mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26
8094 commits 213 branches 107 tags 72 MiB
Commit graph

465 commits

Author SHA1 Message Date
webzwo0i
ed5e8997d7 Fix: Plugin locales should overwrite core's locales 2023-06-20 13:51:01 +01:00
Richard Hansen
daee90d2af lint: Close function args on same line as final arg 2022-02-21 14:53:48 -05:00
Richard Hansen
c8211f2898 lint: Run eslint --fix 2022-02-21 14:36:58 -05:00
Richard Hansen
3b8549342a Pad: Plumb author ID through mutation operations 2022-02-19 14:55:42 -05:00
Richard Hansen
5520161088 deps: Upgrade formidable to 2.0.1 2022-01-28 21:34:57 -05:00
Richard Hansen
692749d1cf express-session: Extend session lifetime if user is active 2022-01-17 21:45:56 -05:00
Richard Hansen
023e58cfe6 express-session: Set a finite cookie lifetime 2022-01-17 21:45:56 -05:00
Richard Hansen
ec10700dff express-session: Don't save uninitialized sessions 
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
 2022-01-17 21:45:56 -05:00
Richard Hansen
7255dd7ef0 express-session: Inherit proxy trust from Express 2022-01-17 21:45:56 -05:00
Richard Hansen
945e6848e2 SessionStore: Delete DB record when session expires 
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
 2022-01-17 21:45:56 -05:00
Richard Hansen
d3984aa621 express: Move preAuthorize hook after express-session 
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.

This change undoes the following commits:
  * bf35dcfc50
  * 0b1ec20c5c
  * 30544b564e
 2022-01-14 00:44:54 -05:00
Richard Hansen
75637708c0 express: Move up cookie-parser middleware 
This makes it possible for the `preAuthorize` and `preExpressSession`
hooks to easily read or set cookies.
 2022-01-14 00:44:54 -05:00
Richard Hansen
ab85db4426 webaccess: Silence prototype pollution warning 2022-01-14 00:44:54 -05:00
Richard Hansen
dcd43e9849 webaccess: Use .startsWith() instead of .search() 2022-01-14 00:44:54 -05:00
Richard Hansen
66ce2b50a9 openapi: Convert Promise.catch() to catch block 2022-01-02 19:17:20 -05:00
Richard Hansen
31b025bd9d PadMessageHandler: Pass session info to handleMessageSecurity hook 2021-12-21 17:23:56 -05:00
Richard Hansen
696f9c3367 specialpages: New /health endpoint for health checking 
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
 2021-12-21 17:19:56 -05:00
Richard Hansen
30544b564e express: Skip express-session middleware if pre-authorized 2021-12-20 20:08:19 -05:00
Richard Hansen
649fbdccf5 express: Move static handlers to expressPreSession 
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
 2021-12-20 20:08:19 -05:00
Richard Hansen
72f4ae444d express: New expressPreSession server-side hook 2021-12-20 20:08:19 -05:00
Richard Hansen
0b1ec20c5c express: Move preAuthorize middleware before express-session 2021-12-20 20:08:19 -05:00
Richard Hansen
bf35dcfc50 webaccess: Move preAuthorize to its own middleware 2021-12-20 20:08:19 -05:00
Richard Hansen
7f3d0e71f7 express: Check access before expressConfigure middleware 
There are no guarantees about the order of execution of hook
functions, which means that a plugin's `expressConfigure` hook
function could theoretically register a handler/middleware before the
access check middleware is registered. If that happens, the plugin's
handler would run before the access check, which would be bad. Avoid
the problem by explicitly installing the `webaccess.checkAccess`
middleware before running the `expressConfigure` hook.
 2021-12-20 20:08:18 -05:00
Richard Hansen
472eddc821 webaccess: Skip checks if next is called in preAuthenticate 2021-12-20 20:08:18 -05:00
webzwo0i
8b73f2ee70 padurlsanitize: Don't crash if sanitizePadId() throws 
Let Express send a 500 status code to the user instead.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-18 18:47:01 -05:00
Richard Hansen
19e9c2f114 adminsettings: Pay attention to --settings 2021-11-12 23:45:05 -05:00
Richard Hansen
46ad93024d adminsettings: Promisify 2021-11-12 23:45:05 -05:00
Richard Hansen
4e2f816665 adminsettings: Use object destructuring 2021-11-12 23:45:05 -05:00
Richard Hansen
3a5c44c8f7 /jserror: Enable colors to improve readability 2021-10-07 19:55:02 -04:00
Richard Hansen
629e7d5072 /jserror: Log all of the provided data 2021-10-07 19:55:01 -04:00
Richard Hansen
cb01ae8cbb /jserror: Reject files 2021-10-07 19:55:01 -04:00
Richard Hansen
e909072776 /jserror: Refactor to handle errors better 2021-10-07 19:55:01 -04:00
webzwo0i
58bd96ce8f padreadonly: Remove dead /ro/:id handling 
Read-only pads are accessed using `/p/` path since commit
ba3430ebb7.
 2021-09-14 17:07:55 -04:00
Richard Hansen
d9782ac628 tests: Send frontend test spec list as JSON 2021-06-05 03:51:06 -04:00
Richard Hansen
c714ff1014 tests: Let Express handle errors when serving frontendTestSpecs.js 
Express v4.x doesn't understand Promises so we have to manually catch
Promise rejections and pass the error object to `next()`.
 2021-06-05 03:50:36 -04:00
Richard Hansen
e4f011df76 tests: Use require() to load frontend test specs 
This makes core and plugin tests consistent with each other, makes it
possible to `require()` relative paths in spec files, simplifies the
code somewhat, and should make it easier to move away from
require-kernel.

