Commit Graph

299 Commits (02a56dc58c4f4530dfdf819a81637cde9c0f76e6)

Author SHA1 Message Date
Richard Hansen 8b28e00784 restructure: Prefix `bin/` and `tests/` with `src/`
This is a follow-up to commit
2ea8ea1275.
2021-02-05 21:52:08 +00:00
freddii ea202e41f6 docs: fixed typos 2021-02-03 00:30:07 +01:00
John McLear 0cc8405e9c Bump minimum required Node.js version to 10.17.0
This makes it possible to use fs.promises.
2021-01-30 17:00:40 -05:00
Richard Hansen e3a47e48f9 contentcollector: Fix collectContentLineText hook
Before, the hook always ignored the return values provided by the hook
functions. Now the hook functions can change the text by either
returning a string or setting `context.text` to the desired value.

Also drop the `styl` and `cls` context properties. They were never
documented and they were always null.
2021-01-27 04:59:36 +00:00
Richard Hansen bfe813fca2 docs: Wrap long lines and fix whitespace 2021-01-22 02:25:48 -05:00
John McLear 38c9827161
Feature: Scroll to Line number based on Hash IE http://foo.com/p/bar#L10 will scroll to line 10. (#4554)
Includes test coverage
Co-authored-by: webzwo0i <webzwo0i@c3d2.de>
2020-12-26 22:05:08 +01:00
Richard Hansen 8c1afc3399 express: New expressCloseServer hook
This will be used by a future commit to close all socket.io
connections during server restart.
2020-12-23 16:18:28 -05:00
John McLear 83e28ec031
docs: correct name for callback function 2020-11-26 10:10:43 +00:00
Richard Hansen cedd27e4fe plugins: Default the module name to the plugin name 2020-11-13 20:30:27 +00:00
Richard Hansen 6c07229d38 docs: Revise plugin documentation 2020-11-13 20:30:27 +00:00
Richard Hansen cc8dbb07fd docs: Wrap long lines
Also add blank lines around section headings and code blocks.
2020-11-13 20:30:27 +00:00
Richard Hansen 6a8563eeab import/export: Simplify exportEtherpadAdditionalContent processing
Also:
  * Improve parallelization
  * Refine the documentation
2020-11-10 23:02:43 +00:00
Richard Hansen 68a91f5e24 HTML export: Move `padId` to context object property 2020-11-10 07:13:26 +00:00
John McLear 881d8b8d95
pluginfw: Hook to include additional body in HTML exports (#4469)
* hook, needs docs

* docs
2020-11-06 13:48:59 +00:00
John McLear 3fa58efede
pluginfw: Export .etherpad hooks (#4466)
* export support

* proper prefix

* just a basic example, needs working on still

* docs

* comments shouldnt be hard coded
2020-11-06 13:48:25 +00:00
Richard Hansen 91268e14b7 PadMessageHandler: Rename `client` to `socket`
The `client` variable is actually a socket.io Socket object. Rename it
to reduce confusion.
2020-11-02 20:39:08 +00:00
chandi 30b1273853 docs: fix key in padUpdate context 2020-10-26 23:43:09 +00:00
Richard Hansen 36aceb3aba hooks: Rewrite `callAll` and `aCallAll` for consistency
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).

Now a hook function like the following works as expected when invoked
by `aCallAll`:

```
exports.myHookFn = (hookName, context, cb) => {
  cb('some value');
  return;
};
```
2020-10-24 16:08:50 +01:00
chandi 94cb000e8f
plugins: include more data within padUpdate hook (#4425)
* Including more data at pad update event

* docs: new context fields in padUpdate

Co-authored-by: Pedro Beschorner Marin <pedrobmarin@gmail.com>
2020-10-21 18:04:03 +01:00
Richard Hansen a4927095ae CSP: Disable the indexCustomInlineScripts hook 2020-10-11 20:31:00 +01:00
John McLear 66df0a572f
Security: FEATURE REMOVAL: Remove all plain text password logic and ui (#4178)
This will be a breaking change for some people.  

