* wip: define items as mixed objects
* add default owned gear
* mark modified
* more mark modified
* more mark modified
* more mark modified
* more mark modified
* fix common tests
* fix common tests
* update mongoose
* add itemsUtils
* use new util function in hall controller
* add tests for items utils
* update website/server to mark all items as modified
* start updating common code
* update login incentives
* update unlock
* remove changes to package-lock.json
* remove changes to package.json
* Change update username API call
The call no longer requires a password and also validates the username.
* Implement API call to verify username without setting it
* Improve coding style
* Apply username verification to registration
* Update error messages
* Validate display names.
* Fix API early Stat Point allocation (#10680)
* Refactor hasClass check to common so it can be used in shared & server-side code
* Check that user has selected class before allocating stat points
* chore(event): end Ember Hatching Potions
* chore(analytics): reenable navigation tracking
* update bcrypt
* Point achievement modal links to main site (#10709)
* Animal ears after death (#10691)
* Animal Ears purchasable with Gold if lost in Death
* remove ears from pinned items when set is bought
* standardise css and error handling for gems and coins
* revert accidental new line
* fix client tests
* Reduce margin-bottom of checklist-item from 10px to -3px. (#10684)
* chore(i18n): update locales
* 4.61.1
* feat(content): Subscriber Items and Magic Potions
* chore(sprites): compile
* chore(i18n): update locales
* 4.62.0
* Display notification for users to confirm their username
* fix typo
* WIP(usernames): Changes to address #10694
* WIP(usernames): Further changes for #10694
* fix(usernames): don't show spurious headings
* Change verify username notification to new version
* Improve feedback for invalid usernames
* Allow user to set their username again to confirm it
* Improve validation display for usernames
* Temporarily move display name validation outside of schema
* Improve rendering banner about sleeping in the inn
See #10695
* Display settings in one column
* Position inn banner when window is resized
* Update inn banner handling
* Fix banner offset on initial load
* Fix minor issues.
* Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718)
* Issue: 10660 - Fixed. Changed default to Please Enter A Value
* Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value
* chore(news): Bailey announcements
* chore(i18n): update locales
* 4.62.1
* adjust wiki link for usernameInfo string
https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425
* raise coverage for tasks api calls (#10029)
* - updates a group task - approval is required
- updates a group task with checklist
* add expect to test the new checklist length
* - moves tasks to a specified position out of length
* remove unused line
* website getter tasks tests
* re-add sanitizeUserChallengeTask
* change config.json.example variable to be a string not a boolean
* fix tests - pick the text / up/down props too
* fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props
* Change update username API call
The call no longer requires a password and also validates the username.
* feat(content): Subscriber Items and Magic Potions
* Re-add register call
* Fix merge issue
* Fix issue with setting username
* Implement new alert style
* Display username confirmation status in settings
* Add disclaimer to change username field
* validate username in settings
* Allow specific fields to be focused when opening site settings
* Implement requested changes.
* Fix merge issue
* Fix failing tests
* verify username when users register with username and password
* Set ID for change username notification
* Disable submit button if username is invalid
* Improve username confirmation handling
* refactor(settings): address remaining code comments on auth form
* Revert "refactor(settings): address remaining code comments on auth form"
This reverts commit 9b6609ad64.
* Social user username (#10620)
* Refactored private functions to library
* Refactored social login code
* Added username to social registration
* Changed id library
* Added new local auth check
* Fixed export error. Fixed password check error
* fix(settings): password not available on client
* refactor(settings): more sensible placement of methods
* chore(migration): script to hand out procgen usernames
* fix(migration): don't give EVERYONE new names you doofus
* fix(migration): limit data retrieved, be extra careful about updates
* fix(migration): use missing field, not migration tag, for query
* fix(migration): unused var
* fix(usernames): only generate 20 characters
* fix(migration): set lowerCaseUsername
* shared model for chat and inbox
* disable inbox schema
* inbox: use separate model
* remove old code that used group.chat
* add back chat field (not used) and remove old tests
* remove inbox exclusions when loading user
* add GET /api/v3/inbox/messages
* add comment
* implement DELETE /inbox/messages/:messageid in v4
* implement GET /inbox/messages in v4 and update tests
* implement DELETE /api/v4/inbox/clear
* fix url
* fix doc
* update /export/inbox.html
* update other data exports
* add back messages in user schema
* add user.toJSONWithInbox
* add compativility until migration is done
* more compatibility
* fix tojson called twice
* add compatibility methods
* fix common tests
* fix v4 integration tests
* v3 get user -> with inbox
* start to fix tests
* fix v3 integration tests
* wip
* wip, client use new route
* update tests for members/send-private-message
* tests for get user in v4
* add tests for DELETE /inbox/messages/:messageId
* add tests for DELETE /inbox/clear in v4
* update docs
* fix tests
* initial migration
* fix migration
* fix migration
* migration fixes
* migrate api.enterCouponCode
* migrate api.castSpell
* migrate reset, reroll, rebirth
* add routes to v4 version
* fix tests
* fixes
* api.updateUser
* remove .only
* get user -> userLib
* refactor inbox.vue to work with new data model
* fix return message when messaging yourself
* wip fix bug with new conversation
* wip
* fix remaining ui issues
* move api.registerLocal, fixes
* keep only v3 version of GET /inbox/messages
* prints first error message only
* update signup error messages, missing password not working (wip)
* remove alerts, show notEmpty, first error only per param, update unit test
* move changes to client side
* feat(gdpr) only store necessary data for social login
* feat(gdpr) also store email for social users
* fix(social auth): store emails array instead of single email
* fix(emails): do not get name from old facebook info
* add migration to remove extra data from social profiles
* update migration description
* fix tests
* fix typo in migration file
* remove inbox from user/stats routes
* remove inbox from news routes
* change signature for authWithHeaders
* do not load inbox in coupons routes
* do not load inbox in challenge routes
* do not load inbox in some members routes
* do not load inbox in chat routes
* downcase updating an email to be consistent with creating
* add tests to ensure downcase of email for create/update
* create migration to downcase existing User objects
* delete 'only'
* change gmail to example
* add trailing comma from lint error
* search for emails with at least one capital letter
* fix query in order to search for any email with at least one capital letter
* batch process effected users with at least one capital in email
* update script for batch process effected users
* update API comments to for `username` restrictions and to use Login Name terminology
We use "login name" rather than "username" in user-visible text
on the website and (usually) when communicating with users because
"username" could be confused with "profile name".
