diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..8c6d7bbe9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,47 @@ +# 1.29.0 + +**Goals** + +For this release we wanted to direct our effort towards improving user experience issues surrounding user accounts. + +**Update notes** + +This release features breaking changes to some clientside dependencies. Administrators must make sure to deploy the +latest server with npm update before updating your clientside dependencies with bower update. + +**What's new** + + * newly registered users are now able to delete their accounts automatically, along with any personal + information which had been created: + * ToDo list data is automatically deleted, along with user profiles + * all of a user's owned pads are also removed immediately in their account deletion process + * users who predate account deletion will not benefit from automatic account deletion, since the server + does not have sufficient knowledge to guarantee that the information they could request to have deleted is strictly + their own. For this reason, we've started working on scripts for validating user requests, so as to enable manual + deletion by the server administrator. + * the script can be found in cryptpad/check-account-deletion.js, and it will be a part of an ongoing + effort to improve administrator tooling for situations like this + * users who have not logged in, but wish to use their drive now see a ghost icon which they can use to create pads. + We hope this makes it easier to get started as a new user. + * registered users who have saved templates in their drives can now use those templates at any time, rather than only + using them to create new pads + * we've updated our file encryption code such that it does not interfere with other scripts which may be running at + the same time (synchronous blocking, for those who are interested) + * we now validate message signatures clientside, except when they are coming from the history keeper because clients + trust that the server has already validated those signatures + +**Bug fixes** + * we've removed some dependencies from our home page that were introduced when we updated to use bootstrap4 + * we now import fontawesome as css, and not less, which saves processing time and saves room in our localStorage cache + * templates which do not have a 'type' attribute set are migrated such that the pads which are created with their + content are valid + * thumbnail creation for pads is now disabled by default, due to poor performance + * users can enable thumbnail creation in their settings page + * we've fixed a significant bug in how our server handles checkpoints (special patches in history which contain the + entire pads content) + * it was possible for two users to independently create checkpoints in close proximity while the document was in a + forked state. New users joining while the session was in this state would get stuck on one side of the fork, + and could lose data if the users on the opposing fork overrode their changes + * we've updated our tests, which have been failing for some time because their success conditions were no longer valid + * while trying to register a previously registered user, users could cancel the prompt to login as that user. + If they did so, the registration form remained locked. This has been fixed. \ No newline at end of file diff --git a/customize.dist/login.js b/customize.dist/login.js index 27984fed6..af5a6391a 100644 --- a/customize.dist/login.js +++ b/customize.dist/login.js @@ -258,7 +258,10 @@ define([ // logMeIn should reset registering = false UI.removeLoadingScreen(function () { UI.confirm(Messages.register_alreadyRegistered, function (yes) { - if (!yes) { return; } + if (!yes) { + hashing = false; + return; + } proxy.login_name = uname; if (!proxy[Constants.displayNameKey]) { diff --git a/www/common/outer/chainpad-netflux-worker.js b/www/common/outer/chainpad-netflux-worker.js index 40601a6c5..bc1be6e09 100644 --- a/www/common/outer/chainpad-netflux-worker.js +++ b/www/common/outer/chainpad-netflux-worker.js @@ -68,7 +68,7 @@ define([], function () { // shim between chainpad and netflux var msgIn = function (peerId, msg) { - return msg.replace(/^cp\|/, ''); + return msg.replace(/^cp\|([A-Za-z0-9+\/=]+\|)?/, ''); }; var msgOut = function (msg) { diff --git a/www/common/sframe-app-framework.js b/www/common/sframe-app-framework.js index b7fb0b286..080daaa81 100644 --- a/www/common/sframe-app-framework.js +++ b/www/common/sframe-app-framework.js @@ -443,7 +443,7 @@ define([ patchTransformer: options.patchTransformer || ChainPad.SmartJSONTransformer, // cryptpad debug logging (default is 1) - // logLevel: 2, + logLevel: 2, validateContent: options.validateContent || function (content) { try { JSON.parse(content); diff --git a/www/common/sframe-chainpad-netflux-outer.js b/www/common/sframe-chainpad-netflux-outer.js index b6cc29539..45c4bdabf 100644 --- a/www/common/sframe-chainpad-netflux-outer.js +++ b/www/common/sframe-chainpad-netflux-outer.js @@ -55,7 +55,16 @@ define([], function () { if (readOnly) { return; } try { var cmsg = Crypto.encrypt(msg); - if (msg.indexOf('[4') === 0) { cmsg = 'cp|' + cmsg; } + if (msg.indexOf('[4') === 0) { + var id = ''; + if (window.nacl) { + var hash = window.nacl.hash(window.nacl.util.decodeUTF8(msg)); + id = window.nacl.util.encodeBase64(hash.slice(0, 8)) + '|'; + } else { + console.log("Checkpoint sent without an ID. Nacl is missing."); + } + cmsg = 'cp|' + id + cmsg; + } return cmsg; } catch (err) { console.log(msg);