bf0c02a71e
feat: a slightly less ugly rewards panel
4 years ago
a7855c4cc4
fix: dashboard graph controls
4 years ago
0ce4b87d85
fix : #9781 ( #9782 )
4 years ago
856ba78a5f
fix: replace logic in isPrivilegedOrSelfAndPasswordMatch to use privileges.users.canEdit
4 years ago
cdaea61136
fix: handle missing uid in deprecated socket call
4 years ago
0a41741b7e
refactor: deprecate picture update socket call, new API routes for picture update
4 years ago
e33e046f15
fix: use privileges.users.canEdit for image upload priv check
4 years ago
a48bbdbfe3
fix: errors from registerComplete
4 years ago
60de084475
fix: simplify logic for fullname and email blanking in user retrieval (getUserDataByUserSlug)
...
Previous logic seemed to match the logic used in privileges.users.canEdit, except
the latter allows plugins to modify the value.
4 years ago
1e2bda13d0
fix: lint
4 years ago
488f0978a4
fix: manifest error
4 years ago
72710b8040
fix : #9772 , regression from 70a04bc105
4 years ago
dd4e66e22c
fix: push back some deprecations, remove deprecated stuff scheduled for v1.18.0
4 years ago
1f91a31327
Priv hook fix ( #9775 )
...
* fix : #9773 , fire hooks properly for priv changes
* fix: admin/global group privs
dont allow invalid privs
4 years ago
4ac701d747
fix: deprecate userData.showHidden as it is functionally equivalent to userData.canEdit
4 years ago
6869920e06
fix : #9773 , fire hooks properly for priv changes ( #9774 )
4 years ago
6afeac375b
fix: automated tests are a good thing to have
4 years ago
ae793b4a44
chore: found some hooks that don't play well docgen
4 years ago
3df79683f5
feat: create folders in ACP uploads #9638 ( #9750 )
...
* feat: create folders in ACP uploads #9638
* fix: openapi
* test: missing tests
* fix: eslint
* fix: tests
4 years ago
61f02f17d8
feat: column based view on wide priv. tables ( #9699 )
...
* feat: column based view on wide priv. tables
* fix: add group/user
* feat: copy buttons to work on visible privs
* feat: show what's being copied in modal
* feat: optional title and message for category selector modal
4 years ago
e59d357533
feat: als ( #9749 )
...
* feat: als
* fix: up test timeout
* fix: don't overwrite caller if it already exists
* fix: up test timeout for psql
4 years ago
dd15065706
Fix [MONGODB DRIVER] Warning: bulk operation `remove` has been deprecated, please use `delete` ( #9746 )
...
Co-authored-by: Brophy <paul.brophy@bastage.net>
4 years ago
0743554dd4
fix: pluginPaths
4 years ago
13878e9f14
fix : #9730 , show warning if plugin is active but not installed
4 years ago
c354cde347
fix : #9719 , only apply to non https
4 years ago
6659e95a4a
refactor: remove promisify from redis, ioredis supports promises nati… ( #9728 )
...
* refactor: remove promisify from redis, ioredis supports promises natively
* refactor: remove unused util
4 years ago
a288f51f42
fix: allow smaller than 5mins for admin relogin duration
...
setting the value to 1min in ACP wasn't working
4 years ago
794bf01b21
feat: allow changing default search in
4 years ago
9de64bf516
fix : #9698 , pass along query params in redirect
4 years ago
358ad74054
feat: closes #9684 , allow event deletion
...
fix: topic events appearing before necro messages
feat: add move topic event
feat: add ability to delete specific topic events via events.purge
4 years ago
a370c26f73
feat: re-add FontAwesome font for compatibility
4 years ago
093ac1c09a
fix: remove unnecessary quote
4 years ago
41762e6603
feat: update to FontAwesome 5.15, resolve #6976
4 years ago
8fb53252a8
refactor: get rid of async.waterfall/each
4 years ago
42dbd40253
refactor: remove unused async
4 years ago
6b6a7d4b8a
refactor: remove waterfall
4 years ago
d509a307f0
Remove some deprecated/unnecessary code ( #9688 )
...
* refactor: remove mkdirp promisify
* refactor: remove old session deletion API route
* refactor: remove middleware.isAdmin
* refactor: remove templateValues.config.bootswatchSkin
* fix: unused dependencies
4 years ago
0c81642997
fix : #9681 , update posts in queue if target tid is merged
4 years ago
4a521ea218
fix: email update interstitial to not error on empty email field (on new registration)
4 years ago
70a04bc105
feat: removed registerAndLoginUserCallback local helper, added handling if a bad interstitial doesn't go away nor throw errors
4 years ago
0e05cbe1f7
feat: show instructional modal after email change request
4 years ago
e95df2f066
refactor: move interstitials into its own file in `src/user/`
4 years ago
324a12b6c3
feat: return back to profile after editing email
4 years ago
b3c916414b
feat: allow registration interstitial abort to also follow returnTo
4 years ago
96398faa3c
feat: plumb current session id into email removal/confirmation flow, so all other sessions are revoked except for the current session
...
