* Change update username API call
The call no longer requires a password and also validates the username.
* Implement API call to verify username without setting it
* Improve coding style
* Apply username verification to registration
* Update error messages
* Validate display names.
* Fix API early Stat Point allocation (#10680)
* Refactor hasClass check to common so it can be used in shared & server-side code
* Check that user has selected class before allocating stat points
* chore(event): end Ember Hatching Potions
* chore(analytics): reenable navigation tracking
* update bcrypt
* Point achievement modal links to main site (#10709)
* Animal ears after death (#10691)
* Animal Ears purchasable with Gold if lost in Death
* remove ears from pinned items when set is bought
* standardise css and error handling for gems and coins
* revert accidental new line
* fix client tests
* Reduce margin-bottom of checklist-item from 10px to -3px. (#10684)
* chore(i18n): update locales
* 4.61.1
* feat(content): Subscriber Items and Magic Potions
* chore(sprites): compile
* chore(i18n): update locales
* 4.62.0
* Display notification for users to confirm their username
* fix typo
* WIP(usernames): Changes to address #10694
* WIP(usernames): Further changes for #10694
* fix(usernames): don't show spurious headings
* Change verify username notification to new version
* Improve feedback for invalid usernames
* Allow user to set their username again to confirm it
* Improve validation display for usernames
* Temporarily move display name validation outside of schema
* Improve rendering banner about sleeping in the inn
See #10695
* Display settings in one column
* Position inn banner when window is resized
* Update inn banner handling
* Fix banner offset on initial load
* Fix minor issues.
* Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718)
* Issue: 10660 - Fixed. Changed default to Please Enter A Value
* Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value
* chore(news): Bailey announcements
* chore(i18n): update locales
* 4.62.1
* adjust wiki link for usernameInfo string
https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425
* raise coverage for tasks api calls (#10029)
* - updates a group task - approval is required
- updates a group task with checklist
* add expect to test the new checklist length
* - moves tasks to a specified position out of length
* remove unused line
* website getter tasks tests
* re-add sanitizeUserChallengeTask
* change config.json.example variable to be a string not a boolean
* fix tests - pick the text / up/down props too
* fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props
* Change update username API call
The call no longer requires a password and also validates the username.
* feat(content): Subscriber Items and Magic Potions
* Re-add register call
* Fix merge issue
* Fix issue with setting username
* Implement new alert style
* Display username confirmation status in settings
* Add disclaimer to change username field
* validate username in settings
* Allow specific fields to be focused when opening site settings
* Implement requested changes.
* Fix merge issue
* Fix failing tests
* verify username when users register with username and password
* Set ID for change username notification
* Disable submit button if username is invalid
* Improve username confirmation handling
* refactor(settings): address remaining code comments on auth form
* Revert "refactor(settings): address remaining code comments on auth form"
This reverts commit 9b6609ad64.
* Social user username (#10620)
* Refactored private functions to library
* Refactored social login code
* Added username to social registration
* Changed id library
* Added new local auth check
* Fixed export error. Fixed password check error
* fix(settings): password not available on client
* refactor(settings): more sensible placement of methods
* chore(migration): script to hand out procgen usernames
* fix(migration): don't give EVERYONE new names you doofus
* fix(migration): limit data retrieved, be extra careful about updates
* fix(migration): use missing field, not migration tag, for query
* fix(migration): unused var
* fix(usernames): only generate 20 characters
* fix(migration): set lowerCaseUsername
* shared model for chat and inbox
* disable inbox schema
* inbox: use separate model
* remove old code that used group.chat
* add back chat field (not used) and remove old tests
