discourse/spec
Robin Ward 20a8a2f396 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:55:45 -05:00
..
components FIX: TOTP could not be used on sites with colons in their names 2020-02-20 16:35:30 -05:00
fabricators FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
fixtures FIX: Consider webp a supported image format for upload (#9015) 2020-02-21 13:08:01 +10:00
helpers FIX: blank popular posts in summary emails due to lightbox images 2020-02-21 16:18:38 -05:00
import_export FIX: Import sub-sub-categories (#8810) 2020-01-30 18:46:33 +02:00
integration UX: Include public groups in mentionable groups set (#8516) 2019-12-12 13:13:40 +02:00
integrity DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
jobs FIX: Ensure web hooks are retried at most 5 times 2020-02-21 17:02:40 +02:00
lib Merge diffs from master 2020-02-25 17:23:37 -05:00
mailers Fix test another way 2020-02-11 17:07:18 -05:00
models FIX: ensures destroying a user with security keys doesn't fail (#9042) 2020-02-25 14:07:57 -05:00
multisite FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
requests SECURITY: Ensure the invite JSON API matches the UX 2020-03-05 09:55:45 -05:00
serializers FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
services Link website when reviewing users 2020-02-19 10:18:05 -05:00
support Suppres task spec output using capture_stdout 2020-02-20 14:47:47 +10:00
tasks Suppres task spec output using capture_stdout 2020-02-20 14:47:47 +10:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00