* Don't sign in user when trying to connect a social account that was already created
* Log social users into matching local auth accounts
If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account
* If possible set local authentication email for social users
* Allow password reset emails to be sent to social login users
* lint fixes
* Fix issues and tests
* fix tests
* Fix lint error.
* purge Facebook.
Only keep it in some select places to allow for some compatablilty.
* Fix error
* fix error
* Let settings handle it when you don't have a password set but an email
* fix error
* Fix boolean logic
* fix json conversion
* .
* fix password reset for old social accounts
* Don't sign in user when trying to connect a social account that was already created
* Log social users into matching local auth accounts
If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account
* If possible set local authentication email for social users
* Allow password reset emails to be sent to social login users
* lint fixes
* Fix issues and tests
* fix tests
* Fix lint error.
* purge Facebook.
Only keep it in some select places to allow for some compatablilty.
* Fix error
* fix error
* Let settings handle it when you don't have a password set but an email
* fix error
* Fix boolean logic
* fix json conversion
* fix password reset for old social accounts
* Revert "lint fixes"
This reverts commit c244b1651c.
# Conflicts:
# website/client/src/components/auth/registerLoginReset.vue
# website/client/src/components/static/contact.vue
* Revert "fix password reset for old social accounts"
This reverts commit 7e0069a80f.
* fix duplicate code
* chore(misc): remove irrelevant changes
* chore(privacy): update policy page with note about FB
Co-authored-by: SabreCat <sabe@habitica.com>
* add max length validations for summary in challenge create and update controllers
* Add validation to group APIs
* fix lint errors
* add validation to group plan
* fix imports
* add tests
* add max length validations for summary in challenge create and update controllers
* Add validation to group APIs
* fix lint errors
* add validation to group plan
* fix imports
* add tests
* lint checks
* feat(chat): server setting to disallow chat from new accounts
* fix(tests): many adjustments to handle chat minimum age
* fix(tests): address issues outside of chat posting
* chore(analytics): add incident logging
* fix(config): allow instant chat for dev purposes
* fix(test): finely age one more user
* fix(test): member not leader
Co-authored-by: SabreCat <sabe@habitica.com>
* feat: prevent user from purchasing a quest if prerequisites are not met
* test: fail to buy quest if not all prerequisites are met
* test: modify to check all quest prerequisites
* create Admin Panel page with initial content from Hall's admin section
* reorganise Admin Panel form and add more accordians
* add lastCron to fields returned by api.getHeroes
* improve timestamps and authentication section
* add party and quest info to Admin Panel, add party to heroAdminFields
* move Admin Panel menu item to top of menu, make invisible to non-admins
* remove code used for displaying all Heroes
* add avatar appearance and drops section in Admin Panel
* allow logged-in user to be the default hero loaded
* add time zones to timestamp/authentication section
* rename Items to Update Items
This will allow a new Items section to be added.
* add read-only Items display with button to copy data to Update Items section
* remove never-used allItemsPaths code that had been copied from Hall
* update tests for the attributes added to heroAdminFields
* supply names for items and also set information for gear/equipment
* remove code that loads subsections of content
We use enough of the content that it's easier to load it all and
access it through the content object, especially when we're looping
through different item types.
* add gear names and set details to Avatar Costume/Battle Gear section
* make the wiki URLs clickable and make minor item format improvements
* add gear sets for Check-In Incentives and animal ears and tails
* add gear set for Gold-Purchasable Quest Lines
Also merges the existing Mystery of the Masterclassers quest set into it.
* fix error with Kickstarter gear set and include wiki link
* improve description of check-in incentive gear set
* fix description of Items section
* fix lint warnings
* update another test for the attributes added to heroAdminFields
* allow "@" to be included when specifying Username to load
* create GetHeroParty API v3 route to fetch a given user's party data
Only some data from the party will be loaded (e.g., not private
data such as name, description).
Includes tests for the route.
See the next commit for front-end changes that use this.
* display data from a given user's party in admin panel
Only some data from the party will be loaded (e.g., not private
data such as name, description).
Also adds support for finding and displaying errors from the
user's data.
