Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-10 16:05:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,754 Commits 75 Branches 483 Tags
1e7f32b1c41043f2a196e86d671d1ad848d817dd
Commit Graph

81 Commits

Author SHA1 Message Date
Barış Soner Uşaklı
1d3c0e5a2b fix: https://github.com/NodeBB/NodeBB/issues/11239 
parseInt uid received from req.body._uid or req.query._uid
 2023-01-30 11:48:10 -05:00
Julian Lam
cf4f5447bb fix: #10906, allow middleware.checkAccountPermissions to be called with either uid or userslug in params 
Previously, the middleware only worked with userslug params
 2022-09-19 10:08:18 -04:00
Barış Soner Uşaklı
33458701c1 test: passport0.6 (#10638) 
* test: passport0.6

* test: make logout async, fix lint

* test: keepSessionInfo flag

* revert: csrf load
 2022-08-15 14:18:43 -04:00
Barış Soner Uşaklı
10949184ca test: add failing guest csrf test (#10169) 
* test: add failing guest csrf test

* test: use correct var

* fix: use applyCsrf for guests as well
 2022-01-20 18:22:10 -05:00
Julian Lam
d89fc44c03 fix: move authenticateRequest before interstitial and maintenance mode middlewares, allowed plugins to disable authentication on certain routes 
fixes #10112
 2021-12-30 16:14:50 -05:00
Julian Lam
02e878be72 feat: stub code for v3 chats api 2021-12-22 10:59:36 -05:00
Barış Soner Uşaklı
324262cbb5 refactor: DRY 2021-11-28 19:31:08 -05:00
Barış Soner Uşaklı
1a7fffc7e9 breaking: remove deprecated user middlewares 2021-11-28 18:58:17 -05:00
Barış Soner Uşaklı
941ecaf899 fix: keep query params on /me redirects 2021-11-28 18:48:52 -05:00
Barış Soner Uşaklı
7434cbf66f test: add api token tests 2021-11-26 18:59:29 -05:00
Barış Soner Uşaklı
fb363957d1 refactor: tab rules 2021-11-18 16:42:18 -05:00
Julian Lam
dd4e66e22c fix: push back some deprecations, remove deprecated stuff scheduled for v1.18.0 2021-09-03 12:04:20 -04:00
Opliko
d509a307f0 Remove some deprecated/unnecessary code (#9688) 
* refactor: remove mkdirp promisify

* refactor: remove old session deletion API route

* refactor: remove middleware.isAdmin

* refactor: remove templateValues.config.bootswatchSkin

* fix: unused dependencies
 2021-08-01 22:03:19 -04:00
Julian Lam
afd2d8dab1 feat(emails): pass req in to filter:registration.interstitial 2021-07-30 13:29:13 -04:00
Julian Lam
b4b65ecd98 fix(emails): remove debug log 2021-07-30 13:29:13 -04:00
Julian Lam
69c96dd23c refactor(emails): more work in update email interstitial, interstitial skipping, email change on confirmation, deprecation of requireEmailConfirmation 2021-07-30 13:29:13 -04:00
Julian Lam
7036c3751e feat: internationalize API error messages 2021-07-09 12:24:32 -04:00
Julian Lam
a54a3ee1ca fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 12:24:32 -04:00
Barış Soner Uşaklı
36f119a96a fix: #9492, keep query params on redirect 2021-04-15 12:43:28 -04:00
Julian Lam
9c52fd2e74 fix: #9450 express session saved even if saveUninitialized explicitly passed in 2021-04-02 11:07:16 -04:00
Julian Lam
166d65a1ba fix: add back middleware.authenticateOrGuest 2021-03-08 14:52:49 -05:00
Julian Lam
e3b2c00db1 fix: request authentication called twice in account routes 2021-03-08 14:47:55 -05:00
Julian Lam
7da061f0d7 refactor: automatically authenticate all requests setup through route helpers (#9357) 
* refactor: automatically authenticate all requests setup through route helpers

