libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
7613 commits 2 branches 0 tags 24 MiB
Commit graph

7613 commits

This branch
This branch
All branches
Author SHA1 Message Date
Richard Hansen
92e0bff80c favicon: Refactor handler and add tests 2021-04-20 13:33:55 -04:00
Richard Hansen
d0d4b95980 favicon: Only serve from /favicon.ico 2021-04-20 13:33:54 -04:00
Richard Hansen
c2ac5e6145 tests: Fix missing commit in "Upgrade from latest release" workflow 2021-04-20 13:20:33 -04:00
Richard Hansen
96208e8239 tests: Rename workflow to "Upgrade from latest release" 2021-04-20 13:20:04 -04:00
webzwo0i
3a5af19492 AuthorManager: await for more db methods 2021-04-20 11:27:44 -04:00
webzwo0i
35797e57fc AuthorManager: await db.set in createAuthor 2021-04-20 11:27:44 -04:00
webzwo0i
20c512c8a9 test for await db.set in createAuthor 2021-04-20 11:27:43 -04:00
Chocobozzz
a001a13411 fix(perf): Disable wtfnode dump by default 
Consumes a lot of CPU so it's better to enable it on purpose
 2021-04-13 16:01:41 +02:00
Richard Hansen
951d369e3f padaccess: Delete useless try/catch 2021-04-12 22:51:06 -04:00
Richard Hansen
329d037431 Simplify read-only pad ID checks 2021-04-12 22:51:06 -04:00
Richard Hansen
f63610bb12 tests: Test access bypass via read-only pad ID 2021-04-12 22:51:06 -04:00
pcworld
3c71e8983b Fix read only pad access with authentication 
Before this commit, webaccess.checkAccess saved the authorization in
user.padAuthorizations[padId] with padId being the read-only pad ID,
however later stages, e.g. in PadMessageHandler, use the real pad ID for
access checks. This led to authorization being denied.

This commit fixes it by only storing and comparing the real pad IDs and
not read-only pad IDs.

