* move emails images to website/static/emails and remove old files
* remove old client tests
* remove more files
* add sprites back
* cleanup gulp
* cleanup gulp
* remove old files
* more fixes
* pin bootstrap-vue
* disable old test
* remove old tasks
* fix apidoc
* Added removing invites
* Addeed messages for empty gems to icon
* Added member for challenge members
* Fixed task cloning ending
* Fixed group task assignment
* Added small hack to prevent scrolling issues
* Fixed lint
* start work on porting the reset password page
* add new api route for setting a new password after a reset
* wip client page
* port tests
* wip
* fix linting
* skip tests
* Discover challenges
* Fixed hero loading
* Moved add task button
* Fixed bailey showing
* Added logs for bad sub data
* Fixed blurb editing
* Added confirmation for deleteing message
* Reset invite modals on invite
* fixed group member sorting
* Fixed chat time styles
* Fixed hover on liked
* Fixed like count
* Added reverse
* Fixed editing party
* Added leader conditions
* Added search
* Added loading
* Reset members when leaving party
* Rounded pending
* Fixed overflow on collecting quests
* Added to invite friends
* Hid summary from party
* Fixed button styles
* Fixed button class
* Removed okay button
* Fixed renav for profile modal
* Added subscription back to menu
* Fixed static link
* Added daily due setting
* Added local auth adding
* Fixed centering of text
* Removed message locally
* Added count for new message
* Added style fix for profile pet
* Fixed achievement popovers
* Fixed white boxes
* Added plain color backgrounds
* fixed challenge mutability
* Fixed challenge editing
* Added notation for large numbers
* Add color text to guild sizes
* Removed membership filters from discover challenges
* Added invites to group
* Cmd + enter send message
* Made leader clickable
* Updated group validation
* Added cancelling autocomplete
* Added mention icon
* Added removing member
* Removed extra string
* extract seasonal-shop config - use summer season items (to work on)
* add suggested border to shopItems
* refactor getOfficialPinnedItems (now includes the seasonal gear)
* refactor shops.getSeasonalShop - add featured items to result - add the set to special equipment items
* feat(content): Fall 2017 seasonal gear
Also adds set keys for all prior seasonal gear.
* show item limited time (buyModal & shopItem)
* select seasonal fall sets
* WIP(seasonal-shop): placeholder Fall 2017 items
* fix lint
* sprites
* styling + fix purchase of seasonal spells
* compile sprites
* fixes: check isPinned with officialItems
* enable purchase of seasonal items for testing
* fix shop apis
* add featuredItems to market
* quest shop: add featuredItems to api
* tiem travelers shop: add featuredItems to api
* fix gear types filter
* feat(content): Fall 2017 compleat
* chore(sprites): compile
* show opened shop state (npc+background)
* add opened seasonal npc
* current seasonal users class set = purchase by gold - lock other sets of the current season
* hide event badge in seasonal shop - dot only for suggested items - cursor: pointer on shopItems
* refresh rewards column list (seasonal gear won't refresh it on purchase)
* fix duplicate seasonal gear -> remove special items from the old reward gear (which is used to reset the pinned gears)
* every current season gear is purchased by gold - prevent buyModal on locked items
* use the current event date range
* list seasonal sets by event date
* use custom method instead of updateStore to list the pinnable gear
* change daterange to 10-31
* fix start quest modal from items - disable invite quest button if a quest is already active
* toggle pin in buy-dialogs
* check if the item is not undefined/null - renamed the watch function
* fix spacing between rewards and items
* fix rewards description
* rewards cost in bold
* fix gp notifications
* fix dailies gray text
* fix cancel in task edit modal
* tags: use AND not OR for filtering
* fix tasksDefaults so that monthlies can be created correctly
* tags: usable if no task selected, saving checklist and tags saved the one being added without requiting to press enter
* remove tags from tasks when they are deleted
* fix tags removal when multiple tags are deleted and fix tags editing
* Added avatars to inbox
* Added ordering of inbox messages
* Fixed blurb not converting to string
* Added message to member modal
* Added quest invites
* Moved filters to server
* lock other classes gear
* fix avatar in equip-gear-modal
* fix seasonal shop
* seasonal : new gear type order
* fix pin gear (and get new gear on buying)
* API: /shops/market-gear - refactoring pinnedGearUtils - move _isPinned to common/libs
* use shops.getMarketGearCategories to list the marketGear
* use shops.getMarketCategories instead of API-call
* mark gear reward items as locked
