* test: test that admin users can update guilds
* test: test admin removeMember privileges
* fix: allow admins to edit guilds
* fix: add edit guild options for admins
* test: test that admin can't remove current leader
* Add error msg for removing current leader
* Taskwoods Quest Line (#8156)
* feat(content): Gold Quest 2016-10
* chore(news): Bailey
* chore(i18n): update locales
* chore(sprites): compile
* 3.49.0
* chore: update express
* Fix for the ReDOS vulnerability
habitica is currently affected by the high-severity [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722).
Vulnerable module: `tough-cookie`
Introduced through: ` request`
This PR fixes the ReDOS vulnerability by upgrading ` request` to version 2.74.0
Check out the [Snyk test report](https://snyk.io/test/github/HabitRPG/habitica) to review other vulnerabilities that affect this repo.
[Watch the repo](https://snyk.io/add) to
* get alerts if newly disclosed vulnerabilities affect this repo in the future.
* generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away.
Stay secure,
The Snyk team
* Documentation - coupon
closes#8109
* fix(client): Allow member hp to be clickable
fixes#8016closes#8155
* chore(npm): shrinkwrap
* test: test isAbleToEditGroup
* Add isAbleToEditGroup to groupsCtrl
* Remove unnecessary ternary
* Fix linting
* Move edit permission logic out to groupsCtrl
* fix: change ternary to boolean
* Fix linting
* Fixed merge issues
* Added image
* Added new achievement to user schema
* Added new achievement to content
* Added new achievement to libs
* Added achievement text to locale
* Added achievement to notification model and controller
* Grant achievement on joining or creating first challenge
* Added achievement to modal template
* Compiled new sprites
* Added integration tests
* Fix linting error
* Updating User API Doc (part 3)
* Updating User API Doc (part 3)
Fixed trailing spaces
* Updating User API Doc (part 3)
Made changes to @apiParamExample to make multi-line (which may have been cause of apiDoc failing)
* Updated quests to add questKey
* Make flags.chatRevoked prevent sending private messages (issue #7971)
* Disallow sending gems when messages aren't allowed.
* Created function to check for objections to an interaction to user model and wired it into the API (issue #7971)
* Fixes for issues raised by reviewers.
* Added allowed values to apidoc for api.getObjectionsToInteraction.
* Refactoring of getObjectionsToInteraction and minor API changes.
* fix(objections): address PR comments
* fix(strings): use US English for base edits
* refactor(test): typos and phrasing
* Improved API documentation for hall
* Fixes typos, removes apiHeader definitions and curl example
* Fixes @apiParam and capitalization errors. Moves @apiDefines to website/server/api-doc.js
* Fixed rebase.
* Removed commented out mail sending to pass linting. Styles from settings.styl still not propagating to app.css
* fix(feedback): address PR comments
* fix(style): linting errors
* Enabled repeatables
* Added every x to weekly
* Updated new recur logic to work with tests
* Added repeatable tests back
* Added custom day start support
* Moved back to zone function
* Added zone back
* Added nextDue field
* Abstracted set next due logic, set offset, and mapped to ISO
* Removed extra codes
* Removed clone deep
* Added summary local
* Fixed every x weekly
* Prevented edit of repeats on
* Added next due date
* Fixed display of next due dates
* Fixed broken tests
* added next due date as today for weekly
* Fixed integration tests
* Updated common test
* Use user's format
* Allow user to deselect all days during week
* Removed let from front end
* Fixes apidoc error with Cast Skill
Changes Body to Query, changed example from POST body
* Updated to remove trailing space
* Wording fix per Lady Alys
* Update user.js
Kicking off another test.
