From e3a300c643060119265a392a89505f6afcc627bf Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Wed, 24 Apr 2019 13:00:58 -0600 Subject: [PATCH 1/3] fix: removed roadmap from sidebar --- docs/_config.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/_config.yml b/docs/_config.yml index f63c59213..569522c96 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -76,9 +76,7 @@ sidebar: - title: GitHub url: https://github.com/coralproject/ - title: Docker - url: https://hub.docker.com/r/coralproject/ - - title: Roadmap - url: https://www.pivotaltracker.com/n/projects/1863625 + url: https://hub.docker.com/r/coralproject/talk/ side: - title: Installation children: From 1e3d47eb87b5ce272ac9728a7723eb0c6e83d53d Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Mon, 29 Apr 2019 20:28:50 +0000 Subject: [PATCH 2/3] Tags Permissions (#2291) * fix: fixed a bug that exposed tags * chore: bumped versions --- docs/source/01-01-talk-quickstart.md | 2 +- docs/source/01-02-installation-from-docker.md | 8 ++++---- docs/source/plugins/overview.md | 2 +- graph/resolvers/util.js | 6 +++--- package.json | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/source/01-01-talk-quickstart.md b/docs/source/01-01-talk-quickstart.md index 7a20377d4..e3e95e290 100644 --- a/docs/source/01-01-talk-quickstart.md +++ b/docs/source/01-01-talk-quickstart.md @@ -55,7 +55,7 @@ Start by making a new directory and create a file called `docker-compose.yml` an version: '2' services: talk: - image: coralproject/talk:4.5 + image: coralproject/talk:4 restart: always ports: - "3000:3000" diff --git a/docs/source/01-02-installation-from-docker.md b/docs/source/01-02-installation-from-docker.md index 0b11cfab5..643823f56 100644 --- a/docs/source/01-02-installation-from-docker.md +++ b/docs/source/01-02-installation-from-docker.md @@ -43,7 +43,7 @@ be used to setup Talk: version: '2' services: talk: - image: coralproject/talk:4.5 + image: coralproject/talk:4 restart: always ports: - "3000:3000" @@ -121,7 +121,7 @@ base installation with additional custom plugins. Images can be created with the most basic of `Dockerfile`'s: ```docker -FROM coralproject/talk:4.5-onbuild +FROM coralproject/talk:4-onbuild ``` And running the following to build the docker image: @@ -153,7 +153,7 @@ your containerized infrastructure. The versioning of our Docker tags as well lets you do something like: ```docker -FROM coralproject/talk:4.5-onbuild +FROM coralproject/talk:4-onbuild ``` -Which would pin your image to `4.5.x release's. +Which would pin your image to `4.x.x release's. diff --git a/docs/source/plugins/overview.md b/docs/source/plugins/overview.md index b4e1f41d5..8f49aeb1f 100644 --- a/docs/source/plugins/overview.md +++ b/docs/source/plugins/overview.md @@ -111,7 +111,7 @@ If you deploy using Docker, you can extend from the `*-onbuild` image, an example `Dockerfile` for your project could be: ```Dockerfile -FROM coralproject/talk:4.5-onbuild +FROM coralproject/talk:4-onbuild ``` Establish a private repository for your instance that includes the following: diff --git a/graph/resolvers/util.js b/graph/resolvers/util.js index a1a745ab2..2c83cd19b 100644 --- a/graph/resolvers/util.js +++ b/graph/resolvers/util.js @@ -64,13 +64,13 @@ const wrapCheck = ( /** * checkPermissions checks that the current user has all the required - * permissions. + * permissions. It will return true if that's the case. * * @param {Object} ctx graph context * @param {Array} permissions permissions that the user must have */ const checkPermissions = (ctx, permissions) => - !ctx.user || !ctx.user.can(...permissions); + ctx.user && ctx.user.can(...permissions); /** * wrapCheckPermissions will wrap a specific field with a permission check. @@ -89,7 +89,7 @@ const wrapCheckPermissions = ( wrapCheck( typeResolver, field, - (obj, args, ctx) => !checkPermissions(ctx, permissions), + (obj, args, ctx) => checkPermissions(ctx, permissions), skipFieldResolver ); diff --git a/package.json b/package.json index 2f76efbff..c6b98acba 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "talk", - "version": "4.8.4", + "version": "4.8.5", "description": "A better commenting experience from Mozilla, The New York Times, and the Washington Post. https://coralproject.net", "main": "app.js", "private": true, From 976931135c10c12934fe419320d2c8eedfb7e19b Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Thu, 2 May 2019 16:07:42 +0000 Subject: [PATCH 3/3] fix: added username config (#2295) --- config.js | 26 ++++++++++++++++++++++++++ package.json | 2 +- services/users.js | 19 ++++++++++++++----- 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/config.js b/config.js index d01ad8817..47ff1dcad 100644 --- a/config.js +++ b/config.js @@ -43,6 +43,32 @@ const CONFIG = { process.env.TALK_WHITELISTED_LANGUAGES && process.env.TALK_WHITELISTED_LANGUAGES.split(',').map(l => l.trim()), + // USERNAME_CAST_REGEXP defiles the regex expression that will be used to + // strip characters from a username during a username cast operation. + USERNAME_CAST_REGEXP: new RegExp( + process.env.USERNAME_CAST_REGEXP || '[^a-zA-Z_]', + 'g' + ), + + // USERNAME_REPLACEMENT_CAST_REGEXP defiles the regex expression that will be + // used to replace characters with the replacement character during a username + // cast operation. First duplicates will be replaced, then + USERNAME_REPLACEMENT_CAST_REGEXP: new RegExp( + process.env.USERNAME_REPLACEMENT_CAST_REGEXP || ' +', + 'g' + ), + + // USERNAME_REPLACEMENT_CHARACTER is the character used to replace other + // characters matching the USERNAME_REPLACEMENT_CAST_REGEXP. + USERNAME_REPLACEMENT_CHARACTER: + process.env.USERNAME_REPLACEMENT_CHARACTER || '_', + + // USERNAME_VALIDATION_REGEX defines the allowed characters for a username in + // Talk. + USERNAME_VALIDATION_REGEX: new RegExp( + process.env.USERNAME_VALIDATION_REGEX || '^[A-Za-z0-9_]+$' + ), + // When TRUE, it ensures that database indexes created in core will not add // indexes. CREATE_MONGO_INDEXES: process.env.DISABLE_CREATE_MONGO_INDEXES !== 'TRUE', diff --git a/package.json b/package.json index c6b98acba..05dc39cae 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "talk", - "version": "4.8.5", + "version": "4.8.6", "description": "A better commenting experience from Mozilla, The New York Times, and the Washington Post. https://coralproject.net", "main": "app.js", "private": true, diff --git a/services/users.js b/services/users.js index c7040304a..6a257aeda 100644 --- a/services/users.js +++ b/services/users.js @@ -22,6 +22,10 @@ const { ROOT_URL, RECAPTCHA_WINDOW, RECAPTCHA_INCORRECT_TRIGGER, + USERNAME_CAST_REGEXP, + USERNAME_REPLACEMENT_CAST_REGEXP, + USERNAME_REPLACEMENT_CHARACTER, + USERNAME_VALIDATION_REGEX, } = require('../config'); const { jwt: JWT_SECRET } = require('../secrets'); const debug = require('debug')('talk:services:users'); @@ -525,7 +529,10 @@ class Users { } static castUsername(username) { - return username.replace(/ /g, '_').replace(/[^a-zA-Z_]/g, ''); + return username + .trim() + .replace(USERNAME_REPLACEMENT_CAST_REGEXP, USERNAME_REPLACEMENT_CHARACTER) + .replace(USERNAME_CAST_REGEXP, ''); } /** @@ -554,7 +561,11 @@ class Users { for (let i = 0; i < MAX_ATTEMPTS; i++) { // Generate `GROUP_ATTEMPTS` guesses for the username. const usernameGuesses = Array.from(Array(GROUP_ATTEMPTS)).map( - () => `${castedName}_${random(0, END_NUMBER_MAX)}` + () => + `${castedName}${USERNAME_REPLACEMENT_CHARACTER}${random( + 0, + END_NUMBER_MAX + )}` ); // Map them all to lowercase. @@ -684,13 +695,11 @@ class Users { * @return {Promise} */ static async isValidUsername(username, checkAgainstWordlist = true) { - const onlyLettersNumbersUnderscore = /^[A-Za-z0-9_]+$/; - if (!username) { throw new ErrMissingUsername(); } - if (!onlyLettersNumbersUnderscore.test(username)) { + if (!USERNAME_VALIDATION_REGEX.test(username)) { throw new ErrSpecialChars(); }