John McLear
08b83ae358
LibreOffice: use "html:XHTML Writer File:UTF8" export method
...
This yields better conversion results, but requires the previous change,
otherwise there would have been difficulties in locating the temporary file
name.
2020-04-08 22:51:25 +02:00
John McLear
b2ccd0a191
LibreOffice: decouple the extension of the temporary file from its type
...
In the next commit, we are going to change the conversion method to
"html:XHTML Writer File:UTF8". Without this change, that conversion method name
would end up in the extension of the temporary file that is created as an
intermediate step. In this way, the file extensione will always stay ".html".
No functional changes, hopefully. Only the extension of the temporary file
should change.
2020-04-08 22:51:25 +02:00
John McLear
f6907c5fad
contentcollector: remove weird stuff LibreOffice adds to DOM before importing
2020-04-08 22:51:25 +02:00
John McLear
a371deb9d1
ImportHandler: quick & dirty way of being more lax when matching <title>
...
This change is meant to ease using LibreOffice as converter. When LibreOffice
converts a file, it adds some classes to the <title> tag.
This is a quick & dirty way of matching the <title> and comment it out
independently on the classes that are set on it.
2020-04-08 22:51:25 +02:00
John McLear
babf67175c
undomodule: disallow undoing "clear authorship colors"
...
Clearing the authorship colors of a document with at least two authors, and then
undoing that action caused a disconnect from the pad.
This change disallows undoing clearing authorship colors in order to prevent
the problem from affecting users, and adds the relative test coverage.
This is a change of behaviour, and is documented in the changelog.
Fixes #2802 (sidestepping it).
2020-04-08 15:20:37 +02:00
Paul Tiedtke
ffc718e8c0
docker: add support for arbitrary user ids (for OpenShift compatibility)
...
This solves a compatibility problem with OpenShift. In OpenShift security
model, the containers are run by arbitrary user ids, but the users are always
a member of the root group.
This PR adjusts the permissions accordingly.
Documentation reference:
https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#use-uid
2020-04-08 15:06:08 +02:00
Paul Tiedtke
79406051fa
Settings.js: support newlines in default values when using variable substitution
...
This allows, among other things, to correctly support the configuration of
defaultPadText in Docker via an environment variable.
2020-04-07 04:32:37 +02:00
John McLear
3872690715
ace2_inner: remove Chrome specific hack
...
This code was specific for older Chrome versions. It can be simplified now.
Fixes #3487
2020-04-07 03:47:46 +02:00
John McLear
8987c5d813
dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify
...
This was a major update that required code changes.
2020-04-03 00:05:15 +00:00
muxator
a286f32c2a
dependencies: remove object.values
...
This should have been part of 09949c242a
("node8: we no longer need to use a
shim for Object.values in stats.js")
2020-04-07 03:15:10 +02:00
muxator
a5ed0b524b
dependencies: use fixed versions in package.json
...
We want to track dependencies as explicitly as possible.
2020-04-07 03:04:23 +02:00
Viljami Kuosmanen
3edd727a94
customError: rewrite the module using class syntax
...
The previous syntax caused a deprecation warning on Node 10.
However, due to the very old version of log4js Etherpad is currently using,
customError objects are going to be displayed as { inspect: [Function: inspect] }.
This needs to be addressed later, updating log4js.
Fixes #3834 .
2020-04-07 02:03:17 +02:00
muxator
e6251687bf
api: test coverage for getStats()
2020-04-04 22:03:46 +02:00
muxator
4ef59bbda0
api: in getStats(), directly rewrote activePads as an expression
...
Instead of creating an empty Set and then mutate it.
2020-04-04 22:03:46 +02:00
Chocobozzz
82b919fc65
api: add getStats() function
2020-04-04 22:03:46 +02:00
John McLear
eb45934788
remove noise
2020-04-03 11:32:14 +01:00
John McLear
4e212d12b2
patch fix for 3825
2020-04-03 11:32:14 +01:00
Chocobozzz
d3f583c9c5
referer: do not send referrer when opening a link
...
This change augments what was already done in 54e0f2de5b
(PR with discussion
at #3636 ).
For documentation about the meaning of "noopener, noreferrer", see:
https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Window_functionality_features
2020-04-01 15:05:57 +02:00
Chocobozzz
0889a1313d
referer: do not send referrer when opening a link
...
This change augments what was already done in 54e0f2de5b
(PR with discussion
at #3636 ).
For documentation about the meaning of "noopener, noreferrer", see:
https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Window_functionality_features
2020-03-31 10:02:46 +02:00
John McLear
cdf5b63f26
use a deletePad approach that works when server is running and works with MySQL
2020-04-03 03:31:18 +02:00
John McLear
93180c287b
tests: in Travis, also run the backend tests
...
This change introduces automatic execution of the backend tests in Travis.
Implements #2351 .
2020-04-03 03:27:05 +02:00
John McLear
c2ea2b3a6d
webaccess: do not resave session
...
Before this change, the database was spammed with session values.
Modern express-session has this baked in.
See https://www.npmjs.com/package/express-session#resave for docs.
2020-04-03 02:55:33 +02:00
John McLear
1f0058dd6f
interesting discovery RE 3612 and 2802
2020-04-03 02:40:59 +02:00
muxator
3a46e010ce
dependencies: bump ueberdb2 0.4.3 -> 0.4.5
...
Original message from John McLear (PR #3817 ):
We now include BINARY in the MySQL WHERE select clause.
Test coverage might be desirable?
Fixes #2877
2020-04-03 01:27:49 +02:00
Viljami Kuosmanen
ccf406708e
openapi: support standard http error codes
...
