Commit graph

5380 commits

Author SHA1 Message Date
muxator
cb07805022 NodeVersion: take responsibility for ugly code 2018-08-22 00:12:53 +02:00
muxator
93641a165d dependencies: update socket.io 1.7.3 -> 2.1.1
Version 2.x is not backwards compatible with 1.x.
However, according to [0], [1] and [2], it seems that the biggest concern is
when mixing different server and client versions, and this is not Etherpad's
case.

Smoke tested (successfully) on Firefox 61, Chromium 68.

npm audit before this change:
  found 12 vulnerabilities (9 low, 3 high) in 8205 scanned packages
    11 vulnerabilities require semver-major dependency updates.
    1 vulnerability requires manual review. See the full report for details.

npm audit after this change:
  found 1 low severity vulnerability in 8196 scanned packages
    1 vulnerability requires manual review. See the full report for details.

Fixes #3462

[0] https://socket.io/blog/socket-io-2-0-0/
[1] https://github.com/socketio/socket.io/issues/3007#issuecomment-336791836
[2] a0d7a794de
2018-08-18 19:42:42 +02:00
muxator
5f9de6948c cleanRun.sh: get rid of "Bad substitution" error
It was introduced in 4a18f0d97d (#3356).
2018-08-17 22:22:14 +02:00
muxator
4408a1e505 release: prepare for 1.7.0
Written the changelog and updated package.json.

From now on, releases will be cut from develop, and merged directly into master.

Each release will be a tag on the master branch (e.g. 1.7.0).
A "release/1.7.0" branch will eventually be created only if/when a hotfix will
be needed.
2018-08-17 00:18:31 +02:00
muxator
d7696413da createRelease.sh: deprecate the script. It will be removed or modified.
Starting with Etherpad 1.7.0, the branching strategies for releases will be
simplified.
Leaving this script here, as it's useful for documenting other release-related
activities.
2018-08-17 00:09:25 +02:00
muxator
36b629346d dependencies: updated npm to 6.4.0 2018-08-16 22:04:40 +02:00
muxator
10eadba0d6
docs: mention that nodejs >= 8.9 is preferred 2018-08-15 23:43:11 +02:00
muxator
fc14f60a4b runtime: polyfill Object.values()
Minimum supported Node version is 6.9.0, but Object.values() was introduced in
Node < 7. Let's use a polyfill if needed.

This will be removed when minimum supported Node version is raised to 8.9.0.

Fixes #3459
2018-08-15 22:34:05 +02:00
muxator
7a6d969537 docs: started writing down the requirements for pull requests
No more merge commits in the PR: we want to be able to bisect easily.
Probably the whole doc needs to be updated. Also, we need to have templates for
PRs and Bug Reports, and they have to be described in the document.

Fixes #3454
2018-08-15 02:19:05 +02:00
muxator
9d815c58b8 deprecations: get rid of DEP0005 about Buffer()
Similar code still lives in some dependent libraries.
It will be updated when upgrading the dependencies.

Fixes #3446
2018-08-14 19:45:03 +02:00
muxator
6d5a6cf795 caching_middleware: removed unnecessary escape in regex
Found by eslint with "no-useless-escape"
2018-08-14 19:33:10 +02:00
"muxator ext:(%22)
d499e1b046 docs: direct link to measured.Collection from stats.md 2018-08-14 13:27:31 +02:00
"muxator ext:(%22)
42a0772955 dependencies: updated measured 1.1.0 -> measured-core 1.11.2
When installing dependencies, npm informed us that measured had been deprecated,
and renamed to measured-core. Let's follow the advice, and get rid of the
warning.

  npm WARN deprecated measured@1.1.0: This package has been renamed to
  measured-core, all versions of measured have been re-released under
  measured-core, please update your package and consider updating to the newest
  version. See https://github.com/yaorg/node-measured for latest updates.

This package is used to expose a single endpoint ("/stats"), whose output does
not change after this commit.

Fixes #3458
2018-08-14 13:22:41 +02:00
muxator
d38f53181f settings.json: in the mysql example, mention the existence of port parameter
The port parameter is supported by the mysql driver, but to know this one has to
read through ueberDB's code.

At least for this simple case, it may make sense to be explicit.

