* reset the ApiToken on password changes/resets
* fix/add tests
* fix(typo): test grammar
* update new API Token Strings, removed unused one
---------
Co-authored-by: Kalista Payne <sabrecat@gmail.com>
* fix(auth): record local email for social users where possible
* fix(auth): Apple emails are junk, prefer Google
* fix(auth): correct placement of logic to save local email
* fix(auth): run full function in both workflows to avoid conflicts
Co-authored-by: SabreCat <sabe@habitica.com>
* Don't sign in user when trying to connect a social account that was already created
* Log social users into matching local auth accounts
If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account
* If possible set local authentication email for social users
* Allow password reset emails to be sent to social login users
* lint fixes
* Fix issues and tests
* fix tests
* Fix lint error.
* fix(profile): detect attempt to use banned words as display name. refactor profanity detection method.
* fix(profile): detect attempt to use banned words in blurb. further refactor profanity detection. inform the user their chat privileges have been revoked.
* refactor: add function to normalize Unicode strings and remove diacritics
* fix: improve regEx to prevent false partial matches e.g. 'hello' being recognised as banned words. porting fix from #12309
* fix(profile): refactor of profanity detection for #12445
* fix(profile): add test for swear words in new profile. fix existing tests
* fix(profile): show different error message for attempted slur use in username by new users.
* fix(profile): remove incorrect slur test
* fix(profile): fix slurs not caught at start of end of strings connect by punctuation
* tests(profile): fix tests for profanity checking
* remove exclusive test
* 11865 - update text for slur warnings
* 11865 - remove unused string from locale files
* 11865 - improve naming of banned word usage locale string
* 11865 - improve logic so that differentiated warnings are shown depending on whether a slur or other profanity has been used in a display name
* 11865 - construct slur regexes outside the validation function in which they are used
* 11865 - fix tests
* add date check
* achievements modal polishing
* refresh private-messages page when you are already on it
* add countbadge knob to change the example
* fix lint
* typos
* typos
* typos
* add toggle for achievements categories
* typo
* fix test
* fix edit avatar modal cannot be closed
* WIP(settings): subscriber page improvements
* WIP(subscriptions): more design build-out
* fix(css): disabled button styles
* fix(css): better Amazon targeting
* fix hide tooltip + align header correctly
* disable perfect scroll
* load messages on refresh event
* fix header label + conversation actions not breaking layout on hover
* WIP(g1g1): notif
* WIP(g1g1): notif cont'd
* fix(test): snowball change
* fix(event): feature NYE card
* chore(sprites): compile
* fix(bgs): include TT required field
* add gifting banner to the max height calculation
* chore(event): enable winter customizations
* WIP(gifting): partial modal implementation
* feat(gifting): select giftee modal
* fix(gifting): notification order, modal dismiss
* Begin implementing sign in with apple
# Conflicts:
# package-lock.json
# website/common/script/constants.js
# website/server/libs/auth/social.js
# website/server/models/user/schema.js
* Add apple sign in button to website
* fix lint errors
* fix config json
* fix(modals): correct some repops
* fix(gifting): style updates
* fix(buy): modal style changes
* fix(modals): also clean out "prev"
* Attempt workaround for sign in with apple on android
* temporarily log everything as error
* refactor(modals): hide in dismiss event
* fix temporary test failure
* changes to sign in with apple
* fix: first batch of layout issues for private messages + auto sizing textarea
* fix(modals): new dismiss logic
* fix(modals): new dismiss no go??
* Only use email scope
* print debugging
* .
* ..
* ...
* username second line - open profile on face-avatar/conversation name - fix textarea height
* temporarily disable apple auth and just return data for debugging
* Hopefully this works
* .....
* WIP(subscription): unsubscribed state
* .
* ..
* MAYBE THIS ACTUALLY WORKS???
* Implement apple sign in
* fix some urls
* fix urls
* fix redirect and auth
* attempt to also request name
* fix lint error
* WIP(subscription): partial subscribed
* chore(sprites): compile
* Change approach so that it actually works
* fix config error
* fix lint errors
* Fix
* fix lint error
* lint error
* WIP(subscription): finish subscribed
* refresh on sync
* new "you dont have any messages" style + changed min textarea height
* new conversationItem style / layout
* reset message unread on reload
* chore(npm): update package-locks
* fix styles / textarea height
* feat(subscription): revised sub page RC
* list optOut / chatRevoked informations for each conversation + show why its disabled
* Improve apple redirect view
* Fix apple icon on group task registration page
* WIP(adventure): prereqs
* Block / Unblock - correct disabled states - $gray-200 instead of 300/400
* canReceive not checking chatRevoked
* fix: faceAvatar / userLink open the selected conversation user
* check if the target user is blocking the logged-in user
* fix(subs): style tweaks
* fix(profiles): short circuit contributor
Attempted fix for #11830
* chore(sprites): compile
* fix(content): missing potion data
* fix(content): missing string
* WIP(drops): new modal
* fix(subs): moar style tweaks
* check if blocks is undefined
* max-height instead of height
* fix "no messages" state + canReceive on a new conversation
* WIP(adventure): analytics fixes etc
* Improve apple signin handling
* fixed conversations width (280px on max 768 width page)
* feat(adventure): random egg+potion on 2nd task
* fix(lint): noworkies
* fix(modal): correctly construct classes
* fix(tests): expectations and escape
* Fix typo
* use base url from env variables
* fix lint
* call autosize after message is sent
* fix urls
* always verify token
* throw error when social auth could not retrieve id
* Store emails correctly for apple auth
* Retrieve name when authenticating through apple
* Fix lint errors
* fix all lint errors
* fix(content): missing strings
* Revert "always verify token"
This reverts commit 8ac40c76bf.