* use new error handling method for other sections
- Time zone differences
- Cron bugs
- Privilege removal (mute/block) - not a bug but needs to be highlighted
* redirect non-admin users away from admin-only page (WIP)
This needs more work. Currently, admin users are also redirected
if they access the page by direct URL or after reload.
* clarify source of items from Check-In Incentives and Lunar Battle quests
* replace non-standard form fields with HTML forms
* add user's language, remove unused export blocks
* convert functions to filters: formatDate, formatTimeZone
* improve display of minutes portion of time zone in Admin Panel
* move basic details about user to a new component
* move Timestamp/Cron/Auth/etc details to a new component - WIP, has errors
The automatic expand and error warnings don't reset themselves when
you fetch data for a new user.
* replace non-standard form fields with HTML forms
Most of this was done in 26fdcbbee5
* move Timestamp/Cron/Auth/etc details to a new component (fixed)
* move Avatar and Drops section to a new component
* move Party and Quest section to a new component
* move Contributor Details to new component, add checkbox for admin, add preview
This adds a markdown-enabled preview of the Contributions textarea.
It also removes the code that automatically set contributor.admin
to true when the Tier was above 7.
That feature wasn't secure because the Tier can be accidentally
changed if you scroll while the cursor is over the Tier form field
(we accidentally demoted a Socialite once by doing that and if
we'd scrolled in the other direction we would have given her
admin privileges).
Instead there's now a checkbox for giving moderator-level privileges.
We'll want that anyway when we move to a system of selected
privileges for each admin instead of all admin privileges being
given to all mods/staff.
There's also a commented-out checkbox for giving Bailey CMS
privileges, for when we're ready to use that. The User model doesn't
yet have support for it.
* move Privileges and Gems section to a new component
* rename formatItems to getItemDescription; make other minor fixes
* remove an outdated test description
This "pended" explanation probably wasn't needed after "x" was
removed from "describe" in 2ab76db27c
* add newsPoster Bailey CMS permission to User model and Admin Panel
* move formatDate from mixins to filters
* make lint fixes
* remove development comments from hall.js
I'll be handling the TODO comment and I've left in my "XXX" marker
to remind me
* fix bug in Hall's castItemVal: mounts are null not false
* move Items section to a new component and delete Update Items section
The Update Items section is no longer needed because the new Items
component has in-place editing.
* remove unused imports
* add "secret" field to "Privileges, Gem Balance" section.
Also move the markdownPreview style from contributorDetails.vue to
index.vue since it's used in two components now.
* show non-Standard never-owned Pets and Mounts in Items section
* redirect non-admin users away from admin-only page
This completes the work started in commit a4f9c754ad
It now allows admins to access the page when coming from another
page on the site or from a direct link, including if the admin user
isn't logged in yet.
* display memberCount for party
* add secret.text field to Contributor Details
This is in addition to showing it in the Privileges section because
the secret text could be about either troublesome behaviour or
contributions.
* allow user to be loaded into Admin Panel via a URL
This includes:
- router config has a child route for the admin panel with a
Username/ID as a parameter
- loadHero code moved from top-level index page into a new
"user support" index page
- links in the Hall changed to point to admin panel route
- admin panel link added to admin section of user profile modal
* keep list of known titles on their own lines
* sort heroFields alphabetically
No actual changes.
* return all flags for use in Admin Panel and fix Hall tests for flags
Future Admin Panel changes will display more flags.
NB 'flags' wasn't in the tests before, even though two optional
flags were being fetched.
The tests weren't failing because the test users hadn't been given
data for those optional flags.
The primary reason for this change now is to fix the tests.
* show part of the API Token in the Admin Panel
* send full hero object into cronAndAuth.vue
This is a prelude to allowing this component to change the hero.
* split heroAdminFields string into two: one for fetching data and one for showing it
This is because apiToken must be fetched but not shown,
while apiTokenObscured is calculated (not fetched) and shown.
* let admin change a user's API Token
* restore sanity
* remove code to show obscured version of API Token
It will return with tighter permissions for viewing it.
