Commit Graph

5607 Commits (c0d9797d0fcf35edd3c0bada7cc631e183a73332)

Author SHA1 Message Date
John McLear 3c78ada8da tests: disable a scroll test that needs to be looked at 2020-03-24 23:24:38 +01:00
John McLear ee47bac7b0 tests: increase timeout 2020-03-24 23:24:38 +01:00
John McLear 7cf911c330 tests: don't run specific tests in Edge that simulate enter keypress
Because I can't get enter keypress to simulate properly despite trying various
approaches.
2020-03-24 23:24:38 +01:00
John McLear 90da21df35 tests: some scroll tests fixed 2020-03-24 23:24:38 +01:00
John McLear fc1d1fca2b tests: fix redo 2020-03-24 23:24:38 +01:00
John McLear 675c839d92 tests: use helper for evttype to reduce duplicate code 2020-03-24 23:24:38 +01:00
John McLear be9afc7955 tests: re-enable test for undo 2020-03-24 23:24:38 +01:00
John McLear 93ee98ea4b tests: remove white space from getSelection(). This HACK fixes Firefox tests
This is a bit of a hack, because it appears that getSelection() behaviour is
not consistent across browsers.
2020-03-24 23:24:38 +01:00
John McLear d05e02a681 tests: increase helper timeout 2020-03-24 23:24:38 +01:00
John McLear f7783e5f2a tests: Firefox suport for undo keypress 2020-03-24 23:24:38 +01:00
John McLear d8c4dd7e77 tests: fix IE undo test 2020-03-24 23:24:38 +01:00
John McLear 58e1e2d16f tests: hopefully fixed all tests to be working in edge 2020-03-24 23:24:38 +01:00
John McLear 4eec68fbdd tests: ignore vim swap files
This helps during plugin development, which otherwise which break when a
developer is editing a test.
2020-03-24 23:24:38 +01:00
muxator 04e9fc3a2f formatting: bulk remove trailing whitespaces on frontend tests
This is a followup on 312c72c364, which did the same on the main code base,
and is preliminary work for tidying up John's changes in the following commits.

No functional changes.

Command:
    find tests/frontend -name '*.js' -type f -print0 | xargs -0 sed --in-place 's/[[:space:]]*$//'
2020-03-24 23:24:38 +01:00
John McLear 61f0b5db0b tests: enable sauce labs tests again 2020-03-23 23:51:51 +01:00
John McLear 88d05d3e66 tests: configure the OS/Browsers versions on which tests will be run
For all the supported operating systems, the latest version of each browser is
supported, with the Exception of Win 8 / IE 10, which has an explicit version
pinned.
2020-03-23 23:51:51 +01:00
John McLear 3085f46f32 tests: explicit tunnel version URI in sauce_tunnel.sh
For an explanation, see bf0bb58c70.
2020-03-23 23:51:51 +01:00
muxator f6436be486 tests: quote bash variables in sauce_tunnel.sh 2020-03-23 23:51:51 +01:00
Chocobozzz 43ca44e444 minify: make conditional requests work. No HTTP/304 was ever generated and file were reminified uselessly.
By specification [0], the if-modified-since HTTP header sent by browsers does
not include milliseconds.

Before this patch, let's say a file was generate at time:
    t_real-file         = 2020-03-22T02:15:53.548Z (note the fractional seconds)

When issuing a conditional request, the browser would truncate the fractional
part, and only request an if-modified-since with this contents:
    t_if-modified-since = 2020-03-22T02:15:53.000Z

The minify() function would return HTTP/304 only if
t_if-modified-since >= t_real-file, but this would never be true unless, by
chance, a file was generated at XX.000Z.

This resulted in that file being minified/compressed again and resent to the
client for no reason. After this patch, the server correctly responds with
HTTP/304 without doing any computation, and the browser uses the cached file.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
2020-03-23 11:34:01 +01:00
translatewiki.net 2bce9f5c38 Localisation updates from https://translatewiki.net. 2020-03-23 14:58:30 +01:00
John McLear 71fa852dfb dependencies: update cheerio 0.20.0 -> 0.22.0
No variation in # of security vulnerabilities.

