Commit graph

6412 commits

Author SHA1 Message Date
webzwo0i
69c7033a86
tests: refactor some frontend tests (#4408)
* don't include sendkeys in index.html as it's included in helper.init
mocha opts: add default timeout and replace ignoreLeaks with checkLeaks,
as the former is deprecated

* introduce helper.edit to write to a pad

* add test to check if helper.edit() supports line numbers

* helper tests: waitFor/waitForPromise seem to be a little bit faster sometimes

* tests: refactor chat.js

* tests: refactor timeslider_numeric_padID

* tests: refactor timeslider_labels

* tests: refactor timeslider_follow

* ensure followContents is enabled, although it should be by default

* timeslider_follow: increase number of revision for Edge

* make textLines() depend on linesDiv()

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* make linesDiv return standard Array

* use `contain` instead of `indexOf`

* more fixes from the review

* review fixes

* align waitFor and waitForPromise behaviour

* timeslider_follow: check if it's following to the correct lines

* lower expected waitFor/waitForPromise interval check

* disable responsivness and regression test in timeslider_follow

* timeslider_follow: fix Range detection

* more explicit test for linesDiv

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2020-10-21 18:43:17 +01:00
chandi
94cb000e8f
plugins: include more data within padUpdate hook (#4425)
* Including more data at pad update event

* docs: new context fields in padUpdate

Co-authored-by: Pedro Beschorner Marin <pedrobmarin@gmail.com>
2020-10-21 18:04:03 +01:00
webzwo0i
1e7a9e1791
tests: better timeslider follow contents (#4421) 2020-10-21 10:05:58 +01:00
Richard Hansen
0eb0a07914 Use an ellipsis instead of two periods 2020-10-20 11:02:37 +01:00
Richard Hansen
2379ade7e9 Move out pad.modals.reconnecttimer trailing space 2020-10-20 11:02:37 +01:00
Richard Hansen
734fe9c297 Use jQuery methods to build DOM elements 2020-10-20 11:02:37 +01:00
Richard Hansen
a2554fff22 pad: Pop up an error message dialog box upon socket.io error 2020-10-20 10:01:49 +01:00
Richard Hansen
5b887396c3 pad: Check for null collabClient in socket.io event handlers 2020-10-20 10:01:49 +01:00
Richard Hansen
b1acf6143a pad: Delete do-nothing sendClientReady wrapper 2020-10-20 10:01:49 +01:00
Richard Hansen
a712ce457d gritter: Treat strings as text, not HTML
This forces users to use jQuery or DOM objects if they want
formatting, which helps avoid XSS vulnerabilities.
2020-10-20 10:01:49 +01:00
Richard Hansen
8463134125 pad: Improve rendering of uncaught exceptions
* Use jQuery to build the message HTML so that special characters in
    the error message, URL, etc. are properly escaped. This helps
    avoid XSS vulnerabilities.
  * Use bold text for the error message to make it stand out.
  * Add a line break between the error message and "in <url> at line
    <line>" so that the error message stands out more.
  * Use `<p>...</p>` instead of `</br>` to separate the parts of the
    popup.
  * Use CSS for spacing instead of `</br>`.
  * Grammar fixes (add a missing comma, "at" instead of "in").
2020-10-20 10:01:49 +01:00
Richard Hansen
d35dbaaacc gritter: Accept jQuery or DOM objects for title and text
Teach Gritter to accept anything that jQuery's `.append()` method
accepts for the title and text of a popup message. This makes it
easier to safely build HTML messages with proper escaping of special
characters (to prevent XSS vulnerabilities).
2020-10-20 10:01:49 +01:00
Richard Hansen
d680405f58 pad: Include .js URL in /jserror error report 2020-10-20 10:01:49 +01:00
translatewiki.net
2a8e11a49a Localisation updates from https://translatewiki.net. 2020-10-19 20:32:27 +02:00
translatewiki.net
105eb2651f Localisation updates from https://translatewiki.net. 2020-10-19 15:14:03 +02:00
Richard Hansen
1dba121aff tests: Tune waitForPromise() poll count test some more
Looks like the test machines can be quite slow, which causes noise in
the count.
2020-10-14 18:16:20 +01:00
Richard Hansen
e0542f903a tests: Tune waitForPromise() poll count test
This should have been done in c222fc5d0b
but I forgot.
2020-10-14 16:59:03 +01:00
Richard Hansen
3e14016214 tests: Include the filename in the test output
Also some minor consistency cleanups.
2020-10-14 11:16:39 +01:00
Richard Hansen
50e402193b tests: waitForPromise() test improvements
* Avoid a false positive if a Promise that is expected to reject
    doesn't reject.
  * Use modern JavaScript language features: arrow functions,
    `const`/`let` instead of `var`.
  * Remove the tests that test Promise behavior.
  * Add new test that checks that it returns a Promise.
2020-10-14 10:38:52 +01:00
webzwo0i
a3f062af96 tests: add waitForPromise method and test for it 2020-10-14 10:38:52 +01:00
webzwo0i
86c0648ede tests: don't force a callback in it, so we can use async in tests 2020-10-14 10:38:52 +01:00
Richard Hansen
c222fc5d0b tests: Change waitFor() to check before first sleep
There are a few problems with sleeping before checking the condition
for the first time:

  * It slows down tests.
  * The predicate is never checked if the interval duration is greater
    than the timeout.
  * 0 can't be used to test if the condition is currently true.

There is a minor disadvantage to sleeping before checking: It will
cause more tests to run without an asynchronous interruption, which
could theoretically mask some async bugs.
2020-10-14 10:38:52 +01:00
Richard Hansen
8016bd225f tests: Teach waitFor() to reject if the predicate throws 2020-10-14 10:38:52 +01:00
Richard Hansen
262eb9af60 tests: Use default arguments for helper.waitFor
Now `helper.waitFor(fn, 0)` times out immediately (as expected in
tests) instead of waiting 1900ms.
2020-10-14 10:38:52 +01:00
Richard Hansen
16b0768a93 tests: Fix unchainable helper.waitFor().fail()
The `helper.waitFor()` function returns a jQuery Deferred object.
Deferred objects are supposed to have a `.fail()` method that is
chainable (it should return `this`). Before this change,
`helper.waitFor()` monkey-patched the `.fail()` method with a function
that returned `undefined`. Now the monkey-patched `.fail()` returns
the Deferred object.

Also modernize the code a bit.
2020-10-14 10:38:52 +01:00
Richard Hansen
4a25559a2d tests: Aggressively filter out non-.js files
This prevents errors when the directory contains Emacs backup files.
2020-10-14 10:38:52 +01:00
Richard Hansen
7f79d201e6 CSP: Move index.html inline code to separate .js file 2020-10-12 20:46:06 +01:00
translatewiki.net
09193150b6 Localisation updates from https://translatewiki.net. 2020-10-12 15:48:55 +02:00
Richard Hansen
a4927095ae CSP: Disable the indexCustomInlineScripts hook 2020-10-11 20:31:00 +01:00
Richard Hansen
052fbb944f
plugins: Delete noisy and useless debug message (#4409)
The debug statement mostly printed the following useless message over
and over, causing Travis CI logs to become truncated:

    [DEBUG] pluginfw - [ undefined ] returning
2020-10-11 09:51:53 +01:00
webzwo0i
a2328cd7f0
timeslider: bugfix: follow pad contents - only goToLineNumber if it exists (#4390) 2020-10-10 16:57:22 +01:00
Richard Hansen
048bd0f50d tests: Simplify API key reading
Also delete unused imports.
2020-10-08 22:50:18 +01:00
translatewiki.net
ce0b151159 Localisation updates from https://translatewiki.net. 2020-10-08 15:53:01 +02:00
John McLear
66df0a572f
Security: FEATURE REMOVAL: Remove all plain text password logic and ui (#4178)
This will be a breaking change for some people.  