* add Custom Day Start time (CDS) to Timestamps, Time Zone... section
* commit lint's automatic fixes - one for admin-panel changes in hall.js
The other fixes aren't related to this PR but I figured they may
as well go live.
* apply fixes from paglias's comments, excluding style/CSS changesd
The comments that this PR fixes start at
https://github.com/HabitRPG/habitica/pull/12035#pullrequestreview-500422316
Style fixes will be in a future commit.
* fix styles/CSS
* allow profile modal to close when using admin panel link
Also removes an empty components block.
* prevent Admin Panel being used without new userSupport privilege
Also adds initial support for other contributor.priv privileges
and changes Debug Menu to add userSupport privilege
* don't do this: this.hero = { ...hero };
* enhance quest error messages
* redirect to admin-panel home page when using "Save and Clear Data"
The user's ID / name is still in the form for easy refetching.
* create ensurePriv function, use in api.getHeroParty
* fix lint problems and integration tests
* add page title to top-level Admin Panel
Also add more details to a router comment (consistent with a similar
comment) in case it helps anyone.
* fix tests
* display Moderation Notes above Contributions
* lint fix
* remove placeholder code for new privileges
I had planned to have each of these implemented in stages, but
paglias wanted it all done at once. I'm afraid that's too big a
project for me to take on in a single PR so I'm cancelling
the plans for adjusting the privileges.
* Improve permission handling
* Don't report timezone error on first day
* fix lint error
* .
* Fix lint error
* fix failing tests
* Fix more tests
* .
* ..
* ...
* fix(admin): always include permissions when querying user
also remove unnecessary failing test case
* permission improvements
* show transactions in admin panel
* fix lint errors
* fix permission check
* fix(panel): missing mixin, handle empty perms object
Co-authored-by: Alys <alice.harris@oldgods.net>
Co-authored-by: SabreCat <sabe@habitica.com>
* fix#12124
add a transaction for updating user and group
so the user doesn't lose gems when saving the group fails
* use mongoose transaction helper
use the helper instead of manually commiting/aborting
to deal with transient transaction errors
* increase timeout and add console.log outputs
add some logging to a failing test
* Revert "increase timeout and add console.log outputs"
This reverts commit 0c36aaa55f.
* add a test for gems when guild creation fails
test the transaction in createGroup()
make sure user keeps the gems if group.save() rejects
* fix(test): try suggested delay from PR discussion
Co-authored-by: SabreCat <sabe@habitica.com>
* Don't sign in user when trying to connect a social account that was already created
* Log social users into matching local auth accounts
If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account
* If possible set local authentication email for social users
* Allow password reset emails to be sent to social login users
* lint fixes
* Fix issues and tests
* fix tests
* Fix lint error.
* i18n string updates (issue #9210)
* change offHand to offHandCapitalized
* added removeTasks to challenge.json
* added hairBangs back to character.json
* added hairBangs back to character.json
* more hairBangs nonsense
* added hairBangs to hair-settings.vue, removed same from character.json
* changed levelUp to levelup in levelUp.vue and achievements.json
* fix duplicate string values
* fixed different strings with same content in different files
* updated test/api/v3 and test/api/v4 with messageTaskNotFound
* Delete POST-tasks_taskId_checklist_itemId_score.test.js
File got copied to a new directory, doesn't need to be here.
* fix: userID token in patrons.vue and heroes.vue
* removed: unused clock of code
* Restored eggsItemType to inventory.json
Co-authored-by: Sabe Jones <sabrecat@gmail.com>
* Fixed party size and notification when inviting
Fixed party limit to 30 members (previously 31) and pop-up when trying
to invite someone, when party has already reached it's members limit, to properly
show members number.
* Fixed View Party button in header
Fixed View Party button in header to properly show Load More button
when party size exceeds party limit.
* Fixed View Party button to properly open party
Fixed View Party button to properly open party members list on refreshing the main page, this bug was
caused by previous commit.
