Merge branch 'communities-allow-list' of github.com:xwiki-labs/cryptpad into communities-allow-list

pull/1/head
yflory 5 years ago
commit cebb2d3900

@ -30,7 +30,7 @@
"secure-fabric.js": "secure-v1.7.9",
"hyperjson": "~1.4.0",
"chainpad-crypto": "^0.2.0",
"chainpad-listmap": "^0.7.0",
"chainpad-listmap": "^0.8.1",
"chainpad": "^5.1.0",
"file-saver": "1.3.1",
"alertifyjs": "1.0.11",

@ -96,7 +96,7 @@ server {
set $workerSrc "https://${main_domain}";
# script-src specifies valid sources for javascript, including inline handlers
set $scriptSrc "'self' ${main_domain}";
set $scriptSrc "'self' resource: ${main_domain}";
set $unsafe 0;
# the following assets are loaded via the sandbox domain
@ -110,7 +110,7 @@ server {
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' ${main_domain}";
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
}
# Finally, set all the rules you composed above.

@ -6,17 +6,15 @@ const BatchRead = require("../batch-read");
const WriteQueue = require("../write-queue");
const Core = require("./core");
const Util = require("../common-util");
const HK = require("../hk-util");
const batchMetadata = BatchRead("GET_METADATA");
Data.getMetadata = function (Env, channel, cb/* , Server */) {
if (!Core.isValidId(channel)) { return void cb('INVALID_CHAN'); }
if (channel.length !== 32) { return cb("INVALID_CHAN_LENGTH"); }
if (channel.length !== HK.STANDARD_CHANNEL_LENGTH) { return cb("INVALID_CHAN_LENGTH"); }
// XXX get metadata from the server cache if it is available
batchMetadata(channel, cb, function (done) {
Env.batchMetadata(channel, cb, function (done) {
var ref = {};
var lineHandler = Meta.createLineHandler(ref, Env.Log.error);
return void Env.msgStore.readChannelMetadata(channel, lineHandler, function (err) {
if (err) {
// stream errors?
@ -118,6 +116,9 @@ Data.setMetadata = function (Env, safeKey, data, cb, Server) {
// kick any current users from the channel
// if they aren't on it.
// review Server.channelBroadcast as used for EEXPIRED
// send them to the user in question, from historyKeeper
cb(void 0, metadata);
next();

@ -38,6 +38,7 @@ module.exports.create = function (config, cb) {
channel_cache: {},
queueStorage: WriteQueue(),
batchIndexReads: BatchRead("HK_GET_INDEX"),
batchMetadata: BatchRead('GET_METADATA'),
//historyKeeper: config.historyKeeper,
intervals: config.intervals || {},
@ -115,22 +116,23 @@ module.exports.create = function (config, cb) {
channelOpen: function (Server, channelName, userId, wait) {
Env.channel_cache[channelName] = Env.channel_cache[channelName] || {};
var proceed = function () {
var next = wait();
var cb = function (err, info) {
next(err, info, function () {
Server.send(userId, [
0,
Env.id,
'JOIN',
channelName
]);
});
};
// only conventional channels can be restricted
if ((channelName || "").length !== 32) { // XXX use contants
return proceed();
if ((channelName || "").length !== HK.STANDARD_CHANNEL_LENGTH) {
return void cb();
}
var next = wait();
// gets and caches the metadata...
// XXX make sure it doesn't get stuck in cache...
HK.getMetadata(Env, channelName, function (err, metadata) {
@ -142,8 +144,7 @@ module.exports.create = function (config, cb) {
if (!metadata || (metadata && !metadata.restricted)) {
// the channel doesn't have metadata, or it does and it's not restricted
// either way, let them join.
proceed();
return void next();
return void cb();
}
// this channel is restricted. verify that the user in question is in the allow list
@ -154,15 +155,14 @@ module.exports.create = function (config, cb) {
var session = HK.getNetfluxSession(Env, userId);
if (HK.isUserSessionAllowed(allowed, session)) {
proceed();
return void next();
return void cb();
}
// otherwise they're not allowed.
// respond with a special error that includes the list of keys
// which would be allowed...
// XXX bonus points if you hash the keys to limit data exposure
next(["ERESTRICTED"].concat(allowed));
cb("ERESTRICTED", allowed);
});
},
sessionClose: function (userId, reason) {