This utilises the new argument in user.auth.revokeAllSessions
4 years ago
b0a4a1d3e4
feat: allow revokeAllSessions method to revoke all sessions except that which is passed in (new arg)
4 years ago
f53fc1ad0b
feat: return generic 404 on invalid confirm code
4 years ago
824a72b220
fix: updated ACP > Manage > Users to handle users with no email address
4 years ago
d5b5b7d531
fix: allowed reset and reset_notify emails to go out to unconfirmed email addresses
4 years ago
ccf004f1f4
refactor: added user.email.remove method, updated email interstitial to handle email removal
4 years ago
414d733d76
fix: bug where confirmation email was sent to the old email address, not the new one
4 years ago
3bcd1f1438
fix: email validation flow, so that it actually works, fixed event logging bug, new email verification template
4 years ago
caf8968791
fix: accidental early return in confirmByCode, tests, race condition
...
A race condition caused mongo/psql tests to fail.
4 years ago
a917210c5b
feat: invites no longer require email
4 years ago
81611ae1c4
fix(emails): broken test for api/user/email/:email
...
+ fixed broken tests due to unexpected behaviour for email confirmation
4 years ago
c4e3362bd3
feat(emails): restore ability for admins to edit a user's email address [breaking]
...
The edited user's email will be automatically confirmed
4 years ago
afd2d8dab1
feat(emails): pass req in to filter:registration.interstitial
4 years ago
7d115c8ef2
fix(emails): dont allow retrieving user data if showemail is false @julianlam
4 years ago
e726048e0c
fix(emails): don't automatically associate email during user creation if passed in at registration
4 years ago
f52919990b
feat(emails): display current email in interstitial form
4 years ago
b4b65ecd98
fix(emails): remove debug log
4 years ago
087e6020e4
refactor(email): validation checking methods, +tests fix
4 years ago
50517020a2
feat(emails): upgrade script for includeUnverifiedEmails
4 years ago
be97aa6f13
feat(emails): +includeUnverifiedEmails ACP setting
4 years ago
69c96dd23c
refactor(emails): more work in update email interstitial, interstitial skipping, email change on confirmation, deprecation of requireEmailConfirmation
4 years ago
f365bc4600
refactor(emails): interstitial for adding/updating email
4 years ago
74aaa0a926
feat: show different registration intersitial lead text on new account vs. existing
4 years ago
7c1d1c777b
refactor(emails): remove email validation on client and server side
4 years ago
12b2a979a0
feat: removal of emailExists socket listener
4 years ago
04b1f702cd
feat: add loggedin/guest class to body
4 years ago
340ccb2498
style: lint fix
4 years ago
d1959a258b
fix : #9670 return 4xx errors instead of 5xx on flag routes, when unauthenticated or not privileged [breaking]
4 years ago
6c47a060c1
fix : #9668 , add raw info to psql database page
4 years ago
ef4e74bfc8
refactor: client-side to use flag notes API
4 years ago
cc6cbfcdc4
Flags API ( #9666 )
...
* feat: new routes for flags API
+ flag get
+ flag creation, migration from socket method
+ flag update, migration from socket method
* fixed bug where you could not unassign someone from a flag
* feat: tests for new flags API
added missing files for schema update
* fix: flag tests to use Write API instead of sockets
* feat: flag notes API + tests
* chore: remove debug line
* test: fix breaking test on mongo
4 years ago
4a56388ec3
feat: store topic tags in topic hash ( #9656 )
...
* feat: store topic tags in topic hash
breaking: remove color info from tags (use css)
* fix: remove unused tag modal
* fix: tag search
4 years ago
415416d2a7
fix: translate language keys if passed in to formatApiResponse
4 years ago
7036c3751e
feat: internationalize API error messages
4 years ago
a54a3ee1ca
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking]
4 years ago
ff78969c2c
fix: lint
4 years ago
55d7e55867
fix: tests
4 years ago
6ed7e937ce
refactor: fix wording
4 years ago
47c8c69264
fix: keep query string on redirects
4 years ago
5fd190f7c4
feat: #9651 , change category desc to multiline
4 years ago
8e0561f226
perf: cache Topics.getTopicsTags
4 years ago
10ddfff38f
perf: bypass getMultipleUserSettings
4 years ago
e03782f218
fix(docs): #9648
4 years ago
c9348efbdc
feat: add merge/fork hooks
4 years ago
b896484351
fix : #9634 , re-jig top bar of Admin > Manage > Users
4 years ago
97c8569a79
fix: hide private user data in api/v3/users/[uid]
4 years ago
d9e2190a6b
fix: numThumb upgrade script
4 years ago
fee782c436
fix: acp dashboard sometimes not loading on cold load
4 years ago
849049765b
fix : #9636 , sanitize all attributes in meta and link tags
4 years ago
acdbd04913
fix : #9627
4 years ago
db65360c0d
fix(post-queue): moderatedCids is an array of numbers ( #9631 )
4 years ago
52596902a6
feat: #9617 update fa link
4 years ago
909db3ae71
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
ab6f062ff9
fix: prevent crash in expandObjBy #9618
4 years ago
1bf263c4a2
9622 ( #9625 )
...
