* fix(profile): detect attempt to use banned words as display name. refactor profanity detection method.
* fix(profile): detect attempt to use banned words in blurb. further refactor profanity detection. inform the user their chat privileges have been revoked.
* refactor: add function to normalize Unicode strings and remove diacritics
* fix: improve regEx to prevent false partial matches e.g. 'hello' being recognised as banned words. porting fix from #12309
* fix(profile): refactor of profanity detection for #12445
* fix(profile): add test for swear words in new profile. fix existing tests
* fix(profile): show different error message for attempted slur use in username by new users.
* fix(profile): remove incorrect slur test
* fix(profile): fix slurs not caught at start of end of strings connect by punctuation
* tests(profile): fix tests for profanity checking
* remove exclusive test
* 11865 - update text for slur warnings
* 11865 - remove unused string from locale files
* 11865 - improve naming of banned word usage locale string
* 11865 - improve logic so that differentiated warnings are shown depending on whether a slur or other profanity has been used in a display name
* 11865 - construct slur regexes outside the validation function in which they are used
* 11865 - fix tests
* add date check
* achievements modal polishing
* refresh private-messages page when you are already on it
* add countbadge knob to change the example
* fix lint
* typos
* typos
* typos
* add toggle for achievements categories
* typo
* fix test
* fix edit avatar modal cannot be closed
* WIP(settings): subscriber page improvements
* WIP(subscriptions): more design build-out
* fix(css): disabled button styles
* fix(css): better Amazon targeting
* fix hide tooltip + align header correctly
* disable perfect scroll
* load messages on refresh event
* fix header label + conversation actions not breaking layout on hover
* WIP(g1g1): notif
* WIP(g1g1): notif cont'd
* fix(test): snowball change
* fix(event): feature NYE card
* chore(sprites): compile
* fix(bgs): include TT required field
* add gifting banner to the max height calculation
* chore(event): enable winter customizations
* WIP(gifting): partial modal implementation
* feat(gifting): select giftee modal
* fix(gifting): notification order, modal dismiss
* Begin implementing sign in with apple
# Conflicts:
# package-lock.json
# website/common/script/constants.js
# website/server/libs/auth/social.js
# website/server/models/user/schema.js
* Add apple sign in button to website
* fix lint errors
* fix config json
* fix(modals): correct some repops
* fix(gifting): style updates
* fix(buy): modal style changes
* fix(modals): also clean out "prev"
* Attempt workaround for sign in with apple on android
* temporarily log everything as error
* refactor(modals): hide in dismiss event
* fix temporary test failure
* changes to sign in with apple
* fix: first batch of layout issues for private messages + auto sizing textarea
* fix(modals): new dismiss logic
* fix(modals): new dismiss no go??
* Only use email scope
* print debugging
* .
* ..
* ...
* username second line - open profile on face-avatar/conversation name - fix textarea height
* temporarily disable apple auth and just return data for debugging
* Hopefully this works
* .....
* WIP(subscription): unsubscribed state
* .
* ..
* MAYBE THIS ACTUALLY WORKS???
