Commit Graph

6436 Commits (e4404d702eaa7b2317aaadbf01668b6ac8f07ba4)

Author SHA1 Message Date
Pedro Beschorner Marin c56973ce74 Fix readOnly pad export
The export request hook wasn't testing if the pad's id was from a read-only
pad before validating with the pad manager.

This includes an extra step that makes the read-only id verification and also
avoids setting the original pad's id as the file's name.
2020-09-26 21:47:35 +01:00
Richard Hansen 9f63d9b76a tests: Check for true/false, not truthiness 2020-09-26 21:40:19 +01:00
Richard Hansen c18831c333 tests: Fix typo (publicstatus -> publicStatus) 2020-09-26 21:40:19 +01:00
Richard Hansen e01e575c86 tests: Use async/await instead of callbacks, use assert 2020-09-26 21:40:19 +01:00
Richard Hansen 24345bf9a8 tests: Group session and group tests to improve readability 2020-09-26 21:40:19 +01:00
Richard Hansen 4527254bcc tests: Use `let` and `const` instead of `var` 2020-09-26 21:40:19 +01:00
Richard Hansen e88c532172 tests: Delete unused variable 2020-09-26 21:40:19 +01:00
John McLear 90adc50289
tests: Include some plugins in tests (#4339)
This PR introduces testing of plugins from the ether/ organization on Github.  Each plugin is added into ``.travis``.  Frontend plugins tests are run exclusive to core tests.  Backend runs both core and plugins with core.

Including frontend core tests with plugin tests caused the session to overrun causing errors.
2020-09-26 19:41:33 +01:00
Richard Hansen ab5934cbda webaccess: Split authFailure hook into authnFailure and authzFailure
This makes it possible for plugins to return different pages to the
user depending on whether the auth failure was authn or authz.
2020-09-26 19:37:11 +01:00
Richard Hansen 889a3f7261 Bump Etherpad version in src/package-lock.json 2020-09-26 19:37:05 +01:00
Richard Hansen 3bb71e14d1 PadMessageHandler: Logging improvements 2020-09-26 19:36:52 +01:00
Richard Hansen 4332affba6 Fix typo in session check (sesion -> session) 2020-09-26 19:36:44 +01:00
Richard Hansen 02757079c0 security: Enable authorize plugins to grant modify-only access 2020-09-26 18:36:36 +01:00
Richard Hansen 6ed11b7605 PadMessageHandler: Avoid redundant access checks 2020-09-26 18:32:22 +01:00
Richard Hansen 1e3aa9edff pad: Revert back to sending `CLIENT_READY` on reconnect
Commit 0bb8d73ba2 fixed the author ID
that is saved in the socket.io sessioninfo when the client sends a
`CLIENT_READY` with `reconnect` set to true, so it is now safe to undo
the workaround from PR #3868.

