discourse/spec/lib
Osama Sayegh 976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
..
active_support_type_extensions DEV: Improve array type in service contracts 2024-10-17 17:02:02 +02:00
auth Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
backup_restore FIX: Use dualstack S3 endpoint for direct uploads (#29611) 2024-11-07 11:06:39 +10:00
common_passwords DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
compression
concern FIX: do not use return in block (#26260) 2024-03-20 10:49:28 +01:00
content_security_policy FIX: correctly strip unneeded csp directives under strict-dynamic (#26180) 2024-03-14 18:50:09 +00:00
discourse_webauthn DEV: Fix random typos (#26881) 2024-05-06 20:52:48 +02:00
email DEV: deduplicate inline styles in emails (#30015) 2024-11-30 16:38:45 +01:00
file_store DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
final_destination SECURITY: Add FastImage SSRF safe freedom patch 2024-07-03 20:49:15 +08:00
freedom_patches DEV: Remove unnecessary freedom patches 2024-08-19 12:06:54 +02:00
guardian FEATURE: Restrict profile visibility of low-trust users (#29981) 2024-12-09 13:07:59 +03:00
highlight_js
i18n DEV: Enable Rails 7.1 defaults 2024-08-12 10:41:13 +02:00
imap DEV: Remove old TODOs for message-id formats (#27196) 2024-05-28 13:57:09 +10:00
import
middleware DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
migration DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
onebox SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
plugin FIX: Sanitization issue when replacing default emoji with custom emoji that contains or ~/Discourse/discourse symbols (#30053) 2024-12-03 19:27:12 -05:00
pretty_text FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
rate_limiter
scheduler DEV: fix hanging spec (#29974) 2024-11-28 11:06:19 +08:00
second_factor DEV: Allow run_second_factor! to be used before login (#25420) 2024-01-29 12:28:47 +00:00
seed_data FIX: "Replace Text" didn't list "Welcome Topic" when "General" category is missing (#27182) 2024-05-27 09:57:30 +02:00
service DEV: Apply new Rubocop linting on services 2024-12-02 17:31:36 +01:00
site_settings DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
stylesheet DEV: Split slow test in multiple smaller tests (#28646) 2024-08-30 14:47:29 +10:00
svg_sprite DEV: update more deprecated font awesome icon names (#30123) 2024-12-05 15:20:02 +08:00
theme_settings_manager DEV: Remove experimental_objects_type_for_theme_settings site setting (#26507) 2024-04-04 12:01:31 +08:00
theme_store FEATURE: Theme settings migrations (#24071) 2023-11-02 08:10:15 +03:00
topic_query DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
turbo_tests/flaky DEV: Include exception details for each test in flaky tests report (#24892) 2023-12-14 11:11:11 +08:00
validators DEV: Migrate user passwords data to UserPassword table (#28746) 2024-10-10 09:23:06 +08:00
wizard DEV: Update member access wizard step to use toggle group (#28013) 2024-07-29 14:07:06 +08:00
admin_confirmation_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
admin_user_index_query_spec.rb
archetype_spec.rb DEV: Catch missing translations during test runs (#26258) 2024-05-24 22:15:53 +08:00
bookmark_manager_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmark_query_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmark_reminder_notification_handler_spec.rb FIX: Bookmark reminder was clearing incorrectly (#28506) 2024-08-26 09:17:39 +10:00
bookmarks_bulk_action_spec.rb FIX: Bookmark reminder was clearing incorrectly (#28506) 2024-08-26 09:17:39 +10:00
browser_detection_spec.rb
cache_spec.rb DEV: Use rspec mocks to properly verify a race condition 2024-08-06 15:57:04 +02:00
category_badge_spec.rb FIX: email category badges shouldn't use category text color (#25655) 2024-02-13 10:18:36 -05:00
category_guardian_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
color_math_spec.rb
composer_messages_finder_spec.rb DEV: move post flags into database (#27125) 2024-05-23 12:19:07 +10:00
content_buffer_spec.rb
content_security_policy_spec.rb DEV: add validation on content_security_policy_script_src site setting (#27564) 2024-06-21 17:00:22 +08:00
cooked_post_processor_spec.rb FIX: show lightbox for small images (#29140) 2024-10-18 09:45:08 +04:00
crawler_detection_spec.rb
current_user_spec.rb
db_helper_spec.rb DEV: Gracefully handle regex_replace max column length violations (#29787) 2024-11-25 11:39:53 +00:00
