Merge branch 'staging' of github.com:xwiki-labs/cryptpad into staging

8 years ago · 69a72d71de
parent 5050023b6a 82f5d3c96f
commit 69a72d71de
10 changed files with 22 additions and 19 deletions
--- a/customize.dist/BottomBar.html
+++ b/customize.dist/BottomBar.html
@ -1,16 +0,0 @@
-<!-- This is an HTML fragment which is included into the bottom toolbar -->
-<div>
-  <div class="bottom-bar">
-    <div class="bottom-bar-left">
-      <span class="bottom-bar-language">
-        <select id="language-selector"></select>
-      </span>
-      <p data-localization="bottom_france">
-      </p>
-   </div>
-    <div class="bottom-bar-right">
-      <p data-localization="bottom_support">
-      </p>
-    </div>
-  </div>
-</div>
--- a/customize.dist/bg.jpg
+++ b/customize.dist/bg.jpg
--- a/customize.dist/bg2.jpg
+++ b/customize.dist/bg2.jpg
--- a/customize.dist/fr.png
+++ b/customize.dist/fr.png
--- a/customize.dist/heart.png
+++ b/customize.dist/heart.png
--- a/customize.dist/logo-xwiki.png
+++ b/customize.dist/logo-xwiki.png
--- a/customize.dist/logo-xwiki2.png
+++ b/customize.dist/logo-xwiki2.png
--- a/customize.dist/openpaas.png
+++ b/customize.dist/openpaas.png
--- a/customize.dist/openpaasng.png
+++ b/customize.dist/openpaasng.png
--- a/rpc.js
+++ b/rpc.js
@ -785,6 +785,24 @@ var upload_status = function (Env, publicKey, filesize, cb) {
    });
 };

+var isAuthenticatedCall = function (call) {
+    return [
+        //'COOKIE',
+        'RESET',
+        'PIN',
+        'UNPIN',
+        'GET_HASH',
+        'GET_TOTAL_SIZE',
+        'GET_FILE_SIZE',
+        'UPDATE_LIMITS',
+        'GET_LIMIT',
+        'GET_MULTIPLE_FILE_SIZE',
+        'UPLOAD',
+        'UPLOAD_COMPLETE',
+        'UPLOAD_CANCEL',
+    ].indexOf(call) !== -1;
+};
+
 /*::const ConfigType = require('./config.example.js');*/
 RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)=>void*/) {
    // load pin-store...
@ -840,7 +858,6 @@ RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)
        beginSession(Sessions, publicKey);

        var cookie = msg[0];
-
        if (!isValidCookie(Sessions, publicKey, cookie)) {
            // no cookie is fine if the RPC is to get a cookie
            if (msg[1] !== 'COOKIE') {
@ -854,8 +871,10 @@ RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)
            return void respond('INVALID_MESSAGE_OR_PUBLIC_KEY');
        }

-        if (checkSignature(serialized, signature, publicKey) !== true) {
-            return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+        if (isAuthenticatedCall(msg[1])) {
+            if (checkSignature(serialized, signature, publicKey) !== true) {
+                return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+            }
        }

        var safeKey = escapeKeyCharacters(publicKey);