Julian Lam
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
5 years ago
Barış Soner Uşaklı
4818ec377e
fix: missing await
5 years ago
Barış Soner Uşaklı
a02ae6f5df
refactor: simpler check in user.blocks.filter
5 years ago
Julian Lam
a6a52430ce
fix: remove setCategorySort and setTopicSort
5 years ago
Julian Lam
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
5 years ago
Barış Soner Uşaklı
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
5 years ago
Barış Soner Uşaklı
db63f5e3f0
fix : #8781
5 years ago
Barış Soner Uşaklı
43afe7ffab
refactor: async/await src/user/approval
5 years ago
Barış Soner Uşaklı
872bacf1c4
Admin/users ( #8762 )
...
* feat: wip admin/users
* feat: more work
* feat: more fixes
* feat: #8662 , verified/unverified user groups
* feat: add filter
* feat: change user search to use filters array
* refactor: remove unused search call
* fix: tests
* fix: cant join system groups
* fix: upgrade script
5 years ago
Julian Lam
30b3fedca4
fix: password reset to invalidate all existing reset tokens for that uid
5 years ago
Barış Soner Uşaklı
1ee9384875
fix : #8757 , allow all slashes in category route
5 years ago
Barış Soner Uşaklı
dc29f4dca2
refactor: switch to using slugify module
5 years ago
cryptoethic
b3ed26ac2c
feat: revoke user sessions above threshold ( #8731 )
...
* feat: revoke user sessions above threshold
* fix: removed translations from en-US
* fix: defined default maxUserSessions in install\data\defaults.json
5 years ago
Julian Lam
a5af2dc819
feat: added PUT/DELETE /api/v1/users/:uid/ban routes
5 years ago
Barış Soner Uşaklı
e60357d20d
feat: #6594 , add top/popular sections to digest email ( #8709 )
5 years ago
Timothy Fike
f85fe7faff
don't invite an already invited email ( #8688 )
...
* don't invite an already invited email
* add email-invited translation string
5 years ago
psychobunny
b6f2f0e5d0
fix : #8681 change owner modal's search should check if user is banned
5 years ago
Barış Soner Uşaklı
ac43cd8b6f
fix : #8665 , trim email before checking validity
5 years ago
Julian Lam
29b357bc66
refactor: expose new method for appending moderation note
5 years ago
Barış Soner Uşaklı
38d3982bf1
fix : #8418
...
allow updating other profile fields when username isnt being changed
5 years ago
Barış Soner Uşaklı
4be693f2e7
feat: fullname search ( #8641 )
...
* feat: fullname search
* fix: take last element
* fix: attempt to fix psql like query
* feat: upgrade sript, another fix attempt
* fix: psql test
* fix: psql scan
* feat: add debug for test
* feat: test collate
* feat: cleanup
* fix: upgrade script
5 years ago
Barış Soner Uşaklı
5f10d67db5
Remove sounds ( #8617 )
...
* feat: remove sounds
* feat: remove more sounds
* feat: disable sounds plugin
* fix: openapi
5 years ago
Barış Soner Uşaklı
54b497258f
feat: add missing name to profile image upload
5 years ago
Barış Soner Uşaklı
a263897627
fix : #8604
5 years ago
Barış Soner Uşaklı
9f9164a9be
fix : #8582
5 years ago
Barış Soner Uşaklı
846b7d2430
refactor: change pwd change logic
...
add one more test
5 years ago
Julian Lam
16cee1b03b
fix: improper targetUid check during password change
5 years ago
Barış Soner Uşaklı
dfabd0a3fe
feat: remove administrator property from public routes
5 years ago
Barış Soner Uşaklı
f89ec20574
feat: allow passing groupName to user.search
5 years ago
Barış Soner Uşaklı
8bd63f61e0
feat: resolve flag on delete/purge/ban/delete account
5 years ago
Barış Soner Uşaklı
57135761ca
fix: move check inside lock
5 years ago
Barış Soner Uşaklı
ce6b20c4b7
feat: remove topics.async.getTopicData usage
5 years ago
Barış Soner Uşaklı
72c60d19c2
fix: tests
5 years ago
Barış Soner Uşaklı
2a5f8ab27e
feat: dont load all subscribers at once
...
increase batch to 500
5 years ago
Barış Soner Uşaklı
3dcf538773
feat: #8023 , allow wildcard search for uid/email
5 years ago
Barış Soner Uşaklı
e95cd28f6f
Zscan ( #8458 )
...
* feat: zscan
* fix: mongodb tests
* feat: scan, ip search starts with
5 years ago
Barış Soner Uşaklı
59a2ace6f7
fix: only add blocksCount for self and admins
5 years ago
Barış Soner Uşaklı
bd228d5ee7
feat: fix blocksCount not being returned on user profile
...
add hook action:user.blocks.toggle
5 years ago
Barış Soner Uşaklı
e53a18f219
fix : #8437 , #8433
5 years ago
Barış Soner Uşaklı
8383992dcc
feat: move export functions into child processes
5 years ago
Barış Soner Uşaklı
48b41debe6
fix: vulnerability in cover and admin uploads ( #8419 )
...
* fix: vulnerability in cover and admin uploads
* fix: remove old test
* fix: update tests
5 years ago
Barış Soner Uşaklı
e80379dc0e
feat: display stack trace on winston.error
5 years ago
Barış Soner Uşaklı
79a7f89235
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
Barış Soner Uşaklı
2bcf7f72d2
fix: follower count going out of sync with real follower count
5 years ago
Barış Soner Uşaklı
bef37e27cb
fix: test lock for user create ( #8415 )
...
* fix: test lock for user create
* fix: redis hdel with undefined
* feat: add test for undefined key in deleteObjectFields
5 years ago
Barış Soner Uşaklı
f0526bff9f
fix: add mising timestamp
5 years ago
Barış Soner Uşaklı
a680a95e73
feat: add filter:user.getFields to match topic/posts
5 years ago
Barış Soner Uşaklı
18d892398f
fix: add timestamp to initial username history
5 years ago
Julian Lam
67aca822e6
feat: account content deletion, closes #8381
5 years ago
Barış Soner Uşaklı
5a2b515431
feat: #8349 , remove user posts from queue if user is deleted
5 years ago