The output of `npm audit` goes from this:
  found 7 vulnerabilities (5 low, 2 high) in 13881 scanned packages
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 7 vulnerabilities (5 low, 2 high) in 13795 scanned packages
    7 vulnerabilities require manual review. See the full report for details.
2020-03-15 14:36:42 +00:00
muxator b075d1fd7c dependencies: update mocha 5.2.0 -> 7.1.1
This is a dev dependency. No impact in production.
After this upgrade the backend tests ("cd src; npm test") still pass.

This fixes 2 reported security vulnerabilities.

The output of `npm audit` goes from this:
  found 9 vulnerabilities (7 low, 2 high) in 13707 scanned packages
    run `npm audit fix` to fix 1 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 7 vulnerabilities (5 low, 2 high) in 13881 scanned packages
    7 vulnerabilities require manual review. See the full report for details.
2020-03-22 00:33:22 +01:00
muxator dabc1cae56 dependencies: update nyc 14.1.0 -> 15.0.0
This is a dev dependency. No impact in production.
After this upgrade the backend tests ("cd src; npm test") still pass.

This fixes 1 reported security vulnerability.

The output of `npm audit` goes from this:
  found 10 vulnerabilities (8 low, 2 high) in 13390 scanned packages
    run `npm audit fix` to fix 2 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

To this:
  found 9 vulnerabilities (7 low, 2 high) in 13707 scanned packages
    run `npm audit fix` to fix 1 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.
2020-03-22 00:33:22 +01:00
muxator 4cbbf9893f dependencies: update supertest 3.0.0 -> 4.0.2
This is a dev dependency. No impact in production. After this upgrade the
backend tests ("cd src; npm test") still pass.
2020-03-22 00:33:22 +01:00
muxator 6a55e7e03f dependencies: upgrade npm 6.13.4 -> 6.14.3
This fixes 107 reported security vulnerabilites.

The output of `npm audit` goes from this:
  found 117 vulnerabilities (115 low, 2 high) in 13365 scanned packages
    run `npm audit fix` to fix 6 of them.
    1 vulnerability requires semver-major dependency updates.
    110 vulnerabilities require manual review. See the full report for details.

To this:
  found 10 vulnerabilities (8 low, 2 high) in 13390 scanned packages
    run `npm audit fix` to fix 2 of them.
    1 vulnerability requires semver-major dependency updates.
    7 vulnerabilities require manual review. See the full report for details.

The changelog for npm can be read at https://github.com/npm/cli/releases
2020-03-22 00:33:22 +01:00
muxator 40d3d400a1 fonts: remove the execution bit from the font files
Monsterrat was added in 8bd8be97b9
Roboto Mono was added in 7029248a76
2020-03-22 00:33:22 +01:00
muxator ca35488273 minify: upgrade clean-css 3.4.19 -> 4.2.3. Adapt to the semver major change
CleanCSS 3.4.19 had a Regex Denial of Service vulnerability and has to be
updated. The major version bump requires the following changes:

1. Disabling rebase is necessary because otherwise the URLs for the web fonts
   become wrong;

   EXAMPLE 1:
       /static/css/src/static/font/fontawesome-etherpad.woff
     instead of
       /static/font/fontawesome-etherpad.woff

   EXAMPLE 2 (this is more surprising):
       /p/src/static/font/opendyslexic.otf
     instead of
       /static/font/opendyslexic.otf

2. CleanCSS.minify() can either receive a string containing the CSS, or an array
   of strings. In that case each array element is interpreted as an absolute
   local path from which the CSS file is read.

   In version 4.x, CleanCSS API was simplified, eliminating the relativeTo
   parameter, and thus we cannot use our already loaded "content" argument, but
   we have to wrap the absolute path to the CSS in an array and ask the library
   to read it by itself.