@ -171,17 +171,19 @@ const checkExpired = function (Env, Server, channel) {
error: 'EEXPIRED',
channel: channel
}, Env.id);
dropChannel(channel);
dropChannel(Env, channel);
});
// return true to indicate that it has expired
return true;
};
const getMetadata = HK.getMetadata = function (Env, channelName, cb) {
const getMetadata = HK.getMetadata = function (Env, channelName, _cb) {
var cb = Util.once(Util.mkAsync(_cb));
var metadata = Env.metadata_cache[channelName];
if (metadata && typeof(metadata) === 'object') {
return void Util.mkAsync(cb)(undefined, metadata);
return void cb(undefined, metadata);
}
MetaRPC.getMetadata(Env, channelName, function (err, metadata) {
@ -189,6 +191,10 @@ const getMetadata = HK.getMetadata = function (Env, channelName, cb) {
console.error(err);
return void cb(err);
}
if (!(metadata && typeof(metadata.channel) === 'string' && metadata.channel.length === STANDARD_CHANNEL_LENGTH)) {
return cb();
}
// cache it
Env.metadata_cache[channelName] = metadata;
cb(undefined, metadata);
@ -231,7 +237,8 @@ const computeIndex = function (Env, channelName, cb) {
nThen(function (w) {
getMetadata(Env, channelName, w(function (err, _metadata) {
if (err) {
throw new Error(err);
console.log(err);
throw new Error(err); // XXX
}
metadata = _metadata;
}));
@ -693,7 +700,7 @@ const handleGetHistory = function (Env, Server, seq, userId, parsed) {
}, (err) => {
if (err && err.code !== 'ENOENT') {
if (err.message !== 'EINVAL') { Log.error("HK_GET_HISTORY", err); }
const parsedMsg = {error:err.message, channel: channelName, txid: txid};
const parsedMsg = {error:err.message, channel: channelName, txid: txid}; // XXX history retrieval error format
Server.send(userId, [0, HISTORY_KEEPER_ID, 'MSG', userId, JSON.stringify(parsedMsg)]);
return;
}
@ -876,6 +883,7 @@ HK.onDirectMessage = function (Env, Server, seq, userId, json) {
if (checkExpired(Env, Server, parsed[1])) {
// if the channel is expired just abort.
w.abort();
// XXX what do we tell the person who asked?
return;
}
@ -891,6 +899,9 @@ HK.onDirectMessage = function (Env, Server, seq, userId, json) {
}
// XXX NOT ALLOWED
// respond to txid with error as in handleGetHistory
// send the allow list anyway, it might not get used currently
// but will in the future
}));
}).nThen(function () {
// run the appropriate command from the map

@ -603,13 +603,12 @@ define([
UI.confirmButton = function (originalBtn, config, _cb) {
config = config || {};
var cb = Util.once(Util.mkAsync(_cb));
var classes = 'btn ' + (config.classes || 'btn-primary');
var button = h('button', {
"class": classes,
title: config.title || ''
}, Messages.areYouSure || "Are you sure?"); // XXX
}, Messages.areYouSure);
var $button = $(button);
var div = h('div', {
@ -1150,7 +1149,14 @@ define([
var deletePopup = function () {
$popup.remove();
if (!corner.queue.length) {
// Make sure no other popup is displayed in the next 5s
setTimeout(function () {
if (corner.queue.length) {
$('body').append(corner.queue.pop());
return;
}
corner.state = false;
}, 5000);
return;
}
setTimeout(function () {

