github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 16:23:50 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
576354072e
discourse/spec/models
History
Gerhard Schlager 5c91d9a629
SECURITY: Remove auto approval when redeeming an invite (#16976) 
This security fix affects sites which have `SiteSetting.must_approve_users`
enabled. There are intentional and unintentional cases where invited
users can be auto approved and are deemed to have skipped the staff approval process.
Instead of trying to reason about when auto-approval should happen, we have decided that
enabling the `must_approve_users` setting going forward will just mean that all new users
must be explicitly approved by a staff user in the review queue. The only case where users are auto
approved is when the `auto_approve_email_domains` site setting is used.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-06-02 16:11:04 +02:00
..
about_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
admin_dashboard_data_spec.rb FEATURE: Scheduled problem checks for admin dashboard (#15327) 2021-12-20 09:59:11 +10:00
api_key_scope_spec.rb FIX: Missing allowed urls when displaying granualar API key scopes. 2021-12-07 10:17:17 +08:00
api_key_spec.rb FEATURE: Add read-only scope to API keys (#14856) 2021-11-10 17:48:00 +02:00
application_request_spec.rb DEV: Clean up some Redis leaks in test env. 2020-05-18 17:27:37 +08:00
associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badge_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
badge_type_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
bookmark_spec.rb DEV: Add for_topic column to bookmarks (#14343) 2021-09-15 11:29:22 +10:00
category_featured_topic_spec.rb FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
category_group_spec.rb
category_list_spec.rb FIX: exclude topics from muted tag in category featured list. (#14925) 2021-11-16 12:10:50 +05:30
category_spec.rb FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
category_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
child_theme_spec.rb
color_scheme_color_spec.rb
color_scheme_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
developer_spec.rb
digest_email_site_setting_spec.rb
directory_item_spec.rb DEV: improve flaky spec 2019-10-04 11:11:03 +10:00
discourse_connect_spec.rb DEV: rename single_sign_on classes to discourse_connect (#15332) 2022-01-06 16:28:46 +04:00
do_not_disturb_timing_spec.rb FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
draft_sequence_spec.rb FIX: Update draft count when sequence is increased (#13940) 2021-08-04 13:30:37 +03:00
draft_spec.rb FIX: Select correct topic draft for user (#15234) 2021-12-08 15:23:44 +02:00
email_change_request_spec.rb
email_log_spec.rb FEATURE: Use group SMTP job and mailer instead of UserNotifications change (#13489) 2021-06-28 08:55:13 +10:00
email_token_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
embeddable_host_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
emoji_spec.rb FEATURE: Render emojis on GitHub labels when oneboxing an issue. (#13531) 2021-06-25 14:48:36 -03:00
given_daily_like_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
global_setting_spec.rb Build(deps): Bump rubocop from 1.18.2 to 1.18.3 (#13653) 2021-07-07 01:51:43 +02:00
group_archived_message_spec.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
group_associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
group_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
group_spec.rb DEV: Move imap_helper to spec/support directory (#14776) 2021-10-29 20:46:25 +02:00
group_user_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
incoming_link_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
incoming_links_report_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
invite_redeemer_spec.rb SECURITY: Remove auto approval when redeeming an invite (#16976) 2022-06-02 16:11:04 +02:00
invite_spec.rb SECURITY: Remove auto approval when redeeming an invite (#16976) 2022-06-02 16:11:04 +02:00
javascript_cache_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
locale_site_setting_spec.rb use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
mailing_list_mode_site_setting_spec.rb
notification_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
optimized_image_spec.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
permalink_spec.rb DEV: Deprecate Category#url_with_id in favor of Category#url (#9972) 2020-06-18 11:32:14 +03:00
plugin_store_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_spec.rb PERF: Shave off some test-suite time (#15183) 2021-12-03 14:54:07 -06:00
post_action_type_spec.rb FIX: Clear post action types application serializer fragment cache. 2021-06-04 09:14:49 +08:00
post_analyzer_spec.rb FIX: Improve anchor links (#12683) 2021-04-14 10:27:07 +03:00
post_detail_spec.rb
post_mover_spec.rb FIX: nil the baked version after moving the posts. (#14483) 2021-10-12 17:31:18 +11:00
post_reply_key_spec.rb
post_reply_spec.rb DEV: update dependencies and add notes about exceptions 2019-12-06 13:00:28 +11:00
post_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
post_timing_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
post_upload_spec.rb
private_message_topic_tracking_state_spec.rb FIX: Do not publish post for PM topic tracking if not new for user. (#14469) 2021-09-29 13:54:24 +08:00
published_page_spec.rb FEATURE: Support for publishing topics as pages (#9364) 2020-04-08 12:52:36 -04:00
quoted_post_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
remote_theme_spec.rb FEATURE: Introduce theme/component QUnit tests (take 2) (#12661) 2021-04-12 15:02:58 +03:00
report_spec.rb Add three reports (#14338) 2021-12-02 22:41:55 +05:30