Fixes #3453
2018-08-11 16:44:37 +02:00
Masaru Nagaku
392f39b623 fix bug for getPadPlainText 2018-08-11 11:02:20 -03:00
muxator
e9fb63f426 docs: "``js" -> "``json" in Markdown of some json blocks 2018-08-09 22:27:56 +02:00
Muh Muhten
3cedf474e5 Fix misparse of port when binding Unix socket
The hostname:port of URIs used in Minify are currently bogus and refer
to localhost only for historical reasons; there's no reason to retain
them and omitting them avoids generating an invalid URI when "port" is
not an integer.

Context: settings.port is passed to express's listen; if not numeric, it
is used a filename for a Unix domain socket.
This allows e.g. starting a server to be reverse-proxied on a multi-user
system, using the filesystem to handle access control and avoiding need
to allocate port numbers.

Before this change, etherpad-lite starts without error when configured
to listen on a Unix domain socket in this manner. However, `pad.js` and
`ace2_common.js` are generated incorrecting, causing an error
"Uncaught Error: The module at "ep_etherpad-lite/static/js/rjquery" does not exist."
when loading the editor:

When settings.port is a non-numeric string, e.g. `etherpad.sock`, a URI
of the form `http://localhost:etherpad.sock/static/js/rjquery.js` is
generated and parsed to find the file needed. In this case, the file
searched for is `:etherpad.sock/static/js/rjquery.js`, rather than the
expected `static/js/rjquery.js`. No such file exists, and the required
code is silently omitted from the bundle.

As a workaround, hard-code a (meaningless) hostname which can be parsed
correctly, since the current code makes no use of it anyway.
2018-08-10 01:57:30 +02:00
muxator
6c6ac40f7b doc: review "Tweak the settings" 2018-08-09 19:42:14 +02:00
Michael Braun
980a5951ea hint to --sessionkey, --apikey and --credentials in README.md 2018-08-09 19:42:14 +02:00
Michael Braun
971853ca58 remove -k argument as it is currently for both sessionkey and apikey 2018-08-09 19:42:14 +02:00
muxator
b466acd881 Merge test fixes for import/export. Fixes #3425.
Now we have a working test for #3268 (fe08d2a1db).
2018-08-09 18:54:55 +02:00
muxator
10f0cb3253 security: suggest installing ep_hash_auth to get rid of plain text passwords
In its current form, Etherpad stores passwords for users in plain text in
settings.json. We should at least mention the opportunity of installing
ep_hash_auth to start tackling this problem.

The advice was added in README.md and in settings.json.template

Fixes #3444
2018-08-09 00:17:15 +02:00
muxator
044f761b99 settings.json: reformat comments, no functional changes. 2018-08-08 23:49:32 +02:00
ilmar
718b175524 tests: show that Etherpad is not able to import & export back a mixed lists
This commit replaces an old test with a new, different one.
Reasons for removing the old test:

- the old list test was introduced in cadb83a with an explicit attempt to import
  an invalid HTML and see if it could recover from it
- in 5967e08 the code base finally managed to export a meaningful HTML (but we
  do not know if other bugs were introduced in pursuing this)
- the old test seemed to aim at attaining resiliency, but correctness should be
  addressed before that

Modified by muxator. See discussion in:
https://github.com/ether/etherpad-lite/pull/3268#issuecomment-411185713
2018-08-06 23:15:48 +03:00
"muxator ext:(%22)
d23cf924c9 installDeps: replace GNU specific long options whith short ones
Long options are only present in GNU cut, and we aim to also support other
platforms.
2018-07-31 12:44:17 +02:00
muxator
65b9626669 dependencies: updated express & express-session
express: 4.13.4 -> 4.16.3
express-session: 1.13.0 -> 1.15.6