* Update user.js
* WIP(guilds): AB test pester modal
* WIP(AB-test): guild pester cont'd
* fix(style): linting error
* fix(AB-test): markModified and notif enum
* fix(tests): update AB expectations
* fix(modal): remove extra includes
* feat(achievements): add Joined Guild cheevo
Also removes unused achievement sprites, and properly saves counter used in A/B testing
* fix(style): linting error from conflict
* Added isDue field and isDue set on create
* Added isDue update on update task
* Add isdue calc to score task
* Added isdue calc to cron
* Fixed lint issue
* Added isDue to no set and updated grammar
* Updating APIDOC for issue 8087
* Updating User API Doc (round 2)
cleaned up trailing sapces
* Updating User API Doc (round 2)
Changed mpHeal to mpheal
* Adding code to look over the most recent messages to look for spam from a user
* Adding in translatable error message
* Adding 2 tests for spam detection
* Fixing changes requested for pull request
* Adding unit tests for group and fixing requested changes
* Fixing message and tests
* Forgot to remove this import
* Fixing lint errors
* Cleaning up the code and tests to be more readable
* Fixing lint errors
* Fixed linting issues
* Syntax fixes
* Updated grammar
* Added abiltiy to add group managers
* Added ability to remove managers
* Added ability for managers to add group tasks
* Allower managers to assign tasks
* Allowed managers to unassign tasks
* Allow managers to delete group tasks
* Allowed managers to approve
* Added initial ui
* Added approval view for managers
* Allowed managers to edit
* Fixed lint issues
* Added spacing to buttons
* Removed leader from selection of group managers
* Code review updates
* Ensured approvals are only done once
* Added ability for parties to add managers
* Add notifications to all managers when approval is requests
* Removed tasks need approval notifications from all managers when task is approve
* Fixed linting issues
* Hid add managers UI from groups that are not subscribed
* Removed let from front end
* Fixed issues with post task url params
* Fixed string locales
* Removed extra limited strings
* Added cannotedit tasks function
* Added limit fields and notification check by taskId
* Localized string and other minor issues
* Added manager and leader indicator
* Added group notifications refresh on sync
* Added close button for group notifications
* Removed group approval notifications when manager is removed
* Moved leader/manager indicators to after hp
* Added manager fields to groups
* Spelling and syntax fixes
* Added block when user types a swear word listed in banned words
* Moved banned words check to server
* Removed unused code
* Moved banned words to separate file and fixed grammar.
* Updated chat test
* Changed error to BadRequest
* Fixed regex matching
* Updated test banned word
* Moved banned words and cached regex
* Updated banned word message
* Add ban filter only for tavern
* Added tavern id constant
* Added more tests for banned words
* Added warning to banned words
* Added alert
* Added new regex to capture markdown
* Fixed lint, spelling and importing
* Added email invite limit
* change error message for sending too many invitations to instruct them to email us
* fix test error message to use variable in locales string
* add comment to warn about keeping INVITES_LIMIT low
If INVITES_LIMIT is allowed to be greater than MAX_EMAIL_INVITES_BY_USER
then the inviter can send more than MAX_EMAIL_INVITES_BY_USER invitations
at once.
* Fix User > Profile showing {getProgressDisplay()}
* Remove bad nextRewardAt check
* 1st iteration of issue #8385 - more pending
* #8385 config and jade fixes, tests pending
* #8385 fixing lint errors
* Fix faqs string and test
* Fix faq.jade and add workaround for faq.js
* Fixing accidental checking for faq.js
* fix emails in faq.js
* fetch emails once in auth.js
* Fixing community manager email in auth.js
* Update API Doc #8087
Includes: GET /api/v3/user – POST /api/v3/user/buy/:key
* User API Doc update 1
Changed "GET user" description to a URL to the user model
* Update API DOC User 1
Cleaned up stray spaces
* Updated API Doc for User (part 1)
for GET user:
restored apiDescription from first PR
put link to model into "apiSuccessExample"
* Remove notifications from example responses
* Fixed trailing spaces
* Added a field in Party page with members count and maximum members in party
* Added information of invitations counter
* Limited party to 2 members on server (API)
* Fixed english text
* Consider current number of invitations in the party
* Moved PARTY_LIMIT_MEMBERS to common folder
* Access the PARTY_LIMIT_MEMBERS through groupsCtrl
* Some corrections
* Hide invite button when invite limit is reached
* Added missing trailing comma
* Do not test 'returns only first 30 invites' in a party anymore, but in a guild: party is limited to 30 members, so it would always fail
* Test: allow 30 members in a party
* Test: do not allow 30+ members in a party
* Improved 'allow 30 members in a party' test
* Test: 'allow 30+ members in a guild'
* Added missing trailing comma
* Code style corrections
* Fixed new line position
* Party limit check done inside Group.validateInvitations function
* Improved members count query
* Fixed tests