reviewable_claimed_topic_spec.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post_spec.rb DEV: Retroactively add test for ignoring flagged responses (#15491) 2022-01-07 11:53:31 -06:00
reviewable_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_post_spec.rb FEATURE: Review every post using the review queue. (#12734) 2021-04-21 08:41:36 -03:00
reviewable_queued_post_spec.rb FEATURE: Display pending posts on user’s page 2021-11-29 10:26:33 +01:00
reviewable_score_spec.rb FIX: Recalculate scores only when approving or transitioning to pending. (#13009) 2021-05-10 14:09:04 -03:00
reviewable_spec.rb FIX: Check type of existing reviewables when new reviewable is created (#13662) 2021-07-07 11:45:00 -05:00
reviewable_user_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
s3_region_site_setting_spec.rb
screened_email_spec.rb FEATURE: when blocking emails prefer blocking canonical 2020-04-24 14:09:51 +10:00
screened_ip_address_spec.rb FEATURE: Search screened IP address in blocks (#15461) 2022-01-11 09:16:51 +02:00
screened_url_spec.rb
search_log_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
site_spec.rb FIX: Missing category edit icon. 2021-06-28 10:54:23 +08:00
skipped_email_log_spec.rb
stylesheet_cache_spec.rb PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
tag_group_spec.rb FIX: remove parent tag from tag group 2020-03-13 12:25:58 -04:00
tag_spec.rb FIX: URL encode tag name (#11393) 2020-12-02 12:36:41 +05:30
tag_user_spec.rb FIX: Tag watching for everyone tag groups (#15622) 2022-01-18 15:02:29 -07:00
theme_field_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
theme_modifier_set_spec.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_spec.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
top_menu_item_spec.rb
top_topic_spec.rb DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
topic_allowed_user_spec.rb
topic_converter_spec.rb FIX: Limit personal message participants when converting from topic (#9343) 2020-04-03 16:42:01 +01:00
topic_embed_spec.rb FIX: Handle malformed URLs in TopicEmbed.absolutize_urls. 2022-01-21 11:18:54 +08:00
topic_featured_users_spec.rb
topic_group_spec.rb FIX: Constraint error when inserting the same topic group twice 2019-12-12 13:10:46 -05:00
topic_invite_spec.rb
topic_link_click_spec.rb DEV: Clean up S3 specs, stubs, and helpers 2020-09-28 12:02:25 +01:00
topic_link_spec.rb FIX: Hide links to muted topics and in categories list (#14761) 2021-10-29 17:52:23 +03:00
topic_list_spec.rb FIX: Don't allow NULL values for notification_level in category_users (#15407) 2021-12-29 09:19:39 +11:00
topic_participants_summary_spec.rb DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
topic_posters_summary_spec.rb Fix i18n issues reported on Crowdin (#11747) 2021-02-02 10:50:04 +01:00
topic_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
topic_tag_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_thumbnail_spec.rb PERF: we don't need to use a huge image to test thumbnails (#11025) 2020-10-27 12:39:52 +11:00
topic_timer_spec.rb FIX: Remove legacy topic timer code (#13544) 2021-06-29 09:16:25 +10:00
topic_tracking_state_spec.rb FIX: Don't allow NULL values for notification_level in category_users (#15407) 2021-12-29 09:19:39 +11:00
topic_user_spec.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
topic_view_item_spec.rb
translation_override_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
trust_level_and_staff_setting_spec.rb DEV: Fix another flaky spec 2021-06-08 09:54:37 +08:00
trust_level_setting_spec.rb DEV: Fix flaky test due to locale cache poisoning 2021-06-08 13:13:38 +10:00
trust_level3_requirements_spec.rb DEV: Update tl3 spec to remove hard-coded primary keys 2020-04-17 17:24:14 +01:00
unsubscribe_key_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_spec.rb FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
user_action_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
user_api_key_spec.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
user_archived_message_spec.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
user_associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
user_auth_token_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
user_avatar_spec.rb FIX: reset gravatar cache by adding random param to URL (#9370) 2020-04-08 07:35:42 +10:00
user_badge_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_bookmark_list_spec.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
user_email_spec.rb FEATURE: Add email normalization rules setting (#14593) 2021-11-24 11:30:06 +02:00
user_export_spec.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
user_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_notification_schedule_spec.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
user_option_spec.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
user_profile_spec.rb FIX: Make sure rel attributes are correctly set. (#10645) 2020-09-10 12:59:51 -03:00
user_profile_view_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_search_spec.rb FIX: when composing a message do not suggest deleted posts users (#15488) 2022-01-07 17:06:11 +05:30
user_second_factor_spec.rb
user_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
user_stat_spec.rb DEV: Fix intermittent failing spec. (#15308) 2021-12-15 09:51:46 +01:00
user_summary_spec.rb FIX: Improve top links section from user summary (#15675) 2022-01-24 11:33:23 +11:00
user_visit_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
username_validator_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
watched_word_spec.rb DEV: Add test for link watched words (#13251) 2021-06-03 11:36:07 +10:00
web_crawler_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_spec.rb
web_hook_spec.rb FIX: Pass category and tag IDs to the emit webhook event job. (#15568) 2022-01-14 11:17:38 -03:00