Merge branch 'soon' into staging

pull/1/head
ansuz 6 years ago
commit 2259d1b6ac

@ -1,3 +1,34 @@
# Fossa release (v2.5.0)
## Goals
This release took longer than usual - three weeks instead of two - due to our plans involving a complete redesign of how login and registration function.
Any time we rework a critical system within CryptPad we're very cautious about deploying it, however, this update should bring considerable value for users.
From now on, users will be able to change their passwords without losing access to their old data, however, this is very different from _password recovery_.
While we will still be unable to help you if you have forgotten your password, this update will address our inability up until this point to change your password in the event that it has been compromised in some way.
## Update notes
* v2.5.0 uses newly released features in a clientside dependency ([chainpad-netflux](https://github.com/xwiki-labs/chainpad-netflux/releases/tag/0.7.2)). Run `bower update` to make sure you have the latest version.
* Update your server config to serve /block/ with maxAge 0d, if you are using a reverse proxy, or docker. `cryptpad/docs/example.nginx.conf` has been updated to include an example.
* Restart your server after updating.
* We have added a new feedback key, `NO_CSS_VARIABLES`, in order to diagnose how many of our clients support the CSS3 functionality.
### Features
* v2.5.0 introduces support for what we have called _modern users_.
* New registrations will use the new APIs that we've built to facillitate the ability to change your account password.
* _Legacy registrations_ will continue to function as they always have.
* Changing your password (via the settings page) will migrate old user accounts to the new system.
* We'll publish a blog post in the coming weeks to explain in depth how this functionality is implemented.
* The _kanban_ application now features support for export and import of your project data.
* This release features minor improvements to the _Deutsch_ translation
### Bug fixes
* We noticed that if you entered credentials for registration, and cancelled the displayed prompt informing you that such a user was already registered, the registration interface would not unlock for further interaction. This has been fixed.
* We found that on very slow connections, or when users opened pads in Firefox without focusing the tab, requirejs would fail to load dependencies before timing out. We've increased the timeout period by a factor of ten to address such cases.
# Echidna release (v2.4.0)
## Goals

@ -276,7 +276,7 @@ module.exports = {
*/
blobStagingPath: './blobstage',
/* CryptPad's file storage adaptor closes unused files after a configurale
/* CryptPad's file storage adaptor closes unused files after a configurable
* number of milliseconds (default 30000 (30 seconds))
*/
channelExpirationMs: 30000,

@ -5,7 +5,7 @@ CKEDITOR.editorConfig = function( config ) {
config.needsBrFiller= fixThings;
config.needsNbspFiller= fixThings;
config.removeButtons= 'Source,Maximize,Anchor';
config.removeButtons= 'Source,Maximize';
// magicline plugin inserts html crap into the document which is not part of the
// document itself and causes problems when it's sent across the wire and reflected back
config.removePlugins= 'resize,elementspath';

File diff suppressed because it is too large Load Diff

@ -85,6 +85,11 @@ server {
try_files $uri =404;
}
location ^~ /block/ {
add_header Cache-Control max-age=0;
try_files $uri =404;
}
location ^~ /datastore/ {
add_header Cache-Control max-age=0;
try_files $uri =404;

@ -35,7 +35,7 @@ As such, it is possible for a collaborator on the pad to include some silly/ugly
in a CryptPad such as an image which reveals your IP address when your browser automatically
loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone
who does not have the key to be able to change anything in the pad or add anything, even the
server, however the clients will notice this because the content hashes in ChainPad will fail to
server, however the clients will notice this because the content hashes in CryptPad will fail to
validate.
The server does have a certain power, it can send you evil javascript which does the wrong
@ -82,4 +82,4 @@ any later version. If you wish to use this technology in a proprietary product,
sales@xwiki.com.
[ChainPad]: https://github.com/xwiki-contrib/chainpad
[active attack]: https://en.wikipedia.org/wiki/Attack_(computing)#Types_of_attacks
[active attack]: https://en.wikipedia.org/wiki/Attack_(computing)#Types_of_attack

