libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 19:22:02 +01:00
Code Issues Projects Releases Wiki Activity
7757 commits 208 branches 105 tags 125 MiB
Commit graph

79 commits

Author SHA1 Message Date
Richard Hansen
b991948e21 SessionStore: Don't write DB record if already expired 2022-01-17 21:33:58 -05:00
Richard Hansen
4d498725c7 SessionStore: Improve cookie expiration check 
* Don't mutate `sess.cookie.expires`.
  * Allow `sess.cookie` to be nullish.
  * Always compare `Date` objects.
 2022-01-17 18:17:40 -05:00
Richard Hansen
928c598ecf tests: Add SessionStore backend tests 2022-01-17 17:51:08 -05:00
Richard Hansen
d3984aa621 express: Move preAuthorize hook after express-session 
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.

This change undoes the following commits:
  * bf35dcfc50
  * 0b1ec20c5c
  * 30544b564e
 2022-01-14 00:44:54 -05:00
Richard Hansen
02a56dc58c PadMessageHandler: Allow handleMessageSecurity to grant one-time write access 2021-12-21 17:23:56 -05:00
Richard Hansen
696f9c3367 specialpages: New /health endpoint for health checking 
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
 2021-12-21 17:19:56 -05:00
Richard Hansen
649fbdccf5 express: Move static handlers to expressPreSession 
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
 2021-12-20 20:08:19 -05:00
Richard Hansen
472eddc821 webaccess: Skip checks if next is called in preAuthenticate 2021-12-20 20:08:18 -05:00
Richard Hansen
fc498f0ae6 tests: Delete test pad before attempting import 2021-12-20 20:08:18 -05:00
Richard Hansen
02d1b90d30 tests: Factor out USER_CHANGES/ACCEPT_COMMIT helpers 
This will make it possible for other tests to reuse the code.
 2021-12-19 16:53:24 -05:00
Richard Hansen
cff089e54e PadMessageHandler: Accept retransmissions of USER_CHANGES 2021-12-14 01:02:00 -05:00
Richard Hansen
a370cfa5c6 Pad: Don't create no-op revisions 2021-12-14 01:02:00 -05:00
Richard Hansen
dbacc73c36 tests: Basic USER_CHANGES backend tests 2021-12-14 01:02:00 -05:00
John McLear
6cca27dea6 API: getText with old revision should only return text, not atext 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-05 18:50:39 -05:00
Richard Hansen
a02e45499d Use the new AttributeMap and Changeset APIs 2021-11-28 23:47:27 -05:00
Richard Hansen
f00b1ae89b Merge branch 'master' into develop 2021-11-28 23:10:45 -05:00
Richard Hansen
19909eae53 ImportEtherpad: Rigorously check imported data 2021-11-28 22:28:55 -05:00
Richard Hansen
23f8a12922 ImportEtherpad: Don't make any changes if data is bad 2021-11-28 22:28:55 -05:00
Richard Hansen
a2e77a7128 ImportEtherpad: Enforce single-pad records 2021-11-28 22:28:54 -05:00
Richard Hansen
00fc7c8e86 ImportEtherpad: Reject unknown DB records 2021-11-28 22:27:44 -05:00
Richard Hansen
fea7948b05 ImportEtherpad: Fix author info processing 2021-11-28 19:00:44 -05:00
Richard Hansen
777d045246 GroupManager: Clean up any mappings when deleting a group 2021-11-28 14:06:47 +00:00
Richard Hansen
dab881139d Pad: Fix copyPadWithoutHistory apool corruption bug 2021-11-22 18:40:22 -05:00
Richard Hansen
ed78b56079 tests: Refine copyPadWithoutHistory tests 2021-11-22 18:40:22 -05:00
Richard Hansen
f1eb7a25a6 Changeset: Migrate to the new attribute API 2021-11-21 04:11:41 -05:00
Richard Hansen
f40d285109 tests: Refine contentcollector tests 2021-11-21 04:11:41 -05:00
Richard Hansen
263105d185 tests: Remove overly aggressive timeouts 2021-11-13 03:05:38 -05:00
Richard Hansen
3c6aef11bd lint: Add 'use strict'; 2021-11-13 03:02:40 -05:00
Richard Hansen
26675c5019 chat: New chatNewMessage server-side hook 2021-11-01 01:54:29 -04:00
Richard Hansen
65bd597053 tests: Move socket.io connection helpers to common.js 2021-11-01 01:54:28 -04:00
Richard Hansen
d36a37d666 PadMessageHandler: Delete unnecessary protocolVersion 
We can assume that the client code is always in sync with what the
server expects.
 2021-10-30 03:06:57 -04:00
webzwo0i
63de249236 tests: do not re-add identical text with setText 2021-10-29 02:29:45 -04:00
Richard Hansen
0ea6f1518c tests: Remove overly agressive timeouts 2021-10-07 20:31:54 -04:00
Richard Hansen
2155e216a6 tests: Remove overly agressive timeouts 2021-10-07 19:53:03 -04:00
Richard Hansen
e8514db365 tests: Replace manual checks with assert 2021-10-03 20:23:30 -04:00
Richard Hansen
72b12bc97b tests: Slight backend test reorganization 
* Delete some useless uses of `describe()`
  * Combine some dependent tests
  * Rename some tests to avoid duplicate names
 2021-10-03 20:06:33 -04:00
Richard Hansen
dd37251da4 tests: Promisify some backend tests 2021-10-03 19:25:50 -04:00
Richard Hansen
39a971e3b9 tests: Remove overly aggressive timeouts 2021-10-03 19:25:50 -04:00
Richard Hansen
70c16bb1b5 tests: Check import of export of read-only pad ID 2021-09-15 18:32:06 -04:00
John McLear
b683dc300d tests: Check for leak of read-write pad ID when exporting 2021-09-15 18:32:06 -04:00
Richard Hansen
0f5a4bd1f8 tests: Restructure read-only pad export tests 
This also adds coverage for `.etherpad` exports.
 2021-09-15 18:32:06 -04:00
Richard Hansen
bc9cdd6957 SocketIORouter: Add acknowledgement support 2021-09-06 14:45:26 -04:00
Richard Hansen
9f9adb369b SocketIORouter: Don't crash if message handler throws 2021-09-06 14:45:26 -04:00
Richard Hansen
320e5c1109 SocketIORouter: Add unit tests 2021-09-06 14:45:26 -04:00
Richard Hansen
348bc0c269 tests: Delete overly aggressive timeouts 
See https://github.com/ether/etherpad-lite/issues/4988 for rationale.
 2021-08-30 02:02:37 -04:00
Richard Hansen
c816c20bc7 HTML import: Replace cheerio with jsdom to simplify contentcollector 
Cheerio provides jQuery-like objects but they wrap DOM Node-like
objects that are not 100% API compatible with the DOM spec. Because of
this, contentcollector, which is used in browsers and in Node.js
during HTML import, has until now needed to support two different
APIs. This commit modifies HTML import to use jsdom instead of cheerio
and simplifies contentcollector.
 2021-08-12 13:53:23 -04:00
Richard Hansen
6c2f31a5cb tests: Add tests for settings.json parsing 2021-06-06 14:00:52 -04:00
Richard Hansen
0d9476529e sanitizePathname: Move to separate module to facilitate reuse 2021-06-03 15:10:21 -04:00
Richard Hansen
926da57e34 Minify: Refine sanitizePathname to avoid pathname traversal 2021-06-03 15:10:21 -04:00
Richard Hansen
59c03bde20 lint: Re-run eslint --fix 2021-05-12 11:26:35 +02:00