53e0d4d2e0
feat: banned-users group
4 years ago
f6cd2862bd
feat: #9232 , add profile picture into exported zip
4 years ago
fb84c78544
chore: remove deprecated `User.emailConfirm` [breaking]
...
Use `User.email.confirmByCode` instead.
4 years ago
b2b1450e5d
fix : #9217 , render 400 error page on bad access to /register
4 years ago
69419571a9
fix: make sure inviter user exists
4 years ago
eaf62d39fd
fix : #9177 , handled multiple deleted users properly
4 years ago
2be396ff6e
fix: email testing and settings change from ACP
...
- changing email SMTP settings wouldn't apply the first time
- "Send Test Email" now will report emailer errors in most cases
4 years ago
80de572aa1
feat: add user.email.confirmByUid for sso plugins
4 years ago
1f32d38778
fix: default values, clamp postsPerPage/topicsPerPage to max
4 years ago
86b7f8a5d4
fix : #8962 , dont show null for purged targets
4 years ago
5f0f476b57
feat: #9005 , use timestamp in profile/cover images
...
delete current one if keepAllUserImages is turned off
fix typo in data
4 years ago
4317cdea34
fix : #9002 ban templates not user friendly
4 years ago
d46740f860
fix : #9007 revoke old sessions after adding
4 years ago
a4fe4d3cf5
fix: allow guests to see their replies immediately
4 years ago
5080f35752
fix : #8991 , logout on password reset, dont verify email if password expired
...
dont allow same password on reset
4 years ago
7f5efc3e93
fix : #8992 , set email:confirmed for first admin user
4 years ago
6e6a7a8f8a
fix : #8969 , export csv to file
4 years ago
dadb2527da
fix : #8974 , with password login for approval queue
4 years ago
21d6225ce0
fix: 'already-deleting' error on subsequent account content deletions
4 years ago
4f37eddc5e
feat: clear reset tokens on user delete
4 years ago
0ca40af834
fix : #8939 , fix username change notification getting filtered out
4 years ago
6e2da9966e
refactor: move plugin hook methods to plugin.hooks.*
4 years ago
046d0b1637
feat: allow pins to expire (if set) ( #8908 )
...
* fix: add back topic assert middleware for pin route
* feat: server-side handling of pin expiries
* refactor: togglePin to not require uid parameter [breaking]
* feat: automatic unpinning if pin has expiration set
* feat: client-side modal for setting pin expiration
* refactor: categories.getPinnedTids to accept multiple cids
... in preparation for pin expiry logic, direct access to *:pinned zsets is discouraged
* fix: remove references to since-removed jobs file for topics
* feat: expire pins when getPinnedTids is called
* refactor: make the togglePin change non-breaking
The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid
4 years ago
1be08b2e8b
fix: guest displayname
4 years ago
dbd814c25f
fix: spec, only call modifyUser on unique user objects
4 years ago
ae5d4405c0
fix: setting
4 years ago
9ca44e6f54
feat: add displayname into user obj #8637 ( #8909 )
...
* feat: add displayname into user obj #8637
* fix: spec
* perf: dont load settings if acp setting is turned off
4 years ago
a0b7a82350
feat(api): account deletion routes for the Write API ( #8881 )
...
* feat(api): account deletion routes for the Write API
* refactor: rewrite client-side calls to account deletion to use api
* style: apply DRY
4 years ago
1d6bcbebde
feat: https://github.com/NodeBB/NodeBB/issues/8147
4 years ago
3ccebf112e
feat: invites regardless of registration type, invite privilege, groups to join on acceptance ( #8786 )
...
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
51b7eca119
fix: run every hour, dont show message if average_time is 0
4 years ago
04f4429f72
Resolve #7514 - optional timer for registration queue ( #8796 )
...
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
4 years ago
512f6de6de
feat: allow passwords with length > 73 characters ( #8818 )
...
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef7e119fa0f1bd3517d756ca013d5e79.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
4 years ago
4818ec377e
fix: missing await
4 years ago
a02ae6f5df
refactor: simpler check in user.blocks.filter
4 years ago
a6a52430ce
fix: remove setCategorySort and setTopicSort
4 years ago
aa8faf58a0
refactor: remove /users/{uid}/settings/{setting} route
...
@baris Also, I am now allowing the following properties to be saved in User.saveSettings:
- categoryTopicSort
- topicPostSort
- setCategorySort
- setTopicSort
4 years ago
a05905f196
performance improvements ( #8795 )
...