@ -36,7 +36,7 @@ define([
var increment = function (N) {
var l = N.length;
while (l-- > 1) {
/* jshint probably suspects this is unsafe because we lack types
/* our linter suspects this is unsafe because we lack types
but as long as this is only used on nonces, it should be safe */
if (N[l] !== 255) { return void N[l]++; } // jshint ignore:line
if (l === 0) { throw new Error('E_NONCE_TOO_LARGE'); }

@ -32,6 +32,7 @@ define([
'/common/common-util.js',
'/bower_components/chainpad/chainpad.dist.js',
'/customize/application_config.js',
'/common/test.js',
'/bower_components/diff-dom/diffDOM.js',
@ -52,7 +53,9 @@ define([
Hash,
Util,
ChainPad,
AppConfig)
AppConfig,
Test
)
{
var DiffDom = window.diffDOM;
@ -160,7 +163,14 @@ define([
];
var getHTML = function (inner) {
return ('<!DOCTYPE html>\n' + '<html>\n' + inner.innerHTML);
return ('<!DOCTYPE html>\n' + '<html>\n' +
' <head><meta charset="utf-8"></head>\n <body>' +
inner.innerHTML.replace(/<img[^>]*class="cke_anchor"[^>]*data-cke-realelement="([^"]*)"[^>]*>/g,
function(match,realElt){
//console.log("returning realElt \"" + unescape(realElt)+ "\".");
return decodeURIComponent(realElt); }) +
' </body>\n</html>'
);
};
var CKEDITOR_CHECK_INTERVAL = 100;
@ -753,6 +763,79 @@ define([
}).nThen(waitFor());
}).nThen(function (/*waitFor*/) {
function launchAnchorTest(test) {
// -------- anchor test: make sure the exported anchor contains <a name="..."> -------
console.log('---- anchor test: make sure the exported anchor contains <a name="..."> -----.');
function tryAndTestExport() {
console.log("Starting tryAndTestExport.");
editor.on( 'dialogShow', function( evt ) {
console.log("Anchor dialog detected.");
var dialog = evt.data;
$(dialog.parts.contents.$).find("input").val('xx-' + Math.round(Math.random()*1000));
dialog.click(window.CKEDITOR.dialog.okButton(editor).id);
} );
var existingText = editor.getData();
editor.insertText("A bit of text");
console.log("Launching anchor command.");
editor.execCommand(editor.ui.get('Anchor').command);
console.log("Anchor command launched.");
var waitH = window.setInterval(function() {
console.log("Waited 2s for the dialog to appear");
var anchors = window.CKEDITOR.plugins["link"].getEditorAnchors(editor);
if(!anchors || anchors.length===0) {
test.fail("No anchors found. Please adjust document");
} else {
console.log(anchors.length + " anchors found.");
var exported = getHTML(window.inner);
console.log("Obtained exported: " + exported);
var allFound = true;
for(var i=0; i<anchors.length; i++) {
var anchor = anchors[i];
console.log("Anchor " + anchor.name);
var expected = "<a id=\"" + anchor.id + "\" name=\"" + anchor.name + "\" ";
var found = exported.indexOf(expected)>=0;
console.log("Found " + expected + " " + found + ".");
allFound = allFound && found;
}
console.log("Cleaning up.");
if(allFound) {
// clean-up
editor.execCommand('undo');
editor.execCommand('undo');
var nint = window.setInterval(function(){
console.log("Waiting for undo to yield same result.");
if(existingText === editor.getData()) {
window.clearInterval(nint);
test.pass();
}
}, 500);
} else
{
test.fail("Not all expected a elements found for document at " + window.top.location + ".");
}
}
window.clearInterval(waitH);
},2000);
}
var intervalHandle = window.setInterval(function() {
if(editor.status==="ready") {
window.clearInterval(intervalHandle);
console.log("Editor is ready.");
tryAndTestExport();
} else {
console.log("Waiting for editor to be ready.");
}
}, 100);
}
Test(function(test) {
launchAnchorTest(test);
});
andThen2(editor, Ckeditor, framework);
});
};

Loading…
Cancel
Save