libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 19:22:02 +01:00
Code Issues Projects Releases Wiki Activity
9002 commits 208 branches 105 tags 125 MiB
Commit graph

5647 commits

Author SHA1 Message Date
Richard Hansen
99b7bdd176 chat: Set timestamp CSS font-size: smaller; 2021-11-01 01:54:29 -04:00
Richard Hansen
51907015ed chat: Fix gritter duration 2021-11-01 01:54:29 -04:00
Richard Hansen
23f963c9fe chat: Improve name mention detection 2021-11-01 01:54:29 -04:00
Richard Hansen
26675c5019 chat: New chatNewMessage server-side hook 2021-11-01 01:54:29 -04:00
Richard Hansen
23a98e5946 tests: Refactor waitForSocketEvent() to improve readability 2021-11-01 01:54:29 -04:00
Richard Hansen
3132235f2c tests: Rename getSocketEvent() to waitForSocketEvent() 2021-11-01 01:54:29 -04:00
Richard Hansen
65bd597053 tests: Move socket.io connection helpers to common.js 2021-11-01 01:54:28 -04:00
Richard Hansen
bea57ff249 tests: Use logger variable for consistency 2021-11-01 01:54:28 -04:00
Richard Hansen
9fbd2e5c3d chat: New chatSendMessage client-side hook 2021-11-01 01:54:28 -04:00
Richard Hansen
4c2f7f9a11 chat: Rename userId to authorId, userName to displayName 2021-11-01 01:54:28 -04:00
Richard Hansen
0f47ca9046 chat: Plumb message object end to end 
This will make it possible for future commits to add hooks that allow
plugins to augment chat messages with arbitrary metadata.
 2021-11-01 01:54:28 -04:00
Richard Hansen
f1f4ed7c58 chat: Allow chatNewMessage hook to control rendering 2021-11-01 01:54:28 -04:00
Richard Hansen
2597b940f4 chat: Give chatNewMessage hook access to the raw message object 2021-11-01 01:54:28 -04:00
Richard Hansen
fc5a3f553d chat: Test processing in chatNewMessage hook 2021-11-01 01:54:28 -04:00
Richard Hansen
caac4bf711 chat: Promisify addMessage() 2021-11-01 01:54:28 -04:00
Richard Hansen
3f7f629eeb chat: Scroll down after the chatNewMessage hook finishes 2021-11-01 01:54:28 -04:00
Richard Hansen
195a6bd81b chat: Move click handler setup to init() 2021-11-01 01:54:28 -04:00
Richard Hansen
23037280a8 Pad: Simplify getChatMessages() 2021-11-01 01:54:28 -04:00
Richard Hansen
e471cb12e6 tests: Also spy on initially loaded chat messages 2021-11-01 01:54:28 -04:00
Richard Hansen
66a8c48fac tests: Save the CHAT_MESSAGE payload, not the wrapper 2021-11-01 01:54:28 -04:00
Richard Hansen
c8e0916e1a tests: Spy on socket.io messages as early as possible 2021-11-01 01:54:28 -04:00
Richard Hansen
e28c9ffc97 tests: Support injecting hook functions during pad load 2021-11-01 01:54:28 -04:00
Richard Hansen
c8e544ec8d tests: Fix handling of nullish module definitions 2021-11-01 01:54:28 -04:00
Richard Hansen
9aaf781548 PadMessageHandler: Modernize userLeave hook context properties 2021-10-30 03:07:44 -04:00
Richard Hansen
a6d060d67b PadMessageHandler: Replace clientReady hook with new userJoin hook 2021-10-30 03:07:44 -04:00
Richard Hansen
c98910e1c5 PadMessageHandler: Populate session info as early as possible 2021-10-30 03:07:44 -04:00
Richard Hansen
b7de24c85f PadMessageHandler: Fix readability of duplicate user check 2021-10-30 03:07:44 -04:00
Richard Hansen
00e7b04518 PadMessageHandler: Improve readability of changeset loading 2021-10-30 03:07:44 -04:00
Richard Hansen
50b9e0df1f PadMessageHandler: Use values from session info object 
This is more consistent with the rest of the code, and it provides a
single source of truth.
 2021-10-30 03:07:40 -04:00
Richard Hansen
10e930408c PadMessageHandler: Delete unnecessary CLIENT_READY checks 
The checks are already performed by the security manager.
 2021-10-30 03:06:57 -04:00
Richard Hansen
0992f19570 PadMessageHandler: Improve readability of historical author fetch 2021-10-30 03:06:57 -04:00
Richard Hansen
d36a37d666 PadMessageHandler: Delete unnecessary protocolVersion 
We can assume that the client code is always in sync with what the
server expects.
 2021-10-30 03:06:57 -04:00
Richard Hansen
ce730b0493 PadMessageHandler: Inline createSessionInfoAuth() 
This function is only used once so it doesn't need to be separate.
 2021-10-30 03:06:57 -04:00
Richard Hansen
fa54dc1053 PadMessageHandler: Run the clientReady hook asynchronously 2021-10-30 03:06:57 -04:00
Richard Hansen
5d30e0b1b2 PadMessageHandler: Run the userLeave hook asynchronously 2021-10-30 03:06:57 -04:00
Richard Hansen
f2a118b311 PadMessageHandler: Inline unnecessary variables 
Also delete some unneccessary comments.
 2021-10-30 03:06:15 -04:00
Richard Hansen
7522d76c40 PadMessageHandler: Invert condition to improve readability 2021-10-30 03:03:19 -04:00
Richard Hansen
a3b4d985ac lint: Fix awkward string formatting 2021-10-30 03:03:19 -04:00
Richard Hansen
80e84636d7 pad: Promisify handshake() 2021-10-29 19:38:28 -04:00
Richard Hansen
cd4f5ff281 pad: Defer message handling until handshake completes 2021-10-29 19:37:28 -04:00
Richard Hansen
be0298290d pad: Move post-handshake code to _afterHandshake() 2021-10-29 19:27:33 -04:00
Richard Hansen
9fb754ce3a pad: Initialize pad cookie before starting the handshake 2021-10-29 19:27:33 -04:00
Richard Hansen
f6c5ce606e pad: Move UI setup from handshake() to init() 2021-10-29 19:27:33 -04:00
Richard Hansen
bd44a87388 pad: Unexport unnecessarily exported handshake() function 2021-10-29 19:27:33 -04:00
Richard Hansen
5cbbcbcee6 pad: Simplify reload after .etherpad import 
The old "switch to pad" logic looked buggy, and it complicates pad
initialization. Forcing a refresh after importing an `.etherpad` file
isn't much of a UX downgrade.
 2021-10-29 19:27:33 -04:00
Richard Hansen
e974622561 pad: Use window. to avoid ESLint error 2021-10-29 19:27:33 -04:00
webzwo0i
d8ca3a693d timeslider scrollTo: fixes wrong line number calculation in case there 
are no attribute changes and no length changes
 2021-10-29 02:38:29 -04:00
webzwo0i
9bad1d03d3 importHtml: do not add an useless identity changeset 2021-10-29 02:29:45 -04:00
webzwo0i
f7f5e3dad8 setText: prevent adding useless revision in case the pad text did not 
change
 2021-10-29 02:29:45 -04:00
webzwo0i
63de249236 tests: do not re-add identical text with setText 2021-10-29 02:29:45 -04:00
webzwo0i
668d62fa3f importHtml: avoid race when applying empty document and the import changeset at the same time 2021-10-29 02:29:45 -04:00
snyk-bot
8eb5640cb7 fix: upgrade express-rate-limit from 5.4.0 to 5.4.1 
Snyk has created this PR to upgrade express-rate-limit from 5.4.0 to 5.4.1.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-29 02:25:09 -04:00
snyk-bot
dd8608fe6e fix: upgrade rate-limiter-flexible from 2.3.0 to 2.3.1 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.3.0 to 2.3.1.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-29 02:22:24 -04:00
snyk-bot
cea7eb8ba6
fix: upgrade mime-types from 2.1.32 to 2.1.33 
Snyk has created this PR to upgrade mime-types from 2.1.32 to 2.1.33.

See this package in npm:
https://www.npmjs.com/package/mime-types

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-26 10:12:27 +00:00
snyk-bot
0d67d05b78 fix: upgrade express-rate-limit from 5.3.0 to 5.4.0 
Snyk has created this PR to upgrade express-rate-limit from 5.3.0 to 5.4.0.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-25 19:10:13 -04:00
translatewiki.net
2c15ae6ac9 Localisation updates from https://translatewiki.net. 2021-10-25 13:04:22 +02:00
Richard Hansen
de3dfb5ce2 AttributePool: Add JSDoc comments 2021-10-24 21:18:56 -04:00
Richard Hansen
c98b521539 AttributePool: Use ES6 class syntax 2021-10-24 21:18:56 -04:00
webzwo0i
bbc8b29ffd Changeset: Improve JSDoc comments 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-10-24 21:18:56 -04:00
snyk-bot
2c15e68e4a
fix: upgrade clean-css from 5.2.0 to 5.2.1 
Snyk has created this PR to upgrade clean-css from 5.2.0 to 5.2.1.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-22 07:26:47 +00:00
snyk-bot
41e2ee4848
fix: upgrade rate-limiter-flexible from 2.2.4 to 2.3.0 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.4 to 2.3.0.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-20 08:24:39 +00:00
snyk-bot
ccd7a8d5ff fix: upgrade threads from 1.6.5 to 1.7.0 
Snyk has created this PR to upgrade threads from 1.6.5 to 1.7.0.

See this package in npm:
https://www.npmjs.com/package/threads

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-17 02:32:13 -04:00
snyk-bot
1a008ed6fa
fix: upgrade clean-css from 5.1.5 to 5.2.0 
Snyk has created this PR to upgrade clean-css from 5.1.5 to 5.2.0.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-17 06:17:34 +00:00
Richard Hansen
4f283b64cf tests: easysync: Inline some functions that are only used once 2021-10-17 00:49:34 +02:00
Richard Hansen
e535129f3c tests: easysync: Use expect.js for checks 2021-10-17 00:49:34 +02:00
Richard Hansen
ebb7dfabd7 tests: easysync: Use mocha describe() and it() 2021-10-17 00:49:34 +02:00
Richard Hansen
2c7d0604c3 tests: easysync: Remove unnecessary Random class 2021-10-17 00:49:34 +02:00
Richard Hansen
8dd61f847e tests: easysync: Fix some ESLint errors 2021-10-17 00:49:34 +02:00
Richard Hansen
59a6a9f6a0 tests: easysync: Delete commented-out and unused code 2021-10-17 00:49:34 +02:00
Richard Hansen
428736cdc3 tests: easysync: Run with the frontend tests 2021-10-17 00:49:34 +02:00
snyk-bot
3722d943c7
fix: upgrade terser from 5.8.0 to 5.9.0 
Snyk has created this PR to upgrade terser from 5.8.0 to 5.9.0.

See this package in npm:
https://www.npmjs.com/package/terser

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-13 07:15:16 +00:00
Richard Hansen
0ea6f1518c tests: Remove overly agressive timeouts 2021-10-07 20:31:54 -04:00
Richard Hansen
3a5c44c8f7 /jserror: Enable colors to improve readability 2021-10-07 19:55:02 -04:00
Richard Hansen
629e7d5072 /jserror: Log all of the provided data 2021-10-07 19:55:01 -04:00
Richard Hansen
cb01ae8cbb /jserror: Reject files 2021-10-07 19:55:01 -04:00
Richard Hansen
e909072776 /jserror: Refactor to handle errors better 2021-10-07 19:55:01 -04:00
Richard Hansen
788eb86d84 Ace2Inner: Inline code that is unnecessarily inside an IIFE 2021-10-07 19:53:40 -04:00
Richard Hansen
4890cd8972 Ace2Inner: Delete completed TODO comment 2021-10-07 19:53:40 -04:00
Richard Hansen
a7c78768a1 ExportHelper: Simplify _analyzeLine() a bit 2021-10-07 19:53:40 -04:00
Richard Hansen
d8cbd134d3 PadMessageHandler: Improve readability 2021-10-07 19:53:40 -04:00
Richard Hansen
019e296c4a lint: Fix awkward string formatting 2021-10-07 19:53:40 -04:00
Richard Hansen
044f6543a5 lint: Fix ESLint errors (mostly camelcase warnings) 2021-10-07 19:53:40 -04:00
Richard Hansen
34cfff4e4c Changeset: Delete unused code 2021-10-07 19:53:40 -04:00
Richard Hansen
eb495e9ea2 Changeset: Move out obsolete code 2021-10-07 19:53:40 -04:00
Richard Hansen
2155e216a6 tests: Remove overly agressive timeouts 2021-10-07 19:53:03 -04:00
translatewiki.net
ac3a7191cf Localisation updates from https://translatewiki.net. 2021-10-07 13:03:04 +02:00
Richard Hansen
a7734ddd94 deps: Update ueberdb2 to 1.4.18 
This pulls in newer versions of some database drivers which silences
some `npm audit` security warnings.

This also adds support for PostgreSQL connection strings.
 2021-10-07 03:58:35 -04:00
snyk-bot
ee610027c0
fix: upgrade terser from 5.7.2 to 5.8.0 
Snyk has created this PR to upgrade terser from 5.7.2 to 5.8.0.

See this package in npm:
https://www.npmjs.com/package/terser

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-05 06:23:36 +00:00
Richard Hansen
e8514db365 tests: Replace manual checks with assert 2021-10-03 20:23:30 -04:00
Richard Hansen
72b12bc97b tests: Slight backend test reorganization 
* Delete some useless uses of `describe()`
  * Combine some dependent tests
  * Rename some tests to avoid duplicate names
 2021-10-03 20:06:33 -04:00
Richard Hansen
dd37251da4 tests: Promisify some backend tests 2021-10-03 19:25:50 -04:00
Richard Hansen
39a971e3b9 tests: Remove overly aggressive timeouts 2021-10-03 19:25:50 -04:00
John McLear
c361df52d2 bugfix: Allow selection to start/end before line marker 2021-10-02 02:41:58 -04:00
Richard Hansen
37a33042d2 ace2_inner: Improve rep documentation 2021-10-02 02:10:07 -04:00
Richard Hansen
e42e5457c1 LibreOffice: Improve logging 2021-10-01 03:01:24 -04:00
Richard Hansen
76374bc489 LibreOffice: Close stdin right away 
This should prevent LibreOffice from hanging if it attempts to read
from stdin (it'll get EOF and probably exit with an error instead).
 2021-10-01 03:01:24 -04:00
translatewiki.net
0c31940b09 Localisation updates from https://translatewiki.net. 2021-09-30 13:02:24 +02:00
webzwo0i
4d8ae3475d Changeset: Add documentation for textLinesMutator() 2021-09-30 12:29:24 +02:00
webzwo0i
0de41ee087 adminsettings test: Fix save detection race condition 
Use MutationObserver to detect if a saveProgress event was received,
which will trigger an animation.

Before this, `helper.admin$('#response').is(':visible')` was true
after the page loaded and before clicking the Save button, so there
was a possibility that after clicking Save, but before sending the
socketio message to the server, the visibility is checked and returns
true, so the page gets reloaded before the changed settings have been
saved.
 2021-09-29 23:49:16 -04:00
webzwo0i
bb0ca91dc2 adminupdateplugins test: swap assertions, increase timeout 2021-09-29 23:49:16 -04:00
webzwo0i
91d3974a0d adminsettings test: Be a little stricter for some assertions 2021-09-29 23:46:25 -04:00
webzwo0i
cc6fda6916 adminsettings test: Fix restart detection 
We cannot guarantee that the system time on SauceLabs and Github is in
sync. In case the SauceLabs runner's clock is slow the test would have
failed.
 2021-09-29 23:42:41 -04:00
Hossein
0e311184cf fix: change directory to etherpad root 2021-09-28 19:01:19 -04:00
Richard Hansen
aec619cc0b log4js: Deprecate the logconfig setting 
This will make it possible to upgrade log4js in a future version.
 2021-09-28 04:30:26 -04:00
Richard Hansen
b3b6c94b76 log4js: Initialize as early as possible 2021-09-28 04:30:26 -04:00
Richard Hansen
7653dc650d settings: Use a log4js logger instead of console 2021-09-28 04:30:26 -04:00
Richard Hansen
653dbb3449 tests: Wait for pad init before returning from helper.aNewPad() 
This should make it easier to avoid race conditions.
 2021-09-28 04:18:24 -04:00
Richard Hansen
4d2839457a CSS: Fix underscore and clear authorship icon alignment 2021-09-26 12:07:56 +02:00
snyk-bot
4637b2b729
fix: upgrade js-cookie from 3.0.0 to 3.0.1 
Snyk has created this PR to upgrade js-cookie from 3.0.0 to 3.0.1.

See this package in npm:
https://www.npmjs.com/package/js-cookie

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-09-23 08:10:28 +00:00
Richard Hansen
15f17b5237 tests: Avoid deprecated Builder.withCapabilities() method 2021-09-15 19:42:11 -04:00
Richard Hansen
73cb698ba0 tests: Update selenium-webdriver to 4.0.0-rc-1 2021-09-15 19:40:47 -04:00
Richard Hansen
70c16bb1b5 tests: Check import of export of read-only pad ID 2021-09-15 18:32:06 -04:00
John McLear
b683dc300d tests: Check for leak of read-write pad ID when exporting 2021-09-15 18:32:06 -04:00
Richard Hansen
0f5a4bd1f8 tests: Restructure read-only pad export tests 
This also adds coverage for `.etherpad` exports.
 2021-09-15 18:32:06 -04:00
webzwo0i
dbd76f0c5d export: Don't leak writeable pad ID when exporting 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-09-15 18:32:06 -04:00
webzwo0i
58bd96ce8f padreadonly: Remove dead /ro/:id handling 
Read-only pads are accessed using `/p/` path since commit
ba3430ebb7.
 2021-09-14 17:07:55 -04:00
translatewiki.net
d58b649c76 Localisation updates from https://translatewiki.net. 2021-09-09 13:02:49 +02:00
Richard Hansen
03275ba227 deps: Regenerate src/package-lock.json 2021-09-06 14:47:11 -04:00
Richard Hansen
59ebaa78fd deps: Update src/package.json versions to match lock file 2021-09-06 14:47:11 -04:00
Richard Hansen
ebe05f8e63 deps: Delete unused async-stacktrace dependency 2021-09-06 14:47:11 -04:00
Richard Hansen
bc9cdd6957 SocketIORouter: Add acknowledgement support 2021-09-06 14:45:26 -04:00
Richard Hansen
9f9adb369b SocketIORouter: Don't crash if message handler throws 2021-09-06 14:45:26 -04:00
Richard Hansen
320e5c1109 SocketIORouter: Add unit tests 2021-09-06 14:45:26 -04:00
Richard Hansen
94f71bd5e9 SocketIORouter: Add ability to unregister handler 
This will make it easier to add tests.
 2021-09-06 14:45:26 -04:00
Richard Hansen
2e93fca699 SocketIORouter: Logging improvements 2021-09-06 14:45:26 -04:00
Richard Hansen
b9609a749d SocketIORouter: Rename variables to improve readability 2021-09-06 14:45:26 -04:00
Richard Hansen
4a09000ca6 installDeps.sh: Don't nuke src/node_modules on error 
Rationale:
  * Clearing out `src/node_modules` is unlikely to bring future
    success.
  * If there is an error, it's better to leave the filesystem alone so
    that the user can investigate the cause.
  * Deleting the directory on error is a surprising behavior.
 2021-09-05 19:42:29 -04:00
Richard Hansen
2ba85dba0e installDeps.sh: Handle errors 2021-09-05 19:36:05 -04:00
Richard Hansen
258b8366e2 installDeps.sh: Ensure that ep_etherpad-lite is a directory 2021-09-05 19:31:06 -04:00
Richard Hansen
cf7cf8be69 installDeps.sh: Quote underquoted expansions 2021-09-05 19:28:58 -04:00
Richard Hansen
8b89cb3f6f installDeps.sh: Wrap long lines 2021-09-05 19:24:17 -04:00
Richard Hansen
42e59ff2cd installDeps.sh: Simplify log message 2021-09-05 19:23:01 -04:00
Richard Hansen
348bc0c269 tests: Delete overly aggressive timeouts 
See https://github.com/ether/etherpad-lite/issues/4988 for rationale.
 2021-08-30 02:02:37 -04:00
Richard Hansen
67dfb64095 deps: Bump ueberdb2 to 1.4.15 2021-08-30 01:49:02 -04:00
Richard Hansen
942b686f2d deps: Bump npm to 6.14.15 2021-08-30 01:22:44 -04:00
Richard Hansen
1e20936b5b deps: Bump terser to 5.7.2 2021-08-29 23:37:06 -04:00
Richard Hansen
f5657510be deps: Bump supertest to 6.1.6 2021-08-29 23:37:06 -04:00
Richard Hansen
327989ef0b deps: Bump superagent to 6.1.0 2021-08-29 23:37:06 -04:00
Richard Hansen
96e66aab17 deps: Bump sinon to 11.1.2 2021-08-29 23:37:06 -04:00
Richard Hansen
c33a2682f9 deps: Bump semver to 7.3.5 2021-08-29 23:37:06 -04:00
Richard Hansen
550c7365c2 deps: Bump openapi-backend to 4.2.0 2021-08-29 23:37:06 -04:00
Richard Hansen
529d2f6b7d deps: Bump rehype to 10.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
0accdf0a07 deps: Bump mocha to 9.1.1 2021-08-29 23:37:06 -04:00
Richard Hansen
72b22f7c02 deps: Bump measured-core to 2.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
7db3e4273d deps: Bump jsdom to 17.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
7dbd278d1d deps: Bump js-cookie to 3.0.0 2021-08-29 23:36:48 -04:00
Richard Hansen
ea43c92fe9 deps: Bump etherpad-cli-client to 0.1.12 2021-08-29 20:02:54 -04:00
Richard Hansen
912e72a8ac deps: Bump clean-css to 5.1.5 2021-08-29 19:33:03 -04:00
Richard Hansen
3225abc3c7 deps: Bump eslint to 7.32.0 2021-08-29 19:23:43 -04:00
snyk-bot
cca3ba94f9
fix: upgrade async from 3.2.0 to 3.2.1 
Snyk has created this PR to upgrade async from 3.2.0 to 3.2.1.

See this package in npm:
https://www.npmjs.com/package/async

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-27 07:05:25 +00:00
snyk-bot
3c159ef75e fix: upgrade wtfnode from 0.9.0 to 0.9.1 
Snyk has created this PR to upgrade wtfnode from 0.9.0 to 0.9.1.

See this package in npm:
https://www.npmjs.com/package/wtfnode

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-25 20:34:55 -04:00
Richard Hansen
0d65dc8a44 pad: Add clientVars to postAceInit hook context 
This allows plugins to avoid the `clientVars` global variable.
 2021-08-25 14:59:17 -04:00
translatewiki.net
b683cdfe0f Localisation updates from https://translatewiki.net. 2021-08-23 13:03:03 +02:00
snyk-bot
f08a443497 fix: upgrade rate-limiter-flexible from 2.2.3 to 2.2.4 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.3 to 2.2.4.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-19 20:46:38 -04:00
snyk-bot
05182d1d30
fix: upgrade mime-types from 2.1.31 to 2.1.32 
Snyk has created this PR to upgrade mime-types from 2.1.31 to 2.1.32.

