[WIP] Upgrade to Etherpad Version 1.8.5 #48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Not the best fix but better than the current status quo.
…ntent ether#2412 broke this, it was discovered in JohnMcLear/ep_copy_paste_images#20. The limitation means that images can't be pasted within lists which IMHO is fine. I could refine this down to OL only but I think images within lists would be fine not to include.
* testing this * worth isolating
…" (ether#4057) This reverts commit 59b54b4.
… the point of optimization
…re slow on saucelabs
Thanks to hooks, the function can do much more than just basic authentication.
* Improve the comment describing how the access check works.
* Move the `authenticate` logic to where it is used so that people
don't have to keep jumping back and forth to understand how the
access check works.
* Break up the three steps to reduce the number of indentation
levels and improve readability. This should also make it easier to
implement and review planned future changes.
This makes it easier for an eejsBlock_userlist plugin to add something to that row.
Some plugins have npm dependencies, we should install them before testing them.
Every existing caller of `aCallFirst` expects a list and will throw an exception if given `undefined`. (Nobody calls `callFirst`, except maybe plugins.)
Plugin authors are allowed to omit the function name in the `ep.json`
parts definition. For example:
```
{
"parts": [
{
"name": "ep_example",
"hooks": {
"authenticate": "ep_example",
"authFailure": "ep_example"
}
}
]
}
```
If omitted, the function name is assumed to be the same as the hook
name. Before this change, `hook_fn_name` for the example hooks would
both be `/opt/etherpad-lite/node_modules/ep_example`. Now they are
suffixed with `:authenticate` and `:authFailure`. This improves
logging, and it makes it possible to use `hook_fn_name` to uniquely
identify a particular hook function.
Not all authentication plugins require the Authorization header, so it might not be present in subsequent attempts. (In particular, a reverse proxy might strip it.)
This check is already made very early in `handleMessage`.
Something's weird here; this change shouldn't have any effect. I'll have to squint at the code some more. This reverts commit 2bf0760. Fixes ether#4262
`exports.parts` is a topologically sorted array, but the intermediate collection of parts assembled in `plugins.update()` is associative.
I plan on splitting authFailure into authnFailure and authzFailure so that separate authentication and authentication plugins can coexist peacefully. This change will make it possible to mark the authFailure hook as deprecated (which simply logs a warning).
Also document the plugin data structures.
* Fix line numbers top padding This old rule was conflicting with new css rules introduced in 1.8.4 * Fixes ether#4228 Performance degradation for long pads Due to layout trashing when calculating new heights
This reduces the chances of a typo-induced bug.
There are two different ways an author ID becomes associated with a
user: either bound to a token or bound to a session ID. (The token and
session ID come from the `token` and `sessionID` cookies, or, in the
case of socket.io messages, from the `token` and `sessionID` message
properties.) When `settings.requireSession` is true or the user is
accessing a group pad, the session ID should be used. Otherwise the
token should be used.
Before this change, the `/p/:pad/import` handler was always using the
token, even when `settings.requireSession` was true. This caused the
following error because a different author ID was bound to the token
versus the session ID:
> Unable to import file into ${pad}. Author ${authorID} exists but he
> never contributed to this pad
This bug was reported in issue ether#4006. PR ether#4012 worked around the
problem by binding the same author ID to the token as well as the
session ID.
This change does the following:
* Modifies the import handler to use the session ID to obtain the
author ID (when appropriate).
* Expands the documentation for the SecurityManager checkAccess
function.
* Removes the workaround from PR ether#4012.
* Cleans up the `bin/createUserSession.js` test script.
It works fine in dev mode - spk dev But, not after packaging
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This code base works fine in dev mode after running spk dev but not after packaging.