Fixes #4331.
2020-09-26 18:32:04 +01:00
Richard Hansen 72ed1816ec security: Fix authz check for pad names with encoded characters
Also:
  * Minor test cleanups (`function` instead of arrow functions, etc.).
  * Add a test for a case that was previously not covered.
2020-09-26 10:47:27 +01:00
Richard Hansen 3c9ae57bb3 PadMessageHandler: Block Promise resolution until message is handled
Benefits:
  * More functions are now async which makes it possible for future
    changes to use await in those functions.
  * This will help keep the server from drowning in too many messages
    if we ever add acknowledgements or if WebSocket backpressure ever
    becomes reality.
  * This might make tests less flaky because changes triggered by a
    message will complete before the Promise resolves.
2020-09-26 10:47:03 +01:00
Richard Hansen 23131a501c tests: Rewrite import/export tests to use async and supertest 2020-09-26 10:46:16 +01:00
Richard Hansen 54c999fe83 tests: Factor out common skip checks 2020-09-26 10:46:16 +01:00
Richard Hansen 1c3c5b744c tests: Skip all import/export tests if `!allowAnyoneToImport`
Three of the four tests fail if `settings.allowAnyoneToImport` is
false. The fourth ("tries to import Plain Text to a pad that does not
exist") isn't particularly useful when `settings.allowAnyoneToImport`
is false: That test tests an import failure mode, and when
`settings.allowAnyoneToImport` is false the failure could be caused by
that instead of the expected cause.
2020-09-26 10:46:16 +01:00
Richard Hansen c148e673a8 tests: Use `this.skip()` when skipping tests 2020-09-26 10:46:16 +01:00
Richard Hansen 668373b80f tests: Fix abiword/soffice check 2020-09-26 10:46:16 +01:00
Richard Hansen 89de03795a tests: Delete unused imports and code 2020-09-26 10:46:16 +01:00
Richard Hansen 0bb8d73ba2 PadMessageHandler: Always save the author ID in the session info
Before, the author ID was only saved in the session info during the
initial CLIENT_READY, not when the client sent a CLIENT_READY due to a
reconnect. This caused the handling of subsequent messages to use an
undefined author ID.
2020-09-26 10:43:06 +01:00
translatewiki.net 6cde6f5a98 Localisation updates from https://translatewiki.net. 2020-09-24 15:54:49 +02:00
Richard Hansen 94f944160d security: Don't require express_sid if authn not required
This should make it possible to embed a pad in an iframe from another
site as long as `settings.requireAuthentication` is false.
2020-09-24 10:42:41 +01:00
Richard Hansen 53fd0b4f98 webaccess: Return 401 for authn failure, 403 for authz failure
This makes it possible for reverse proxies to transform 403 errors
into something like "upgrade to a premium account to access this
pad".

Also add some webaccess tests.
2020-09-24 10:41:58 +01:00
John McLear ff4da04907 no need to ask for translations if no template files are included 2020-09-23 09:25:17 +01:00
Richard Hansen 1bb44098df PadMessageHandler: Move handleMessage hooks after access check
Move the handleMessageSecurity and handleMessage hooks after the call
to securityManager.checkAccess.

Benefits:

  * A handleMessage plugin can safely assume the message will be
    handled unless the plugin itself drops the message, so it doesn't
    need to repeat the access checks done by the `handleMessage`
    function.
  * This paves the way for a future enhancement: pass the author ID to
    the hooks.

Note: The handleMessageSecurity hook is broken in several ways:

  * The hook result is ignored for `CLIENT_READY` and `SWITCH_TO_PAD`
    messages because the `handleClientReady` function overwrites the
    hook result. This causes the client to receive client vars with
    `readonly` set to true, which causes the client to display an
    immutable pad even though the pad is technically writable.
  * The formatting toolbar buttons are removed for read-only pads
    before the handleMessageSecurity hook even runs.
  * It is awkwardly named: Without reading the documentation, how is
    one supposed to know that "handle message security" actually means
    "grant one-time write access to a read-only pad"?
  * It is called for every message even though calls after a
    `CLIENT_READY` or `SWITCH_TO_PAD` are mostly pointless.
  * Why would anyone want to grant write access when the user visits a
    read-only pad URL? The user should just visit the writable pad URL
    instead.
  * Why would anyone want to grant write access that only lasts for a
    single socket.io connection?
  * There are better ways to temporarily grant write access (e.g., the
    authorize hook).
  * This hook is inviting bugs because it breaks a core assumption
    about `/p/r.*` URLs.

I think the hook should be deprecated and eventually removed.
2020-09-23 08:26:47 +01:00
Richard Hansen 0f6baac7b5
Revert "tests: Use wtfnode to determine why mocha isn't exiting" (#4315)
This reverts commit ae1142a799.

According to
https://github.com/ether/etherpad-lite/pull/4304#issuecomment-694833456
wtfnode always seems to exit with 0 even if the tests fail.
2020-09-22 22:47:26 +01:00
John McLear ca7b8e278f allow slower for Safari 2020-09-22 16:32:40 +01:00
Richard Hansen 6011ef426f PadMessageHandler: Make sessioninfo tracking more robust
A session's sessioninfo could go away asynchronously due to a
disconnect. Grab a reference once and use it throughout the function
to avoid dereferencing a null sessioninfo object.
2020-09-22 14:11:02 +01:00
Richard Hansen 3365e944bf async-ify more functions, and await completion
Where feasible I put the await at the end of the function to
minimize the impact on latency.