* remove inbox exclusions when loading user
* add GET /api/v3/inbox/messages
* add comment
* implement DELETE /inbox/messages/:messageid in v4
* implement GET /inbox/messages in v4 and update tests
* implement DELETE /api/v4/inbox/clear
* fix url
* fix doc
* update /export/inbox.html
* update other data exports
* add back messages in user schema
* add user.toJSONWithInbox
* add compativility until migration is done
* more compatibility
* fix tojson called twice
* add compatibility methods
* fix common tests
* fix v4 integration tests
* v3 get user -> with inbox
* start to fix tests
* fix v3 integration tests
* wip
* wip, client use new route
* update tests for members/send-private-message
* tests for get user in v4
* add tests for DELETE /inbox/messages/:messageId
* add tests for DELETE /inbox/clear in v4
* update docs
* fix tests
* initial migration
* fix migration
* fix migration
* migration fixes
* migrate api.enterCouponCode
* migrate api.castSpell
* migrate reset, reroll, rebirth
* add routes to v4 version
* fix tests
* fixes
* api.updateUser
* remove .only
* get user -> userLib
* refactor inbox.vue to work with new data model
* fix return message when messaging yourself
* wip fix bug with new conversation
* wip
* fix remaining ui issues
* move api.registerLocal, fixes
* keep only v3 version of GET /inbox/messages
* prints first error message only
* update signup error messages, missing password not working (wip)
* remove alerts, show notEmpty, first error only per param, update unit test
* move changes to client side
* feat(gdpr) only store necessary data for social login
* feat(gdpr) also store email for social users
* fix(social auth): store emails array instead of single email
* fix(emails): do not get name from old facebook info
* add migration to remove extra data from social profiles
* update migration description
* fix tests
* fix typo in migration file
* remove inbox from user/stats routes
* remove inbox from news routes
* change signature for authWithHeaders
* do not load inbox in coupons routes
* do not load inbox in challenge routes
* do not load inbox in some members routes
* do not load inbox in chat routes
* downcase updating an email to be consistent with creating
* add tests to ensure downcase of email for create/update
* create migration to downcase existing User objects
* delete 'only'
* change gmail to example
* add trailing comma from lint error
* search for emails with at least one capital letter
* fix query in order to search for any email with at least one capital letter
* batch process effected users with at least one capital in email
* update script for batch process effected users
* update API comments to for `username` restrictions and to use Login Name terminology
We use "login name" rather than "username" in user-visible text
on the website and (usually) when communicating with users because
"username" could be confused with "profile name".
Using it in the docs allows you to search for that term.
* add alphanumeric and length validation for creating new login name (username)
The 'en-US' locale is specified explicitly to ensure we never use
another locale. The point of this change is to limit the character
set to prevent login names being used to send spam in the Welcome
emails, such as Chinese language spam we've had trouble with.
* add error messages for bad login names
* allow login name to also contain hyphens
This is because our automated tests generate user accounts using:
let username = generateUUID();
* allow login names to be up to 36 characters long because we use UUIDs as login names in our tests
* revert back to using max 20 characters and only a-z, 0-9 for login name.
It's been decided to change the username generation in the tests instead.
* disable test that is failing because it's redundant
Spaces are now prohibited by other code.
We can probably delete this test later. I don't want to delete it
now, but instead give us time to think about that.
* fix typos
* revert to login name restrictions that allow us to keep using our existing test code
I'm really not comfortable changing our test suite in ways that
aren't essential, especially since we're working in a hurry with
a larger chance than normal of breaking things.
The 36 character length is larger than we initially decided but
not so much larger that it's a huge problem.
We can reduce it to 20 when we have more time.
