Commit Graph

6145 Commits (7bd5435f50e3a9ac12871fba6f4c7de795900e8f)

Author SHA1 Message Date
Stefan Mueller e64a269a65 Update version to 1.8.5 2020-09-08 22:09:56 +02:00
Stefan Mueller 10402c2e2d Update version to 1.8.5 2020-09-08 21:56:20 +02:00
John McLear 7258d75cc5 bumping ueber 2020-09-08 16:03:15 +01:00
John McLear 2b9915d00d commenting out responsiveness test in preperation for a release 2020-09-08 15:18:19 +01:00
Richard Hansen 6c2a361935 import: Use the correct author ID when using sessions
There are two different ways an author ID becomes associated with a
user: either bound to a token or bound to a session ID. (The token and
session ID come from the `token` and `sessionID` cookies, or, in the
case of socket.io messages, from the `token` and `sessionID` message
properties.) When `settings.requireSession` is true or the user is
accessing a group pad, the session ID should be used. Otherwise the
token should be used.

Before this change, the `/p/:pad/import` handler was always using the
token, even when `settings.requireSession` was true. This caused the
following error because a different author ID was bound to the token
versus the session ID:

> Unable to import file into ${pad}. Author ${authorID} exists but he
> never contributed to this pad

This bug was reported in issue #4006. PR #4012 worked around the
problem by binding the same author ID to the token as well as the
session ID.

This change does the following:
  * Modifies the import handler to use the session ID to obtain the
    author ID (when appropriate).
  * Expands the documentation for the SecurityManager checkAccess
    function.
  * Removes the workaround from PR #4012.
  * Cleans up the `bin/createUserSession.js` test script.
2020-09-08 15:04:17 +01:00
Richard Hansen db0bcb524e SecurityManager: Use constants for returned rejections
This reduces the chances of a typo-induced bug.
2020-09-08 14:53:28 +01:00
Sebastian Castro 818194da90
editor/performance: Fix performance for large pads (#4267)
* Fix line numbers top padding

This old rule was conflicting with new css rules introduced in 1.8.4

* Fixes #4228 Performance degradation for long pads 

Due to layout trashing when calculating new heights
2020-09-08 14:52:26 +01:00
Richard Hansen da459888dc plugins: Move plugin definitions to avoid monkey patching
Also document the plugin data structures.
2020-09-08 00:50:24 +01:00
Richard Hansen dcbf876d03 hooks: New mechanism to deprecate hooks
I plan on splitting authFailure into authnFailure and authzFailure so
that separate authentication and authentication plugins can coexist
peacefully. This change will make it possible to mark the authFailure
hook as deprecated (which simply logs a warning).
2020-09-08 00:49:10 +01:00
Richard Hansen 8cf2bcaeb4 plugins: Fix type typo
`exports.parts` is a topologically sorted array, but the intermediate
collection of parts assembled in `plugins.update()` is associative.
2020-09-08 00:47:32 +01:00
Richard Hansen c3b2e68dad Revert "Delete redundant token2author DB save"
Something's weird here; this change shouldn't have any effect. I'll
have to squint at the code some more.

This reverts commit 2bf076043f.

Fixes #4262
2020-09-08 00:46:01 +01:00
webzwo0i 49a6b1dac2 GroupManager: typo during session deletion 2020-09-08 00:45:39 +01:00
translatewiki.net efa4ba3cf1 Localisation updates from https://translatewiki.net. 2020-09-07 16:40:05 +02:00
Richard Hansen 68be78ace0 SecurityManager: Simplify checkAccess 2020-09-07 08:34:15 +01:00
Richard Hansen 17096919e0 PadMessageHandler: Delete redundant check
This check is already made very early in `handleMessage`.
2020-09-05 22:49:07 +01:00
Richard Hansen d4162341e7 webaccess: Always sleep for 1s before returning HTTP 401
Not all authentication plugins require the Authorization header, so it
might not be present in subsequent attempts. (In particular, a reverse
proxy might strip it.)
2020-09-05 22:45:46 +01:00
Richard Hansen 442fe1e86f pluginfw: Always include the function name in `hook_fn_name`
Plugin authors are allowed to omit the function name in the `ep.json`
parts definition. For example:

```
{
  "parts": [
    {
      "name": "ep_example",
      "hooks": {
        "authenticate": "ep_example",
        "authFailure": "ep_example"
      }
    }
  ]
}
```