* Implement apple sign in
* fix some urls
* fix urls
* fix redirect and auth
* attempt to also request name
* fix lint error
* WIP(subscription): partial subscribed
* chore(sprites): compile
* Change approach so that it actually works
* fix config error
* fix lint errors
* Fix
* fix lint error
* lint error
* WIP(subscription): finish subscribed
* refresh on sync
* new "you dont have any messages" style + changed min textarea height
* new conversationItem style / layout
* reset message unread on reload
* chore(npm): update package-locks
* fix styles / textarea height
* feat(subscription): revised sub page RC
* list optOut / chatRevoked informations for each conversation + show why its disabled
* Improve apple redirect view
* Fix apple icon on group task registration page
* WIP(adventure): prereqs
* Block / Unblock - correct disabled states - $gray-200 instead of 300/400
* canReceive not checking chatRevoked
* fix: faceAvatar / userLink open the selected conversation user
* check if the target user is blocking the logged-in user
* fix(subs): style tweaks
* fix(profiles): short circuit contributor
Attempted fix for #11830
* chore(sprites): compile
* fix(content): missing potion data
* fix(content): missing string
* WIP(drops): new modal
* fix(subs): moar style tweaks
* check if blocks is undefined
* max-height instead of height
* fix "no messages" state + canReceive on a new conversation
* WIP(adventure): analytics fixes etc
* Improve apple signin handling
* fixed conversations width (280px on max 768 width page)
* feat(adventure): random egg+potion on 2nd task
* fix(lint): noworkies
* fix(modal): correctly construct classes
* fix(tests): expectations and escape
* Fix typo
* use base url from env variables
* fix lint
* call autosize after message is sent
* fix urls
* always verify token
* throw error when social auth could not retrieve id
* Store emails correctly for apple auth
* Retrieve name when authenticating through apple
* Fix lint errors
* fix all lint errors
* fix(content): missing strings
* Revert "always verify token"
This reverts commit 8ac40c76bf.
# Conflicts:
# website/server/libs/auth/social.js
* Correctly load name
* remove extra changes
* remove extra logger call
* reset package and package-lock
* add back missing packages
* use name from apple
* add support for multiple apple public keys
* add some unit and integration tests
* add apple auth integration test
* tweak social signup buttons
* pixel pushing
Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com>
Co-authored-by: Sabe Jones <sabrecat@gmail.com>
Co-authored-by: negue <eugen.bolz@gmail.com>
Co-authored-by: Phillip Thelen <phillip@habitica.com>
* password min length: server + client side registering
* tweak text, add tests
* misc
* use red border for invalid inputs
* fix auth form for groups
* remove default firefox box shadown on invalid elements
* fix css in authForm
* fix margings
* misc fixes to forms and buttons
* fix typo
* Change update username API call
The call no longer requires a password and also validates the username.
* Implement API call to verify username without setting it
* Improve coding style
* Apply username verification to registration
* Update error messages
* Validate display names.
* Fix API early Stat Point allocation (#10680)
* Refactor hasClass check to common so it can be used in shared & server-side code
* Check that user has selected class before allocating stat points
* chore(event): end Ember Hatching Potions
* chore(analytics): reenable navigation tracking
* update bcrypt
* Point achievement modal links to main site (#10709)
* Animal ears after death (#10691)
* Animal Ears purchasable with Gold if lost in Death
* remove ears from pinned items when set is bought
* standardise css and error handling for gems and coins
* revert accidental new line
* fix client tests
* Reduce margin-bottom of checklist-item from 10px to -3px. (#10684)
* chore(i18n): update locales
* 4.61.1
* feat(content): Subscriber Items and Magic Potions
* chore(sprites): compile
* chore(i18n): update locales
* 4.62.0
* Display notification for users to confirm their username
* fix typo
* WIP(usernames): Changes to address #10694
* WIP(usernames): Further changes for #10694
* fix(usernames): don't show spurious headings
* Change verify username notification to new version
* Improve feedback for invalid usernames
* Allow user to set their username again to confirm it
* Improve validation display for usernames
* Temporarily move display name validation outside of schema
* Improve rendering banner about sleeping in the inn
See #10695
* Display settings in one column
* Position inn banner when window is resized
* Update inn banner handling
* Fix banner offset on initial load
* Fix minor issues.
* Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718)
* Issue: 10660 - Fixed. Changed default to Please Enter A Value
* Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value
* chore(news): Bailey announcements
* chore(i18n): update locales
* 4.62.1
* adjust wiki link for usernameInfo string
https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425
* raise coverage for tasks api calls (#10029)
* - updates a group task - approval is required
- updates a group task with checklist
* add expect to test the new checklist length
* - moves tasks to a specified position out of length
* remove unused line
* website getter tasks tests
* re-add sanitizeUserChallengeTask
* change config.json.example variable to be a string not a boolean
* fix tests - pick the text / up/down props too
* fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props
* Change update username API call
The call no longer requires a password and also validates the username.