* purchase time-travelers stuff + update view + use method instead of http-api + add missing mammoth shop image
* Time Travelers Shop: open/closed state
* time travelers: show gear preview + hide sidebar if closed
* update resized images
* fix lint
* create new summary field for challenges
* finish implementating summary for challenges, add some support for guilds
* make small improvements to challenges code
* fix lint errors
* add more code to support summaries for guilds (still more needed)
* fix existing tests by adding summary field
* make existing tests pass
* WIP make "Public Challenges" text translatable
* change "leader" locale key to "guildOrPartyLeader" to make searches for it easier
* remove v-once from h2 headings
* remove failed attempt to localise text in <script>
* add quick-and-dirty error checking for guild not having categories
* make "Public Challenges" text translatable
* rename final ...PlaceHolder strings to ...Placeholder (lower-case "h") for consistency with existing Placeholder strings
* wip: client: i18n
* remove maxAge from cookies to get same expiration ad localStorage
* set cookies expiration to 10 years
* moment: load translations in browser, moment: only load necessary data, remove jquery, remove bluebird
* ability to change language
* fix logout
* add some requiresLogin: false to static pages
* fix tests
* Forced full refresh after deletE
* Fixed styles on firefox
* Removed instagram link
* Added information to modal
* Fixed deleteing and task keeping
* Added redirect to challenge detail after created
* Updated challenge item styles
* Added new limit option to challenges
* Refactor api description for auth.js with @apiParam groups
* Refactor apiDoc toward better consistency
* Fix missing groups for get requests
* Fix missing groups for other request methods
* Added stripe payment for group plan
* Began adding amazon
* Added amazon payments for group
* Added get group plans route
* Added group plan nav
* Added initial task page
* Added create and edit group plans
* Added initial approval header and footer
* Added assignment and approved requirement
* Added minor text fixes
* Added inital approval flow
* Added approval modal
* Removed always true
* Added more styles for filters
* Added search
* Added env vars
* Fixed router issues
* Added env to social login
* Fixed merge conflict
* toggle pinned state of items server + client
* pin quests / add pin src
* add officially pinned items and api to get in app rewards
* update schema and get items deatils
* update pin actions to the new logic
* show countBadge only with a number
* extract getPinKey - pin seasonal items
* togglePinned in buy-dialogs
* add pinKey to shop items
* wip
* wip
* fix path
* togglePinnedItem as common.op / use in client
* fix linting
* pinning: getItemInfo and save in db path and type
* make api more consistent, fix bugs
* updates
* fix bugs
* update actions to current api
* marketGear
* change to pinType
* add mystery_set to getItemInfo
* fix isPinned
* ignore animals
* list shopItems (initial)
* shopItem now has default popoverconent, itemclass and price / currency - list pinned items as rewards - attributes to gear
* show buyModal for the rewards
* show mystery_set icon
* add info whether item is suggested
* write migration, fix style issues
* pin potion and armoire
* make potion, armoire not unpinnable
* show notes for armoire and potion, add default items for new users
* show unpin notification
* add/remove pinned gear on class-change
* remove pinned & add new gear on purchase - refactoring pinning methods - fixes
* always allow to purchase armoire
* highlight item if suggested
* tasks hover state
* hide column background if task too close
* wip edit tasks
* wip: replace tags
* upgrade bootstrap-vue and fix creare btn for tasks
* difficulty options colors and active label fixes
* fix tags
* issue 8812 - added the list of bad words matched to the postChat error message.
* issue 8812 - added the list of bad words matched to the postChat error message.
* issue 8812 - some refactoring, fixed relevant tests, and lint rules refactor
* small fix for unnecessary empty array
* added test and did some small refactoring
* lint error fix
* issue 8812 - added the list of bad words matched to the postChat error message.
* issue 8812 - some refactoring, fixed relevant tests, and lint rules refactor
* small fix for unnecessary empty array
* added test and did some small refactoring
* lint error fix
* add test to check the error message contains the banned words used
* improve banned words test
* issue 8812 - added the list of bad words matched to the postChat error message.
* issue 8812 - some refactoring, fixed relevant tests, and lint rules refactor
* small fix for unnecessary empty array
* added test and did some small refactoring
* lint error fix
* issue 8812 - added the list of bad words matched to the postChat error message.