* perf: nconf/winston/render
cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests
* fix: copy paste fail
* refactor: style and fire hook only log in dev mode
* fix: cache key, header changes based on template
* perf: change replace
* fix: add missing await
* perf: category
* perf: lodash clone
* perf: remove escapeRegexChars
4 years ago
db63f5e3f0
fix : #8781
4 years ago
43afe7ffab
refactor: async/await src/user/approval
4 years ago
872bacf1c4
Admin/users ( #8762 )
...
* feat: wip admin/users
* feat: more work
* feat: more fixes
* feat: #8662 , verified/unverified user groups
* feat: add filter
* feat: change user search to use filters array
* refactor: remove unused search call
* fix: tests
* fix: cant join system groups
* fix: upgrade script
4 years ago
30b3fedca4
fix: password reset to invalidate all existing reset tokens for that uid
4 years ago
1ee9384875
fix : #8757 , allow all slashes in category route
4 years ago
dc29f4dca2
refactor: switch to using slugify module
4 years ago
b3ed26ac2c
feat: revoke user sessions above threshold ( #8731 )
...
* feat: revoke user sessions above threshold
* fix: removed translations from en-US
* fix: defined default maxUserSessions in install\data\defaults.json
4 years ago
a5af2dc819
feat: added PUT/DELETE /api/v1/users/:uid/ban routes
4 years ago
e60357d20d
feat: #6594 , add top/popular sections to digest email ( #8709 )
4 years ago
f85fe7faff
don't invite an already invited email ( #8688 )
...
* don't invite an already invited email
* add email-invited translation string
4 years ago
b6f2f0e5d0
fix : #8681 change owner modal's search should check if user is banned
4 years ago
ac43cd8b6f
fix : #8665 , trim email before checking validity
4 years ago
29b357bc66
refactor: expose new method for appending moderation note
5 years ago
38d3982bf1
fix : #8418
...
allow updating other profile fields when username isnt being changed
5 years ago
4be693f2e7
feat: fullname search ( #8641 )
...
* feat: fullname search
* fix: take last element
* fix: attempt to fix psql like query
* feat: upgrade sript, another fix attempt
* fix: psql test
* fix: psql scan
* feat: add debug for test
* feat: test collate
* feat: cleanup
* fix: upgrade script
5 years ago
5f10d67db5
Remove sounds ( #8617 )
...
* feat: remove sounds
* feat: remove more sounds
* feat: disable sounds plugin
* fix: openapi
5 years ago
54b497258f
feat: add missing name to profile image upload
5 years ago
a263897627
fix : #8604
5 years ago
9f9164a9be
fix : #8582
5 years ago
846b7d2430
refactor: change pwd change logic
...
add one more test
5 years ago
16cee1b03b
fix: improper targetUid check during password change
5 years ago
dfabd0a3fe
feat: remove administrator property from public routes
5 years ago
f89ec20574
feat: allow passing groupName to user.search
5 years ago
8bd63f61e0
feat: resolve flag on delete/purge/ban/delete account
5 years ago
57135761ca
fix: move check inside lock
5 years ago
ce6b20c4b7
feat: remove topics.async.getTopicData usage
5 years ago
72c60d19c2
fix: tests
5 years ago
2a5f8ab27e
feat: dont load all subscribers at once
...
increase batch to 500
5 years ago
3dcf538773
feat: #8023 , allow wildcard search for uid/email
5 years ago
e95cd28f6f
Zscan ( #8458 )
...
* feat: zscan
* fix: mongodb tests
* feat: scan, ip search starts with
5 years ago
59a2ace6f7
fix: only add blocksCount for self and admins
5 years ago
bd228d5ee7
feat: fix blocksCount not being returned on user profile
...
add hook action:user.blocks.toggle
5 years ago
e53a18f219
fix : #8437 , #8433
5 years ago
8383992dcc
feat: move export functions into child processes
5 years ago
48b41debe6
fix: vulnerability in cover and admin uploads ( #8419 )
...
* fix: vulnerability in cover and admin uploads
* fix: remove old test
* fix: update tests
5 years ago
e80379dc0e
feat: display stack trace on winston.error
5 years ago
79a7f89235
Merge branch 'master' of https://github.com/NodeBB/NodeBB
5 years ago
2bcf7f72d2
fix: follower count going out of sync with real follower count
5 years ago
bef37e27cb
fix: test lock for user create ( #8415 )
...