@ -191,8 +191,6 @@ define([
return void cb(void 0, $d);
}
Messages.historyTrim_historySize = 'History: {0}'; // XXX
Messages.historyTrim_contentsSize = 'Contents: {0}'; // XXX
var p = Math.round((historyBytes / bytes) * 100);
var historyPrettySize = UIElements.prettySize(historyBytes);
@ -215,7 +213,7 @@ define([
h('span.cp-app-prop-content', Messages._getKey('historyTrim_contentsSize', [contentsPrettySize]))
]),
]),
button = h('button.btn.btn-danger-alt.no-margin', Messages.trimHistory_button || 'test'), // XXX
button = h('button.btn.btn-danger-alt.no-margin', Messages.trimHistory_button),
spinner.spinner
]);
$d.append(size);
@ -236,7 +234,7 @@ define([
}, function (obj) {
spinner.hide();
if (obj && obj.error) {
$(size).append(h('div.alert.alert-danger', Messages.trimHistory_error || 'error')); // XXX
$(size).append(h('div.alert.alert-danger', Messages.trimHistory_error));
return;
}
$(size).remove();
@ -3760,6 +3758,9 @@ define([
var initialHide = data && data.autoStore && data.autoStore === -1;
var modal = UI.cornerPopup(text, actions, footer, {hidden: initialHide});
// Once the store pad popup is created, put the crowdfunding one in the queue
UIElements.displayCrowdfunding(common);
autoStoreModal[priv.channel] = modal;
$(modal.popup).find('.cp-corner-footer a').click(function (e) {
@ -3768,7 +3769,6 @@ define([
});
$(hide).click(function () {
UIElements.displayCrowdfunding(common);
delete autoStoreModal[priv.channel];
modal.delete();
});
@ -3788,7 +3788,6 @@ define([
$(document).trigger('cpPadStored');
delete autoStoreModal[priv.channel];
modal.delete();
UIElements.displayCrowdfunding(common);
UI.log(Messages.autostore_saved);
});
});

@ -110,7 +110,7 @@ define([
window.frames[0].editor.asc_setViewMode(!state);
//window.frames[0].editor.setViewModeDisconnect(true);
} catch (e) {}
if (!state) {
if (!state && !readOnly) {
$('#cp-app-oo-editor').append(h('div#cp-app-oo-offline'));
}
debug(state);

@ -2091,9 +2091,12 @@ define([
store.onlyoffice.removeClient(clientId);
} catch (e) { console.error(e); }
try {
if (store.mailbox) {
store.mailbox.removeClient(clientId);
}
} catch (e) { console.error(e); }
Object.keys(store.modules).forEach(function (key) {
if (!store.modules[key]) { return; }
if (!store.modules[key].removeClient) { return; }
try {
store.modules[key].removeClient(clientId);
@ -2337,7 +2340,6 @@ define([
initAnonRpc(null, null, waitFor());
initRpc(null, null, waitFor());
}).nThen(function (waitFor) {
loadMailbox(waitFor);
Migrate(proxy, waitFor(), function (version, progress) {
postMessage(clientId, 'LOADING_DRIVE', {
state: (2 + (version / 10)),
@ -2357,6 +2359,7 @@ define([
loadUniversal(Profile, 'profile', waitFor);
loadUniversal(Team, 'team', waitFor);
loadUniversal(History, 'history', waitFor);
loadMailbox(waitFor); // XXX make sure we don't have new issues with mailboxes being loaded later
cleanFriendRequests();
}).nThen(function () {
var requestLogin = function () {

@ -494,10 +494,11 @@ define([
try {
var module = ctx.store.modules['team'];
// changeMyRights returns true if we can't change our rights
module.changeMyRights(teamId, content.state, content.teamData);
} catch (e) { console.error(e); }
module.changeMyRights(teamId, content.state, content.teamData, function (done) {
if (!done) { console.error("Can't update team rights"); }
cb(true);
});
} catch (e) { console.error(e); }
};
handlers['OWNED_PAD_REMOVED'] = function (ctx, box, data, cb) {

