Commit graph

6266 commits

Author SHA1 Message Date
Richard Hansen
68a91f5e24 HTML export: Move padId to context object property 2020-11-10 07:13:26 +00:00
webzwo0i
f6aed0c9cb
Fix truncation in travis (#4479)
* log to travis every five seconds
* travis: kill etherpad process after tests
2020-11-10 06:59:50 +01:00
John McLear
f0da3a0c4c
Update README.md 2020-11-09 08:32:18 +00:00
John McLear
5e7d54a4aa
Update README.md 2020-11-09 08:27:53 +00:00
John McLear
89667f1d4f
update changelog for release (#4475) 2020-11-08 10:03:22 +00:00
John McLear
881d8b8d95
pluginfw: Hook to include additional body in HTML exports (#4469)
* hook, needs docs

* docs
2020-11-06 13:48:59 +00:00
John McLear
3fa58efede
pluginfw: Export .etherpad hooks (#4466)
* export support

* proper prefix

* just a basic example, needs working on still

* docs

* comments shouldnt be hard coded
2020-11-06 13:48:25 +00:00
ilmar
d5c5ca224b Fix missing arg handling in html10n.js 2020-11-05 10:38:22 +00:00
Richard Hansen
405e3e3e19 Settings: Don't filter out users based on password or hash
Some authentication plugins use the users defined in the `users`
object but ignore the `password` and `hash` properties.

This change deletes all of the filtering logic, including the logic
that filters out users that have both `password` and `hash` properties
defined. I could have kept that check, but decided to remove it
because:
  * There's no harm in defining both `hash` and `password`.
  * Allowing both makes it easier to transition from one scheme to
    another.
  * It's fewer lines of code to maintain.
2020-11-04 18:06:08 +00:00
Richard Hansen
6408d2313c webaccess: Be extra paranoid about nullish password
If `settings.json` contains a user without a `password` property then
nobody should be able to log in as that user using the built-in HTTP
basic authentication. This is true both with and without this change,
but before this change it wasn't immediately obvious that a malicious
user couldn't use an empty or null password to log in as such a user.
This commit adds an explicit nullish check and some unit tests to
ensure that an empty or null password will not work if the `password`
property is null or undefined.
2020-11-04 18:06:08 +00:00
Richard Hansen
98de2b0899 Use contentEditable for all browsers
This makes it possible to disable `contentEditable` for certain
elements in some circumstances (e.g., on links so that users can click
on them normally).
2020-11-03 19:02:01 +00:00
Richard Hansen
5e2a27a182 Replace setClassPresence(x, ...) with x.classList.toggle(...) 2020-11-03 19:02:01 +00:00
Richard Hansen
4594608c04 Delete commented-out code 2020-11-03 19:02:01 +00:00
Richard Hansen
91268e14b7 PadMessageHandler: Rename client to socket
The `client` variable is actually a socket.io Socket object. Rename it
to reduce confusion.
2020-11-02 20:39:08 +00:00
John McLear
cfc7e47db0
plugins: Various checkPlugins.js and associated file fixes. (#4439)
This PR makes checkPlugins some what more useful for developers.  

It adds auto npm publish support and various travis improvements among other goodies.
2020-11-02 16:13:24 +00:00
Richard Hansen
35f4c00dfb .travis.yml: Install ep_readonly_guest 2020-11-02 16:10:07 +00:00
Richard Hansen
ed5a635f4c Add req to EJS render args when possible
This makes it possible for EJS templates and `eejsBlock_*` hook
functions to access the user's express-session state.
2020-11-02 16:05:01 +00:00
Richard Hansen
cf43156390 Remove src/static/js/jquery.js from .gitignore
That file is checked in so there's no reason to ignore it.
2020-11-02 16:03:58 +00:00
translatewiki.net
127923eb54 Localisation updates from https://translatewiki.net. 2020-11-02 12:40:50 +01:00
Gabriel Medeiros Coelho
ce77c48475 remove unnecessary conditional
if animationState evaluates to -1 or 0, it would end up in a conditional that assign its value to itself. Since this is redundant, it is better to remove this conditional, to avoid an extra check
2020-11-01 01:41:09 -05:00
Richard Hansen
a95145d12c Merge branch 'master' into develop 2020-11-01 01:34:59 -05:00
Richard Hansen
2c8769a6fd Fix typo in session check (sesion -> session)
(cherry picked from commit 4332affba6)
2020-11-01 01:33:00 -05:00
Richard Hansen
2249b9ae19 SessionManager: Fix session expiration check
This bug was introduced in 8b0baa9679.

