Merge branch 'master' into admin-ui-custom-css

This commit is contained in:
type_face
2019-05-02 12:28:59 -07:00
committed by GitHub
8 changed files with 51 additions and 18 deletions
+26
View File
@@ -43,6 +43,32 @@ const CONFIG = {
process.env.TALK_WHITELISTED_LANGUAGES &&
process.env.TALK_WHITELISTED_LANGUAGES.split(',').map(l => l.trim()),
// USERNAME_CAST_REGEXP defiles the regex expression that will be used to
// strip characters from a username during a username cast operation.
USERNAME_CAST_REGEXP: new RegExp(
process.env.USERNAME_CAST_REGEXP || '[^a-zA-Z_]',
'g'
),
// USERNAME_REPLACEMENT_CAST_REGEXP defiles the regex expression that will be
// used to replace characters with the replacement character during a username
// cast operation. First duplicates will be replaced, then
USERNAME_REPLACEMENT_CAST_REGEXP: new RegExp(
process.env.USERNAME_REPLACEMENT_CAST_REGEXP || ' +',
'g'
),
// USERNAME_REPLACEMENT_CHARACTER is the character used to replace other
// characters matching the USERNAME_REPLACEMENT_CAST_REGEXP.
USERNAME_REPLACEMENT_CHARACTER:
process.env.USERNAME_REPLACEMENT_CHARACTER || '_',
// USERNAME_VALIDATION_REGEX defines the allowed characters for a username in
// Talk.
USERNAME_VALIDATION_REGEX: new RegExp(
process.env.USERNAME_VALIDATION_REGEX || '^[A-Za-z0-9_]+$'
),
// When TRUE, it ensures that database indexes created in core will not add
// indexes.
CREATE_MONGO_INDEXES: process.env.DISABLE_CREATE_MONGO_INDEXES !== 'TRUE',
+1 -3
View File
@@ -76,9 +76,7 @@ sidebar:
- title: GitHub
url: https://github.com/coralproject/
- title: Docker
url: https://hub.docker.com/r/coralproject/
- title: Roadmap
url: https://www.pivotaltracker.com/n/projects/1863625
url: https://hub.docker.com/r/coralproject/talk/
side:
- title: Installation
children:
+1 -1
View File
@@ -55,7 +55,7 @@ Start by making a new directory and create a file called `docker-compose.yml` an
version: '2'
services:
talk:
image: coralproject/talk:4.5
image: coralproject/talk:4
restart: always
ports:
- "3000:3000"
@@ -43,7 +43,7 @@ be used to setup Talk:
version: '2'
services:
talk:
image: coralproject/talk:4.5
image: coralproject/talk:4
restart: always
ports:
- "3000:3000"
@@ -121,7 +121,7 @@ base installation with additional custom plugins. Images can be created with the
most basic of `Dockerfile`'s:
```docker
FROM coralproject/talk:4.5-onbuild
FROM coralproject/talk:4-onbuild
```
And running the following to build the docker image:
@@ -153,7 +153,7 @@ your containerized infrastructure. The versioning of our Docker tags as well
lets you do something like:
```docker
FROM coralproject/talk:4.5-onbuild
FROM coralproject/talk:4-onbuild
```
Which would pin your image to `4.5.x release's.
Which would pin your image to `4.x.x release's.
+1 -1
View File
@@ -111,7 +111,7 @@ If you deploy using Docker, you can extend from the `*-onbuild` image, an
example `Dockerfile` for your project could be:
```Dockerfile
FROM coralproject/talk:4.5-onbuild
FROM coralproject/talk:4-onbuild
```
Establish a private repository for your instance that includes the following:
+3 -3
View File
@@ -64,13 +64,13 @@ const wrapCheck = (
/**
* checkPermissions checks that the current user has all the required
* permissions.
* permissions. It will return true if that's the case.
*
* @param {Object} ctx graph context
* @param {Array<String>} permissions permissions that the user must have
*/
const checkPermissions = (ctx, permissions) =>
!ctx.user || !ctx.user.can(...permissions);
ctx.user && ctx.user.can(...permissions);
/**
* wrapCheckPermissions will wrap a specific field with a permission check.
@@ -89,7 +89,7 @@ const wrapCheckPermissions = (
wrapCheck(
typeResolver,
field,
(obj, args, ctx) => !checkPermissions(ctx, permissions),
(obj, args, ctx) => checkPermissions(ctx, permissions),
skipFieldResolver
);
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "talk",
"version": "4.8.4",
"version": "4.8.6",
"description": "A better commenting experience from Mozilla, The New York Times, and the Washington Post. https://coralproject.net",
"main": "app.js",
"private": true,
+14 -5
View File
@@ -22,6 +22,10 @@ const {
ROOT_URL,
RECAPTCHA_WINDOW,
RECAPTCHA_INCORRECT_TRIGGER,
USERNAME_CAST_REGEXP,
USERNAME_REPLACEMENT_CAST_REGEXP,
USERNAME_REPLACEMENT_CHARACTER,
USERNAME_VALIDATION_REGEX,
} = require('../config');
const { jwt: JWT_SECRET } = require('../secrets');
const debug = require('debug')('talk:services:users');
@@ -525,7 +529,10 @@ class Users {
}
static castUsername(username) {
return username.replace(/ /g, '_').replace(/[^a-zA-Z_]/g, '');
return username
.trim()
.replace(USERNAME_REPLACEMENT_CAST_REGEXP, USERNAME_REPLACEMENT_CHARACTER)
.replace(USERNAME_CAST_REGEXP, '');
}
/**
@@ -554,7 +561,11 @@ class Users {
for (let i = 0; i < MAX_ATTEMPTS; i++) {
// Generate `GROUP_ATTEMPTS` guesses for the username.
const usernameGuesses = Array.from(Array(GROUP_ATTEMPTS)).map(
() => `${castedName}_${random(0, END_NUMBER_MAX)}`
() =>
`${castedName}${USERNAME_REPLACEMENT_CHARACTER}${random(
0,
END_NUMBER_MAX
)}`
);
// Map them all to lowercase.
@@ -684,13 +695,11 @@ class Users {
* @return {Promise}
*/
static async isValidUsername(username, checkAgainstWordlist = true) {
const onlyLettersNumbersUnderscore = /^[A-Za-z0-9_]+$/;
if (!username) {
throw new ErrMissingUsername();
}
if (!onlyLettersNumbersUnderscore.test(username)) {
if (!USERNAME_VALIDATION_REGEX.test(username)) {
throw new ErrSpecialChars();
}