@ -1067,14 +1067,25 @@ define([
ctx.emit('ROSTER_CHANGE_RIGHTS', teamId, team.clients);
};
var changeMyRights = function (ctx, teamId, state, data) {
if (!teamId) { return true; }
var changeMyRights = function (ctx, teamId, state, data, cb) {
if (!teamId) { return void cb(false); }
var teamData = Util.find(ctx, ['store', 'proxy', 'teams', teamId]);
if (!teamData) { return true; }
if (!teamData) { return void cb(false); }
var onReady = ctx.onReadyHandlers[teamId];
var team = ctx.teams[teamId];
if (!team) { return true; }
if (teamData.channel !== data.channel || teamData.password !== data.password) { return true; }
if (!team && Array.isArray(onReady)) {
onReady.push({
cb: function () {
changeMyRights(ctx, teamId, state, data, cb);
}
});
return;
}
if (!team) { return void cb(false); }
if (teamData.channel !== data.channel || teamData.password !== data.password) { return void cb(false); }
if (state) {
teamData.hash = data.hash;
@ -1091,6 +1102,7 @@ define([
}
updateMyRights(ctx, teamId, data.hash);
cb(true);
};
var changeEditRights = function (ctx, teamId, user, state, cb) {
if (!teamId) { return void cb({error: 'EINVAL'}); }
@ -1632,8 +1644,8 @@ define([
});
};
team.changeMyRights = function (id, edit, teamData) {
changeMyRights(ctx, id, edit, teamData);
team.changeMyRights = function (id, edit, teamData, cb) {
changeMyRights(ctx, id, edit, teamData, cb);
};
team.updateMyData = function (data) {
Object.keys(ctx.teams).forEach(function (id) {

@ -1297,5 +1297,17 @@
"safeLinks_error": "Le lien utilisé ne permet pas d'ouvrir ce document",
"settings_safeLinksCheckbox": "Activer les liens sécurisés",
"settings_safeLinksTitle": "Liens Sécurisés",
"settings_cat_security": "Confidentialité"
"settings_cat_security": "Confidentialité",
"settings_trimHistoryHint": "Économisez de l'espace de stockage en supprimant l'historique de votre disque et de vos notifications. Cela n'affectera pas l'historique de vos documents. Vous pouvez supprimer l'historique des pads dans leur dialogue de propriétés.",
"settings_trimHistoryTitle": "Effacer l'Historique",
"trimHistory_noHistory": "Il n'y a pas d'historique à supprimer",
"trimHistory_currentSize": "Taille de l'historique : <b>{0}</b>",
"trimHistory_needMigration": "Merci de <a>mettre votre CryptDrive à jour</a> pour activer cette fonctionalité.",
"trimHistory_success": "L'historique a été effacé",
"trimHistory_error": "Erreur lors de la suppression de l'historique",
"trimHistory_getSizeError": "Erreur lors du calcul de la taille de l'historique de votre drive",
"trimHistory_button": "Effacer l'historique",
"historyTrim_contentsSize": "Contenu : {0}",
"historyTrim_historySize": "Historique : {0}",
"areYouSure": "Êtes-vous sûr ?"
}

