* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
* feat: #7514 Optional timer for registration queue
* feat: show minutes in average time
* fix: don't show total number of minutes
* feat: implement requested changes
* fix: just store minutes instead of milliseconds
* feat: set default values
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
* feat: fix session mismatch errors by clearing cookie on logout
* feat: remove app.upateHeader
ported from 2.0
* feat: handle if user doesn't click button and just refreshes page
In scenarios where onSuccessfulLogin was not called in the SSO plugin,
core's calling of onSuccessfulLogin was prematurely returning, because
it was checking the wrong value.
This commit fixes the issue by checking a different value.
* adding filter:login.check and loginFormEntry[] for the filter:login.build hook, related to nodebb-plugin-spam-be-gone/issues/32
* do not exceed 50 lines per function
* spam-be-gone@0.6.4
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
- RTL is applied (or unapplied) on login and logout depending on
user language/guest-detected language.
- config is automatically saved into res.locals.config whenever
loadConfig is called
- On login/logout, buildHeader is called instead of getting config
- On logout, req.uid is deleted instead of set to 0
* fix: #7038, autoLocale logic not playing nicely with no-refresh auths
- on login, req.query.lang is deleted (since it seems to be left over)
- on logout, the middleware.autoLocale is executed, which resets
req.query.lang
- middleware.autoLocale is new, just refactored existing logic in
webserver.js into new middleware method.
* style: tests, use lodash
* fix: timeago strings not switching languages on login or out
* no-refresh login as well, plus lots of fixes for missing config on login
* replace config with new set on logout as well
* passing new payload data into new action:app.loggedIn hook, and old action:app.loggedOut hook
* fixed issues with socket.io not properly representing uid on server
* some light refactoring and cleanup
* minor cleanup, fixed spa logout not working after login
* have reconnection handler for socket.io wait 2s to confirm disconnection before reporting -- stops flicker if reconnecting immediately
* Dynamically replace chat and slideout menu on updateHeader()
... instead of just the menu items.
* more efficient calls to Benchpress and translator /cc @pitaj
* fix: chats and notification handlers not working after login
* fix: accidentally calling cb multiple times
* Store config fields as JSON in the db
Fewer parseInts
* Remove unnecessary parseInts
* remove some dupe code add tests
* remove console.log
* remove more parseInts
* WIP: read meta.configs defaults from defaults.json
remove more parseInts
* more work
* add log for failing test
* update admin pwd
* fix tests, dont require posts/cache before configs are initialized
* handle saves
* Test boolean conditions
* remove more parseInts
* Fix boolean values
* remove lots more parseInts
* removed json parsing
* renamed var to number
* categories dont have timestamp