See this package in npm:
https://www.npmjs.com/package/mime-types

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-19 07:35:17 +00:00
Richard Hansen
fed950e809 ace2_inner: Simplify handler for Ctrl-@ (show authors) 2021-08-16 00:34:30 -04:00
Richard Hansen
88057eade2 ace2_inner: Readability improvements 2021-08-16 00:34:30 -04:00
Richard Hansen
bc6428025a ace2_inner: Use for..of iteration to improve readability 2021-08-16 00:34:30 -04:00
Richard Hansen
f06307cb4c ace2_inner: Fix for..in iteration 
See commit c38c34bef4.
 2021-08-16 00:34:30 -04:00
Richard Hansen
2d50a8aa95 ace2_inner: Fix efficiency of rangeForLine() 
Returning `true` or `false` has no effect when iterating using
`Array.prototype.forEach`. This fixes a bug introduced in commit
b28bfe8e31.
 2021-08-16 00:34:30 -04:00
Richard Hansen
ca2e008e7b ace2_inner: Move variable declarations to appropriate scope 2021-08-16 00:34:30 -04:00
Richard Hansen
bf10e70f2e ace2_inner: Delete unnecessary currentLine variable 2021-08-16 00:34:30 -04:00
Richard Hansen
9fc613d362 ace2_inner: Delete unnecessary checks 2021-08-16 00:34:30 -04:00
Richard Hansen
a5f9c60a34 ace2_inner: Operate on Elements, not Nodes 2021-08-16 00:34:30 -04:00
Richard Hansen
aad75e4661 ace2_inner: Factor out duplicate line number div creation 2021-08-16 00:34:30 -04:00
Richard Hansen
3237f8d123 ace2_inner: Simplify iteration over line number divs 2021-08-16 00:34:30 -04:00
Richard Hansen
b238d9610a ace2_inner: Factor out duplicate line height application 2021-08-16 00:34:30 -04:00
Richard Hansen
1b890e3d4d ace2_inner: Replace lineNumbersShown with number of children 2021-08-16 00:34:30 -04:00
Richard Hansen
27363bf729 ace2_inner: Add line number divs directly, not via fragment 
There's no layout thrashing so the fragment doesn't provide any
benefit.
 2021-08-16 00:34:30 -04:00
Richard Hansen
e1a024847c ace2_inner: Delete unnecessary innerdocbody variable 2021-08-16 00:34:30 -04:00
Richard Hansen
7d807d2fc5 ace2_inner: Delete unnecessary container variable 2021-08-16 00:34:30 -04:00
Richard Hansen
4b4584c264 ace2_inner: Delete unnecessary doc and root variables 2021-08-16 00:34:25 -04:00
Richard Hansen
ec63c15a40 ace2_inner: Simplify document body selection 2021-08-16 00:31:09 -04:00
Richard Hansen
11c86e677a ace2_inner: Consistently use outerWin and outerDoc 2021-08-16 00:31:09 -04:00
Richard Hansen
98c1ba5808 ace2_inner: Use destructuring assignment to simplify 2021-08-16 00:31:09 -04:00
Richard Hansen
c7be4f9d2d ace2_inner: Move sidedivinner creation to ace.js 2021-08-16 00:31:09 -04:00
Richard Hansen
15b1d4cb75 ace2_inner: Build sidedivinner programmatically 2021-08-16 00:31:09 -04:00
Richard Hansen
b80295c228 ace2_inner: Combine declaration and initialization 2021-08-16 00:31:09 -04:00
Richard Hansen
7a8edc816b ace2_inner: Replace initLineNumbers() with an IIFE 2021-08-16 00:31:09 -04:00
Richard Hansen
b5bfff43cf ace2_inner: Delete redundant class assignment 2021-08-16 00:31:08 -04:00
Richard Hansen
e581ee01f2 ace2_inner: Formatting improvements 2021-08-16 00:30:50 -04:00
Richard Hansen
0ca5a3459f Timeslider: Install an error handler 2021-08-14 07:44:05 -04:00
Richard Hansen
1e22e0102d Timeslider: Move <title> and <script> inside <head> 2021-08-14 07:44:05 -04:00
Richard Hansen
b6fba9d66d Pad: Improve page load error handler 
* Install the error handler early.
  * Include stack trace.
  * Remove unnecessary escaping.
  * Improve formatting.
  * Move to a separate script file.
 2021-08-14 07:44:05 -04:00
Richard Hansen
d4e74fd038 Pad: Add missing <head> and <body> tags 
The comment "head and body had been removed intentionally" implies
that the tags were causing some sort of problem, but the commit that
removed them (57075d1545) didn't provide
any rationale. I'm assuming it was a mistake.
 2021-08-14 07:44:05 -04:00
Richard Hansen
4a1f21ce34 pad_editbar: Convert snake case to camel case 2021-08-14 07:26:31 -04:00
Richard Hansen
5478d2ce60 pad_editbar: Use ES6 class syntax for readability 2021-08-14 07:26:31 -04:00
Richard Hansen
97ccf9e082 pad_editbar: Factor out duplicate code 2021-08-14 07:08:57 -04:00
Richard Hansen
ee41de4809 pad_editbar: Deprecate the toggleDropDown callback 2021-08-14 07:08:57 -04:00
Richard Hansen
c629ee09a8 pad_editbar: Call the callback asynchronously 
This follows JavaScript best practices.
 2021-08-14 07:08:57 -04:00
Richard Hansen
148e10821b pad_editbar: Always call the callback 2021-08-14 07:08:57 -04:00
Richard Hansen
07e05a92eb pad_editbar: Call the callback after all work is done 2021-08-14 07:08:57 -04:00
Richard Hansen
a1b924f746 pad_editbar: Don't pass a callback to toggleDropDown() 
The function is synchronous so there's no point.
 2021-08-14 07:08:57 -04:00
Richard Hansen
59d6a8b321 pad_editbar: Delete unnecessary returned variable 2021-08-14 07:01:50 -04:00
Richard Hansen
a4652d67a0 pad_editbar: Move commands up for readability 2021-08-14 07:01:50 -04:00
Richard Hansen
fda34407f9 pad_editbar: Move dropdowns initialization to constructor 
This avoids null dereference if a buggy caller calls
`toggleDropDown('none')` before `init()`. (Ideally the caller would be
fixed, but this is not always feasible.)
 2021-08-14 07:01:34 -04:00
Richard Hansen
42b0b1bf00 pad_editbar: Move syncAnimation out of padeditbar IIFE 
This avoids the need for an IIFE.
 2021-08-14 07:01:13 -04:00
Richard Hansen
ee996f530f pad_editbar: Remove unnecessary syncAnimationFn variable 2021-08-14 07:01:13 -04:00
Richard Hansen
4b4eef5f4a pad_editbar: Convert registerDefaultCommands() into a method 2021-08-14 07:01:13 -04:00
Richard Hansen
0d4f147349 pad_editbar: Simplify iteration 2021-08-14 07:01:13 -04:00
Richard Hansen
11faf6104a pad_editbar: Convert bodyKeyEvent() into a method 2021-08-14 07:01:13 -04:00
Richard Hansen
b2fe6e3e7e pad_editbar: Fix invalid use of this 2021-08-14 07:01:12 -04:00
Richard Hansen
b884628a5a pad_editbar: Use arrow functions for callbacks, IIFEs 2021-08-14 07:01:12 -04:00
Richard Hansen
bdaa66c346 pad_editbar: Use this instead of self 2021-08-14 07:01:12 -04:00
Richard Hansen
118c66e5d0 HTML import: Improve log message for invalid HTML 2021-08-12 13:53:23 -04:00
Richard Hansen
c816c20bc7 HTML import: Replace cheerio with jsdom to simplify contentcollector 
Cheerio provides jQuery-like objects but they wrap DOM Node-like
objects that are not 100% API compatible with the DOM spec. Because of
this, contentcollector, which is used in browsers and in Node.js
during HTML import, has until now needed to support two different
APIs. This commit modifies HTML import to use jsdom instead of cheerio
and simplifies contentcollector.
 2021-08-12 13:53:23 -04:00
Volker Bijewitz
84d6d277d7 Accessibility fix for JAWS screen readers 
ace.js: removed the role 'application' from innerDocument.body. JAWS
do not read any text from the edit lines if this role is set.

domline.createDomLine: to give JAWS the ability to read the lines
correctly, it is required to set the attribute 'aria-live' to
'assertive'.
 2021-08-12 13:48:08 -04:00
Richard Hansen
15995acc2a deps: Bump require-kernel and yajsml 
This brings improvements to the readability of stack traces,
especially in Firefox.
 2021-08-09 19:04:42 -04:00
translatewiki.net
9eadd9988f Localisation updates from https://translatewiki.net. 2021-08-09 13:03:33 +02:00
snyk-bot
33a43b7082 fix: upgrade rate-limiter-flexible from 2.2.2 to 2.2.3 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.2 to 2.2.3.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-02 20:43:44 -04:00
translatewiki.net
fd4fb8874e Localisation updates from https://translatewiki.net. 2021-08-02 13:02:54 +02:00
webzwo0i
e61888dfe2 ace.js: Don't use srcdoc when creating iframes (see #4975) 
Using srcdoc, especially with multiple nested iframes, seems to be
problematic when using `self` in CSP policies.
 2021-07-30 03:51:57 -04:00
Richard Hansen
9fda5adcef ace2_inner.js: Improve discovery of sidediv and linemetricsdiv 
The `Node.nextSibling` property returns the next Node, not the next
Element. If whitespace, an HTML comment, or any other type of
non-Element Node is ever introduced between the Elements then
`.nextSibling` no longer returns the desired Element. Switching to
`Element.nextElementSibling` would work, but finding the Elements by
ID is more readable and future-proof.
 2021-07-30 03:51:56 -04:00
Richard Hansen
0c963a817a ace2_inner.js: Delete unnecessary ace_outerWin variable 2021-07-30 03:51:56 -04:00
Richard Hansen
8d869ec927 Pad: Delete non-functional debug logging facility 2021-07-30 03:50:23 -04:00
Richard Hansen
5d39a57507 Pad: Delete dead ace_getFormattedCode() 2021-07-30 03:49:35 -04:00
Richard Hansen
c3af70e5a5 deps: Bump ueberdb2 to 1.4.13 2021-07-30 03:48:36 -04:00
translatewiki.net
2dbcd00dc6 Localisation updates from https://translatewiki.net. 2021-07-29 13:03:26 +02:00
translatewiki.net
a9c6ed8701 Localisation updates from https://translatewiki.net. 2021-07-26 13:03:49 +02:00
Richard Hansen
d723270388 tests: Improve readability of multipleUsers.js 
* Define utility functions above their use to silence lint warnings.
  * Use `.css()` instead of `.attr('style')` to manipulate style.
  * Pass an object to `.attr()` rather than call once per attribute.
  * Take advantage of chaining.
  * Inline unnecessary `padUrl` variable.
  * Delete some unnecessary comments.
 2021-07-25 02:23:50 +02:00
Richard Hansen
ff39eeafca tests: Factor out duplicate getFrameJQuery() 2021-07-25 02:23:50 +02:00
Richard Hansen
42026ff771 tests: Add a comment explaining why Promise.all() is not used 2021-07-25 02:23:50 +02:00
Richard Hansen
01184cd1aa tests: Remove unnecessary includeJquery parameter 2021-07-25 02:23:50 +02:00
snyk-bot
4a670e96ab
fix: upgrade express-rate-limit from 5.2.6 to 5.3.0 
Snyk has created this PR to upgrade express-rate-limit from 5.2.6 to 5.3.0.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-07-23 04:22:23 +00:00
Richard Hansen
c83bb058d1 PadMessageHandler: Fix stats null dereference 
It is possible for the stats to be read before the
`expressCreateServer` hook is called (in particular: when there is an
error during startup), which is when the `socketio` variable is set.
Check for non-null `socketio` before attempting to count the number of
socket.io connections.
 2021-07-22 13:07:03 -04:00
translatewiki.net
3d80409236 Localisation updates from https://translatewiki.net. 2021-07-22 13:03:00 +02:00
webzwo0i
62093adce5 tests: refactor inclusion of jquery and sendkeys via script tags 
Readability is increased by explicitly checking if jquery/sendkeys was
already loaded before evaluating it in the context of ace_inner and the
enclosing container (pad.html). Note that sendkeys is no longer
evaluated in the context of ace_outer, as this isn't needed

Also removes some IE 8/9 legacy code
 2021-07-21 01:53:05 +02:00
Richard Hansen
4ceb3ca4c8 Chat: Allow Shift-Enter to insert a newline 2021-07-19 23:44:33 +02:00
Richard Hansen
cf86ae8b63 Chat: Use KeyboardEvent.key instead of deprecated .which 2021-07-19 23:44:33 +02:00
Richard Hansen
faf84f0143 Chat: Display whitespace in chat messages 2021-07-19 23:44:33 +02:00
Richard Hansen
834e05fc9c Chat: Use a <textarea> for message input 2021-07-19 23:44:33 +02:00
Richard Hansen
ce5ef9350f tests: sendkeys: Fix {enter} keypress event 2021-07-19 23:44:33 +02:00
translatewiki.net
c6f643dd75 Localisation updates from https://translatewiki.net. 2021-07-19 13:02:46 +02:00
Xavier Mehrenberger
ca4cc2d7c0 Fix settings.useMonospaceFontGlobal 
When settings.useMonospaceFontGlobal is set to `true`, it sets the default
font to 'monospace'. This font seems to have been removed in
a5164dad43.

This commit sets the default font to "RobotoMono" which is a valid
option.

Tested in a Docker environment, setting `PAD_OPTIONS_USE_MONOSPACE_FONT`
to `true`

Signed-off-by: Xavier Mehrenberger <xavier.mehrenberger@gmail.com>
 2021-07-14 04:33:38 -04:00
Richard Hansen
336d48add7 Add support for square brackets in URLs 
This reverts commit 9022877cc6.
 2021-07-10 22:22:31 -04:00
Richard Hansen
09f8ffbdb6 deps: Bump ueberdb2 to 1.4.11 2021-07-10 18:26:31 -04:00
Richard Hansen
5f39a1ee7f CSS: Underline links in error dialogs 
Underlining was removed for unknown reasons by commit
d872b42e31.
 2021-07-09 18:43:13 -04:00
webzwo0i
a634bd8ee1 bump version 2021-07-04 07:05:34 +02:00
translatewiki.net
197e04ecd7 Localisation updates from https://translatewiki.net. 2021-07-01 13:42:31 +02:00
Richard Hansen
3d40ab7e8c CSS: Move author color padding to setAuthorStyle() 
This prevents the padding from clashing with plugins that use the
`aceSetAuthorStyle` hook.
 2021-06-22 14:43:22 -04:00
translatewiki.net
2745557127 Localisation updates from https://translatewiki.net. 2021-06-21 12:28:27 +02:00
Richard Hansen
9fcd86b3cd Pad: Fix <script> elements in aceInitInnerdocbodyHead hook 
Using `.innerHTML` to create a `<script>` element does create a DOM
node, but the script is not actually executed. Fortunately, creating a
DocumentFragment does cause the script to execute.
 2021-06-18 17:50:15 -04:00
Richard Hansen
7bdd0f2f09 bin/updatePlugins.sh: Many refinements 
* cd to top-level Etherpad directory is now more robust.
  * Only attempt to update packages whose names begin with `ep_`.
  * Don't create `package-lock.json`.
  * Improve logging.
  * Improve error handling.
 2021-06-18 04:34:37 -04:00
Richard Hansen
4b3e47bd23 bin/importSqlFile.js: Read the file one line at a time 
This avoids running out of memory if the file is large.
 2021-06-17 19:45:17 -04:00
webzwo0i
485538bd79 bump wtfnode to fix #5078 2021-06-17 06:14:45 +02:00
Richard Hansen
251cc7ab32 CSS: Fix button icon centering 2021-06-16 18:27:52 -04:00
Richard Hansen
53cca5a743 PadMessageHandler: Also send USER_NEWINFO messages on reconnect 
Now the user list is correct after a reconnect. This also allows
ep_webrtc to automatically recover after a temporary network glitch.
 2021-06-16 01:35:25 -04:00
Richard Hansen
7ca336c28e lint: Update eslint-config-etherpad and friends 2021-06-14 23:17:17 +02:00
Richard Hansen
ef1ba21104 deps: Drop support for Node.js < 12.13.0 2021-06-14 23:17:17 +02:00
webzwo0i
66ee9c5ef9 update package-lock 2021-06-14 13:21:48 -04:00
Richard Hansen
5dcb7a7549 tests: Don't attempt to wrap non-functions 2021-06-14 13:45:13 +02:00
Richard Hansen
081b97c41d tests: Wrap more Mocha functions 2021-06-14 13:45:13 +02:00
Richard Hansen
3e4df68510 tests: Enable fake webcam on Microsoft Edge 2021-06-10 15:36:35 -04:00
Richard Hansen
565b1c5271 tests: Fix flexbox grow/shrink factors 
* Make sure the `#mocha-report` div grows to fill the available
    vertical space.
  * Prevent the "Loading frontend test specs..." div from shrinking.
 2021-06-10 13:28:55 -04:00
Richard Hansen
acd11c3948 tests: Fetch frontend test specs in parallel 2021-06-09 20:28:03 -04:00
Richard Hansen
36d2af5318 tests: Display frontend spec loading progress 2021-06-09 20:18:22 -04:00
Richard Hansen
e0ae997501 tests: Don't auto-scroll Mocha results if user scrolls up 2021-06-09 18:48:31 -04:00
Richard Hansen
f5046f4b18 tests: Keep the #mocha-stats div visible 2021-06-09 18:48:31 -04:00
snyk-bot
ea4500ef64
fix: upgrade express-session from 1.17.1 to 1.17.2 
Snyk has created this PR to upgrade express-session from 1.17.1 to 1.17.2.

See this package in npm:
https://www.npmjs.com/package/express-session

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-06-09 22:13:02 +00:00
translatewiki.net
28f2acf98a Localisation updates from https://translatewiki.net. 2021-06-07 14:48:08 +02:00
Richard Hansen
cccabf45b8 pad: Move error message to the top of the gritter box 2021-06-06 21:31:49 -04:00
Richard Hansen
b2e94685fb pad: Display error name in the gritter box 2021-06-06 21:31:40 -04:00
Richard Hansen
63a5dc6599 tests: Configure Firefox to use fake webcam 
This makes it possible to test ep_webrtc in Firefox.
 2021-06-06 16:53:51 -04:00
Richard Hansen
8f0d70312d tests: Also pass --use-fake-ui-for-media-stream to Chrome 
For testing ep_webrtc.
 2021-06-06 16:25:27 -04:00
Richard Hansen
752e2488af tests: Migrate from wd to selenium-webdriver 2021-06-06 16:23:56 -04:00
Richard Hansen
1756415495 tests: Avoid jQuery when reading Mocha output 2021-06-06 16:20:13 -04:00
Richard Hansen
6c2f31a5cb tests: Add tests for settings.json parsing 2021-06-06 14:00:52 -04:00
Richard Hansen
428f8d1684 Settings: Deprecate null as the default default value 2021-06-06 14:00:52 -04:00
Richard Hansen
c7bb18c6da Settings: Support null and undefined env var substitutions 2021-06-06 14:00:51 -04:00
Richard Hansen
299dbbe7e6 tests: Move split-grid to dev dependencies 
This is only used for testing.
 2021-06-06 06:45:00 -04:00
Richard Hansen
45ca82fd9f tests: Make the Mocha results area resizable 2021-06-05 03:51:55 -04:00
Richard Hansen
c4239b6059 tests: Show a scrollbar if the pad is too wide 2021-06-05 03:51:11 -04:00
Richard Hansen
fc3b811726 tests: Move iframe min width to iframe selector 2021-06-05 03:51:11 -04:00
Richard Hansen
960c2c0c0d tests: Tweak mocha report spacing 2021-06-05 03:51:11 -04:00
Richard Hansen
b09b895ac7 tests: Remove border around iframe 2021-06-05 03:51:11 -04:00
Richard Hansen
e9f08bdd11 tests: Fix frontend test CSS selectors 2021-06-05 03:51:11 -04:00
Richard Hansen
76634eb6ff tests: Add missing <head> and <body> tags 2021-06-05 03:51:11 -04:00
Richard Hansen
d9782ac628 tests: Send frontend test spec list as JSON 2021-06-05 03:51:06 -04:00
Richard Hansen
20df34bb67 tests: Promisify helper.init() 2021-06-05 03:50:36 -04:00
Richard Hansen
c714ff1014 tests: Let Express handle errors when serving frontendTestSpecs.js 
Express v4.x doesn't understand Promises so we have to manually catch
Promise rejections and pass the error object to `next()`.
 2021-06-05 03:50:36 -04:00
Richard Hansen
e4f011df76 tests: Use require() to load frontend test specs 
This makes core and plugin tests consistent with each other, makes it
possible to `require()` relative paths in spec files, simplifies the
code somewhat, and should make it easier to move away from
require-kernel.

Also:
  * Wrap plugin tests inside a `describe()` that contains the plugin
    name to make it easier to grep for a plugin's tests and for
    consistency with core tests.
  * Add "<core>" to the core test descriptions to make it easier to
    distinguish them from plugin tests.
 2021-06-05 03:50:26 -04:00
Richard Hansen
d8eb79428f tests: Recurse under frontend spec dir 2021-06-05 03:49:13 -04:00
Richard Hansen
5d54c1657a tests: Redirect /tests/frontend/index.html to /tests/frontend/ 2021-06-05 03:49:12 -04:00
Richard Hansen
712b8c5769 tests: Redirect /tests/frontend to /tests/frontend/ 2021-06-05 03:49:12 -04:00
Richard Hansen
573da027e5 tests: Preserve query string when redirecting 2021-06-05 03:49:12 -04:00
Richard Hansen
9cba96e5e9 tests: Use relative paths for scripts 2021-06-05 03:49:12 -04:00
Richard Hansen
e144434571 tests: Use relative paths in helper.init() 
This avoids problems if Etherpad is served under a path like
`/etherpad`.
 2021-06-05 03:49:12 -04:00
Richard Hansen
dfd649dbe9 tests: Use a relative redirect for /tests/frontend 
This avoids problems if Etherpad is served under a path like
`/etherpad`.
 2021-06-03 15:10:23 -04:00
Richard Hansen
617267ce71 tests: Use plugin_defs to get plugin frontend test spec paths 2021-06-03 15:10:23 -04:00
Richard Hansen
1b7b96f57e tests: Avoid deprecated fs.existsSync() 2021-06-03 15:10:23 -04:00
Richard Hansen
ab824c728f tests: Move slashes to improve readability 2021-06-03 15:10:22 -04:00
Richard Hansen
1516bf473f tests: Delete unnecessary staticDir variable 2021-06-03 15:10:22 -04:00
Richard Hansen
d69345bb4e tests: Use map+reduce to improve readability 2021-06-03 15:10:22 -04:00
Richard Hansen
a8e77126e8 tests: Combine .map().filter().map() into single .map() 2021-06-03 15:10:22 -04:00
Richard Hansen
2414203434 tests: Remove unnecessary return 2021-06-03 15:10:22 -04:00
Richard Hansen
0852df74f1 tests: Unexport unnecessarily exported functions 2021-06-03 15:10:22 -04:00
Richard Hansen
ed44449639 tests: Pretty-print frontendTestSpecs.js to make troubleshooting easier 2021-06-03 15:10:22 -04:00
Richard Hansen
4fa9f9e9d8 tests: Use window.foo instead of var foo 2021-06-03 15:10:22 -04:00
Richard Hansen
aea2fb7448 tests: Rename specs_list to frontendTestSpecs 2021-06-03 15:10:22 -04:00
Richard Hansen
1be1b704f1 tests: Simplify iteration over frontend test specs 2021-06-03 15:10:22 -04:00
Richard Hansen
b85a040f13 tests: Reuse sanitizePathname when serving frontend specs 2021-06-03 15:10:22 -04:00
Richard Hansen
ade17490e0 tests: Combine frontend test file handlers 2021-06-03 15:10:22 -04:00
Richard Hansen
995e381243 tests: Only wrap *.js files in describe() 2021-06-03 15:10:22 -04:00
Richard Hansen
e1c2c963f0 tests: URL decode test spec pathnames 
Express automatically URL decodes route parameters.
 2021-06-03 15:10:22 -04:00
Richard Hansen
998e77ec25 tests: Switch to promisified readFile 2021-06-03 15:10:22 -04:00
Richard Hansen
6cf27a7133 tests: Use fs.promises instead of wrapping with util.promisify 2021-06-03 15:10:22 -04:00
Richard Hansen
f00f9aa14c tests: Avoid .then() inside async functions 2021-06-03 15:10:22 -04:00
Richard Hansen
d87b4e0c20 tests: Use async/await instead of returning Promises 
This makes stack traces more useful.
 2021-06-03 15:10:21 -04:00
Richard Hansen
0d9476529e sanitizePathname: Move to separate module to facilitate reuse 2021-06-03 15:10:21 -04:00
Richard Hansen
926da57e34 Minify: Refine sanitizePathname to avoid pathname traversal 2021-06-03 15:10:21 -04:00
translatewiki.net
3bca85286b Localisation updates from https://translatewiki.net. 2021-06-03 15:12:59 +02:00
translatewiki.net
8f63671ea9 Localisation updates from https://translatewiki.net. 2021-05-31 10:02:43 +02:00
translatewiki.net
a04089636c Localisation updates from https://translatewiki.net. 2021-05-27 15:37:31 +02:00
translatewiki.net
c426e939d1 Localisation updates from https://translatewiki.net. 2021-05-24 14:00:35 +02:00
Richard Hansen
6f2f20233f lint: Fix straightforward ESLint errors 2021-05-12 11:26:35 +02:00
Richard Hansen
59c03bde20 lint: Re-run eslint --fix 2021-05-12 11:26:35 +02:00
Richard Hansen
30eadad79d lint: Bump ESLint dependencies 2021-05-12 11:26:35 +02:00
webzwo0i
24929d3417 package.json: bump npm from 6.14.11 to 6.14.13 2021-05-07 14:58:57 +02:00
webzwo0i
10f00906f8 update package-lock.json 2021-05-07 14:58:57 +02:00
snyk-bot
ff245dbbeb fix: upgrade underscore from 1.13.0 to 1.13.1 
Snyk has created this PR to upgrade underscore from 1.13.0 to 1.13.1.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-05-07 14:27:30 +02:00
translatewiki.net
4701cc43fa Localisation updates from https://translatewiki.net. 2021-05-07 10:50:38 +02:00
Richard Hansen
b040ebf419 Revert "PadMessageHandler: Use a Map for sessioninfos" 
Switching to a Map broke ep_webrtc and maybe other plugins.

