github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 23:38:35 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
70fa67a9e1
discourse/spec/components
History
Osama Sayegh 70fa67a9e1
FIX: Don't leak unhashed user API keys to redis (#14682) 
User API keys (not the same thing as admin API keys) are currently
leaked to redis when rate limits are applied to them since redis is the
backend for rate limits in Discourse and the API keys are included in
the redis keys that are used to track usage of user API keys in the last
24 hours.

This commit stops the leak by using a SHA-256 representation of the user
API key instead of the key itself to form the redis key.

We don't need to manually delete the existing redis keys that contain
unhashed user API keys because they're not long-lived and will be
automatically deleted within 48 hours after this commit is deployed to
your Discourse instance.
2021-10-21 19:43:26 +03:00
..
auth FIX: Don't leak unhashed user API keys to redis (#14682) 2021-10-21 19:43:26 +03:00
common_passwords DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
concern FIX: Nil-filled CF arrays were not being deleted (#13518) 2021-06-25 11:34:51 +02:00
email FIX: Remove List-Post email header (#14554) 2021-10-11 20:57:42 +03:00
file_store FIX: Make sure S3 object headers are preserved on copy (#14302) 2021-09-10 12:59:51 +10:00
freedom_patches FIX: Ensure id sequences are not reset during db:migrate (#14184) 2021-08-30 12:31:22 +01:00
guardian FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
highlight_js DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
imap FEATURE: Use group SMTP settings for sending user notification emails (initial) (#13220) 2021-06-03 14:47:32 +10:00
import DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
middleware FIX: Strip discourse-logged-in header during force_anonymous! (#14533) 2021-10-07 12:31:42 +01:00
migration FIX: Allow post migrations using #change to carry out unsafe migration 2020-05-15 14:23:27 +08:00
plugin FEATURE: Add new plugin API to allow plugins to extend Site#categories (#13773) 2021-07-19 13:54:19 +08:00
pretty_text SPEC: 'lookup_upload_urls' method should use cdn url if available. 2019-10-14 12:57:33 +05:30
rate_limiter
scheduler DEV: reduce logging when no external id is specified 2020-04-08 12:42:28 +10:00
site_settings DEV: Remove HTML setting type and sanitization logic. (#14440) 2021-10-04 15:40:35 -03:00
stylesheet FIX: Order outputted theme stylesheets (#14133) 2021-08-25 09:37:07 +08:00
svg_sprite FIX: Issues with custom icons in themes (#13732) 2021-07-14 15:18:29 -04:00
theme_store FEATURE: Allow themes to specify modifiers in their about.json file (#9097) 2020-03-11 13:30:45 +00:00
validators FEATURE: Humanize file size error messages (#14398) 2021-09-22 07:59:45 +10:00
wizard FEATURE: Enable auto dark mode on new instances (#14208) 2021-09-02 14:55:38 -04:00
admin_confirmation_spec.rb Update rubocop to 2.3.1. 2020-07-24 17:19:21 +08:00
admin_user_index_query_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
archetype_spec.rb
cache_spec.rb FIX: ensures defined expired_in is passed from write to write_entry (#11622) 2021-01-04 10:34:44 +01:00
category_badge_spec.rb FIX: Correctly escape category description text (#8107) 2019-10-01 12:04:39 -04:00
composer_messages_finder_spec.rb FEATURE: Make allow_uploaded_avatars accept TL (#14091) 2021-08-24 10:46:28 +03:00
content_buffer_spec.rb
cooked_post_processor_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
crawler_detection_spec.rb FEATURE: Implement browser update in crawler view (#12448) 2021-03-22 19:41:42 +02:00
current_user_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
directory_helper_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_diff_spec.rb Escape values of HTML attributes 2021-08-10 10:25:15 -04:00
discourse_event_spec.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
discourse_hub_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_plugin_registry_spec.rb DEV: Remove deprecated plugins variables importer (#12168) 2021-02-23 16:20:59 -05:00
discourse_redis_spec.rb DEV: Pass kwargs to the redis gem when calling methods/commands that we don't wrap (#14530) 2021-10-06 17:42:04 +03:00
discourse_spec.rb DEV: Improve Ember CLI's bootstrap logic (#12792) 2021-04-23 10:24:42 -04:00
discourse_tagging_spec.rb FIX: Show required tags to staff by default and override limit (#13242) 2021-06-02 12:43:34 -04:00
discourse_updates_spec.rb FIX: Sort admin dashboard new updates by latest (#12146) 2021-02-19 11:03:36 -05:00
distributed_memoizer_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
distributed_mutex_spec.rb DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
email_cook_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
email_updater_spec.rb FEATURE: add maximum limit for secondary emails (#12599) 2021-04-05 20:31:42 +05:30
enum_spec.rb
excerpt_parser_spec.rb FIX: Make Oneboxer#apply insert block Oneboxes correctly (#11449) 2020-12-14 17:49:37 +02:00
feed_element_installer_spec.rb
feed_item_accessor_spec.rb
file_helper_spec.rb
filter_best_posts_spec.rb
final_destination_spec.rb FIX: Follow the canonical URL when importing a remote topic. (#14489) 2021-10-01 12:48:21 -03:00
flag_settings_spec.rb
gaps_spec.rb
global_path_spec.rb
