Commit Graph

5682 Commits (68ff6d497de94833eb826e1ca54a8a5dfd127b86)

Author SHA1 Message Date
John McLear b74a4819ae
beta.etherpad.org been down a while
Sorry about the direct commit 🍡
2020-03-31 19:54:46 +01:00
muxator 4ee5ddb496 caching_midleware: also run when nodejs does not have crypto module
According to the nodejs docs [0] the `crypto` module might be unavailable on
some platforms:

> It is possible for Node.js to be built without including support for the
> crypto module. In such cases, calling require('crypto') will result in an
> error being thrown

A description of such scenarios can be found here [1].

> * running non-standard node in a resource- or security-constrained
>   environment
> * running in emulated environment (browserify, webpack etc.)
> * building node from source and omitting openssl/crypto for random reason

TypeScript guys dealt with this same issue and they resolved it in an elegant
way in [2].

We copy that approach here: if importing crypto fails at runtime, we replace
sha256 with djb2 [3], which is weaker, but works for our case.

The djb2 story is fun: see this Stack Overflow post [4], and the original
mailing list post from 1991 [5] by Daniel J. Bernstein [6].

He was 20 at the time!

[0] https://nodejs.org/docs/latest-v10.x/api/crypto.html#crypto_determining_if_crypto_support_is_unavailable
[1] https://github.com/microsoft/TypeScript/issues/19100#issuecomment-335871998
[2] 9677b0641c
[3] http://www.cse.yorku.ca/~oz/hash.html#djb2
[4] https://stackoverflow.com/questions/1579721/why-are-5381-and-33-so-important-in-the-djb2-algorithm
[5] https://groups.google.com/forum/#!msg/comp.lang.c/lSKWXiuNOAk/zstZ3SRhCjgJ
[6] https://en.wikipedia.org/wiki/Daniel_J._Bernstein
2020-03-31 04:09:49 +02:00
Tom Hudson fc754c9a1d Switches cacheKey from base64 of path to sha256 of path; fixes #3502 2020-03-31 02:42:58 +02:00
John McLear 6c12a7fb1f tests: backend tests for utf8 & emojis support 2020-03-31 02:11:25 +02:00
John McLear 352b432ed1 tests: in backend tests, use POST instead of GET for setText() and setHTML()
This is allowed starting from fc661ee13a ("core: allow URL parameters and POST
bodies to co-exist"), which landed in Etherpad 1.8.0. For the discussion, see
issue #3568.
2020-03-31 02:11:25 +02:00
muxator b2dc446740 tests: typo in a comment in the backend tests 2020-03-31 02:11:25 +02:00
John McLear 25bf460ac6 chat: in addMessage(), be tolerant when userId is missing
For whatever reason (a bug, a database corruption, ...) the userId field in
"msg" can sometimes be missing.

In this case, let's be defensive, use "unknown" as userId and issue a warning
in the console, instead of crashing the client.

Fixes #3731 (really a patch, the underlying issue is still present)
2020-03-30 22:15:51 +02:00
John McLear fa3e4b146a settings: document the possibility of using Unix sockets
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen), which
in turn supports Unix sockets.

The only remaining thing to do was documenting it.

Fixes #3312
2020-03-30 03:36:55 +02:00
John McLear 85217b55e0 contentcollector: pasting an OL in Chrome inserted an additional line break. Fixed.
This comments out some code that was probably a quirk from ie6 era.
See PR: https://github.com/ether/etherpad-lite/issues/2412

Fixes #2412.
2020-03-30 02:28:08 +02:00
John McLear 8b2fe75867 toolbar: don't show the "saved revision" button in timeslider
The saved revision "star" button appeared in the timeslider toolbar too.

This change introduces a second flag "page" in toolbar.menu(), which controls
whether the toolbar is being drawn for a pad or in the timeslider page.

Fixes #3767.
2020-03-30 01:59:49 +02:00
John McLear 0d2854571d toolbar: show the "save revision" button only on the right toolbar.
Revision b480416375 fixed a bug, but introduced a regression, and the "save
revision" "star" button started to appear both on the left and the right
toolbar.

This change introduces a flag "whichMenu" in toolbar.menu(), that controls
whether the left, the right or the timeslider toolbar is being drawn.
2020-03-30 01:59:49 +02:00
muxator 463d7fb163 timeslider: always pass the "isReadOnly" parameter to toolbar.menu()
This argument was missing since since b662d5c618 ("dont show editing buttons
in R/O view"), 2015-05-19.
2020-03-30 01:59:49 +02:00
muxator 2360c33629 toolbar: formatting, no functional changes.
In preparation for the next commits by John.
2020-03-30 01:59:49 +02:00
muxator 4a17443a2e tests: future proof travis/runner.sh and make it more robust
This change only slightly modifies the bahaviour of travis/runner.sh, but:

1. speeds up the tests, because it does not install dependencies before running
   them. Dependencies are already installed by .travis.yml in its "install"
   section;
2. if for some reason Etherpad does not start, there is a sudden failure,
   instead of launching the front end tests anyway, and then having to wait 10
   minutes for them to time out;
3. it is compatible with a different way of installing etherpad dependencies
   ("npm ci" instead of "npm install"), whereas the previous one broke. This
   will probably be introduced in a while, so this change future-proofs for it
   (see #3778).
4. it is more robust, because it detects more reliably the paths, and changes
   between them correctly;

Please note that the script now requires bash instead of a generic posix shell.
This may break on platforms which default to a different shell (FreeBSD, MacOS?)
2020-03-29 23:59:28 +02:00
muxator 2b753f13ea package-lock.json: resync. This should have been part of 06d961f2b6 ("Checks MySQL for charset")
When changing something in package.json, it is necessary to also commit an
associated package-lock.json generated from a clean install.
2020-03-29 01:35:30 +01:00
muxator a181ea8fbe bin: replace double backticks (``) with $()
This has been the recommended way of launching subshells for ages, and is easier
to type and on the eye.

For a quick reference, see:
https://unix.stackexchange.com/questions/5778/whats-the-difference-between-stuff-and-stuff#5782
2020-03-29 00:53:17 +01:00
John McLear 1ad6e9c288 Settings: when restarting via UI, tell the admins to ignore a warning about sessionKey
Fixes #3770.
2020-03-28 19:09:22 +01:00
Neil Oosten 7a999ee398 hooks: allow to set the duration of the gritter notification when a new chat message arrives
This is done adding a new "duration" parameter to the chatNewMessage() client
side hook.
2020-03-27 02:39:29 +01:00
muxator 8a01a5e437 doc: fix numbering in chatNewMessage() client hook parameters
This was originally introduced in bcb92f25a6 ("Refactor chat notifications and
the chatNewMessage hook") from 2013-03-19.
2020-03-27 02:39:29 +01:00
John McLear 14ae2ee950 checkPadDeltas: version by JohnMcLear
From https://github.com/ether/etherpad-lite/pull/3717#issuecomment-602179127

> Afaik I used async / await that's pretty much all, I think I had to do some
> polish because something was broken, remember stuff like pad.getPadAuthors was
> b0rked in 1.7 or so
2020-03-27 01:50:56 +01:00
Marcel Klehr 90f9b8a3bd checkPadDeltas: original version from marcelklehr (2014-05-14)
Committed by muxator on 2020-03-22, taking the raw version from:
c65b496402/checkPadDeltas.js
2020-03-27 01:50:56 +01:00
John McLear 06d961f2b6 Checks MySQL for charset
Helps fix 3733
2020-03-27 01:31:23 +01:00
John McLear 8f2ad7a0e8 tests: use latest Safari in Saucelab front end tests
I verified that, as of today, "latest" Safari version works on Saucelabs.
2020-03-26 23:26:25 +01:00
John McLear 6fd2bf4472 hooks: introduce goToRevisionEvent(), a new client-side hook
This hook gets fired both on timeslider load (as timeslider shows a new
revision) and when the new revision is showed to a user.
2020-03-24 23:46:17 +01:00
muxator 39f271bfed DB.js: remove else clause, since we are already exiting early
No functional changes.
2020-03-24 23:26:19 +01:00
John McLear 3c78ada8da tests: disable a scroll test that needs to be looked at 2020-03-24 23:24:38 +01:00
John McLear ee47bac7b0 tests: increase timeout 2020-03-24 23:24:38 +01:00
John McLear 7cf911c330 tests: don't run specific tests in Edge that simulate enter keypress
Because I can't get enter keypress to simulate properly despite trying various
approaches.
2020-03-24 23:24:38 +01:00
John McLear 90da21df35 tests: some scroll tests fixed 2020-03-24 23:24:38 +01:00
John McLear fc1d1fca2b tests: fix redo 2020-03-24 23:24:38 +01:00
John McLear 675c839d92 tests: use helper for evttype to reduce duplicate code 2020-03-24 23:24:38 +01:00
John McLear be9afc7955 tests: re-enable test for undo 2020-03-24 23:24:38 +01:00
John McLear 93ee98ea4b tests: remove white space from getSelection(). This HACK fixes Firefox tests
This is a bit of a hack, because it appears that getSelection() behaviour is
not consistent across browsers.
2020-03-24 23:24:38 +01:00
John McLear d05e02a681 tests: increase helper timeout 2020-03-24 23:24:38 +01:00
John McLear f7783e5f2a tests: Firefox suport for undo keypress 2020-03-24 23:24:38 +01:00
John McLear d8c4dd7e77 tests: fix IE undo test 2020-03-24 23:24:38 +01:00
John McLear 58e1e2d16f tests: hopefully fixed all tests to be working in edge 2020-03-24 23:24:38 +01:00
John McLear 4eec68fbdd tests: ignore vim swap files
This helps during plugin development, which otherwise which break when a
developer is editing a test.
2020-03-24 23:24:38 +01:00
muxator 04e9fc3a2f formatting: bulk remove trailing whitespaces on frontend tests
This is a followup on 312c72c364, which did the same on the main code base,
and is preliminary work for tidying up John's changes in the following commits.