This reverts commit eeead46437.
 2021-05-05 18:09:10 -04:00
webzwo0i
3c087af038 caretPosition: fix loading when iframe is hidden 2021-05-04 23:56:13 +02:00
Richard Hansen
8baacd514e remote_runner: Always call browser.quit() 2021-05-03 01:48:08 -04:00
Richard Hansen
081f739a8d remote_runner: Update browser list 
Use latest versions of Chrome, Firefox, Safari, and Edge. Keep the old
Chrome version.
 2021-05-03 01:48:08 -04:00
Richard Hansen
a7cd0a4b25 remote_runner: Avoid re-sending the same console text over and over 2021-05-03 01:48:08 -04:00
Richard Hansen
25275f2744 remote_runner: Treat no text as 0 lines, not 1 empty line 2021-05-03 01:48:08 -04:00
Richard Hansen
a17556b876 remote_runner: Avoid searching the full text for "FINISHED" 2021-05-03 01:48:08 -04:00
Richard Hansen
3409e3f5e6 remote_runner: Prevent Sauce errors from interrupting other tests 2021-05-03 01:48:08 -04:00
Richard Hansen
68b041c4fb remote_runner: Use newline instead of backslash n 2021-05-03 01:48:08 -04:00
Richard Hansen
713e57b451 remote_runner: Don't break long lines 
Breaking lines makes it harder to read and search the test output.
 2021-05-03 01:48:08 -04:00
Richard Hansen
7d75e0ef8f remote_runner: Simplify append() 2021-05-03 01:48:08 -04:00
Richard Hansen
bbb3046a87 remote_runner: Promisify 2021-05-03 01:48:08 -04:00
Richard Hansen
9059a55873 remote_runner: Improve readability of timeout duration 2021-05-03 01:48:08 -04:00
Richard Hansen
c803ec81f1 remote_runner: Handle webdriver errors 2021-05-03 01:48:08 -04:00
Richard Hansen
7f57b17b2e remote_runner: Use Error objects to convey pass/fail 2021-05-03 01:48:08 -04:00
Richard Hansen
4ec02a9af9 remote_runner: Simplify finished test check 2021-05-03 01:48:08 -04:00
Richard Hansen
b0e367a982 remote_runner: Simplify logging of console text 2021-05-03 01:48:08 -04:00
Richard Hansen
08856fe42e remote_runner: Move logIndex updates into printLog() 2021-05-03 01:48:08 -04:00
Richard Hansen
a12c475776 remote_runner: Use an options object to create webdriver object 2021-05-03 01:48:08 -04:00
Richard Hansen
925f789d4c remote_runner: Simplify logging 2021-05-03 01:48:08 -04:00
Richard Hansen
014e19cf7d remote_runner: await each browser test 2021-05-03 01:48:07 -04:00
Richard Hansen
1f3a831cc3 remote_runner: Avoid duplication in task list 2021-05-03 01:48:07 -04:00
Richard Hansen
59be8d5c05 remote_runner: Delete commented-out browsers 
Also delete useless and incorrect browser comments.
 2021-05-03 01:48:07 -04:00
Richard Hansen
a58fa4a2c5 tests: Add tests for SkipList.atOffset() 2021-05-03 01:42:03 -04:00
Richard Hansen
c00031a8d8 skiplist: Use Map.size to get number of nodes 2021-05-03 01:42:03 -04:00
Richard Hansen
1cdfe9193b skiplist: Convert _keyToNodeMap to a Map object 2021-05-03 01:42:03 -04:00
Richard Hansen
e2eb7327c2 skiplist: Sanity check inserted entries 2021-05-03 01:42:03 -04:00
Richard Hansen
9e2ef6ad5b skiplist: Move propagateWidthChange() to Node class 2021-05-03 01:42:03 -04:00
Richard Hansen
fc103e7f2a skiplist: Define a new Node class 2021-05-03 01:42:03 -04:00
Richard Hansen
9fc88f3601 skiplist: Convert point operations into Point methods 2021-05-03 01:42:03 -04:00
Richard Hansen
3c1be95e07 skiplist: Move point creation to a new Point class 2021-05-03 01:42:03 -04:00
Richard Hansen
8ae40e80f9 skiplist: Save entry in _insertKeyAtPoint() 2021-05-03 01:42:03 -04:00
Richard Hansen
0e424fa8c3 skiplist: Remove unnecessary newKey arg from _insertKeyAtPoint() 2021-05-03 01:42:03 -04:00
Richard Hansen
ab8c354f18 skiplist: Use ES6 class syntax 
This makess it easier to examine state in dev console.
 2021-05-03 01:42:03 -04:00
Richard Hansen
303fd297bd editor: Improve documentation comments 2021-05-03 01:42:03 -04:00
Richard Hansen
cbbcef8e90 AttributeManager: Add sanity checks 2021-05-03 01:42:03 -04:00
Richard Hansen
d40d59d9eb AttributeManager: Simplify logic 2021-05-03 01:42:03 -04:00
Richard Hansen
e3d32a26b6 skiplist: Delete unused methods 2021-05-03 01:42:03 -04:00
Richard Hansen
f650c3d73e editor: Delete unused PROFILER code 2021-05-03 01:42:03 -04:00
Richard Hansen
ab4e99f67a editor: Delete commented-out code 2021-05-03 01:42:03 -04:00
Richard Hansen
eeead46437 PadMessageHandler: Use a Map for sessioninfos 
Maps are a bit more flexible, have clearer semantics, and have a
convenient `size` property.
 2021-05-03 01:35:11 -04:00
Richard Hansen
14d4aadfe4 PadMessageHandler: Parallelize client updates 
Multiple clients are updated in parallel, but multiple revisions sent
to a particular client are still sent sequentially.
 2021-05-03 01:35:11 -04:00
Richard Hansen
770755debf PadMessageHandler: Assume sessioninfo stays valid during client update 
...but add a try/catch around the message transmission just in case.
 2021-05-03 01:35:11 -04:00
Richard Hansen
c85391862b PadMessageHandler: Avoid unnecessary property lookups 2021-05-03 01:35:11 -04:00
Richard Hansen
d5c6a44d9c PadMessageHandler: Improve documentation of sessioninfos 2021-05-03 01:35:11 -04:00
Richard Hansen
4c4415e14a PadMessageHandler: Register activePads metric only once 2021-05-03 01:35:11 -04:00
snyk-bot
6011d31b22 fix: upgrade underscore from 1.12.1 to 1.13.0 
Snyk has created this PR to upgrade underscore from 1.12.1 to 1.13.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-05-03 01:31:53 -04:00
Richard Hansen
8f236b8687 Minify: Avoid crash due to unhandled Promise rejection if stat fails 2021-05-03 01:26:49 -04:00
Richard Hansen
e8df643d75 Minify: Treat ENOTDIR like ENOENT when statting a file 
This avoids an exception when require-kernel requests a path like
`existing-file.js/index.js`.
 2021-05-03 01:26:48 -04:00
Richard Hansen
aaacbd3a7a Minify: Refactor requestURI() for readability 2021-05-03 01:26:48 -04:00
translatewiki.net
3a8d66ba6a Localisation updates from https://translatewiki.net. 2021-04-30 08:49:17 +02:00
translatewiki.net
3afc77dae7 Localisation updates from https://translatewiki.net. 2021-04-26 15:20:55 +02:00
Richard Hansen
8384a7a67b deps: Bump ueberdb2 2021-04-20 21:56:44 +02:00
Richard Hansen
ea8846154f favicon: Redo favicon customization 2021-04-20 13:33:55 -04:00
Richard Hansen
92e0bff80c favicon: Refactor handler and add tests 2021-04-20 13:33:55 -04:00
Richard Hansen
d0d4b95980 favicon: Only serve from /favicon.ico 2021-04-20 13:33:54 -04:00
webzwo0i
3a5af19492 AuthorManager: await for more db methods 2021-04-20 11:27:44 -04:00
webzwo0i
35797e57fc AuthorManager: await db.set in createAuthor 2021-04-20 11:27:44 -04:00
webzwo0i
20c512c8a9 test for await db.set in createAuthor 2021-04-20 11:27:43 -04:00
Chocobozzz
a001a13411 fix(perf): Disable wtfnode dump by default 
Consumes a lot of CPU so it's better to enable it on purpose
 2021-04-13 16:01:41 +02:00
Richard Hansen
951d369e3f padaccess: Delete useless try/catch 2021-04-12 22:51:06 -04:00
Richard Hansen
329d037431 Simplify read-only pad ID checks 2021-04-12 22:51:06 -04:00
Richard Hansen
f63610bb12 tests: Test access bypass via read-only pad ID 2021-04-12 22:51:06 -04:00
pcworld
3c71e8983b Fix read only pad access with authentication 
Before this commit, webaccess.checkAccess saved the authorization in
user.padAuthorizations[padId] with padId being the read-only pad ID,
however later stages, e.g. in PadMessageHandler, use the real pad ID for
access checks. This led to authorization being denied.

This commit fixes it by only storing and comparing the real pad IDs and
not read-only pad IDs.

This fixes test case "authn user readonly pad -> 200, ok" in
src/tests/backend/specs/socketio.js.
 2021-04-12 22:51:06 -04:00
pcworld
0d33793908 tests: readonly pastes must be readable+exportable with authentication 
readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
 2021-04-12 22:51:06 -04:00
translatewiki.net
7d5cad6932 Localisation updates from https://translatewiki.net. 2021-04-12 15:43:27 +02:00
Richard Hansen
d01b593d3c chat: Ensure that ctx.text is interpreted as HTML 2021-04-11 06:20:29 +02:00
Richard Hansen
a3a0ff7bc1 chat: Use jQuery to build the chat message DOM object 
This reduces the likelihood of accidentally introducing an XSS
vulnerability.
 2021-04-11 06:20:29 +02:00
Richard Hansen
74554d36a5 chat: Allow chatNewMessage hook to modify more values 2021-04-11 06:20:29 +02:00
Richard Hansen
1ad134a538 PadMessageHandler: Improve logging of pre-CLIENT_READY drops 
This should make it easier to see what is emitting the the messages so
it can be fixed.
 2021-04-09 18:43:02 +02:00
Richard Hansen
91e99c84ca import: Reduce log spam from unsupported elements 2021-04-09 18:43:02 +02:00
Richard Hansen
09c349e2a1 import: Use a Set for supported elements 2021-04-09 18:43:02 +02:00
translatewiki.net
e31da37d00 Localisation updates from https://translatewiki.net. 2021-04-08 14:54:44 +02:00
webzwo0i
a796811558 escape userId before setting it as HTML attribute 2021-04-07 23:29:27 -04:00
webzwo0i
9408d4395f remove custom timeouts 2021-04-07 17:47:11 -04:00
Mikk Andresen
af19a010c5 DOCS: Fix broken links in TOC - use Marked to generate ID slugs instead of local implementation that was giving out different IDs in some cases - https://github.com/citizenos/citizenos-fe/issues/535 2021-04-06 21:42:01 +02:00
webzwo0i
e483b91916 Don't make browsers fail on sync-xhr until require-kernel is dropped 2021-04-05 04:34:29 -04:00
snyk-bot
e86547c4f5 fix: upgrade openapi-backend from 3.9.0 to 3.9.1 
Snyk has created this PR to upgrade openapi-backend from 3.9.0 to 3.9.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-04-03 16:54:52 -04:00
Richard Hansen
e4754eb9df tests: Fix race in timeslider_revisions.js 2021-04-02 15:46:27 +02:00
Richard Hansen
27e5373050 tests: Fix race in change_user_name.js 2021-04-02 15:46:27 +02:00
Richard Hansen
58dac4c0fc tests: Fix races in inner_height.js 2021-04-02 15:46:27 +02:00
Richard Hansen
4ad80d4072 tests: Delete overly aggressive frontend test timeouts 
This should reduce test flakiness.
 2021-04-02 15:46:27 +02:00
Richard Hansen
7cbb3f565d tests: Speed up helper.edit() and helper.clearPad() 2021-04-02 15:46:27 +02:00
Richard Hansen
7a154b1e1d tests: Wait for commit instead of sleep in timeslider_revisions.js 2021-04-02 15:46:27 +02:00
Richard Hansen
d15ff9ce8d tests: Add missing awaits to change_user_name.js 
Also increase the timeouts.
 2021-04-02 15:46:27 +02:00
Richard Hansen
bbf89dfcf9 tests: Refine frontend tests 
* Switch from `helper.newPad()` to `helper.aNewPad()`.
  * Promisify.
  * Delete redundant logic.
  * Lint fixes.
 2021-04-02 15:46:27 +02:00
Richard Hansen
3790c0e41c tests: Use async/await instead of returning Promises 
This has a few benefits:
  * It's more readable: It's easier for a user of the function to know
    that they should use `await` when calling the function.
  * Stack traces are more useful.
  * Some code (e.g., the async npm package) uses introspection to
    determine if a function is `async` vs. takes a callback.
 2021-04-02 15:46:27 +02:00
Richard Hansen
b164a34e64 lint: Fix ESLint error in helper/methods.js 2021-04-02 15:46:27 +02:00
Richard Hansen
62403159df tests: Invert conditions to improve readability 2021-04-02 15:46:27 +02:00
Richard Hansen
dd9c08d821 tests: Wait for commit rather than sleep 2021-04-01 14:31:56 +02:00
Richard Hansen
2776946627 tests: Use cookie libraries to manipulate cookies 2021-04-01 14:31:56 +02:00
Richard Hansen
202d65d2bb pad_cookie: Re-read prefs cookie on every call to getPref() 
This makes it easier to write tests that clear the prefs cookie.
 2021-04-01 14:31:56 +02:00
Richard Hansen
0df41a9a78 pad_cookie: Move initial cookie read+save to init() 
Benefits of this change:
  * It avoids race conditions with tests that clear cookies.
  * Any attempt to get or set a value before `init()` is called will
    throw an error, ensuring the API is used properly.
  * Improved readability: It's easier to understand what the
    `pad.noCookie` check is doing.
 2021-04-01 14:31:56 +02:00
Richard Hansen
aeee5c0b69 tests: Fix cookie name in helper.js tests 2021-04-01 14:31:56 +02:00
Richard Hansen
137fa89d2a tests: Always set cookie path to / (to match non-test behavior) 2021-04-01 14:31:56 +02:00
Richard Hansen
5666c34061 tests: Fix encoding of prefs cookie 2021-04-01 14:31:56 +02:00
Richard Hansen
63e6e163b7 tests: Promisify some of the helper.js tests 2021-04-01 14:31:56 +02:00
Richard Hansen
701a40ac13 tests: Promisify multiple_authors_clear_authorship_colors.js 2021-04-01 14:31:56 +02:00
Richard Hansen
8b43f9eb5f tests: Promisify authorship_of_editions.js 2021-04-01 14:31:56 +02:00
Richard Hansen
056939cd22 tests: Refine helper/multipleUsers.js 
* Rename "current"/"other" to "user0"/"user1".
  * Delete unnecessary `_createTokenFor*` functions.
  * Rename helper functions to remove unnecessary leading underscore
    and for brevity.
  * Use jQuery's `.attr()` to build the second iframe.
  * Use js-cookie to manipulate the token cookie.
  * Don't attempt to set the token cookie if the pad isn't loaded.
  * Use the token generated by the pad.
  * Only clear the token cookie at path=/.
 2021-04-01 14:31:56 +02:00
Guilherme Goncalves
f2034ad368 tests: Add regression tests for character composition race 
See: https://github.com/ether/etherpad-lite/issues/4978
 2021-03-30 16:42:53 -04:00
Richard Hansen
1fdaf95c3b collab_client: Delete unused NO_COMMIT_PENDING handling 2021-03-30 16:42:53 -04:00
Richard Hansen
63a1f078f4 collab_client: Redo server message queueing 
Move server message queue processing out of `handleUserChanges()` for
the following reasons:
  * Fix a race condition: Before this change the client would stop
    processing incoming messages and stop sending changes to the
    server if a `NEW_CHANGES` message arrived while the user was
    composing a character and waiting for an `ACCEPT_COMMIT` message.
  * Improve readability: The `handleUserChanges()` function is for
    handling changes from the local user, not for handling changes
    from other users.
  * Simplify the code.
 2021-03-30 16:42:53 -04:00
Richard Hansen
e99fe88537 collab_client: Use Date.now() instead of casting a Date object 
Also rename the `t` variable to `now` to improve readability.
 2021-03-30 16:42:53 -04:00
Richard Hansen
5c445eac21 collab_client: Convert state var to committing bool 2021-03-30 16:42:53 -04:00
Richard Hansen
3ee6b5eb2b collab_client: Delete unused caughtErrors 2021-03-30 16:42:53 -04:00
Richard Hansen
81b9a2544d collab_client: Factor out duplicate ACCEPT_COMMIT code 2021-03-30 16:42:53 -04:00
snyk-bot
dd09a3f12b fix: src/package.json & src/package-lock.json to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
 2021-03-30 18:26:32 +02:00
Richard Hansen
b9753dcc71 Changeset: Return a new op object by default when iterating 
Reusing the same op object for each iteration can result in very weird
behaviors because previously yielded op objects will get a surprise
mutation.

It is unclear why the code was written to reuse the same object. There
was no comment, nor is there a commit message providing rationale (it
has behaved this way since the very first commit). Perhaps the objects
were reused to improve performance (fewer object allocations that need
to be garbage collected). I do expect this change to reduce
performance somewhat, but not enough to warrant reverting this commit.
 2021-03-29 18:42:55 -04:00
Richard Hansen
718da6fc1b tests: New helper.aNewPad() (promisified newPad()) 2021-03-29 18:40:05 -04:00
Richard Hansen
ec76a6548f tests: Make the helper.newPad() callback optional 2021-03-29 18:40:05 -04:00
Richard Hansen
27b35699ea tests: Fix helper.newPad() retries 
* Pass retry count in options object so that each pad has its own
    retry count.
  * Delete useless `origPadName` variable.
 2021-03-29 18:40:05 -04:00
translatewiki.net
eac5a52690 Localisation updates from https://translatewiki.net. 2021-03-29 17:55:09 +02:00
John McLear
b80f5bdae8
bugfix/tests/scaling: Socket query test fix (#4974) 
fix socketio test where res.req is not available.
 2021-03-24 21:03:48 +00:00
John McLear
2b98b930d7
scaling: include padId in socketio query string 2021-03-24 16:07:11 +00:00
webzwo0i
3ae6b01518 bump version 2021-03-22 16:17:18 +01:00
webzwo0i
65b644498f bump require-kernel dependency 2021-03-21 18:30:39 +00:00
John McLear
a8f9c2b6a7
fix: upgrade express-rate-limit from 5.2.5 to 5.2.6 (#4938) 
Snyk has created this PR to upgrade express-rate-limit from 5.2.5 to 5.2.6.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2021-03-20 17:45:00 -04:00
Richard Hansen
eb3cff5b3a LibreOffice: Remove unnecessary callbackification 
`async.queue` will do the right thing if passed an `async` function.
 2021-03-20 20:29:55 +00:00
Richard Hansen
0233399fdf Abiword: Avoid calling stdoutCallback multiple times 2021-03-20 20:29:55 +00:00
webzwo0i
c208d50c4a add version string to iframe_editor.css 2021-03-20 16:42:08 +00:00
webzwo0i
b250ceaae7 add test for wrong clientHeight 2021-03-20 16:41:15 +00:00
Richard Hansen
3ad1d0a74f cssmanager: Refactor CSS manager creation to avoid race condition 
Safari takes a while to initialize `document.styleSheets`, which
results in a race condition when loading the pad. Avoid the race
condition by accessing the CSSStyleSheet objects directly from the
HTMLStyleElement DOM objects.
 2021-03-20 01:07:16 +00:00
Richard Hansen
e2bfe2fd10 pad_editor: Promisify init() 2021-03-20 01:07:16 +00:00
Richard Hansen
81e36cf3c7 Ace2Inner: Promisify init() 2021-03-20 01:07:16 +00:00
Richard Hansen
742a7cd430 cssmanager: Throw if no matching style sheet is found 
This avoids a later null dereference when the stack trace isn't as
useful.
 2021-03-20 01:07:16 +00:00
Richard Hansen
5b05ee79ff cssmanager: Simplify iteration over style sheets 2021-03-20 01:07:16 +00:00
Richard Hansen
cb9f6d6776 ace: Use iframe srcdoc property to refine frame load logic 
This seems to fix "null is not an object (evaluating
'browserSheet.insertRule')" errors on Safari.
 2021-03-19 17:06:58 +01:00
Richard Hansen
b4e1e935e2 LibreOffice: Log conversion errors 2021-03-18 09:02:28 +00:00
Richard Hansen
b2c0837cf5 import/export: Promisify Abiword and LibreOffice conversion 2021-03-18 09:02:28 +00:00
Richard Hansen
b321267e66 LibreOffice: Use the async-provided callback to signal errors 
This avoids having two callbacks, which improves readability.
 2021-03-18 09:02:28 +00:00
Richard Hansen
b914a46a87 LibreOffice: Use async.series to properly handle conversion errors 2021-03-18 09:02:28 +00:00
Richard Hansen
a6d5611c80 LibreOffice: Use consistent intermediate filename 2021-03-18 09:02:28 +00:00
Richard Hansen
ad0be9d1d2 LibreOffice: Add missing fileExtension property on intermediate step 2021-03-18 09:02:28 +00:00
Richard Hansen
5eab3a123d Abiword: Use the async-provided callback to signal errors 
This avoids having two callbacks, which improves readability.
 2021-03-18 09:02:28 +00:00
Richard Hansen
8d32463915 Abiword: Fix logging of conversion failure 2021-03-18 09:02:28 +00:00
Richard Hansen
f015f59cfc Abiword: Reduce log spam 2021-03-18 09:02:28 +00:00
Richard Hansen
259ee4a987 Abiword: Don't call the callback if null 2021-03-18 09:02:28 +00:00
Richard Hansen
83f39289aa import/export: On export error return 500 instead of crashing 2021-03-18 09:02:28 +00:00
Richard Hansen
3a11e97758 import/export: Spelling fix: "convertor" -> "converter" 2021-03-18 09:02:28 +00:00
Richard Hansen
50fdadab7d ExportHandler: Pass the error unmodified 2021-03-18 09:02:28 +00:00
Richard Hansen
216aecd433 import/export: Use Error objects for errors, not strings 2021-03-18 09:02:28 +00:00
Richard Hansen
59c167e31b ExportHandler: Replace unnecessary exception with return 2021-03-18 09:02:28 +00:00
Richard Hansen
785b7d2b44 Abiword: Reset stdout buffer when starting abiword 2021-03-18 09:02:28 +00:00
Richard Hansen
b6c2586920 import/export: Delete unnecessary comments 2021-03-18 09:02:28 +00:00
Richard Hansen
fe1eceb6b5 tests: Use assert to simplify import/export tests 2021-03-18 09:02:28 +00:00
Richard Hansen
98c42d6076 tests: Promisify import/export tests 2021-03-18 09:02:28 +00:00
Richard Hansen
ff50682412 tests: Increase import/export test timeouts 2021-03-18 09:02:28 +00:00
translatewiki.net
5c9514f926 Localisation updates from https://translatewiki.net. 2021-03-15 19:03:09 +01:00
Richard Hansen
c5a37d7a92 deps: Bump ueberdb2 to get MySQL improvements 2021-03-13 19:51:43 +00:00
webzwo0i
6f591b5c77
add class pad to timeslider to fix height issue (#4941) 2021-03-12 21:16:22 -05:00
webzwo0i
8e2a21ec84
arrow functions dont have arguments (#4943) 2021-03-12 14:25:14 -05:00
Richard Hansen
0b9bf4a78e deps: Update ueberdb2 to get updated metrics 2021-03-11 20:21:38 +00:00
Richard Hansen
9b82d1d37d server: Log stats (metrics) on fatal error 
This might help users troubleshoot rare crashes.
 2021-03-11 07:38:44 +00:00
Richard Hansen
d2610284ad bin/safeRun.sh: Fix try: not found bug 
This fixes a copy+paste bug introduced in commit
8b28e00784 (v1.8.8).
 2021-03-10 02:54:20 -05:00
Richard Hansen
fcf43a7089 stats: Expose ueberDB metrics 2021-03-08 22:32:39 +00:00
Richard Hansen
71dfa7070d deps: Update ueberdb2 to get metrics 2021-03-08 22:32:39 +00:00
Richard Hansen
926f0fcefb CSS: Increase size of contenteditable area 2021-03-08 14:39:18 +00:00
Richard Hansen
404486069c ace: Build the outer and inner iframes programmatically 
This makes the code easier to read and it silences Chrome's
`document.write()` warning:
https://developers.google.com/web/updates/2016/08/removing-document-write

This is a redo of commit a17f9bf3cf,
which was reverted in commit 912f0f195f
due to a CSS bug.
 2021-03-05 19:31:59 +00:00
webzwo0i
4ca989a255
sessions: add more endpoints that do not need a session (#4921) 
* add more endpoints that do not need a session

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: John McLear <john@mclear.co.uk>
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-03-05 07:48:33 +00:00
Richard Hansen
60da2373a6 CSS: Add comment to no-skin/pad.css to silence warning 
Firefox prints "Style sheet could not be loaded" if the file is empty.
 2021-03-05 07:45:48 +00:00
Richard Hansen
5546cc5e7b CSS: Delete bogus <link> tag 
Browsers report an error with this tag. Strangely, this tag has
existed since Etherpad's very first commit.
 2021-03-05 07:45:48 +00:00
Richard Hansen
470f40d7db CSS: Use auto for iframe body height 
This change makes no visual difference right now, but will matter (for
reasons I don't understand) once we change `ace.js` to build the
iframes by constructing elements in JavaScript (vs. writing HTML).
 2021-03-05 07:45:48 +00:00
Richard Hansen
48e1d1c23f CSS: Fix class name for outer iframe <html> tag 
* Add the class "pad" to the `<html>` tag in `pad.html` (the outer
    iframe's parent).
  * Change the CSS selector that refers to the `<html>` tag in
    `pad.html` from `html:not(.inner-editor)` to `html.pad`.
  * Change the class name of the outer iframe's `<html>` tag from
    "inner-editor" to "outer-editor".
  * Update CSS rules to use the new class name.
 2021-03-05 07:45:48 +00:00
John McLear
de394f72a6
bump version 2021-03-05 07:28:44 +00:00
John McLear
5ac90ab30f tests: Allow time for minification to complete 
Minification happens after the initial visit and request to pages.
 2021-03-05 07:11:42 +00:00
snyk-bot
d0e257d8df fix: upgrade resolve from 1.19.0 to 1.20.0 
Snyk has created this PR to upgrade resolve from 1.19.0 to 1.20.0.