Using it in the docs allows you to search for that term.
* add alphanumeric and length validation for creating new login name (username)
The 'en-US' locale is specified explicitly to ensure we never use
another locale. The point of this change is to limit the character
set to prevent login names being used to send spam in the Welcome
emails, such as Chinese language spam we've had trouble with.
* add error messages for bad login names
* allow login name to also contain hyphens
This is because our automated tests generate user accounts using:
let username = generateUUID();
* allow login names to be up to 36 characters long because we use UUIDs as login names in our tests
* revert back to using max 20 characters and only a-z, 0-9 for login name.
It's been decided to change the username generation in the tests instead.
* disable test that is failing because it's redundant
Spaces are now prohibited by other code.
We can probably delete this test later. I don't want to delete it
now, but instead give us time to think about that.
* fix typos
* revert to login name restrictions that allow us to keep using our existing test code
I'm really not comfortable changing our test suite in ways that
aren't essential, especially since we're working in a hurry with
a larger chance than normal of breaking things.
The 36 character length is larger than we initially decided but
not so much larger that it's a huge problem.
We can reduce it to 20 when we have more time.
* limit username length to 20 chars
* fix tests
* start work on porting the reset password page
* add new api route for setting a new password after a reset
* wip client page
* port tests
* wip
* fix linting
* skip tests
* Refactor api description for auth.js with @apiParam groups
* Refactor apiDoc toward better consistency
* Fix missing groups for get requests
* Fix missing groups for other request methods
* (server) Add parties array to store invites
* (server) Lint files
* Update joinGroup, rejectGroupInvite, _inviteByUUID, and remove clearPartyInvitation.js
* Update user schema: detailed 'invitations.parties' attributes
* Code improvement and do not let invite twice
* Check if the user is already invited earlier in the code
* Added message to invitation page, and show all invitations
* Added join party confirmation alert
* Small fixes
* Created test: allow inviting a user to 2 different parties
* Updated tests
* Update invitations.parties on more places
* Small adjustments
* Updates on invitations.party references
* Show all invitations when user is already in a party
* Fixed notifications counter
* Update both 'party' and 'parties' at _handleGroupInvitation
* Updated a test
* Fixed small mistake at _handleGroupInvitation
* More test update
* Update invitation.party when removing single invite and small adjust at view
* Added text to locale
* Added achievement to content and libs
* Added achievement modal
* Added achievement to notification model and controller
* Added achievement to user schema
* Grant achievement to inviter when user registers using emailed link
* Fix icon name
* Added integration test
* Fix linting
* Added sprite
* Fix User > Profile showing {getProgressDisplay()}
* Remove bad nextRewardAt check
* 1st iteration of issue #8385 - more pending
* #8385 config and jade fixes, tests pending
* #8385 fixing lint errors
* Fix faqs string and test
* Fix faq.jade and add workaround for faq.js
* Fixing accidental checking for faq.js
* fix emails in faq.js
* fetch emails once in auth.js
* Fixing community manager email in auth.js
* start migrating to bcrypt
* added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default
* travis: try to upgrade to container based infrastructure
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* travis: add deps to build bcrypt.js
* use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476
* correct sha1 unit tests
* try different mongodb repo
* try without mognodb services
* try again with bcrypt
* disable request logging in travis
* migrate missing routes
* simplify code
* remove bcryptjs
* fix typo
* fix typo
* fix typo in comment
* add unit tests for new passwords utility emthods
* travis: back to old infrastructure, containers often have timeouts
* add integration test for passwordHashMethod
* update shrinkwrap
* clarify code and add comments
* add integration tests
* fix linting
* fix integration tests
* Start adding google login
* fix local js issue
* implement syntax suggestions
* fix delete social tests
* Add service for authentication alerts
* fix social login tests
* make suggested google sign in changes
* fix accidentally deleted code
* refactor social network sign in
* fix incorrect find
* implement suggested google sign in changes
* fix(tests): Inject fake Auth module for auth controller
* fix(test): prevent social service from causing page reload
* fix loading user info
* Use lodash's implimentation of find for IE compatibility
* chore: increase test coverage around deletion route
* chore: clean up social auth test
* chore: Fix social login tests
* remove profile from login scope
* fix(api): Allow social accounts to deregister as user has auth backup
* temporarily disable google login button
* throw a 401 error if user tries to update his/her email to an email that exists already
* Make error message generic so we don't violate users' privacy. Added test case.
* Syntax fixes
* select only the _id field when searching for users with the same email. Return found document as javascript object.
* feat(realtime-chat): add Pusher library to the server
* feat(realtime-chat): only for private groups
* feat(realtime-chat): add authentication endpoint for Pusher
* feat(realtime-chat): client proof of concept
* fix typo in apidoc
* feat(realtime-chat): redo authentication and write integration tests
* remove firebase code
* fix client side tests
* fix line ending in bower.json
* feat(realtime chat): use presence channels for parties, send events & disconnect clients if user leaves or is removed from party, automatically update UI
* pusher: enable all events in the background
* fix pusher integration tests