* Fixed SelectMembersModal to properly show Load More button
Fixed SelectMembersModal (the modal that apperas when casting
cards/specials on party member) to properly show Load More button when party size exceeds party limit
* fix(test): limit now technically 29 plus leader
* fix(test): adjust for tweakage
Co-authored-by: Sabe Jones <sabrecat@gmail.com>
* Update webhook.js
Add `questOwner: group.quest.leader,` to webhook.js
* Update POST-groups_groupId_quests_invite.test.js
Test if questOwner contains the correct data
* Update POST-groups_groupId_quests_invite.test.js
* Update webhooks.test.js
* move groups/sidebar to groupSidebar.vue
* lint files
* extract group/party sidebar to rightSidebar.vue
* wip stories with example data
* update stories - wip sidebar re-styling
* message party / group leader + move items to the menu
* update paddings /place for quest section
* invite to party / guild
* update labels (* Party / Guild )
* guild-background to group-background
* correct menu order + missing a label based on the group type
* no quest - styles / layout applied
* quest owner / not started - styles applied + extracted questActions from questDetailsModal.vue to a mixin
* no challenge style
* hover with underlines
* quest-pending area layout / margins
* "Collection Quest/Quest Owner Participating" Styling Done
* group sidebar menu with icons / background
* remove most participate button styles
* fix quest-invite panel
* move "Start Quest" + add "Leave Quest"
* Not Participating + Boss + Rage Quests restyling
* party quest changes - invitedToQuest + button styles + no-items style + view details
* fix icons + rage value + colors
* fix duplicate key
* hide items label if 0 items found + hide pending damage if there is none + sidebar section margin + fix percent calculation 0 => 0%
* combine quest abandon / cancel to one call + hide begin if quest has already started + close modal if quest was canceled
* remove unused translate string
* allow leaving an accepted but inactive quest + disable leave when user is quest leader
* update "are you sure" questions - remove "doubleSureAbort" - add "sureLeaveInactive"
* sidebar margins + menu icon color
* refactored css rules
* improve some styles
* fix button spacing
* fix dropmenu with icon hover
* hide leave quest for leaders + fix quest buttons spacing
* add pending items label
* remove "X items found" label
* first round of fixes
* last v-once
* Update Quest Dialogs (#13112)
* new quest rewards panel + extract questPopover and itemWithLabel
* WIP: questInfo still not applying the row-height..
* split up start-quest-modal into select and detail modal - also rename the current quest-details to be the group-quest-details modal
* remove start-quest-modal from modal-scss
* update package-lock
* WIP before using the quest sidebar branch as a base
* move quest detail actions to the "new" details dialog
* quest details layout for owner / participant
* fix quest rewards - open details modal from sidebar
* apply quest-details dialog styles to the buyQuestModal one
* fix quest reward icons / popover / texts
* WIP back to quest selection
* fix lint
* merge selectQuestModal.vue with questDetailModal.vue + UI for the select quest
* fix margins / layout / labels
* fix quest detail + wip invitationListModal.vue / participantListModal.vue
* fix questmodal user label centered
* fix centered reward items + grouping items and adding a count-badge
* sort quests by AZ or quantity
* invitations modal
* remove console.info
* complete participantListModal.vue + extracted getClassName
* missed a file for getClassName extraction
* fix invitations
* select the actual quest on details
* fix margins on invite to party / start quest buttons
* replace buyQuestModal close button and title
* fix recursion due to the same name
* missing import
* sort quantity by highest first
* fix "Can't find a Quest to start" styles
* fix "your balance" padding
* fix quest collections / drop items
* fix member details in participants list
* fix quest info
* remove nullable because the build doesn't like it (on this file..)
* add questCompleted to the stories + fix getDropName
* replace quest-rewards in questCompleted.vue
* fix questCompleted.vue style
* delete obsolete components
* add missing spritesheets to storebook
* requested pr changes
* refactored fetchMember
* revert optional chaining
* fix merge conflicts
* fix rightSidebar hover colors - $scss var to css var
* overflow auto instead of scroll
* prevent wrapping of quest collections
* rollback to multi line quest items
* use min-width for the quest popover
* fix(profile): detect attempt to use banned words as display name. refactor profanity detection method.
* fix(profile): detect attempt to use banned words in blurb. further refactor profanity detection. inform the user their chat privileges have been revoked.