See this package in npm:
https://www.npmjs.com/package/resolve

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-03-05 06:37:45 +00:00
translatewiki.net
21cdf0edaa Localisation updates from https://translatewiki.net. 2021-03-04 13:58:49 +01:00
Richard Hansen
912f0f195f Revert "ace: Build the outer and inner iframes programmatically" 
This reverts commit a17f9bf3cf, which
caused a mysterious bug with the line numbers. Revert to avoid
blocking a new release while I figure out the bug.
 2021-03-04 02:05:54 +00:00
Richard Hansen
0aad3b74da pluginfw: Improve rendering of hook list 
There are two main benefits:
  * HTML is no longer printed in the startup debug logs.
  * `require()` is no longer called on client-side files. This
    eliminates "Failed to load <file> for <plugin>: ReferenceError:
    window is not defined" errors when users visit
    `/admin/plugins/info`.
 2021-03-03 11:19:37 +00:00
Richard Hansen
7e698baa80 pluginfw: Improve hook function load error message 2021-03-03 11:19:37 +00:00
John McLear
f95b09e0b6
Import: Import don't show warnings for supported elements 2021-03-02 17:14:47 +00:00
snyk-bot
2fd06535b7 fix: upgrade express-rate-limit from 5.2.3 to 5.2.5 
Snyk has created this PR to upgrade express-rate-limit from 5.2.3 to 5.2.5.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-03-02 06:52:15 +00:00
Richard Hansen
797ffa5600 Minify: Avoid path.relative() 
Constructing a relative pathname on Windows is problematic because the
two absolute pathnames might be on different drives (or UNC paths).
Use `path.resolve()` instead of `path.join()` where appropriate to
avoid the need to construct a relative path.
 2021-03-02 06:20:10 +00:00
Richard Hansen
8971166c58 lint: Set up Cypress config and fix issues 2021-03-02 05:49:48 +00:00
Richard Hansen
b0862cd030 ace: Delete all $$INCLUDE_CSS logic 
The intention of the deleted code was to reduce the number of fetches,
but it only saved a single fetch due to implementation flaws. The
right way to reduce the number of fetches is to use a bundling
technology such as webpack, and this change makes it easier to do so.
 2021-03-01 14:32:33 +00:00
Richard Hansen
66d3ac3783 ace: Debug logging 2021-03-01 14:32:33 +00:00
Richard Hansen
a17f9bf3cf ace: Build the outer and inner iframes programmatically 
This makes the code easier to read and it silences Chrome's
`document.write()` warning:
https://developers.google.com/web/updates/2016/08/removing-document-write
 2021-03-01 14:32:33 +00:00
Richard Hansen
c696732838 ace: Asyncify Ace2Editor.init() 2021-03-01 14:32:33 +00:00
Richard Hansen
159fd5bdeb ace: Simplify passing of editorInfo 2021-03-01 14:32:33 +00:00
Richard Hansen
e57829183d ace: Pass objects to Ace2Inner via function args 2021-03-01 14:32:33 +00:00
Richard Hansen
6fe0154129 ace: Use absolute URLs when building iframes 
This isn't strictly necessary right now, but will become
necessary (due to a Safari quirk) when we change to building the
iframes programmatically (vs. the current `document.write()`
approach).
 2021-03-01 14:32:33 +00:00
Richard Hansen
9cfc2fb801 ace: Simplify the aceEditorCSS hook map function 2021-03-01 14:32:33 +00:00
Richard Hansen
94c221586c ace: Factor out duplicated $$INCLUDE_CSS code 2021-03-01 14:32:33 +00:00
Richard Hansen
54df7f3728 ace: Delete unused clientVars.disableCustomScriptsAndStyles 2021-03-01 14:32:33 +00:00
Richard Hansen
d84447290e ace: Delete unnecessary IIFE 2021-03-01 14:32:33 +00:00
Richard Hansen
3a311d2182 ace: Lint and simplify script strings 2021-03-01 14:32:33 +00:00
Richard Hansen
c9b1f17f25 ace: Format script strings for readability 2021-03-01 14:32:33 +00:00
Richard Hansen
b3416c4eeb ace: Delete ignored class attribute 2021-03-01 14:32:33 +00:00
Richard Hansen
c9c8b27854 ace: Delete unused Ace2Editor.getFrame() method 2021-03-01 14:32:33 +00:00
John McLear
64e9e7fcda
tests: Frontend test Windows ZIP (#4894) 
* tests:  Frontend test Windows ZIP

This PR introduces Frontend testing within Github actions!

We're depending a lot on saucelabs recently and that's fine but sometimes we just want to quickly do a frontend simple test on a weird environment (IE windows build) so this PR solves that problem.

Things to note.

    It still builds the windows .zip if the cypress tests fail.
    It does not add any heavy deps to Etherpad as cypress must be installed in CI.
    Cypress is responsible for running the Etherpad instance.

It's up to us how much we use this or not, I know it introduces a bunch of technical debt but I tried to keep that a minimum by compartmentalizing things and documenting where required.

* Update .github/workflows/windows-zip.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* remove timeouts

* Move folder structure up a level

* Update windows-zip.yml

* Update test.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-03-01 14:31:55 +00:00
John McLear
b3d7f5d63e pluginTools: stalePlugins.js 
Outputs a list of pluginnames and email address for maintainers to contact.  Useful for me to bump folks to maintain there stuff and stop it getting stale :)
 2021-02-28 16:05:53 +00:00
John McLear
35ae08ca77
tests: run a long(1+ hr) load test 2021-02-28 16:05:16 +00:00
John McLear
d7fd3934de
Merge branch 'develop' of github.com:ether/etherpad-lite into develop 2021-02-28 15:51:51 +00:00
John McLear
237bab7e3e
branding: change etherpad lite to etherpad in Pad settings modal 2021-02-28 15:51:39 +00:00
Richard Hansen
99b3918f2c Minify: Compatibility for all vendors/*.js files 2021-02-28 11:12:30 +00:00
Richard Hansen
3667f2ca0e Ace2Inner: Fix missing spread operator on args 
This fixes a bug that was introduced in commit
c38c34bef4.
 2021-02-28 08:39:47 +00:00
Richard Hansen
16e6496eb4 deps: Update ueberdb2 to fix dirty DB bug 2021-02-28 08:03:20 +00:00
webzwo0i
377883db98
fix pads with spaces (#4884) 2021-02-27 22:34:43 -05:00
John McLear
37769cc9ff
bump version 2021-02-27 16:46:22 +00:00
webzwo0i
348d08c79e ensure version string is attached for inner frame resources 2021-02-27 16:28:12 +00:00
webzwo0i
01dd9f5440 speed up page load 2021-02-27 16:28:12 +00:00
John McLear
ba2004cb2d nice-select restore to working 
I accidently committed a breaking change in 1b8cd0747d/src/static/js/vendors/nice-select.js
 2021-02-27 16:23:39 +00:00
Richard Hansen
3a34db84e6 tests: Refine CachingMiddleware tests 
* Lint functions
  * Fix assignment of `settings.minify`
  * Use a for loop to avoid copied code for the `minify = true` and
    `minify = false` cases
  * Put each resource fetch into its own test case
  * Check for 200 status code
  * Use `.expect()` to check header value
  * Use `.expect(fn)` instead of `.then(fn)`
 2021-02-27 14:03:09 +01:00
Richard Hansen
f86df5322e CachingMiddleware: Asyncify 2021-02-27 14:03:09 +01:00
Richard Hansen
0284d49522 CachingMiddleware: Switch to ES6 class syntax 2021-02-27 14:03:09 +01:00
Richard Hansen
80af66543a lint: Move up respond() in caching_middleware.js 2021-02-27 14:03:09 +01:00
Richard Hansen
7ab3ee2121 lint: src/node/utils/caching_middleware.js 2021-02-27 14:03:09 +01:00
Richard Hansen
392d9dcfde PadMessageHandler: Fix fetching of socket.io Sockets for a pad 2021-02-27 08:46:49 +00:00
Richard Hansen
9cd67cd990 PadMessageHandler: Delete unnecessary use of Promise.then() 2021-02-27 08:46:49 +00:00
webzwo0i
15dba7d886
move underscore to its old place and remove unnecessary packages (#4876) 2021-02-27 00:10:53 -05:00
John McLear
c0ec28f781 reversecompat: underscore 
Backward compatibility for plugins that were written when underscore lived at src/static/js/underscore.js.
 2021-02-26 11:03:19 +00:00
John McLear
11f3b7232d
bump version 2021-02-25 18:26:17 +00:00
webzwo0i
efd211bbc5 remove useless semicolon 2021-02-25 16:59:06 +00:00
webzwo0i
fa29858a4e avoid manually including require-kernel in ace.js 2021-02-25 16:59:06 +00:00
translatewiki.net
12c23d468c Localisation updates from https://translatewiki.net. 2021-02-25 16:17:56 +01:00
webzwo0i
a77994ab6e avoid pad_utils in pad.html 2021-02-25 12:46:04 +00:00
Richard Hansen
ba5d8369bf Minify: Consistently use path.join() to build pathnames 
This defends against extraneous or missing slashes, and it might
improve the experience on Windows.
 2021-02-25 10:14:48 +00:00
Richard Hansen
2d3469e3ee Minify: Improve pathname sanitization 
For context, see:
https://nvd.nist.gov/vuln/detail/CVE-2015-3297
9d4e5f6e35
https://github.com/ether/etherpad-lite/issues/2614
 2021-02-25 10:14:48 +00:00
Richard Hansen
0cce4ae536 Minify: Also serve jquery.js from old path for compatibility 2021-02-25 10:14:48 +00:00
Richard Hansen
f845f21ba5 /static/tests.html: Fix jquery.js path 
See commit 1b8cd0747d.
 2021-02-25 10:14:48 +00:00
John McLear
4a65acf417
docs: fix links from TOC to Headings and improve appearance of docs (a little) (#4866) 
* docs: fix links from TOC to Headings
* docs: Styling

Just a little modernisation of the appearance of the documentation

* Update src/bin/doc/package.json

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-02-25 09:01:45 +00:00
Richard Hansen
41ec7fe3fc deps: Update ueberdb2 to work around dirty DB bug 2021-02-25 00:02:14 +00:00
Richard Hansen
b2ffd8c95c lint: Update ESLint dependencies 2021-02-24 09:07:24 +00:00
Richard Hansen
dabff9be77 run_cmd: Fix PATH debug log message 2021-02-23 21:41:32 -05:00
John McLear
c7511b2f2e tests: change timeout on bold and embed_value test to support Win10 FF84 2021-02-23 19:53:03 +00:00
John McLear
72d9c8fef9 tests: Use more modern relevant Firefox version in Sauce Labs 
Firefox 52 has issues with rendering SVG animations which caused random tests to fail.  Less than 2% of total Firefox users now use Firefox 52 so we're safe to drop testing for it.
 2021-02-23 19:53:03 +00:00
John McLear
8364546e70 tests: fix importexport tests 
The testing approach was redone to fix numerous issues:
  * Even if the tests had been working, none of them would have caught
    https://github.com/ether/etherpad-lite/issues/4808 because they
    didn't exercise the client-side import logic. Now they do.
  * Follow-up logic was not in the `helper.waitFor()` callback like it
    should have been. Now the code uses `async` and `await` to ensure
    proper execution order.
  * All `$.ajax()` calls used `async: false`. Now they're properly
    asynchronous.
  * The `helper.waitFor()` condition callbacks threw instead of
    returning false.
  * The string comparisons didn't allow for different attribute
    order (e.g., `<ol start="1" class="list-number1">` vs. `<ol
    class="list-number1" start="1">`). Now `Node.isEqualNode()` is
    used to reduce fragility. (`Node.isEqualNode()` is not perfect, so
    the tests are still a bit fragile: If class names or style strings
    are in a different order then `Node.isEqualNode()` will return
    false even if the nodes are semantically equivalent.)

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-02-22 18:20:24 -05:00
Richard Hansen
3ca1589885 Revert "tests: fix importexport frontend tests (#4827)" 
I'm going to split this into separate commits.

This reverts commit 9b03f8f6ab.
 2021-02-22 18:19:48 -05:00
translatewiki.net
f246d1b476 Localisation updates from https://translatewiki.net. 2021-02-22 16:37:36 +01:00
John McLear
0ac33d2085 tests: timeslider_follow increase test timeout for firefox. 2021-02-22 14:30:19 +00:00
Richard Hansen
1908bedabe caretPosition: Clarify comment in getPosition() 2021-02-22 11:25:45 +00:00
Richard Hansen
91955609af caretPosition: Delete pointless logic in getPosition() 
The `line` variable is unconditionally overwritten later, and the
function calls do not have side effects, so it is safe to delete this
logic.
 2021-02-22 11:25:45 +00:00
Richard Hansen
1dbdaf93d7 caretPosition: Delete no-op Range.detach() call 2021-02-22 11:25:45 +00:00
Richard Hansen
5e731dfbfd caretPosition: Delete unused var in getPosition() 2021-02-22 11:25:45 +00:00
Richard Hansen
02fd0048bf caretPosition: Invert condition in getPosition() for readability 2021-02-22 11:25:45 +00:00
Richard Hansen
773959ec57 CI: Delete old Sauce Connect logic 2021-02-22 11:25:21 +00:00
John McLear
9b03f8f6ab
tests: fix importexport frontend tests (#4827) 
* CI: Leave log level at INFO for frontend tests

* CI: Disable frontend admin tests for non-admin workflow

* CI: Disable import/export rate limiting for frontend tests

* tests: fix importexport tests

The testing approach was redone to fix numerous issues:
  * Even if the tests had been working, none of them would have caught
    https://github.com/ether/etherpad-lite/issues/4808 because they
    didn't exercise the client-side import logic. Now they do.
  * Follow-up logic was not in the `helper.waitFor()` callback like it
    should have been. Now the code uses `async` and `await` to ensure
    proper execution order.
  * All `$.ajax()` calls used `async: false`. Now they're properly
    asynchronous.
  * The `helper.waitFor()` condition callbacks threw instead of
    returning false.
  * The string comparisons didn't allow for different attribute
    order (e.g., `<ol start="1" class="list-number1">` vs. `<ol
    class="list-number1" start="1">`). Now `Node.isEqualNode()` is
    used to reduce fragility. (`Node.isEqualNode()` is not perfect, so
    the tests are still a bit fragile: If class names or style strings
    are in a different order then `Node.isEqualNode()` will return
    false even if the nodes are semantically equivalent.)

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-02-22 10:40:38 +00:00
Richard Hansen
d9c2778d17 plugins: Better fix for LGTM security warning 2021-02-22 09:43:20 +00:00
John McLear
0f16e518ff
api: drop JSONP (#4835) 
* api: drop JSONP

* docs: drop JSONP

* tests: drop JSONP

* api: remove isValidJSONPName require
 2021-02-22 09:10:02 +00:00
Richard Hansen
85231cb774 tests: More descriptive Sauce Labs name 2021-02-22 03:36:12 -05:00
Richard Hansen
6198e92706 tests: Pass --legacy-peer-deps flag to work around npm v7 bug 
This flag is unknown to npm v6, but npm v6 silently ignores unknown
flags.
 2021-02-22 03:36:12 -05:00
webzwo0i
14a9749b75 tests: add assert helper for supporting node 10.x 2021-02-22 03:36:12 -05:00
John McLear
ce83181ac3
Lgtm bugfixes (#4838) 
* code tidy up: always evaluates

* tidy up: is always true

* tidy up: remove unused code

* always true/false variables

* unused variable

* tidy up: remove unused code in caretPosition.js

* for squash: Revert "tidy up: remove unused code in caretPosition.js"

The `if` condition was previously always true, so the body should be
preserved. If the body is preserved, other logic can be deleted. I
opened PR #4845 to clean it all up.

This reverts commit 75b03e5a7d.

* for squash: simplify

* for squash: Explain that the getter is used for its side effects

It's very weird to call a getter without using its return value. Add a
comment explaining why this is done so that the reader doesn't get
confused.

* for squash: Revert "tidy up: remove unused code"

The exception test was the purpose of the code.

This reverts commit 85153b1676.

* for squash: Log the tsort results

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-02-22 08:26:35 +00:00
John McLear
40d7480d5b lint: padaccess.js 2021-02-21 21:09:02 -05:00
John McLear
029729a386 lint: Settings.js 2021-02-21 21:09:02 -05:00
John McLear
435562299f lint: NodeVersion.js 2021-02-21 21:09:02 -05:00
John McLear
7352dc7571 lint: ImportEtherpad.js 2021-02-21 21:09:02 -05:00
John McLear
613c7d8545 lint: ExportTxt.js 2021-02-21 21:09:02 -05:00
John McLear
d2359be08b lint: ExportHtml.js 2021-02-21 21:09:02 -05:00
John McLear
5718c8b360 lint: AbsolutePaths.js 2021-02-21 21:09:02 -05:00
John McLear
b1614f0592 lint: i18n.js 
Partial, still 3 more to do that are slightly higher hanging that can get done.
 2021-02-21 21:09:02 -05:00
John McLear
586af5e16e lint: padurlsanitize.js 2021-02-21 21:06:38 -05:00
John McLear
86c938cae2 lint: openapi.js 2021-02-21 21:06:38 -05:00
John McLear
25d4faddd9 lint: SocketIORouter.js 2021-02-21 21:06:38 -05:00
John McLear
5201cb717f lint: PadMessageHandler.js 2021-02-21 21:06:38 -05:00
John McLear
d67f170c46 lint: eejs/index.js 2021-02-21 21:06:38 -05:00
John McLear
3ed4ac649c lint: PadManager.js 2021-02-21 21:02:59 -05:00
John McLear
6b6201b448
null link on plugins and noopener / noreferrer 
Resolves a (non) security issue brought up by LGTM but I think the noopener and norefferer are good shouts
 2021-02-21 19:30:39 +00:00
John McLear
2c763fb4d1 Delete dirty-db-cleaner.py 2021-02-21 18:07:20 +00:00
John McLear
543e94fd4a
timeslider: slight improvement on code quality (#4836) 
This is an interim patch, ultimately the JS needs to be thrown out of the HTML...
 2021-02-21 17:59:15 +00:00
John McLear
1b8cd0747d
Move vendor libraries to /vendors folder and exclude from LGTM 2021-02-21 15:07:39 +00:00
webzwo0i
0bb3e65020 fix for caching plugin-definitions 2021-02-21 14:31:15 +00:00
John McLear
086b59b30d
editor: UI polish - Etherpad brand as reconnect & loading animation 2021-02-21 13:24:51 +00:00
John McLear
bb14775820 drop apiRoot object from build 2021-02-21 11:08:07 +00:00
John McLear
227370547d update openapi-backend 2021-02-21 11:08:07 +00:00
John McLear
ee2b32281c
pluginfw: Warn plugins on missing plugin (#4826) 
* pluginfw: Warn plugins on missing plugin

Add functionality to console.warn when a plugin is missing.  This will help admins know when people are trying to use plugins that are missing.  Resolves https://github.com/ether/etherpad-lite/issues/4730

* pluginfw: importing .etherpad can notify admins of missing plugins

Extending .etherpad imports to notify admins if a missing plugin is present

* Update ImportEtherpad.js
 2021-02-21 11:07:13 +00:00
John McLear
77b2f372ab lint: pad_userlist.js arrow functions 
This probably needs a good rewrite/refactor to remove self.
 2021-02-21 11:05:25 +00:00
John McLear
2511eed472 lint: Changeset.js more literal conditionals 2021-02-21 11:05:25 +00:00
John McLear
8cbd5222dd lint: pad_userlist.js - remove require browser 2021-02-21 11:05:25 +00:00
John McLear
73b3a2dc54 lint: AttributeManager.js use ES6 method for hasAttrib 2021-02-21 11:05:25 +00:00
John McLear
f86578ffc3 lint: changesettracker.js var > const/let and other easy fixes 2021-02-21 11:05:25 +00:00
John McLear
3635cb6ca6 lint: changesettracker.js long-lines 2021-02-21 11:05:25 +00:00
John McLear
f5f4e3a6d1 lint: changesettracker.js arrow funcs 2021-02-21 11:05:25 +00:00
John McLear
d4b6cbc897 line: broadcast.js 2021-02-21 11:05:25 +00:00
John McLear
3b5b996d84 lint: Changeset no var 2021-02-21 11:05:25 +00:00
John McLear
0b78ad2f90 lint: Changeset.js curly braces in correct position 2021-02-21 11:05:25 +00:00
John McLear
23d7544763 lint: Changeset.js max-len 2021-02-21 11:05:25 +00:00
John McLear
98a0e76a20 lint: Changeset.js opcode eqeqeq checks 2021-02-21 11:05:25 +00:00
John McLear
d91f2b5b07 lint: Changeset.js additional arrow functions 2021-02-21 11:05:25 +00:00
John McLear
acccf56724 lint: Changeset.js arrow-functions 2021-02-21 11:05:25 +00:00
John McLear
cf37f52093 lint: collab_client.js 2021-02-21 11:05:25 +00:00
John McLear
b029edb931 lint: index.js 2021-02-21 11:05:25 +00:00
John McLear
01dd004054 lint: ChangesetUtils 2021-02-21 11:05:25 +00:00
John McLear
7c51446040 lint: use strict 2021-02-21 11:05:25 +00:00
John McLear
c64b1b8ead lint: skins 2021-02-21 11:05:25 +00:00
Sebastian Castro
4ca2d7ea3a
include lineHeight property in sidebar elements (#4831) 
This also makes the full line number element clickable to ensure a positive UX for the ``?lineNumber`` URL endpoint.  It also makes it more obvious that a click action can happen based on the hover.

Make line numbers stick to baseline of first line of wrapped content and editor lines with increased line hieght.

Make it compatible with ep_author_neat
 2021-02-20 13:24:17 +00:00
snyk-bot
d5997ddf05 fix: upgrade log4js from 0.6.35 to 0.6.38 
Snyk has created this PR to upgrade log4js from 0.6.35 to 0.6.38.

See this package in npm:
https://www.npmjs.com/package/log4js

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 21:13:08 +00:00
Richard Hansen
6163339c0d plugins: Always install plugins with --no-save 
The npm CLI can get confused if `package.json` or `package-lock.json`
exist.
 2021-02-18 19:18:59 +00:00
Richard Hansen
b3b5af3c3c plugins: Use npm CLI to install/uninstall plugins 
Using npm as a module has long been discouraged and will stop working
with npm v7.
 2021-02-18 19:18:59 +00:00
Richard Hansen
9633b98f92 tests: Delete unnecessary use of npm package 2021-02-18 19:18:59 +00:00
Richard Hansen
1cfbf88f7c run_cmd: Enhance with ability to return stdout as string 2021-02-18 19:18:59 +00:00
Richard Hansen
d8bb5aa009 plugins: Eliminate unnecessary run_npm.js 
I had anticipated more shared logic than we actually need (the
abstraction in `run_npm.js` is YAGNI).
 2021-02-18 19:18:59 +00:00
Richard Hansen
426c025127 run_cmd: Log to Etherpad logs by default 2021-02-18 19:18:59 +00:00
Richard Hansen
689a75b381 plugins: Pass --no-production instead of setting NODE_ENV=development 2021-02-18 19:18:59 +00:00
Richard Hansen
dcf7891316 plugins: Improve logging of plugin events 
This will make it easier to troubleshoot plugin and npm issues.
 2021-02-18 19:18:59 +00:00
Richard Hansen
4253a2ea8f plugins: Move hook call and plugin update out of try block 
Exceptions thrown by these function calls are serious and should crash
Etherpad.
 2021-02-18 19:18:59 +00:00
Richard Hansen
a8479e4a0e lint: Fix some ESLint errors in pluginfw 2021-02-18 19:18:59 +00:00
Richard Hansen
a45e85a730 Use settings.root to anchor pathnames 2021-02-18 19:18:59 +00:00
Richard Hansen
f868788417 Remove unnecessary path.normalize() calls 
`path.join()` already normalizes.
 2021-02-18 19:18:59 +00:00
Richard Hansen
84c1d74f8b server: Fix Gate constructor 
The ECMAScript spec for `.then()` requires Promise subclass
constructors to take an executor.
 2021-02-18 19:18:34 +00:00
Richard Hansen
4c6cb53d18 server: Improve log messages when exiting 2021-02-18 19:18:34 +00:00
snyk-bot
449b03d7e8 fix: upgrade unorm from 1.4.1 to 1.6.0 
Snyk has created this PR to upgrade unorm from 1.4.1 to 1.6.0.

See this package in npm:
https://www.npmjs.com/package/unorm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 19:18:19 +00:00
John McLear
9fb2c640b9
tests: Microsoft Windows Server CI (#4791) 
Due to a recent release that wasn't functioning properly this CI will help us catch the majority of Microsoft Node Quirks before they make it into a release.
 2021-02-18 18:49:43 +00:00
John McLear
9f317f0798
bump version 2021-02-18 14:37:02 +00:00
snyk-bot
19bf97bd2d fix: upgrade formidable from 1.2.1 to 1.2.2 
Snyk has created this PR to upgrade formidable from 1.2.1 to 1.2.2.

See this package in npm:
https://www.npmjs.com/package/formidable

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 14:02:56 +00:00
snyk-bot
a380fc2abf fix: upgrade tinycon from 0.0.1 to 0.6.8 
Snyk has created this PR to upgrade tinycon from 0.0.1 to 0.6.8.

See this package in npm:
https://www.npmjs.com/package/tinycon

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 13:45:18 +00:00
snyk-bot
da65057bb1 fix: upgrade etherpad-yajsml from 0.0.2 to 0.0.4 
Snyk has created this PR to upgrade etherpad-yajsml from 0.0.2 to 0.0.4.

See this package in npm:
https://www.npmjs.com/package/etherpad-yajsml

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 04:33:40 -05:00
Richard Hansen
30dbdf29f4 import: Convert arrow function to regular function 
This fixes a bug introduced in commit
b711ff6acf. Some time between when that
commit was originally written and when it was merged a round of
linting had converted the function from a regular function to an arrow
function because `this` was never in the body of the function. When I
rebased the commit, which introduced `this` to the body, I didn't
catch the error.
 2021-02-18 03:42:56 -05:00
Richard Hansen
fb745374c3 import: Improve error logging 2021-02-18 03:42:41 -05:00
John McLear
29f2cd34f0 build: fix build path for windows 2021-02-17 20:38:10 +00:00
Richard Hansen
8ef0860e8b
tests: Restore runnerBackend.sh (#4803) 
* tests: Restore `runnerBackend.sh`

`runnerBackend.sh` was deleted in commit
7dae5e3db8 but plugins still need it
until their GitHub workflow definitions have been updated.

