strapi

mirror of https://github.com/strapi/strapi.git synced 2025-10-31 01:47:13 +00:00

Author	SHA1	Message	Date
Ben Irvin	082492f357	Merge branch 'develop' into advisory-fix-1	2025-02-14 10:59:05 +01:00
Ben Irvin	e07a466901	fix: validation message shape	2025-01-29 16:54:15 +01:00
Ben Irvin	1f8e39868e	fix: validation on front-end forms	2025-01-29 12:34:22 +01:00
Andrei Luca	7bc7b72479	fix(plugins/users): remove redundant grant-koa dependency in favor of grant.koa (#22622 ) Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>	2025-01-27 11:58:37 +00:00
Ben Irvin	8947f3d9fe	test(unit): add tests for password byte length	2025-01-24 16:35:37 +01:00
Ben Irvin	9efe8c85f4	fix: do not validate byte length on empty values	2025-01-23 14:46:28 +01:00
Ben Irvin	de1f23fc24	revert: fix accidental corrupted regexp	2025-01-23 13:10:01 +01:00
Ben Irvin	41f8cdf116	fix: 72 byte maximum for creating and updating passwords	2025-01-23 12:44:25 +01:00
Jean-Sébastien Herbaux	7f39880265	Make locale/localizations private for non-localized cts (#21495 )	2024-10-14 14:07:09 +02:00
Bassel Kanso	483fc83a30	fix: refactoring validation methods	2024-10-02 12:03:28 +03:00
Bassel Kanso	d9c48152d7	fix: remove logs	2024-09-30 16:31:19 +03:00
Bassel Kanso	98f1b7f205	feat: use yup.test and make error messages customizable	2024-09-30 16:28:57 +03:00
Bassel Kanso	c124e287cf	feat: make the validatePassword async	2024-09-27 13:39:11 +03:00
Bassel Kanso	3d663bd9bd	fix: prettier	2024-09-27 13:00:48 +03:00
Bassel Kanso	38a485c86a	feat: add validatePassword to the plugin configs	2024-09-27 12:59:32 +03:00
Bassel Kanso	f4fb74d10c	fix: prettier issue	2024-09-27 11:07:29 +03:00
Bassel Kanso	a663bc54a4	feat: add password rules config to users-permissions	2024-09-27 10:54:37 +03:00
Alexandre Bodin	da64f1575a	fix: emailConfirmation broken	2024-09-16 10:26:16 +02:00
Convly	481550a0d4	Merge branch 'refs/heads/develop' into v5/main # Conflicts: # .github/actions/check-pr-status/package.json # docs/docs/docs/01-core/admin/05-features/authentication.md # docs/docusaurus.config.js # docs/yarn.lock # examples/getstarted/package.json # examples/kitchensink-ts/package.json # examples/kitchensink/package.json # examples/plugins/workspace-plugin/package.json # lerna.json # package.json # packages/admin-test-utils/package.json # packages/cli/create-strapi-app/package.json # packages/cli/create-strapi-starter/package.json # packages/cli/create-strapi/package.json # packages/core/admin/admin/src/App.tsx # packages/core/admin/admin/src/components/AuthenticatedApp.tsx # packages/core/admin/admin/src/components/Context.tsx # packages/core/admin/admin/src/components/LeftMenu.tsx # packages/core/admin/admin/src/components/PrivateRoute.tsx # packages/core/admin/admin/src/content-manager/pages/ListSettingsView/index.jsx # packages/core/admin/admin/src/content-manager/pages/ListView/components/BulkActions/PublishAction.tsx # packages/core/admin/admin/src/content-manager/pages/ListView/components/TableCells/CellContent.tsx # packages/core/admin/admin/src/features/Configuration.tsx # packages/core/admin/admin/src/index.ts # packages/core/admin/admin/src/pages/ProfilePage.tsx # packages/core/admin/admin/src/pages/UseCasePage.tsx # packages/core/admin/ee/server/src/services/metrics.ts # packages/core/admin/package.json # packages/core/admin/server/src/bootstrap.ts # packages/core/content-manager/package.json # packages/core/content-releases/admin/src/components/CMReleasesContainer.tsx # packages/core/content-releases/admin/src/components/ReleaseListCell.tsx # packages/core/content-releases/admin/src/index.ts # packages/core/content-releases/admin/src/pages/ReleaseDetailsPage.tsx # packages/core/content-releases/admin/src/pages/tests/ReleaseDetailsPage.test.tsx # packages/core/content-releases/admin/src/services/release.ts # packages/core/content-releases/package.json # packages/core/content-releases/server/src/controllers/release.ts # packages/core/content-type-builder/package.json # packages/core/core/.gitignore # packages/core/data-transfer/package.json # packages/core/database/package.json # packages/core/database/src/query/helpers/populate/apply.ts # packages/core/email/package.json # packages/core/helper-plugin/package.json # packages/core/permissions/package.json # packages/core/strapi/package.json # packages/core/types/package.json # packages/core/upload/admin/src/components/AssetDialog/BrowseStep/tests/__snapshots__/index.test.jsx.snap # packages/core/upload/admin/src/pages/App/ConfigureTheView/components/tests/__snapshots__/Settings.test.jsx.snap # packages/core/upload/admin/src/pages/App/ConfigureTheView/tests/__snapshots__/ConfigureTheView.test.jsx.snap # packages/core/upload/package.json # packages/core/upload/server/services/provider.js # packages/core/upload/server/services/upload.js # packages/core/upload/server/src/services/image-manipulation.ts # packages/core/upload/server/tsconfig.eslint.json # packages/core/utils/package.json # packages/generators/app/package.json # packages/generators/app/src/utils/db-client-dependencies.ts # packages/generators/generators/package.json # packages/plugins/cloud/package.json # packages/plugins/color-picker/package.json # packages/plugins/documentation/package.json # packages/plugins/graphql/package.json # packages/plugins/i18n/admin/src/components/LocaleListCell.tsx # packages/plugins/i18n/admin/src/contentReleasesHooks/releaseDetailsView.ts # packages/plugins/i18n/admin/src/index.ts # packages/plugins/i18n/package.json # packages/plugins/sentry/package.json # packages/plugins/users-permissions/package.json # packages/providers/email-amazon-ses/package.json # packages/providers/email-mailgun/package.json # packages/providers/email-nodemailer/package.json # packages/providers/email-sendgrid/package.json # packages/providers/email-sendmail/package.json # packages/providers/upload-aws-s3/package.json # packages/providers/upload-cloudinary/package.json # packages/providers/upload-local/package.json # packages/utils/api-tests/package.json # packages/utils/eslint-config-custom/package.json # packages/utils/logger/package.json # packages/utils/tsconfig/package.json # packages/utils/typescript/package.json # packages/utils/upgrade/LICENSE # packages/utils/upgrade/bin/upgrade.js # packages/utils/upgrade/package.json # packages/utils/upgrade/packup.config.ts # scripts/front/package.json # tests/e2e/constants.ts # tests/e2e/tests/content-releases/releases-page.spec.ts # yarn.lock	2024-05-30 13:12:27 +02:00
Convly	59a1c00f8c	enhancement: improve callback URL validation	2024-04-17 16:24:18 +02:00
Convly	e762295cbe	enhancement: add validation for custom U&P OAuth callbacks	2024-04-05 09:12:04 +02:00
Alexandre Bodin	eb61511884	chore: use strapi.service instead of strapi.admin.services	2024-04-03 14:24:15 +02:00
Alexandre Bodin	e68afb0e1e	chore: inverse control of contentAPI sanitize & validate	2024-03-21 22:26:41 +01:00
Alexandre Bodin	3e8b3d565b	chore: update u&p	2024-03-19 08:50:23 +01:00
Alexandre Bodin	a95285578b	chore: database enhancements	2024-03-13 22:13:40 +01:00
Alexandre Bodin	5ffb3c7100	chore: deprecate entity-service and delegate to document service	2024-03-12 21:02:33 +01:00
Ben Irvin	ab2af1e539	fix(core): use module uid for config namespace instead of dot notation	2024-03-11 12:28:46 +01:00
Alexandre Bodin	41da5d47c9	chore: setup configuration in one place only	2024-01-23 14:36:43 +01:00
Ben Irvin	cb94653642	chore: split test	2024-01-17 09:24:27 +01:00
Ben Irvin	17f8ef0d9b	fix: tests and logging	2024-01-16 18:22:14 +01:00
Ben Irvin	8263926b47	feat: register.allowedFields defaults to empty array	2024-01-16 18:14:32 +01:00
Kushal Kanungo	ae06d7f100	changed the error type from application to forbidden	2023-09-12 20:24:43 +05:30
Kushal Kanungo	a8149c55fd	fix: blocked users can still login via provider	2023-09-06 11:05:39 +05:30
Ben Irvin	026570c3a4	Merge pull request #17804 from strapi/feature/add-allowedfields	2023-08-25 15:55:06 +02:00
Ben Irvin	7cbd31e19c	add allowedFields feature	2023-08-25 13:44:44 +02:00