* fix: test lock for user create
* fix: redis hdel with undefined
* feat: add test for undefined key in deleteObjectFields
5 years ago
f0526bff9f
fix: add mising timestamp
5 years ago
a680a95e73
feat: add filter:user.getFields to match topic/posts
5 years ago
18d892398f
fix: add timestamp to initial username history
5 years ago
67aca822e6
feat: account content deletion, closes #8381
5 years ago
5a2b515431
feat: #8349 , remove user posts from queue if user is deleted
5 years ago
8bf980cb63
fix: tests, handle no sessions
5 years ago
a0d76ff0a6
fix : #8318 , clean expired sessions on login and get
5 years ago
1d3fa3bc4e
feat: throw error if uid is missing for update
5 years ago
c4545381d7
feat: Add hooks for user blocks ( #8296 )
...
* Add hooks for user blocks
* change naming
* Fix the filter...
fixes #8109
5 years ago
5ebcdb1806
fix : #8287 , fix users:flags as well
5 years ago
9d153fd388
fix : #8287 , dont readd user after deletion
...
don't add user uid back to users:* sorted sets if they are deleted
upgrade script to fix users:* sorted sets
5 years ago
0ca84bd9f4
fix : #8284 , parse ToS on register
...
rewrite intersitials to async/await
5 years ago
ccc6118d30
Testing suite integration for openapi spec ( #8263 )
...
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
5 years ago
8e23dec84b
fix: lint
5 years ago
00e299e93e
feat: closes #8229 , add targetUid to action:password.change
5 years ago
f07f4f8e1a
fix : #8202 , filter non-existing users in search by uid
5 years ago
266061c31a
fix: notification bodyShort truncated if there is a comma in topic title
5 years ago
1efb238a9a
refactor: getUsersCSV to use batch lib
5 years ago
14e7866745
fix : #8179 , limit length of location/website/fullname, check grouptitle
5 years ago
667608a02c
fix : #8168 re-allowing slashes in homePageRoute
...
Resolves regression introduced by b0f3e48ac2
5 years ago
3cca929a88
fix: add missing await
5 years ago
8c6a7954cf
fix: delete upload
5 years ago
153b1a0eaa
fix: check uploadName
5 years ago
b0f3e48ac2
fix: escape bootswatchSkin and homepageRoute
5 years ago
e06c1bfcd2
fix: escape config.userLang/acpLang, don't allow invalid language codes
5 years ago
9d074731f4
fix: login with weak password
5 years ago
f6d7a24a67
fix: dont check password strength on login
5 years ago
1b992d8201
fix : #8058 , fix incorrect digest setting display in ACP
5 years ago
f4381ba366
fix: add missing await to sendValidationEmail
5 years ago
645d647248
feat: wip, better digest handling (+ eventual digest resend logic) ( #7995 )
...
* feat: wip, better digest handling (+ eventual digest resend logic)
- await emailer.send call in digest.send method
- save send success to a new sorted set digest:{interval}:byUid
* feat: continuing work on digest tools
- Added ACP page to view digest settings and delivery times per user
* feat: added paginator and stub buttons for resending digest
* feat: wrapping up digest revamp
- New language strings in ACP digest page
- Client-side ACP script for digest ACP page
- Websocket call for ACP page to execute digests
- Broke out logic to retrieve user digest settings to getUsersInterval
* fix: minor cleanup
* fix : #8010 and some style suggestions from baris
* fix: resolve confusing comment
5 years ago
0037a03886
fix : #8018 , allow absolute urls in notification.path
5 years ago
59242d31aa
fix : #8010 , fix isBanned call
5 years ago
485fbd2f14
feat: #7964 , change all categories at once
...