* limit username length to 20 chars
* fix tests
* start work on porting the reset password page
* add new api route for setting a new password after a reset
* wip client page
* port tests
* wip
* fix linting
* skip tests
* Refactor api description for auth.js with @apiParam groups
* Refactor apiDoc toward better consistency
* Fix missing groups for get requests
* Fix missing groups for other request methods
* (server) Add parties array to store invites
* (server) Lint files
* Update joinGroup, rejectGroupInvite, _inviteByUUID, and remove clearPartyInvitation.js
* Update user schema: detailed 'invitations.parties' attributes
* Code improvement and do not let invite twice
* Check if the user is already invited earlier in the code
* Added message to invitation page, and show all invitations
* Added join party confirmation alert
* Small fixes
* Created test: allow inviting a user to 2 different parties
* Updated tests
* Update invitations.parties on more places
* Small adjustments
* Updates on invitations.party references
* Show all invitations when user is already in a party
* Fixed notifications counter
* Update both 'party' and 'parties' at _handleGroupInvitation
* Updated a test
* Fixed small mistake at _handleGroupInvitation
* More test update
* Update invitation.party when removing single invite and small adjust at view
* Added text to locale
* Added achievement to content and libs
* Added achievement modal
* Added achievement to notification model and controller
* Added achievement to user schema
* Grant achievement to inviter when user registers using emailed link
* Fix icon name
* Added integration test
* Fix linting
* Added sprite
* Fix User > Profile showing {getProgressDisplay()}
* Remove bad nextRewardAt check
* 1st iteration of issue #8385 - more pending
* #8385 config and jade fixes, tests pending
* #8385 fixing lint errors
* Fix faqs string and test
* Fix faq.jade and add workaround for faq.js
* Fixing accidental checking for faq.js
* fix emails in faq.js
* fetch emails once in auth.js
* Fixing community manager email in auth.js
* start migrating to bcrypt
* added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default
* travis: try to upgrade to container based infrastructure
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476
* correct sha1 unit tests
* try different mongodb repo
* try without mognodb services
* try again with bcrypt
* disable request logging in travis
* migrate missing routes
* simplify code
* remove bcryptjs
* fix typo
* fix typo
* fix typo in comment
* add unit tests for new passwords utility emthods
* travis: back to old infrastructure, containers often have timeouts
* add integration test for passwordHashMethod
* update shrinkwrap
* clarify code and add comments
* add integration tests
* fix linting
* fix integration tests
* Start adding google login
* fix local js issue
* implement syntax suggestions
* fix delete social tests
* Add service for authentication alerts
* fix social login tests
* make suggested google sign in changes
* fix accidentally deleted code
* refactor social network sign in
* fix incorrect find
* implement suggested google sign in changes
* fix(tests): Inject fake Auth module for auth controller
* fix(test): prevent social service from causing page reload
* fix loading user info
* Use lodash's implimentation of find for IE compatibility
* chore: increase test coverage around deletion route
* chore: clean up social auth test
* chore: Fix social login tests
* remove profile from login scope
* fix(api): Allow social accounts to deregister as user has auth backup
* temporarily disable google login button
* throw a 401 error if user tries to update his/her email to an email that exists already
* Make error message generic so we don't violate users' privacy. Added test case.
* Syntax fixes
* select only the _id field when searching for users with the same email. Return found document as javascript object.
* feat(realtime-chat): add Pusher library to the server
* feat(realtime-chat): only for private groups
* feat(realtime-chat): add authentication endpoint for Pusher
* feat(realtime-chat): client proof of concept
* fix typo in apidoc
* feat(realtime-chat): redo authentication and write integration tests
* remove firebase code
* fix client side tests
* fix line ending in bower.json
* feat(realtime chat): use presence channels for parties, send events & disconnect clients if user leaves or is removed from party, automatically update UI
* pusher: enable all events in the background
* fix pusher integration tests
* Fixed more tests
* Added tags into user service
* Added api-v3 auth urls
* v3: fix package.json
* v3: fix package.json
* Fixed auth tests. Updated Authctrl response
