5080f35752
fix : #8991 , logout on password reset, dont verify email if password expired
...
dont allow same password on reset
4 years ago
e32cd31ec6
fix : #8918
4 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <[email protected] >
4 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
4 years ago
e98285dbbb
fix: reimplementing isPrivilegedOrSelfAndPasswordMatch
4 years ago
84a179f48c
Merge branch 'master' of https://github.com/NodeBB/NodeBB
4 years ago
222b4c9533
fix: broken tests from api change
4 years ago
7d86be2bc2
fix: tests
4 years ago
872bacf1c4
Admin/users ( #8762 )
...
* feat: wip admin/users
* feat: more work
* feat: more fixes
* feat: #8662 , verified/unverified user groups
* feat: add filter
* feat: change user search to use filters array
* refactor: remove unused search call
* fix: tests
* fix: cant join system groups
* fix: upgrade script
4 years ago
1ee9384875
fix : #8757 , allow all slashes in category route
4 years ago
ac43cd8b6f
fix : #8665 , trim email before checking validity
4 years ago
38d3982bf1
fix : #8418
...
allow updating other profile fields when username isnt being changed
4 years ago
4be693f2e7
feat: fullname search ( #8641 )
...
* feat: fullname search
* fix: take last element
* fix: attempt to fix psql like query
* feat: upgrade sript, another fix attempt
* fix: psql test
* fix: psql scan
* feat: add debug for test
* feat: test collate
* feat: cleanup
* fix: upgrade script
4 years ago
5f10d67db5
Remove sounds ( #8617 )
...
* feat: remove sounds
* feat: remove more sounds
* feat: disable sounds plugin
* fix: openapi
4 years ago
9f9164a9be
fix : #8582
4 years ago
846b7d2430
refactor: change pwd change logic
...
add one more test
5 years ago
a333cb6ca4
feat: one more test
5 years ago
ecda4ad8ad
feat: tests for password change
5 years ago
b9cff5775c
fix: edge case in test
...
if user is created the other one will be renamed
5 years ago
02ac44cc5a
fix: dont allow searching by ip/banned/flagged for regular users
5 years ago
48b41debe6
fix: vulnerability in cover and admin uploads ( #8419 )
...
* fix: vulnerability in cover and admin uploads
* fix: remove old test
* fix: update tests
5 years ago
bef37e27cb
fix: test lock for user create ( #8415 )
...
* fix: test lock for user create
* fix: redis hdel with undefined
* feat: add test for undefined key in deleteObjectFields
5 years ago
18d892398f
fix: add timestamp to initial username history
5 years ago
9d153fd388
fix : #8287 , dont readd user after deletion
...
don't add user uid back to users:* sorted sets if they are deleted
upgrade script to fix users:* sorted sets
5 years ago
4d0636f847
fix : #8163 , prevent account deletion
5 years ago
66febb8071
feat: add test for isOnline
5 years ago
e06c1bfcd2
fix: escape config.userLang/acpLang, don't allow invalid language codes
5 years ago
9d074731f4
fix: login with weak password
5 years ago
75bcb0f484
fix: remove unused data from post/topic/user hashes
5 years ago
cd80c2638c
feat: #7743
...
user/password
user/picture
6 years ago
fe4c048198
feat: #7743
...
user/index.js
user/info.js
user/invite.js
user/jobs.js
6 years ago
4b843ba16f
fix : #7567 , allow invite and approval at the same time
6 years ago
808c4909a4
fix : #6438 only apply whitelist when fields request empty ( #7528 )
...
* fix : #6438 only apply whitelist when fields request empty
* feat: explicit password retrieval denied via getUsersFields
6 years ago
3fbb6faf28
feat: update unban logic/invocation and refactor User.bans module
...
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
6 years ago
c6ad8fae2a
fix : #7354
6 years ago
5353960ae7
fix : #7316
6 years ago
70a87d4399
feat: support for one-click unsubscribe from email clients ( #7203 )
...