# Conflicts:
# website/server/libs/auth/social.js
* Correctly load name
* remove extra changes
* remove extra logger call
* reset package and package-lock
* add back missing packages
* use name from apple
* add support for multiple apple public keys
* add some unit and integration tests
* add apple auth integration test
* tweak social signup buttons
* pixel pushing
Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com>
Co-authored-by: Sabe Jones <sabrecat@gmail.com>
Co-authored-by: negue <eugen.bolz@gmail.com>
Co-authored-by: Phillip Thelen <phillip@habitica.com>
* password min length: server + client side registering
* tweak text, add tests
* misc
* use red border for invalid inputs
* fix auth form for groups
* remove default firefox box shadown on invalid elements
* fix css in authForm
* fix margings
* misc fixes to forms and buttons
* fix typo
* wip: define items as mixed objects
* add default owned gear
* mark modified
* more mark modified
* more mark modified
* more mark modified
* more mark modified
* fix common tests
* fix common tests
* update mongoose
* add itemsUtils
* use new util function in hall controller
* add tests for items utils
* update website/server to mark all items as modified
* start updating common code
* update login incentives
* update unlock
* remove changes to package-lock.json
* remove changes to package.json
* Change update username API call
The call no longer requires a password and also validates the username.
* Implement API call to verify username without setting it
* Improve coding style
* Apply username verification to registration
* Update error messages
* Validate display names.
* Fix API early Stat Point allocation (#10680)
* Refactor hasClass check to common so it can be used in shared & server-side code
* Check that user has selected class before allocating stat points
* chore(event): end Ember Hatching Potions
* chore(analytics): reenable navigation tracking
* update bcrypt
* Point achievement modal links to main site (#10709)
* Animal ears after death (#10691)
* Animal Ears purchasable with Gold if lost in Death
* remove ears from pinned items when set is bought
* standardise css and error handling for gems and coins
* revert accidental new line
* fix client tests
* Reduce margin-bottom of checklist-item from 10px to -3px. (#10684)
* chore(i18n): update locales
* 4.61.1
* feat(content): Subscriber Items and Magic Potions
* chore(sprites): compile
* chore(i18n): update locales
* 4.62.0
* Display notification for users to confirm their username
* fix typo
* WIP(usernames): Changes to address #10694
* WIP(usernames): Further changes for #10694
* fix(usernames): don't show spurious headings
* Change verify username notification to new version
* Improve feedback for invalid usernames
* Allow user to set their username again to confirm it
* Improve validation display for usernames
* Temporarily move display name validation outside of schema
* Improve rendering banner about sleeping in the inn
See #10695
* Display settings in one column
* Position inn banner when window is resized
* Update inn banner handling
* Fix banner offset on initial load
* Fix minor issues.
* Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718)
* Issue: 10660 - Fixed. Changed default to Please Enter A Value
* Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value
* chore(news): Bailey announcements
* chore(i18n): update locales
* 4.62.1
* adjust wiki link for usernameInfo string
https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425
* raise coverage for tasks api calls (#10029)
* - updates a group task - approval is required
- updates a group task with checklist
* add expect to test the new checklist length
* - moves tasks to a specified position out of length
* remove unused line
* website getter tasks tests
* re-add sanitizeUserChallengeTask
* change config.json.example variable to be a string not a boolean
* fix tests - pick the text / up/down props too
* fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props
* Change update username API call
The call no longer requires a password and also validates the username.
* feat(content): Subscriber Items and Magic Potions
* Re-add register call
* Fix merge issue
* Fix issue with setting username
* Implement new alert style
* Display username confirmation status in settings
* Add disclaimer to change username field
* validate username in settings
* Allow specific fields to be focused when opening site settings
* Implement requested changes.
* Fix merge issue
* Fix failing tests
* verify username when users register with username and password
* Set ID for change username notification
* Disable submit button if username is invalid
* Improve username confirmation handling
* refactor(settings): address remaining code comments on auth form
* Revert "refactor(settings): address remaining code comments on auth form"
This reverts commit 9b6609ad64.