We removed all internal password control logic.  If this affects you, you have two options:

1. Use a plugin for authentication and use session based pad access (recommended).
1. Use a plugin for password setting.

The reasoning for removing this feature is to reduce the overall security footprint of Etherpad.  It is unnecessary and cumbersome to keep this feature and with the thousands of available authentication methods available in the world our focus should be on supporting those and allowing more granual access based on their implementations (instead of half assed baking our own).
2020-10-07 13:43:54 +01:00
Richard Hansen
45bee54aa0 HTML export: Await async hook completion before processing results 2020-10-07 10:43:38 +01:00
Richard Hansen
661a89355f socketio: Mimic what Express does to get client IP address
This also makes it easier for plugins to get the client IP address.
2020-10-07 10:40:37 +01:00
Richard Hansen
ba6bdf35be Make the aceAttribClasses hook harder to misuse 2020-10-07 10:37:56 +01:00
Richard Hansen
5aa318a09b Call the aceAttribClasses hook synchronously
We could instead await the results of the hook, but then all callers
and their callers recursively would have to be converted to async, and
that's a huge change.
2020-10-07 10:37:56 +01:00
John McLear
92d4b8b649
tests: re-enable docker tests in travis (#4395)
Thanks to node10 having better support we can re-enable these tests.
2020-10-06 14:21:09 +01:00
jeanfabrice
52f8fc9ba3
legacySupport: Run node 10 with '--experimental_worker' flags (#4392)
* Run node 10 with '--experimental_worker' flags
* Use dedicated function to retrieve node/npm program version

The goal of this commit is to ensure that any linux based node 10 deployments run with the experimental_worker flag.  This flag is required for workers to "work" in node 10.  This will not affect other versions of node.  This resolves #4335 where Docker would fail due to being based on node 10.
2020-10-06 13:28:11 +01:00
Richard Hansen
c74b254334 tests: Disable non-test logging unless level <= DEBUG
This makes it easier to see the test results, and it hides some
scary-looking but intentional error messages.

This code will likely have to be updated if/when we change the logging
library (see issue #1922).
2020-10-06 09:19:58 +01:00
Richard Hansen
34b232d658
Update CHANGELOG.md with the changes so far (#4393) 2020-10-06 09:16:21 +02:00
Richard Hansen
a8cf434d1d import: Replace the allowAnyoneToImport check with userCanModify
This reduces the number of hoops a user or tool must jump through to
import.
2020-10-05 18:48:16 +01:00
Richard Hansen
831528e8bc import: Allow import if pad does not yet exist 2020-10-05 18:48:16 +01:00
Richard Hansen
ed6fcefb67 webaccess: Fix pad ID extraction for import and export paths 2020-10-05 18:48:16 +01:00
Richard Hansen
f4eae40c6b webaccess: Check for read-only pad ID in userCanModify
This currently isn't absolutely necessary because all current callers
of `userCanModify` already check for a read-only pad ID themselves.
However:

  * This adds defense in depth.
  * This makes it possible to simply replace the import handler's
    `allowAnyoneToImport` check with a call to `userCanModify`.
2020-10-05 18:48:16 +01:00
Richard Hansen
9a6f286441 tests: Always run the import unsupported file type test 2020-10-05 18:48:16 +01:00
Richard Hansen
2f17849b7b tests: Switch import/export tests to self-contained server
This makes it possible to test various settings combinations and
examine internal state to confirm correct behavior. Also, the user
doesn't need to start an Etherpad server before running these tests.
2020-10-05 18:48:16 +01:00
Richard Hansen
32b6d8e37f tests: Factor out common server setup/teardown 2020-10-05 18:48:16 +01:00
Richard Hansen
377560eb51 express: Move general Express setup from webaccess.js
The `express-session`, `cookie-parser`, etc. middleware is not
specific to access checks.
2020-10-05 18:12:04 +01:00