Fixes #3616.
2020-03-22 00:33:22 +01:00
muxator 2c44a0f71e package-lock: preliminary recomputation before updating a dependency
The next commit will update a dependency in package.json. This commit only
refreshes package-lock.json recalculating it at the current date.
In this way we will be sure that any modifications in package-lock.json in the
next commit will be only due to the package.json change.

Should this commit introduce any regression, we would know for certain that one
of our dependencies is not correctly honoring their semver promises.
2020-03-22 00:00:45 +01:00
muxator a1978d2245 Minify: on errors, generate logs instead of simply silencing them
This will help when we'll have to update clean-css.
2020-03-20 22:46:39 +01:00
John McLear c316402d86 PadMessageHandler: use a predefined color when authorInfo.colorId is not defined
For some reason authorInfo is sometimes null, and therefore it is not possible
to get colorId from it.

This resulted in the following stack trace:
    [2020-03-16 09:27:17.291] [ERROR] console - (node:1746) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'colorId' of null
    at <BASEDIR>/src/node/handler/PadMessageHandler.js:1199:37
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Promise.all (index 0)
    at async handleClientReady (<BASEDIR>/src/node/handler/PadMessageHandler.js:1171:5)
    [2020-03-16 09:27:17.291] [ERROR] console - (node:1746) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 76)
    [2020-03-16 09:27:19.034] [WARN] message - Dropped message, USERINFO_UPDATE Session not ready.[object Object]

Which is due to a bug in Etherpad that we are not going to solve now.

As a workaround, when this happens, let's set the username to "Anonymous" (if
it is not already set), and colorId to the fixed value "#daf0b2". Warning
messages are written in the logs to signal this condition.

This is no definitive solution, but fixes #3612 (via a workaround).
2020-03-20 22:32:06 +01:00
John McLear b480416375 toolbar: the "star" button no longer disappears when visiting a read-only pad
Before this patch, visiting the read-only URL for a random pad would remove
the "Save Revision" (the "star" icon) from all the other RW pads. The only way
to make it appear again was to restart the server.

This change does not fix the underlying bug: after visiting a read only link
the "star" button would still disapper, but it is explictly reinserted via an
ad-hoc condition.

Fixes #3702
2020-03-19 22:42:22 +01:00
muxator 840b4a0988 contentcollector: backed out changeset 3292429ab3
That commit (merged recently with PR #3622) was part of an effort to fix #3620,
but introduced a very bad bug that broke the cursor behaviour when pressing
space, making the program unusable.

This commit completes the revert of PR #3622 and fixes #3728.

--HG--
branch : revert-3622
2020-03-19 02:53:41 +01:00
muxator c382ba35c9 tests: backed out changeset 155a895604
This was a preparatory commit for 3292429ab3 (which introduced a bug, see
issue #3728) and modified the tests for issue #3620.

Commit 155a895604 per se did not introduce any bugs, but was difficult to
inspect because of its size. For this, the corresponding PR (#3622) should not
have been accepted.

--HG--
branch : revert-3622
2020-03-19 02:53:41 +01:00
John McLear 8261229323 pass file ending 2020-03-17 13:08:46 +00:00
Tudor Constantin 28102d8e1f ImportHandler: importing files with unknown extension work again when allowUnknownFileEnds is true
By specification, when settings.allowUnknownFileEnds is true and the user tries
to import a file with an unknown extension (this includes no extension),
Etherpad tries to import it as txt.

This broke in Etherpad 1.8.0, that abruptly terminates the processing with an
UnhandledPromiseRejectionWarning.

This patch restores the intended behaviour, and allows to import as text a file
with an unknown extension (on no extension).

In order to catch the UnhandledPromiseRejectionWarning we had to use
fsp_rename(), which is declared earlier in the code and is promised based
instead of fs.rename(), which is callback based.

Fixes #3710.
2020-03-17 12:41:18 +01:00
John McLear a0579c90db APIHandler: return HTTP/404 when non existing API methods are invoked
Before this change, invoking a non existing API method would return an HTTP/200
response with a JSON payload {"code":3,"message":"no such function"}.

