* breaking: remove `SocketUser.emailConfirm`, re: #10954
* chore: move email confirmation related configs to own section in Settings > Email
* feat: new user email method `getValidationExpiry`, returns expiration in ms.. probably.
* fix: bug where `user.email.isValidationPending` returned an u nexpected non-boolean value if there was no confirmation pending (only when checking email as well)
* fix: update getValidationExpiry to return ms
* test: use emailConfirmInterval for tests, for now
* fix: throw friendly error when attempting an email change within email confirmation window
* feat: new config option `emailConfirmExpiry` in days, governs how long the confirm link is good for
* test: additional tests for user email methods
* fix: add back missing handling of option
* test: fix tests
* feat: allow invites in normal registration mode + invite privilege
* feat: select groups to join from an invite
* test: check if groups from invitations have been joined
* fix: remove unused variable
* feat: write API versions of socket calls
* docs: openapi specs for the new routes
* test: iron out mongo redis difference
* refactor: move inviteGroups endpoint into write API
* refactor: use GET /api/v3/users/:uid/invites/groups
Instead of GET /api/v3/users/:uid/inviteGroups
* fix: no need for /api/v3 prefix when using api module
* fix: tests
* refactor: change POST /api/v3/users/invite
To POST /api/v3/users/:uid/invites
* refactor: make helpers.invite awaitable
* fix: restrict invite API to self-use only
* fix: move invite groups controller to write api, +tests
* fix: tests
Co-authored-by: Julian Lam <julian@nodebb.org>
* feat: allow passwords longer than 73 characters
Context: A bcrypt/blowfish limitation means that password length is capped at 72 characters. We can get around this without compromising on security
by hashing all incoming passwords with SHA512, and then sending that to bcrypt.
https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords
* feat: add additional test for passwords > 73 chars
* fix: remove 'password-too-long' error message and all invocations
* test: added test to show that a super long password won't bring down NodeBB
* fix: remove debug log
* Revert "fix: remove 'password-too-long' error message and all invocations"
This reverts commit 1e312bf7ef.
* fix: added back password length checks, but at 512 chars
As processing a large string still uses a lot of memory