* v3: remove newrelic config file in favour of env variables
* v3: upgrade some deps
* switch from Q to Bluebird
* v3 fix tests with deferred
* Removed extra consoles.log. Changed data.data to res.data
* v3 fix tests and use coroutines instead of regenerator
* v3: fix tests
* v3: do not await a non promise
* v3: q -> bluebird
* Changed id param for registration response
* Updated party query and create
* Ensured login callback happens after user sync
* Add challenges to groups. Fixed isMemberOfGuild check
* Updated party and group tests
* Fixed cron test
* return user.id and send analytics event before changing page
* fix trailing spaces
* disable redirects
* Api v3 party tavern fixes (#7191)
* Added check if user is in party before query
* Cached party query. Prevented party request when user is not in party. Updated Party create with no invites
* Update tavern ctrl to use new promise
* v3: misc fixes
* Api v3 task fixes (#7193)
* Update task view to use _id
* Added try catch to user service ops calls
* v3 client: saving after syncing is complete
* Fixed test broken by part sync change (#7195)
* v3: fix todo scoring and try to fix production testing problem
* revert changes to mongoose config
* mongoose: increase keepAlive
* test mongoose fix
* fix: Only apply captureStackTrace if it exists on the error object
* v3: fix reminders with no startDate
* mongoose: use options
* chore(): rename website/src -> website/server and website/public -> website/client (#7199)
* v3 fix GET /groups: return an error only if an invalid type is supplied not when there are 0 results (#7203)
* [API v3] Fix calls to user.ops and deleting tags (#7204)
* v3: fixes calls to user.ops from views and deleting tags
* v3: fix tests that use user._statsComputed
* Api v3 fixes continued (#7205)
* Added timzeone offset back
* Added APIToken back to settings page
* Fixed fetch recent messages for party
* Fixed returning group description
* Fixed check if user is member of challenge
* Fixed party members appearing in header
* Updated get myGroups param to include public groups. Fixed isMemberOf group
* Fixed hourglass purchase
* Fixed challenge addding tasks on first creating
* Updated tests to accomidate new changes
* fix: Correct checklist on client
Closes#7207
* fix: Pin eslint to 2.9
* minor improvements to cron code for clarity; fix inaccurate comments; add TODOs for rest-in-inn actions
* fix: Add missing type param to equip call
closes#7212
* rename and reword pubChalsMinPrize to reflect that it's only for Tavern challenges
* allows players to send gems to each other; other minor related changes - fixes https://github.com/HabitRPG/habitrpg/issues/7227
* fix tests for /members/transfer-gems
* fix: Set gems sent notification as translatable string
* chore: Remove unusued variable
* fix: Remove requirement on message paramter in transfer-gems
* add a missing variable declaration
* chore: clarify comments on cron code
* fix: Correct client request from habitrpg -> tavern
* update apidoc URL in package.json
Closes#7222
* Fixed start party by invites
* Updated spell casting to v3
* Fixed adding and removing tags on tasks
* Fixed page reload on settings change
* Fixed battle monsters with friends button
* Loaded completed todos when done is clicked
* chore: Reinstate floating version number for eslint
babel-eslint regression fixed
* Fixed reload tests
* change "an user" to "a user" in comments and text (no code changes) (#7257)
* fix: Alert user that drops were recieved
* remove userServices.js from karma.conf - it's been moved to website/client/js/services
* feat: Create debug update user route
* fix: Correct set cron debug function
* feat: Add make admin button to debug menu
* lint: Add missing semicolons in test
* fix: Temporarilly comment out udpate user debug route
* v3: fix _tmp for crit and streakBonus
* v3: execute all actions when leaving a solo party
* v3 client: fix group not found when leaving party
* v3 migration: fix challenge prize
* v3 cron: only save modified tasks
* v3: add CHALLENGE_TASK_NOT_FOUND to valid broken reasons
* v3: fix tasks chart
* v3 client: fix ability to leave challenge
* v3 client: fix filtering by tag and correctly show tag tooltip
* v3 common: fix tags tests
* v3 client: support unlinking not found challenges tasks
* v3: disable Bluebird warning for missing return, fixes#7269
* feat: Separate out update-user into set-cron and make-admin debug routes
* chore: Disable make admin debug route for v3 prod testing
* v3: misc fixes
* v3: misc fixes
* v3: fix adding multiple tasks
* Fixed join/leave button updates
* Queried only user groups to be available when creating challenges
* Fixed bulk add tasks to challenge
* Synced challenge tasks after leave and join.