* fix : #9622
dont allow regular user to remove system tags
* refactor: add guest/spider check to isPrivileged
string/trim tag
4 years ago
0d975bc4fb
fix: dont show system tags in whitelist dropdown to regular users
4 years ago
84e065752f
fix : #9622 ( #9623 )
...
dont allow regular user to remove system tags
4 years ago
73f40e96a5
fix : #9620 , fix notif delay
4 years ago
c92fc19b5c
fix : #9619 , add group chat filter to /notifications
4 years ago
3cd9434b56
fix: scope
4 years ago
1eda538da5
fix : #9615 , catch exceptions in renderOverride
4 years ago
46a454f194
feat: add bodyClass to 500 page
4 years ago
8168c6c407
fix: purge uploaded images accordingly #9606 ( #9611 )
...
* fix: purge uploaded images accordingly
* fix: tests
* fix: relative paths
4 years ago
a2400f6baf
fix: accidental unnecessarily strict conditional that effectively rendered SSO state checking opt-in instead of opt-out
4 years ago
f9728aff2c
feat: clear reset tokens on successful login
4 years ago
5c42b3eab0
test: fixed broken tests from #9605 , removed token clean on token usage as it is superceded by token clean on generation (+ associated test)
4 years ago
f6c14d6b62
fix: introduce artificial delay + delay fudging on invalid email during reset token generation
4 years ago
229f96f872
fix : #9605 , expire all active reset tokens for a uid if that uid generates a new one
4 years ago
8c952aa381
fix: lint
4 years ago
be19f27f40
feat: add filter:categories.categorySearch
4 years ago
cc0cf99fed
feat: allow nested properties on category page ( #9601 )
...
* feat: allow nested properties on category page
* fix: remove debug
* fix: remove debug
4 years ago
8ea58432c9
feat: show ip on acp manage users
...
update url on search
show matching ip when searching by ip
add ip to export csv
4 years ago
6695927ea9
fix: pagination on acp users search
4 years ago
05cc7ccb60
feat: make undoTimeout configurable, closes #9599
4 years ago
2b42e7edb0
chore: lint
4 years ago
6f73261186
fix: extra ')'
4 years ago
d07229aa6b
chore: fix indentation
4 years ago
edcba61aa9
fix: disallow editing of other users' notes
...
Feel free to close this if it is intentional, but as you are not allowed to delete other users notes I expect you shouldn't be able to edit them. Editing another users post also changes ownership, allowing you to then delete it.
I also added `error:` to the errormessage so that they display properly.
4 years ago
ca72aa93d7
Locks bug failing test ( #9595 )
...
* test: failing test for issue
* fix : #9593 , don't lock if email is identical to username
* fix: lock calls after first call
* fix: add back email check
* test: remove invalid test
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
816856b0c6
feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing)
...
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95 ) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.
Session sharing now sets `reroll` to `false` if re-validate is enabled.
4 years ago
286644d0b8
fix : #9592 , check session
4 years ago
3717df610a
fix: don't crash if session doesn't exist
4 years ago
66cae54ee3
fix: lint
4 years ago
57e46e41e3
feat: allow modifying default category privileges
4 years ago
16e0bca570
fix: improper use of filename extensions
4 years ago
d8d6c98970
fix: return null
4 years ago
ac7b093f99
feat: add filter:notifications.create
4 years ago
3fb7444580
fix: returnOriginal deprecation
...
https://github.com/mongodb/node-mongodb-native/pull/2808
4 years ago
3d5fef6e80
feat: pass req.query to getUnreadData
4 years ago
d2960aeb09
feat: added GET user route for api v3
4 years ago
48b8e3bb3f
fix: error when trying to trim an object
4 years ago
9ebfdeb7ee
fix : #9580 , proper 404 when ajaxifying
4 years ago
09f5179216
fix: lint
4 years ago
77dde41f7b
feat: keep query string when redirecting category
4 years ago
951e71a0e5
fix : #9567 fix tests
4 years ago
5215c30ade
fix : #9567 , use regular 404
4 years ago
3d6bdeb3df
feat: add req.query to flags.list/getCount
4 years ago
d35c64b1a2
feat: add filter:flags.getFlagIdsWithFilters
4 years ago
1ec9739629
switch to request-promise-native ( #9561 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
* refactor: use request-promise-native
4 years ago
ac86937c88
refactor: cli/upgrade async/await ( #9558 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
4 years ago
1ce595083a
fix: ioredis upgrade fix, maybe
4 years ago
4afca6900b
feat: add filter:user.getWatchedCategories
4 years ago
1d9cfe1e96
fix: bug where interstitial errors were not properly passed to the front-end via req.flash
4 years ago
518157d9fa
feat: pass req.query to getUserDataByUserSlug
4 years ago
0551642a35
fix : #9553 , use same fields for user search results in acp
4 years ago
94c12e3771
feat: #9508 , add cluster support
4 years ago
psychobunny
Barış Soner Uşaklı
Julian Lam
Barış Soner Uşaklı
gasoved
SAES:RPG
opliko
Anton Grigoryev
Mats