John McLear
8987c5d813
dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify
...
This was a major update that required code changes.
2020-04-03 00:05:15 +00:00
muxator
a286f32c2a
dependencies: remove object.values
...
This should have been part of 09949c242a
("node8: we no longer need to use a
shim for Object.values in stats.js")
2020-04-07 03:15:10 +02:00
muxator
a5ed0b524b
dependencies: use fixed versions in package.json
...
We want to track dependencies as explicitly as possible.
2020-04-07 03:04:23 +02:00
Viljami Kuosmanen
3edd727a94
customError: rewrite the module using class syntax
...
The previous syntax caused a deprecation warning on Node 10.
However, due to the very old version of log4js Etherpad is currently using,
customError objects are going to be displayed as { inspect: [Function: inspect] }.
This needs to be addressed later, updating log4js.
Fixes #3834 .
2020-04-07 02:03:17 +02:00
muxator
e6251687bf
api: test coverage for getStats()
2020-04-04 22:03:46 +02:00
muxator
4ef59bbda0
api: in getStats(), directly rewrote activePads as an expression
...
Instead of creating an empty Set and then mutate it.
2020-04-04 22:03:46 +02:00
Chocobozzz
82b919fc65
api: add getStats() function
2020-04-04 22:03:46 +02:00
John McLear
eb45934788
remove noise
2020-04-03 11:32:14 +01:00
John McLear
4e212d12b2
patch fix for 3825
2020-04-03 11:32:14 +01:00
Chocobozzz
0889a1313d
referer: do not send referrer when opening a link
...
This change augments what was already done in 54e0f2de5b20 (PR with discussion
at #3636 ).
For documentation about the meaning of "noopener, noreferrer", see:
https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Window_functionality_features
2020-03-31 10:02:46 +02:00
John McLear
cdf5b63f26
use a deletePad approach that works when server is running and works with MySQL
2020-04-03 03:31:18 +02:00
John McLear
93180c287b
tests: in Travis, also run the backend tests
...
This change introduces automatic execution of the backend tests in Travis.
Implements #2351 .
2020-04-03 03:27:05 +02:00
John McLear
c2ea2b3a6d
webaccess: do not resave session
...
Before this change, the database was spammed with session values.
Modern express-session has this baked in.
See https://www.npmjs.com/package/express-session#resave for docs.
2020-04-03 02:55:33 +02:00
John McLear
1f0058dd6f
interesting discovery RE 3612 and 2802
2020-04-03 02:40:59 +02:00
muxator
3a46e010ce
dependencies: bump ueberdb2 0.4.3 -> 0.4.5
...
Original message from John McLear (PR #3817 ):
We now include BINARY in the MySQL WHERE select clause.
Test coverage might be desirable?
Fixes #2877
2020-04-03 01:27:49 +02:00
Viljami Kuosmanen
ccf406708e
openapi: support standard http error codes
...
API errors are now handled at the end of the request heap by
throwing exceptions from the handler
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
3742fdfb04
openapi: disable cors headers for /api/** paths
...
Still enabled for /rest/** and **/openapi.json
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
6aa30f213a
openapi: add jsonp support + test
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
e821bbcad8
openapi: add documentation, small optimisation
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
c2cca39c7d
openapi: minor improvements
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
172da1483e
openapi: add commented out version of response processors
...
For some weird reason, these seem to be part of the original swagger
implementation but tests assume they're turned off.
Perhaps a difference between /rest and /api?
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
5792f7224a
openapi: add response objects
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
03d8964a7a
openapi: upgrade to openapi-backend 2.4.0
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
f9d24f5a39
openapi: remove swagger-node-express
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
25e081ac89
openapi: implement API handler with openapi-backend
...