* issue 8812 - some refactoring, fixed relevant tests, and lint rules refactor
* add test to check the error message contains the banned words used
* improve banned words test
* merge with develop - aligned banned slurs check with banned words check
* initial quests.vue - refactorings - add group to quests
* shows quests by quest-group
* buyQuestModal with rewards sidebar
* store / actions to load seasonal/time-travelers shop data
* buyModal buyPressed instead of buyAction - seasonal shop categories now with specialClass property - seasonal shop
* time travelers vue - show hourglass in shopItem / buyDialog - fix banners
* cleanup
* show amount of already owned quests
* show html notes in popovers / dialog
* extract purchase-api to common.ops.purchaseWithSpell to call the same in the store / update the UI on purchases
* add time-travelers sprites
* fix lint
* add last mystery set images
* remove unused Page
* remove equipment from newClient.json
* initial market - routing - store - load market data
* move drawer/drawerSlider / count/star badge to components/ui
* filter market categories
* shopItem with gem / gold
* show count of purchable items
* show count of purchable itemsshow drawer with currently owned items + DrawerHeaderTabs-Component
* show featured gear
* show Gear - filter by class - sort by (type, price, stats) - sort market items
* Component: ItemRows - shows only the max items in one row (depending on the available width)
* Sell Dialog + Balance Component
* generic buy-dialog / attributes grid with highlight
* buyItem - hide already owned gear
* filter: hide locked/pinned - lock items if not enough gold
* API: Sell multiple items
* show avatar in buy-equipment-dialog with changed gear
* market banner
* misc fixes
* filter by text
* pin/unpin gear store actions
* Sell API: amount as query-parameter
* Update user.js
* fixes
* fix sell api amount test
* add back stroke/fill currentColor
* use scss variables
* Added challenges section
* Added public fields to guilds
* Added suggestion for habitica help guild
* Added categoires to group
* Added guild category filters
* Added guild filter by member count
* Removed console.log
* Updated group count in tests to account for newly created groups
* (server) Add parties array to store invites
* (server) Lint files
* Update joinGroup, rejectGroupInvite, _inviteByUUID, and remove clearPartyInvitation.js
* Update user schema: detailed 'invitations.parties' attributes
* Code improvement and do not let invite twice
* Check if the user is already invited earlier in the code
* Added message to invitation page, and show all invitations
* Added join party confirmation alert
* Small fixes
* Created test: allow inviting a user to 2 different parties
* Updated tests
* Update invitations.parties on more places
* Small adjustments
* Updates on invitations.party references
* Show all invitations when user is already in a party
* Fixed notifications counter
* Update both 'party' and 'parties' at _handleGroupInvitation
* Updated a test
* Fixed small mistake at _handleGroupInvitation
* More test update
* Update invitation.party when removing single invite and small adjust at view
* Added text to locale
* Added achievement to content and libs
* Added achievement modal
* Added achievement to notification model and controller
* Added achievement to user schema
* Grant achievement to inviter when user registers using emailed link
* Fix icon name
* Added integration test
* Fix linting
* Added sprite
* Initial psuedo-code for checking for slurs in messages
* Initial working prototype for blocking posting of slurs. Moved check from group.js to the chat api. Still needs: to permanently revoke chat privileges, to notify the moderators, a better method for checking for the blacklisted words, and a way to get the real list of words to check.
* Permanently revoke chat privileges when attempting to post a slur.
* Removed console logs
* Fixing rebase
* Do not moderate private groups
* Moved slur check to a generic check for banned words function
* Moved list of slurs to a separate file, fixed misplacement of return in ContainsBannedWords() function
* Slurs are blocked in both public and private groups
* Added code to send a slack message for slurs
* Fixed formatting issues
* Incorporated tectContainsBannedWords() function from PR 8197, added an argument to specify the list of banned words to check
* Added initial tests for blocking slurs and revoking chat priviliges
* Uncommented line to save revoked privileges
* Check that privileges are revoked in private groups
* Moved code to email/slack mods to chat api file
* Switched to BadRequest instead of NotFound error
* Restore chat privileges after test
* Using official placeholder slur
* Fixed line to export sendSubscriptionNotification function for slack
* Replaced muteUser function in user methods with a single line in the chat controller file
* Reset chatRevoked flag to false in a single line
* Switched method of setting chatRevoked flag so that it is updated locally and in the database
* First attempt at the muteUser function: revokes user's chat privileges and notifies moderators
* Manual merge for cherry-pick
* Initial working prototype for blocking posting of slurs. Moved check from group.js to the chat api. Still needs: to permanently revoke chat privileges, to notify the moderators, a better method for checking for the blacklisted words, and a way to get the real list of words to check.
* Permanently revoke chat privileges when attempting to post a slur.
