Commit Graph

113 Commits

Author SHA1 Message Date
Guo Xiang Tan 4b51871f6a Treat non-ascii URLs in `UrlValidator`. 2017-12-21 14:22:55 +08:00
Guo Xiang Tan 6ecf37c482 Improve URL validation to check for a valid host.
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:

URI.parse("http://https://google.com")
=> #<URI::HTTP http://https//google.com>
2017-12-21 13:50:15 +08:00
Vinoth Kannan 7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Gerhard Schlager 4dc4bc70c8 FIX: ignore_by_title should match case-insensitive 2017-11-12 01:43:18 +01:00
Neil Lalonde ddbd1d5ab8 allow regex options on username site settings 2017-10-04 15:08:51 -04:00
Gerhard Schlager 7f50380221 FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 16:36:08 +02:00
Sam a4e3e081c9 correct spec 2017-08-24 10:40:14 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan 2255724637 UX: Add validator for `SiteSetting#sso_overrides_email`. 2017-07-10 10:08:55 +09:00
Guo Xiang Tan 13f3de4bf6 Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 15:09:14 +09:00
Guo Xiang Tan 59b906ab0d FEATURE: Disable minimum post length check when in PM with non human users.
https://meta.discourse.org/t/discourse-narrative-bot-beta-feedback/58621/65?u=tgxworld
2017-04-27 16:00:22 +08:00
Arpit Jalan dad2024094 FIX: do not impose default min/max validation on hidden site setting 2017-04-22 12:08:39 +05:30
Arpit Jalan 9eff4f0807 FIX: all basic integer settings should have max value validation 2017-04-21 07:09:41 +05:30
jomaxro f5673fbd47 Remove references to elder
The use of the TL4 name Elder was changed in 2014 to Leader.  The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Jeff Atwood 9b263a0559 increase req min unique pw chars from 5 to 6 2017-02-16 17:06:19 -08:00
Sam 8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Neil Lalonde 94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde 1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Guo Xiang Tan 13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Neil Lalonde 86522a52b7 FEATURE: add censored_pattern setting to censor posts using regex 2016-11-08 16:39:26 -05:00
Neil Lalonde 7a81669c18 SECURITY: don't allow re-using the current password during password reset 2016-08-24 12:27:21 -04:00
Régis Hanol 59680af329 disable email white/blacklisting for staged users 2016-07-04 16:05:01 +02:00
Régis Hanol de9136a8f2 FIX: bypass TL0-specific validations on posts in a PM 2016-04-18 22:08:42 +02:00
Régis Hanol 20ce7f29e0 FEATURE: new 'manual_polling_enabled' site setting 2016-03-16 22:28:01 +01:00
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
Régis Hanol 8944d62aa6 add validator for the 'reply_by_email_enabled' site setting 2016-02-09 23:35:40 +01:00
Arpit Jalan 99c4252ba6 FEATURE: Staff should be exempt from user mention limit 2016-02-01 21:19:56 +05:30
Andy Waite 3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Régis Hanol 5b9594277a skip most post validations for staged accounts 2015-12-01 10:40:23 +01:00
Régis Hanol 7c694139ec trust staged accounts when validating posts 2015-11-30 19:08:35 +01:00
Sam 69ad0358c2 FIX: incorrect logic in email blocker
if mail.com was blocked, email.com was automatically blocked
2015-06-15 11:28:50 +10:00
Arpit Jalan b7ac8448c6 Improve IP blocking error message 2015-06-02 07:48:26 +05:30
Arpit Jalan 6bf680882c Better error message when new registration limit from an IP address is reached 2015-06-01 10:16:25 +05:30
Neil Lalonde 30b063c08b FEATURE: make full names a required field of user profiles with the full_name_required setting 2015-04-02 17:08:04 -04:00
Neil Lalonde c04b214910 FEATURE: don't allow username and email to be the same 2015-02-27 13:47:43 -05:00
Neil Lalonde cf81b3f86d FEATURE: don't allow username and password to be the same 2015-02-25 12:00:13 -05:00
Régis Hanol f7d2fc0524 FEATURE: 'reply by email address' validator
Prevent infinite email loophole when the 'reply_by_email_address' site setting is the same as the 'notification_email'.
2015-02-06 12:08:37 +01:00
Luciano Sousa 0fd98b56d8 few components with rspec3 syntax 2015-01-09 13:34:37 -03:00
Régis Hanol 7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Neil Lalonde 443caaa8f7 FIX: don't let admins skip post validations, unless it's faq, tos, or privacy 2014-08-01 14:53:35 -04:00
Neil Lalonde e1be478ef4 FIX: admins bypass some post validations. This allows them to edit legal docs even if those docs are longer than max post length, for example. 2014-07-28 16:40:14 -04:00
Neil Lalonde 3eb65885d1 Add validation of string site settings with regex, and min and max lengths 2014-06-18 11:15:40 -04:00
Neil Lalonde ba65aa3f6c Add a way to validate min and max value of an integer site setting 2014-06-12 18:04:37 -04:00
Neil Lalonde 9611a1ac47 Validate username site settings 2014-06-11 16:20:57 -04:00
Neil Lalonde 2c19d8a136 Fix password_validator_spec 2013-12-27 11:15:53 -05:00
Neil Lalonde ab12695d63 Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-27 11:00:21 -05:00
Robin Ward 0c45eba037 FIX: Users can edit posts when they've reached the `newuser_max_replies_per_topic` threshold. 2013-12-20 11:30:51 -05:00
Neil Lalonde 854d9c8fc6 Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:47 -05:00
Neil Lalonde 33c6997ded Move password validation into PasswordValidator 2013-12-19 16:15:47 -05:00
Robin Ward 1cac9fa257 New users can only post `newuser_max_replies_per_topic` times per topic. 2013-12-19 13:45:55 -05:00
Neil Lalonde c1008f4359 Fixes for postgresql inet columns in Rails 4. They're backed by an IPAddr class now, which breaks sql parameter marker support, and automatically sets the attribute to nil when trying to assign an invalid ip address. 2013-10-22 19:19:32 -04:00
Neil Lalonde 7d582fbee3 Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:46 -04:00
Neil Lalonde 648b11a0eb Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:50:18 -04:00
Neil Lalonde 78c15d5810 Move the unique post key storage code into the Post model 2013-09-09 16:17:31 -04:00
Neil Lalonde eae7e75611 FIX: recover post by a non-staff user fails because the post is not unique. Uniqueness check shouldn't happen when recovering a deleted post. 2013-09-06 11:50:15 -04:00
Neil Lalonde 86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Neil Lalonde 5f8a130277 Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-29 15:29:43 -04:00
Régis Hanol 121d08e25f FIX: updating needs a restart 2013-06-29 03:49:54 +02:00
Sam f7de9f17d5 refactor validators
add a new setting for min pm body length
use that setting for flags
scale entropy check down for pms
2013-06-13 18:18:43 +10:00
Neil Lalonde 2465c9c724 Add min_private_message_title_length site setting so private messages can have short titles 2013-06-04 17:59:23 -04:00
Chris Hunt 13c4266c74 Allow Chinese characters in Topic titles 2013-05-26 13:56:42 -07:00
Matt Van Horn 806255b3c4 refactor Topic validation
introduce a couple of custom validators
fix minor discrepancies in tests
copy I18n error message keys to default location
clean up validation invocation
move some responsibilities out of validator into class
2013-05-22 22:31:52 -07:00