Co-authored-by: John McLear <john@mclear.co.uk>
 2021-02-17 04:35:57 -05:00
Richard Hansen
7dae5e3db8 tests: Use the supertest agent from common.js for backend tests 2021-02-16 21:13:35 -05:00
Richard Hansen
5a91cf1b49 tests: Disable rate limiting for backend tests 2021-02-16 21:13:35 -05:00
Richard Hansen
4ae8fbc40d tests: Increase importexportGetPost.js timeouts 
The tests were timing out on my machine.
 2021-02-16 21:13:35 -05:00
Richard Hansen
3d2f77f75d lint: Fix ESLint errors in backend tests 2021-02-16 21:13:35 -05:00
Richard Hansen
00d45e3229 Defer rate limiter creation to a hook call 
This makes it possible to change the rate limiter settings via
`/admin/settings` or by modifying the appropriate settings object and
reinvoking the hook.
 2021-02-16 21:13:35 -05:00
Richard Hansen
d7ed71eba0 plugins: Fix "Error: spawn npm ENOENT" error on Windows 
On Windows, npm should be invoked as `npm.cmd`, not `npm`. Use a
drop-in replacement for `child_process.spawn()` that does the right
thing on Windows.
 2021-02-16 22:00:20 +00:00
John McLear
2e92e8e9d0 tests: frontend test button increase timeouts 2021-02-16 16:38:59 +00:00
snyk-bot
b06e47c06e fix: src/bin/doc/package.json & src/bin/doc/package-lock.json to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
 2021-02-16 11:10:46 +00:00
snyk-bot
095edb5043 fix: upgrade express-rate-limit from 5.1.1 to 5.2.3 
Snyk has created this PR to upgrade express-rate-limit from 5.1.1 to 5.2.3.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-16 11:05:49 +00:00
Richard Hansen
c39d0606cf ace2_inner: Delete special arrow key handling 
I can't see any reason this would be necessary, and it appears to not
behave as intended (`scroll.scrollWhenPressArrowKeys()` is not invoked
after a continuously held arrow key is finally let up).
 2021-02-16 11:03:31 +00:00
Richard Hansen
72704a9fbd release: Update the doc/latest symlink 2021-02-16 10:37:07 +00:00
Richard Hansen
345f5227fd release: Use log4js to improve message readability 2021-02-16 10:37:07 +00:00
Richard Hansen
899f2e02f3 release: Reset Git repo on error 2021-02-16 10:37:07 +00:00
Richard Hansen
ba32f71f30 release: Automate more steps 2021-02-16 10:37:07 +00:00
Richard Hansen
18c8838a33 release: Stricter checking of CHANGELOG.md 2021-02-16 10:37:07 +00:00
Richard Hansen
5c48ebb406 release: Fix wrapping of log message 2021-02-16 10:37:07 +00:00
Richard Hansen
5816fd5f2f release: Add git sanity checks 2021-02-16 10:37:07 +00:00
Richard Hansen
a814893ca3 release: Assume ../ether.github.com exists 2021-02-16 10:37:07 +00:00
Richard Hansen
8db6b5da4a release: Don't capture stdout when unnecessary 
This should make it easier to troubleshoot issues.
 2021-02-16 10:37:07 +00:00
Richard Hansen
83b55eb41f release: Shorthand function for running a command 2021-02-16 10:37:07 +00:00
Richard Hansen
2691d556fe release: Enforce lockfileVersion 1 2021-02-16 10:37:07 +00:00
Richard Hansen
1ada0ab5d6 release: cd to Etherpad root directory 2021-02-16 10:37:07 +00:00
Richard Hansen
565d020876 release: Make sure JSON ends with \n 2021-02-16 10:37:07 +00:00
Richard Hansen
ea4b2ef8fb release: Factor out JSON read/write for later reuse 2021-02-16 10:37:07 +00:00
Richard Hansen
8155d6154d release: Don't create release/x.y.z branch 
Patch-specific release branches should never diverge from the tag, so
they serve no useful purpose. (If they do diverge, which some did
before I deleted them all, what does it mean? Are we going to move the
tag in the future? It's just too confusing.)

In the future we might want to do major- or minor-specific
branches (e.g., `release/1` or `release/1.8`), but only if we want to
maintain old releases. For example, if 2.0 is a major release that
doesn't work with plugins designed for 1.x we might want to maintain a
`release/1` branch that continues to get bugfixes while the bulk of
new work continues to land on `develop`. If we do decide to maintain
old releases we'll need a new set of release scripts (or edit the
`release.js` script on the `release/1` branch).
 2021-02-16 10:37:07 +00:00
John McLear
e1dcaa5210 release: Better steps for release procedure 2021-02-16 10:37:07 +00:00
John McLear
655ae90464 release: Exclude var/ during Windows build 2021-02-16 10:37:07 +00:00
Richard Hansen
d5969507cd release: Clone docs repo in .. 2021-02-16 10:37:07 +00:00
Richard Hansen
bdd32f8915 Replace node_modules/ep_etherpad-lite with src 2021-02-16 10:35:05 +00:00
snyk-bot
269c6d09c5 fix: upgrade npm from 6.14.8 to 6.14.11 
Snyk has created this PR to upgrade npm from 6.14.8 to 6.14.11.

See this package in npm:
https://www.npmjs.com/package/npm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 18:35:59 -05:00
snyk-bot
ed02606c4b
fix: upgrade semver from 5.6.0 to 5.7.1 
Snyk has created this PR to upgrade semver from 5.6.0 to 5.7.1.

See this package in npm:
https://www.npmjs.com/package/semver

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 21:54:50 +00:00
John McLear
c0f73e6672 bump version 2021-02-15 12:47:20 -05:00
John McLear
b7e88cb904 security: New setting for Socket.IO maxHttpBufferSize 2021-02-15 12:45:31 -05:00
Richard Hansen
ed93ef5636 /admin/settings: Reload plugins, call loadSettings hook on restart 
This should match the normal startup procedure a bit more closely.
 2021-02-15 08:43:14 +00:00
Guilherme Goncalves
3ff244f7a0 Update lines with zero height on sidediv 
Avoid evaluation of `0` height as false within `if` condition,
since it is possible having 0px as line-height.
 2021-02-15 00:42:00 -05:00
Egil
9c7dcb1d0a eejs: Upgrade ejs to the latest version 
The type of ejs's `__output` variable is now string instead of array
of strings, so the handling of `__output` had to change.
 2021-02-14 23:36:53 -05:00
John McLear
615e47114b Revert "socketio: increase socketio limit to 1MiB" 
This reverts commit 55c96e5577.
 2021-02-14 16:53:48 +00:00
Richard Hansen
b711ff6acf import: Ajaxify pad import 
This eliminates an inline script (good for Content Security Policy)
and improves the user experience.
 2021-02-14 08:35:38 +00:00
Richard Hansen
fba55fa6cf ImportHandler: Refactor doImport() for readability 2021-02-14 08:35:38 +00:00
Richard Hansen
28b28866a2 ImportHandler: Move the logger up 
Also change the name to something shorter.
 2021-02-14 08:35:38 +00:00
Richard Hansen
26b5a69ccc ImportHandler: Use JSON.stringify() to properly escape characters 2021-02-14 08:35:38 +00:00
Richard Hansen
ed80883709 ImportHandler: Lint the response script sent to the browser 2021-02-14 08:35:38 +00:00
Richard Hansen
0ff131bbbb ImportHandler: Throw Errors, not strings 2021-02-14 08:35:38 +00:00
Richard Hansen
908635a1de ImportHandler: Use return reject(...) to avoid double settle 2021-02-14 08:35:38 +00:00
Richard Hansen
e01059dce5 ImportHandler: Switch to fs/promises API 2021-02-14 08:35:38 +00:00
Richard Hansen
5b1b030906 ImportHandler: Use asynchronous rename instead of fs.renameSync() 2021-02-14 08:35:38 +00:00
Richard Hansen
c7b1abebe4 ImportHandler: Avoid deprecated fs.exists() function 2021-02-14 08:35:38 +00:00
Richard Hansen
008209b0e0 ImportHandler: Delete redundant variable 2021-02-14 08:35:38 +00:00
Richard Hansen
cc52811cd0 pad_impexp: Use jQuery to build the import failure popup 
This reduces the chances of accidentally introducing an XSS
vulnerability.
 2021-02-14 08:35:38 +00:00
Richard Hansen
d869d96a2b pad_impexp: Simplify creation of import failure message 2021-02-14 08:35:38 +00:00
Richard Hansen
890e16f6fc pad_impexp: Style fixes to improve readability 2021-02-14 08:35:38 +00:00
Richard Hansen
efe07cd027 pad_impexp: Invert logic to improve readability 2021-02-14 08:35:38 +00:00
Richard Hansen
ce4ce8ce95 pad_impexp: Delete unnecessary importFailed wrapper 2021-02-14 08:35:38 +00:00
Richard Hansen
8a221ca773 pad: Delete dead code 2021-02-14 08:35:38 +00:00
Richard Hansen
48205c1ddb import/export: Make sure Express sees async errors 
Express v4.x does not check to see if a Promise returned from a
middleware function will be rejected, so explicitly pass the Promise
rejection reason to `next()`.

We can revert this change after we upgrade to Express v5.0.

See https://expressjs.com/en/guide/error-handling.html for details.
 2021-02-14 08:35:38 +00:00
John McLear
f59e0993a6
tests: test runner output HTML and CSS improvements to show duration (#4775) 2021-02-14 08:04:50 +00:00
Richard Hansen
e674d9789e
express: Change httpUptime to httpStartTime (#4777) 
It's better to provide a primitive value and let the consumer of the
metric do math if desired.

Co-authored-by: John McLear <john@mclear.co.uk>
 2021-02-14 07:50:10 +00:00
John McLear
e585d321f9
tests: timeouts for tests (#4773) 2021-02-13 19:00:06 +00:00
Richard Hansen
f9ec49d7ac tests: Improve /admin/settings restart test 2021-02-13 10:02:28 +00:00
Richard Hansen
ac52fb8a9d express: New httpUptime metric 2021-02-13 10:02:28 +00:00
John McLear
e22d8dffc0 deps: use ci --no-optional flags, this might break some things as it requires npm 6.31.4 2021-02-13 10:01:36 +00:00
John McLear
483f4344c2
performance: maxAge for favicon and plugin definitions (#4761) 2021-02-13 08:13:48 +00:00
Richard Hansen
09e9c36098 tests: Accept async condition functions for helper.waitFor() 2021-02-13 08:12:53 +00:00
Richard Hansen
8dca4cb16f tests: Give helper.waitFor() timeout errors a useful stack trace 2021-02-13 08:12:53 +00:00
Richard Hansen
71c1899164 tests: Asyncify tests in api.js 2021-02-13 08:12:53 +00:00
Richard Hansen
e0f499cf5a tests: Use the supertest agent from common.js for api.js 2021-02-13 08:12:53 +00:00
Richard Hansen
08124ba733 tests: Delete unnecessary describe() calls in api.js 2021-02-13 08:12:53 +00:00
Richard Hansen
fc9b22475a tests: Always call backend common.init() at startup 
This provides a place to set the timeout for `common.init()` so that
individual tests don't have to.
 2021-02-13 08:12:53 +00:00
Richard Hansen
6953e40c75 tests: Wait for common.init() to complete before returning 2021-02-13 08:12:53 +00:00
Richard Hansen
1c8a913411 lint: Delete unnecessary eslint-disable-line comment 2021-02-13 08:12:53 +00:00
Richard Hansen
d56a02c85a express: Forcibly terminate HTTP connections when restarting 
This should make restarts via `/admin` actions (e.g., plugin
installation) more reliable.
 2021-02-13 07:37:22 +00:00
John McLear
4c4c7b526d
performance: i18n maxage (#4759) 2021-02-13 02:35:25 -05:00
Richard Hansen
01c83917d1 socket.io: Manually track client connections/disconnections 
This change is required for socket.io 3.x because in 3.x
`io.sockets.clients()` no longer returns all client Socket objects.
 2021-02-13 07:13:37 +00:00
Richard Hansen
66544be354 lint: src/tests/backend/specs/api/api.js 2021-02-13 00:46:30 -05:00
Richard Hansen
eb9d5bb470 lint: src/tests/frontend/helper.js and friends 2021-02-13 00:46:30 -05:00
Richard Hansen
8f2f6593be lint: Re-run eslint --fix 2021-02-13 00:31:36 -05:00
Richard Hansen
db8ca2818f lint: Treat helper.js and friends as normal browser files 
This enables the prefer-arrow/prefer-arrow-functions rule.
 2021-02-13 00:29:30 -05:00
John McLear
55c96e5577 socketio: increase socketio limit to 1MiB 2021-02-12 17:56:50 -05:00
John McLear
fcd9adf20d
tests: admin test timeout increase, bugfix and removal of buggy test (#4762) 2021-02-12 20:04:42 +00:00
Richard Hansen
73d31b12a8 Minify: Replace deprecated url.parse() with new URL() 2021-02-12 07:08:51 +00:00
Richard Hansen
7efca7dc7d Minify: Don't ignore request headers in requestURI() 2021-02-12 07:08:51 +00:00
Richard Hansen
7a003cb9e2 Minify: Let Express render the 500 error page 2021-02-12 07:08:51 +00:00
Richard Hansen
44e420b6c5 Minify: Return Date objects from statFile() 2021-02-12 07:08:51 +00:00
Richard Hansen
aa11667ff7 Minify: Use fs.promises 2021-02-12 07:08:51 +00:00
Richard Hansen
073052ac66 Minify: Asyncify minify() 2021-02-12 07:08:51 +00:00
Richard Hansen
3eefe71834 Minify: Don't set cache headers if statFile() causes 500 2021-02-12 07:08:51 +00:00
Richard Hansen
84190793dc Minify: Asyncify getFileCompressed() 2021-02-12 07:08:51 +00:00
Richard Hansen
dd7ea1a8f9 Minify: Asyncify statFile() 2021-02-12 07:08:51 +00:00
Richard Hansen
947dc8eeed Minify: Asyncify getFile() 2021-02-12 07:08:51 +00:00
Richard Hansen
5d7c07e81c Minify: Asyncify lastModifiedDateOfEverything() 2021-02-12 07:08:51 +00:00
Richard Hansen
e573276755 Minify: Asyncify getAceFile() 2021-02-12 07:08:51 +00:00
Richard Hansen
5cc191f185 Minify: Replace async.forEach() with Promise.all() 2021-02-12 07:08:51 +00:00
Richard Hansen
0c428e068e Minify: Use Promise.all() to simplify requestURIs() 2021-02-12 07:08:51 +00:00
Richard Hansen
1ec29e0d45 Minify: Asyncify requestURI() 2021-02-12 07:08:51 +00:00
Richard Hansen
a952df2cf5 Minify: Un-export requestURI() 
Nobody outside this file uses it.
 2021-02-12 07:08:51 +00:00
Richard Hansen
d9607f7c66 static: Asyncify 2021-02-12 07:08:51 +00:00
Richard Hansen
7f4a7156e2 Minify: Move getTar() to static.js 
`static.js` is the only file that uses it.
 2021-02-12 07:08:51 +00:00
Richard Hansen
996dc81825 Minify: Move tar processing into a function 
This reduces the overhead of `require()`ing the module, and it will
make it easier for a future commit to asyncify everything in
`Minify.js`.
 2021-02-12 07:08:51 +00:00
Richard Hansen
8ae8710a14 ace: Fix EMBEDDED check 2021-02-12 07:08:51 +00:00
Richard Hansen
50929fe7f7 express: Call expressConfigure, expressCreateServer hooks asynchronously 2021-02-12 07:08:51 +00:00
Richard Hansen
8919f63c98 lint: Replace use of underscore.js with plain ECMAScript 2021-02-12 07:08:51 +00:00
John McLear
ab127289c4 security: limit socketio to 1M chars 2021-02-11 21:01:47 -05:00
Richard Hansen
085ab452a0 chat tests: Give some time to process each of the 140 chat messages 
This avoids overflowing socket.io's receive buffer.
 2021-02-11 21:01:47 -05:00
Richard Hansen
020df75677 chat tests: Asyncify 2021-02-11 21:01:47 -05:00
Richard Hansen
0fae34009d chat tests: Delete unnecessary expect() 2021-02-11 21:01:47 -05:00
snyk-bot
f6df9ffad0 fix: upgrade measured-core from 1.11.2 to 1.51.1 
Snyk has created this PR to upgrade measured-core from 1.11.2 to 1.51.1.

See this package in npm:
https://www.npmjs.com/package/measured-core

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:39:08 +00:00
John McLear
cc7f11560f
Fix OL list items not increasing (#4749) 
* tests: additional test coverage for OL items

* parseInt means we can do a proper check

* tests: use ol check value test for #4748
 2021-02-11 13:26:37 -05:00
snyk-bot
60a55ec428 fix: upgrade resolve from 1.1.7 to 1.19.0 
Snyk has created this PR to upgrade resolve from 1.1.7 to 1.19.0.

See this package in npm:
https://www.npmjs.com/package/resolve

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:24:32 +00:00
snyk-bot
b50fcb065a fix: upgrade underscore from 1.8.3 to 1.12.0 
Snyk has created this PR to upgrade underscore from 1.8.3 to 1.12.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:18:11 +00:00
translatewiki.net
2f1d648787 Localisation updates from https://translatewiki.net. 2021-02-11 18:48:51 +01:00
Richard Hansen
2301c6ec83 pad: Don't throw on socket.io error 2021-02-11 17:25:09 +00:00
Richard Hansen
fc9f236977 plugins: Use npm ls to list the installed plugins 
This speeds up startup considerably, and we get rid of a lot of buggy
code.

This works with both npm v6.x and v7.x.
 2021-02-09 22:18:35 +00:00
Richard Hansen
ce1b69feda plugins: Helper function to run the npm CLI 2021-02-09 22:18:35 +00:00
Richard Hansen
83a519941b /admin/plugins: Fix logging of error messages 2021-02-09 22:18:35 +00:00
John McLear
94a65062c7
checkPlugins: remove lib/travis.yml and add github badges if they aren't present (#4731) 
A future PR should remove all Travis badges and CI jobs.
 2021-02-09 09:41:41 +00:00
Richard Hansen
ebdb2798ff server: Fix handling of errors during startup and shutdown 
Before, an unhandled rejection or uncaught exception during startup
would cause `exports.exit()` to wait forever for startup completion.
Similarly, an error during shutdown would cause `exports.exit()` to
wait forever for shutdown to complete. Now any error during startup or
shutdown triggers an immediate exit.
 2021-02-09 08:57:24 +00:00
Richard Hansen
5999d8cd44 server: Only pass err arg to exports.exit() 
The `uncaughtException` event handlers are passed two arguments: error
and "origin". The `exports.exit()` argument doesn't expect a second
argument.
 2021-02-09 08:57:24 +00:00
Richard Hansen
5b327b63ac server: Simplify gating of state transition waiters 2021-02-09 08:57:24 +00:00
Richard Hansen
105f8b0ccb server: Use a log4js logger object for logging 2021-02-09 08:57:24 +00:00
Richard Hansen
cb1116607e Revert "backend tests: change loglevel to WARN (#4514)" 
Logging verbosity of the openapi handlers was turned down so GitHub
should be happier with INFO now. This makes it easier to troubleshoot
problems.

This reverts commit b98aaf4904.
 2021-02-09 07:24:31 +00:00
Richard Hansen
1e3f352281 openapi: Turn down logging verbosity 2021-02-09 07:24:31 +00:00
Richard Hansen
714e099b2a tests: Fix accidental functions in ordered_list.js 
This fixes a bug introduced in commit
e9bb2c410e.
 2021-02-09 07:23:38 +00:00
Richard Hansen
e9bb2c410e tests: Fix erroneous use of waitForPromise() in ordered_list.js 
`waitForPromise()` should always be used with `await` (either directly
or with a later `await` on the returned Promise). In this case,
the condition should be immediately true so `waitForPromise()` is not
the right tool here.
 2021-02-08 18:24:11 +00:00
John McLear
7baa0cda02
tests: disabled checks shouldnt change behavior (#4729) 2021-02-08 11:07:07 +00:00
John McLear
9070c71e9f color picker: allow full white 2021-02-08 11:01:27 +00:00
Richard Hansen
1c9afa5168 lint: src/static/js/ace.js 2021-02-07 20:04:07 +00:00
Richard Hansen
8668017c62 ace: Use globalThis instead of non-strict default context 
This is necessary before `'use strict';` can be added to the top of
the file.
 2021-02-07 20:04:07 +00:00
Richard Hansen
3c2e0f0e16 ace: Simplify Ace2Editor method creation 
* Delete the unused `optDoNow` parameter from `pendingInit()`.
  * Move the `setAuthorInfo()` 1st parameter check out of the wrapper
    and in to the `setAuthorInfo()` function itself.
 2021-02-07 20:04:07 +00:00
John McLear
865a463154 fix: release script output 2021-02-07 19:28:00 +00:00
John McLear
2b112ac851
tests: Admin Frontend Test Coverage(#4717) 
Covers all frontend admin operations, runs separated in CI.
 2021-02-07 11:32:57 +00:00
Richard Hansen
294f2a251f lint: Fix bugs and style issues introduced in PR #4718 
This fixes issues introduced in commit
f8a19c4527.
 2021-02-07 07:51:35 +00:00
Richard Hansen
0ff8274d2e tests: Fix waitForPromise() in enter.js 2021-02-07 07:13:04 +00:00
Richard Hansen
c625c611d2 tests: delete src/tests/frontend/specs/caret.js 
All of the tests in this file are commented out so this file does
nothing. We can uncomment the code and clean it up, but the approach
taken in these tests will never work: For security reasons, browsers
do not allow synthetic key events to perform the default
behavior (such as moving the carent when an arrow key is pressed).

There are two ways to test responses to navigation keys:
  * Use WebDriver to create "genuine" keyboard events.
  * Suppress the default behavior and implement caret movement
    ourselves. This is tremendously complicated, especially arrow
    up/down.
 2021-02-07 07:02:23 +00:00
John McLear
1f0cb01110 tests: fix enter test 2021-02-07 07:00:12 +00:00
John McLear
f8a19c4527
lint: lint and various fixes of frontend test specs 2021-02-07 06:39:03 +00:00
John McLear
e02246641e
ordered lists bugfix: first line item can be 0.*, don't show 0 as undefined (#4600) 2021-02-06 20:19:05 +00:00
John McLear
4862d6fa9c
editor: fix enter key keep line in view (#4639) 2021-02-06 19:56:59 +00:00
John McLear
c969ae58c2
stats: activePads & lastDisconnected stats 2021-02-06 19:53:52 +00:00
John McLear
5f58ce14d6
editor: remove grayed logic and styles so background color is not lost on disconnect/reconnect. 2021-02-06 09:58:10 +00:00
Richard Hansen
8b28e00784 restructure: Prefix bin/ and tests/ with src/ 
This is a follow-up to commit
2ea8ea1275.
 2021-02-05 21:52:08 +00:00
John McLear
2ea8ea1275 restructure: move bin/ and tests/ to src/ 
Also add symlinks from the old `bin/` and `tests/` locations to avoid
breaking scripts and other tools.

Motivations:

  * Scripts and tests no longer have to do dubious things like:

        require('ep_etherpad-lite/node_modules/foo')

    to access packages installed as dependencies in
    `src/package.json`.

  * Plugins can access the backend test helper library in a non-hacky
    way:

        require('ep_etherpad-lite/tests/backend/common')

  * We can delete the top-level `package.json` without breaking our
    ability to lint the files in `bin/` and `tests/`.

    Deleting the top-level `package.json` has downsides: It will cause
    `npm` to print warnings whenever plugins are installed, npm will
    no longer be able to enforce a plugin's peer dependency on
    ep_etherpad-lite, and npm will keep deleting the
    `node_modules/ep_etherpad-lite` symlink that points to `../src`.

    But there are significant upsides to deleting the top-level
    `package.json`: It will drastically speed up plugin installation
    because `npm` doesn't have to recursively walk the dependencies in
    `src/package.json`. Also, deleting the top-level `package.json`
    avoids npm's horrible dependency hoisting behavior (where it moves
    stuff from `src/node_modules/` to the top-level `node_modules/`
    directory). Dependency hoisting causes numerous mysterious
    problems such as silent failures in `npm outdated` and `npm
    update`. Dependency hoisting also breaks plugins that do:

        require('ep_etherpad-lite/node_modules/foo')
 2021-02-04 17:15:08 -05:00
Richard Hansen
5a865dfc7e pluginfw: Delete unused return value 2021-02-04 08:41:00 +00:00
Richard Hansen
a145b97682 pluginfw: Use for loops to improve readability 2021-02-04 08:41:00 +00:00
Richard Hansen
fdaacc44c8 pluginfw: Replace slide.asyncMap() with Promise.all() 2021-02-04 08:41:00 +00:00
Richard Hansen
746cc8cc34 pluginfw: In-line formatPluginsWithVersion() 
There's only one caller of the function, so move the logic to where it
is used.
 2021-02-04 08:41:00 +00:00
Richard Hansen
cd1d322af4 /admin/plugins/info: Move logic to .js file 2021-02-04 08:41:00 +00:00
Richard Hansen
c5f0274116 lint: Move functions up to fix more lint errors 2021-02-04 08:41:00 +00:00
Richard Hansen
99ca57f3ab lint: src/static/js/pluginfw/shared.js 2021-02-04 08:41:00 +00:00
Richard Hansen
2c80c1f2da lint: src/static/js/pluginfw/read-installed.js 2021-02-04 08:41:00 +00:00
Richard Hansen
2b32bc1840 lint: src/static/js/pluginfw/plugins.js 2021-02-04 08:41:00 +00:00
Richard Hansen
9a86ebec2a pluginfw: Fix state reset logic 2021-02-04 08:41:00 +00:00
Richard Hansen
895764e047 pluginfw: Return from findUnmet() early if not given an object 
For some reason strings are sometimes passed to `findUnmet()`, which
is obviously unexpected given the way the code is written. Rather than
figure out why strings are passed and how to safely avoid passing
strings, just return early. The net effect is the same, but returning
early avoids setting a property on a string, which is prohibited in
strict mode.
 2021-02-04 08:41:00 +00:00
Richard Hansen
a06662fd00 pluginfw: Delete commented-out code 2021-02-04 08:41:00 +00:00
Richard Hansen
c64ee6ff4c pluginfw: Call npm.load() before using npm 
This code is only used when testing `read-installed.js` by running it
directly (e.g., `node src/static/js/pluginfw/read-installed.js`).
 2021-02-04 08:41:00 +00:00
translatewiki.net
a5bde7982a Localisation updates from https://translatewiki.net. 2021-02-04 08:58:26 +01:00
freddii
ea202e41f6 docs: fixed typos 2021-02-03 00:30:07 +01:00
Richard Hansen
05e0e8dbf7 hooks: New callAllSerial() function 
This is necessary to migrate away from `callAll()` (which only
supports synchronous hook functions).
 2021-02-02 09:09:02 +00:00
Richard Hansen
763fe6fc26 hooks: Document callFirst() and aCallFirst() 2021-02-02 09:09:02 +00:00
Richard Hansen
6f30ea7c38 hooks: Use callHookFn{Sync,Async}() for {call,aCall}First() 
Benefits of `callHookFnSync()` and `callHookFnAsync()`:
  * They are a lot more forgiving than `hookCallWrapper()` was.
  * They perform useful sanity checks.
  * They have extensive unit test coverage.
  * They make the behavior of `callFirst()` and `aCallFirst()` match
    the behavior of `callAll()` and `aCallAll()`.
 2021-02-02 09:09:02 +00:00
Richard Hansen
c11d60c5f6 hooks: Check context nullness, not truthiness 2021-02-02 09:09:02 +00:00
Richard Hansen
fd5d3ce777 hooks: Inline aCallFirst() into exports.aCallFirst() 2021-02-02 09:09:02 +00:00
Richard Hansen
77f480d954 hooks: Asyncify aCallFirst 2021-02-02 09:09:02 +00:00
Richard Hansen
22d02dbcbf hooks: Factor out value normalization 2021-02-02 09:09:02 +00:00
Richard Hansen
f316a3bacd hooks: Never pass a falsy error to a callback 2021-02-02 09:09:02 +00:00
Richard Hansen
708206449a hooks: Factor out callback attachment 
The separate function will be reused in a future commit.
 2021-02-02 09:09:02 +00:00
Richard Hansen
13e806ad7a hooks: Inline mapFirst() into aCallFirst() for readability 
There's only one caller of the function, and the function is simple,
so there's no need for a separate function.
 2021-02-02 09:09:02 +00:00
Richard Hansen
4ab7a99512 hooks: Inline syncMapFirst() into callFirst() for readability 
There's only one caller of the function, and the function is simple,
so there's no need for a separate function.
 2021-02-02 09:09:02 +00:00
Richard Hansen
53ccfa8703 hooks: Asyncify mapFirst 2021-02-02 09:09:02 +00:00
Richard Hansen
0b83ff8ec2 hooks: Simplify syncMapFirst iteration 2021-02-02 09:09:02 +00:00
Richard Hansen
c89db33ff0 hooks: Refine caveat comments about function parameter count 2021-02-02 09:09:02 +00:00
Richard Hansen
f02f288e80 hooks: Rename args to context for consistency 2021-02-02 09:09:02 +00:00
Richard Hansen
7dba847f21 hooks: Don't export syncMapFirst or mapFirst 
Nobody uses these functions outside of this file.
 2021-02-02 09:09:02 +00:00
Richard Hansen
6b42dabf6c hooks: Delete unused bubbleExceptions setting 2021-02-02 09:09:02 +00:00
Richard Hansen
47f0a7dacf lint: Fix more ESLint errors 2021-02-02 09:09:02 +00:00
Richard Hansen
1bc52f4913 hooks: Remove unnecessary callAllStr() function 2021-02-02 09:09:02 +00:00
translatewiki.net
5b701b97c3 Localisation updates from https://translatewiki.net. 2021-02-01 15:21:50 +01:00
John McLear
b3dda3b11c lint: src/static/js/pluginfw/*.js 2021-01-30 17:00:40 -05:00
John McLear
0cc8405e9c Bump minimum required Node.js version to 10.17.0 
This makes it possible to use fs.promises.
 2021-01-30 17:00:40 -05:00
Richard Hansen
877f0c5883 server: Use wtfnode to log reasons why node isn't exiting 2021-01-30 08:05:08 +00:00
Richard Hansen
ba81ead101 server: Remove all other signal listeners 2021-01-30 08:05:08 +00:00
Richard Hansen
ecdb105bfe server: Refine process lifetime management 
Define states and use them to properly handle multiple calls to
`start()`, `stop()`, and `exit()`. (Multiple calls to `exit()` can
happen if there is an uncaught exception or signal during shutdown.)