* feat(content): Subscriber Items and Magic Potions
* Re-add register call
* Fix merge issue
* Fix issue with setting username
* Implement new alert style
* Display username confirmation status in settings
* Add disclaimer to change username field
* validate username in settings
* Allow specific fields to be focused when opening site settings
* Implement requested changes.
* Fix merge issue
* Fix failing tests
* verify username when users register with username and password
* Set ID for change username notification
* Disable submit button if username is invalid
* Improve username confirmation handling
* refactor(settings): address remaining code comments on auth form
* Revert "refactor(settings): address remaining code comments on auth form"
This reverts commit 9b6609ad64.
* Social user username (#10620)
* Refactored private functions to library
* Refactored social login code
* Added username to social registration
* Changed id library
* Added new local auth check
* Fixed export error. Fixed password check error
* fix(settings): password not available on client
* refactor(settings): more sensible placement of methods
* chore(migration): script to hand out procgen usernames
* fix(migration): don't give EVERYONE new names you doofus
* fix(migration): limit data retrieved, be extra careful about updates
* fix(migration): use missing field, not migration tag, for query
* fix(migration): unused var
* fix(usernames): only generate 20 characters
* fix(migration): set lowerCaseUsername
* downcase updating an email to be consistent with creating
* add tests to ensure downcase of email for create/update
* create migration to downcase existing User objects
* delete 'only'
* change gmail to example
* add trailing comma from lint error
* search for emails with at least one capital letter
* fix query in order to search for any email with at least one capital letter
* batch process effected users with at least one capital in email
* update script for batch process effected users
* update API comments to for `username` restrictions and to use Login Name terminology
We use "login name" rather than "username" in user-visible text
on the website and (usually) when communicating with users because
"username" could be confused with "profile name".
Using it in the docs allows you to search for that term.
* add alphanumeric and length validation for creating new login name (username)
The 'en-US' locale is specified explicitly to ensure we never use
another locale. The point of this change is to limit the character
set to prevent login names being used to send spam in the Welcome
emails, such as Chinese language spam we've had trouble with.
* add error messages for bad login names
* allow login name to also contain hyphens
This is because our automated tests generate user accounts using:
let username = generateUUID();
* allow login names to be up to 36 characters long because we use UUIDs as login names in our tests
* revert back to using max 20 characters and only a-z, 0-9 for login name.
It's been decided to change the username generation in the tests instead.
* disable test that is failing because it's redundant
Spaces are now prohibited by other code.
We can probably delete this test later. I don't want to delete it
now, but instead give us time to think about that.
* fix typos
* revert to login name restrictions that allow us to keep using our existing test code
I'm really not comfortable changing our test suite in ways that
aren't essential, especially since we're working in a hurry with
a larger chance than normal of breaking things.
The 36 character length is larger than we initially decided but
not so much larger that it's a huge problem.
We can reduce it to 20 when we have more time.
