github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-13 11:13:42 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
bf30689059
discourse/spec/requests
History
Martin Brennan aca0f239c8
SECURITY: Prevent email from being nil in InviteRedeemer (#19005) 
This commit adds some protections in InviteRedeemer to ensure that email
can never be nil, which could cause issues with inviting the invited
person to private topics since there was an incorrect inner join.

If the email is nil and the invite is scoped to an email, we just use
that invite.email unconditionally.  If a redeeming_user (an existing
    user) is passed in when redeeming an email, we use their email to
override the passed in email.  Otherwise we just use the passed in
email.  We now raise an error after all this if the email is still nil.
This commit also adds some tests to catch the private topic fix, and
some general improvements and comments around the invite code.

This commit also includes a migration to delete TopicAllowedUser records
for users who were mistakenly added to topics as part of the invite
redemption process.
2022-11-14 12:02:09 +10:00
..
admin SECURITY: Expand and improve SSRF Protections (stable) (#18816) 2022-11-01 16:34:12 +00:00
api DEV: Add chat_group_mention notification type (#15616) 2022-01-18 08:26:27 -06:00
about_controller_spec.rb
application_controller_spec.rb SECURITY: banner-info (#17071) (#17073) 2022-06-13 11:47:44 -06:00
associate_accounts_controller_spec.rb DEV: Improve robustness of associate_accounts_controller 2021-08-10 15:07:40 +01:00
badges_controller_spec.rb
bookmarks_controller_spec.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
bootstrap_controller_spec.rb SECURITY: Remove ember-cli specific response from application routes (#15155) 2021-12-01 16:10:40 +00:00
categories_controller_spec.rb SECURITY: Category group permissions leaked to normal users. 2022-04-08 11:04:59 +02:00
clicks_controller_spec.rb
composer_messages_controller_spec.rb
csp_reports_controller_spec.rb
directory_columns_controller_spec.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
directory_items_controller_spec.rb FIX: Include user_field_ids in pagination URL for directory items (#13569) 2021-06-29 14:43:38 -05:00
do_not_disturb_controller_spec.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
drafts_controller_spec.rb FEATURE: Cook drafts excerpt in user activity (#14315) 2021-09-14 15:18:01 +03:00
email_controller_spec.rb FIX: Show Uncategorized when unsubscribing (#13832) 2021-07-26 12:19:30 +10:00
embed_controller_spec.rb UX: display correct replies count in embedded comments view. (#14175) 2021-08-30 10:37:53 +05:30
exceptions_controller_spec.rb
export_csv_controller_spec.rb
extra_locales_controller_spec.rb FIX: Translation overrides from fallback locale didn't work on client 2021-12-17 14:03:35 +01:00
finish_installation_controller_spec.rb
forums_controller_spec.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
groups_controller_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
hashtags_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
inline_onebox_controller_spec.rb
invites_controller_spec.rb SECURITY: Prevent email from being nil in InviteRedeemer (#19005) 2022-11-14 12:02:09 +10:00
list_controller_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
metadata_controller_spec.rb
notifications_controller_spec.rb
offline_controller_spec.rb
omniauth_callbacks_controller_spec.rb FIX: Ensure that login does not fail for users with invite records (#15647) 2022-01-20 10:54:38 +00:00
onebox_controller_spec.rb
permalinks_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
post_action_users_controller_spec.rb
post_actions_controller_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
post_readers_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
posts_controller_spec.rb FEATURE: Export topics to markdown (#15615) 2022-01-17 18:05:14 -03:00
presence_controller_spec.rb DEV: Various behind-the-scenes improvements to PresenceChannel (#14518) 2021-10-07 15:50:14 +01:00
published_pages_controller_spec.rb
push_notification_controller_spec.rb
qunit_controller_spec.rb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
reviewable_claimed_topics_controller_spec.rb
reviewables_controller_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
robots_txt_controller_spec.rb FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
safe_mode_controller_spec.rb Code review comments. 2021-06-21 11:06:58 +08:00
search_controller_spec.rb FEATURE: Log only topic/post search queries in search log (#14994) 2021-11-18 09:21:12 +08:00
session_controller_spec.rb SECURITY: Remove auto approval when redeeming an invite (#16976) 2022-06-02 16:11:04 +02:00
similar_topics_controller_spec.rb FIX: reindex_search job should work on model with no search data (#11819) 2021-01-25 11:23:36 +01:00
site_controller_spec.rb DEV: Include login_required attribute in basic info endpoint (#14064) 2021-08-17 14:05:51 -04:00
static_controller_spec.rb FIX: SiteSetting.title was being polluted in StaticController (#15385) 2021-12-21 20:51:18 +01:00
steps_controller_spec.rb
stylesheets_controller_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
svg_sprite_controller_spec.rb FIX: Use absolute URL when redirecting SVG sprite path. 2021-06-30 11:25:05 +08:00
tag_groups_controller_spec.rb DEV: Improve tag groups test (#12848) 2021-04-27 14:05:45 +03:00
tags_controller_spec.rb FEATURE: New and Unread messages for user personal messages. (#13603) 2021-08-02 12:41:41 +08:00
theme_javascripts_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
topics_controller_spec.rb DEV: Fix a flaky spec (#15529) 2022-01-11 01:51:57 +01:00
uploads_controller_multisite_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
uploads_controller_spec.rb DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
user_actions_controller_spec.rb DEV: do not return no_result_help from the server (#15220) 2021-12-08 21:46:54 +04:00
user_api_keys_controller_spec.rb
user_avatars_controller_spec.rb DEV: Remove the remaining Travis code (#13255) 2021-06-02 20:29:47 +02:00
user_badges_controller_spec.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770) 2022-10-27 11:48:00 +08:00
users_controller_spec.rb SECURITY: Prevent abuse of the update_activation_email route (stable) 2022-07-27 23:09:09 +03:00
users_email_controller_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
webhooks_controller_spec.rb
wizard_controller_spec.rb