This fixes test case "authn user readonly pad -> 200, ok" in
src/tests/backend/specs/socketio.js.
 2021-04-12 22:51:06 -04:00
pcworld
0d33793908 tests: readonly pastes must be readable+exportable with authentication 
readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
 2021-04-12 22:51:06 -04:00
translatewiki.net
7d5cad6932 Localisation updates from https://translatewiki.net. 2021-04-12 15:43:27 +02:00
Richard Hansen
d01b593d3c chat: Ensure that ctx.text is interpreted as HTML 2021-04-11 06:20:29 +02:00
Richard Hansen
a3a0ff7bc1 chat: Use jQuery to build the chat message DOM object 
This reduces the likelihood of accidentally introducing an XSS
vulnerability.
 2021-04-11 06:20:29 +02:00
Richard Hansen
74554d36a5 chat: Allow chatNewMessage hook to modify more values 2021-04-11 06:20:29 +02:00
Richard Hansen
1ad134a538 PadMessageHandler: Improve logging of pre-CLIENT_READY drops 
This should make it easier to see what is emitting the the messages so
it can be fixed.
 2021-04-09 18:43:02 +02:00
Richard Hansen
91e99c84ca import: Reduce log spam from unsupported elements 2021-04-09 18:43:02 +02:00
Richard Hansen
09c349e2a1 import: Use a Set for supported elements 2021-04-09 18:43:02 +02:00
translatewiki.net
e31da37d00 Localisation updates from https://translatewiki.net. 2021-04-08 14:54:44 +02:00
webzwo0i
a796811558 escape userId before setting it as HTML attribute 2021-04-07 23:29:27 -04:00
webzwo0i
9408d4395f remove custom timeouts 2021-04-07 17:47:11 -04:00
Mikk Andresen
af19a010c5 DOCS: Fix broken links in TOC - use Marked to generate ID slugs instead of local implementation that was giving out different IDs in some cases - https://github.com/citizenos/citizenos-fe/issues/535 2021-04-06 21:42:01 +02:00
Mikk Andresen
78ea888cb7 DOCS: Add basic styles for tables and resources section to Changeset docs - https://github.com/citizenos/citizenos-fe/issues/535 2021-04-06 21:42:01 +02:00
webzwo0i
e483b91916 Don't make browsers fail on sync-xhr until require-kernel is dropped 2021-04-05 04:34:29 -04:00
snyk-bot
e86547c4f5 fix: upgrade openapi-backend from 3.9.0 to 3.9.1 
Snyk has created this PR to upgrade openapi-backend from 3.9.0 to 3.9.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-04-03 16:54:52 -04:00
Richard Hansen
e4754eb9df tests: Fix race in timeslider_revisions.js 2021-04-02 15:46:27 +02:00
Richard Hansen
27e5373050 tests: Fix race in change_user_name.js 2021-04-02 15:46:27 +02:00
Richard Hansen
58dac4c0fc tests: Fix races in inner_height.js 2021-04-02 15:46:27 +02:00
Richard Hansen
4ad80d4072 tests: Delete overly aggressive frontend test timeouts 
This should reduce test flakiness.
 2021-04-02 15:46:27 +02:00
Richard Hansen
7cbb3f565d tests: Speed up helper.edit() and helper.clearPad() 2021-04-02 15:46:27 +02:00
Richard Hansen
7a154b1e1d tests: Wait for commit instead of sleep in timeslider_revisions.js 2021-04-02 15:46:27 +02:00
Richard Hansen
d15ff9ce8d tests: Add missing awaits to change_user_name.js 
Also increase the timeouts.
 2021-04-02 15:46:27 +02:00
Richard Hansen
bbf89dfcf9 tests: Refine frontend tests 
* Switch from `helper.newPad()` to `helper.aNewPad()`.
  * Promisify.
  * Delete redundant logic.
  * Lint fixes.
 2021-04-02 15:46:27 +02:00
Richard Hansen
3790c0e41c tests: Use async/await instead of returning Promises 
This has a few benefits:
  * It's more readable: It's easier for a user of the function to know
    that they should use `await` when calling the function.
  * Stack traces are more useful.
  * Some code (e.g., the async npm package) uses introspection to
    determine if a function is `async` vs. takes a callback.
 2021-04-02 15:46:27 +02:00
Richard Hansen
b164a34e64 lint: Fix ESLint error in helper/methods.js 2021-04-02 15:46:27 +02:00
Richard Hansen
62403159df tests: Invert conditions to improve readability 2021-04-02 15:46:27 +02:00
Richard Hansen
dd9c08d821 tests: Wait for commit rather than sleep 2021-04-01 14:31:56 +02:00
Richard Hansen
2776946627 tests: Use cookie libraries to manipulate cookies 2021-04-01 14:31:56 +02:00
Richard Hansen
202d65d2bb pad_cookie: Re-read prefs cookie on every call to getPref() 
This makes it easier to write tests that clear the prefs cookie.
 2021-04-01 14:31:56 +02:00
Richard Hansen
0df41a9a78 pad_cookie: Move initial cookie read+save to init() 
Benefits of this change:
  * It avoids race conditions with tests that clear cookies.
  * Any attempt to get or set a value before `init()` is called will
    throw an error, ensuring the API is used properly.
  * Improved readability: It's easier to understand what the
    `pad.noCookie` check is doing.
 2021-04-01 14:31:56 +02:00
Richard Hansen
aeee5c0b69 tests: Fix cookie name in helper.js tests 2021-04-01 14:31:56 +02:00
Richard Hansen
137fa89d2a tests: Always set cookie path to / (to match non-test behavior) 2021-04-01 14:31:56 +02:00
Richard Hansen
5666c34061 tests: Fix encoding of prefs cookie 2021-04-01 14:31:56 +02:00
Richard Hansen
63e6e163b7 tests: Promisify some of the helper.js tests 2021-04-01 14:31:56 +02:00
Richard Hansen
701a40ac13 tests: Promisify multiple_authors_clear_authorship_colors.js 2021-04-01 14:31:56 +02:00
Richard Hansen
8b43f9eb5f tests: Promisify authorship_of_editions.js 2021-04-01 14:31:56 +02:00
Richard Hansen
056939cd22 tests: Refine helper/multipleUsers.js 
* Rename "current"/"other" to "user0"/"user1".
  * Delete unnecessary `_createTokenFor*` functions.
  * Rename helper functions to remove unnecessary leading underscore
    and for brevity.
  * Use jQuery's `.attr()` to build the second iframe.
  * Use js-cookie to manipulate the token cookie.
  * Don't attempt to set the token cookie if the pad isn't loaded.
  * Use the token generated by the pad.
  * Only clear the token cookie at path=/.
 2021-04-01 14:31:56 +02:00
Guilherme Goncalves
f2034ad368 tests: Add regression tests for character composition race 
See: https://github.com/ether/etherpad-lite/issues/4978
 2021-03-30 16:42:53 -04:00