* Fixed default selected group
* Fixed challenge member info. Fixed challenge winner selection
* Fixed deleting challenge tasks
* Fixed particiapting filter
* v3 client: fix casting spells
* v3: do not log sensitive data
* v3: always save user when casting spell
* v3: always save user when casting spell
* v3: more fixes for spells
* fix typos and missing information in apidocs - fixes https://github.com/HabitRPG/habitrpg/issues/7277 (#7282)
* v3: add TODO for client side spells
* feat: Add modify inventory debug menu
* Fixed viewing user progress on challenge
* Updated tests
* fix: Fix quest progress button
* fix incorrect Armoire test; remove unneeded param details from apidocs; disambiguate health potion
* v3: fix stealth casting
* v3: fix tasks saving and selection for rebirth reroll and reset (server-only)
* v3: fix auto allocation
* v3 client: misc fixes
* rename buyPotion and buy-potion to buyHealthPotion and buy-health-potion; fix apidoc param error
* Added delete for saved challenge task
* Fixed member modal on front page
* adjust text in apidocs for errors / clarity / consistency / standard terminology (no code changes) (#7298)
* fix bug in Rebirth test, add new tests, adjust apidocs (#7293)
* Updated task model to allow setting streak (#7306)
* fix: Correct missing * in apidoc comments
* Api v3 challenge fixes (#7287)
* Fixed join/leave button updates
* Queried only user groups to be available when creating challenges
* Fixed bulk add tasks to challenge
* Synced challenge tasks after leave and join.
* Fixed default selected group
* Fixed challenge member info. Fixed challenge winner selection
* Fixed deleting challenge tasks
* Fixed particiapting filter
* Fixed viewing user progress on challenge
* Updated tests
* Added delete for saved challenge task
* v3: fix sorting
* [API v3] add CRON_SAFE_MODE (#7286)
* add CRON_SAFE_MODE to example config file, fix some bugs, add an unrelated low-priority TODO
* create CRON_SAFE_MODE to disable parts of cron for use after extended outage - fixes https://github.com/HabitRPG/habitrpg/issues/7161
* fix a bug with CRON_SAFE_MODE, remove duplicated code, remove completed TODO comment
* fix check for CRON_SAFE_MODE
* v3 client: fix typo
* adjust debug menu Modify Inventory: hungrier pets, fewer Special items, "Hide" buttons
* completed To-Dos: return the 30 most recent instead of 30 oldest (#7318)
* v3 migration: fix createdAt date
* adjust locales text, key names, and files for Rebirth, Reset, and Fortify / ReRoll for consistency with existing strings (#7321)
* v3: fix unlinking multiple tasks
* v3 fix releasing pets
* v3: fix authenticating with apiUrl
* v3: fix typo
* v3 fix client tests for unlinking
* v3 client: do not show start quest button when quest is active
* v3 client: fix ability to send cards
* v3 client: fix misc challenge issues
* v3: fix notifications
* v3 client: more user friendly errors
* v3 client: only load completed todos once
* v3 client: fix tests
* v3: move TAVERN_ID to common code
* fix: Provide default type and text for new task creation in score route
* fix: Provide default history [] for habit in score route
* fix: Add _legacyId prop to tasks to support non-uuid identifiers
* chore: Change v3 migration to use _legacyId instead of legacyId
* fix: check for _legacyId in tasks if id does not exist
* refactor: Extract out finding task by id or _legacyId into a function
* Api v3 party quest fixes (#7341)
* Fix display of add challenge message when group challenges are empty
* Fixed forced quest start to update quest without reload
* Fixed needing to reload when accepting party invite
* Fix group leave and join reload
* Fixed leave current party and join another
* Updated party tests
* v3 client: remove console.log statement
* v3: misc fixes
* v3 client: fix predicatbale random
* v3: info about API v3
* v3: update footer with links to developer resources
* v3: support party invitation from email
* v3 client: fix chat flagging
* fix: Correct get tasks route to properly get todos (#7349)
* move locales strings from api-v3.json to other locales files (#7347)
* move locales strings from api-v3.json: authentication strings -> front.json
* move locales strings from api-v3.json: authentication strings -> tasks.json
* move locales strings from api-v3.json: authentication strings -> groups.json
* move locales strings from api-v3.json: authentication strings -> challenge.json
* move locales strings from api-v3.json: authentication strings -> groups.json (again)
* move locales strings from api-v3.json: authentication strings -> quests.json
