Commit graph

5615 commits

Author SHA1 Message Date
John McLear
8987c5d813 dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify
This was a major update that required code changes.
2020-04-03 00:05:15 +00:00
muxator
a286f32c2a dependencies: remove object.values
This should have been part of 09949c242a ("node8: we no longer need to use a
shim for Object.values in stats.js")
2020-04-07 03:15:10 +02:00
muxator
a5ed0b524b dependencies: use fixed versions in package.json
We want to track dependencies as explicitly as possible.
2020-04-07 03:04:23 +02:00
Viljami Kuosmanen
3edd727a94 customError: rewrite the module using class syntax
The previous syntax caused a deprecation warning on Node 10.
However, due to the very old version of log4js Etherpad is currently using,
customError objects are going to be displayed as { inspect: [Function: inspect] }.

This needs to be addressed later, updating log4js.

Fixes #3834.
2020-04-07 02:03:17 +02:00
muxator
e6251687bf api: test coverage for getStats() 2020-04-04 22:03:46 +02:00
muxator
4ef59bbda0 api: in getStats(), directly rewrote activePads as an expression
Instead of creating an empty Set and then mutate it.
2020-04-04 22:03:46 +02:00
Chocobozzz
82b919fc65 api: add getStats() function 2020-04-04 22:03:46 +02:00
John McLear
eb45934788 remove noise 2020-04-03 11:32:14 +01:00
John McLear
4e212d12b2 patch fix for 3825 2020-04-03 11:32:14 +01:00
Chocobozzz
0889a1313d referer: do not send referrer when opening a link
This change augments what was already done in 54e0f2de5b20 (PR with discussion
at #3636).

For documentation about the meaning of "noopener, noreferrer", see:
https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Window_functionality_features
2020-03-31 10:02:46 +02:00
John McLear
cdf5b63f26 use a deletePad approach that works when server is running and works with MySQL 2020-04-03 03:31:18 +02:00
John McLear
93180c287b
tests: in Travis, also run the backend tests
This change introduces automatic execution of the backend tests in Travis.

Implements #2351.
2020-04-03 03:27:05 +02:00
John McLear
c2ea2b3a6d webaccess: do not resave session
Before this change, the database was spammed with session values.
Modern express-session has this baked in.
See https://www.npmjs.com/package/express-session#resave for docs.
2020-04-03 02:55:33 +02:00
John McLear
1f0058dd6f interesting discovery RE 3612 and 2802 2020-04-03 02:40:59 +02:00
muxator
3a46e010ce dependencies: bump ueberdb2 0.4.3 -> 0.4.5
Original message from John McLear (PR #3817):
  We now include BINARY in the MySQL WHERE select clause.
  Test coverage might be desirable?

Fixes #2877
2020-04-03 01:27:49 +02:00
Viljami Kuosmanen
ccf406708e openapi: support standard http error codes
API errors are now handled at the end of the request heap by
throwing exceptions from the handler
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
3742fdfb04 openapi: disable cors headers for /api/** paths
Still enabled for /rest/** and **/openapi.json
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
6aa30f213a openapi: add jsonp support + test 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
e821bbcad8 openapi: add documentation, small optimisation 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
c2cca39c7d openapi: minor improvements 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
172da1483e openapi: add commented out version of response processors
For some weird reason, these seem to be part of the original swagger
implementation but tests assume they're turned off.

Perhaps a difference between /rest and /api?
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
5792f7224a openapi: add response objects 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
03d8964a7a openapi: upgrade to openapi-backend 2.4.0 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
f9d24f5a39 openapi: remove swagger-node-express 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
25e081ac89 openapi: implement API handler with openapi-backend
- Tests pass 
- Added openapi-backend hook
- Generating OpenAPI v3 definitions for each API version
- Definitions served /api/openapi.json /api/{version}/openapi.json
2020-04-03 01:03:11 +02:00
John McLear
dbab4ad13a dont pass empty author info to edit 2020-04-02 23:29:03 +01:00
muxator
3e3b0dec97 package-lock: restore baseline package-lock.json after 4db91cb2ed
This amends the previous commit, ans should have been part of 4db91cb2ed.
2020-04-02 22:58:38 +02:00
John McLear
0a606de44a bump package lock for ueber 2020-04-01 15:24:24 +00:00
John McLear
4db91cb2ed
Bump Ueber to 0.4.3 2020-04-01 11:49:41 +01:00
muxator
b7ac0f7991 Settings: allow the existence of "password" and "hash" attributes for users.
This brings back compatibility with ep_hash_auth, which was inadvertently broken
with 28a3bba4c1.
Based on work by John McLear.

Fixes #3681.
2020-04-01 04:13:21 +02:00
John McLear
53f126082a SessionStore: replace password with PASSWORD_HIDDEN when storing in db
Fixes #3421.
2020-04-01 03:39:05 +02:00
Daniel Krol
3e8b426847 ui: initialize color picker with the user's color
Initialize the color picker with user's current color.
Was previously initialized with grey in Farbtastic library.

Fixes #3617
2020-04-01 02:34:56 +02:00
Daniel Krol
ac9d7f80cc tests: add tests showing that the color chooser is not initialized with the user's color
When opening the color chooser after a page load, the selected color is always
gray, and not the user's color.
2020-04-01 02:34:56 +02:00
John McLear
b74a4819ae
beta.etherpad.org been down a while
Sorry about the direct commit 🍡
2020-03-31 19:54:46 +01:00
muxator
4ee5ddb496 caching_midleware: also run when nodejs does not have crypto module
According to the nodejs docs [0] the `crypto` module might be unavailable on
some platforms:

> It is possible for Node.js to be built without including support for the
> crypto module. In such cases, calling require('crypto') will result in an
> error being thrown

A description of such scenarios can be found here [1].

