By default, the jellyfinAuthToken of every user was always retrieved from the database, and
sometimes sent back to the client. Any logged-in user could retrieve this token via a request
containing admin user information, and use it to gain full access to Jellyfin. This PR removes the
auth token and the device ID from the fields selected by default by TypeORM.
* fix(email): do not attempt to display logo if app URL not configured
* fix(email): prevent Gmail from turning usernames with periods into hyperlinks
* fix(email): fix(email): use displayName instead of username/plexUserName and improve Gmail link fix
* fix(plex): do not fail to import Plex users when Plex Home has managed users
* fix: default display name to email when user has no username
also, do not set username or plexUsername when it is the same as the user's email address
* fix(ui): user display name placeholder should reflect fallback logic if username is not set
* fix(ui): hide email addresses of other users if logged-in user does not have Manage Users permission
* fix: always set Plex username even if same as user's email
* fix: remove unnecessary permission check
* fix: transform email addresses to lowercase
* refactor(ui): add tabs to user notification settings
* feat(notif): allow users to enable/disable specific agents
* fix(ui): only enforce required fields when agent is enabled
* fix(ui): hide unavailable notification agents
* feat(notif): mention admin users for admin Discord notifications
* fix(ui): modify styling of PGP key textareas to suit expected input
* fix(notif): mention all admins when there are multiple and fix rebase error
* fix: add missing form values, and fix Yup validation
* refactor: reduce repeated logic/code in email notif agent
* refactor: move 'Notification Types' label into NotificationTypeSelector component
* fix(email): correct inconsistencies in email template formatting
* refactor: use bitfields for storing user-enabled notif agent types
* feat: improve notification agent logging
* fix(ui): mark string fields as nullable so empty values are not type errors
* fix: add validation for PGP-related inputs
* fix: correctly fetch user in user settings & log mentioned IDs for Discord notifs
* fix(ui): fix mobile nav dropdown text & add hover effect to button-style tabs
* fix(notif): process admin email notifications asynchronously
* fix(logging): log name of notification type instead of its enum value
* fix: mark required fields and pass all user settings values to API
* fix(frontend): call mutate after changing email/Discord/Telegram global notif settings
* refactor: get global notif settings from relevant API endpoints instead of adding to public settings
* fix(notif): fall back to email notifications being enabled (default) if user settings do not exist
* fix(notif): do not set notifyUser for MEDIA_PENDING or MEDIA_AUTO_APPROVED
* fix: expose notif enabled settings in user notif endpoints & remove global enable notif setting
* fix(notif): remove unnecessary allowed_mentions object from Discord payload
* fix(notif): use form values for email test notification
* fix: make suggested changes and regenerate DB migration
* fix: loosen validation of PGP keys
* fix: fix user profile settings routes
* fix: remove route guard from profile pages
* feat(quotas): rebased
* feat: add getQuota() method to User entity
* feat(ui): add default quota setting options
* feat: user quota settings
* feat: quota display in request modals
* fix: only show user quotas on own profile or with manage users permission
* feat: add request progress circles to profile page
* feat: add migration
* fix: add missing restricted field to api schema
* fix: dont show auto approve message for movie request when restricted
* fix(lang): change enable checkbox langauge to "enable override"
Co-authored-by: Jakob Ankarhem <jakob.ankarhem@outlook.com>
Co-authored-by: TheCatLady <52870424+TheCatLady@users.noreply.github.com>
* feat(api): request model
Also adds request binding to search/discover results
* fix(api): rename Request to MediaRequest and update nextjs tsconfig
* refactor(api): move related request fetching code into MediaRequest entity
* feat(api): settings system
Also includes /auth/me endpoint for ticket ch76 and OpenAPI 3.0 compatibility for ch77
* refactor(api): remove unused imports
