evazion 8bd60e41a1 Fix #4555: Invalidate sessions for deleted users ...

Fix three exploits that allowed one to keep using their account after it was deleted:

* It was possible to use session cookies from another computer to login after you deleted your account.
* It was possible to use API keys to make API requests after you deleted your account.
* It was possible to request a password reset, delete your account, then use the password reset link
  to change your password and login to your deleted account.

2022-11-06 14:58:08 -06:00

..

components

Fix #3615: Unsupported video codecs.

2022-10-27 01:43:33 -05:00

factories

tests: fix broken tests.

2022-10-30 17:26:42 -05:00

files

media assets: save audio volume levels in media metadata.

2022-11-04 18:06:30 -05:00

fixtures/stripe-webhooks

user upgrades: upgrade to new Stripe checkout system.

2020-12-24 19:58:29 -06:00

functional

Fix #4555: Invalidate sessions for deleted users

2022-11-06 14:58:08 -06:00

helpers

…

jobs

posts: fix double deletion bug.

2022-09-24 23:41:14 -05:00

mailers/previews

Add DMCA complaint form.

2022-10-11 15:45:47 -05:00

system

remove references to locks

2021-10-24 15:16:48 -03:00

test_helpers

tests: fix strategy_should_work to not perform API calls outside of tests.

2022-10-25 22:41:36 -05:00

unit

users: set is_deleted flag when account is deleted.

2022-11-06 13:18:49 -06:00

.rubocop.yml

ci: use more permissive rubocop / codeclimate settings.

2020-06-15 16:45:37 -05:00

application_system_test_case.rb

tests: skip system tests when firefox isn't installed.

2019-09-29 14:29:28 -05:00

test_helper.rb

searchable: fix searching for polymorphic attributes.

2022-09-29 04:36:12 -05:00