API errors are now handled at the end of the request heap by
throwing exceptions from the handler
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
3742fdfb04
openapi: disable cors headers for /api/** paths
...
Still enabled for /rest/** and **/openapi.json
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
6aa30f213a
openapi: add jsonp support + test
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
e821bbcad8
openapi: add documentation, small optimisation
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
c2cca39c7d
openapi: minor improvements
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
172da1483e
openapi: add commented out version of response processors
...
For some weird reason, these seem to be part of the original swagger
implementation but tests assume they're turned off.
Perhaps a difference between /rest and /api?
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
5792f7224a
openapi: add response objects
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
03d8964a7a
openapi: upgrade to openapi-backend 2.4.0
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
f9d24f5a39
openapi: remove swagger-node-express
2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
25e081ac89
openapi: implement API handler with openapi-backend
...
- Tests pass ✅
- Added openapi-backend hook
- Generating OpenAPI v3 definitions for each API version
- Definitions served /api/openapi.json /api/{version}/openapi.json
2020-04-03 01:03:11 +02:00
John McLear
dbab4ad13a
dont pass empty author info to edit
2020-04-02 23:29:03 +01:00
muxator
3e3b0dec97
package-lock: restore baseline package-lock.json after 4db91cb2ed
...
This amends the previous commit, ans should have been part of 4db91cb2ed
.
2020-04-02 22:58:38 +02:00
John McLear
0a606de44a
bump package lock for ueber
2020-04-01 15:24:24 +00:00
John McLear
4db91cb2ed
Bump Ueber to 0.4.3
2020-04-01 11:49:41 +01:00
muxator
b7ac0f7991
Settings: allow the existence of "password" and "hash" attributes for users.
...
This brings back compatibility with ep_hash_auth, which was inadvertently broken
with 28a3bba4c1
.
Based on work by John McLear.
Fixes #3681 .
2020-04-01 04:13:21 +02:00
John McLear
53f126082a
SessionStore: replace password with PASSWORD_HIDDEN when storing in db
...
Fixes #3421 .
2020-04-01 03:39:05 +02:00
Daniel Krol
3e8b426847
ui: initialize color picker with the user's color
...
Initialize the color picker with user's current color.
Was previously initialized with grey in Farbtastic library.
Fixes #3617
2020-04-01 02:34:56 +02:00
Daniel Krol
ac9d7f80cc
tests: add tests showing that the color chooser is not initialized with the user's color
...
When opening the color chooser after a page load, the selected color is always
gray, and not the user's color.
2020-04-01 02:34:56 +02:00
John McLear
b74a4819ae
beta.etherpad.org been down a while
...
Sorry about the direct commit 🍡
2020-03-31 19:54:46 +01:00
muxator
4ee5ddb496
caching_midleware: also run when nodejs does not have crypto module
...
According to the nodejs docs [0] the `crypto` module might be unavailable on
some platforms:
> It is possible for Node.js to be built without including support for the
> crypto module. In such cases, calling require('crypto') will result in an
> error being thrown
A description of such scenarios can be found here [1].
> * running non-standard node in a resource- or security-constrained
> environment
> * running in emulated environment (browserify, webpack etc.)
> * building node from source and omitting openssl/crypto for random reason
TypeScript guys dealt with this same issue and they resolved it in an elegant
way in [2].
We copy that approach here: if importing crypto fails at runtime, we replace
sha256 with djb2 [3], which is weaker, but works for our case.
The djb2 story is fun: see this Stack Overflow post [4], and the original
mailing list post from 1991 [5] by Daniel J. Bernstein [6].
He was 20 at the time!
[0] https://nodejs.org/docs/latest-v10.x/api/crypto.html#crypto_determining_if_crypto_support_is_unavailable
[1] https://github.com/microsoft/TypeScript/issues/19100#issuecomment-335871998
[2] 9677b0641c
[3] http://www.cse.yorku.ca/~oz/hash.html#djb2
[4] https://stackoverflow.com/questions/1579721/why-are-5381-and-33-so-important-in-the-djb2-algorithm
[5] https://groups.google.com/forum/#!msg/comp.lang.c/lSKWXiuNOAk/zstZ3SRhCjgJ
[6] https://en.wikipedia.org/wiki/Daniel_J._Bernstein
2020-03-31 04:09:49 +02:00
Tom Hudson
fc754c9a1d
Switches cacheKey from base64 of path to sha256 of path; fixes #3502
2020-03-31 02:42:58 +02:00
John McLear
6c12a7fb1f
tests: backend tests for utf8 & emojis support
2020-03-31 02:11:25 +02:00
John McLear
352b432ed1
tests: in backend tests, use POST instead of GET for setText() and setHTML()
...
This is allowed starting from fc661ee13a
("core: allow URL parameters and POST
bodies to co-exist"), which landed in Etherpad 1.8.0. For the discussion, see
issue #3568 .
2020-03-31 02:11:25 +02:00
muxator
b2dc446740
tests: typo in a comment in the backend tests
2020-03-31 02:11:25 +02:00
John McLear
25bf460ac6
chat: in addMessage(), be tolerant when userId is missing
...
For whatever reason (a bug, a database corruption, ...) the userId field in
"msg" can sometimes be missing.
In this case, let's be defensive, use "unknown" as userId and issue a warning
in the console, instead of crashing the client.
Fixes #3731 (really a patch, the underlying issue is still present)
2020-03-30 22:15:51 +02:00
John McLear
fa3e4b146a
settings: document the possibility of using Unix sockets
...
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback ) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen ), which
in turn supports Unix sockets.
The only remaining thing to do was documenting it.
Fixes #3312
2020-03-30 03:36:55 +02:00