> * running non-standard node in a resource- or security-constrained
>   environment
> * running in emulated environment (browserify, webpack etc.)
> * building node from source and omitting openssl/crypto for random reason

TypeScript guys dealt with this same issue and they resolved it in an elegant
way in [2].

We copy that approach here: if importing crypto fails at runtime, we replace
sha256 with djb2 [3], which is weaker, but works for our case.

The djb2 story is fun: see this Stack Overflow post [4], and the original
mailing list post from 1991 [5] by Daniel J. Bernstein [6].

He was 20 at the time!

[0] https://nodejs.org/docs/latest-v10.x/api/crypto.html#crypto_determining_if_crypto_support_is_unavailable
[1] https://github.com/microsoft/TypeScript/issues/19100#issuecomment-335871998
[2] 9677b0641c
[3] http://www.cse.yorku.ca/~oz/hash.html#djb2
[4] https://stackoverflow.com/questions/1579721/why-are-5381-and-33-so-important-in-the-djb2-algorithm
[5] https://groups.google.com/forum/#!msg/comp.lang.c/lSKWXiuNOAk/zstZ3SRhCjgJ
[6] https://en.wikipedia.org/wiki/Daniel_J._Bernstein
2020-03-31 04:09:49 +02:00
Tom Hudson
fc754c9a1d Switches cacheKey from base64 of path to sha256 of path; fixes #3502 2020-03-31 02:42:58 +02:00
John McLear
6c12a7fb1f tests: backend tests for utf8 & emojis support 2020-03-31 02:11:25 +02:00
John McLear
352b432ed1 tests: in backend tests, use POST instead of GET for setText() and setHTML()
This is allowed starting from fc661ee13a ("core: allow URL parameters and POST
bodies to co-exist"), which landed in Etherpad 1.8.0. For the discussion, see
issue #3568.
2020-03-31 02:11:25 +02:00
muxator
b2dc446740 tests: typo in a comment in the backend tests 2020-03-31 02:11:25 +02:00
John McLear
25bf460ac6 chat: in addMessage(), be tolerant when userId is missing
For whatever reason (a bug, a database corruption, ...) the userId field in
"msg" can sometimes be missing.

In this case, let's be defensive, use "unknown" as userId and issue a warning
in the console, instead of crashing the client.

Fixes #3731 (really a patch, the underlying issue is still present)
2020-03-30 22:15:51 +02:00
John McLear
fa3e4b146a settings: document the possibility of using Unix sockets
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen), which
in turn supports Unix sockets.

The only remaining thing to do was documenting it.

Fixes #3312
2020-03-30 03:36:55 +02:00
John McLear
85217b55e0 contentcollector: pasting an OL in Chrome inserted an additional line break. Fixed.
This comments out some code that was probably a quirk from ie6 era.
See PR: https://github.com/ether/etherpad-lite/issues/2412

Fixes #2412.
2020-03-30 02:28:08 +02:00
John McLear
8b2fe75867 toolbar: don't show the "saved revision" button in timeslider
The saved revision "star" button appeared in the timeslider toolbar too.

This change introduces a second flag "page" in toolbar.menu(), which controls
whether the toolbar is being drawn for a pad or in the timeslider page.

Fixes #3767.
2020-03-30 01:59:49 +02:00
John McLear
0d2854571d toolbar: show the "save revision" button only on the right toolbar.
Revision b480416375 fixed a bug, but introduced a regression, and the "save
revision" "star" button started to appear both on the left and the right
toolbar.

This change introduces a flag "whichMenu" in toolbar.menu(), that controls
whether the left, the right or the timeslider toolbar is being drawn.
2020-03-30 01:59:49 +02:00
muxator
463d7fb163 timeslider: always pass the "isReadOnly" parameter to toolbar.menu()
This argument was missing since since b662d5c618 ("dont show editing buttons
in R/O view"), 2015-05-19.
2020-03-30 01:59:49 +02:00
muxator
2360c33629 toolbar: formatting, no functional changes.
In preparation for the next commits by John.
2020-03-30 01:59:49 +02:00
muxator
4a17443a2e tests: future proof travis/runner.sh and make it more robust
This change only slightly modifies the bahaviour of travis/runner.sh, but:

1. speeds up the tests, because it does not install dependencies before running
   them. Dependencies are already installed by .travis.yml in its "install"
   section;
2. if for some reason Etherpad does not start, there is a sudden failure,
   instead of launching the front end tests anyway, and then having to wait 10
   minutes for them to time out;
3. it is compatible with a different way of installing etherpad dependencies
   ("npm ci" instead of "npm install"), whereas the previous one broke. This
   will probably be introduced in a while, so this change future-proofs for it
   (see #3778).
4. it is more robust, because it detects more reliably the paths, and changes
   between them correctly;

Please note that the script now requires bash instead of a generic posix shell.
This may break on platforms which default to a different shell (FreeBSD, MacOS?)
2020-03-29 23:59:28 +02:00
muxator
2b753f13ea package-lock.json: resync. This should have been part of 06d961f2b6 ("Checks MySQL for charset")
When changing something in package.json, it is necessary to also commit an
associated package-lock.json generated from a clean install.
2020-03-29 01:35:30 +01:00
muxator
a181ea8fbe bin: replace double backticks (``) with $()
This has been the recommended way of launching subshells for ages, and is easier
to type and on the eye.

For a quick reference, see:
https://unix.stackexchange.com/questions/5778/whats-the-difference-between-stuff-and-stuff#5782
2020-03-29 00:53:17 +01:00
John McLear
1ad6e9c288 Settings: when restarting via UI, tell the admins to ignore a warning about sessionKey
Fixes #3770.
2020-03-28 19:09:22 +01:00