- Tests pass ✅
- Added openapi-backend hook
- Generating OpenAPI v3 definitions for each API version
- Definitions served /api/openapi.json /api/{version}/openapi.json
2020-04-03 01:03:11 +02:00
John McLear
dbab4ad13a
dont pass empty author info to edit
2020-04-02 23:29:03 +01:00
muxator
3e3b0dec97
package-lock: restore baseline package-lock.json after 4db91cb2ed
...
This amends the previous commit, ans should have been part of 4db91cb2ed
.
2020-04-02 22:58:38 +02:00
John McLear
0a606de44a
bump package lock for ueber
2020-04-01 15:24:24 +00:00
John McLear
4db91cb2ed
Bump Ueber to 0.4.3
2020-04-01 11:49:41 +01:00
muxator
b7ac0f7991
Settings: allow the existence of "password" and "hash" attributes for users.
...
This brings back compatibility with ep_hash_auth, which was inadvertently broken
with 28a3bba4c1
.
Based on work by John McLear.
Fixes #3681 .
2020-04-01 04:13:21 +02:00
John McLear
53f126082a
SessionStore: replace password with PASSWORD_HIDDEN when storing in db
...
Fixes #3421 .
2020-04-01 03:39:05 +02:00
Daniel Krol
3e8b426847
ui: initialize color picker with the user's color
...
Initialize the color picker with user's current color.
Was previously initialized with grey in Farbtastic library.
Fixes #3617
2020-04-01 02:34:56 +02:00
Daniel Krol
ac9d7f80cc
tests: add tests showing that the color chooser is not initialized with the user's color
...
When opening the color chooser after a page load, the selected color is always
gray, and not the user's color.
2020-04-01 02:34:56 +02:00
John McLear
b74a4819ae
beta.etherpad.org been down a while
...
Sorry about the direct commit 🍡
2020-03-31 19:54:46 +01:00
muxator
4ee5ddb496
caching_midleware: also run when nodejs does not have crypto module
...
According to the nodejs docs [0] the `crypto` module might be unavailable on
some platforms:
> It is possible for Node.js to be built without including support for the
> crypto module. In such cases, calling require('crypto') will result in an
> error being thrown
A description of such scenarios can be found here [1].
> * running non-standard node in a resource- or security-constrained
> environment
> * running in emulated environment (browserify, webpack etc.)
> * building node from source and omitting openssl/crypto for random reason
TypeScript guys dealt with this same issue and they resolved it in an elegant
way in [2].
We copy that approach here: if importing crypto fails at runtime, we replace
sha256 with djb2 [3], which is weaker, but works for our case.
The djb2 story is fun: see this Stack Overflow post [4], and the original
mailing list post from 1991 [5] by Daniel J. Bernstein [6].
He was 20 at the time!
[0] https://nodejs.org/docs/latest-v10.x/api/crypto.html#crypto_determining_if_crypto_support_is_unavailable
[1] https://github.com/microsoft/TypeScript/issues/19100#issuecomment-335871998
[2] 9677b0641c
[3] http://www.cse.yorku.ca/~oz/hash.html#djb2
[4] https://stackoverflow.com/questions/1579721/why-are-5381-and-33-so-important-in-the-djb2-algorithm
[5] https://groups.google.com/forum/#!msg/comp.lang.c/lSKWXiuNOAk/zstZ3SRhCjgJ
[6] https://en.wikipedia.org/wiki/Daniel_J._Bernstein
2020-03-31 04:09:49 +02:00
Tom Hudson
fc754c9a1d
Switches cacheKey from base64 of path to sha256 of path; fixes #3502
2020-03-31 02:42:58 +02:00
John McLear
6c12a7fb1f
tests: backend tests for utf8 & emojis support
2020-03-31 02:11:25 +02:00
John McLear
352b432ed1
tests: in backend tests, use POST instead of GET for setText() and setHTML()
...
This is allowed starting from fc661ee13a
("core: allow URL parameters and POST
bodies to co-exist"), which landed in Etherpad 1.8.0. For the discussion, see
issue #3568 .
