mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-18 15:17:25 +01:00
Compare commits
27 Commits
fiz/update
...
fiz/ToS-st
| Author | SHA1 | Date | |
|---|---|---|---|
|
cd06148422 | ||
|
|
a0b179561b | ||
|
|
9a1fb18959 | ||
|
2ea0b64603 | ||
|
|
bd1aa1e417 | ||
|
|
7c49b845d6 | ||
|
|
1ee172139d | ||
|
|
6447b9ab4b | ||
|
|
5c414099d9 | ||
|
|
5e8e1179aa | ||
|
|
7e86a62624 | ||
|
|
1ba9dda0ed | ||
|
|
227e5ceaa8 | ||
|
|
f77ab5a3ab | ||
|
|
1916faf647 | ||
|
|
80ecb5cef1 | ||
|
|
75c36e6622 | ||
|
|
78330c975a | ||
|
|
95266f6cb3 | ||
|
|
e9b2c1b51a | ||
|
|
2a2bea07ab | ||
|
|
ea60ddbf4c | ||
|
|
1c2ca0e478 | ||
|
|
ef2b7eb928 | ||
|
|
3d16387a61 | ||
|
|
93b7770eaa | ||
|
|
a9f84d3307 |
Submodule habitica-images updated: cf18a04339...aa72332019
@@ -117,6 +117,15 @@ describe('Blocker middleware', () => {
|
||||
|
||||
checkIPBlockedErrorThrown(next);
|
||||
});
|
||||
|
||||
it('throws when the ip is blocked', () => {
|
||||
req.ip = '192.168.1.1';
|
||||
sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
|
||||
const attachBlocker = requireAgain(pathToBlocker).default;
|
||||
attachBlocker(req, res, next);
|
||||
|
||||
checkIPBlockedErrorThrown(next);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Blocking clients', () => {
|
||||
@@ -194,4 +203,4 @@ describe('Blocker middleware', () => {
|
||||
expect(calledWith[0] instanceof Forbidden).to.equal(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -44,7 +44,7 @@ describe('POST /user/auth/local/login', () => {
|
||||
})).to.eventually.be.rejected.and.eql({
|
||||
code: 401,
|
||||
error: 'NotAuthorized',
|
||||
message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
|
||||
message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id, username: user.auth.local.username }),
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -56203,13 +56203,13 @@
|
||||
width: 81px;
|
||||
height: 99px;
|
||||
}
|
||||
.Pet-PandaCub-Cupid {
|
||||
background-image: url('https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet-PandaCub-Cupid.png');
|
||||
.Pet-PandaCub-Cryptid {
|
||||
background-image: url('https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet-PandaCub-Cryptid.png');
|
||||
width: 81px;
|
||||
height: 99px;
|
||||
}
|
||||
.Pet-PandaCub-Cyptid {
|
||||
background-image: url('https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet-PandaCub-Cyptid.png');
|
||||
.Pet-PandaCub-Cupid {
|
||||
background-image: url('https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet-PandaCub-Cupid.png');
|
||||
width: 81px;
|
||||
height: 99px;
|
||||
}
|
||||
|
||||
@@ -130,4 +130,4 @@ export default {
|
||||
},
|
||||
},
|
||||
};
|
||||
</script>
|
||||
</script>
|
||||
@@ -43,9 +43,11 @@ export default {
|
||||
const AUTH_SETTINGS = localStorage.getItem(LOCALSTORAGE_AUTH_KEY);
|
||||
const parseSettings = JSON.parse(AUTH_SETTINGS);
|
||||
const userId = parseSettings ? parseSettings.auth.apiId : '';
|
||||
const username = this.$store?.state?.user?.data?.auth?.local?.username || '';
|
||||
|
||||
return this.$t('accountSuspended', {
|
||||
userId,
|
||||
username,
|
||||
communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
|
||||
});
|
||||
},
|
||||
|
||||
@@ -4,4 +4,4 @@
|
||||
"newsroom": "Newsroom",
|
||||
"adminBlockerTypeDescription": "<b>IP-Address</b> - Block access for a specific IP-Address\n\nClient - Block access for a client based on the \"x-client\" header.\n\nE-Mail - Blocks e-mails from being used for signup.",
|
||||
"adminBlockerAreaDescription": "A blocker can either apply to the full site, completely blocking any access. Or it can apply to purchases, which still allows the site to be accessed."