* fix: removed connect-ensure-login dependency

* fix: bug with some middlewares not defined outside route helper methods
 2021-03-08 14:03:22 -05:00
Peter Jaszkowiak
b56d9e12b5 chore: eslint prefer-arrow-callback 2021-02-08 18:06:44 -05:00
Peter Jaszkowiak
707b55b6a5 chore: eslint prefer-template 2021-02-08 18:06:44 -05:00
Julian Lam
f975063b7d fix: #7125, allow list for page route, configurable via plugin hook 2021-01-25 16:01:10 -05:00
Julian Lam
6037f5ee2c chore: add comment for clarification 2020-12-07 15:44:34 -05:00
Julian Lam
6e2da9966e refactor: move plugin hook methods to plugin.hooks.* 2020-11-20 16:32:39 -05:00
Julian Lam
15e0731dd9 fix: deprecate middleware.isAdmin 
Also, handle admin logout timer in middleware.admin.checkPrivileges
 2020-10-30 12:30:58 -04:00
Julian Lam
57ed6be78b fix: #8805 define our own name for write API v3 2020-10-29 12:51:36 -04:00
Julian Lam
266d7587b2 refactor: remove usage of middlewares 
Specifically, middleware.isAdmin|exposePrivilegeSet|exposePrivileges
 2020-10-29 07:56:28 -04:00
Julian Lam
1e07886f30 feat: require csrf token if not using bearer token 2020-10-13 16:58:44 -04:00
Julian Lam
549ca11056 fix: bug where middlewares seemingly ran in parallel 2020-10-08 15:33:10 -04:00
Julian Lam
fd67355b03 fix(writeapi): authenticate middleware logic to work better with await 2020-10-08 15:33:10 -04:00
Julian Lam
f6433ef2c5 fix(refactor): merging write-api auth middlewares with core middlewares 2020-10-08 15:33:10 -04:00
Barış Soner Uşaklı
0cea713691 feat: remove deprecated checkGlobalPrivacySettings 2020-07-24 11:42:37 -04:00
Barış Soner Uşaklı
dcb85ee7a1 #8344 (#8346) 
* feat: wip

* feat: wrap middlewares

* feat: middleware errors

* feat: more middleware changes

* fix: remove unused async

* fix: prevent version errors from blocking acp render

* feat: wrap more middlewares
 2020-06-03 20:18:42 -04:00
Julian Lam
5a1c6ee7ed fix: response hook logic 
After some more thought, a response hook should be checking for
whether headers are sent, and executing (or not executing) the
default logic in that case.

Before, we were relying on hooks to call data.next() to continue
execution, but it makes more sense to have the listener either
send a response or not, and handle the behaviour afterwards.
 2020-04-24 11:51:33 -04:00
Julian Lam
f0db240a1d fix: #8184 global mods unable to revoke other user sessions 2020-02-26 12:26:52 -05:00
Barış Soner Uşaklı
a227cbe328 refactor: async/await middleware 2019-12-16 08:44:55 -05:00
Baris Usakli
cec0079573 refactor: shorter returns 2019-11-15 14:27:45 -05:00
Baris Usakli
efd1e88bbf feat: convert middleware.isAdmin to async/await 2019-11-15 14:24:24 -05:00
Baris Usakli
1eca5b3dae fix: show login fields if user has local password 2019-11-15 13:19:29 -05:00
Opliko
b9583ed838 Add privilege for accessing user information (#7859) 
* Add view users info global privilege

* Show user ip only to global mods and admins

* fix missing comma

* Hide link for users without correct privilege

* move getting privilege information to getAllData

* Hide the link from Global Moderators as well

* Give Global Moderator view:users:info privilege

* Restrict ip in post menu to view:users:info

* add some trailing commas....

* Add privilege to categories test

* Add group privilege to categories test

* add upgrade script

* fix style for TravisCI

* more styling - change spaces to tabs

* some more styling fixes (hopefully final one)

* fix style for Travis CI

* hide ip in chat messages

* Don't show even hidden ips on user profile page
 2019-09-17 14:02:52 -04:00
Baris Usakli
8f55ab1340 fix: #7494 2019-03-26 12:24:28 -04:00
Julian Lam
949b10f132 fix: no relative path needed in req.session.returnTo 
re: julianlam/nodebb-plugin-session-sharing#73
 2019-02-15 16:42:11 -05:00
Barış Soner Uşaklı
c72da5595a fix: #6806 
3 new global privileges
view:users
view:tags
view:groups
 2019-02-05 12:08:18 -05:00
Julian Lam
a23854e3ff feat: new hook type: response 
Used in authentication middleware. Instead of firing an action
hook, it now fires a response hook.

Response hooks are invoked serially, and if headers are sent from
one of the hook listeners, all subsequent hook methods are not
called.

Response hooks should only be used in situations where res.send
(or other like methods) are invoked. Existing plugin hooks that
pass in res purely for data retrieval purposes have not changed).

fixes nodebb/nodebb-plugin-write-api#101
 2019-01-19 14:49:22 -05:00
Barış Soner Uşaklı
60390c01f1 fix: loop 2018-12-17 16:59:45 -05:00
Barış Soner Uşaklı
f88db22ca2 feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00