My motivation for this change: Eliminate a race condition in tests I
am writing.
2020-09-22 14:10:44 +01:00
Richard Hansen 45ec8326f0 Add a new 'rejected' disconnect reason
This reason will be used in a future commit that will reject erroneous
messages.
2020-09-22 14:09:07 +01:00
John McLear 13252c955c include hash auth in tests 2020-09-22 11:12:24 +01:00
Richard Hansen a000a93dc6 Refactor startup/shutdown for tests
* `src/node/server.js` can now be run as a script (for normal
    operation) or imported as a module (for tests).
  * Move shutdown actions to `src/node/server.js` to be close to the
    startup actions.
  * Put startup and shutdown in functions so that tests can call them.
  * Use `await` instead of callbacks.
  * Block until the HTTP server is listening to avoid races during
    test startup.
  * Add a new `shutdown` hook.
  * Use the `shutdown` hook to:
      * close the HTTP server
      * call `end()` on the stats collection to cancel its timers
      * call `terminate()` on the Threads.Pool to stop the workers
  * Exit with exit code 0 (instead of 1) on SIGTERM.
  * Export the HTTP server so that tests can get the HTTP server's
    port via `server.address().port` when `settings.port` is 0.
2020-09-22 11:07:21 +01:00
Richard Hansen a4be577ed1 SessionStore: Don't call callback until cached in DB layer 2020-09-21 23:21:05 +01:00
Richard Hansen 436cbb031d SessionStore: Avoid early DB.db dereference
Avoid dereferencing `DB.db` until it is used so that it is possible to
`require('SessionStore')` before calling `DB.init()`. (This is useful
when writing tests.)
2020-09-21 23:21:05 +01:00
Richard Hansen bee91a0bd1 SessionStore: Use EC6 class syntax
This fixes a minor bug where the SessionStore constructor did not call
the base class constructor.
2020-09-21 23:21:05 +01:00
Richard Hansen 0504e07eb4 SessionStore: Wrap long line 2020-09-21 23:21:05 +01:00
Richard Hansen 90775cec0d SessionStore: Rename `messageLogger` to `logger` 2020-09-21 23:21:05 +01:00
Richard Hansen 4060db0daf SessionStore: Reduce unnecessary vertical space 2020-09-21 23:21:05 +01:00
Richard Hansen 5fb6bc1938 SessionStore: Use single quotes everywhere 2020-09-21 23:21:05 +01:00
Richard Hansen 012449101d SessionStore: Use `const` instead of `var` 2020-09-21 23:21:05 +01:00
Richard Hansen 5d2c438e3e SessionStore: Use an arrow function to avoid `this` juggling 2020-09-21 23:21:05 +01:00
Richard Hansen de98852da6 SessionStore: Delete unused methods `all`, `clear`, `length` 2020-09-21 23:21:05 +01:00
Richard Hansen 346111250e utils: Fix promise creation accounting bug in promises.timesLimit
Before this change, `promises.timesLimit()` created `concurrency - 1`
too many promises. The only users of this function use a concurrency
of 500, so this meant that 499 extra promises were created each time
it was used. The bug didn't affect correctness, but it did result in a
large number of unnecessary database operations whenever a pad was
deleted. This change fixes that bug.

Also:
  * Convert the function to async and have it resolve after all of the
    created promises are resolved.
  * Reject concurrency of 0 (unless total is 0).
  * Document the function.
  * Add tests.
2020-09-21 23:16:32 +01:00
translatewiki.net 65942691b6 Localisation updates from https://translatewiki.net. 2020-09-21 16:02:42 +02:00
Stefan Mueller 91f25b51ff Merge remote-tracking branch 'origin/release/1.8.6' into develop 2020-09-20 21:23:14 +02:00
Richard Hansen df7fa1fd41
changelog: Mention fix for authz bypass vulnerability in 1.8.6 (#4318) 2020-09-20 19:21:46 +00:00