This should also make it easier to add support for cleanly restarting
the server after a shutdown (for tests or via an `/admin` page).
 2021-01-30 08:05:08 +00:00
Richard Hansen
725023fe58 server: Refactor stop() to avoid no-async-promise-executor lint error 
Also log when Etherpad has stopped.
 2021-01-30 08:05:08 +00:00
Richard Hansen
d339f2a671 server: Perform init after adding uncaught exception handler 
This avoids an unnecessary `try` block.
 2021-01-30 08:05:08 +00:00
Richard Hansen
86ceb2b610 server: Exit on unhandled Promise rejection 2021-01-30 08:05:08 +00:00
John McLear
5bcd6f44a5
lint: skin-variants (#4603) 
* lint: skin-variants

* for squash: Fix attachment of event listener

Before this PR the statement was outside the function. I'm assuming
the move into the function body was accidental, so move it back out.

* for squash: Preserve order of function calls

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-01-30 07:32:12 +00:00
John McLear
29179e512f lint: skiplist 2021-01-30 00:52:55 -05:00
John McLear
f72ce463ef lint: undomodule 2021-01-30 00:51:29 -05:00
Richard Hansen
89bcfa2b4a tests: Stop using nyc 
There are some problems with nyc:
  * The coverage numbers aren't useful in our case because most of the
    code is executed outside the test process (the test code is mostly
    API client logic).
  * nyc messes with line numbers, which makes it much harder to debug
    problems.
  * We're seeing frequent SIGABRT crashes while nyc is printing the
    results table. I'm not sure if nyc is the cause of the crashes, or
    if it's making a race condition worse, or if the crashes have
    nothing to do with nyc, but we don't lose much by removing it so
    we might as well see if the crash frequency improves.
 2021-01-29 09:17:17 +00:00
John McLear
0897a28e70 lint: AttributeManager 2021-01-29 09:16:50 +00:00
Richard Hansen
462530eafb AttributeManager: Fix attribute name during attribute removal 
Before this change, the `author` attribute was silently discarded
during `.map()` iteration and the name of the attribute to remove was
included twice with two different values.
 2021-01-29 09:16:50 +00:00
Richard Hansen
8efc87f33a AttributeManager: Fix bogus this during attribute removal 
Before this commit, the callback passed to `.map()` during attribute
removal was a normal function, not an arrow function. This meant that
the value of `this` in the function body depended on how the callback
was invoked. In this case, the callback was invoked without any
explicit context (it was not called as a method, nor was it called via
`.call()`, `.apply()`, or `.bind()`). Without any explicit context,
the value of `this` depends on strict mode. Currently the function is
in sloppy mode, so `this` refers to the "global this" object (a.k.a.,
`window`). It doesn't make sense for the callback to reference
`window.author`, so I'm assuming the previous behavior was a bug.

Now the function is an arrow function, so the value of `this` comes
from the enclosing lexical context, which in this case is the
AttributeManager object. I believe that was the original intention.
 2021-01-29 09:16:50 +00:00
Richard Hansen
c1ef12b8da lint: Re-run eslint --fix 2021-01-29 01:14:03 -05:00
Richard Hansen
b02ab430fe Bump eslint-config-etherpad to 1.0.24 2021-01-29 01:10:58 -05:00
John McLear
5d7645e36a lint: ace2_common.js linting 2021-01-29 00:53:59 -05:00
John McLear
f6eb6bd266 remove dead object code 2021-01-29 00:53:22 -05:00
translatewiki.net
989f42204f Localisation updates from https://translatewiki.net. 2021-01-28 18:48:11 +01:00
Richard Hansen
7f392e12e9 tests: Create a src/tests/ symlink that points to tests/ 
This makes it possible for plugin backend tests to do
`require('ep_etherpad-lite/tests/backend/common')` to access the API
key (among other things).

Eventually we probably should reverse these (move `tests/` to
`src/tests/` and make `tests/` a symlink to `src/tests/`) and move
`bin/` to `src/bin/` so that we can avoid the top-level `package.json`
mess.
 2021-01-28 10:02:58 +00:00
Richard Hansen
53092fa7af db/Pad: Call padCopy and padRemove hooks asynchronously 2021-01-28 09:36:22 +00:00
Richard Hansen
e5b45cc984 contentcollector: Delete unnecessary dom functions 
And move the remaining functions out of the `makeContentCollector()`
function.
 2021-01-27 04:59:36 +00:00
Richard Hansen
275f041fbb contentcollector: Simplify child node access 2021-01-27 04:59:36 +00:00
Richard Hansen
1cb5453aeb contentcollector: Skip over non-Text, non-Element Nodes 2021-01-27 04:59:36 +00:00
Richard Hansen
075969aea0 contentcollector: Fix Element tag name fetch 
The `name` property is only available on cheerio's Element-like
objects; DOM Element objects do not have a `name` property. Switch to
`dom.tagName()` to fix the logic for browsers.
 2021-01-27 04:59:36 +00:00
Richard Hansen
e3ec9d9a4c contentcollector: Fix parent node access 
The `parent` property is only available on cheerio's Node-like
objects; DOM Node objects do not have a `parent` property. Switch to
the `parentNode` property so that the code works in browsers as well
as cheerio.
 2021-01-27 04:59:36 +00:00
Richard Hansen
1d36549152 contentcollector: Delete unnecessary parentheses 2021-01-27 04:59:36 +00:00
Richard Hansen
e3a47e48f9 contentcollector: Fix collectContentLineText hook 
Before, the hook always ignored the return values provided by the hook
functions. Now the hook functions can change the text by either
returning a string or setting `context.text` to the desired value.

Also drop the `styl` and `cls` context properties. They were never
documented and they were always null.
 2021-01-27 04:59:36 +00:00
Richard Hansen
4e220538a1 contentcollector: Use destructuring to improve readability 2021-01-27 04:59:36 +00:00
Richard Hansen
b547ce9a47 contentcollector: Invert logic to improve readability 2021-01-27 04:59:36 +00:00
Richard Hansen
b811030846 contentcollector: Delete unnecessary truthiness check 2021-01-27 04:59:36 +00:00
Richard Hansen
fc2420c244 contentcollector: Fix iteration over child Nodes 
In the DOM, `.children` only includes children that are Element
objects. In cheerio 0.22.0, `.children` includes all child Nodes, not
just Elements. Use `dom.numChildNodes()` and `dom.childNode()` so that
browsers behave the same as cheerio.
 2021-01-27 04:59:36 +00:00
Richard Hansen
d0bfb54c0a contentcollector: Avoid for..in iteration of object properties 
`for..in` iterates over inherited properties, which is almost never
desired. In most cases there aren't any inherited enumerable
properties so it's not that big of a deal, but in the case of
HTMLCollection it's very bad because it iterates over every entry
twice (once by numerical index and once by name) plus it includes the
`length` property in the iteration.
 2021-01-27 04:59:36 +00:00
Richard Hansen
3cfec58948 contentcollector: Rename dom functions for consistency with DOM spec 2021-01-27 04:59:36 +00:00
Richard Hansen
8763c3bb29 contentcollector: Fix Element attribute accesses 
The `attribs` property is only available on cheerio's Element-like
objects; DOM Element objects do not have an `attribs` property. Switch
to `dom.nodeAttr()` to fix the logic for browsers.
 2021-01-27 04:59:36 +00:00
Richard Hansen
99625950c8 contentcollector: Factor out call to .toLowerCase() 2021-01-27 04:59:36 +00:00
Richard Hansen
dd7fb1babe contentcollector: Document the dom object 2021-01-27 04:59:36 +00:00
Richard Hansen
74bb2f76cc contentcollector: Delete unused domInterface parameter 2021-01-27 04:59:36 +00:00
Richard Hansen
42c25b2536 openapi: Fix error logging 2021-01-27 04:59:36 +00:00
Richard Hansen
54a3dbb9a0 lint: Fix some straightforward ESLint errors 2021-01-27 04:59:36 +00:00
Bartlomiej Witczak
4b4b685bba
fix: runtime error if no buttons are present in toolbar (#4680) 
Co-authored-by: Bartek Witczak <bartek@dayone.pl>
 2021-01-26 11:02:54 +00:00
Richard Hansen
b73b0bcb98 farbtastic: Minimize diff to upstream 
This should make it easier to upgrade to the latest version.
 2021-01-26 04:07:43 -05:00
Richard Hansen
a0745d74b9 farbtastic: Document where the code came from 2021-01-26 04:07:43 -05:00
John McLear
3a19254f21 stale code: removed excanvas which was ie support for no canvas 2021-01-26 04:05:54 -05:00
John McLear
7768871f8f security: bumping socketio version due to vulnerability 2021-01-26 00:53:04 -05:00
John McLear
81b860bc35 tests: allow for longer timeout 2021-01-25 22:53:11 -05:00
John McLear
7421730b44 lint: src/node/utils/toolbar.js 2021-01-25 22:53:11 -05:00
John McLear
89aa8cf55e lint: src/node/utils/randomstring.js 2021-01-25 22:53:11 -05:00
John McLear
21ef857d8a lint: src/node/utils/promises.js 2021-01-25 22:53:11 -05:00
John McLear
b831feae66 lint: src/node/utils/path_exists.js 2021-01-25 22:53:11 -05:00
John McLear
4f7e322d53 lint: src/node/utils/padDiff.js 2021-01-25 22:53:11 -05:00
John McLear
9759e09387 lint: src/node/utils/customError.js 2021-01-25 22:53:11 -05:00
John McLear
f664f84da5 lint: src/node/utils/caching_middleware.js 2021-01-25 22:53:11 -05:00
John McLear
02c1bf7d81 lint: src/node/utils/UpdateCheck.js 2021-01-25 22:53:11 -05:00
John McLear
f8323eae89 lint: src/node/utils/TidyHtml.js 2021-01-25 22:53:11 -05:00
John McLear
31f1e39565 lint: src/node/utils/Settings.js 2021-01-25 22:53:11 -05:00
John McLear
af8ea6b45f lint: src/node/utils/NodeVersion.js 2021-01-25 22:53:11 -05:00
John McLear
b11ba23208 lint: src/node/utils/MinifyWorker.js 2021-01-25 22:53:11 -05:00
John McLear
b5e04d867e lint: src/node/utils/LibreOffice.js 2021-01-25 22:53:11 -05:00
John McLear
85d1dc8d71 lint: src/node/utils/ImportHtml.js 2021-01-25 22:53:11 -05:00
John McLear
a41b4b8e45 lint: src/node/utils/ImportEtherpad.js 2021-01-25 22:53:11 -05:00
John McLear
9fff82e370 lint: src/node/utils/ExportTxt.js 2021-01-25 22:53:11 -05:00
John McLear
bfabe7c297 lint: src/node/utils/ExportHtml.js 2021-01-25 22:53:11 -05:00
John McLear
c44c4edc10 lint: src/node/utils/ExportHelper.js 2021-01-25 22:53:11 -05:00
John McLear
a4764faded lint: src/node/utils/ExportEtherpad.js 2021-01-25 22:53:11 -05:00
John McLear
52f60ceeaa lint: src/node/utils/Cli.js 2021-01-25 22:53:11 -05:00
John McLear
60bc849be2 lint: src/node/utils/AbsolutePaths.js 2021-01-25 22:53:11 -05:00
John McLear
7afc809073 lint: src/node/utils/Abiword.js 2021-01-25 22:53:11 -05:00
John McLear
666dd7abd1 lint: src/node/padaccess.js 2021-01-25 22:53:11 -05:00
John McLear
6054f6d93f lint: src/node/hooks/i18n.js 2021-01-25 22:53:11 -05:00
John McLear
2dec36bfd7 lint: src/node/hooks/express/tests.js 2021-01-25 22:53:11 -05:00
John McLear
6df3eadecd lint: src/node/hooks/express/static.js 2021-01-25 22:53:11 -05:00
John McLear
09fc7438ea lint: src/node/hooks/express/specialpages.js 2021-01-25 22:53:11 -05:00
John McLear
72ddf35426 lint: src/node/hooks/express/padurlsanitize.js 2021-01-25 22:53:10 -05:00
John McLear
43ce0f839b lint: src/node/hooks/express/padreadonly.js 2021-01-25 22:53:10 -05:00
John McLear
2f9a3ec655 lint: src/node/hooks/express/openapi.js 2021-01-25 22:53:10 -05:00
John McLear
18ebf7b69a lint: src/node/hooks/express/isValidJSONPName.js 2021-01-25 22:53:10 -05:00
John McLear
3571eb7c32 lint: src/node/hooks/express/importexport.js 2021-01-25 22:53:10 -05:00
John McLear
3cf6e1f015 lint: src/node/hooks/express/errorhandling.js 2021-01-25 22:53:10 -05:00
John McLear
4de2844af2 lint: src/node/hooks/express/apicalls.js 2021-01-25 22:53:10 -05:00
John McLear
fbc70c1276 lint: src/node/hooks/express/adminplugins.js 2021-01-25 22:53:10 -05:00
John McLear
3a586a7aad lint: src/node/hooks/express/admin.js 2021-01-25 22:53:10 -05:00
John McLear
acf889b7de lint: src/node/handler/SocketIORouter.js 2021-01-25 22:53:10 -05:00
John McLear
532bde71f7 lint: src/node/handler/PadMessageHandler.js 2021-01-25 22:53:10 -05:00
John McLear
841d45cbe1 lint: src/node/handler/ImportHandler.js 2021-01-25 22:53:10 -05:00
John McLear
2fe5d1f873 lint: src/node/handler/ExportHandler.js 2021-01-25 22:53:10 -05:00
John McLear
a7d9a703cd lint: src/node/handler/APIHandler.js 2021-01-25 22:53:10 -05:00
John McLear
ee9bb019b2 lint: src/node/easysync_tests.js 2021-01-25 22:53:10 -05:00
John McLear
8fb6912fc9 lint: src/node/db/SessionStore.js 2021-01-25 22:53:09 -05:00
John McLear
3681f72afd lint: src/node/db/SessionManager.js 2021-01-25 17:56:28 -05:00
John McLear
93bc21b5f3 lint: src/node/db/SecurityManager.js 2021-01-25 17:56:28 -05:00
John McLear
5ce255c789 lint: src/node/db/ReadOnlyManager.js 2021-01-25 17:56:28 -05:00
John McLear
e06b9442e0 lint: src/node/db/PadManager.js 2021-01-25 17:56:28 -05:00
John McLear
f0c26c9ba2 lint: src/node/db/Pad.js 2021-01-25 17:56:27 -05:00
John McLear
5ecb3f9f37 lint: src/node/db/GroupManager.js 2021-01-25 17:56:27 -05:00
John McLear
8aa729a36f lint: src/node/db/AuthorManager.js 2021-01-25 17:56:27 -05:00
John McLear
d9225f326f lint: src/node/db/API.js 2021-01-25 17:56:27 -05:00
translatewiki.net
f0cafe88f2 Localisation updates from https://translatewiki.net. 2021-01-25 18:04:09 +01:00
John McLear
ee158b0fe5
bugfix: bump ueberdb to 1.2.5 to resolve #4645 which caused a users color not to be persistent 2021-01-23 13:54:50 +00:00
John McLear
f0a77cb98c
lint: contentcollector and domline 
Various tidy up and linting of contentcollector.js and domline.js.

3 Tests disabled which are not due to be covered.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-01-22 20:41:14 +00:00
Richard Hansen
10a91825fc ace2_inner: Fix argument bug in execCommand() 
This fixes a bug introduced in commit
c38c34bef4.
 2021-01-22 17:02:38 +00:00
Richard Hansen
aeedaac04e ace2_inner: Improve readability of object creation 2021-01-22 17:02:38 +00:00
Richard Hansen
2f430e3a5a ace2_inner: Fix some ESLint errors 2021-01-22 17:02:38 +00:00
Richard Hansen
0bfabfef5d ace2_inner: Avoid unnecessary use of underscore.js 
This silences a bunch of you-dont-need-underscore-lodash ESLint
warnings.
 2021-01-22 17:02:38 +00:00
Richard Hansen
51dc5b1627 ace2_inner: Delete dead code 2021-01-22 17:02:38 +00:00
translatewiki.net
e5836150cd Localisation updates from https://translatewiki.net. 2021-01-21 15:09:02 +01:00
Richard Hansen
517fc88c54 eejs: Cache the compiled template, not the template string 2021-01-20 08:15:43 +00:00
Richard Hansen
4d2d439874 eejs: Simplify cache lookup logic 2021-01-20 08:15:43 +00:00
Richard Hansen
c8c3929058 eejs: Inline begin_capture, end_capture 2021-01-20 08:15:43 +00:00
Richard Hansen
7d11d54323 eejs: Delete unused functions 2021-01-20 08:15:43 +00:00
Richard Hansen
351913c08e eejs: Delete broken example 2021-01-20 08:15:43 +00:00
Richard Hansen
5987f75b0d eejs: Unwrap unnecessarily wrapped line 2021-01-20 08:15:43 +00:00
Richard Hansen
ebc4956277 eejs: Fix straightforward ESLint errors 2021-01-19 19:59:25 +00:00
translatewiki.net
c89da1a9f2 Localisation updates from https://translatewiki.net. 2021-01-18 16:46:17 +01:00
John McLear
c0d9881a62
stats: add memoryUsageHeap value 2021-01-16 19:36:00 +00:00
Richard Hansen
4bda5272df Revert "db: Capitalize Database constructor" 
I thought a PR adding capitalized `Database` landed in ueberdb2, but
apparently not.

This reverts commit 611d416d54.
 2021-01-15 18:05:39 -05:00
Richard Hansen
0ba833c632 db: Update ueberdb2 dependency 2021-01-15 22:37:18 +00:00
Richard Hansen
611d416d54 db: Capitalize Database constructor 2021-01-15 22:37:18 +00:00
translatewiki.net
52c08794de Localisation updates from https://translatewiki.net. 2021-01-14 15:44:58 +01:00
John McLear
2929ba9894 lint: cssmanager.js 2021-01-14 13:06:34 +00:00
John McLear
d9f3bb0e39 lint: colorutils.js 2021-01-14 13:06:34 +00:00
John McLear
1d57d4ee3f lint: caretPosition linting 2021-01-14 13:06:34 +00:00
John McLear
aeab9cc0ad lint: attributepool fix incorrect commit 2021-01-14 13:06:34 +00:00
John McLear
76744d9783 lint: AttributePool.js 2021-01-14 13:06:34 +00:00
John McLear
efc323cd71 Revert "lint: attributepool.js" 
This reverts commit 33baaafbdeb4c0f82ec504738f5851f9ab5261a8.
 2021-01-14 13:06:34 +00:00
John McLear
75ffe40c09 lint: attributepool.js 2021-01-14 13:06:34 +00:00
John McLear
46dc943101 lint: linestylefilter and rjquery.js 2021-01-14 13:06:34 +00:00
John McLear
c38c34bef4
linting: ace2_inner 
* remove IE and add strict headers

* linting: kids are back, need to stop for today

* linting: farbtastic fix

* lint: more lint fixes

* more lint fixes

* linting: sub 100 errors

* comments where I need help

* ready to be helped :)

* small fixes

* fixes

* linting: all errors resolved

* linting: remove note to self

* fix as per nulli/wezz000li suggestion

* fix as per nulli/wezz000li suggestion

* resolve merge conflicts

* better use if to silence eslint

* Use `for..of` with `Object.keys` instead of `for..in`

* lint: move setSelection to before call

Co-authored-by: webzwo0i <webzwo0i@c3d2.de>
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-01-14 10:00:14 +00:00
Richard Hansen
edbe6d5387 Bump ueberDB to get speed improvements 2021-01-11 09:23:08 +00:00
John McLear
04962bfe39
update ueberdb to 1.1.7 (#4633) 2021-01-07 04:16:13 -05:00
translatewiki.net
68ca3fcdbd Localisation updates from https://translatewiki.net. 2021-01-04 14:43:02 +01:00
translatewiki.net
6d626c90d3 Localisation updates from https://translatewiki.net. 2020-12-29 08:50:16 +01:00
webzwo0i
ca405c1685 send the test files with the correct content-type header 2020-12-27 23:40:35 +00:00
John McLear
38c9827161
Feature: Scroll to Line number based on Hash IE http://foo.com/p/bar#L10 will scroll to line 10. (#4554) 
Includes test coverage
Co-authored-by: webzwo0i <webzwo0i@c3d2.de>
 2020-12-26 22:05:08 +01:00
John McLear
e051f2f2f7 lint: scroll.js 2020-12-26 20:43:10 +00:00
webzwo0i
b760e699c6 remove explicitly setting process.env.DEBUG 2020-12-24 08:46:25 +00:00
Richard Hansen
9a15af78b6 Regenerate src/package-lock.json with npm v6.14.9 
This reverts the file back to lockfileVersion 1, which is used by the
LTS version of npm.
 2020-12-23 16:58:30 -05:00
John McLear
d9262fccbd bump version 2020-12-23 16:18:28 -05:00
John McLear
1a845773ee css: loading position box 2020-12-23 16:18:28 -05:00
Richard Hansen
f31232dd20 socket.io: Disconnect clients when closing HTTP server 2020-12-23 16:18:28 -05:00
Richard Hansen
9f7d42185d socket.io: Reconnect if the server disconnects 
This will make the pages gracefully handle HTTP server restart events,
which happen whenever a plugin is installed or uninstalled via the
`/admin/plugins` page.
 2020-12-23 16:18:28 -05:00
Richard Hansen
303964c51e socket.io: Factor out client connection logic 2020-12-23 16:18:28 -05:00
Richard Hansen
7eb0f996c3 socket.io: Delete ignored resource option 
I couldn't find any reference to a `resource` option in either the
socket.io-client documentation or its source code.
 2020-12-23 16:18:28 -05:00
Richard Hansen
7949219179 Reformat src/ep.json 2020-12-23 16:18:28 -05:00
Richard Hansen
8c1afc3399 express: New expressCloseServer hook 
This will be used by a future commit to close all socket.io
connections during server restart.
 2020-12-23 16:18:28 -05:00
Richard Hansen
3e8c3e5789 express: Factor out common server shutdown logic 
Also log when the HTTP server is about to be closed and when it is
done closing.
 2020-12-23 16:18:28 -05:00
Richard Hansen
ff19181cd1 lint: Fix some straightforward ESLint errors 2020-12-23 16:18:28 -05:00
translatewiki.net
ac086c7925 Localisation updates from https://translatewiki.net. 2020-12-23 16:18:28 -05:00
webzwo0i
790ba72a9e change scroll-behavior to auto 
timeslider follow test: ensure there are so much lines in the pad view
below the changed line, so that the changed line will be the first
visible line
 2020-12-23 16:18:28 -05:00
John McLear
996a2d86dd lint: chat (#4573) 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2020-12-23 16:18:28 -05:00
John McLear
8bf463fb00 lint: broadcast_revisions (#4571) 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2020-12-23 16:17:59 -05:00
John McLear
4aef15cb11
lint: collab-client (#4574) 
* lint: collab-client

* Undo incorrect lint fixes

These will be re-fixed in a future commit.

* Properly fix guard-for-in error

* Properly fix prefer-rest-params errors

* Move some code back to where it was

Moving the code makes it hard to review the diff.

* Delete DISCONNECT_REASON case

Someone reading the code won't understand what "used to handle
appLevelDisconnectReason" means until they dig through the Git
history. Given the server never sends messages of type
DISCONNECT_REASON anyway, just delete the case.