allow passing cids to setCategoryWatchState and category.exists
5 years ago
75bcb0f484
fix: remove unused data from post/topic/user hashes
5 years ago
f8c8038a06
refactor: remove log, topics.exists
5 years ago
dc8d721c46
refactor: async/await
5 years ago
d5dda26f97
fix : #7938 , escape username in registration queue
5 years ago
603908c10a
refactor: async/await socket.io/index
5 years ago
c5ffd8cc74
refactor: async/await image.js
5 years ago
9a7560049a
feat: bypass cropper for gifs
5 years ago
625b0815bb
refactor: shorter, new Date doesnt throw
5 years ago
babb9d7c55
fix : #7913 , dont allow urls in fullname/location, validate birthday
5 years ago
96ab8d05aa
fix: only allow png/jpg/bmp in cover/profile images
5 years ago
5505628c8d
refactor: change to const
5 years ago
a7d2b8a1fe
refactor: async/await socket.io
6 years ago
ec98945a5f
refactor: remove commented out code
6 years ago
b9105ef9c6
refactor: async/await controllers/authentication
6 years ago
22f8011686
refactor: remove async from isPasswordValid, function is sync
6 years ago
09410ff1c5
feat: don't hardcode numberic fields in user search
6 years ago
4652c68ba7
fix: dont show deleted topics in digest
6 years ago
88dfbf213f
refactor: async/await socket.io/admin
6 years ago
29f96b199c
fix(style): requiring parens in block bodies
6 years ago
0921230976
fix(style): updated code to follow new eslint recommendations
...
Squashed commit of the following:
commit f9ce878b269b3568f0d649309aae1af4dcfdfeef
Author: Julian Lam <julian@nodebb.org>
Date: Tue Aug 13 14:30:46 2019 -0400
fix(style): updated code to follow new eslint recommendations
commit 80dd370e413f22badb96ff2138e7991dfff6d836
Author: Julian Lam <julian@nodebb.org>
Date: Tue Aug 13 14:14:58 2019 -0400
fix(deps): update dependency sitemap to v4
Squashed commit of the following:
commit f4dd9cabb21e26fdc21f8413be822ea7c64251f8
Author: Julian Lam <julian@nodebb.org>
Date: Tue Aug 13 11:33:05 2019 -0400
fix: resolved breaking changes from sitemap v4 upgrade
commit 9043415ee16dcc27a8dcc2e4479d1bc5e2d1b60e
Merge: e3352b272 72590b346fix : #7831 , fix pagination
convert to async/await
commit c9e83f2374572264855a04156278eef256b0a20c
Author: Barış Soner Uşaklı <barisusakli@gmail.com>
Date: Sun Aug 11 00:14:35 2019 -0400
fix: remove empty line
commit 30be91b26c4dd7583412c4e8d56e9c1688e48a44
Author: Barış Soner Uşaklı <barisusakli@gmail.com>
Date: Sun Aug 11 00:13:41 2019 -0400
fix: remove useless catchs and empty line
commit 2e4a71c0b6104738f15ffbfe3246105b922fdfb3
Author: Renovate Bot <bot@renovateapp.com>
Date: Sat Aug 10 06:51:50 2019 +0000
chore(deps): update dependency eslint-config-airbnb-base to v14
6 years ago
3ecac97d7e
fix : #7826 , fix order of categories on recent dropdown
6 years ago
bc6f22ebdb
fix: digest not sending topics
6 years ago
ce91288607
fix: derpy catch
6 years ago
6a486e35bb
fix: user urls in subfolder install
...
fix missing await
6 years ago
0b498acdcf
fix : #7765
6 years ago
e2e33dfb1e
fix: status and groupTitle, if its not set
6 years ago
930ffd074f
fix: tests
6 years ago
a51ec591ee
feat: #7743 , finish user module
6 years ago
6fea46b6e2
feat: #7743
...
user/posts
user/profile
6 years ago
cd80c2638c
feat: #7743
...
user/password
user/picture
6 years ago
0a690c5710
feat: #7743
...
user/online.js
6 years ago
1c5fad6dae
feat: #7743
...
user/notifications.js
6 years ago
fe4c048198
feat: #7743
...
user/index.js
user/info.js
user/invite.js
user/jobs.js
6 years ago
c610eb1430
feat: #7743 , user/digest, user/email, user/follow
6 years ago
9eb1fcd4e5
fix : #7762 , allow array for isBanned
...
dont filter banned users one by one in digest
6 years ago
d6e36c3166
feat: #7743 , user/create, user/data, user/delete
6 years ago
4541caa4f8
feat: #7743 , user/block, user/categories
6 years ago
1970214a24
feat: #7743 user/ban, up mubsub
6 years ago
b24ce97602
feat: #7743 , user/approval, user/auth
6 years ago
2c33595507
feat: #7743 user/admin.js
6 years ago
gasoved
Barış Soner Uşaklı
Julian Lam
Peter Jaszkowiak
psychobunny
Barış Soner Uşaklı
Opliko
cryptoethic
Timothy Fike