Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Martin Brennan a414520742
SECURITY: Prevent email from being nil in InviteRedeemer (#19004) 
This commit adds some protections in InviteRedeemer to ensure that email
can never be nil, which could cause issues with inviting the invited
person to private topics since there was an incorrect inner join.

If the email is nil and the invite is scoped to an email, we just use
that invite.email unconditionally.  If a redeeming_user (an existing
user) is passed in when redeeming an email, we use their email to
override the passed in email.  Otherwise we just use the passed in
email.  We now raise an error after all this if the email is still nil.
This commit also adds some tests to catch the private topic fix, and
some general improvements and comments around the invite code.

This commit also includes a migration to delete TopicAllowedUser records
for users who were mistakenly added to topics as part of the invite
redemption process.
 		2022-11-14 12:02:06 +10:00
..
fabricators SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
fixtures A11Y: Set role=presentation if alt attr is missing (#18546) 2022-10-12 14:07:37 +03:00
helpers Meta topic: https://meta.discourse.org/t/meta-theme-color-is-not-respecting-current-color-scheme/239815 (#18832) 2022-11-07 10:06:26 +03:00
import_export DEV: Add a rake task to export/import translation overrides (#18487) 2022-10-05 15:22:16 -04:00
initializers Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
integration DEV: Add integration specs for Discord, Facebook and Twitter logins (#18941) 2022-11-11 13:50:17 +03:00
integrity DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
jobs FEATURE: Add cooked post to user archive exports (#18979) 2022-11-11 11:07:32 +00:00
lib FIX: Ensure moderators_manage_categories_and_groups is respected (#18884) 2022-11-11 11:06:05 +00:00
mailers DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
models SECURITY: Prevent email from being nil in InviteRedeemer (#19004) 2022-11-14 12:02:06 +10:00
multisite DEV: Fix mocha deprecations (#18828) 2022-11-02 10:47:59 +01:00
requests SECURITY: Prevent email from being nil in InviteRedeemer (#19004) 2022-11-14 12:02:06 +10:00
script/import_scripts DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
serializers FIX: do not lock account if backup codes are available (#18982) 2022-11-11 13:00:06 +11:00
services FEATURE: Rename onboarding popups to user tips (#18826) 2022-11-09 20:20:34 +02:00
support DEV: TODO followups (#18936) 2022-11-09 07:48:05 +10:00
system DEV: Add more page objects (#18972) 2022-11-11 17:44:40 +08:00
tasks FIX: Allow attr updates of over-size-limit uploads (#18986) 2022-11-11 17:56:11 +01:00
views Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
rails_helper.rb FEATURE: Generic hashtag autocomplete part 1 (#18592) 2022-10-19 14:03:57 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Update rubocop (#18754) 2022-10-26 09:05:15 +08:00