We removed all internal password control logic.  If this affects you, you have two options:

1. Use a plugin for authentication and use session based pad access (recommended).
1. Use a plugin for password setting.

The reasoning for removing this feature is to reduce the overall security footprint of Etherpad.  It is unnecessary and cumbersome to keep this feature and with the thousands of available authentication methods available in the world our focus should be on supporting those and allowing more granual access based on their implementations (instead of half assed baking our own).
2020-10-07 13:43:54 +01:00
Richard Hansen ba6bdf35be Make the aceAttribClasses hook harder to misuse 2020-10-07 10:37:56 +01:00
Richard Hansen bf9d613e95
feature: New user-specific `readOnly` and `canCreate` settings (#4370)
Also:
  * Group the tests for readability.
  * Factor out some common test setup.
2020-09-28 11:22:06 +01:00
Richard Hansen 180983736d security: Enable authorize plugins to grant read-only access 2020-09-27 22:55:49 +01:00
Richard Hansen 304318b618 webaccess: Move pre-authn authz check to a separate hook
Before this change, the authorize hook was invoked twice: once before
authentication and again after (if settings.requireAuthorization is
true). Now pre-authentication authorization is instead handled by a
new preAuthorize hook, and the authorize hook is only invoked after
the user has authenticated.

Rationale: Without this change it is too easy to write an
authorization plugin that is too permissive. Specifically:

  * If the plugin does not check the path for /admin then a non-admin
    user might be able to access /admin pages.
  * If the plugin assumes that the user has already been authenticated
    by the time the authorize function is called then unauthenticated
    users might be able to gain access to restricted resources.

This change also avoids calling the plugin's authorize function twice
per access, which makes it easier for plugin authors to write an
authorization plugin that is easy to understand.

This change may break existing authorization plugins: After this
change, the authorize hook will no longer be able to authorize
non-admin access to /admin pages. This is intentional. Access to admin
pages should instead be controlled via the `is_admin` user setting,
which can be set in the config file or by an authentication plugin.

Also:
  * Add tests for the authenticate and authorize hooks.
  * Disable the authentication failure delay when testing.
2020-09-27 21:19:58 +01:00
Richard Hansen ab5934cbda webaccess: Split authFailure hook into authnFailure and authzFailure
This makes it possible for plugins to return different pages to the
user depending on whether the auth failure was authn or authz.
2020-09-26 19:37:11 +01:00
Richard Hansen 02757079c0 security: Enable authorize plugins to grant modify-only access 2020-09-26 18:36:36 +01:00
Richard Hansen 53fd0b4f98 webaccess: Return 401 for authn failure, 403 for authz failure
This makes it possible for reverse proxies to transform 403 errors
into something like "upgrade to a premium account to access this
pad".

Also add some webaccess tests.
2020-09-24 10:41:58 +01:00
Richard Hansen 1bb44098df PadMessageHandler: Move handleMessage hooks after access check
Move the handleMessageSecurity and handleMessage hooks after the call
to securityManager.checkAccess.

Benefits:

  * A handleMessage plugin can safely assume the message will be
    handled unless the plugin itself drops the message, so it doesn't
    need to repeat the access checks done by the `handleMessage`
    function.
  * This paves the way for a future enhancement: pass the author ID to
    the hooks.

Note: The handleMessageSecurity hook is broken in several ways:

  * The hook result is ignored for `CLIENT_READY` and `SWITCH_TO_PAD`
    messages because the `handleClientReady` function overwrites the
    hook result. This causes the client to receive client vars with
    `readonly` set to true, which causes the client to display an
    immutable pad even though the pad is technically writable.
  * The formatting toolbar buttons are removed for read-only pads
    before the handleMessageSecurity hook even runs.
  * It is awkwardly named: Without reading the documentation, how is
    one supposed to know that "handle message security" actually means
    "grant one-time write access to a read-only pad"?
  * It is called for every message even though calls after a
    `CLIENT_READY` or `SWITCH_TO_PAD` are mostly pointless.
  * Why would anyone want to grant write access when the user visits a
    read-only pad URL? The user should just visit the writable pad URL
    instead.
  * Why would anyone want to grant write access that only lasts for a
    single socket.io connection?
  * There are better ways to temporarily grant write access (e.g., the
    authorize hook).
  * This hook is inviting bugs because it breaks a core assumption
    about `/p/r.*` URLs.