directory_helper_spec.rb
discourse_diff_spec.rb
discourse_event_spec.rb
discourse_hub_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
discourse_ip_info_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
discourse_js_processor_spec.rb DEV: Switch to pnpm for JS dependencies (#28671) 2024-09-03 10:51:07 +01:00
discourse_logstash_logger_spec.rb DEV: Log sidekiq job opts as string instead of hash (#28012) 2024-07-23 06:27:43 +08:00
discourse_plugin_registry_spec.rb DEV: Remove sprockets from plugin 'extra js' pipeline (#25502) 2024-02-01 11:48:31 +00:00
discourse_redis_spec.rb DEV: Fix random typos (#29161) 2024-10-10 16:11:55 +02:00
discourse_sourcemapping_url_processor_spec.rb
discourse_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
discourse_tagging_spec.rb FEATURE: Add user to topic_tags_changed event (#28714) 2024-09-06 11:23:30 -03:00
discourse_updates_spec.rb FEATURE: Allow admins to force refresh "What's new?" (#29911) 2024-11-27 09:40:55 +10:00
distributed_cache_spec.rb
distributed_memoizer_spec.rb
distributed_mutex_spec.rb
email_cook_spec.rb
email_updater_spec.rb
ember_cli_spec.rb FIX: EmberCli cache clearance issue in production (#24343) 2023-11-13 10:34:06 +00:00
encodings_spec.rb
enum_spec.rb
excerpt_parser_spec.rb
feed_element_installer_spec.rb
feed_item_accessor_spec.rb
file_helper_spec.rb
filter_best_posts_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
final_destination_spec.rb FIX: FinalDestination#get forwarding Authorization header on redirects (#27043) 2024-05-16 08:37:34 +08:00
flag_settings_spec.rb FEATURE: custom flag can require additional message (#27908) 2024-07-18 10:10:22 +10:00
gaps_spec.rb
gc_stat_instrumenter_spec.rb DEV: Seperate concerns of tracking GC stat from MethodProfiler (#22921) 2023-08-02 10:46:37 +08:00
git_repo_spec.rb
git_url_spec.rb
global_path_spec.rb
group_lookup_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
guardian_spec.rb FIX: Don't show move topic for private messages for TL4 (#28871) 2024-09-16 11:30:05 +08:00
has_errors_spec.rb
hijack_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
homepage_helper_spec.rb DEV: uses context blocks (#28658) 2024-08-30 11:26:15 +02:00
html_prettify_spec.rb
html_to_markdown_spec.rb DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
image_sizer_spec.rb
inline_oneboxer_spec.rb DEV: update syntax tree to latest (#24623) 2023-11-29 16:38:07 +11:00
js_locale_helper_spec.rb DEV: Output failing MF keys when compilation fails 2024-10-15 12:45:23 +02:00
json_error_spec.rb
letter_avatar_spec.rb
message_id_service_spec.rb DEV: Remove old TODOs for message-id formats (#27196) 2024-05-28 13:57:09 +10:00
method_profiler_spec.rb DEV: Seperate concerns of tracking GC stat from MethodProfiler (#22921) 2023-08-02 10:46:37 +08:00
mini_scheduler_long_running_job_logger_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
mini_sql_multisite_connection_spec.rb
mobile_detection_spec.rb
new_post_manager_spec.rb FEATURE: Support designating multiple groups as mods on category (#28655) 2024-09-04 04:38:46 +03:00
new_post_result_spec.rb
onebox_spec.rb
oneboxer_spec.rb DEV: Add validation for allowed iframes setting (#28178) 2024-08-01 06:51:02 -06:00
onpdiff_spec.rb
password_hasher_spec.rb
pbkdf2_spec.rb
pinned_check_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
plain_text_to_markdown_spec.rb
post_action_creator_spec.rb DEV: Call Discourse.redis.flushdb after the end of each test (#29117) 2024-10-09 07:19:31 +08:00
post_action_destroyer_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
post_action_type_view_spec.rb FIX: use a custom prefix for custom flags (#28839) 2024-09-11 15:30:20 +10:00
post_creator_spec.rb FIX: double reviewable items bug (#28161) 2024-07-31 12:45:00 +10:00
post_destroyer_spec.rb FIX: update flag reason message with default value (#30026) 2024-12-04 14:46:52 +11:00
post_jobs_enqueuer_spec.rb
post_locker_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
post_merger_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
post_revisor_spec.rb FIX: Change create_post_for_category_and_tag_changes setting to use whispers instead of small actions (#29602) 2024-11-06 09:28:28 -03:00
presence_channel_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
pretty_text_spec.rb FIX: Video thumbnails for missing videos (#28152) 2024-07-31 10:54:52 -06:00
promotion_spec.rb DEV: Add PluginRegistry modifiers to #review and #recalculate (#29128) 2024-10-16 10:26:10 -05:00
