Commit Graph

5581 Commits (83d72d27a405f63782803e0168b1e9121f3cd650)

Author SHA1 Message Date
muxator 83d72d27a4 scroll: replace absolute import with relative one
Fixing this will be useful when we'll want to get rid of require-kernel.

This was introduced by f1fcd16894 ("Add settings to scroll on edition out of
viewport") in 2018-01-03.
2020-04-09 21:09:40 +02:00
translatewiki.net 4699c3e22e Localisation updates from https://translatewiki.net. 2020-04-09 16:00:27 +02:00
muxator 684f374ece runtime: require node >= 10.13.0 LTS
At the moment, NodeJS 10.x is the lowest supported LTS version. NodeJS 8.x is no
longer supported upstream.

Implements #3835.
Planned in #3650.
2020-04-09 04:43:37 +02:00
muxator 6cba0f1dc5 settings: "http://etherpad.org" -> "https://etherpad.org" in the default text of a pad 2020-04-09 03:54:46 +02:00
Chocobozzz 963d12e614 PadManager: use a set instead of an array in padlist
Avoid looping on the array, especially useful if you have many pads.

--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Chocobozzz 94ff21e25c PadManager: anchor the addPad regex to the start of the string
This improves the performance a bit, and is more adherent to the logic of the
application.

--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Chocobozzz 8c4625ec50 tests: add tests for listAllPads() API call
--HG--
branch : padlist-use-set
2020-04-09 03:39:32 +02:00
Marcin Cieślak df08883a00 SecurityManager: remove double quotes from session cookie content
Sometimes, RFC 6265-compliant [0] web servers may send back a cookie whose value
is enclosed in double quotes, such as:

    Set-Cookie: sessionCookie="s.37cf5299fbf981e14121fba3a588c02b,s.2b21517bf50729d8130ab85736a11346"; Version=1; Path=/; Domain=localhost; Discard

Where the double quotes at the start and the end of the header value are just
delimiters. This is perfectly legal: Etherpad parsing logic should cope with
that, and remove the quotes early in the request phase.

Somehow, this does not happen, and in such cases the actual value that
sessionCookie ends up having is:

    sessionCookie = '"s.37cf5299fbf981e14121fba3a588c02b,s.2b21517bf50729d8130ab85736a11346"'

As quick measure, let's strip the double quotes (when present).
Note that here we are being minimal, limiting ourselves to just removing quotes
at the start and the end of the string.

Fixes #3819.
Also, see #3820.


[0] https://tools.ietf.org/html/rfc6265
2020-04-09 01:14:51 +02:00
John McLear 08b83ae358 LibreOffice: use "html:XHTML Writer File:UTF8" export method
This yields better conversion results, but requires the previous change,
otherwise there would have been difficulties in locating the temporary file
name.
2020-04-08 22:51:25 +02:00
John McLear b2ccd0a191 LibreOffice: decouple the extension of the temporary file from its type
In the next commit, we are going to change the conversion method to
"html:XHTML Writer File:UTF8". Without this change, that conversion method name
would end up in the extension of the temporary file that is created as an
intermediate step. In this way, the file extensione will always stay ".html".

No functional changes, hopefully. Only the extension of the temporary file
should change.
2020-04-08 22:51:25 +02:00
John McLear f6907c5fad contentcollector: remove weird stuff LibreOffice adds to DOM before importing 2020-04-08 22:51:25 +02:00
John McLear a371deb9d1 ImportHandler: quick & dirty way of being more lax when matching <title>
This change is meant to ease using LibreOffice as converter. When LibreOffice
converts a file, it adds some classes to the <title> tag.
This is a quick & dirty way of matching the <title> and comment it out
independently on the classes that are set on it.
2020-04-08 22:51:25 +02:00
John McLear babf67175c undomodule: disallow undoing "clear authorship colors"
Clearing the authorship colors of a document with at least two authors, and then
undoing that action caused a disconnect from the pad.
This change disallows undoing clearing authorship colors in order to prevent
the problem from affecting users, and adds the relative test coverage.

This is a change of behaviour, and is documented in the changelog.

Fixes #2802 (sidestepping it).
2020-04-08 15:20:37 +02:00
Paul Tiedtke ffc718e8c0 docker: add support for arbitrary user ids (for OpenShift compatibility)
This solves a compatibility problem with OpenShift. In OpenShift security
model, the containers are run by arbitrary user ids, but the users are always
a member of the root group.

This PR adjusts the permissions accordingly.

Documentation reference:
https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#use-uid
2020-04-08 15:06:08 +02:00
Paul Tiedtke 79406051fa Settings.js: support newlines in default values when using variable substitution
This allows, among other things, to correctly support the configuration of
defaultPadText in Docker via an environment variable.
2020-04-07 04:32:37 +02:00
John McLear 3872690715
ace2_inner: remove Chrome specific hack
This code was specific for older Chrome versions. It can be simplified now.

