github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-22 12:56:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
976aca68f6
discourse/spec/requests
History
Osama Sayegh 976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981) 
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
..
admin UX: Improve error when trying to edit globally shadowed setting (#30092) 2024-12-04 13:41:32 +10:00
api DEV: Update create user w/ custom fields api docs (#30133) 2024-12-05 12:28:48 -07:00
examples SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
about_controller_spec.rb FIX: crawler view with unicode usernames (#27051) 2024-05-16 17:11:24 +02:00
application_controller_spec.rb DEV: Include controller namespace in X-Discourse-Route (#29783) 2024-11-29 17:11:17 +11:00
associate_accounts_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
badges_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmarks_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
categories_controller_spec.rb FIX: Filter out secured categories first (#29916) 2024-11-28 17:09:16 +02:00
clicks_controller_spec.rb
composer_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
composer_messages_controller_spec.rb
csp_reports_controller_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
directory_items_controller_spec.rb FEATURE: Add links to searchable user fields in users directory and user profile (#29338) 2024-11-06 13:35:30 -04:00
do_not_disturb_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
drafts_controller_spec.rb FIX: better edit conflict handling (#29789) 2024-12-03 10:12:04 +01:00
edit_directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_controller_spec.rb FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
embed_controller_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
exceptions_controller_spec.rb
export_csv_controller_spec.rb SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
extra_locales_controller_spec.rb DEV: Upgrade the MessageFormat library (JS) 2024-07-10 09:51:25 +02:00
finish_installation_controller_spec.rb DEV: Improve error message when test fails (#25067) 2023-12-29 12:44:41 +08:00
form_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
forums_controller_spec.rb DEV: Correct forums_controller success spec (#24690) 2023-12-04 14:26:29 +00:00
groups_controller_spec.rb FEATURE: Allow add group member endpoint to skip invite emails (#29962) 2024-11-27 11:33:09 -06:00
hashtags_controller_spec.rb DEV: Fix flaky test (#25935) 2024-02-28 20:32:14 +02:00
highlightjs_controller_spec.rb FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
inline_onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
invites_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
list_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
metadata_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
net_http_timeout_spec.rb FIX: Set sane default for Net::HTTP when processing a request (#28141) 2024-08-06 07:12:42 +08:00
noscript_escape_spec.rb SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00
notifications_controller_spec.rb Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
offline_controller_spec.rb
omniauth_callbacks_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb FIX: Permalink.create didn't work as expected anymore (#29895) 2024-11-22 21:11:26 +01:00
post_action_users_controller_spec.rb DEV: Add post_action_users_list modifier for PostActionUsersController (#25740) 2024-02-20 09:48:09 +10:00
post_actions_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
post_readers_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
posts_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
presence_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
published_pages_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
push_notification_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
qunit_controller_spec.rb DEV: Stop building test assets in production under Embroider (#23388) 2023-09-11 09:12:37 +01:00
reviewable_claimed_topics_controller_spec.rb FEATURE: Support designating multiple groups as mods on category (#28655) 2024-09-04 04:38:46 +03:00
reviewables_controller_spec.rb FIX: Rejection email sent even if reject reason too long (#27529) 2024-06-19 11:07:23 +10:00
robots_txt_controller_spec.rb
safe_mode_controller_spec.rb
search_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
session_controller_spec.rb FIX: staff only mode blocks admin password resets (#29289) 2024-10-21 09:29:37 +02:00
sidebar_sections_controller_spec.rb DEV: remap all core icons for fontawesome 6 upgrade (#28715) 2024-09-13 16:50:52 +01:00
similar_topics_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
site_controller_spec.rb DEV: Resolve stat registration flaky tests (#29084) 2024-10-04 13:49:22 +01:00
sitemap_controller_spec.rb DEV: Remove unnecessary rails_helper requiring (#26364) 2024-03-26 11:32:01 +01:00
slugs_controller_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
static_controller_spec.rb FIX: Do not ignore redirects containing "/login" in the path (#29960) 2024-11-27 11:22:45 -05:00
steps_controller_spec.rb
stylesheets_controller_spec.rb DEV: Fix test incorrectly removing stylesheet cache of other processes (#25103) 2024-01-03 13:15:35 +08:00
svg_sprite_controller_spec.rb DEV: make the build less flaky (#29288) 2024-10-18 20:07:55 +02:00
tag_groups_controller_spec.rb FEATURE: Log tag group changes in staff action log (#28787) 2024-09-09 10:50:48 +08:00
tags_controller_spec.rb DEV: Ignore invalid tag parameter in TagsController (#28557) 2024-08-27 12:06:54 -04:00
theme_javascripts_controller_spec.rb DEV: Compile theme migrations javascript files when running theme qunit (#25219) 2024-01-16 09:50:44 +08:00
topic_view_stats_controller_spec.rb FEATURE: topic_view_stats table with daily fidelity (#27197) 2024-05-27 15:25:32 +10:00
topics_controller_spec.rb DEV: Allow freeze_original argument in topics controller & JS transformer (#30120) 2024-12-05 08:31:05 -06:00
uploads_controller_multisite_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
uploads_controller_spec.rb FIX: Extension-less secure uploads (#29914) 2024-11-25 12:18:21 +00:00
user_actions_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
user_api_key_clients_controller_spec.rb Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
user_api_keys_controller_spec.rb Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
user_avatars_controller_spec.rb
user_badges_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
user_status_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
users_controller_spec.rb FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
users_email_controller_spec.rb DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
webhooks_controller_spec.rb FEATURE: Add Mailpace webhook (#21981) 2023-06-08 20:06:20 +03:00
wizard_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00