* limit username length to 20 chars
* fix tests
* start work on porting the reset password page
* add new api route for setting a new password after a reset
* wip client page
* port tests
* wip
* fix linting
* skip tests
* Links stay white on hover
* Fixed task icon color
* Disabled plus button when needed
* Fixed difficulty color
* Fixed task reward color
* Updated create styles
* Fixed group plan link
* Fixed second group test modal
* Added login incentives
* Fixed group notification clear
* Show baily correctly
* Styled armoire notification
* Fixed contributor achievement styles
* Fixed death
* Fixed drop styles
* Fixed invited friend modal
* Fixed joined challenge achievement style
* Fixed joined guild style
* Fixed level up styles
* Updated low health styles
* Fixed bailey styles
* Updated quest completed
* Added soem conditionals to hide modals
* Added rebirth styles
* Fixed rebirth enable styles
* Fixed streak styles
* Fixed testing modals
* Fixed ultimate gear achievement
* Fixed won challenge
* Set user to welcomed if created on mobile
* Removed old default tasks
* Began adding more options to avatar
* Added change class
* Inbox to messages
* Moved profile to menu
* Added user modal for viewing a user and send message
* Fixed conversations
* Fixed lint
* Fixed challenges sending to server
* Added challenge progress view
* Fixed group sync after pay
* Fixed some group accepting features
* Fixed initial chat loading
* Fixed some exitence errors
* Added user names to assigned
* Added upgrade link
* Began adding new payment flow
* Added default tasks
* Updated avatar styles
* Updated tutorial styles
* Rebuilt notifications and styles
* Updated upload script
* Fixed lint
* Added default tasks back to mobile and added updated tests
* More test fixes
* (server) Add parties array to store invites
* (server) Lint files
* Update joinGroup, rejectGroupInvite, _inviteByUUID, and remove clearPartyInvitation.js
* Update user schema: detailed 'invitations.parties' attributes
* Code improvement and do not let invite twice
* Check if the user is already invited earlier in the code
* Added message to invitation page, and show all invitations
* Added join party confirmation alert
* Small fixes
* Created test: allow inviting a user to 2 different parties
* Updated tests
* Update invitations.parties on more places
* Small adjustments
* Updates on invitations.party references
* Show all invitations when user is already in a party
* Fixed notifications counter
* Update both 'party' and 'parties' at _handleGroupInvitation
* Updated a test
* Fixed small mistake at _handleGroupInvitation
* More test update
* Update invitation.party when removing single invite and small adjust at view
* Added text to locale
* Added achievement to content and libs
* Added achievement modal
* Added achievement to notification model and controller
* Added achievement to user schema
* Grant achievement to inviter when user registers using emailed link
* Fix icon name
* Added integration test
* Fix linting
* Added sprite
* WIP(guilds): AB test pester modal
* WIP(AB-test): guild pester cont'd
* fix(style): linting error
* fix(AB-test): markModified and notif enum
* fix(tests): update AB expectations
* fix(modal): remove extra includes
* feat(achievements): add Joined Guild cheevo
Also removes unused achievement sprites, and properly saves counter used in A/B testing
* fix(style): linting error from conflict
* Fix User > Profile showing {getProgressDisplay()}
* Remove bad nextRewardAt check
* 1st iteration of issue #8385 - more pending
* #8385 config and jade fixes, tests pending
* #8385 fixing lint errors
* Fix faqs string and test
* Fix faq.jade and add workaround for faq.js
* Fixing accidental checking for faq.js
* fix emails in faq.js
* fetch emails once in auth.js
* Fixing community manager email in auth.js
* start migrating to bcrypt
* added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default
* travis: try to upgrade to container based infrastructure
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476
* correct sha1 unit tests
* try different mongodb repo
* try without mognodb services
* try again with bcrypt
* disable request logging in travis
* migrate missing routes
* simplify code
* remove bcryptjs
* fix typo
* fix typo
* fix typo in comment
* add unit tests for new passwords utility emthods
* travis: back to old infrastructure, containers often have timeouts
* add integration test for passwordHashMethod
* update shrinkwrap
* clarify code and add comments
* add integration tests
* fix linting
* fix integration tests
* avoid setting profile name to not found
* only set profile name when empty
* profile.name is required
* set profile name before validation
* fix and add tests
* Start adding google login
* fix local js issue
* implement syntax suggestions
* fix delete social tests
* Add service for authentication alerts
* fix social login tests
* make suggested google sign in changes
* fix accidentally deleted code
* refactor social network sign in
* fix incorrect find
* implement suggested google sign in changes
* fix(tests): Inject fake Auth module for auth controller
* fix(test): prevent social service from causing page reload
* fix loading user info
* Use lodash's implimentation of find for IE compatibility
* chore: increase test coverage around deletion route
* chore: clean up social auth test
* chore: Fix social login tests
* remove profile from login scope
* fix(api): Allow social accounts to deregister as user has auth backup
* temporarily disable google login button
* throw a 401 error if user tries to update his/her email to an email that exists already
* Make error message generic so we don't violate users' privacy. Added test case.
* Syntax fixes
* select only the _id field when searching for users with the same email. Return found document as javascript object.