Fixes #3487
2020-04-07 03:47:46 +02:00
John McLear 8987c5d813 dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify
This was a major update that required code changes.
2020-04-03 00:05:15 +00:00
muxator a286f32c2a dependencies: remove object.values
This should have been part of 09949c242a ("node8: we no longer need to use a
shim for Object.values in stats.js")
2020-04-07 03:15:10 +02:00
muxator a5ed0b524b dependencies: use fixed versions in package.json
We want to track dependencies as explicitly as possible.
2020-04-07 03:04:23 +02:00
Viljami Kuosmanen 3edd727a94 customError: rewrite the module using class syntax
The previous syntax caused a deprecation warning on Node 10.
However, due to the very old version of log4js Etherpad is currently using,
customError objects are going to be displayed as { inspect: [Function: inspect] }.

This needs to be addressed later, updating log4js.

Fixes #3834.
2020-04-07 02:03:17 +02:00
muxator e6251687bf api: test coverage for getStats() 2020-04-04 22:03:46 +02:00
muxator 4ef59bbda0 api: in getStats(), directly rewrote activePads as an expression
Instead of creating an empty Set and then mutate it.
2020-04-04 22:03:46 +02:00
Chocobozzz 82b919fc65 api: add getStats() function 2020-04-04 22:03:46 +02:00
John McLear eb45934788 remove noise 2020-04-03 11:32:14 +01:00
John McLear 4e212d12b2 patch fix for 3825 2020-04-03 11:32:14 +01:00
Chocobozzz 0889a1313d referer: do not send referrer when opening a link
This change augments what was already done in 54e0f2de5b (PR with discussion
at #3636).

For documentation about the meaning of "noopener, noreferrer", see:
https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Window_functionality_features
2020-03-31 10:02:46 +02:00
John McLear cdf5b63f26 use a deletePad approach that works when server is running and works with MySQL 2020-04-03 03:31:18 +02:00
John McLear 93180c287b
tests: in Travis, also run the backend tests
This change introduces automatic execution of the backend tests in Travis.

Implements #2351.
2020-04-03 03:27:05 +02:00
John McLear c2ea2b3a6d webaccess: do not resave session
Before this change, the database was spammed with session values.
Modern express-session has this baked in.
See https://www.npmjs.com/package/express-session#resave for docs.
2020-04-03 02:55:33 +02:00
John McLear 1f0058dd6f interesting discovery RE 3612 and 2802 2020-04-03 02:40:59 +02:00
muxator 3a46e010ce dependencies: bump ueberdb2 0.4.3 -> 0.4.5
Original message from John McLear (PR #3817):
  We now include BINARY in the MySQL WHERE select clause.
  Test coverage might be desirable?

Fixes #2877
2020-04-03 01:27:49 +02:00
Viljami Kuosmanen ccf406708e openapi: support standard http error codes
API errors are now handled at the end of the request heap by
throwing exceptions from the handler
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 3742fdfb04 openapi: disable cors headers for /api/** paths
Still enabled for /rest/** and **/openapi.json
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 6aa30f213a openapi: add jsonp support + test 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen e821bbcad8 openapi: add documentation, small optimisation 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen c2cca39c7d openapi: minor improvements 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 172da1483e openapi: add commented out version of response processors
For some weird reason, these seem to be part of the original swagger
implementation but tests assume they're turned off.

Perhaps a difference between /rest and /api?
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 5792f7224a openapi: add response objects 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 03d8964a7a openapi: upgrade to openapi-backend 2.4.0 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen f9d24f5a39 openapi: remove swagger-node-express 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen 25e081ac89 openapi: implement API handler with openapi-backend
- Tests pass 
- Added openapi-backend hook
- Generating OpenAPI v3 definitions for each API version
- Definitions served /api/openapi.json /api/{version}/openapi.json
2020-04-03 01:03:11 +02:00
John McLear dbab4ad13a dont pass empty author info to edit 2020-04-02 23:29:03 +01:00
muxator 3e3b0dec97 package-lock: restore baseline package-lock.json after 4db91cb2ed
This amends the previous commit, ans should have been part of 4db91cb2ed.
2020-04-02 22:58:38 +02:00
John McLear 0a606de44a bump package lock for ueber 2020-04-01 15:24:24 +00:00
John McLear 4db91cb2ed
Bump Ueber to 0.4.3 2020-04-01 11:49:41 +01:00
muxator b7ac0f7991 Settings: allow the existence of "password" and "hash" attributes for users.
This brings back compatibility with ep_hash_auth, which was inadvertently broken
with 28a3bba4c1.
Based on work by John McLear.

Fixes #3681.
2020-04-01 04:13:21 +02:00
John McLear 53f126082a SessionStore: replace password with PASSWORD_HIDDEN when storing in db
Fixes #3421.
2020-04-01 03:39:05 +02:00
Daniel Krol 3e8b426847 ui: initialize color picker with the user's color
Initialize the color picker with user's current color.
Was previously initialized with grey in Farbtastic library.

Fixes #3617
2020-04-01 02:34:56 +02:00
Daniel Krol ac9d7f80cc tests: add tests showing that the color chooser is not initialized with the user's color
When opening the color chooser after a page load, the selected color is always
gray, and not the user's color.
2020-04-01 02:34:56 +02:00
John McLear b74a4819ae
beta.etherpad.org been down a while
Sorry about the direct commit 🍡
2020-03-31 19:54:46 +01:00