|
||||
}
|
||||
}
|
||||
@@ -1038,6 +1038,7 @@
|
||||
"backgrounds082025": "SET 135: Released August 2025",
|
||||
"backgroundSunnyStreetWithShopsText": "Sunny Street with Shops",
|
||||
"backgroundSunnyStreetWithShopsNotes": "Enjoy the sights and sounds of a Sunny Street with Shops.",
|
||||
|
||||
"timeTravelBackgrounds": "Steampunk Backgrounds",
|
||||
"backgroundAirshipText": "Airship",
|
||||
"backgroundAirshipNotes": "Become a sky sailor on board your very own Airship.",
|
||||
|
||||
@@ -43,7 +43,7 @@
|
||||
"commGuideList05F": "Creation of a duplicate account to avoid consequences",
|
||||
"commGuideList05G": "Intentional deception of Staff in order to avoid consequences or to get another user in trouble",
|
||||
"commGuideList05H": "Severe or repeated attempts to defraud or pressure other players for real-money items",
|
||||
"commGuideList05A": "Other breaches of the Terms of Service not specified here",
|
||||
"commGuideList05A": "Other breaches of the Terms and Conditions not specified here",
|
||||
|
||||
"commGuideHeadingModerateInfractions": "Moderate Infractions",
|
||||
"commGuidePara054": "These infractions will have moderate consequences. When in conjunction with multiple infractions, the consequences may grow more severe.",
|
||||
|
||||
@@ -91,7 +91,7 @@
|
||||
"sync": "Sync",
|
||||
"tasks": "Tasks",
|
||||
"teams": "Teams",
|
||||
"terms": "Terms of Service",
|
||||
"terms": "Terms and Conditions",
|
||||
"tumblr": "Tumblr",
|
||||
"localStorageTryFirst": "If you are experiencing problems with Habitica, click the button below to clear local storage and most cookies for this website (other websites will not be affected). You will need to log in again after doing this, so first be sure that you know your log-in details, which can be found at Settings -> <%= linkStart %>Site<%= linkEnd %>.",
|
||||
"localStorageTryNext": "If the problem persists, please <%= linkStart %>Report a Bug<%= linkEnd %> if you haven't already.",
|
||||
@@ -133,7 +133,7 @@
|
||||
"passwordReset": "If we have your email or username on file, instructions for setting a new password have been sent to your email.",
|
||||
"invalidLoginCredentialsLong": "Uh-oh - your email address / username or password is incorrect.\n- Make sure they are typed correctly. Your username and password are case-sensitive.\n- You may have signed up with Facebook or Google-sign-in, not email so double-check by trying them.\n- If you forgot your password, click \"Forgot Password\".",
|
||||
"invalidCredentials": "There is no account that uses those credentials.",
|
||||
"accountSuspended": "This account, User ID \"<%= userId %>\", has been blocked for breaking the Community Guidelines (https://habitica.com/static/community-guidelines) or Terms of Service (https://habitica.com/static/terms). For details or to ask to be unblocked, please email our Community Manager at <%= communityManagerEmail %> or ask your parent or guardian to email them. Please include your @Username in the email.",
|
||||
"accountSuspended": "Your account @<%= username %> has been blocked. For additional information, or to request an appeal, email admin@habitica.com with your Habitica username or User ID.",
|
||||
"accountSuspendedTitle": "Account has been suspended",
|
||||
"unsupportedNetwork": "This network is not currently supported.",
|
||||
"cantDetachSocial": "Account lacks another authentication method; can't detach this authentication method.",
|
||||
|
||||
@@ -1739,7 +1739,7 @@
|
||||
"armorArmoireFlyFishingWadersText": "Fly Fishing Waders",
|
||||
"armorArmoireFlyFishingWadersNotes": "Stay perfectly warm and dry when you wade into a stream, pond, lake, or river. Increases Strength and Constitution by <%= attrs %> each. Enchanted Armoire: Fly Fishing Set (Item 2 of 3)",
|
||||
"armorArmoireRedWaistcoatText": "Red Waistcoat",
|
||||
"armorArmoireRedWaistcoatNotes": "Look smart and stunning as you tackle your tasks. There's something secret hidden in the vest pocket—what do you think it could be? Increases Constitution and Strength by <%= attrs %> each. Enchanted Armoire: Red Waistcoat Set (Item 2 of 2)",
