discourse/spec/requests
Penar Musaraj 974b3a2a6f
DEV: Do not require session confirmation for new users (#24799)
When making sensitive changes to an account (adding 2FA or passkeys), we
require users to confirm their password. This is to prevent an attacker
from adding 2FA to an account they have access to.

However, on newly created accounts, we should not require this, it's an
extra step and it doesn't provide extra security (since the account was
just created). This commit makes it so that we don't require session
confirmation for accounts created less than 5 minutes ago.
2024-02-15 12:29:16 -05:00
..
admin FEATURE: Permalinks for users (#25552) 2024-02-05 17:31:31 +01:00
api FEATURE: Enable passkeys by default (#25340) 2024-01-23 17:23:26 +01:00
examples SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
about_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
application_controller_spec.rb FIX: Always preload admin plugin list for admin in sidebar (#25606) 2024-02-09 12:52:22 +10:00
associate_accounts_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
badges_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmarks_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
categories_controller_spec.rb FIX: Preload user-specific category fields (#25663) 2024-02-13 20:00:44 +02:00
clicks_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
composer_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
composer_messages_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
csp_reports_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
directory_items_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
do_not_disturb_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
drafts_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
edit_directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_controller_spec.rb FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
embed_controller_spec.rb DEV: Fix assertion in embedding test (#24694) 2023-12-05 18:30:52 +02:00
exceptions_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
export_csv_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
extra_locales_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
finish_installation_controller_spec.rb DEV: Improve error message when test fails (#25067) 2023-12-29 12:44:41 +08:00
form_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
forums_controller_spec.rb DEV: Correct forums_controller success spec (#24690) 2023-12-04 14:26:29 +00:00
groups_controller_spec.rb FIX: Allow staff to change group members visibility level for automatic groups (#25281) 2024-01-17 12:54:52 -05:00
hashtags_controller_spec.rb FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
highlightjs_controller_spec.rb FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
inline_onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
invites_controller_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
list_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
metadata_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
noscript_escape_spec.rb SECURITY: Properly escape user content within `<noscript>` 2024-01-30 09:10:09 -07:00
notifications_controller_spec.rb FEATURE: Site setting to display user avatars in user menu (#24514) 2023-12-07 11:30:44 -06:00
offline_controller_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
omniauth_callbacks_controller_spec.rb FIX: Flaky spec due to incorrect Rack response body (#24640) 2023-11-30 10:49:55 +08:00
onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
post_action_users_controller_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
post_actions_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
post_readers_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
posts_controller_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
presence_controller_spec.rb FIX: Updating presence status in readonly mode should fail gracefully (#24333) 2023-11-10 14:27:43 -06:00
published_pages_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
push_notification_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
qunit_controller_spec.rb DEV: Stop building test assets in production under Embroider (#23388) 2023-09-11 09:12:37 +01:00
reviewable_claimed_topics_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
reviewables_controller_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
robots_txt_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
safe_mode_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
search_controller_spec.rb FIX: Search by tag context was broken (#23006) 2023-08-08 15:15:34 -04:00
session_controller_spec.rb FIX: Webauthn origin was incorrect for subfolder setups (#25651) 2024-02-12 16:27:24 -05:00
sidebar_sections_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
similar_topics_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
site_controller_spec.rb DEV: Ability to collect stats without exposing them via API (#23933) 2023-11-10 00:44:05 +04:00
sitemap_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
slugs_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
static_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
steps_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
stylesheets_controller_spec.rb DEV: Fix test incorrectly removing stylesheet cache of other processes (#25103) 2024-01-03 13:15:35 +08:00
svg_sprite_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
tag_groups_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
tags_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
theme_javascripts_controller_spec.rb DEV: Compile theme migrations javascript files when running theme qunit (#25219) 2024-01-16 09:50:44 +08:00
topics_controller_spec.rb DEV: Add post_id parameter to reset_bump_date route (#25372) 2024-02-15 16:42:42 +11:00
uploads_controller_multisite_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
uploads_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
user_actions_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_api_keys_controller_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
user_avatars_controller_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
user_badges_controller_spec.rb DEV: Incorrect setup for test (#24736) 2023-12-06 09:26:45 +08:00
user_status_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
users_controller_spec.rb DEV: Do not require session confirmation for new users (#24799) 2024-02-15 12:29:16 -05:00
users_email_controller_spec.rb DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
webhooks_controller_spec.rb FEATURE: Add Mailpace webhook (#21981) 2023-06-08 20:06:20 +03:00
wizard_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00