Skip to content
This repository has been archived by the owner on Apr 16, 2024. It is now read-only.

WS 18/19 ❄️-Release
Compare
Choose a tag to compare
@kesselb kesselb released this 20 Dec 12:12
· 496 commits to master since this release
v0.8.4
dfac6cc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog

Added

  • Export PDF with styled free text units. #997 #1047
  • More predefined custom containers. #996
  • Styled code snippets. #1017
  • LectureController success (200), access denial (403) and not found (404) unit tests for all routes. #1041
  • Various NotificationController unit tests (200s, 400s, 403s, 404s). #1065
  • Two NotificationSettingsController unit tests for 403 & 404 PUT request errors. #1072
  • TestHelper request methods for PUT & DELETE. #1041
  • Code kata validation service. #844
  • File ↔ video unit display type switching. #912

Fixed

  • bundle.scss not available in api container. #1052

Changed

  • Update mongoose to 5.4.x. #1003 #1004 #1044 #1077
  • Refactor LectureController GET/POST/PUT routes to use async/await. #1041
  • Refactor NotificationController unit tests in general. #1065
  • Refactor NotificationController to utilize .orFail and the errorCodes file. #1065
  • Refactor ExportController & LectureController to utilize .orFail. #1065
  • Sanitize {post} /api/lecture/ route parameters by reducing the arbitrary ILecture input to name & description. #1041
  • Sanitize NotificationController POST route parameters by taking a targetType and targetId instead of the separate changedCourse/changedLecture/changedUnit which needed a (missing) consistency check. #1065
  • Empty success response object in the two NotificationController POST routes. #1065
  • Major NotificationSettingsController refactoring and changes in general, plus unit test / front-end adjustments. #1072
  • Disable unit submit button when deadline is over. #964
  • The background image on the index page. #922

Removed

  • Unused Notification class in the front-end. #1065
  • Unused NotificationSettings class in the front-end. #1072
  • {post} /api/notificationSettings/ route; functionality now handled completely by {put} /api/notificationSettings/. #1072

Fixed

  • Some incorrect FixtureUtils return types. #1041 #1065
  • LectureController 404 error handling. #1041
  • NotificationController 404 error handling. #1065
  • NotificationSettingsController 404 PUT error handling. #1072
  • Course list broken when course image in invalid state. #1053

Security

  • Fix multiple security issues of the LectureController. #1041
  • Fix missing teacher authorization check for the two NotificationController POST routes. #1065
  • Fix missing NotificationController POST teacher authorization check. #1065
  • Fix {get} /api/notification/ response leaks by introducing INotificationView, a reduced and safe variant of the INotification interface. #1065
  • Fix response leaks for all three (now two) NotificationSettingsController routes by introducing INotificationSettingsView, a strongly reduced _(no own id) and safe variant of the INotificationSettings interface. #1072
  • Secure {get} /api/notification/ by using the @CurrentUser instead of allowing arbitrary id requests. #1065
  • Secure {get} /api/notificationSettings/ by using the @CurrentUser instead of allowing arbitrary id requests. #1072
  • Secure {put} /api/notificationSettings/ by using the @CurrentUser instead of allowing arbitrary id requests. #1072
  • Minimize NotificationSettingsController attack surface by severely simplifying its routes. #1072
Assets 2
Loading