|
||||
"armorArmoireRedWaistcoatNotes": "Look smart and stunning as you tackle your tasks. There’s something secret hidden in the vest pocket—what do you think it could be? Increases Constitution and Strength by <%= attrs %> each. Enchanted Armoire: Red Waistcoat Set (Item 2 of 2)",
|
||||
|
||||
"headgear": "helm",
|
||||
"headgearCapitalized": "Headgear",
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
"commGuideHeadingSevereInfractions": "Severe Infractions",
|
||||
"commGuidePara052": "Severe infractions greatly harm the safety of Habitica's community and users, and therefore have severe consequences as a result.",
|
||||
"commGuidePara053": "The following are examples of some severe infractions. This is not a comprehensive list.",
|
||||
"commGuideList05A": "Other breaches of the Terms of Service not specified here",
|
||||
"commGuideList05A": "Other breaches of the Terms and Conditions not specified here",
|
||||
"commGuideList05B": "Hate Speech/Images, Harassment/Stalking, Cyber-Bullying, Flaming, and Trolling",
|
||||
"commGuideList05C": "Violation of Probation",
|
||||
"commGuideList05D": "Impersonation of Staff - this includes claiming player-created spaces not affiliated with Habitica are official and/or moderated by Habitica or its Staff",
|
||||
|
||||
@@ -87,7 +87,7 @@
|
||||
"sync": "Sync",
|
||||
"tasks": "Tasks",
|
||||
"teams": "Teams",
|
||||
"terms": "Terms of Service",
|
||||
"terms": "Terms and Conditions",
|
||||
"tumblr": "Tumblr",
|
||||
"localStorageTryFirst": "If you are experiencing problems with Habitica, click the button below to clear local storage and most cookies for this website (other websites will not be affected). You will need to log in again after doing this, so first be sure that you know your login details, which can be found at Settings -> <%= linkStart %>Site<%= linkEnd %>.",
|
||||
"localStorageTryNext": "If the problem persists, please <%= linkStart %>Report a Bug<%= linkEnd %> if you haven't already.",
|
||||
|
||||
@@ -187,5 +187,4 @@ api.deleteBlocker = {
|
||||
res.respond(200, savedBlocker);
|
||||
},
|
||||
};
|
||||
|
||||
export default api;
|
||||
|
||||
@@ -16,7 +16,11 @@ export function loginRes (user, req, res) {
|
||||
if (user.auth.blocked) {
|
||||
throw new NotAuthorized(res.t(
|
||||
'accountSuspended',
|
||||
{ communityManagerEmail: COMMUNITY_MANAGER_EMAIL, userId: user._id },
|
||||
{
|
||||
communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
|
||||
userId: user._id,
|
||||
username: user.auth.local.username,
|
||||
},
|
||||
));
|
||||
}
|
||||
const urlPath = url.parse(req.url).pathname;
|
||||
|
||||
@@ -100,6 +100,7 @@ export function authWithHeaders (options = {}) {
|
||||
throw new NotAuthorized(common.i18n.t('accountSuspended', {
|
||||
communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
|
||||
userId: user._id,
|
||||
username: user.auth.local.username,
|
||||
}, language));
|
||||
}
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import nconf from 'nconf';
|
||||
import {
|
||||
Forbidden,
|
||||
} from '../libs/errors';
|
||||
@@ -9,7 +10,19 @@ import { model as Blocker } from '../models/blocker';
|
||||
// NOTE: it's meant to be used behind a proxy (for example a load balancer)
|
||||
// that uses the 'x-forwarded-for' header to forward the original IP addresses.
|
||||
|
||||
const blockedIps = [];
|
||||
// A list of comma separated IPs to block
|
||||
// It works fine as long as the list is short,
|
||||
// if the list becomes too long for an env variable we'll switch to Redis.
|
||||
const BLOCKED_IPS_RAW = nconf.get('BLOCKED_IPS');
|
||||
|
||||
const blockedIps = BLOCKED_IPS_RAW
|
||||
? BLOCKED_IPS_RAW
|
||||
.trim()
|
||||
.split(',')
|
||||
.map(blockedIp => blockedIp.trim())
|
||||
.filter(blockedIp => Boolean(blockedIp))
|
||||
: [];
|
||||
|
||||
const blockedClients = [];
|
||||
|
||||
Blocker.watchBlockers({
|
||||
@@ -53,4 +66,4 @@ export default function ipBlocker (req, res, next) {
|
||||
}
|
||||
|
||||
return next();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user