* move locales strings from api-v3.json: authentication strings -> subscriber.json
* move locales strings from api-v3.json: authentication strings -> spells.json
* move locales strings from api-v3.json: authentication strings -> character.json
* move locales strings from api-v3.json: authentication strings -> groups.json (PMs)
* move locales strings from api-v3.json: authentication strings -> npc.json
* move locales strings from api-v3.json: authentication strings -> pets.json
* move locales strings from api-v3.json: authentication strings -> miscellaneous
* move locales strings from api-v3.json: authentication strings -> contrib.json and settings.json
* move locales strings from api-v3.json: delete unused string (invalidTasksOwner), delete api-v3.json, whitespace cleanup
* v3 client: fix sticky header
* v3: remove unused code
* v3 client: correctly redirect after inviting
* Removed v2 calls from views (#7351)
* v3: fix tests for challenge export
* v3: fallbackto authWithHeaders if wuthWithSession or authWithUrl fails
* Added force cache update when fetching new messages (#7360)
* v3: fetch whole user when booting from group tto avoid issues with pre save hook expecting all data
* v3: misc fixes for payments
* v3: limit fields of challenge tasks that can be updated
* fix(tests): never connect to NODE_DB_URI for tests
* Added new route for setting last cron and updated front end
* v3: fix iap url
* v3: fix build and ios IAP
* Changed route to user set custom day start
* v3: iap accessible under /api/v3, fixes to spells and groups invitations
* v3: correctly use v3 routes in client
* remove XP, GP when unticking a Daily with a completed checklist - fixes https://github.com/HabitRPG/habitrpg/issues/7246
* use natural language for error message about skills on challenge tasks (#7336), fix other gramatical error
* Updated ui when user rejects a guild invite (#7368)
* feat: complete custom day start route
Closes#7363
* fix: Correct spelling of healAll skill
fix: Correct sprite name of healAll skill
* fix: Change all instances of spookDust -> spookySparkles
* add dateCreated to all tasks; add empty challenge object to tasks that don't have one (#7386)
* add plumilla to artists for Tangle Tree in Bailey message
* Fixed quest drop modal (#7377)
* Fixed quest drop modal
* Fixed broken party test
* [API v3] Maintenance Mode (#7367)
* WIP(maintenance): maintenance
* WIP(maintenance): working locale features
* fix(maintenance): don't translate info page target
* WIP(maintenance): start adding info page
* fix(maintenance): linting
* feat: Add container to maintenance info page
* fix(maintenance): add config.json edits
Also DRY variables for main vs info pages
* fix(maintenance): linting
* refactor(maintenance): further slim down variables
* refactor: Remove unnecessary variables
* fix: Correct string interpolation in maintenace view
* feat: Dynamically add time to maintenance pages
* maintenance mode: do not connect to mongodb
* fix(maintenance): clean up timezones etc.
* fix(maintenance): remove unneeded sprite
* Tavern party challenges invites fix (#7394)
* Added challenges and invitations to party
* Loaded tavern challenges
* Updated group and quest services tests
* v3: implement automatic syncing if user is not up to date
* Removed unnecessary fields when updating groups and challenges (#7395)
* v3: do not saved populated user
* v3: correctly return user subset
* Chained party promises together (#7396)
* v3: $w -> splitWhitespace
* use bluebird
* use babel polyfill
* migration: fix items
* update links for v3
* Updated shortname validation to support multiple browsers
* Docs changes (#7401)
* chore: Clarify transfer-gems documentation
* chore: Clarify api status route documentation
* chore: Mark webhooks as BETA
* Added tags update route. Added sort to user service (#7381)
* Added tags update route. Added sort to user service
* Change update tasks route to reorder tasks
* Fixed linting issue
* Changed params for reorder tags route
* Fixed not found tag and added test
* Added password confirmation when deleteing account (#7402)
* fix production logging
* feat(commit): push
* empty commit
* feat(maintenance): post-downtime news & awards (#7406)
* fix exporting avatar
* second attempt at fixing exporting avatar
* fix production logging
* s3: convert moment to date instance
* fix avatar sharing and caching (30 minutes)
* fix: Correct missing parameter
Closes#7433
* fix: Validate challenge shortname on server
* adjust text strings - fixes https://github.com/HabitRPG/habitrpg/issues/5631 and also Short Name -> Tag Name