If omitted, the function name is assumed to be the same as the hook
name. Before this change, `hook_fn_name` for the example hooks would
both be `/opt/etherpad-lite/node_modules/ep_example`. Now they are
suffixed with `:authenticate` and `:authFailure`. This improves
logging, and it makes it possible to use `hook_fn_name` to uniquely
identify a particular hook function.
2020-09-05 22:43:17 +01:00
Richard Hansen 6f3e7d14f6 hooks: Always return a list from `aCallFirst` and `callFirst`
Every existing caller of `aCallFirst` expects a list and will throw an
exception if given `undefined`. (Nobody calls `callFirst`, except
maybe plugins.)
2020-09-05 20:35:19 +01:00
Richard Hansen 9f288480e8 docs: Revise hooks overview section 2020-09-05 20:34:47 +01:00
John McLear ec01e4c947
tests: npminstall before update
Some plugins have npm dependencies, we should install them before testing them.
2020-09-05 12:44:49 +01:00
Richard Hansen 2bf076043f Delete redundant token2author DB save
See:
https://github.com/ether/etherpad-lite/pull/4012#issuecomment-686005563
https://github.com/ether/etherpad-lite/issues/4006
2020-09-05 12:40:16 +01:00
Richard Hansen 9962be2450 User list: Use flexbox for #myuser div
This makes it easier for an eejsBlock_userlist plugin to add something
to that row.
2020-09-05 12:38:12 +01:00
Richard Hansen 55f201a2aa docs: Document the authFailure hook 2020-09-05 12:37:46 +01:00
Richard Hansen e0d6d17bf0 webaccess: Restructure for readability and future changes
* Improve the comment describing how the access check works.
  * Move the `authenticate` logic to where it is used so that people
    don't have to keep jumping back and forth to understand how the
    access check works.
  * Break up the three steps to reduce the number of indentation
    levels and improve readability. This should also make it easier to
    implement and review planned future changes.
2020-09-05 12:37:23 +01:00
Richard Hansen b044351f0a webaccess: Rename `basicAuth` to `checkAccess`
Thanks to hooks, the function can do much more than just basic
authentication.
2020-09-05 12:37:23 +01:00
Richard Hansen 2830aaebf1 webaccess: Use `===` instead of `==` for comparison 2020-09-05 12:37:23 +01:00
Richard Hansen f0e5bff84f webaccess: Simplify object construction 2020-09-05 12:37:23 +01:00
Richard Hansen 0a8569d0ad webaccess: Use `const` or `let` instead of `var` 2020-09-05 12:37:23 +01:00
Richard Hansen a7be5278a3 webaccess: Use arrow functions instead of `function` keyword 2020-09-05 12:37:23 +01:00
Richard Hansen 726101d6a8 webaccess: Use single quotes everywhere 2020-09-05 12:37:23 +01:00
Richard Hansen 9011207a37 webaccess: Add semicolons after statements 2020-09-05 12:37:23 +01:00
Richard Hansen e82a3055e6 webaccess: Whitespace fixes 2020-09-05 12:37:23 +01:00
Richard Hansen f0b7dc7c53
pluginfw: PadMessageHandler: Pass socket.io Socket object to clientVars hook (#4245)
Also revise the clientVars hook documentation.
2020-09-05 10:51:39 +01:00
Richard Hansen 4c0ab8a14e
docs: Document the authorize hook (#4233) 2020-09-04 18:52:25 +01:00
Richard Hansen b364d12d9b
CSS: User list: Add missing semicolon to CSS property (#4244) 2020-09-04 18:51:42 +01:00
translatewiki.net 3139dd2037 Localisation updates from https://translatewiki.net. 2020-08-31 16:06:56 +02:00
webzwo0i d30364d3de
tests: make it more clear that test duration exceeded (#4237) 2020-08-30 16:41:12 +01:00
John McLear 12c05c20b2
bugfix/import: doc import bugfix (#4235) 2020-08-30 14:11:12 +01:00
John McLear 4db484e34e
tests: uncomment responsiveness tests
To make travis run them again and review to see what fails.
2020-08-27 22:45:32 +01:00
Richard Hansen aee1c3e7c5
docs: Document the authenticate hook (#4232) 2020-08-27 12:57:38 +01:00
John McLear e6949cd974
Create codeql-analysis.yml 2020-08-24 17:57:30 +01:00
translatewiki.net 431aadf143 Localisation updates from https://translatewiki.net. 2020-08-24 15:23:25 +02:00
John McLear 7a076d1f3a
housekeeping: v3 of automatic plugin fixing tool.
Make sure plugins do npm install before being tested.
2020-08-22 15:50:55 +01:00
translatewiki.net 4eda214ee9 Localisation updates from https://translatewiki.net. 2020-08-17 19:16:56 +02:00
translatewiki.net 5c3f8cd4e1 Localisation updates from https://translatewiki.net. 2020-08-13 19:15:16 +02:00
translatewiki.net 13c5bdf75f Localisation updates from https://translatewiki.net. 2020-08-07 09:39:00 +02:00
ovari 7b2895a75f
i18n / l10n plugin translation (#4212) 2020-08-03 22:27:45 +01:00
translatewiki.net d3e45e3890 Localisation updates from https://translatewiki.net. 2020-08-03 19:40:25 +02:00
ovari 31d05d5c14
Add link to Etherpad plugin list in README.md (#4211) 2020-08-03 12:39:43 +01:00
ovari 5f0fb55fc5
docs: Update README.md (#4201) 2020-08-02 13:23:26 +01:00