@ -179,7 +179,7 @@
"notifyLeft": "{0} ha abbandonato la sessione collaborativa",
"ok": "OK",
"okButton": "OK (Enter)",
"cancel": "Cancella",
"cancel": "Annulla",
"cancelButton": "Cancella (Esc)",
"show_help_button": "Mostra l'aiuto",
"hide_help_button": "Nascondi l'aiuto",
@ -298,7 +298,7 @@
"contacts_confirmRemoveHistory": "Sei sicuro di voler rimuovere permanentemente la cronologia della chat? I dati non possono essere recuperati",
"contacts_removeHistoryServerError": "C'è stato un errore nella cancellazione della cronologia della chat. Prova di nuovo più tardi",
"contacts_fetchHistory": "Recupera messaggi precedenti",
"contacts_friends": "Amici",
"contacts_friends": "Contatti",
"contacts_rooms": "Stanze",
"contacts_leaveRoom": "Esci da questa stanza",
"contacts_online": "Un altro utente di questa stanza è online",
@ -423,7 +423,7 @@
"register_whyRegister": "Perché registrarsi?",
"register_header": "Benvenuto su CryptPad",
"fm_alert_anonymous": "",
"register_writtenPassword": "Ho annotato il mio username e la mia password, procedi",
"register_writtenPassword": "Ho annotato il mio nome utente e la mia password, procedi",
"register_cancel": "Torna indietro",
"register_warning": "Zero Knowledge significa che non possiamo recuperare i tuoi dati se perdi la tua password.",
"register_alreadyRegistered": "Questo utente esiste già, vuoi effettuare il log in?",
@ -461,7 +461,7 @@
"settings_resetButton": "Rimuovi",
"settings_reset": "Rimuovi tutti i file e le cartelle dal tuo CryptDrive",
"settings_resetPrompt": "",
"settings_resetDone": "",
"settings_resetDone": "Il tuo drive è vuoto adesso!",
"settings_resetError": "",
"settings_resetTipsAction": "",
"settings_resetTips": "",
@ -516,5 +516,26 @@
"register_emailWarning1": "Puoi farlo se vuoi, ma non verrà inviato ai nostri server.",
"register_emailWarning2": "Non sarai in grado di resettare la tua password usando la tua email, a differenza di come puoi fare con molti altri servizi.",
"register_emailWarning3": "Se hai capito, ma intendi comunque usare la tua email come nome utente, clicca OK.",
"oo_sheetMigration_anonymousEditor": "Le modifiche da parte di utenti anonimi a questo foglio di calcolo sono disabilitate finchè un utente registrato non lo aggiorna all'ultima versione."
"oo_sheetMigration_anonymousEditor": "Le modifiche da parte di utenti anonimi a questo foglio di calcolo sono disabilitate finchè un utente registrato non lo aggiorna all'ultima versione.",
"faq": {
"usability": {
"devices": {
"a": "nome utente"
},
"forget": {
"a": "nome utente"
}
},
"security": {
"crypto": {
"a": "nome utente"
}
},
"privacy": {
"register": {
"a": "nome utente"
}
}
},
"whatis_zeroknowledge_p2": "Quando ti registri e accedi, il tuo nome utente e la tua password vengono computati in una chiave segreta utilizzando la <a href=\"https://en.wikipedia.org/wiki/Scrypt\">funzione di derivazione scrypt</a>. Ne questa chiave, ne il tuo nome utente o la tua password vengono inviati al server. Infatti sono usati soltanto dal lato client per decriptare il contenuto del tuo CryptDrive, che contiene le chiavi per tutti i pad a cui hai accesso."
}