* Refine lint fixes

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2020-12-21 20:19:00 +00:00
Hossein Marzban
170a230c3a
Lint: timeslider (#4580) 
Squashed changes from rhansen@rhansen.org:
  * Move code back to where it was. (It's easier to review changes
    when the code isn't moved. This causes some no-use-before-define
    warnings to reappear, but those are just warnings.)
  * Move eslint-disable comment to same line
  * Use `window.clientvars` to resolve no-global-assign
  * Undo changes that aren't about fixing lint errors
 2020-12-20 18:24:17 -05:00
John McLear
bca60c8b17 lazydeveloper: remove console log 2020-12-20 10:56:19 +00:00
John McLear
e18b9d1844 timeslider/bugfix: timeslider wasn't updating when new pad contents was created - #4595 2020-12-20 10:45:16 +00:00
John McLear
0362d3b05d
lint: pad prefix files (#4577) 
* lint: pad_connectionstatus

* lint: pad_utils

* lint: pad_userlist.js -- still WIP

* shift underscore not to be in require but to be used from window

* lint: pad_modals

* pad_impexp.js

* lint: more errors done

* lint: auto reconn

* lint: pad_editor

* lint: finish auto reconn

* lint: imp exp rework

* lint: import

* lint: pad.js nearly done but pizza here...

* lint: clientVars global query

* put clientVars in window

* Revert incorrect lint fixes

* Properly fix guard-for-in lint errors

* Properly fix no-unused-vars error regarding `gritter`

* Refine lint fixes

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2020-12-20 07:15:58 +00:00
Hossein Marzban
34ee77993f
Lint: pluginfw tsort.js (#4576) 
* lint: pluginfw tsort.js

* Don't comment out the `console.log()` call

Disabling the log message is out of scope for the pull request.

* Put const and let on separate lines

* Convert `tsort` from function to arrow function

ESLint doesn't complain about this due to a bug in
prefer-arrow/prefer-arrow-functions rule:
https://github.com/TristonJ/eslint-plugin-prefer-arrow/issues/24

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2020-12-20 06:18:49 +00:00
webzwo0i
a637920e55
add list-style:none for ul.indents in exported HTML (#4586) 
* add list-style:none for ul.indents in exported HTML

* use list-style-type not list-style
 2020-12-20 06:00:18 +00:00
Richard Hansen
b82bf5c726 Drop support for Internet Explorer 2020-12-19 19:13:31 +00:00
webzwo0i
c5cf7ab144
tests: Ignore head tag on import / improved contentcollector tests 
* fix accidental write to global variable
properly show pending tests
log test name in suite
better log output for received/expected strings

* cc tests: enable second nestedOL test

* ignore the head tag on import
 2020-12-18 09:37:37 +00:00
Richard Hansen
d9b7aa489d pad import/export: Delete dead functions 2020-12-18 09:29:28 +00:00
Richard Hansen
7e50fc2ab5 Delete dead SERVER_MESSAGE and guest handling code 
None of this code seems to be reachable. Hopefully no plugins expect
it to exist.
 2020-12-18 09:29:28 +00:00
Richard Hansen
794dfb1863 lint: Bump eslint-config-etherpad and install its new deps 2020-12-17 22:18:29 +00:00
translatewiki.net
c9db9500e5 Localisation updates from https://translatewiki.net. 2020-12-17 15:13:17 +01:00
Richard Hansen
f54dcbc766 lint: Re-run eslint --fix 2020-12-16 22:09:48 +00:00
Richard Hansen
fc234d0088 lint: Bump eslint and eslint-config-etherpad versions 2020-12-16 22:09:48 +00:00
Richard Hansen
af7cd13787 pad: Add a hook for the permission denied block 
This makes it possible for the ep_readonly_guest plugin to add a login
button.
 2020-12-16 19:39:52 +00:00
Richard Hansen
92b295193f css: Apply font formatting to the text, not the high-level div 
This makes it possible for plugins to add new items without them
rendering centered, at a ridiculous size, or at an awkward location.
 2020-12-16 19:39:52 +00:00
Richard Hansen
27dab35827 css: Delete absolute line-height 
Having an absolute `line-height` causes problems when something sets
`font-size` without also setting `line-height`.
 2020-12-16 19:39:52 +00:00
John McLear
92e36b82b5
linting: pad_editbar.js 2020-12-16 12:12:25 +00:00
Hossein Marzban
6f309ac20a
lint: pluginfw/client_plugins (#4572) 2020-12-15 21:40:41 -05:00
Richard Hansen
a4e2ea7a8c Add missing dependency on mime-types 
mime-types is used by `src/node/utils/Minify.js` since commit
2c944eba34.
 2020-12-14 20:31:35 +00:00
Richard Hansen
edf647044c Update package-lock.json and src/package-lock.json 2020-12-14 20:31:35 +00:00
translatewiki.net
ef8a581acd Localisation updates from https://translatewiki.net. 2020-12-14 15:05:13 +01:00
Michael Murtaugh
66e3f02ed2
editor/bugfix: missing await in createClearStartAtext (#4561) 
Missing await in call to this._pad.getInternalRevisionAText(rev). Function returns a promise. This bug breaks the createDiffHTML API call (how I discovered it).
 2020-12-14 07:04:14 +00:00
Richard Hansen
a44debdcfe Add ' and * to acceptable URL characters 
These characters are in the RFC3986 reserved set.

These characters are added to the set of characters that cannot be the
last character of a URL to avoid mislinkification.
 2020-12-14 07:03:17 +00:00
Richard Hansen
7d23278ed0 Exclude ?, !, and ) from last character of URL 
Now the final character in each of these example strings is no longer
considered part of the URL:
  * Have you seen http://example.com?
  * Look at http://example.com!
  * (see http://example.com)
 2020-12-14 07:03:17 +00:00
Richard Hansen
7e8de5540f Factor out common URL regular expression code 
This also eliminates the differences between the regular expressions.
 2020-12-14 07:03:17 +00:00
Richard Hansen
ca01856f94 lint: Fix some straightforward ESLint errors 2020-12-14 07:03:17 +00:00
Richard Hansen
e66e8a4eb2 pad: Fix wrong variable name in global exception handler 
This fixes a bug introduced in commit
c845d985e0.
 2020-12-10 22:25:58 +00:00
webzwo0i
d25010d5d7
pluginfw: explicitly install the latest version of a plugin, fix for #4536 (#4543) 2020-12-05 14:08:02 +00:00
webzwo0i
0c7df88f8a
add rehype-minify-whitespace to package.json (#4544) 2020-12-05 12:16:25 +00:00
John McLear
ef2de59587
editor: use rehype-minify-whitespace 
use rehype-minify-whitespace

Co-authored-by: webzwo0i <webzwo0i@c3d2.de>
 2020-12-05 08:14:09 +00:00
John McLear
de5e071294 path issue 2020-12-05 07:51:17 +00:00
John McLear
159b6a4ba1 database: bump ueberdb to 056 to ensure correct engine is used 2020-12-05 07:51:17 +00:00
zonky2
0f1d5e068a
css: Make color button from elipsoid to circle (#4535) 
Make color button from elipsoid to circle by own user
https://easycaptures.com/fs/uploaded/1536/3084360130.png
 2020-12-05 07:32:15 +00:00
Richard Hansen
aa41b0920c admin/plugins: Don't keep adding more Update buttons 2020-11-27 16:59:24 +00:00
Richard Hansen
6a00d7f8d6 admin/plugins: Use jQuery to build the Update button 2020-11-27 16:59:24 +00:00
Richard Hansen
2ddc45bf07 admin/plugins: Simplify jQuery search for plugin actions 2020-11-27 16:59:24 +00:00
Richard Hansen
973644c7dd lint: Fix ESLint errors in /admin/plugins code 2020-11-27 16:59:24 +00:00
Richard Hansen
6a5f905090 admin: Delete unused search_results 
This silences some ESLint camelcase warnings.
 2020-11-27 16:59:24 +00:00
Richard Hansen
2fdac836d0 lint: Bump eslint-config-etherpad to 1.0.13 
Also bump eslint to 7.14.0.
 2020-11-27 06:25:43 +00:00
Richard Hansen
750c7cb1cf pad: Delete unused ip and userAgent client vars 2020-11-26 15:00:46 +00:00
Richard Hansen
98066184b2 PadMessageHandler: Don't fill in default name or color 
It should be the client's responsibility to handle null name or color.
In the case of author names, passing null to the client allows users
to fill in the names of other users (via a suggestUserName
CLIENT_MESSAGE).
 2020-11-26 15:00:46 +00:00
Richard Hansen
ef7ae15722 PadMessageHandler: Don't send USER_NEWINFO about unknown authors 
When a new client opens a socket.io connection and sends a
CLIENT_READY message, Etherpad sends the new client a bunch of
USER_NEWINFO messages, one per other user already connected to the
pad. When iterating over the other users, filter out those without an
author ID or missing from the global authors database.
 2020-11-26 15:00:46 +00:00
Richard Hansen
53bc80e381 pad userlist: Use jQuery to create rows 
This makes the code easier to read and maintain, and it reduces the
likelihood of introducing an XSS vulnerability.
 2020-11-26 15:00:46 +00:00
Ilmar Türk
ba7d80fa57
Update dropdowns on language change (#4519) 2020-11-25 21:39:21 +00:00
Richard Hansen
b13004b25a
Minify: Accept single quotes in ace.js's $$INCLUDE_*(...) lines (#4513) 
This fixes a bug introduced in commit
8e5fd19db2.
 2020-11-25 03:40:02 +01:00
Richard Hansen
e247c716c2 editor: Add argument to suppress SonarCloud error 
This also makes it easier for devs to understand the expected function
signature.
 2020-11-24 20:06:12 +00:00
Richard Hansen
d24306ea6a editor: Delete unused isTimeUp argument 
This fixes a SonarCloud error.
 2020-11-24 20:06:12 +00:00
Richard Hansen
ed7ba64635 editor: Delete unused optModFunc argument 2020-11-24 20:06:12 +00:00
Richard Hansen
d0114d4ac2 editor: Delete commented-out code 2020-11-24 20:06:12 +00:00
Richard Hansen
bb722763d0 editor: Delete dead code 
This silences some SonarCloud errors.
 2020-11-24 20:06:12 +00:00
Richard Hansen
8e5fd19db2 lint: Run eslint --fix on src/ 2020-11-24 20:06:12 +00:00
Richard Hansen
0625739cb8 lint: Declare variables above their first use 
This makes it possible to convert from `var` to `let` without getting
ReferenceErrors.
 2020-11-24 20:06:12 +00:00
Richard Hansen
8ea1a1b90a lint: Prevent comments from being interpreted as JSDoc comments 2020-11-24 20:06:12 +00:00
Richard Hansen
7df3ded66f lint: Put opening brace on same line as function 
Normally I would let `eslint --fix` do this for me, but there's a bug
that causes:

    const x = function ()
    {
      // ...
    };

to become:

    const x = ()
    => {
      // ...
    };

which ESLint thinks is a syntax error. (It probably is; I don't know
enough about the automatic semicolon insertion rules to be confident.)
 2020-11-24 20:06:12 +00:00
Richard Hansen
cc988bd67b lint: Convert CR+LF line endings to LF 2020-11-24 20:06:12 +00:00
Richard Hansen
a78d6605b7 lint: Configure ESLint 2020-11-24 20:06:12 +00:00
Richard Hansen
6665c4693f Clear hang timeout timer when LibreOffice exits 
This prevents `npm test` from freezing for two minutes after the tests
complete.

Also switch to an arrow function for the `setTimeout` callback.
 2020-11-24 10:04:14 +00:00
webzwo0i
f2febcfc7e
minify: Fix gzip not triggered for packages (#4491) 
* caching_middleware: fix gzip compression not triggered

* packages: If a client sets `Accept-Encoding: gzip`, the responseCache will
include `Content-Encoding: gzip` in all future responses, even
if a subsequent request does not set `Accept-Encoding` or another client
requests the file without setting `Accept-Encoding`.
Fix that.

* caching_middleware: use `test` instead of `match`

* add tests

* make code easier to understand

* make the regex more clear
 2020-11-22 09:23:33 +00:00
John McLear
776eda2d4e
import/export: Kill soffice spawned process after 120 seconds (#4499) 
Due to libreoffice being buggy / hanging on certain pdf imports (even in 7.0.3) we should just kill it so it doesn't consume CPU indefinitely.
 2020-11-20 18:33:31 -05:00
Richard Hansen
867fdbd3f9 webaccess: Asyncify checkAccess 2020-11-19 09:05:38 +00:00
Richard Hansen
a803f570e0 webaccess: Don't export checkAccess 
Nobody uses it outside of this module.
 2020-11-19 09:05:38 +00:00
Richard Hansen
5d585a12d6 webaccess: Fix some ESLint errors 2020-11-19 09:05:38 +00:00
Richard Hansen
4587c0fb4d webaccess: Use a non-capturing regex group 2020-11-19 09:05:38 +00:00
Richard Hansen
a05e8198c9
bugfix: Fix bad paren placement in /javascript handler (#4496) 
* Fix bad paren placement in `/javascript` handler

This fixes a bug introduced in commit
ed5a635f4c.

* add regression test for #4495

* Move `/javascript` test to `specialpages.js`

Co-authored-by: webzwo0i <webzwo0i@c3d2.de>
 2020-11-19 08:19:13 +00:00
Richard Hansen
07bcbbd404 pad: Include the stack in the data sent to /jserror 2020-11-17 08:02:27 +00:00
Richard Hansen
c845d985e0 pad: Pop up an error message on unhandled Promise rejection 2020-11-17 08:02:27 +00:00
Richard Hansen
93c335b3b8 pad: Use a relative URL to simplify 
Also avoid creating an unnecessary variable.
 2020-11-17 08:02:27 +00:00
translatewiki.net
41d02db023 Localisation updates from https://translatewiki.net. 2020-11-16 15:15:14 +01:00
webzwo0i
1d8e8d3484 terser was not called because mime type did not match 2020-11-15 19:46:48 +00:00
Richard Hansen
cedd27e4fe plugins: Default the module name to the plugin name 2020-11-13 20:30:27 +00:00
Richard Hansen
afb025030c plugins: Use a log4js logger for npm messages 2020-11-13 20:30:27 +00:00
Richard Hansen
8a918fbc46 plugins: asyncify more functions 2020-11-13 20:30:27 +00:00
Richard Hansen
9f575ebc84 plugins: Delete unused ensure function 2020-11-13 20:30:27 +00:00
Richard Hansen
ac5614dadd plugins: Don't export callInit 
It's unused outside of this module.

Also use an arrow function.
 2020-11-13 20:30:27 +00:00
Richard Hansen
ba4794cf8a plugins: Call require('./hooks') at top level 2020-11-13 20:30:27 +00:00
Richard Hansen
14a9479e69 plugins: Use functions from fs.promises 2020-11-13 20:30:27 +00:00
Richard Hansen
d624aa936e plugins: Fix plugin name in error messages 2020-11-13 20:30:27 +00:00
Richard Hansen
6a8563eeab import/export: Simplify exportEtherpadAdditionalContent processing 
Also:
  * Improve parallelization
  * Refine the documentation
 2020-11-10 23:02:43 +00:00
Richard Hansen
8c55a38582 HTML export: Add missing ) 
This bug was introduced in 68a91f5e24.
 2020-11-10 02:51:55 -05:00
Richard Hansen
68a91f5e24 HTML export: Move padId to context object property 2020-11-10 07:13:26 +00:00
John McLear
881d8b8d95
pluginfw: Hook to include additional body in HTML exports (#4469) 
* hook, needs docs

* docs
 2020-11-06 13:48:59 +00:00
John McLear
3fa58efede
pluginfw: Export .etherpad hooks (#4466) 
* export support

* proper prefix

* just a basic example, needs working on still

* docs

* comments shouldnt be hard coded
 2020-11-06 13:48:25 +00:00
ilmar
d5c5ca224b Fix missing arg handling in html10n.js 2020-11-05 10:38:22 +00:00
Richard Hansen
405e3e3e19 Settings: Don't filter out users based on password or hash 
Some authentication plugins use the users defined in the `users`
object but ignore the `password` and `hash` properties.

This change deletes all of the filtering logic, including the logic
that filters out users that have both `password` and `hash` properties
defined. I could have kept that check, but decided to remove it
because:
  * There's no harm in defining both `hash` and `password`.
  * Allowing both makes it easier to transition from one scheme to
    another.
  * It's fewer lines of code to maintain.
 2020-11-04 18:06:08 +00:00
Richard Hansen
6408d2313c webaccess: Be extra paranoid about nullish password 
If `settings.json` contains a user without a `password` property then
nobody should be able to log in as that user using the built-in HTTP
basic authentication. This is true both with and without this change,
but before this change it wasn't immediately obvious that a malicious
user couldn't use an empty or null password to log in as such a user.
This commit adds an explicit nullish check and some unit tests to
ensure that an empty or null password will not work if the `password`
property is null or undefined.
 2020-11-04 18:06:08 +00:00
Richard Hansen
98de2b0899 Use contentEditable for all browsers 
This makes it possible to disable `contentEditable` for certain
elements in some circumstances (e.g., on links so that users can click
on them normally).
 2020-11-03 19:02:01 +00:00
Richard Hansen
5e2a27a182 Replace setClassPresence(x, ...) with x.classList.toggle(...) 2020-11-03 19:02:01 +00:00
Richard Hansen
4594608c04 Delete commented-out code 2020-11-03 19:02:01 +00:00
Richard Hansen
91268e14b7 PadMessageHandler: Rename client to socket 
The `client` variable is actually a socket.io Socket object. Rename it
to reduce confusion.
 2020-11-02 20:39:08 +00:00
Richard Hansen
ed5a635f4c Add req to EJS render args when possible 
This makes it possible for EJS templates and `eejsBlock_*` hook
functions to access the user's express-session state.
 2020-11-02 16:05:01 +00:00
translatewiki.net
127923eb54 Localisation updates from https://translatewiki.net. 2020-11-02 12:40:50 +01:00
Gabriel Medeiros Coelho
ce77c48475 remove unnecessary conditional 
if animationState evaluates to -1 or 0, it would end up in a conditional that assign its value to itself. Since this is redundant, it is better to remove this conditional, to avoid an extra check
 2020-11-01 01:41:09 -05:00
webzwo0i
66a3647579 remove broken async inclusion in tar.json 2020-10-27 20:33:09 +00:00
Richard Hansen
2f65987ba2 webaccess: Remove user's password from session info 
This prevents the password from being logged or stored in the
database.
 2020-10-27 20:30:01 +00:00
translatewiki.net
50c22f0ae4 Localisation updates from https://translatewiki.net. 2020-10-26 15:56:46 +01:00
Viljami Kuosmanen
c502ca3259 Use isHttpError utility provided by http-errors 
This new utility method was introduced in http-errors v1.8.0. Let's use
that instead of instanceof. This also upgrades the http-errors dependency
 2020-10-25 10:45:58 +00:00
Viljami Kuosmanen
aef4cce0c9 Use correct constructor for 404,501 error handlers 
Fixes error message mentioned in #4378.
 2020-10-25 10:45:58 +00:00
Sebastian Castro
5a1110d0d6 Display outline when toolbar button focused 2020-10-25 10:34:51 +00:00
Richard Hansen
193028702d pad: Don't paste when middle-clicking on a link 2020-10-25 07:06:29 +00:00
Andrew Dassonville
bee1ae06d8 utils: Fix commit checking on detached HEAD 2020-10-24 16:22:01 -04:00
John McLear
cb5fcbb74e
editor: allow paste into links (#3802) 2020-10-24 16:59:03 +01:00
Richard Hansen
36aceb3aba hooks: Rewrite callAll and aCallAll for consistency 
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).

Now a hook function like the following works as expected when invoked
by `aCallAll`:

```
exports.myHookFn = (hookName, context, cb) => {
  cb('some value');
  return;
};
```
 2020-10-24 16:08:50 +01:00
Richard Hansen
79119baf58 hooks: Call the callback when done 
If a hook function neither calls the callback nor returns a
(non-undefined) value then there's no way for the hook system to know
if/when the hook function has finished.
 2020-10-24 16:08:50 +01:00
Richard Hansen
55939a0d7e hooks: Delete unused flatten function 2020-10-24 16:08:50 +01:00
Wouter
bd2343f131 Added nl translations for adminpage 2020-10-23 16:18:57 -04:00
translatewiki.net
73dd3ffdf4 Localisation updates from https://translatewiki.net. 2020-10-22 12:58:59 +02:00
chandi
94cb000e8f
plugins: include more data within padUpdate hook (#4425) 
* Including more data at pad update event

* docs: new context fields in padUpdate

Co-authored-by: Pedro Beschorner Marin <pedrobmarin@gmail.com>
 2020-10-21 18:04:03 +01:00
webzwo0i
1e7a9e1791
tests: better timeslider follow contents (#4421) 2020-10-21 10:05:58 +01:00
Richard Hansen
0eb0a07914 Use an ellipsis instead of two periods 2020-10-20 11:02:37 +01:00
Richard Hansen
2379ade7e9 Move out pad.modals.reconnecttimer trailing space 2020-10-20 11:02:37 +01:00
Richard Hansen
734fe9c297 Use jQuery methods to build DOM elements 2020-10-20 11:02:37 +01:00
Richard Hansen
a2554fff22 pad: Pop up an error message dialog box upon socket.io error 2020-10-20 10:01:49 +01:00
Richard Hansen
5b887396c3 pad: Check for null collabClient in socket.io event handlers 2020-10-20 10:01:49 +01:00
Richard Hansen
b1acf6143a pad: Delete do-nothing sendClientReady wrapper 2020-10-20 10:01:49 +01:00
Richard Hansen
a712ce457d gritter: Treat strings as text, not HTML 
This forces users to use jQuery or DOM objects if they want
formatting, which helps avoid XSS vulnerabilities.
 2020-10-20 10:01:49 +01:00
Richard Hansen
8463134125 pad: Improve rendering of uncaught exceptions 
* Use jQuery to build the message HTML so that special characters in
    the error message, URL, etc. are properly escaped. This helps
    avoid XSS vulnerabilities.
  * Use bold text for the error message to make it stand out.
  * Add a line break between the error message and "in <url> at line
    <line>" so that the error message stands out more.
  * Use `<p>...</p>` instead of `</br>` to separate the parts of the
    popup.
  * Use CSS for spacing instead of `</br>`.
  * Grammar fixes (add a missing comma, "at" instead of "in").
 2020-10-20 10:01:49 +01:00
Richard Hansen
d35dbaaacc gritter: Accept jQuery or DOM objects for title and text 
Teach Gritter to accept anything that jQuery's `.append()` method
accepts for the title and text of a popup message. This makes it
easier to safely build HTML messages with proper escaping of special
characters (to prevent XSS vulnerabilities).
 2020-10-20 10:01:49 +01:00
Richard Hansen
d680405f58 pad: Include .js URL in /jserror error report 2020-10-20 10:01:49 +01:00
translatewiki.net
2a8e11a49a Localisation updates from https://translatewiki.net. 2020-10-19 20:32:27 +02:00
translatewiki.net
105eb2651f Localisation updates from https://translatewiki.net. 2020-10-19 15:14:03 +02:00
Richard Hansen
4a25559a2d tests: Aggressively filter out non-.js files 
This prevents errors when the directory contains Emacs backup files.
 2020-10-14 10:38:52 +01:00
Richard Hansen
7f79d201e6 CSP: Move index.html inline code to separate .js file 2020-10-12 20:46:06 +01:00
translatewiki.net
09193150b6 Localisation updates from https://translatewiki.net. 2020-10-12 15:48:55 +02:00
Richard Hansen
a4927095ae CSP: Disable the indexCustomInlineScripts hook 2020-10-11 20:31:00 +01:00
Richard Hansen
052fbb944f
plugins: Delete noisy and useless debug message (#4409) 
The debug statement mostly printed the following useless message over
and over, causing Travis CI logs to become truncated:

    [DEBUG] pluginfw - [ undefined ] returning
 2020-10-11 09:51:53 +01:00
webzwo0i
a2328cd7f0
timeslider: bugfix: follow pad contents - only goToLineNumber if it exists (#4390) 2020-10-10 16:57:22 +01:00
Richard Hansen
048bd0f50d tests: Simplify API key reading 
Also delete unused imports.
 2020-10-08 22:50:18 +01:00
translatewiki.net
ce0b151159 Localisation updates from https://translatewiki.net. 2020-10-08 15:53:01 +02:00
John McLear
66df0a572f
Security: FEATURE REMOVAL: Remove all plain text password logic and ui (#4178) 
This will be a breaking change for some people.  

We removed all internal password control logic.  If this affects you, you have two options:

1. Use a plugin for authentication and use session based pad access (recommended).
1. Use a plugin for password setting.

The reasoning for removing this feature is to reduce the overall security footprint of Etherpad.  It is unnecessary and cumbersome to keep this feature and with the thousands of available authentication methods available in the world our focus should be on supporting those and allowing more granual access based on their implementations (instead of half assed baking our own).
 2020-10-07 13:43:54 +01:00
Richard Hansen
45bee54aa0 HTML export: Await async hook completion before processing results 2020-10-07 10:43:38 +01:00
Richard Hansen
661a89355f socketio: Mimic what Express does to get client IP address 
This also makes it easier for plugins to get the client IP address.
 2020-10-07 10:40:37 +01:00
Richard Hansen
ba6bdf35be Make the aceAttribClasses hook harder to misuse 2020-10-07 10:37:56 +01:00
Richard Hansen
5aa318a09b Call the aceAttribClasses hook synchronously 
We could instead await the results of the hook, but then all callers
and their callers recursively would have to be converted to async, and
that's a huge change.
 2020-10-07 10:37:56 +01:00
Richard Hansen
a8cf434d1d import: Replace the allowAnyoneToImport check with userCanModify 
This reduces the number of hoops a user or tool must jump through to
import.
 2020-10-05 18:48:16 +01:00
Richard Hansen
831528e8bc import: Allow import if pad does not yet exist 2020-10-05 18:48:16 +01:00
Richard Hansen
ed6fcefb67 webaccess: Fix pad ID extraction for import and export paths 2020-10-05 18:48:16 +01:00
Richard Hansen
f4eae40c6b webaccess: Check for read-only pad ID in userCanModify 
This currently isn't absolutely necessary because all current callers
of `userCanModify` already check for a read-only pad ID themselves.
However:

  * This adds defense in depth.
  * This makes it possible to simply replace the import handler's
    `allowAnyoneToImport` check with a call to `userCanModify`.
 2020-10-05 18:48:16 +01:00
Richard Hansen
377560eb51 express: Move general Express setup from webaccess.js 
The `express-session`, `cookie-parser`, etc. middleware is not
specific to access checks.
 2020-10-05 18:12:04 +01:00
Richard Hansen
821c06cc3a socketio: Reuse the express-session middleware 2020-10-05 18:12:04 +01:00
Richard Hansen
f7953ece85 socketio: Delete redundant authentication check 
There's no need to perform an authentication check in the socket.io
middleware because `PadMessageHandler.handleMessage` calls
`SecurityMananger.checkAccess` and that now performs authentication
and authorization checks.