Ben Irvin	dce86bec5c	validate does not sanitize	2023-08-11 13:13:44 +02:00
Ben Irvin	995473d959	add utils.validate and replace sanitize usage	2023-08-10 15:24:35 +02:00
derrickmehaffy	773db0dcaf	add role as a failsafe	2023-04-17 08:08:19 -07:00
derrickmehaffy	52f5b7a16e	update blacklist with all system fields	2023-04-17 07:30:28 -07:00
Alexandre BODIN	aaeb988a0b	Expand nx usage and migrate logger to ts (#15957 )	2023-03-22 11:21:33 +01:00
Ben Irvin	801e3db415	add traverse query fix single type fix query sanitize pagination count params add comments Cleanup the params/filters sanitize helpers sanitize association resolver Sanitize sort fix graphql single type fix graphql types fix addFindQuery Sanitize fields Update sanitize sort to handle all the different formats Update fields sanitize to handle regular strings & wildcard Fix non scalar recursion Add a traverse factory Add visitor to remove dz & morph relations Replace the old traverse utils (sort, filters) by one created using the traverse factory add sanitize populate await args fix async and duplicate sanitization sanitize u&p params Add traverse fields Fix traverse & sanitize fields add traverse fields to nested populate sanitize admin api filter queries Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> sanitize sort params in admin API todo make token fields unsearchable with _q sanitize delete mutation Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com> fix errors on queries without ctx rename findParams to sanitizedParams Sanitize queries everywhere in the content manager admin controllers sanitize single type update and delete Ignore non attribute keys in the sanitize sort Fix the sanitize query sort for nested string sort Fix permission check for the admin typo sanitize upload sanitize admin media library sanitize admin users Add missing await Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> set U&P users fields to searchable:false add token support to createContentAPIRequest add searchable:false to getstarted U&P schema remove comment sanitize component resolver remove await add searchable false to the file's folder path Fix admin query when the permission query is set to null add basic tests for filtering private params add tests for fields add pagination tests Fix admin user fields not being sanitized Fix convert query params for the morph fragment on undefined value Traverse dynamic zone on nested populate Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations Sanitize 'on' subpopulate Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> don't throw error on invalid attributes check models for snake case column name instead of assuming they are operators Add first batch of api tests for params sanitize Fix sort traversal: handle object arrays Put back removePassword for fields,sort,filters Add schemas and fixtures for sanitize api tests Add tests for relations (sanitize api tests) Move constant to domain scope Rename sanitize params to sanitize query Fix typo Cleanup fixtures file Fix variable name conflict Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com> Update comment for array filters Rename sanitize test Test implicit & explicit array operator for filter Remove unused code	2023-03-15 14:59:19 +01:00
Convly	56aa69f472	Use lodash fp instead of lodash	2023-01-10 10:34:49 +01:00
Convly	403a1fe81b	Update email template validation & tests	2022-12-30 19:00:19 +01:00
Alexandre Bodin	3ef2eabdad	Fix validation on user update	2022-11-09 19:10:41 +01:00
Pierre Noël	93d030df8b	update permissions plugin role validation (done by @Marc-Roig)	2022-10-06 11:15:07 +02:00
Alexandre Bodin	e57f02d2d9	Fix eslint in plugins folder	2022-09-05 15:18:24 +02:00
Alexandre Bodin	cf49ddbbfc	Prettier and backend fix	2022-08-11 10:20:49 +02:00
Alexandre Bodin	0ae14c06cb	1st fix pass	2022-08-11 10:20:48 +02:00
Alexandre Bodin	dd357e63e6	Put missing code back	2022-08-11 10:04:46 +02:00
Alexandre Bodin	a25a65918c	Move to Post and cleanup validation	2022-08-03 16:46:41 +02:00

1 2 3

115 Commits