From 712767f68911c1bc2b7a6bd436f06807492df4ad Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 4 Oct 2024 11:57:31 -0400
Subject: [PATCH 1/3] fix(deps): bump 2factor

---
 install/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/package.json b/install/package.json
index f20f9d8d55..fc600cbd5a 100644
--- a/install/package.json
+++ b/install/package.json
@@ -97,7 +97,7 @@
         "mousetrap": "1.6.5",
         "multiparty": "4.2.3",
         "nconf": "0.12.1",
-        "nodebb-plugin-2factor": "7.5.5",
+        "nodebb-plugin-2factor": "7.5.6",
         "nodebb-plugin-composer-default": "10.2.39",
         "nodebb-plugin-dbsearch": "6.2.5",
         "nodebb-plugin-emoji": "5.1.15",
@@ -198,4 +198,4 @@
             "url": "https://github.com/barisusakli"
         }
     ]
-}
\ No newline at end of file
+}

From 39f57f9e5b177d1a50de6ec0f3d17d8aa4e28444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Fri, 4 Oct 2024 15:44:19 -0400
Subject: [PATCH 2/3] refactor: don't block ./nodebb upgrade if suggested
 modules are not loaded

---
 src/cli/upgrade-plugins.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cli/upgrade-plugins.js b/src/cli/upgrade-plugins.js
index cb6cbce94b..b68db55eac 100644
--- a/src/cli/upgrade-plugins.js
+++ b/src/cli/upgrade-plugins.js
@@ -77,7 +77,8 @@ async function getSuggestedModules(nbbVersion, toCheck) {
 	const request = require('../request');
 	let { response, body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`);
 	if (!response.ok) {
-		throw new Error(`Unable to get suggested module for NodeBB(${nbbVersion}) ${toCheck.join(',')}`);
+		console.warn(`Unable to get suggested module for NodeBB(${nbbVersion}) ${toCheck.join(',')}`);
+		return [];
 	}
 	if (!Array.isArray(body) && toCheck.length === 1) {
 		body = [body];

From a5f3d097bb0a52226b2f1ecbb4cac2f1faf41f47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 8 Oct 2024 00:08:10 -0400
Subject: [PATCH 3/3] chore: up composer

add test for /compose route
---
 install/package.json |  2 +-
 test/controllers.js  | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/install/package.json b/install/package.json
index fc600cbd5a..7e1d0d4a4d 100644
--- a/install/package.json
+++ b/install/package.json
@@ -98,7 +98,7 @@
         "multiparty": "4.2.3",
         "nconf": "0.12.1",
         "nodebb-plugin-2factor": "7.5.6",
-        "nodebb-plugin-composer-default": "10.2.39",
+        "nodebb-plugin-composer-default": "10.2.40",
         "nodebb-plugin-dbsearch": "6.2.5",
         "nodebb-plugin-emoji": "5.1.15",
         "nodebb-plugin-emoji-android": "4.0.0",
diff --git a/test/controllers.js b/test/controllers.js
index 418420303f..e94720b471 100644
--- a/test/controllers.js
+++ b/test/controllers.js
@@ -1553,6 +1553,7 @@ describe('Controllers', () => {
 			await privileges.categories.rescind(['groups:read'], category.cid, 'guests');
 			const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`);
 			assert.equal(response.statusCode, 401);
+			await privileges.categories.give(['groups:read'], category.cid, 'guests');
 		});
 
 		it('should redirect if topic index is negative', async () => {
@@ -1715,7 +1716,9 @@ describe('Controllers', () => {
 		});
 
 		it('should load the composer route', async () => {
-			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=1`);
+			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, {
+				jar,
+			});
 			assert.equal(response.statusCode, 200);
 			assert(body.title);
 			assert(body.template);
@@ -1733,7 +1736,9 @@ describe('Controllers', () => {
 				method: hookMethod,
 			});
 
-			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=1`);
+			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, {
+				jar,
+			});
 			assert.equal(response.statusCode, 200);
 			assert(body.title);
 			assert.strictEqual(body.template.name, '');
@@ -1835,6 +1840,30 @@ describe('Controllers', () => {
 			assert.equal(replyResult.response.statusCode, 302);
 			await privileges.categories.rescind(['groups:topics:post', 'groups:topics:reply'], cid, 'guests');
 		});
+
+		it('should not load a topic data that is in private category', async () => {
+			const { cid } = await categories.create({
+				name: 'private',
+				description: 'private',
+			});
+
+			const result = await topics.post({ uid: fooUid, title: 'hidden title', content: 'hidden content', cid: cid });
+
+			await privileges.categories.rescind(['groups:topics:read'], category.cid, 'guests');
+			let { response, body } = await request.get(`${nconf.get('url')}/api/compose?tid=${result.topicData.tid}`);
+			assert.equal(response.statusCode, 401);
+			assert(!body.title);
+
+			({ response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`));
+			assert.equal(response.statusCode, 401);
+			assert(!body.title);
+
+			({ response, body } = await request.get(`${nconf.get('url')}/api/compose?pid=${result.postData.pid}`));
+			assert.equal(response.statusCode, 401);
+			assert(!body.title);
+
+			await privileges.categories.give(['groups:topics:read'], category.cid, 'guests');
+		});
 	});
 
 	describe('test routes', () => {