This, along with the previous commit, partially implements #3429.
2018-07-29 01:44:49 +02:00
muxator
1101c0279f dependencies: wd, 1.6.1 -> 1.10.3
It's a dev dependency, no breakages in backend and frontend tests.
2018-07-29 01:41:15 +02:00
muxator
a0d5eb18a0 tests: introduce istanbul.js to check code coverage
see: https://istanbul.js.org
2018-07-28 23:54:51 +02:00
muxator
f7000c786d tests: update mocha 5.0.5 -> 5.2.0
This does not break any backend tests
2018-07-28 23:54:51 +02:00
muxator
4e10f4d52a tests: sent Nyan Cat into eternal oblivion
Alive and kicking since 2014 (3ac833d455), but it is now time to go on
2018-07-28 23:54:51 +02:00
muxator
379690abbf tests: backend tests are now run with "npm test" instead of a custom bash script 2018-07-28 23:54:51 +02:00
muxator
1a4a26fc73 tests: move mocha among devDependencies in package.json 2018-07-28 23:54:51 +02:00
muxator
1f19b20796 tests: move supertest among devDependencies in package.json 2018-07-28 23:54:51 +02:00
muxator
cb8275fc4b docs: trivial corrections to test documentation 2018-07-28 23:54:51 +02:00
muxator
a3ae374a67 installDeps: made version detection more robust. Require Node >= 6.9, npm >= 3.10
require_minimal_version() tries to parse semvers in a Posix portable way and
ensure a minimal Major.minor version is met.
2018-07-28 23:33:24 +02:00
muxator
a69f8a3db9 runtime: deprecate Node <= 7. From Etherpad 1.8.0 minimum Node version will be 8 2018-07-28 23:33:24 +02:00
muxator
7544585908 runtime: enforce minimal node version to 6.9.0
Etherpad 1.6.6 does not run on node <= 5 already.
Node 6.9 is the first LTS release in the 6 series, and comes with npm 3.10.8.

Declarations in package.json are advisory unless the user has set
`engine-strict` config flag.

Updated the docs accordingly.
2018-07-28 23:33:24 +02:00
muxator
f1056bf01a docs: minimal revision 2018-07-27 00:42:13 +02:00
translatewiki.net
7fa198d448 Localisation updates from https://translatewiki.net. 2018-07-26 10:04:02 +02:00
muxator
42e0646327 Merge Firefox frontend test fixes
The fix was done on another branch to show that it completely solves tests
failures introduced by 2be873e3c7.

All remaining failures in this branch are due to other changes made after
**1.6.6**, namely from fe08d2a1db included onwards.
2018-07-21 14:16:20 +02:00
muxator
4580537537 tests: fix frontend tests on firefox
These changes make the frontend tests send keydown instead of keypress in
firefox, in accordance with #3413 (Use keydown instead of keypress on Firefox).

The percentage of passing frontend in Firefox 61 on this revision is 100%.
2018-07-20 23:58:47 +02:00
John McLear
a4c67f0d03
Update package.json 2018-07-20 17:54:48 +01:00
muxator
60c1036ecb
changelog: put <ol> in backticks
Github's Markdown renderer broke the layout of the readme file.
Putting `<ol>` in backticks keeps it happy.
2018-07-20 12:33:45 +02:00
Mantary
f17fe571df Use keydown instead of keypress on Firefox (cherry pick from 2be873e3c7)
This puts issue: #3383, PR: #3413 (Use keydown instead of keypress on Firefox)
directly on top of bacc37cf9b, which is the last commit before fe08d2a1db
merged #3268 (getLineHTMLForExport - Fixes #2486 but breaks plugins).

This is necessary for showing that:

- bacc37cf9b was passing client side tests on firefox
  Visit `http://<yourhost>/tests/frontend/` using firefox.

- 2be873e3c7 forgot to update the client side tests. You cannot test it since
  that commit was mad on top of other changes, hence this graft

- in this commit there are 20 failures with firefox:
  passes: 82 failures: 20 duration: 261.84s
2018-06-28 16:41:06 +09:00
translatewiki.net
bacc37cf9b Localisation updates from https://translatewiki.net. 2018-05-21 16:02:15 +02:00
Wikinaut
6dd172d6b7 Update settings.json.template 2018-05-12 21:48:21 +02:00
Wikinaut
784bd8c7cc Update settings.json.template
harmonizing the database name. "store" is the table name - not to be used here! Database name must not contain "-", but can contain "_". See https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
2018-05-12 21:48:21 +02:00
muxator
bfec44e346 Release version 1.6.6 2018-05-05 00:53:59 +02:00
muxator
e13ae0aec5 changelog: better specified CVE description
Previous commit was wrong.
Fixes #3372, really.
2018-05-04 23:24:58 +02:00
muxator
10d555bc91 changelog: better specified CVE description
fixes #3372
2018-05-04 23:15:22 +02:00