This commit changes the HTTP status code to 404, leaving the payload as-is.

Before:
   curl --verbose "http://localhost:9001/api/1/notExisting?apikey=ABCDEF"
  < HTTP/1.1 200 OK
  < X-Powered-By: Express
  [...]
  {"code":3,"message":"no such function","data":null}

After:
   curl --verbose "http://localhost:9001/api/1/notExisting?apikey=ABCDEF"

   < HTTP/1.1 404 OK
   < X-Powered-By: Express
   [...]
   {"code":3,"message":"no such function","data":null}

Fixes #3546.
2020-03-15 09:26:44 +00:00
Sebastian Castro 0d61d6bb13 ui: on mobile, move the right toolbar to the bottom and make the top toolbar scrollable
Before this change there was always a single toolbar on the top, with both
Colibris and the legacy skin. When the screen size was reduced:

- the legacy skin would compact the icons in the toolbar (this was fine,
  indeed);
- Colibris would hide some formatting icons. This would hamper the functionality
  for mobile users.

After this change both the skins work in the same way, which is the following:
- when the screen gets smaller the right toolbar (the one with "export",
  "timeslider", and other buttons) goes to the bottom of the screen;
- when there are many icons, the toolbar keeps all of them, and to see them the
  user must drag the toolbar.

This behaviour will probably be changed before release, opting instead to show
a "+" button when there is an overflow, since this appears to be more
discoverable (see the discusison in #3697).

Do not tested with custom toolbar elements (toolbar.left and toolbar.right
configuration items in settings.json).

Fixes #3697.
2020-03-12 18:47:12 +01:00
translatewiki.net 6323f59c3a Localisation updates from https://translatewiki.net. 2020-03-16 15:41:54 +01:00
Tom Briles 3292429ab3 trim text entries upon import. Fixes: #3620 2020-03-15 11:35:08 +00:00
Tom Briles 155a895604 Test for Issue-3620: space in the HTML for an unordered list creates an extra list item 2020-03-15 11:35:08 +00:00
John McLear 467fc11b72 fix 2020-03-14 21:58:26 +01:00
translatewiki.net bb868beb9c Localisation updates from https://translatewiki.net. 2020-02-24 15:39:25 +01:00
translatewiki.net 5773e6cea0 Localisation updates from https://translatewiki.net. 2020-02-20 15:58:56 +01:00
John McLear 74fa47e295
Pretty sure you need elevated command prompt in windows..
To do anything nowadays.
2020-02-14 23:36:13 +00:00
translatewiki.net 7950d336eb Localisation updates from https://translatewiki.net. 2020-02-10 14:50:52 +01:00
translatewiki.net ffcf22e4ac Localisation updates from https://translatewiki.net. 2020-01-30 15:49:13 +01:00
translatewiki.net de3a677df5 Localisation updates from https://translatewiki.net. 2020-01-20 11:32:11 +01:00
translatewiki.net bac58a7391 Localisation updates from https://translatewiki.net. 2020-01-13 16:08:24 +01:00
Sebastian Castro 6d4ea36646 skin colibris: Fix table of content with ep_resizable_bar 2020-01-03 15:35:12 -03:00
muxator 3b24c97d1e db/SecurityManager.js: accessing without session a public group pad no longer causes a crash
Steps to reproduce (via HTTP API):
1. create a group via createGroup()
2. create a group pad inside that group via createGroupPad()
3. make that pad public calling setPublicStatus(true)
4. access the pad via a clean web browser (with no sessions)
5. UnhandledPromiseRejectionWarning: apierror: sessionID does not exist

This was due to an overlook in 769933786cea: "apierror: sessionID does not
exist" may be a legal condition if we are also visiting a public pad. The
function that could throw that error was sessionManager.getSessionInfo(), and
thus it needed to be inside the try...catch block.

Please note that calling getText() on the pad always return the pad contents,
*even for non-public pads*, because the API bypasses the security checks and
directly talks to the DB layer.

Fixes #3600.
2019-12-26 00:30:43 +01:00