I think the hook should be deprecated and eventually removed.
2020-09-23 08:26:47 +01:00
Richard Hansen a000a93dc6 Refactor startup/shutdown for tests
* `src/node/server.js` can now be run as a script (for normal
    operation) or imported as a module (for tests).
  * Move shutdown actions to `src/node/server.js` to be close to the
    startup actions.
  * Put startup and shutdown in functions so that tests can call them.
  * Use `await` instead of callbacks.
  * Block until the HTTP server is listening to avoid races during
    test startup.
  * Add a new `shutdown` hook.
  * Use the `shutdown` hook to:
      * close the HTTP server
      * call `end()` on the stats collection to cancel its timers
      * call `terminate()` on the Threads.Pool to stop the workers
  * Exit with exit code 0 (instead of 1) on SIGTERM.
  * Export the HTTP server so that tests can get the HTTP server's
    port via `server.address().port` when `settings.port` is 0.
2020-09-22 11:07:21 +01:00
Joas Souza 8c04fe8775
Feature: Copy Pad without history (#4295)
New feature to copy a pad without copying entire history.  This is useful to perform a low CPU intensive operation while still copying current pad state.
2020-09-16 19:24:09 +01:00
Richard Hansen b80a37173e security: Fix authorization bypass vulnerability
Before, a malicious user could bypass authorization restrictions
imposed by the authorize hook:

 * Step 1: Fetch any resource that the malicious user is authorized to
   access (e.g., static content).
 * Step 2: Use the signed express_sid cookie generated in step 1 to
   create a socket.io connection.
 * Step 3: Perform the CLIENT_READY handshake for the desired pad.
 * Step 4: Profit!

Now the authorization decision made by the authorize hook is
propagated to SecurityManager so that it can approve or reject
socket.io messages as appropriate.

This also sets up future support for per-user read-only and
modify-only (no create) authorization levels.
2020-09-15 21:40:25 +01:00
Richard Hansen 80639fdc6a webaccess: Pass `settings.users` to the authenticate hook
Authentication plugins almost always want to read and modify
`settings.users`. The settings can already be accessed in a few other
ways, but this is much more convenient.
2020-09-15 19:26:24 +01:00
Richard Hansen 362b567276 docs: Revise documentation for handleMessage and handleMessageSecurity 2020-09-15 19:25:04 +01:00
Richard Hansen 9f288480e8 docs: Revise hooks overview section 2020-09-05 20:34:47 +01:00
Richard Hansen 55f201a2aa docs: Document the authFailure hook 2020-09-05 12:37:46 +01:00
Richard Hansen f0b7dc7c53
pluginfw: PadMessageHandler: Pass socket.io Socket object to clientVars hook (#4245)
Also revise the clientVars hook documentation.
2020-09-05 10:51:39 +01:00
Richard Hansen 4c0ab8a14e
docs: Document the authorize hook (#4233) 2020-09-04 18:52:25 +01:00
Richard Hansen aee1c3e7c5
docs: Document the authenticate hook (#4232) 2020-08-27 12:57:38 +01:00
Daniel Krol ca6da2c724
Fix doc typo (#4187) 2020-07-21 13:22:31 +01:00
b_b 66a56234fa
docs: index hooks / ref #3978 (#4077) 2020-06-03 10:55:44 +01:00
Daniel Krol 61c7bb9699
feat(i18n) Custom i18n strings (#4000)
* Custom i18n strings (and some code formatting)

* Documentation for per-instance l10n overwrites
2020-05-19 13:21:31 +01:00
muxator 4816785aef doc: in the Docker example with custom plugins, replace ep_codepad -> ep_comments_page
Prefer promoting ep_comments_page, since it has a wider audience and is better
maintained.
2020-05-13 23:16:51 +02:00
b_b 35f0217056
typo on index.html hooks (#3982)
just a typo, maybe the smallest commit in this repo :p
2020-05-13 11:25:57 +01:00
Mikk Andresen c074dfeff2 docs: basic styles for tables
This is a cosmetic fix for PR #3921 (109aa2d489).
Discussion on #3563
2020-05-03 21:56:28 +02:00
muxator 1aebbe8892 docs: also mention the infos we have about sessionID cookie 2020-04-24 03:06:13 +02:00
Mikk Andresen 109aa2d489 docs: add cookies section
Closes #3563
2020-04-24 03:06:13 +02:00
muxator d1eb108ede README.md: losslessly reduce the size of the PNG images
It's not much, but these images will hopefully be downloaded many times. The
smaller they are, the lowest the latency will be.

