discourse/spec
Daniel Waterworth 7616e9b540
SECURITY: Validate email constraints when trying to redeem an invite (#17182)
In certain situations, a logged in user can redeem an invite with an email that
either doesn't match the invite's email or does not adhere to the email domain
restriction of an invite link. The impact of this flaw is aggrevated
when the invite has been configured to add the user that accepts the
invite into restricted groups.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-06-21 13:25:10 -05:00
..
components SECURITY: Ensure user-agent-based responses are cached separately (stable) (#16476) 2022-04-14 14:26:00 +01:00
fabricators DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
fixtures FIX: Select best link from Atom feed (#15663) 2022-01-21 17:54:18 +02:00
helpers PERF: Redis snapshotting during tests (#15260) 2021-12-10 14:25:26 -06:00
import_export
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration FIX: Make thumbnail tests start with a clean slate (#15216) 2021-12-07 13:07:45 -06:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs SECURITY: Hide private categories in user activity export (#16276) 2022-03-24 15:56:50 +10:00
lib FIX: Handle nil values in DistributedCache#defer_get_set (stable) (#15980) 2022-02-18 08:51:14 +00:00
mailers DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
models FIX: Approves user when redeeming an invite for invites only sites (#16987) 2022-06-03 14:50:58 +08:00
multisite FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
requests SECURITY: Validate email constraints when trying to redeem an invite (#17182) 2022-06-21 13:25:10 -05:00
script/import_scripts
serializers SECURITY: Category group permissions leaked to normal users. 2022-04-08 11:04:59 +02:00
services FIX: Prevent "integer out of range" when merging post timings (#15723) 2022-01-26 23:34:28 +01:00
support DEV: Fix git deprecation warnings in specs (#15503) 2022-01-09 20:26:19 +01:00
tasks DEV: Clean up old bookmark code (#15455) 2022-01-05 10:02:02 +10:00
views/omniauth_callbacks
rails_helper.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00