903e9d82b8
feat: #8637
4 years ago
ae5d4405c0
fix: setting
4 years ago
9ca44e6f54
feat: add displayname into user obj #8637 ( #8909 )
...
* feat: add displayname into user obj #8637
* fix: spec
* perf: dont load settings if acp setting is turned off
4 years ago
8d060065a0
fix: spec
4 years ago
e9585b9be2
fix: group userTitles translation escapes
4 years ago
965671a97b
fix: remove params from error log
4 years ago
fa4177c3bc
fix : #6407 , fix feeds
...
display latest posts instead of oldest in topic rss feed
fix missing await that was causing rss_tokens to not function
fix feed test
more tests for getTopicWithPosts
4 years ago
4e9b10ab76
feat: #5274
4 years ago
fb567a7a33
feat: #4456
4 years ago
a6afcfd531
feat: #8475 , allow flagging self posts
...
dont count flags towards self posts
dont allow flagging your own account
4 years ago
a87ccccc9c
fix: benchpress warnings
4 years ago
dfdc0c420c
fix: benchpress warnings
4 years ago
a0b7a82350
feat(api): account deletion routes for the Write API ( #8881 )
...
* feat(api): account deletion routes for the Write API
* refactor: rewrite client-side calls to account deletion to use api
* style: apply DRY
4 years ago
120999bf63
feat: #7550 , show message if post is queued when js is disabled
4 years ago
35f932cd64
feat: #8171 , add oldCategory if topic is moved
4 years ago
b44ddecdf8
feat: #8204 , separate notification type for group chats
4 years ago
1d6bcbebde
feat: https://github.com/NodeBB/NodeBB/issues/8147
4 years ago
e1d7c4d8aa
fix: internal helper method hasGlobalPrivilege, DRY
4 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
d30ea25629
feat(deps): benchpressjs@2.2.1 ( #8887 )
...
Better warnings, faster template compiles
4 years ago
452d7f2b17
Create verified/unverified user groups ( #8889 )
...
Co-authored-by: Tudor-Dan Ravoiu <tudor-dan.ravoiu@ubisoft.com>
4 years ago
e4d2764d4c
fix : #8884 , remove header/footer cache
4 years ago
5598130a92
refactor: async/await controllers/index.js
4 years ago
f14e42d8bc
fix : #8883
4 years ago
8fbe832460
refactor: less dupe code
4 years ago
8518404e22
feat: allow groups to specify which cids to show member posts from ( #8875 )
...
* feat: allow groups to specify which cids to show member posts from
* docs: fix tests for openapi
* fix: test breakage caused by improper conditional
* feat: server-side checking of memberPostCids for validity
* feat: admin panel template update to select categories to include
* refactor: privilege helpers.isUserAllowedTo
... to helpers.isAllowedTo, allowing group names to be passed in
4 years ago
51b7eca119
fix: run every hour, dont show message if average_time is 0
4 years ago
04f4429f72
Resolve #7514 - optional timer for registration queue ( #8796 )
...
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
4 years ago
bcccb331db
docs: openapi schema for user/group exist check, session deletion
4 years ago
dc9668e417
fix: pass length to messaging checkContent hook
4 years ago
567c5f2056
fix : #8869 , dont escape category title,description twice
4 years ago
f300c933a5
refactor: move session revocation route to write api
4 years ago
9c5c32d4a5
feat: #8864 , add action:events.log
4 years ago
62c0454cfe
feat: show db info side by side
4 years ago
a0164b1c38
fix: use header/footer cache in prod
4 years ago
05a92885f2
fix: add missing maxAge to cache
4 years ago
2e44639210
fix: guest header/footer cache
...
allow clearing individual caches
4 years ago
f1f9b225b0
feat: #8824 , cache refactor ( #8851 )
...
* feat: #8824 , cache refactor
ability to disable caches
ability to download contents of cache
refactor cache modules to remove duplicated code
* fix: remove duplicate hit/miss tracking
check cacheEnabled in getUncachedKeys
4 years ago
6255874e32
feat: move mkdirp to beforeBuild so it doesnt get called twice
4 years ago
74951f5967
fix : #8846 , possible fix
4 years ago
0b30efba31
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
16d03975a0
fix: winston error message
4 years ago
d263192271
feat: group exists API call in write api
4 years ago
1446cec77f
feat: user exist route in write api
4 years ago
6b196a207f
fix: permanent redirect on user api redirect shorthand
4 years ago
f2bb42c076
fix: user exist route needs no authentication
4 years ago
60e1e99b4f
feat: new shorthand route /api/v3/users/bySlug/:userslug
...
