From bfca481b0b7280e8a9f2212777b6c6e8045ccd5b Mon Sep 17 00:00:00 2001 From: John McLear Date: Mon, 1 Jun 2020 18:19:06 +0100 Subject: [PATCH] import: setting for allowing import without author existing --- settings.json.template | 13 +++++++++++++ src/node/handler/PadMessageHandler.js | 1 + src/node/hooks/express/importexport.js | 6 +++--- src/node/utils/Settings.js | 14 ++++++++++++++ src/static/js/pad_editbar.js | 2 +- 5 files changed, 32 insertions(+), 4 deletions(-) diff --git a/settings.json.template b/settings.json.template index 27f1fb60c..1e11557fb 100644 --- a/settings.json.template +++ b/settings.json.template @@ -467,6 +467,19 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 + + /* + * From Etherpad 1.8.3 onwards import was restricted to authors who had + * content within the pad. + * + * This setting will override that restriction and allow any user to import + * without the requirement to add content to a pad. + * + * This setting is useful for when you use a plugin for authentication so you + * can already trust each user. + */ + "allowAnyoneToImport": false, + /* * Toolbar buttons configuration. * diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js index bf69a3d25..eb3a784a2 100644 --- a/src/node/handler/PadMessageHandler.js +++ b/src/node/handler/PadMessageHandler.js @@ -1131,6 +1131,7 @@ async function handleClientReady(client, message) }, "initialChangesets": [], // FIXME: REMOVE THIS SHIT "thisUserHasEditedThisPad": thisUserHasEditedThisPad, + "allowAnyoneToImport": settings.allowAnyoneToImport } // Add a username to the clientVars if one avaiable diff --git a/src/node/hooks/express/importexport.js b/src/node/hooks/express/importexport.js index 95d02775d..bf85ae13e 100644 --- a/src/node/hooks/express/importexport.js +++ b/src/node/hooks/express/importexport.js @@ -83,20 +83,20 @@ exports.expressCreateServer = function (hook_name, args, cb) { let author = await authorManager.getAuthor4Token(req.cookies.token); // author is of the form: "a.g2droBYw1prY7HW9" - if (!author) { + if (!author && !settings.allowAnyoneToImport) { console.warn(`Unable to import file into "${req.params.pad}". No Author found for token ${req.cookies.token}`); return next(); } let authorsPads = await authorManager.listPadsOfAuthor(author); - if (!authorsPads) { + if (!authorsPads && !settings.allowAnyoneToImport) { console.warn(`Unable to import file into "${req.params.pad}". Author "${author}" exists but he never contributed to any pad`); return next(); } let authorsPadIDs = authorsPads.padIDs; - if (authorsPadIDs.indexOf(req.params.pad) === -1) { + if ( (authorsPadIDs.indexOf(req.params.pad) === -1) && !settings.allowAnyoneToImport) { console.warn(`Unable to import file into "${req.params.pad}". Author "${author}" exists but he never contributed to this pad`); return next(); } diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index 0dcd05ea4..e80c32e4b 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -351,6 +351,20 @@ exports.importExportRateLimiting = { */ exports.importMaxFileSize = 50 * 1024 * 1024; + +/* + * From Etherpad 1.8.3 onwards import was restricted to authors who had + * content within the pad. + * + * This setting will override that restriction and allow any user to import + * without the requirement to add content to a pad. + * + * This setting is useful for when you use a plugin for authentication so you + * can already trust each user. + */ +exports.allowAnyoneToImport = false, + + // checks if abiword is avaiable exports.abiwordAvailable = function() { diff --git a/src/static/js/pad_editbar.js b/src/static/js/pad_editbar.js index fc9ba198a..9f1dd6af2 100644 --- a/src/static/js/pad_editbar.js +++ b/src/static/js/pad_editbar.js @@ -408,7 +408,7 @@ var padeditbar = (function() toolbar.registerCommand("import_export", function () { toolbar.toggleDropDown("import_export", function(){ - if (clientVars.thisUserHasEditedThisPad) { + if (clientVars.thisUserHasEditedThisPad || clientVars.allowAnyoneToImport) { // the user has edited this pad historically or in this session $('#importform').show(); $('#importmessagepermission').hide();