@ -1297,5 +1297,17 @@
"safeLinks_error": "This link does not give you access to the document",
"dontShowAgain": "Don't show again",
"profile_login": "You need to log in to add this user to your contacts",
"settings_safeLinksHint": "CryptPad includes the keys to decrypt your pads in their links. Anyone with access to your browsing history can potentially read your data. This includes intrusive browser extensions and browsers that sync your history across devices. Enabling \"safe links\" prevents the keys from entering your browsing history or being displayed in your address bar whenever possible. We strongly recommend that you enable this feature and use the {0} Share menu."
"settings_safeLinksHint": "CryptPad includes the keys to decrypt your pads in their links. Anyone with access to your browsing history can potentially read your data. This includes intrusive browser extensions and browsers that sync your history across devices. Enabling \"safe links\" prevents the keys from entering your browsing history or being displayed in your address bar whenever possible. We strongly recommend that you enable this feature and use the {0} Share menu.",
"areYouSure": "Are you sure?",
"historyTrim_historySize": "History: {0}",
"historyTrim_contentsSize": "Contents: {0}",
"trimHistory_button": "Delete History",
"trimHistory_getSizeError": "Error while calculating the size of your drive's history",
"trimHistory_error": "Error while deleting history",
"trimHistory_success": "History has been deleted",
"trimHistory_needMigration": "Please <a>update your CryptDrive</a> to enable this feature.",
"trimHistory_currentSize": "Current history size: <b>{0}</b>",
"trimHistory_noHistory": "No history can be deleted",
"settings_trimHistoryTitle": "Delete History",
"settings_trimHistoryHint": "Save storage space by deleting the history of your drive and notifications. This will not affect the history of your pads. You can delete the history of pads in their properties dialog."
}

@ -1215,7 +1215,7 @@ define([
var spinner = UI.makeSpinner();
var button = h('button.btn.btn-danger-alt', {
disabled: 'disabled'
}, Messages.trimHistory_button || 'delete history... xxx'); // XXX
}, Messages.trimHistory_button);
var currentSize = h('p', $(spinner.spinner).clone()[0]);
var content = h('div#cp-settings-trim-container', [
currentSize,
@ -1226,7 +1226,7 @@ define([
if (!privateData.isDriveOwned) {
var href = privateData.origin + privateData.pathname + '#' + 'account';
$(currentSize).html(Messages.trimHistory_needMigration || 'Need migration <a>Click</a>'); // XXX
$(currentSize).html(Messages.trimHistory_needMigration);
$(currentSize).find('a').prop('href', href).click(function (e) {
e.preventDefault();
$('.cp-sidebarlayout-category[data-category="account"]').click();
@ -1234,7 +1234,6 @@ define([
return void cb(content);
}
Messages.trimHistory_currentSize = 'Size XXX: <b>{0}</b>'; // XXX
var $button = $(button);
var size;
@ -1246,7 +1245,7 @@ define([
}, waitFor(function (obj) {
if (obj && obj.error) {
waitFor.abort();
var error = h('div.alert.alert-danger', Messages.trimHistory_error || 'error'); // XXX
var error = h('div.alert.alert-danger', Messages.trimHistory_getSizeError);
$(content).empty().append(error);
return;
}
@ -1255,12 +1254,11 @@ define([
}));
}).nThen(function () {
if (!size || size < 1024) {
$(currentSize).html(Messages.trimHistory_noHistory || 'no history...'); // XXX
$(currentSize).html(Messages.trimHistory_noHistory);
return;
}
$(currentSize).html(Messages._getKey('trimHistory_currentSize', [UIElements.prettySize(size)]));
$button.click(function () {
//UI.confirm(Messages.trimHistory_confirm, function (yes) {
UI.confirmButton(button, {
classes: 'btn-danger'
}, function (yes) {
@ -1272,7 +1270,7 @@ define([
channels: channels
}, function (obj) {
if (obj && obj.error) {
var error = h('div.alert.alert-danger', Messages.trimHistory_error || 'error'); // XXX
var error = h('div.alert.alert-danger', Messages.trimHistory_error);
$(content).empty().append(error);
return;
}
@ -1288,9 +1286,6 @@ define([
};
makeBlock('trim-history', function (cb, $div) {
if (!common.isLoggedIn()) { return; }
// XXX settings_trimHistoryTitle, settings_trimHistoryHint, trimHistory_button, trimHistory_error
// XXX trimHistory_success, trimHistory_confirm, trimHistory_noHistory
// XXX trimHistory_needMigration (clickable <a> tag (no attribute) to go to the "account" part of settings)
redrawTrimHistory(cb, $div);
}, true);

Loading…
Cancel
Save