closes #8844
4 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
4 years ago
c61dee4b62
fix : #8840 , don't crash if /compose route is called with no query params
4 years ago
9e3eb5d41a
feat: #8821 , allow guest topic views
4 years ago
f68bce86a9
fix: XSS in event:banned messaging modal
4 years ago
76cd5b0fc1
fix : #8836 , truncate fullname
4 years ago
eec630f1ef
fix(acp): max-height for plugin menu list
4 years ago
891a1ea2af
fix : #8827 , do not require admin:users privilege to ban users
4 years ago
4b63f9937c
fix: check is banned in buildHeader
...
remove unused banReason
remove generateHeader function
4 years ago
a338f52780
feat: #8823 , remove hardcoded write concern
4 years ago
08ff4041aa
fix: missing await
4 years ago
c0f699e655
fix: disallow registration attempts with password length > 4096
...
This is a stopgap measure for v1.15.0
4 years ago
4818ec377e
fix: missing await
4 years ago
6e85920cb6
feat: allow mods/admins to see deleted posts on user profile
4 years ago
87bff6cd65
fix: broken test
4 years ago
dda5d42610
fix: restore old behaviour of empty json w/ 401 code in admin middleware
4 years ago
15e0731dd9
fix: deprecate middleware.isAdmin
...
Also, handle admin logout timer in middleware.admin.checkPrivileges
4 years ago
4439864ce0
fix: post editing not taking plugin hook results into account
4 years ago
a02ae6f5df
refactor: simpler check in user.blocks.filter
4 years ago
27016d221c
feat: rearrange buttons on manage/users
4 years ago
57ed6be78b
fix : #8805 define our own name for write API v3
4 years ago
266d7587b2
refactor: remove usage of middlewares
...
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
4 years ago
a6a52430ce
fix: remove setCategorySort and setTopicSort
4 years ago
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
4 years ago
6ac73ccb7e
feat: #8801 , disable express compression by default
4 years ago
3c98cd3d95
fix: topic object in post editing data return
4 years ago
1392d064a1
fix(writeapi): normalizing data
4 years ago
ec03af7a38
feat: allow passing subset of user settings on update route
4 years ago
618e098305
fix: bug where token generation route would fail on null case
4 years ago
b156b8b573
feat: wip, write api tests framework
...
re-using read api tests if possible
4 years ago
2e9f27d8ff
fix: typo
4 years ago
93bdfe2f10
perf: reorder async calls
4 years ago
88a07e69b5
feat: add filter:category.getFields
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
4 years ago
0db0231cff
feat: move postercount to topic hash
4 years ago
203db47b30
fix: return early for guests/spiders
4 years ago
156e1396f2
fix: #8789,cache meta.settings
4 years ago
a7b6d0dfe5
feat: add free and total mem usage to info
4 years ago
c26f2b6599
feat(writeapi): user settings API
4 years ago
db63f5e3f0
fix : #8781
4 years ago
177a961000
feat: new filter filter:teasers.configureStripTags
4 years ago
d68ffea80d
feat: send 'Vary' header when ACAO header set
4 years ago
1f43e98f8b
fix: allow admins adding users to global moderators
...
add new test
4 years ago
bbafa1b82a
Revert "fix: [breaking] send configured config URL as origin if not custom"
...
This reverts commit 205a10308e
4 years ago
a691be5952
fix: incorrect logic for post history editable bool
4 years ago
205a10308e
fix: [breaking] send configured config URL as origin if not custom
...
This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
4 years ago
7a019494e8
feat: add filter.topics.getPostReplies
4 years ago
7a8f704900
fix : #8776 some users unable to restore old versions via history
4 years ago
b26e9b5993
fix : #8595 , dont save escaped data when renaming groups
4 years ago
ea31f50554
refactor: show more lines of stack trace
4 years ago
7bddec93ec
fix: sortby
4 years ago
b3619d3d47
fix : #8774
4 years ago
ff4fcc23b6
Update bundled logos with new branding ( #8702 )
...
* feat: updating logo assets, square logos missing still
* fix: squared logo for touch icon and notification fallback
* fix: update link to favicon
* feat: add default touch icon sizes, if one isn't uploaded
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
4 years ago
e362c342a3
fix : #8630 , sort extra deps
4 years ago
Barış Soner Uşaklı
Barış Soner Uşaklı
Julian Lam
gasoved
Peter Jaszkowiak
Tudor-Dan Ravoiu
Opliko
psychobunny