* Removed console logs
* Created report to be sent to moderators via email
* Do not moderate private groups
* Moved slur check to a generic check for banned words function
* Moved list of slurs to a separate file, fixed misplacement of return in ContainsBannedWords() function
* Slurs are blocked in both public and private groups
* Added code to send a slack message for slurs
* Fixed formatting issues
* Incorporated tectContainsBannedWords() function from PR 8197, added an argument to specify the list of banned words to check
* Added initial tests for blocking slurs and revoking chat priviliges
* Uncommented line to save revoked privileges
* Check that privileges are revoked in private groups
* Moved code to email/slack mods to chat api file
* Switched to BadRequest instead of NotFound error
* Restore chat privileges after test
* Using official placeholder slur
* Fixed line to export sendSubscriptionNotification function for slack
* Replaced muteUser function in user methods with a single line in the chat controller file
* Reset chatRevoked flag to false in a single line
* Switched method of setting chatRevoked flag so that it is updated locally and in the database
* Removed some code that got re-added after rebase
* Tests for automatic slur muting pass but are incomplete (do not check that chatRevoked flag is true)
* Moved list of banned slurs to server side
* Added warning to bannedSlurs file
* Test chat privileges revoked when posting slur in public chat
* Fix issues left over after rebase (I hope)
* Added code to test for revoked chat privileges after posting a slur in a private group
* Moved banned slur message into locales message
* Added new code to check for banned slurs (parallels banned words code)
* Fixed AUTHOR_MOTAL_URL in sendTxn for slur blocking
* Added tests that email sent on attempted slur in chat post
* Created context for slur-related-tests, fixed sandboxing of email. Successfully tests that email.sendTxn is called, but the email content test fails
* commented out slack (for now) and cleaned up tests of sending email
* Successfully tests that slur-report-to-mods email is sent
* Slack message is sent, and testing works, but some user variables seem to only work when found in chat.js and passed to slack
* Made some fixes for lint, but not sure what to do about the camel case requirement fail, since that's how they're defined in other slack calls
* Slack tests pass, skipped camelcase check around those code blocks
* Fixed InternalServerError caused by slack messaging
* Updated chat privileges revoked error
* fix(locale): typo correction
* add possibility for group to block members from getting gems
* fixes
* fix tests
* adds some tests
* unit tests
* finish unit tests
* remove old code
* test: test that admin users can update guilds
* test: test admin removeMember privileges
* fix: allow admins to edit guilds
* fix: add edit guild options for admins
* test: test that admin can't remove current leader
* Add error msg for removing current leader
* Taskwoods Quest Line (#8156)
* feat(content): Gold Quest 2016-10
* chore(news): Bailey
* chore(i18n): update locales
* chore(sprites): compile
* 3.49.0
* chore: update express
* Fix for the ReDOS vulnerability
habitica is currently affected by the high-severity [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722).
Vulnerable module: `tough-cookie`
Introduced through: ` request`
This PR fixes the ReDOS vulnerability by upgrading ` request` to version 2.74.0
Check out the [Snyk test report](https://snyk.io/test/github/HabitRPG/habitica) to review other vulnerabilities that affect this repo.
[Watch the repo](https://snyk.io/add) to
* get alerts if newly disclosed vulnerabilities affect this repo in the future.
* generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away.
Stay secure,
The Snyk team
* Documentation - coupon
closes#8109
* fix(client): Allow member hp to be clickable
fixes#8016closes#8155
* chore(npm): shrinkwrap
* test: test isAbleToEditGroup
* Add isAbleToEditGroup to groupsCtrl
* Remove unnecessary ternary
* Fix linting
* Move edit permission logic out to groupsCtrl
* fix: change ternary to boolean
* Fix linting
* Fixed merge issues
* Added image
* Added new achievement to user schema
* Added new achievement to content
* Added new achievement to libs
* Added achievement text to locale
* Added achievement to notification model and controller
* Grant achievement on joining or creating first challenge
* Added achievement to modal template
* Compiled new sprites
* Added integration tests
* Fix linting error
* Updating User API Doc (part 3)
* Updating User API Doc (part 3)
Fixed trailing spaces
* Updating User API Doc (part 3)
Made changes to @apiParamExample to make multi-line (which may have been cause of apiDoc failing)
* Updated quests to add questKey
* Make flags.chatRevoked prevent sending private messages (issue #7971)
* Disallow sending gems when messages aren't allowed.
* Created function to check for objections to an interaction to user model and wired it into the API (issue #7971)
* Fixes for issues raised by reviewers.
* Added allowed values to apidoc for api.getObjectionsToInteraction.
* Refactoring of getObjectionsToInteraction and minor API changes.
* fix(objections): address PR comments
* fix(strings): use US English for base edits
* refactor(test): typos and phrasing
* Improved API documentation for hall
* Fixes typos, removes apiHeader definitions and curl example
* Fixes @apiParam and capitalization errors. Moves @apiDefines to website/server/api-doc.js