* feat: sending notifs via ACP creates real notification
re: #7202
* feat: basic integration for one-click unsubscription #7202
* feat: tests for #7202 + bugfix
* feat: added and organized digest unsub tests
closes #7202
6 years ago
9d28b935fd
dont load uid 0, -1 from db
6 years ago
a6864a8055
add groupTitle test for guests
6 years ago
b83e50f286
remove delayImageLoading from api @julianlam
6 years ago
19e6c61244
add new test for queue
6 years ago
f3a679e268
remove parseInts
6 years ago
9c022afae1
Parse int ( #6853 )
...
* Store config fields as JSON in the db
Fewer parseInts
* Remove unnecessary parseInts
* remove some dupe code add tests
* remove console.log
* remove more parseInts
* WIP: read meta.configs defaults from defaults.json
remove more parseInts
* more work
* add log for failing test
* update admin pwd
* fix tests, dont require posts/cache before configs are initialized
* handle saves
* Test boolean conditions
* remove more parseInts
* Fix boolean values
* remove lots more parseInts
* removed json parsing
* renamed var to number
* categories dont have timestamp
6 years ago
805da98a36
remove unnecessary groups.resetCache calls
6 years ago
2a2e8136cd
fix tests
7 years ago
546b13b897
fix lint and tests
7 years ago
3449cf321b
add back cache and pubsub
7 years ago
ae0563375e
derp
7 years ago
584f88e092
blocks WIP
7 years ago
be1e83bfc1
fix tests
7 years ago
82b2a20d0c
user tests
7 years ago
a7267df404
closes #6464
7 years ago
445b92ae38
Revert "fix some tests"
...
This reverts commit 2551df80f7
7 years ago
2551df80f7
fix some tests
7 years ago
beadcd7857
fix tests, remove dupe exposeUid
7 years ago
dc386b5b23
Merge branch 'master' into user-blocking
7 years ago
a0643b63df
uncommenting tests again
7 years ago
8db98b5cf4
additional UCP integration for #6463
7 years ago
322d8236d2
added test for User.blocks.is, re: #6463
7 years ago
032ec8b443
tests!!! glorious tests!!!
...
re: #6463
7 years ago
ed289ebeab
two more text fixes
7 years ago
0158b1aa91
Various password logic fixes on client and server-side
...
Fixes #6399
Fixes #6400
7 years ago
0d65cec3d0
fixing tests
7 years ago
0a5d16d1cd
closes #6284
7 years ago
d8b5d40668
closes #6242
7 years ago
88b47f357b
removed user.uploadFromUrl and associated logic as cropped image modal supercedes it @pichalite
7 years ago
108c3c980a
show invalid url error if request.head fails
7 years ago
19ae8dc7e7
closes #6154
7 years ago
e3fd402070
escape email in registration queue and invites
7 years ago
e83813c531
Emailer tests for Digest.getSubscribers ( #6130 )
...
* added additional tests for Digest.getSubscribers
* added another test and tweaked existing digest list building tests
7 years ago
07ed3807d8
remove console.log
7 years ago
caaa72b752
closes #6124
7 years ago
eeedba697b
closes #5804
7 years ago
8810f0f2a9
remove dupe meta
7 years ago
18f4f27fe0
closes #6024
7 years ago
ff88be91fa
Merge remote-tracking branch 'refs/remotes/origin/master' into develop
8 years ago
dc9b21021a
escape moderation notes
8 years ago
bc6b1a8f56
Merge remote-tracking branch 'refs/remotes/origin/master' into develop
...
# Conflicts:
# public/src/admin/extend/plugins.js
8 years ago
24bbf8fe00
closes #5869
8 years ago
875672522e
Merge remote-tracking branch 'refs/remotes/origin/master' into develop
...