Command:
    optipng {etherpad_basic.png,etherpad_full_features.png}

BEFORE:
    $ du -sch *.png
    16K     etherpad_basic.png
    104K    etherpad_full_features.png
    120K    total

AFTER:
    $ du -sch *.png
    12K     etherpad_basic.png
    92K     etherpad_full_features.png
    104K    total
2020-04-23 22:29:58 +02:00
Sebastian Castro 1003d9c40e
Update gif demo (#3924)
Include parallel writing with two users
2020-04-23 16:45:33 +01:00
Paul Tiedtke 85adaa44d8 docker: make settings fully configurable via env vars
Now every setting in the official Etherpad container will be configurable via
environment variables.
2020-04-21 04:44:56 +02:00
muxator 8d39cc4db2 docker: fill in the default values in the documentation 2020-04-21 04:44:56 +02:00
muxator a0b5e515aa docker: switch to table layout in the docs about the available settings
In this way, we also gain an explicit place for the default setting (still not
filled in).

No functional changes.
This is in preparation of a future commit by Paul Tiedke.
2020-04-21 04:44:56 +02:00
muxator ca3d095d35 docker: in the db documentation, specify that we are not going to include every single variable a driver may want 2020-04-21 04:44:56 +02:00
muxator f08d517625 docker: in the documentation, reorganize categorically the available parameters
No functional changes.
This is in preparation of a future commit by Paul Tiedke.
2020-04-21 04:44:56 +02:00
Sebastian Castro 11f88a9b36 Update Readme with new screenshots
closes #2140
closes #3779
2020-04-19 18:05:59 +02:00
muxator 5ade38c86b docker: build & run the container in production mode
This is leaner (no development dependencies are included in the container) and
faster (among other things, assets are minified & compressed).
2020-04-19 04:41:29 +02:00
muxator 5acbdb83e5 docker: allow to control import/export rate limiting parameters
The newly introduces environment variables are IMPORT_EXPORT_RATE_LIMIT_WINDOW
and IMPORT_EXPORT_MAX_REQ_PER_IP.
2020-04-14 03:36:13 +02:00
muxator f5d9b94ca1 docker: allow to control the maximum file size of an import via IMPORT_MAX_SIZE 2020-04-14 03:36:13 +02:00
muxator 684f374ece runtime: require node >= 10.13.0 LTS
At the moment, NodeJS 10.x is the lowest supported LTS version. NodeJS 8.x is no
longer supported upstream.

Implements #3835.
Planned in #3650.
2020-04-09 04:43:37 +02:00
Paul Tiedtke 79406051fa Settings.js: support newlines in default values when using variable substitution
This allows, among other things, to correctly support the configuration of
defaultPadText in Docker via an environment variable.
2020-04-07 04:32:37 +02:00
Chocobozzz 82b919fc65 api: add getStats() function 2020-04-04 22:03:46 +02:00
Viljami Kuosmanen e821bbcad8 openapi: add documentation, small optimisation 2020-04-03 01:03:11 +02:00
Neil Oosten 7a999ee398 hooks: allow to set the duration of the gritter notification when a new chat message arrives
This is done adding a new "duration" parameter to the chatNewMessage() client
side hook.
2020-03-27 02:39:29 +01:00
muxator 8a01a5e437 doc: fix numbering in chatNewMessage() client hook parameters
This was originally introduced in bcb92f25a6 ("Refactor chat notifications and
the chatNewMessage hook") from 2013-03-19.
2020-03-27 02:39:29 +01:00
John McLear 6fd2bf4472 hooks: introduce goToRevisionEvent(), a new client-side hook
This hook gets fired both on timeslider load (as timeslider shows a new
revision) and when the new revision is showed to a user.
2020-03-24 23:46:17 +01:00
Pierre Prinetti 0b3cf7cc96 docker: Add Run with volume example
Supersedes https://github.com/ether/etherpad-lite/pull/3631

Co-authored-by: RaymondCavallaro <RaymondCavallaro@users.noreply.github.com>
2019-12-25 00:48:30 +01:00
muxator a817acbbcc security: when served over https, set the "secure" flag for "express_sid" and "language" cookie
The mechanism used for determining if the application is being served over SSL
is wrapped by the "express-session" library for "express_sid", and manual for
the "language" cookie, but it's very similar in both cases.