quote_comparer_spec.rb DEV: Correct Style/RedundantReturn rubocop issues (#23052) 2023-08-10 02:03:38 +02:00
quote_rewriter_spec.rb
rate_limiter_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
retrieve_title_spec.rb FIX: Don't error out when trying to retrieve title and URL won't encode (#24660) 2023-12-01 15:03:06 +08:00
rtl_spec.rb
s3_cors_rulesets_spec.rb
s3_helper_spec.rb FIX: Use dualstack S3 endpoint for direct uploads (#29611) 2024-11-07 11:06:39 +10:00
s3_inventory_multisite_spec.rb DEV: Introduce hidden s3_inventory_bucket site setting (#27304) 2024-06-10 13:16:00 +08:00
s3_inventory_spec.rb Revert "FEATURE: Mark bad uploads with :invalid_url (#29640)" (#29657) 2024-11-08 13:04:52 +08:00
score_calculator_spec.rb
scss_checker_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
search_spec.rb DEV: Enable the normalize_emails site setting by default (#29952) 2024-11-28 10:23:00 +08:00
secure_session_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
service_spec.rb DEV: Disallow default params in service steps 2024-09-19 14:47:55 +02:00
shrink_uploaded_image_spec.rb DEV: Move min_trust_to_post_embedded_media to group setting (#25238) 2024-01-25 09:50:59 +10:00
sidebar_section_links_updater_spec.rb DEV: Limit the number of category sidebar links a user can have (#26756) 2024-04-25 13:21:39 -05:00
sidekiq_long_running_job_logger_spec.rb DEV: Don’t replace Rails logger in specs (#29721) 2024-11-13 08:47:39 +08:00
signal_trap_logger_spec.rb DEV: Move spec file to right folder (#27449) 2024-06-13 06:38:03 +08:00
site_icon_manager_spec.rb
site_setting_extension_multisite_spec.rb
site_setting_extension_spec.rb DEV: Site setting keyword changes (#29486) 2024-10-31 13:18:34 +10:00
slug_spec.rb
spam_handler_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
statistics_spec.rb FIX: participating users statistics... (#29293) 2024-10-21 18:18:42 +02:00
suggested_topics_builder_spec.rb DEV: Add modifier to SuggestedTopicsBuilder#add_results (#29164) 2024-10-10 10:03:26 -05:00
system_message_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
text_cleaner_spec.rb
text_sentinel_spec.rb FIX: Allow all caps within CJK text (#28018) 2024-07-22 17:35:52 +02:00
theme_flag_modifier_spec.rb
theme_javascript_compiler_spec.rb DEV: @babel/plugin-proposal-decorators -> decorator-transforms (#27260) 2024-06-10 15:51:48 +01:00
theme_settings_manager_spec.rb DEV: Refactor subclasses in ThemeSettingsManager to individual files (#25605) 2024-02-08 12:59:52 +08:00
theme_settings_object_validator_spec.rb DEV: Add isValidUrl helper function to theme migrations (#26817) 2024-04-30 16:45:07 +08:00
theme_settings_parser_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
theme_settings_validator_spec.rb DEV: Correctly pluralize error messages (#26469) 2024-04-04 15:02:09 +02:00
timeline_lookup_spec.rb
tiny_japanese_segmenter_spec.rb
topic_creator_spec.rb FIX: prevents PM to large groups (#28681) 2024-09-03 12:08:14 +02:00
topic_publisher_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_query_spec.rb DEV: Fix random typos (#30023) 2024-12-02 07:34:05 +08:00
topic_retriever_spec.rb
topic_upload_security_manager_spec.rb
topic_view_spec.rb DEV: Apply modifier for topic_view link_counts (#29883) 2024-11-22 14:49:39 -06:00
topics_bulk_action_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
topics_filter_spec.rb DEV: Extend /filter's ability to order (#28242) 2024-08-07 16:37:00 +08:00
trashable_spec.rb
truncate_logs_formatter_spec.rb SECURITY: Add a default limit as to when logs should be truncated 2023-10-16 10:34:38 -04:00
trust_level_spec.rb
twitter_api_spec.rb
unread_spec.rb
upload_creator_spec.rb DEV: depend less on pngquant version (#26906) 2024-05-07 16:56:05 +02:00
upload_markdown_spec.rb
upload_recovery_spec.rb DEV: Move min_trust_to_post_embedded_media to group setting (#25238) 2024-01-25 09:50:59 +10:00
upload_security_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
url_helper_spec.rb DEV: Add isValidUrl helper function to theme migrations (#26817) 2024-04-30 16:45:07 +08:00
user_comm_screener_spec.rb
user_lookup_spec.rb
user_name_suggester_spec.rb FIX: Don't error out on empty reserved_usernames setting (#29305) 2024-10-21 14:38:37 +08:00
version_spec.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:31:31 -03:00
work_queue_spec.rb PERF: Don't allow a single user to monopolize the defer queue (#25593) 2024-02-07 13:47:50 -06:00