(cherry picked from commit 3886e95c83)
2020-11-01 01:33:00 -05:00
webzwo0i
b67c9cc136
tests: Speed up and fix travis (#4453)
Various test runner fixes.
2020-10-30 10:40:11 +00:00
Richard Hansen
b41d9762fa tests: Clear auth hooks before running import/export unit tests
Also fix some ESLint complaints.
2020-10-29 19:06:24 -04:00
Richard Hansen
03d8882383 tests: Clear auth hooks before running socket.io unit tests 2020-10-29 18:53:10 -04:00
Richard Hansen
4829bb8962 tests: Delete unnecessary describe() wrapper 2020-10-29 18:53:10 -04:00
Richard Hansen
dbe9151d89 tests: Clear hooks before running webaccess tests
Also factor out common test setup code.
2020-10-29 15:33:05 -04:00
Richard Hansen
6961e0e05b .travis.yml: Factor out common plugin install command 2020-10-29 15:32:32 -04:00
Richard Hansen
f6516d62ef .travis.yml: Don't install ep_comments_page
The tests need work.
2020-10-29 15:32:32 -04:00
Richard Hansen
8969b6ba7f .travis.yml: Sort plugins 2020-10-29 15:32:32 -04:00
Richard Hansen
ef60a4234d .travis.yml: Wrap long plugin install lines 2020-10-29 15:32:32 -04:00
John McLear
d21afba45a
security: lockfile lint check (#4446) 2020-10-29 14:07:36 -04:00
John McLear
99d5c7c943
docs: Migrate from Travis-ci.org to .com 2020-10-28 11:05:33 +00:00
webzwo0i
66a3647579 remove broken async inclusion in tar.json 2020-10-27 20:33:09 +00:00
Richard Hansen
2f65987ba2 webaccess: Remove user's password from session info
This prevents the password from being logged or stored in the
database.
2020-10-27 20:30:01 +00:00
chandi
30b1273853 docs: fix key in padUpdate context 2020-10-26 23:43:09 +00:00
translatewiki.net
50c22f0ae4 Localisation updates from https://translatewiki.net. 2020-10-26 15:56:46 +01:00
Viljami Kuosmanen
c502ca3259 Use isHttpError utility provided by http-errors
This new utility method was introduced in http-errors v1.8.0. Let's use
that instead of instanceof. This also upgrades the http-errors dependency
2020-10-25 10:45:58 +00:00
Viljami Kuosmanen
aef4cce0c9 Use correct constructor for 404,501 error handlers
Fixes error message mentioned in #4378.
2020-10-25 10:45:58 +00:00
Sebastian Castro
5a1110d0d6 Display outline when toolbar button focused 2020-10-25 10:34:51 +00:00
Richard Hansen
193028702d pad: Don't paste when middle-clicking on a link 2020-10-25 07:06:29 +00:00
Andrew Dassonville
bee1ae06d8 utils: Fix commit checking on detached HEAD 2020-10-24 16:22:01 -04:00
John McLear
cb5fcbb74e
editor: allow paste into links (#3802) 2020-10-24 16:59:03 +01:00
Richard Hansen
36aceb3aba hooks: Rewrite callAll and aCallAll for consistency
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).

Now a hook function like the following works as expected when invoked
by `aCallAll`:

```
exports.myHookFn = (hookName, context, cb) => {
  cb('some value');
  return;
};
```
2020-10-24 16:08:50 +01:00
Richard Hansen
79119baf58 hooks: Call the callback when done
If a hook function neither calls the callback nor returns a
(non-undefined) value then there's no way for the hook system to know
if/when the hook function has finished.
2020-10-24 16:08:50 +01:00
Richard Hansen
55939a0d7e hooks: Delete unused flatten function 2020-10-24 16:08:50 +01:00
John McLear
b5c759cbac
tests: remove ep_webrtc for now until it's stable 2020-10-24 15:14:30 +01:00
Wouter
bd2343f131 Added nl translations for adminpage 2020-10-23 16:18:57 -04:00
John McLear
9f5fb022b9
Create FUNDING.yml 2020-10-23 20:31:17 +01:00