This change also improves the user experience: Before, access denials
caused socket.io error events in the client, which `pad.js` mostly
ignores (the user doesn't see anything). Now a deny message is sent
back to the client, which causes `pad.js` to display an obvious
permission denied message.

This also fixes a minor bug: `settings.loadTest` is supposed to bypass
authentication and authorization checks, but they weren't bypassed
because `SecurityManager.checkAccess` did not check
`settings.loadTest`.
 2020-10-05 18:12:04 +01:00
Richard Hansen
3f8365a995 express: Use const and let instead of var 
Also:
  * Sort imports.
  * Use single quotes.
  * Abbreviate module names.
 2020-10-05 18:12:04 +01:00
Richard Hansen
b68969fbac webaccess: Simplify Express and express-session setup 2020-10-05 18:12:04 +01:00
Richard Hansen
275e5c31c8 webaccess: Wrap long lines 2020-10-05 18:12:04 +01:00
translatewiki.net
29ee63f2ba Localisation updates from https://translatewiki.net. 2020-10-05 15:56:29 +02:00
Richard Hansen
2db4b04af3 cookies: Use SameSite=None if in an iframe from another site 2020-10-04 08:57:44 +01:00
Richard Hansen
bf53162cdd cookies: Use Lax instead of Strict for SameSite 2020-10-04 08:57:44 +01:00
Richard Hansen
3ab0f30ac8 cookies: Use js-cookie to read and write cookies 
Rather than reinvent the wheel, use a well-tested library to parse and
write cookies. This should also help prevent XSS vulnerabilities
because the library handles special characters such as semicolon.
 2020-10-04 08:57:44 +01:00
Richard Hansen
d55edebddd cookies: Refactor pad_cookie.js 
* Use the cookie functions from `pad_utils.js`.
  * Delete unused methods, variables, and parameters.
  * Simplify the logic.
  * Use an ES6 class instead of a weird literal thingy.
  * Use `const` instead of `var`.
 2020-10-04 08:57:44 +01:00
translatewiki.net
891d2600fa Localisation updates from https://translatewiki.net. 2020-10-02 09:05:33 +02:00
webzwo0i
ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373) 
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.
 2020-10-01 10:39:01 +01:00
Richard Hansen
dbef630f44
i18n: Localize /admin pages (#4380) 
Not every string was localized:

  * `/admin/plugins` has some CSS magic to draw the tables of plugins
    differently on narrow (mobile) screens, and the l10n library we
    use does not support that particular magic. The strings that were
    not localized are "Name", "Description", "Version", and "Time".
    These strings are only stuck in English when the page is viewed on
    a narrow screen; normal desktop users will see translated strings.
    The CSS magic ought to be replaced with something more robust
    (lots of nested `div`s); those remaining strings can be localized
    whenever that happens.

  * Strings from external sources such as plugin descriptions, error
    messages, and `settings.json` comments are not localized.
 2020-10-01 10:15:27 +01:00
Richard Hansen
554eef7770 webaccess: Exempt /favicon.ico and /locales.json from auth checks 2020-09-29 19:40:24 +01:00
John McLear
5964055dec
package updates: update deps and resolve some potential security issues (#4369) 2020-09-29 13:21:35 +01:00
translatewiki.net
837ca6ec1e Localisation updates from https://translatewiki.net. 2020-09-28 17:15:23 +02:00
Richard Hansen
bf9d613e95
feature: New user-specific readOnly and canCreate settings (#4370) 
Also:
  * Group the tests for readability.
  * Factor out some common test setup.
 2020-09-28 11:22:06 +01:00
Richard Hansen
7bd5435f50 webaccess: Log hook errors 2020-09-28 09:35:42 +01:00
Richard Hansen
180983736d security: Enable authorize plugins to grant read-only access 2020-09-27 22:55:49 +01:00
Richard Hansen
304318b618 webaccess: Move pre-authn authz check to a separate hook 
Before this change, the authorize hook was invoked twice: once before
authentication and again after (if settings.requireAuthorization is
true). Now pre-authentication authorization is instead handled by a
new preAuthorize hook, and the authorize hook is only invoked after
the user has authenticated.

Rationale: Without this change it is too easy to write an
authorization plugin that is too permissive. Specifically:

  * If the plugin does not check the path for /admin then a non-admin
    user might be able to access /admin pages.
  * If the plugin assumes that the user has already been authenticated
    by the time the authorize function is called then unauthenticated
    users might be able to gain access to restricted resources.

This change also avoids calling the plugin's authorize function twice
per access, which makes it easier for plugin authors to write an
authorization plugin that is easy to understand.

This change may break existing authorization plugins: After this
change, the authorize hook will no longer be able to authorize
non-admin access to /admin pages. This is intentional. Access to admin
pages should instead be controlled via the `is_admin` user setting,
which can be set in the config file or by an authentication plugin.

Also:
  * Add tests for the authenticate and authorize hooks.
  * Disable the authentication failure delay when testing.
 2020-09-27 21:19:58 +01:00
Richard Hansen
411b278881 webaccess: Log all authentication successes/failures 
This loses some of the granularity of the default HTTP basic auth
(unknown username vs. bad password), but there is considerable value
in having logging that is consistent no matter what authentication
plugins are installed.
 2020-09-26 21:57:50 +01:00
Pedro Beschorner Marin
c56973ce74 Fix readOnly pad export 
The export request hook wasn't testing if the pad's id was from a read-only
pad before validating with the pad manager.

This includes an extra step that makes the read-only id verification and also
avoids setting the original pad's id as the file's name.
 2020-09-26 21:47:35 +01:00
Richard Hansen
ab5934cbda webaccess: Split authFailure hook into authnFailure and authzFailure 
This makes it possible for plugins to return different pages to the
user depending on whether the auth failure was authn or authz.
 2020-09-26 19:37:11 +01:00
Richard Hansen
889a3f7261 Bump Etherpad version in src/package-lock.json 2020-09-26 19:37:05 +01:00
Richard Hansen
3bb71e14d1 PadMessageHandler: Logging improvements 2020-09-26 19:36:52 +01:00
Richard Hansen
4332affba6 Fix typo in session check (sesion -> session) 2020-09-26 19:36:44 +01:00
Richard Hansen
02757079c0 security: Enable authorize plugins to grant modify-only access 2020-09-26 18:36:36 +01:00
Richard Hansen
6ed11b7605 PadMessageHandler: Avoid redundant access checks 2020-09-26 18:32:22 +01:00
Richard Hansen
1e3aa9edff pad: Revert back to sending CLIENT_READY on reconnect 
Commit 0bb8d73ba2 fixed the author ID
that is saved in the socket.io sessioninfo when the client sends a
`CLIENT_READY` with `reconnect` set to true, so it is now safe to undo
the workaround from PR #3868.

Fixes #4331.
 2020-09-26 18:32:04 +01:00
Richard Hansen
72ed1816ec security: Fix authz check for pad names with encoded characters 
Also:
  * Minor test cleanups (`function` instead of arrow functions, etc.).
  * Add a test for a case that was previously not covered.
 2020-09-26 10:47:27 +01:00
Richard Hansen
3c9ae57bb3 PadMessageHandler: Block Promise resolution until message is handled 
Benefits:
  * More functions are now async which makes it possible for future
    changes to use await in those functions.
  * This will help keep the server from drowning in too many messages
    if we ever add acknowledgements or if WebSocket backpressure ever
    becomes reality.
  * This might make tests less flaky because changes triggered by a
    message will complete before the Promise resolves.
 2020-09-26 10:47:03 +01:00
Richard Hansen
23131a501c tests: Rewrite import/export tests to use async and supertest 2020-09-26 10:46:16 +01:00
Richard Hansen
0bb8d73ba2 PadMessageHandler: Always save the author ID in the session info 
Before, the author ID was only saved in the session info during the
initial CLIENT_READY, not when the client sent a CLIENT_READY due to a
reconnect. This caused the handling of subsequent messages to use an
undefined author ID.
 2020-09-26 10:43:06 +01:00
translatewiki.net
6cde6f5a98 Localisation updates from https://translatewiki.net. 2020-09-24 15:54:49 +02:00
Richard Hansen
94f944160d security: Don't require express_sid if authn not required 
This should make it possible to embed a pad in an iframe from another
site as long as `settings.requireAuthentication` is false.
 2020-09-24 10:42:41 +01:00
Richard Hansen
53fd0b4f98 webaccess: Return 401 for authn failure, 403 for authz failure 
This makes it possible for reverse proxies to transform 403 errors
into something like "upgrade to a premium account to access this
pad".

Also add some webaccess tests.
 2020-09-24 10:41:58 +01:00
Richard Hansen
1bb44098df PadMessageHandler: Move handleMessage hooks after access check 
Move the handleMessageSecurity and handleMessage hooks after the call
to securityManager.checkAccess.

Benefits:

  * A handleMessage plugin can safely assume the message will be
    handled unless the plugin itself drops the message, so it doesn't
    need to repeat the access checks done by the `handleMessage`
    function.
  * This paves the way for a future enhancement: pass the author ID to
    the hooks.

Note: The handleMessageSecurity hook is broken in several ways:

  * The hook result is ignored for `CLIENT_READY` and `SWITCH_TO_PAD`
    messages because the `handleClientReady` function overwrites the
    hook result. This causes the client to receive client vars with
    `readonly` set to true, which causes the client to display an
    immutable pad even though the pad is technically writable.
  * The formatting toolbar buttons are removed for read-only pads
    before the handleMessageSecurity hook even runs.
  * It is awkwardly named: Without reading the documentation, how is
    one supposed to know that "handle message security" actually means
    "grant one-time write access to a read-only pad"?
  * It is called for every message even though calls after a
    `CLIENT_READY` or `SWITCH_TO_PAD` are mostly pointless.
  * Why would anyone want to grant write access when the user visits a
    read-only pad URL? The user should just visit the writable pad URL
    instead.
  * Why would anyone want to grant write access that only lasts for a
    single socket.io connection?
  * There are better ways to temporarily grant write access (e.g., the
    authorize hook).
  * This hook is inviting bugs because it breaks a core assumption
    about `/p/r.*` URLs.

I think the hook should be deprecated and eventually removed.
 2020-09-23 08:26:47 +01:00
Richard Hansen
0f6baac7b5
Revert "tests: Use wtfnode to determine why mocha isn't exiting" (#4315) 
This reverts commit ae1142a799.

According to
https://github.com/ether/etherpad-lite/pull/4304#issuecomment-694833456
wtfnode always seems to exit with 0 even if the tests fail.
 2020-09-22 22:47:26 +01:00
Richard Hansen
6011ef426f PadMessageHandler: Make sessioninfo tracking more robust 
A session's sessioninfo could go away asynchronously due to a
disconnect. Grab a reference once and use it throughout the function
to avoid dereferencing a null sessioninfo object.
 2020-09-22 14:11:02 +01:00
Richard Hansen
3365e944bf async-ify more functions, and await completion 
Where feasible I put the await at the end of the function to
minimize the impact on latency.

My motivation for this change: Eliminate a race condition in tests I
am writing.
 2020-09-22 14:10:44 +01:00
Richard Hansen
45ec8326f0 Add a new 'rejected' disconnect reason 
This reason will be used in a future commit that will reject erroneous
messages.
 2020-09-22 14:09:07 +01:00
Richard Hansen
a000a93dc6 Refactor startup/shutdown for tests 
* `src/node/server.js` can now be run as a script (for normal
    operation) or imported as a module (for tests).
  * Move shutdown actions to `src/node/server.js` to be close to the
    startup actions.
  * Put startup and shutdown in functions so that tests can call them.
  * Use `await` instead of callbacks.
  * Block until the HTTP server is listening to avoid races during
    test startup.
  * Add a new `shutdown` hook.
  * Use the `shutdown` hook to:
      * close the HTTP server
      * call `end()` on the stats collection to cancel its timers
      * call `terminate()` on the Threads.Pool to stop the workers
  * Exit with exit code 0 (instead of 1) on SIGTERM.
  * Export the HTTP server so that tests can get the HTTP server's
    port via `server.address().port` when `settings.port` is 0.
 2020-09-22 11:07:21 +01:00
Richard Hansen
a4be577ed1 SessionStore: Don't call callback until cached in DB layer 2020-09-21 23:21:05 +01:00
Richard Hansen
436cbb031d SessionStore: Avoid early DB.db dereference 
Avoid dereferencing `DB.db` until it is used so that it is possible to
`require('SessionStore')` before calling `DB.init()`. (This is useful
when writing tests.)
 2020-09-21 23:21:05 +01:00
Richard Hansen
bee91a0bd1 SessionStore: Use EC6 class syntax 
This fixes a minor bug where the SessionStore constructor did not call
the base class constructor.
 2020-09-21 23:21:05 +01:00
Richard Hansen
0504e07eb4 SessionStore: Wrap long line 2020-09-21 23:21:05 +01:00
Richard Hansen
90775cec0d SessionStore: Rename messageLogger to logger 2020-09-21 23:21:05 +01:00
Richard Hansen
4060db0daf SessionStore: Reduce unnecessary vertical space 2020-09-21 23:21:05 +01:00
Richard Hansen
5fb6bc1938 SessionStore: Use single quotes everywhere 2020-09-21 23:21:05 +01:00
Richard Hansen
012449101d SessionStore: Use const instead of var 2020-09-21 23:21:05 +01:00
Richard Hansen
5d2c438e3e SessionStore: Use an arrow function to avoid this juggling 2020-09-21 23:21:05 +01:00
Richard Hansen
de98852da6 SessionStore: Delete unused methods all, clear, length 2020-09-21 23:21:05 +01:00
Richard Hansen
346111250e utils: Fix promise creation accounting bug in promises.timesLimit 
Before this change, `promises.timesLimit()` created `concurrency - 1`
too many promises. The only users of this function use a concurrency
of 500, so this meant that 499 extra promises were created each time
it was used. The bug didn't affect correctness, but it did result in a
large number of unnecessary database operations whenever a pad was
deleted. This change fixes that bug.

Also:
  * Convert the function to async and have it resolve after all of the
    created promises are resolved.
  * Reject concurrency of 0 (unless total is 0).
  * Document the function.
  * Add tests.
 2020-09-21 23:16:32 +01:00
translatewiki.net
65942691b6 Localisation updates from https://translatewiki.net. 2020-09-21 16:02:42 +02:00
Richard Hansen
3886e95c83 SessionManager: Fix session expiration check 
This bug was introduced in 8b0baa9679.
 2020-09-19 21:10:36 +01:00
Sebastian Castro
12bd617f51
css: Improve toolbar responsiveness for small screen (#4322) 
Until now, the "mobile layout" (with right toolbar on bottom of the screen) was displayed only when screen was smaller than 800px. It made the toolbar break for screen about 1000px when a lot of plugins are in the toolbar.
Now instead, we detect with javascript when the toolbar icons overflow the natural space available, and we switch in "mobile layout" in such case
 2020-09-19 19:09:30 +01:00
Stefan Mueller
299bd962b6 Update version to 1.8.6 and add changelog informations 2020-09-18 21:14:19 +02:00
webzwo0i
85f52a2f23
tests: Plugin backend tests in ci (#4314) 2020-09-18 16:28:42 +01:00
translatewiki.net
dfe0368910 Localisation updates from https://translatewiki.net. 2020-09-17 16:40:29 +02:00
Joas Souza
8c04fe8775
Feature: Copy Pad without history (#4295) 
New feature to copy a pad without copying entire history.  This is useful to perform a low CPU intensive operation while still copying current pad state.
 2020-09-16 19:24:09 +01:00
Richard Hansen
b80a37173e security: Fix authorization bypass vulnerability 
Before, a malicious user could bypass authorization restrictions
imposed by the authorize hook:

 * Step 1: Fetch any resource that the malicious user is authorized to
   access (e.g., static content).
 * Step 2: Use the signed express_sid cookie generated in step 1 to
   create a socket.io connection.
 * Step 3: Perform the CLIENT_READY handshake for the desired pad.
 * Step 4: Profit!

Now the authorization decision made by the authorize hook is
propagated to SecurityManager so that it can approve or reject
socket.io messages as appropriate.

This also sets up future support for per-user read-only and
modify-only (no create) authorization levels.
 2020-09-15 21:40:25 +01:00
Richard Hansen
ae1142a799 tests: Use wtfnode to determine why mocha isn't exiting 
If mocha hangs after running the tests, hit Ctrl-C and wtfnode will
print open files, open sockets, running timers, and running intervals.
Adding an `after` function that closes/stops all of those things will
ensure that mocha exits when it finishes running the tests.
 2020-09-15 21:22:52 +01:00
Richard Hansen
e20731cb12 webaccess: Fix syntax error (missing close curly brace) 
Somehow I introduced this bug in commit
2bc26b8ef8 but never noticed.
 2020-09-15 21:21:13 +01:00
Richard Hansen
d2773609d1 PadMessageHandler: Fix assignment to const variable 2020-09-15 20:04:33 +01:00
Richard Hansen
5ac5b65aff Pad: Disable toolbar and import/export when reconnecting 2020-09-15 20:04:17 +01:00
Richard Hansen
6f28e415ec PadMessageHandler: Move code out of unnecessary closure (again) 2020-09-15 20:04:01 +01:00
Richard Hansen
9e6d3f3f63 tests: Add authentication, authorization bypass tests 2020-09-15 20:03:30 +01:00
Richard Hansen
80639fdc6a webaccess: Pass settings.users to the authenticate hook 
Authentication plugins almost always want to read and modify
`settings.users`. The settings can already be accessed in a few other
ways, but this is much more convenient.
 2020-09-15 19:26:24 +01:00
Richard Hansen
250e932f59 webaccess: Enforce creation of req.session.user by authn plugins 
The authorization logic determines whether the user has already
successfully authenticated by looking to see if `req.session.user`
exists. If an authentication plugin says that it successfully
authenticated the user but it did not create `req.session.user` then
authentication will re-run for every access, and authorization plugins
will be unable to determine whether the user has been authenticated.
Return a 500 internal server error to prevent these problems.
 2020-09-15 19:26:14 +01:00
Richard Hansen
80c0e2487d PadMessageHandler: Move code out of unnecessary closure 
Also simplify the logic.
 2020-09-15 19:23:48 +01:00
Richard Hansen
a261fdf430 i18n: Improve error logging when language JSON read fails 
Before it only logged an error like this:

    SyntaxError: Unexpected string in JSON at position XYZ

Now it also logs the filename, making it easier to figure out where
the bad data is:

    failed to read file /path/to/etherpad-lite/src/locales/en.json: SyntaxError: Unexpected string in JSON at position XYZ
 2020-09-15 15:32:43 +01:00
John McLear
38352c1f8c Merge branch 'develop' of github.com:ether/etherpad-lite into develop 2020-09-15 13:15:53 +01:00
John McLear
9f3cc7aae0 deps: update UeberDB to fix issue with Postgres which was causing 1.8.5 to fail on PG sites. 2020-09-15 13:15:28 +01:00
Richard Hansen
2bc26b8ef8 webaccess: Factor out common code 2020-09-15 10:44:23 +01:00
Richard Hansen
f9087fabd6 security: Check authentication in SecurityManager checkAccess 
In addition to providing defense in depth, this change makes it easier
to implement future enhancements such as support for read-only users.
 2020-09-15 10:43:23 +01:00
Richard Hansen
259b8d891d socketio: Use Error objects for socket.io connection errors 
socket.io expects Error objects, otherwise it won't propagate the
message to the client.

Also do some cleanup.
 2020-09-15 10:42:25 +01:00
Richard Hansen
0a836ced29 css: Line up line numbers with their rows 
Tested with both `no-skin` and `colibris`.
 2020-09-15 09:29:09 +01:00
webzwo0i
ec6b983917
packaging: remove pad_docbar.js (#4286) 
package to reduce http requests: nice-select,
pad_automatic_reconnect, skin_variants, scroll, caretPosition

rename unorm in tar.json so it can be included
 2020-09-13 19:01:28 +01:00
Richard Hansen
d0a16d23cb security: Fix authentication bypass vulnerability 
Before, anyone who could create a socket.io connection to Etherpad
could read, modify, and create pads at will without authenticating
first.

The `checkAccess` middleware in `webaccess.js` normally handles
authentication and authorization, but it does not run for `/socket.io`
requests. This means that the connection handler in `socketio.js` must
handle authentication and authorization. However, before this change:
  * The handler did not require a signed `express_sid` cookie.
  * After loading the express-session state, the handler did not check
    to see if the user had authenticated.

Now the handler requires a signed `express_sid` cookie, and it ensures
that `socket.request.session.user` is non-null if authentication is
required. (`socket.request.session.user` is non-null if and only if
the user has authenticated.)
 2020-09-13 18:56:31 +01:00
Richard Hansen
8b0baa9679 SecurityManager: Refactor checkAccess for readability, correctness 
* Move session validity check and session author ID fetch to a
    separate function. This separate function can be used by hooks,
    making it easier for them to properly determine the author ID.
  * Rewrite the remainder of checkAccess. Benefits:
      - The function is more readable and maintainable now.
      - Vulnerability fix: Before, the session IDs in sessionCookie
        were not validated when checking settings.requireSession. Now,
        sessionCookie must identify a valid session for the
        settings.requireSession test to pass.
      - Bug fix: Before, checkAccess would sometimes use the author ID
        associated with the token even if sessionCookie identified a
        valid session. Now it always uses the author ID associated
        with the session if available.
 2020-09-12 09:42:47 +01:00
Richard Hansen
8756fed80d PadMessageHandler: Use await instead of p.then() 2020-09-11 22:11:03 +01:00
Richard Hansen
3262ff1cb9 PadMessageHandler: Rename createSessionInfo to createSessionInfoAuth 
The function doesn't create the session info -- it creates the auth
property of existing session info.
 2020-09-11 22:11:03 +01:00
Richard Hansen
de792559cb PadMessageHandler: Use === instead of == for comparison 2020-09-11 22:11:03 +01:00
Richard Hansen
7f0770d684 PadMessageHandler: Invert logic to improve readability 2020-09-11 22:11:03 +01:00
Richard Hansen
d4db091d1d PadMessageHandler: Simplify handleClientReady a bit 
Before, this function referred to the same author ID in different ways
in different places. Use one spelling to make the code easier to read.
 2020-09-11 22:11:03 +01:00
Richard Hansen
ed3c82e8c3 Use null, not "null", if sessionID cookie doesn't exist 
`decodeURIComponent(null)` returns the string `'null'`, which we don't
want.
 2020-09-11 22:10:04 +01:00
translatewiki.net
24978daeb0 Localisation updates from https://translatewiki.net. 2020-09-10 18:36:59 +02:00
John McLear
5dfae625b9 Package Lock update 2020-09-09 18:15:47 +01:00
John McLear
c8361a211a bump ueber 2020-09-09 14:41:03 +01:00
Stefan Mueller
e64a269a65 Update version to 1.8.5 2020-09-08 22:09:56 +02:00
John McLear
7258d75cc5 bumping ueber 2020-09-08 16:03:15 +01:00
Richard Hansen
6c2a361935 import: Use the correct author ID when using sessions 
There are two different ways an author ID becomes associated with a
user: either bound to a token or bound to a session ID. (The token and
session ID come from the `token` and `sessionID` cookies, or, in the
case of socket.io messages, from the `token` and `sessionID` message
properties.) When `settings.requireSession` is true or the user is
accessing a group pad, the session ID should be used. Otherwise the
token should be used.

Before this change, the `/p/:pad/import` handler was always using the
token, even when `settings.requireSession` was true. This caused the
following error because a different author ID was bound to the token
versus the session ID:

> Unable to import file into ${pad}. Author ${authorID} exists but he
> never contributed to this pad

This bug was reported in issue #4006. PR #4012 worked around the
problem by binding the same author ID to the token as well as the
session ID.

This change does the following:
  * Modifies the import handler to use the session ID to obtain the
    author ID (when appropriate).
  * Expands the documentation for the SecurityManager checkAccess
    function.
  * Removes the workaround from PR #4012.
  * Cleans up the `bin/createUserSession.js` test script.
 2020-09-08 15:04:17 +01:00
Richard Hansen
db0bcb524e SecurityManager: Use constants for returned rejections 
This reduces the chances of a typo-induced bug.
 2020-09-08 14:53:28 +01:00
Sebastian Castro
818194da90
editor/performance: Fix performance for large pads (#4267) 
* Fix line numbers top padding

This old rule was conflicting with new css rules introduced in 1.8.4

* Fixes #4228 Performance degradation for long pads 

Due to layout trashing when calculating new heights
 2020-09-08 14:52:26 +01:00
Richard Hansen
da459888dc plugins: Move plugin definitions to avoid monkey patching 
Also document the plugin data structures.
 2020-09-08 00:50:24 +01:00
Richard Hansen
dcbf876d03 hooks: New mechanism to deprecate hooks 
I plan on splitting authFailure into authnFailure and authzFailure so
that separate authentication and authentication plugins can coexist
peacefully. This change will make it possible to mark the authFailure
hook as deprecated (which simply logs a warning).
 2020-09-08 00:49:10 +01:00
Richard Hansen
8cf2bcaeb4 plugins: Fix type typo 
`exports.parts` is a topologically sorted array, but the intermediate
collection of parts assembled in `plugins.update()` is associative.
 2020-09-08 00:47:32 +01:00
Richard Hansen
c3b2e68dad Revert "Delete redundant token2author DB save" 
Something's weird here; this change shouldn't have any effect. I'll
have to squint at the code some more.

This reverts commit 2bf076043f.

Fixes #4262
 2020-09-08 00:46:01 +01:00
webzwo0i
49a6b1dac2 GroupManager: typo during session deletion 2020-09-08 00:45:39 +01:00