* Social user username (#10620)
* Refactored private functions to library
* Refactored social login code
* Added username to social registration
* Changed id library
* Added new local auth check
* Fixed export error. Fixed password check error
* fix(settings): password not available on client
* refactor(settings): more sensible placement of methods
* chore(migration): script to hand out procgen usernames
* fix(migration): don't give EVERYONE new names you doofus
* fix(migration): limit data retrieved, be extra careful about updates
* fix(migration): use missing field, not migration tag, for query
* fix(migration): unused var
* fix(usernames): only generate 20 characters
* fix(migration): set lowerCaseUsername
* shared model for chat and inbox
* disable inbox schema
* inbox: use separate model
* remove old code that used group.chat
* add back chat field (not used) and remove old tests
* remove inbox exclusions when loading user
* add GET /api/v3/inbox/messages
* add comment
* implement DELETE /inbox/messages/:messageid in v4
* implement GET /inbox/messages in v4 and update tests
* implement DELETE /api/v4/inbox/clear
* fix url
* fix doc
* update /export/inbox.html
* update other data exports
* add back messages in user schema
* add user.toJSONWithInbox
* add compativility until migration is done
* more compatibility
* fix tojson called twice
* add compatibility methods
* fix common tests
* fix v4 integration tests
* v3 get user -> with inbox
* start to fix tests
* fix v3 integration tests
* wip
* wip, client use new route
* update tests for members/send-private-message
* tests for get user in v4
* add tests for DELETE /inbox/messages/:messageId
* add tests for DELETE /inbox/clear in v4
* update docs
* fix tests
* initial migration
* fix migration
* fix migration
* migration fixes
* migrate api.enterCouponCode
* migrate api.castSpell
* migrate reset, reroll, rebirth
* add routes to v4 version
* fix tests
* fixes
* api.updateUser
* remove .only
* get user -> userLib
* refactor inbox.vue to work with new data model
* fix return message when messaging yourself
* wip fix bug with new conversation
* wip
* fix remaining ui issues
* move api.registerLocal, fixes
* keep only v3 version of GET /inbox/messages
* prints first error message only
* update signup error messages, missing password not working (wip)
* remove alerts, show notEmpty, first error only per param, update unit test
* move changes to client side
* feat(gdpr) only store necessary data for social login
* feat(gdpr) also store email for social users
* fix(social auth): store emails array instead of single email
* fix(emails): do not get name from old facebook info
* add migration to remove extra data from social profiles
* update migration description
* fix tests
* fix typo in migration file
* remove inbox from user/stats routes
* remove inbox from news routes
* change signature for authWithHeaders
* do not load inbox in coupons routes
* do not load inbox in challenge routes
* do not load inbox in some members routes
* do not load inbox in chat routes
* downcase updating an email to be consistent with creating
* add tests to ensure downcase of email for create/update
* create migration to downcase existing User objects
* delete 'only'
* change gmail to example
* add trailing comma from lint error
* search for emails with at least one capital letter
* fix query in order to search for any email with at least one capital letter
* batch process effected users with at least one capital in email
* update script for batch process effected users
* update API comments to for `username` restrictions and to use Login Name terminology
We use "login name" rather than "username" in user-visible text
on the website and (usually) when communicating with users because
"username" could be confused with "profile name".
Using it in the docs allows you to search for that term.
* add alphanumeric and length validation for creating new login name (username)
The 'en-US' locale is specified explicitly to ensure we never use
another locale. The point of this change is to limit the character
set to prevent login names being used to send spam in the Welcome
emails, such as Chinese language spam we've had trouble with.
* add error messages for bad login names
* allow login name to also contain hyphens
This is because our automated tests generate user accounts using:
let username = generateUUID();
* allow login names to be up to 36 characters long because we use UUIDs as login names in our tests
* revert back to using max 20 characters and only a-z, 0-9 for login name.
It's been decided to change the username generation in the tests instead.
* disable test that is failing because it's redundant
Spaces are now prohibited by other code.
We can probably delete this test later. I don't want to delete it
now, but instead give us time to think about that.
* fix typos
* revert to login name restrictions that allow us to keep using our existing test code
I'm really not comfortable changing our test suite in ways that
aren't essential, especially since we're working in a hurry with
a larger chance than normal of breaking things.
The 36 character length is larger than we initially decided but
not so much larger that it's a huge problem.
We can reduce it to 20 when we have more time.
* limit username length to 20 chars
* fix tests
* start work on porting the reset password page
* add new api route for setting a new password after a reset
* wip client page
* port tests
* wip
* fix linting
* skip tests
* Refactor api description for auth.js with @apiParam groups
* Refactor apiDoc toward better consistency
* Fix missing groups for get requests
* Fix missing groups for other request methods
* (server) Add parties array to store invites
* (server) Lint files
* Update joinGroup, rejectGroupInvite, _inviteByUUID, and remove clearPartyInvitation.js
* Update user schema: detailed 'invitations.parties' attributes
* Code improvement and do not let invite twice
* Check if the user is already invited earlier in the code
* Added message to invitation page, and show all invitations
* Added join party confirmation alert
* Small fixes
* Created test: allow inviting a user to 2 different parties
* Updated tests
* Update invitations.parties on more places
* Small adjustments
* Updates on invitations.party references
* Show all invitations when user is already in a party
* Fixed notifications counter
* Update both 'party' and 'parties' at _handleGroupInvitation
* Updated a test
* Fixed small mistake at _handleGroupInvitation
* More test update
* Update invitation.party when removing single invite and small adjust at view