# Conflicts:
# src/search.js
8 years ago
a9dbdc75af
closes #5825
8 years ago
c4fbed24f8
Squashed commit of the following:
...
commit 9c86d9b2904e14927cd7e9679b92aec0951d1063
Merge: ebfa63a 5a7f811
Author: Julian Lam <[email protected] >
Date: Thu Jul 20 08:41:39 2017 -0400
Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript
commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Mon Jul 17 23:07:14 2017 -0300
Rename clashing variable 'next'
commit ebfa63a984073a58c17aa408c363cdb03ef89985
Merge: c1801cd f159d0d
Author: Julian Lam <[email protected] >
Date: Mon Jul 17 16:30:40 2017 -0400
Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript
commit c1801cda14e6363491e30b659902e2ae71f7e1f7
Merge: 7a5f9f3 9fd542d
Author: Julian Lam <[email protected] >
Date: Mon Jul 17 16:30:31 2017 -0400
Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript
commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353
Merge: 44851f9[email protected] >
Date: Mon Jul 17 16:30:10 2017 -0400
Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript
commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jul 6 12:16:38 2017 -0300
Prevent form submit
Required for theme change
commit d37b95cb71d32d4483190609798e244c331db165
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jul 6 01:49:52 2017 -0300
Prevent link action with scripts
Required for the theme change that changes the buttons to `a` tags.
commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 19:57:56 2017 -0300
Fix tests
commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 19:09:17 2017 -0300
Update error handling
commit 4ff11cd136a4fb98483f837e2cebc741380dfe76
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 17:29:08 2017 -0300
Remove async waterfall
commit df01d44e821a70c984b89e9585a325c3e02c6e37
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 16:59:43 2017 -0300
Set noscript compose as noscript at start
commit 4bcc380da72239b8315cc849a77a3036e06e4a12
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Wed Jul 5 16:59:12 2017 -0300
Remove last useless next
commit b5eac6fea11e209934c0648a7e75ad07a2167123
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 18:35:08 2017 -0300
Last function requires no next
commit 20a5cce6e6e32a454c304c448383707ec44c75a8
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 18:06:58 2017 -0300
Remove more useless next calls
commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 17:46:07 2017 -0300
Remove useless next calls
commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 15:45:31 2017 -0300
Support old themes
commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sun Jul 2 15:37:23 2017 -0300
Moved all error handling into helpers function
commit 391aa6e67ef9ab67304005e14ac0633cdb630713
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Thu Jun 8 15:37:37 2017 -0300
ESLint - Fix mixed conditionals
commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 18:08:15 2017 -0300
Compose without scripts
commit 2aca811256721238ca0cede4954213d369009885
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 18:00:44 2017 -0300
Register without scripts
commit 097bb51577fb26f8e22f86dc274cb670ab606a8a
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 16:42:15 2017 -0300
Logout without scripts
commit d497e08109891079656fee1c145043a9c0e55f2e
Author: André Zanghelini <an_dz@simutrans-forum>
Date: Sat Jun 3 16:27:10 2017 -0300
Login without script
8 years ago
121a629de6
linting
8 years ago
09621a3a3d
fixes #5776
8 years ago
2f8f69d6af
test monthly digest
8 years ago
74ed033e4a
fix digest test
8 years ago
e56178f72e
remove init socket.io
8 years ago
4f31dec82c
reduce usage of io.emit in tests
8 years ago
5a55c882ab
convert NaN uids to 0
8 years ago
92376a1589
fix calls
8 years ago
eb0faf1e4a
change test to use new signature
8 years ago
08aaabd33c
closes #5642
8 years ago
b171f3072b
Fix many "duplicate key" errors
...
- Reset defaults after every test
- Remove individual `after(db.emptydb)` calls
- Fix async.every in groups test
- Update plugin list in socket tests
8 years ago
f6ac92111b
style changes
8 years ago
5cb53406fe
more picture tests
8 years ago
b29745aa44
more auth tests
8 years ago
769d2b00b1
change test method call
8 years ago
9fdd313e30
tweak test
8 years ago
4b94446cd9
more user search tests
8 years ago
Barış Soner Uşaklı
gasoved
Julian Lam
Barış Soner Uşaklı
Aziz Khoury
Peter Jaszkowiak