Also:
  * Wrap plugin tests inside a `describe()` that contains the plugin
    name to make it easier to grep for a plugin's tests and for
    consistency with core tests.
  * Add "<core>" to the core test descriptions to make it easier to
    distinguish them from plugin tests.
 2021-06-05 03:50:26 -04:00
Richard Hansen
d8eb79428f tests: Recurse under frontend spec dir 2021-06-05 03:49:13 -04:00
Richard Hansen
5d54c1657a tests: Redirect /tests/frontend/index.html to /tests/frontend/ 2021-06-05 03:49:12 -04:00
Richard Hansen
712b8c5769 tests: Redirect /tests/frontend to /tests/frontend/ 2021-06-05 03:49:12 -04:00
Richard Hansen
573da027e5 tests: Preserve query string when redirecting 2021-06-05 03:49:12 -04:00
Richard Hansen
dfd649dbe9 tests: Use a relative redirect for /tests/frontend 
This avoids problems if Etherpad is served under a path like
`/etherpad`.
 2021-06-03 15:10:23 -04:00
Richard Hansen
617267ce71 tests: Use plugin_defs to get plugin frontend test spec paths 2021-06-03 15:10:23 -04:00
Richard Hansen
1b7b96f57e tests: Avoid deprecated fs.existsSync() 2021-06-03 15:10:23 -04:00
Richard Hansen
ab824c728f tests: Move slashes to improve readability 2021-06-03 15:10:22 -04:00
Richard Hansen
1516bf473f tests: Delete unnecessary staticDir variable 2021-06-03 15:10:22 -04:00
Richard Hansen
d69345bb4e tests: Use map+reduce to improve readability 2021-06-03 15:10:22 -04:00
Richard Hansen
a8e77126e8 tests: Combine .map().filter().map() into single .map() 2021-06-03 15:10:22 -04:00
Richard Hansen
2414203434 tests: Remove unnecessary return 2021-06-03 15:10:22 -04:00
Richard Hansen
0852df74f1 tests: Unexport unnecessarily exported functions 2021-06-03 15:10:22 -04:00
Richard Hansen
ed44449639 tests: Pretty-print frontendTestSpecs.js to make troubleshooting easier 2021-06-03 15:10:22 -04:00