The "secure" flag is set if one of these is true:

1. we are directly serving Etherpad over SSL using the native nodejs
   functionality, via the "ssl" options in settings.json

2. Etherpad is being served in plaintext by nodejs, but we are using a reverse
   proxy for terminating the SSL for us;
   In this case, the user has to be instructed to properly set trustProxy: true
   in settings.json, and the information wheter the application is over SSL or
   not will be extracted from the X-Forwarded-Proto HTTP header.

Please note that this will not be compatible with applications being served over
http and https at the same time.

The change on webaccess.js amends 009b61b338, which did not work when the SSL
termination was performed by a reverse proxy.

Reference for automatic "express_sid" configuration:
https://github.com/expressjs/session/blob/v1.17.0/README.md#cookiesecure

Closes #3561.
2019-12-07 04:36:01 +01:00
muxator 30fd53f1fd docker: move docker/settings.json to /settings.json.docker 2019-11-08 23:50:50 +01:00
Pierre Prinetti dc15f4a43c docker: build from the local working directory
With this change, the Dockerfile builds the Docker image from the code
checked out in the local filesystem, instead of downloading a revision
from git.

Implements #3657
2019-11-08 22:56:30 +01:00
muxator c008ee36bd docker: incorporate the docker docs into the official documentation
This also means increasing the indentation level.
2019-11-08 23:17:34 +01:00
muxator 312c72c364 formatting: bulk remove trailing whitespaces
Do not touch vendorized files (e.g. libraries that were imported from external
projects).

No functional changes.

Command:
    find . -name '*.<EXTENSION>' -type f -print0 | xargs -0 sed -i 's/[[:space:]]*$//'
2019-10-20 02:09:22 +02:00
Ray Bellis fc661ee13a core: allow URL parameters and POST bodies to co-exist.
Node 8.14.0 prohibits HTTP headers that exceed 8 KB (source:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/#denial-of-service-with-large-http-headers-cve-2018-12121).

This patch allows for the parameters within the body of an HTTP POST request to
be used in addition to those within the URL (and will override them).

Closes #3568.

---
Muxator 2019-10-19:
- this commit was cherry-picked from 882b93487f
- it was modified to include the necessary changes in the documentation
2019-06-27 00:52:53 +02:00
muxator 705cc6f5e4 Change everywhere the link to https://etherpad.org (it was plain http) 2019-04-16 00:54:54 +02:00
muxator 9d35d15ae3 node8: require nodejs >= 8.9.0, npm >= 6.4
Next version will be Etherpad 1.8. As planned in #3424, we are going to require
NodeJS >=8.9.0 and npm >= 6.4.

This commit implements that change and updates documentation and scripts.
Subsequent changes will get rid of old idioms, dating back to node < 0.7, that
still survive in the code.
Once migrated to NodeJS 8, we will be able to start working on migrating the
code base from callbacks to async/await, greatly simplifying legibility (see
#3540).

Closes #3557
2019-02-19 22:01:12 +01:00
muxator 4f0a2785da release: prepare for 1.7.5
Written the changelog and updated package.json.
2019-01-26 00:16:03 +01:00
HairyFotr fce55df2b7 Fix typos 2019-01-16 11:14:04 +01:00
muxator aca8fae682 easysync-full-description: regenerate the pdf document
The .tex source was updated to fix some typos, but the corresponding pdf was not
regenerated.

Command used to generate the pdf:
  pdflatex easysync-full-description.tex

The incorporated changes are:
- 49114d2b7a (2014-06-01)
- c7548450c0 (2017-09-14)
2018-12-09 15:56:17 +01:00
muxator 66d87babfa doc: passwordHash does not contain a bcrypted password, but a salted sha512 sum
The documentation was written on 2011-08-03:
    31067f163f17: added a documentation for the database structure

The implementation using sha512 instead of bcrypt was committed two days later,
on 2011-08-10:
    ce1012438ef8: added setPublicStatus, getPublicStatus, setPassword and isPasswordProtected
2018-11-05 22:45:00 +01:00
muxator 23eab79946 pad.html: for each client plugin, add a class to #editorcontainerbox
This commit implements the following behaviour:

1. adds a function clientPluginNames() to hooks.js (mimicking what is done in
   static.js), which returns an array containing the list of currently installed
   client side plugins. The array is eventually empty.

