12 Commits

Author SHA1 Message Date
xboard 9ba946621e feat: email template management with DB override, modern mail redesign 2026-04-18 15:41:23 +08:00
Valentin Lobstein 121511523f Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink (#873)
The loginWithMailLink endpoint returns the magic login link in the
HTTP response body, allowing unauthenticated account takeover.

The fix returns true instead of the link. The email delivery is
the authentication factor.

Bug inherited from V2Board commit bdb10bed (2022-06-27).
2026-04-10 02:44:20 +08:00
xboard 7fbd1bb92d feat: implement email case-insensitive queries (fix #318) 2026-03-28 07:09:21 +08:00
xboard 562064712d fix(register): handle invalid invite code as API error (#792) 2026-03-11 02:09:25 +08:00
xboard a666557781 fix(auth): handle null redirect in quick login url 2025-08-21 18:57:19 +08:00
xboard c9bab8fb02 feat: add multiple hooks, pligun schedule support ,add hook:list artisan command 2025-07-21 13:29:17 +08:00
xboard a01b94f131 fix(register): handle invalid invite code gracefully
Fix an issue where entering a non-existent invite code during registration would result in an unclear HTTP code 0 error. Now, the system properly validates the invite code and returns a clear error response if the code does not exist.
2025-07-13 21:19:33 +08:00
xboard 5b295dbec3 feat: plugin controller config system with guest_comm_config hook integration
- Add HasPluginConfig trait and PluginController base class
- Integrate guest_comm_config hook in CommController for plugin frontend config injection
- Add user creation functionality to UserService and fix null value handling
- Enhance AbstractPlugin.getConfig() with key parameter support
- Multiple service layer optimizations and architecture improvements
2025-06-29 01:42:48 +08:00
xboard 6d85736eea eat: add reCAPTCHA v3 and Cloudflare Turnstile verification support
- Implement reCAPTCHA v3 with score-based validation
- Add Cloudflare Turnstile as captcha alternative
- Create reusable CaptchaService for unified validation
- Support switching between recaptcha, recaptcha-v3, and turnstile
- Maintain backward compatibility with existing configurations
2025-06-28 18:01:59 +08:00
xboard 97e7ffccae fix: resolve PHPStan static analysis warnings 2025-05-07 19:48:19 +08:00
xboard db235c10e8 Revert "fix: resolve PHPStan static analysis warnings"
This reverts commit 2d3e4b4a95.
2025-04-14 21:23:08 +08:00
xboard 2d3e4b4a95 fix: resolve PHPStan static analysis warnings 2025-04-14 02:12:42 +08:00