No functional changes.

Command:
    find tests/frontend -name '*.js' -type f -print0 | xargs -0 sed --in-place 's/[[:space:]]*$//'
2020-03-24 23:24:38 +01:00
John McLear 61f0b5db0b tests: enable sauce labs tests again 2020-03-23 23:51:51 +01:00
John McLear 88d05d3e66 tests: configure the OS/Browsers versions on which tests will be run
For all the supported operating systems, the latest version of each browser is
supported, with the Exception of Win 8 / IE 10, which has an explicit version
pinned.
2020-03-23 23:51:51 +01:00
John McLear 3085f46f32 tests: explicit tunnel version URI in sauce_tunnel.sh
For an explanation, see bf0bb58c70.
2020-03-23 23:51:51 +01:00
muxator f6436be486 tests: quote bash variables in sauce_tunnel.sh 2020-03-23 23:51:51 +01:00
Chocobozzz 43ca44e444 minify: make conditional requests work. No HTTP/304 was ever generated and file were reminified uselessly.
By specification [0], the if-modified-since HTTP header sent by browsers does
not include milliseconds.

Before this patch, let's say a file was generate at time:
    t_real-file         = 2020-03-22T02:15:53.548Z (note the fractional seconds)

When issuing a conditional request, the browser would truncate the fractional
part, and only request an if-modified-since with this contents:
    t_if-modified-since = 2020-03-22T02:15:53.000Z

The minify() function would return HTTP/304 only if
t_if-modified-since >= t_real-file, but this would never be true unless, by
chance, a file was generated at XX.000Z.

This resulted in that file being minified/compressed again and resent to the
client for no reason. After this patch, the server correctly responds with
HTTP/304 without doing any computation, and the browser uses the cached file.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
2020-03-23 11:34:01 +01:00
translatewiki.net 2bce9f5c38 Localisation updates from https://translatewiki.net. 2020-03-23 14:58:30 +01:00
John McLear 71fa852dfb dependencies: update cheerio 0.20.0 -> 0.22.0
No variation in # of security vulnerabilities.

The output of `npm audit` goes from this:
  found 7 vulnerabilities (5 low, 2 high) in 13881 scanned packages
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 7 vulnerabilities (5 low, 2 high) in 13795 scanned packages
    7 vulnerabilities require manual review. See the full report for details.
2020-03-15 14:36:42 +00:00
muxator b075d1fd7c dependencies: update mocha 5.2.0 -> 7.1.1
This is a dev dependency. No impact in production.
After this upgrade the backend tests ("cd src; npm test") still pass.

This fixes 2 reported security vulnerabilities.

The output of `npm audit` goes from this:
  found 9 vulnerabilities (7 low, 2 high) in 13707 scanned packages
    run `npm audit fix` to fix 1 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 7 vulnerabilities (5 low, 2 high) in 13881 scanned packages
    7 vulnerabilities require manual review. See the full report for details.
2020-03-22 00:33:22 +01:00
muxator dabc1cae56 dependencies: update nyc 14.1.0 -> 15.0.0
This is a dev dependency. No impact in production.
After this upgrade the backend tests ("cd src; npm test") still pass.

This fixes 1 reported security vulnerability.

The output of `npm audit` goes from this:
  found 10 vulnerabilities (8 low, 2 high) in 13390 scanned packages
    run `npm audit fix` to fix 2 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 9 vulnerabilities (7 low, 2 high) in 13707 scanned packages
    run `npm audit fix` to fix 1 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.
2020-03-22 00:33:22 +01:00
muxator 4cbbf9893f dependencies: update supertest 3.0.0 -> 4.0.2
This is a dev dependency. No impact in production. After this upgrade the
backend tests ("cd src; npm test") still pass.
2020-03-22 00:33:22 +01:00
muxator 6a55e7e03f dependencies: upgrade npm 6.13.4 -> 6.14.3
This fixes 107 reported security vulnerabilites.

The output of `npm audit` goes from this:
  found 117 vulnerabilities (115 low, 2 high) in 13365 scanned packages
    run `npm audit fix` to fix 6 of them.
    1 vulnerability requires semver-major dependency updates.
    110 vulnerabilities require manual review. See the full report for details.

To this:
  found 10 vulnerabilities (8 low, 2 high) in 13390 scanned packages
    run `npm audit fix` to fix 2 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

The changelog for npm can be read at https://github.com/npm/cli/releases
2020-03-22 00:33:22 +01:00