Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-02 18:41:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,455 Commits 70 Branches 492 Tags
3332480cf1f3fff4fc7a75f519dfd1050916640e
Commit Graph

61 Commits

Author SHA1 Message Date
Opliko
8ac34f8e8e feat: password check hook (#11853) 
* feat: filter:password.check hook

As requested on Discord, hopefully including all relevant user data

* fix: don't use caller uid

* feat: don't forward username separately
 2023-07-30 19:18:21 -04:00
Julian Lam
a344e6ec0c Fix for #11119, restore password reset rate limiting (#11120) 
* chore: incrementing version number - v2.8.1

* chore: update changelog for v2.8.1

* fix: accidental clearing of reset rate limiting on reset send

* test: move user reset tests to its own file, add failing test for user reset locks

* fix: #11119, counter attempted flooding of user reset route

* test: fix password reset socket test to check for error now

* test: same user sending multiple reset emails

should work after waiting the correct amount of time

* lint: fixes

* chore: rename outdated `cleanTokensAndUids` method

* test: no need to create user for new test

Co-authored-by: Misty Release Bot <deploy@nodebb.org>
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
 2023-01-04 11:24:46 -05:00
Julian Lam
165a1d8b76 Revert "fix: update usage of emailer.send to not catch (as errors are no longer thrown), email error throttler" 
This reverts commit d4e5259fcf.
 2022-01-28 15:41:27 -05:00
Julian Lam
d4e5259fcf fix: update usage of emailer.send to not catch (as errors are no longer thrown), email error throttler 2022-01-28 15:16:41 -05:00
Julian Lam
6ca216ab6e feat: revoke user sessions on successful password reset 2022-01-12 11:09:02 -05:00
Julian Lam
be4dbe3441 chore: org; merge consecutive await calls into one Promise.all 2022-01-12 11:08:34 -05:00
Barış Soner Uşaklı
fb363957d1 refactor: tab rules 2021-11-18 16:42:18 -05:00
Julian Lam
087e6020e4 refactor(email): validation checking methods, +tests fix 2021-07-30 13:29:13 -04:00
Julian Lam
5c42b3eab0 test: fixed broken tests from #9605, removed token clean on token usage as it is superceded by token clean on generation (+ associated test) 2021-06-11 15:43:03 -04:00
Julian Lam
229f96f872 fix: #9605, expire all active reset tokens for a uid if that uid generates a new one 2021-06-11 14:39:00 -04:00
Peter Jaszkowiak
5c2f0f0557 chore: eslint no-restricted-syntax 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
dab3b23575 chore: eslint no-var, vars-on-top 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
b56d9e12b5 chore: eslint prefer-arrow-callback 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
707b55b6a5 chore: eslint prefer-template 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
2be396ff6e fix: email testing and settings change from ACP 
- changing email SMTP settings wouldn't apply the first time
- "Send Test Email" now will report emailer errors in most cases
 2020-12-18 16:39:09 -05:00
Barış Soner Uşaklı
5080f35752 fix: #8991, logout on password reset, dont verify email if password expired 
dont allow same password on reset
 2020-11-29 21:55:07 -05:00
Julian Lam
512f6de6de feat: allow passwords with length > 73 characters (#8818) 
* feat: allow passwords longer than 73 characters

Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.

https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

* feat: add additional test for passwords > 73 chars

* fix: remove 'password-too-long' error message and all invocations

* test: added test to show that a super long password won't bring down NodeBB

* fix: remove debug log

* Revert "fix: remove 'password-too-long' error message and all invocations"

This reverts commit 1e312bf7ef.

* fix: added back password length checks, but at 512 chars

As processing a large string still uses a lot of memory
 2020-11-06 08:40:00 -05:00
Barış Soner Uşaklı
db63f5e3f0 fix: #8781 2020-10-21 16:30:14 -04:00
Barış Soner Uşaklı
872bacf1c4 Admin/users (#8762) 
* feat: wip admin/users