2. calls that function in pad.html at rendering time (thus server-side) to
   populate a class attribute.

Example results:
- with no client-side plugins installed:
  <div id="editorcontainerbox" class="">

- with some client-side plugins installed:
  <div id="editorcontainerbox" class="ep_author_neat ep_adminpads">

Looking at the existing code (src/node/hooks/express/static.js#L39-L57), a
client-side plugin is defined as a plugin that implements at least a client side
hook.

NOTE: there is currently no support for notifying plugin removal/installation
      to the connected clients: for now, in order to get an updated class list,
      the clients will have to refresh the page.

Fixes #3488
2018-10-02 21:22:13 +02:00
muxator 6620014b77 skins: describe the skins in the documentation 2018-08-26 21:17:04 +02:00
"muxator ext:(%22) d499e1b046 docs: direct link to measured.Collection from stats.md 2018-08-14 13:27:31 +02:00
muxator e9fb63f426 docs: "```js" -> "```json" in Markdown of some json blocks 2018-08-09 22:27:56 +02:00
muxator 7544585908 runtime: enforce minimal node version to 6.9.0
Etherpad 1.6.6 does not run on node <= 5 already.
Node 6.9 is the first LTS release in the 6 series, and comes with npm 3.10.8.

Declarations in package.json are advisory unless the user has set
`engine-strict` config flag.

Updated the docs accordingly.
2018-07-28 23:33:24 +02:00
John McLear 2765a95774
Merge pull request #3218 from klausweiss/develop
Feature: New server-side hook: onAccessCheck
2018-04-03 13:38:47 +01:00
HairyFotr c7548450c0
Typos and minor fixes in bin, doc, and root 2017-09-14 13:33:27 +02:00
Mikołaj Biel 5c8a15c3d7 fix `sessionCookie` number in onAccessCheck 2017-07-12 00:28:51 +02:00
Mikołaj Biel 35702a0589 [feat] New server-side hook: onAccessCheck 2017-07-10 20:54:32 +02:00
Luiza Pagliari fc89034a55 [feat] New server-side hook: padCopy
Let plugins know when a pad is copied.
2017-05-18 18:52:14 -03:00
Luiza Pagliari d78681350b Merge pull request #3149 from AdamNiederer/patch-1
Remove an extra space
2017-03-13 06:55:07 -03:00
Adam Niederer cb8fe92df7 Fix typo 2017-03-11 22:09:49 -05:00
Adam Niederer 7520377026 Spelling fixes 2017-03-11 21:38:50 -05:00
Adam Niederer 52d5fc713e Spelling fixes 2017-03-11 21:36:37 -05:00
Adam Niederer 867e2d69d4 Spelling, grammar, and style improvements 2017-03-11 21:35:00 -05:00
Adam Niederer 6d279f0ee1 Spelling fix
Also removes an extra space
2017-03-11 21:34:34 -05:00
Adam Niederer a5e576c564 Grammar fix 2017-03-11 21:30:32 -05:00
Adam Niederer eeb8e82771 Remove an extra space 2017-03-11 21:27:34 -05:00
Sjoerd Langkemper d48395089c Update called from for two hooks
`expressCreateServer` and `expressConfigure` are called from `express.js`, not
from `server.js`.
2017-01-17 14:59:24 +01:00
Alexander Lorz cd7f01f40a minor changes in docs
- correct link to doc generation tool.
 - fixed incomplete sentence regarding API client libraries
2016-12-26 20:18:34 +01:00
Luiza Pagliari 01d23b1f6a Merge pull request #2929 from xavidotron/develop
Pass through the "item" parameter to registerAceCommand callbacks.
2016-12-13 06:12:26 -02:00
Luc Didry 2341d09807 Add undocumented API function restoreRevision to doc
This commit is dedicated to Schoumi. Thx for supporting me on Tipeee :-)
2016-11-16 10:36:18 +01:00