ae9114f140
Edit settings.js
...
Added formal panics for invalid JSON.
2022-01-26 19:35:21 -05:00
578ae17aa8
Add docker & npm ecosystem to dependabot
2022-01-26 19:34:27 -05:00
315bcccc14
Localisation updates from https://translatewiki.net .
2022-01-24 13:03:53 +01:00
e4a336e875
plugins: Add npm packages to etherpad org
2022-01-20 20:33:24 -05:00
c7195b1133
docker: Add variables for cookie settings
2022-01-19 23:08:32 -05:00
861a929a43
docker: Sync `settings.json.docker` with `.template`
2022-01-19 23:06:56 -05:00
692749d1cf
express-session: Extend session lifetime if user is active
2022-01-17 21:45:56 -05:00
9c1f52f1b0
express-session: Install package from `@etherpad` scope
...
This allows us to use some in-progress features.
2022-01-17 21:45:56 -05:00
023e58cfe6
express-session: Set a finite cookie lifetime
2022-01-17 21:45:56 -05:00
ec10700dff
express-session: Don't save uninitialized sessions
...
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
2022-01-17 21:45:56 -05:00
7255dd7ef0
express-session: Inherit proxy trust from Express
2022-01-17 21:45:56 -05:00
945e6848e2
SessionStore: Delete DB record when session expires
...
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
2022-01-17 21:45:56 -05:00
72cd983f0f
SessionStore: Option to update DB record on `touch()`
2022-01-17 21:45:52 -05:00
b991948e21
SessionStore: Don't write DB record if already expired
2022-01-17 21:33:58 -05:00
4d498725c7
SessionStore: Improve cookie expiration check
...
* Don't mutate `sess.cookie.expires`.
* Allow `sess.cookie` to be nullish.
* Always compare `Date` objects.
2022-01-17 18:17:40 -05:00
928c598ecf
tests: Add SessionStore backend tests
2022-01-17 17:51:08 -05:00
efab3aed0c
deps: Update ueberdb2 to 2.0.1 to get proper JSON support
2022-01-14 00:45:47 -05:00
d3984aa621
express: Move `preAuthorize` hook after `express-session`
...
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.
This change undoes the following commits:
* bf35dcfc500b1ec20c5c30544b564e
2022-01-14 00:44:54 -05:00
75637708c0
express: Move up `cookie-parser` middleware
...
This makes it possible for the `preAuthorize` and `preExpressSession`
hooks to easily read or set cookies.
2022-01-14 00:44:54 -05:00
ab85db4426
webaccess: Silence prototype pollution warning
2022-01-14 00:44:54 -05:00
dcd43e9849
webaccess: Use `.startsWith()` instead of `.search()`
2022-01-14 00:44:54 -05:00
b9118c22ba
Localisation updates from https://translatewiki.net .
2022-01-13 13:02:54 +01:00
fd9b770579
PadManager: Refactor `padList` to avoid duplicate loads
2022-01-02 20:44:42 -05:00
66ce2b50a9
openapi: Convert `Promise.catch()` to `catch` block
2022-01-02 19:17:20 -05:00
fa8bdb0348
promises: Add a comment explaining a subtlety in `Gate`
2022-01-02 18:57:44 -05:00
a115c475ad
promises: Expose `reject` in `Gate`
2022-01-02 18:57:44 -05:00
b72db7ebd6
promises: Return a `Promise` from `Gate.then()`
...
It doesn't make sense to return a `Gate` from `Gate.then()`, and this
eliminates the semantically confusing constructor parameter.
2022-01-02 18:57:44 -05:00
78a67801f3
promises: Move Gate from `server.js` (to enable reuse)
2022-01-02 18:57:44 -05:00
c8d45586c1
server: Fix stop Gate creation and check
2022-01-02 18:57:44 -05:00
10c55a2328
Changeset: Explain why number of removals doesn't matter
2021-12-31 22:53:59 -05:00
6495b1e6f4
tests: Disable deprecation warnings when testing deprecated functions
2021-12-31 22:15:03 -05:00
c0471dd238
tests: Avoid deprecated `Changeset.opIterator`
2021-12-31 22:14:07 -05:00
0af728ffee
textLinesMutator: coverage for changed attributes in multiline keeps
2021-12-30 18:44:29 -05:00
93447b7493
easysync tests: cover more string operation scenarios
2021-12-30 18:44:29 -05:00
395cbc01bb
Changeset.js: refine comments
2021-12-30 18:44:29 -05:00
55c47efd4c
easysync tests: add some more smartOpAssembler tests
2021-12-30 18:44:29 -05:00
12ebca897d
easysync: add clear method to stringAssembler
2021-12-30 18:44:29 -05:00
0cc15df9b9
Prevent pad translation and crash
...
Prevent "TypeError: Cannot read properties of null (reading 'sheet')"
exception because google chrome can translate `<style type="text/css" title="dynamicsyntax"></style>` title attribute
2021-12-22 17:46:32 +01:00
cb257de8f9
Bump version to v1.9.0 for plugin `peerDependencies`
...
This allows plugins to depend on the not-yet-released API by bumping
their `peerDependencies` to `>=1.9.0`.
IMPORTANT: v1.9.0 IS NOT RELEASED YET. I tried to bump the version to
1.9.0-alpha.0 instead, but unfortunately that doesn't satisfy
`>=1.8.6` which would break just about every plugin.
2021-12-21 17:23:56 -05:00
02a56dc58c
PadMessageHandler: Allow `handleMessageSecurity` to grant one-time write access
2021-12-21 17:23:56 -05:00
31b025bd9d
PadMessageHandler: Pass session info to `handleMessageSecurity` hook
2021-12-21 17:23:56 -05:00
1b52c9f0c4
PadMessageHandler: Deprecate `client` context property
2021-12-21 17:23:56 -05:00
8539a66439
docs: Improve `handleMessageSecurity` documentation
2021-12-21 17:23:56 -05:00
f1856cf95a
Docker: Use new `/health` endpoint for HEALTHCHECK
2021-12-21 17:19:56 -05:00
11de525508
Docker: Install and use link for `etherpad` binary
2021-12-21 17:19:56 -05:00
83f2898723
package.json: Define `etherpad` binary
2021-12-21 17:19:56 -05:00
696f9c3367
specialpages: New `/health` endpoint for health checking
...
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
2021-12-21 17:19:56 -05:00
2e4c546c7f
Pad: Add new `.spliceText()` method
...
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-21 17:00:18 -05:00
30544b564e
express: Skip express-session middleware if pre-authorized
2021-12-20 20:08:19 -05:00
649fbdccf5
express: Move static handlers to `expressPreSession`
...
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
2021-12-20 20:08:19 -05:00
RichDavis1