2020-03-31 02:11:25 +02:00
muxator
b2dc446740
tests: typo in a comment in the backend tests
2020-03-31 02:11:25 +02:00
John McLear
25bf460ac6
chat: in addMessage(), be tolerant when userId is missing
...
For whatever reason (a bug, a database corruption, ...) the userId field in
"msg" can sometimes be missing.
In this case, let's be defensive, use "unknown" as userId and issue a warning
in the console, instead of crashing the client.
Fixes #3731 (really a patch, the underlying issue is still present)
2020-03-30 22:15:51 +02:00
John McLear
fa3e4b146a
settings: document the possibility of using Unix sockets
...
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback ) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen ), which
in turn supports Unix sockets.
The only remaining thing to do was documenting it.
Fixes #3312
2020-03-30 03:36:55 +02:00
John McLear
85217b55e0
contentcollector: pasting an OL in Chrome inserted an additional line break. Fixed.
...
This comments out some code that was probably a quirk from ie6 era.
See PR: https://github.com/ether/etherpad-lite/issues/2412
Fixes #2412 .
2020-03-30 02:28:08 +02:00
John McLear
8b2fe75867
toolbar: don't show the "saved revision" button in timeslider
...
The saved revision "star" button appeared in the timeslider toolbar too.
This change introduces a second flag "page" in toolbar.menu(), which controls
whether the toolbar is being drawn for a pad or in the timeslider page.
Fixes #3767 .
2020-03-30 01:59:49 +02:00
John McLear
0d2854571d
toolbar: show the "save revision" button only on the right toolbar.
...
Revision b480416375
fixed a bug, but introduced a regression, and the "save
revision" "star" button started to appear both on the left and the right
toolbar.
This change introduces a flag "whichMenu" in toolbar.menu(), that controls
whether the left, the right or the timeslider toolbar is being drawn.
2020-03-30 01:59:49 +02:00
muxator
463d7fb163
timeslider: always pass the "isReadOnly" parameter to toolbar.menu()
...
This argument was missing since since b662d5c618
("dont show editing buttons
in R/O view"), 2015-05-19.
2020-03-30 01:59:49 +02:00
muxator
2360c33629
toolbar: formatting, no functional changes.
...
In preparation for the next commits by John.
2020-03-30 01:59:49 +02:00
muxator
4a17443a2e
tests: future proof travis/runner.sh and make it more robust
...
This change only slightly modifies the bahaviour of travis/runner.sh, but:
1. speeds up the tests, because it does not install dependencies before running
them. Dependencies are already installed by .travis.yml in its "install"
section;
2. if for some reason Etherpad does not start, there is a sudden failure,
instead of launching the front end tests anyway, and then having to wait 10
minutes for them to time out;
3. it is compatible with a different way of installing etherpad dependencies
("npm ci" instead of "npm install"), whereas the previous one broke. This
will probably be introduced in a while, so this change future-proofs for it
(see #3778 ).
4. it is more robust, because it detects more reliably the paths, and changes
between them correctly;
Please note that the script now requires bash instead of a generic posix shell.
This may break on platforms which default to a different shell (FreeBSD, MacOS?)
2020-03-29 23:59:28 +02:00
muxator
2b753f13ea
package-lock.json: resync. This should have been part of 06d961f2b6
("Checks MySQL for charset")
...
When changing something in package.json, it is necessary to also commit an
associated package-lock.json generated from a clean install.
2020-03-29 01:35:30 +01:00
muxator
a181ea8fbe
bin: replace double backticks (``) with $()
...
This has been the recommended way of launching subshells for ages, and is easier
to type and on the eye.
For a quick reference, see:
https://unix.stackexchange.com/questions/5778/whats-the-difference-between-stuff-and-stuff#5782
2020-03-29 00:53:17 +01:00
John McLear
1ad6e9c288
Settings: when restarting via UI, tell the admins to ignore a warning about sessionKey
...
Fixes #3770 .
2020-03-28 19:09:22 +01:00