9445 )
4 years ago
9e1f72a435
feat: optional urlMethod param for loginStrategies
4 years ago
2a03012e2c
fix: ./nodebb help with commander@7 ( #9434 )
...
hopefully this one last as long as the last one did
4 years ago
728ac5ff72
perf: increase batch size for notifs, run parallel
4 years ago
344575dde1
feat: add hooks to language loading ( #9426 )
...
and flushNamespace method
4 years ago
edf80cfb3b
fix: hide titleRaw for deleted topics as well
4 years ago
a1ee1a2a76
chore: remove log
4 years ago
c5dda64fa8
fix : #9410 , fix post queue
...
items in the cache were parsed over and over again
4 years ago
9052db930f
fix: privilege tables
4 years ago
077330b764
feat: scheduled topics ( #9399 )
...
* feat: scheduled topics
* refactor: linting fixes
* fix: tests
* fix(test): race condition
* fix: make a single request
4 years ago
67b09cba5f
fix : #9420 , paginate after loading notifications
4 years ago
e42b152f16
fix : #9414 , use posts:view_deleted
4 years ago
a94d96514e
feat: show link if category is a link
4 years ago
2ceda70a97
fix: preserve order when changing parent
4 years ago
d00268c9b8
refactor: style, no need to convert length to string
4 years ago
d8ff9851a3
fix: typo in switch..case
4 years ago
801570e4cf
fix : #9404 , show signatures if the target user has signature privilege
4 years ago
75553b246c
fix: sorting when filtering by uid
4 years ago
98b72ca572
fix: allow local (and overridden) login strategies to pass Error objects back
4 years ago
6aa60b63b5
fix: category search not using uid
4 years ago
56523aa148
revert: change toPid truthy
4 years ago
90d64fe1df
fix : #9398 , crash on post flag
4 years ago
a8f7b24452
fix : #9395 , pass all data from client to Topics.reply ( #9396 )
...
* fix : #9395 , pass all data from client to Topics.reply
so plugins can set custom fields
refactor and use setDefaultPostData
* fix: circular json error
* refactor: change params
4 years ago
4ac38ab2bc
fix: lint
4 years ago
eb360351e5
fix : #9394 , fix guest handles
4 years ago
5c59354c58
fix : #9389 , allow admins to add themselves to private groups
4 years ago
4327a09d76
feat: allow optional fields argument on db.getObject(s) ( #9385 )
4 years ago
f316c4d4b8
refactor: remove uncessary check
4 years ago
e789fe8d2a
fix : #9383 , don't show deleted topic titles in inf scroll
4 years ago
cc489708ee
fix : #9378 , crash on verifyToken if API Token settings not saved (null case error)
4 years ago
35700d1634
fix: closes #9382 , fix digest topic links
4 years ago
668508cc37
feat: closes #9380 , add category filtering and topic tools to tag page
4 years ago
34b9aaedee
feat: allow sync function ( #9379 )
...
* feat: allow sync function
* fix: remove async
4 years ago
e725beaa4a
Revert "feat: allow filter functions that return promises or the data directly"
...
This reverts commit e6c52cf26c
4 years ago
e6c52cf26c
feat: allow filter functions that return promises or the data directly
4 years ago
53f67ff396
fix: regression from filter hook change
4 years ago
52082e1296
feat: add resolve flag to post tools
4 years ago
2a939aad8d
fix: regression via c1b3079d93
...
Also refactored privilege render logic so that it no longer needs a server-side hack to render column count
4 years ago
4cbd13fd9c
feat: hide revert button in ACP > Privileges until privileges change
4 years ago
46270f9f20
feat: bring back static hook timeout
4 years ago
d05d7091ae
refactor: remove async.each/reduce from hooks for better stack traces
4 years ago
0d3979efd0
refactor: use hooks.fire
4 years ago
9382fc6dc5
fix : #9370 , show correct teaser index if sorting is newest to oldest
4 years ago
1982edfde3
refactor: fix variable name
4 years ago
3c60ccfd4d
feat: upgrade connect-mongo, closes https://github.com/NodeBB/NodeBB/pull/9367
4 years ago
f71cb0e427
feat: pass interstital errors to individual partials as well as to registerComplete
4 years ago
5eb3132dae
feat: add filter:plugins.firehook
4 years ago
ebccc7940b
fix: don't copy if src doesn't exist
4 years ago
754283d37b
feat: copy default favicon if it doesn't exist
4 years ago
771a8955a4
fix : #9362 best not to check file exists on every page load; copying favicon to uploads/system folder instead
4 years ago
ad5654952a
fix : #9362
4 years ago
678e8f0fde
fix: regression where login redirect for admin routes didn't go to local=1
4 years ago
4b5450853d
feat: allow missing (or non-array) middlewares argument in route helper methods
4 years ago
e74df53997
feat: pass modified params, only affects filter hooks
4 years ago
696c489524
feat: add back topic id input
4 years ago
166d65a1ba
fix: add back middleware.authenticateOrGuest
4 years ago
e3b2c00db1
fix: request authentication called twice in account routes
4 years ago
7da061f0d7
refactor: automatically authenticate all requests setup through route helpers ( #9357 )
...
* refactor: automatically authenticate all requests setup through route helpers
* fix: removed connect-ensure-login dependency
* fix: bug with some middlewares not defined outside route helper methods
4 years ago
3aa26c4df2
fix : #9339 , only log email errors once per digest, notification push
...
show notice in acp
4 years ago
Mats
Barış Soner Uşaklı
Julian Lam
Barış Soner Uşaklı
Peter Jaszkowiak
gasoved
psychobunny