* feat: more work

* feat: more fixes

* feat: #8662, verified/unverified user groups

* feat: add filter

* feat: change user search to use filters array

* refactor: remove unused search call

* fix: tests

* fix: cant join system groups

* fix: upgrade script
 2020-10-13 22:42:50 -04:00
Barış Soner Uşaklı
8e23dec84b fix: lint 2020-04-01 21:57:28 -04:00
Barış Soner Uşaklı
75bcb0f484 fix: remove unused data from post/topic/user hashes 2019-10-07 23:13:43 -04:00
Barış Soner Uşaklı
22f8011686 refactor: remove async from isPasswordValid, function is sync 2019-09-11 00:28:42 -04:00
Barış Soner Uşaklı
a51ec591ee feat: #7743, finish user module 2019-07-16 20:44:00 -04:00
Barış Soner Uşaklı
2c5e38d8f1 closes #7004 
do not translate email subjects twice, emailer already translates the passed in subject param
 2018-11-28 10:42:40 -05:00
Barış Soner Uşaklı
9c022afae1 Parse int (#6853) 
* Store config fields as JSON in the db

Fewer parseInts

* Remove unnecessary parseInts

* remove some dupe code add tests

* remove console.log

* remove more parseInts

* WIP: read meta.configs defaults from defaults.json

remove more parseInts

* more work

* add log for failing test

* update admin pwd

* fix tests, dont require posts/cache before configs are initialized

* handle saves

* Test boolean conditions

* remove more parseInts

* Fix boolean values

* remove lots more parseInts

* removed json parsing

* renamed var to number

* categories dont have timestamp
 2018-10-21 16:47:51 -04:00
Julian Lam
f769e734ed removed error output from user reset for rate limiting or incorrect email, so users cannot validate emails via this endpoint 2018-04-04 13:09:53 -04:00
Barış Soner Uşaklı
d8b5d40668 closes #6242 2018-01-18 13:33:06 -05:00
Barış Soner Uşaklı
ff88be91fa Merge remote-tracking branch 'refs/remotes/origin/master' into develop 2017-08-18 20:09:40 -04:00
Baris Usakli
753f1576ce processSortedSet 2017-08-16 16:47:52 -04:00
Baris Usakli
bc0645dc26 Merge remote-tracking branch 'refs/remotes/origin/master' into develop 2017-08-16 15:17:26 -04:00
Julian Lam
f56578ab50 remove reset tokens if target user email changes 2017-08-16 14:37:00 -04:00
Baris Usakli
bc6b1a8f56 Merge remote-tracking branch 'refs/remotes/origin/master' into develop 
# Conflicts:
#	public/src/admin/extend/plugins.js
 2017-08-11 11:33:06 -04:00
Baris Usakli
24bbf8fe00 closes #5869 2017-08-10 16:49:16 -04:00
Julian Lam
a2627d2066 added default payload to emails, and adding nodebb logo for email header 2017-07-13 11:30:44 -04:00
Barış Soner Uşaklı
890c2eff70 style changes 2017-05-27 01:44:26 -04:00
Peter Jaszkowiak
1ed571189c Make utils and translator easier to require 
Move utils.walk to file.walk, backwards compatible
 2017-04-08 20:27:52 -06:00
Peter Jaszkowiak
3b0dd2d1ef ESlint padded-blocks 2017-02-18 02:32:24 -07:00
Peter Jaszkowiak
a5a3f3089a ESlint no-mixed-operators 2017-02-18 01:51:11 -07:00
Peter Jaszkowiak
2ba46808a1 ESlint one-var, fix comma-dangle 2017-02-17 20:20:42 -07:00
Peter Jaszkowiak
bc1d70c126 ESlint comma-dangle 2017-02-17 19:31:21 -07:00
HeeL
4a3c31b2dc Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00
barisusakli
b0151502c2 use '-inf'/'+inf' 2016-03-11 14:20:23 +02:00
barisusakli
ad1ffdfd81 fix test 2016-03-08 13:54:08 +02:00
barisusakli
f8b494bc1f closes #4313 2016-03-08 13:38:22 +02:00
barisusakli
30d087cbd3 closes #3607 2015-09-14 15:50:07 -04:00
Julian Lam
56fc958939 closes #2891 2015-04-01 17:26:27 -04:00
Julian Lam
47a7ab15be refactored translator system to be a require.js module, and not a global 2015-03-31 15:11:59 -04:00
barisusakli
3bcd8aefb0 deleteObjectFields method 
cleaned up user reset
 2015-02-17 22:22:06 -05:00
barisusakli
c305cd8220 removed commented out code 2015-02-17 18:14:29 -05:00
barisusakli
0096d74cfa user password reset test 2015-02-17 18:11:30 -05:00