From a570a73e981f07193c52db35f3aa14bd38fb70b1 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 10 Apr 2018 10:38:25 +0200
Subject: [PATCH 1/3] Send checkpoints' id to the server to avoid storing
 duplicates

---
 www/common/outer/chainpad-netflux-worker.js |  2 +-
 www/common/sframe-app-framework.js          |  2 +-
 www/common/sframe-chainpad-netflux-outer.js | 11 ++++++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/www/common/outer/chainpad-netflux-worker.js b/www/common/outer/chainpad-netflux-worker.js
index adb6242de..1ef172172 100644
--- a/www/common/outer/chainpad-netflux-worker.js
+++ b/www/common/outer/chainpad-netflux-worker.js
@@ -68,7 +68,7 @@ define([], function () {
 
         // shim between chainpad and netflux
         var msgIn = function (peerId, msg) {
-            return msg.replace(/^cp\|/, '');
+            return msg.replace(/^cp\|([A-Za-z0-9+\/=]+\|)?/, '');
         };
 
         var msgOut = function (msg) {
diff --git a/www/common/sframe-app-framework.js b/www/common/sframe-app-framework.js
index b7fb0b286..080daaa81 100644
--- a/www/common/sframe-app-framework.js
+++ b/www/common/sframe-app-framework.js
@@ -443,7 +443,7 @@ define([
                 patchTransformer: options.patchTransformer || ChainPad.SmartJSONTransformer,
 
                 // cryptpad debug logging (default is 1)
-                // logLevel: 2,
+                logLevel: 2,
                 validateContent: options.validateContent || function (content) {
                     try {
                         JSON.parse(content);
diff --git a/www/common/sframe-chainpad-netflux-outer.js b/www/common/sframe-chainpad-netflux-outer.js
index 2d592b65d..6b1224422 100644
--- a/www/common/sframe-chainpad-netflux-outer.js
+++ b/www/common/sframe-chainpad-netflux-outer.js
@@ -53,7 +53,16 @@ define([], function () {
             if (readOnly) { return; }
             try {
                 var cmsg = Crypto.encrypt(msg);
-                if (msg.indexOf('[4') === 0) { cmsg = 'cp|' + cmsg; }
+                if (msg.indexOf('[4') === 0) {
+                    var id = '';
+                    if (window.nacl) {
+                        var hash = window.nacl.hash(window.nacl.util.decodeUTF8(msg));
+                        id = window.nacl.util.encodeBase64(hash.slice(0, 8)) + '|';
+                    } else {
+                        console.log("Checkpoint sent without an ID. Nacl is missing.");
+                    }
+                    cmsg = 'cp|' + id + cmsg;
+                }
                 return cmsg;
             } catch (err) {
                 console.log(msg);

From a4674e40e13061ef1b4644a4465bf0014981273c Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 12 Apr 2018 14:33:47 +0200
Subject: [PATCH 2/3] fix bug in register page which locks up the registration
 form

---
 customize.dist/login.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 1f8cebab5..ccb32f845 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -256,7 +256,10 @@ define([
                                 // logMeIn should reset registering = false
                                 UI.removeLoadingScreen(function () {
                                     UI.confirm(Messages.register_alreadyRegistered, function (yes) {
-                                        if (!yes) { return; }
+                                        if (!yes) {
+                                            hashing = false;
+                                            return;
+                                        }
                                         proxy.login_name = uname;
 
                                         if (!proxy[Constants.displayNameKey]) {

From 05eb35ef6262516cdcaa940128ef6972a7339c6d Mon Sep 17 00:00:00 2001
From: shadow <shadow@systemli.org>
Date: Thu, 19 Apr 2018 12:28:48 +0200
Subject: [PATCH 3/3] added changelog.md with version tag

---
 CHANGELOG.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..8c6d7bbe9
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,47 @@
+# 1.29.0
+
+**Goals**
+
+For this release we wanted to direct our effort towards improving user experience issues surrounding user accounts.
+
+**Update notes**
+
+This release features breaking changes to some clientside dependencies. Administrators must make sure to deploy the
+latest server with npm update before updating your clientside dependencies with bower update.
+
+**What's new**
+
+  * newly registered users are now able to delete their accounts automatically, along with any personal
+   information which had been created:
+    * ToDo list data is automatically deleted, along with user profiles
+    * all of a user's owned pads are also removed immediately in their account deletion process
+  * users who predate account deletion will not benefit from automatic account deletion, since the server
+    does not have sufficient knowledge to guarantee that the information they could request to have deleted is strictly
+    their own. For this reason, we've started working on scripts for validating user requests, so as to enable manual
+    deletion by the server administrator.
+    * the script can be found in cryptpad/check-account-deletion.js, and it will be a part of an ongoing
+      effort to improve administrator tooling for situations like this
+  * users who have not logged in, but wish to use their drive now see a ghost icon which they can use to create pads.
+    We hope this makes it easier to get started as a new user.
+  * registered users who have saved templates in their drives can now use those templates at any time, rather than only
+    using them to create new pads
+  * we've updated our file encryption code such that it does not interfere with other scripts which may be running at
+    the same time (synchronous blocking, for those who are interested)
+  * we now validate message signatures clientside, except when they are coming from the history keeper because clients
+    trust that the server has already validated those signatures
+
+**Bug fixes**
+  * we've removed some dependencies from our home page that were introduced when we updated to use bootstrap4
+  * we now import fontawesome as css, and not less, which saves processing time and saves room in our localStorage cache
+  * templates which do not have a 'type' attribute set are migrated such that the pads which are created with their
+    content are valid
+  * thumbnail creation for pads is now disabled by default, due to poor performance
+    * users can enable thumbnail creation in their settings page
+  * we've fixed a significant bug in how our server handles checkpoints (special patches in history which contain the
+    entire pads content)
+    * it was possible for two users to independently create checkpoints in close proximity while the document was in a
+      forked state. New users joining while the session was in this state would get stuck on one side of the fork,
+      and could lose data if the users on the opposing fork overrode their changes
+  * we've updated our tests, which have been failing for some time because their success conditions were no longer valid
+  * while trying to register a previously registered user, users could cancel the prompt to login as that user.
+    If they did so, the registration form remained locked. This has been fixed.
\ No newline at end of file