* Rewrite tests
* Removed import of BadRequest: value became unused
* Added 'await' to remaining 'Group.validateInvitations' functions
* Fixed tests that would always success
* Added subscriptions to all members when group subs
* Added unsub when group cancels
* Give user a subscription when they join a subbed group
* Removed subscription when user leaves or is removed from group
* Fixed linting issues:
* Added tests for users with a subscription being upgraded to group plan
* Added tests for checking if existing recurring user sub gets updated during group plan. Added better merging for plans
* Added test for existing gift subscriptions
* Added additional months to user when they have an existing recurring subscription and get upgraded to group sub
* Adds test for user who has cancelled with date termined in the future
* Added test to ensure date termined is reset
* Added tests for extra months carrying over
* Added test for gems bought field
* Add tests to for fields that should remain when upgrading
* Added test for all payment methods
* Added prevention for when a user joins a second group plan
* Fixed subscribing tests
* Separated group plan payment tests
* Added prevention of editing a user with a unlimited sub
* Add tests to ensure group keeps plan if they are in two and leave one
* Ensured users with two group plans do not get cancelled when on group plan is cancelled
* Ensured users without group sub are untouched when group cancels
* Fixed lint issues
* Added new emails
* Added fix for cron tests
* Add restore to stubbed methods
* Ensured cancelled group subscriptions are updated
* Changed group plan exist check to check for date terminated
* Updated you cannont delete active group message
* Removed description requirement
* Added upgrade group plan for Amazon payments
* Fixed lint issues
* Fixed broken tests
* Fixed user delete tests
* Fixed function calls
* Hid cancel button if user has group plan
* Hide difficulty from rewards
* Prevented add user functions to be called when group plan is cancelled
* Fixed merge issue
* Correctly displayed group price
* Added message when you are about to join canclled group plan
* Fixed linting issues
* Updated tests to have no redirect to homes
* Allowed leaving a group with a canceld subscription
* Fixed spelling issues
* Prevented user from changing leader with active sub
* Added payment details title to replace subscription title
* Ensured we do not count leader when displaying upcoming cost
* Prevented party tasks from being displayed twice
* Prevented cancelling and already cancelled sub
* Fixed styles of subscriptions
* Added more specific mystery item tests
* Fixed test to refer to leader
* Extended test range to account for short months
* Fixed merge conflicts
* Updated yarn file
* Added missing locales
* Trigger notification
* Removed yarn
* Fixed locales
* Fixed scope mispelling
* Fixed line endings
* Removed extra advanced options from rewards
* Prevent group leader from leaving an active group plan
* Fixed issue with extra months applied to cancelled group plan
* Ensured member count is calculated when updatedGroupPlan
* Updated amazon payment method constant name
* Added comment to cancel sub user method
* Fixed smantic issues
* Added unite test for user isSubscribed and hasNotCancelled
* Add tests for isSubscribed and hasNotCanceled
* Changed default days remaining to 2 days for group plans
* Fixed logic with adding canceled notice to group invite
* Added setting and modal for score notes
* Added persistent score notes
* Fixed linting issues and documented new field
* Added max length to task score notes
* Added check for score notes existence
* Combined tasks perferences
* Leaving a group or a guild no longer removes the user from the challenges of that group or guild.
* Updating api docs for leaving group to take into account the default path no longer leaving challenges when leaving a group.
* Updating api docs for leaving group to take into account the default path no longer leaving challenges when leaving a group.
* refactored according to blade's comments to not be a breaking change. The api now accepts a body parameter to specify wether the user
should remain in the groups challenges or leave them. The change also adds more tests around this behavior to confirm that it works
as expected.
* Updating Tasks and Tags API Doc
* Update Tasks and Tag API Doc
added back * @apiUse ChallengeNotFound
* Update Tasks and Tag API Doc #8447
Corrected NotAuthorized errors to 401
* start migrating to bcrypt
* added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default
* travis: try to upgrade to container based infrastructure
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476
* correct sha1 unit tests
* try different mongodb repo
* try without mognodb services
* try again with bcrypt
* disable request logging in travis
* migrate missing routes
* simplify code
* remove bcryptjs
* fix typo
* fix typo
* fix typo in comment
* add unit tests for new passwords utility emthods
* travis: back to old infrastructure, containers often have timeouts
* add integration test for passwordHashMethod
* update shrinkwrap
* clarify code and add comments
* add integration tests
* fix linting
* fix integration tests