* refactor: add function to normalize Unicode strings and remove diacritics
* fix: improve regEx to prevent false partial matches e.g. 'hello' being recognised as banned words. porting fix from #12309
* fix(profile): refactor of profanity detection for #12445
* fix(profile): add test for swear words in new profile. fix existing tests
* fix(profile): show different error message for attempted slur use in username by new users.
* fix(profile): remove incorrect slur test
* fix(profile): fix slurs not caught at start of end of strings connect by punctuation
* tests(profile): fix tests for profanity checking
* remove exclusive test
* 11865 - update text for slur warnings
* 11865 - remove unused string from locale files
* 11865 - improve naming of banned word usage locale string
* 11865 - improve logic so that differentiated warnings are shown depending on whether a slur or other profanity has been used in a display name
* 11865 - construct slur regexes outside the validation function in which they are used
* 11865 - fix tests
* WIP: #12555
-dayOfMonth takes timezone into account on task update for monthly dailys
-startDate set to start of day in user's tz on task update for monthly
dailys
-tweaked a test so that it's actually testing something
* WIP: 12555
-task.startDate gets set to start of day in user's tz on task creation
and task update
-set preferences.timezoneOffset to nonzero value in certian test user objects
-removed date literals in test:api-v3:integration:tasks:PUT
* change $type to date for task and add new test
* adjust apidocs to reflect type change
* migration test for api date $type change
* minor fixes to migration
* unset instead of set empty string
* add type filter
* fix(todo date migration): make sure the update command works and limit update ops
Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com>
* upgrade stripe module
* switch stripe api to latest version
* fix api version in tests
* start upgrading client and server
* client: switch to redirect
* implement checkout session creation for gems, start implementing webhooks
* stripe: start refactoring one time payments
* working gems and gift payments
* start adding support for subscriptions
* stripe: migrate subscriptions and fix cancelling sub
* allow upgrading group plans
* remove console.log statements
* group plans: upgrade from static page / create new one
* fix#11885, correct group plan modal title
* silence more stripe webhooks
* fix group plans redirects
* implement editing payment method
* start cleaning up code
* fix(stripe): update in-code docs, fix eslint issues
* subscriptions tests
* remove and skip old tests
* skip integration tests
* fix client build
* stripe webhooks: throw error if request fails
* subscriptions: correctly pass groupId
* remove console.log
* stripe: add unit tests for one time payments
* wip: stripe checkout tests
* stripe createCheckoutSession unit tests
* stripe createCheckoutSession unit tests
* stripe createCheckoutSession unit tests (editing card)
* fix existing webhooks tests
* add new webhooks tests
* add more webhooks tests
* fix lint
* stripe integration tests
* better error handling when retrieving customer from stripe
* client: remove unused strings and improve error handling
* payments: limit gift message length (server)
* payments: limit gift message length (client)
* fix redirects when payment is cancelled
* add back "subUpdateCard" string
* fix redirects when editing a sub card, use proper names for products, check subs when gifting
* refactor(api-members): separate handler for the GET /challenges/:challengeId/members route
* refactor(api-members): challenges-related code removed from _getMembersForItem handler function
* feat(api-members): added support to the new includeTasks query parameter for the GET /challenges/:challengeId/members route
* fix(api-members): adjustments to the GET /challenges/:challengeId/members route
* fix(api-members): merge of _getMembersTasksFromChallenge and additional check for a test suite
* refactor(api-members): includeAllMembers query parameter got removed from the GET /challenges/:challengeId/members route
* GET-challenges_challengeId_members.test.js: use _id
* members.js: use _id instead of id
* use id instead of _id
* _id instead of id
Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com>
* upgrade helmet to version 4
* deps(short-uuid): upgrade to version 4, closes#12573
* deps(slack): upgrade to version 4
* deps(slack): upgrade to version 5, closes#11442
* deps(amplitude): upgrade to latest version use api v2
* fix tests
* slack tests: return promise
* refactor slack setup for tests
* fix slack unit tests
* challenge won notification: add more info
* update tests
* use new notification on web, fixes#7716
* wip design
* finalize design
* fix markdown rendering