guardian_spec.rb FIX: Handle separately invite to topic and forum (#14562) 2021-10-11 12:19:31 +03:00
has_errors_spec.rb
hijack_spec.rb FEATURE: Cache CORS preflight requests for 2h (#14614) 2021-10-14 22:37:53 -03:00
html_prettify_spec.rb
html_to_markdown_spec.rb FIX: Hoisting linebreaks shouldn't fail for HTML5 elements (#14364) 2021-09-17 10:41:34 +02:00
image_sizer_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
inline_oneboxer_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
js_locale_helper_spec.rb FEATURE: Add English (UK) as locale (#11768) 2021-01-20 21:32:22 +01:00
json_error_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
letter_avatar_spec.rb
method_profiler_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
new_post_manager_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
new_post_result_spec.rb
oneboxer_spec.rb FEATURE: Censor Oneboxes (#12902) 2021-06-03 11:39:12 +10:00
onpdiff_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
pbkdf2_spec.rb
pinned_check_spec.rb
plain_text_to_markdown_spec.rb
post_action_creator_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
post_creator_spec.rb DEV: Ignore bookmarks.topic_id column and remove references to it in code (#14289) 2021-09-15 10:16:54 +10:00
post_destroyer_spec.rb DEV: Remove unncessary fabrication in tests. 2021-07-26 09:14:23 +08:00
post_locker_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_merger_spec.rb FIX: TL4 users cannot delete others posts (#13554) 2021-06-30 15:51:35 +03:00
post_revisor_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
presence_channel_spec.rb DEV: Introduce PresenceChannel API for core and plugin use 2021-08-27 16:26:06 +01:00
pretty_text_spec.rb FIX: Do not replace in mentions and hashtags (#14260) 2021-09-09 12:03:59 +03:00
promotion_spec.rb FIX: check if BasicBadge is enabled for TL1 welcome message (#13983) 2021-08-11 08:39:25 +10:00
quote_comparer_spec.rb
rate_limiter_spec.rb No need to disable rate limiter after running tests (#13093) 2021-05-19 16:04:35 +04:00
redis_store_spec.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
retrieve_title_spec.rb FIX: increase chunk size to fetch title tag correctly (#14144) 2021-09-03 13:15:58 +05:30
rtl_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
s3_helper_spec.rb FIX: Make sure S3 object headers are preserved on copy (#14302) 2021-09-10 12:59:51 +10:00
s3_inventory_multisite_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
s3_inventory_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
score_calculator_spec.rb
scss_checker_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
search_spec.rb UX: Revamp quick search (#14499) 2021-10-06 11:42:52 -04:00
secure_session_spec.rb DEV: correct implementation of expiry api 2019-11-11 11:18:12 +11:00
site_icon_manager_spec.rb
site_setting_extension_multisite_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
site_setting_extension_spec.rb DEV: Remove HTML setting type and sanitization logic. (#14440) 2021-10-04 15:40:35 -03:00
slug_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
spam_handler_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
suggested_topics_builder_spec.rb DEV: Default to skipping creating a topic when fabricating categories (#7976) 2019-08-06 11:26:54 +01:00
system_message_spec.rb FIX: TL2 promotion message and advance training (#10679) 2020-09-22 10:17:52 +10:00
text_cleaner_spec.rb FEATURE: Correctly convert topic title to uppercase and lowercase for Turkish default locale (#13115) 2021-05-24 18:13:30 +10:00
text_sentinel_spec.rb FIX: prevents exception when text input is nil (#12922) 2021-05-03 09:21:35 +02:00
theme_settings_manager_spec.rb DEV: use upload id to save in theme setting instead of URL. (#14341) 2021-09-16 07:58:53 +05:30
theme_settings_parser_spec.rb DEV: Don't user before(:all)/after(:all) (#13389) 2021-06-15 17:25:06 +02:00
timeline_lookup_spec.rb DEV: followup to 8edd2b38cb to use existing spec (#11830) 2021-01-25 12:04:27 +01:00
topic_creator_spec.rb FIX: Enforce tag group count validation before sending to review queue (#12728) 2021-04-19 09:43:50 +10:00
topic_publisher_spec.rb DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
topic_query_spec.rb FIX: use category's default sort order in latest & unseen filters only. (#14571) 2021-10-12 10:25:03 +05:30
topic_retriever_spec.rb FEATURE: Stop checking referer for embeds (#13756) 2021-07-16 15:25:49 -03:00
topic_view_spec.rb DEV: Remove TopicView#first_post_id. (#14631) 2021-10-18 14:47:47 +08:00
topics_bulk_action_spec.rb FEATURE: Dismiss new and unread for PM inboxes. 2021-08-05 12:56:15 +08:00
trashable_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
trust_level_spec.rb
unread_spec.rb FEATURE: Add last visit indication to topic view page. (#13471) 2021-07-05 14:17:31 +08:00
url_helper_spec.rb FIX: errors loading secure uploads when secure uploads is disabled (#13047) 2021-06-08 13:25:51 -04:00
user_lookup_spec.rb REVERT "FIX: do not show private group flair on user avatars" (#13991) 2021-08-10 17:25:11 +05:30
user_name_suggester_spec.rb FEATURE: stop using email as source for username and name suggestions for Single Sign On (#14541) 2021-10-12 17:25:54 +04:00
version_spec.rb DEV: Fix an apparently "too modern" git command (#10894) 2020-10-12 22:54:56 +02:00