yflory
199dcc8c62
Merge branch 'staging' into authsso
2023-12-11 16:46:11 +01:00
yflory
ac090767ca
Add admin panel option to enforce MFA
2023-12-11 16:40:05 +01:00
yflory
542111843a
Merge branch 'staging' into forcemfa
2023-12-11 16:30:22 +01:00
yflory
e2dd7f6305
Merge branch 'authsso' into forcemfa
2023-12-11 16:30:18 +01:00
David Benque
fde1edd508
Clean old // XXX comments
...
- either removed or changed the comment type
2023-12-08 15:10:19 +00:00
Wolfgang Ginolas
d42539b3b2
Merge remote-tracking branch 'origin/staging' into drawio-image
2023-12-06 09:08:32 +01:00
yflory
23a799d960
Fix missing plugin functions in HTTP workers
2023-12-05 17:10:59 +01:00
yflory
5d801a00fc
Remove incorrect error logs
2023-12-05 16:14:59 +01:00
yflory
f506e5a8cf
Instance invitation and user management prototype
2023-12-01 15:44:20 +01:00
yflory
223dc9394b
New plugin structure
2023-11-17 17:19:04 +01:00
yflory
982c15ae0e
Add an option to enforce MFA for all accounts on the instance
2023-11-09 15:35:56 +01:00
yflory
72cb827e18
Make MFA session expiration configurable
2023-11-08 15:58:28 +01:00
yflory
046e7abeb8
option to enforce CryptPad password for SSO accounts
2023-11-07 16:02:27 +01:00
yflory
61b3ea50ce
Merge branch 'staging' into authsso
2023-11-06 16:45:06 +01:00
yflory
ed97d28528
Make SSO plugin optional
2023-11-06 16:27:52 +01:00
Wolfgang Ginolas
7f55498bcc
Update draw.io dependency and remove unneeded CSP headers
2023-11-01 09:19:46 +01:00
Wolfgang Ginolas
304fc6e970
Upgrade draw.io to 21.7.5
2023-11-01 09:19:45 +01:00
yflory
77e600ce80
Add signing certificate to SAML auth
2023-10-30 17:14:27 +01:00
yflory
7d3f67cd86
SSO + OTP account deletion and password change
2023-10-26 17:55:54 +02:00
yflory
49f6b69db5
SAML SSO login/registration
2023-10-20 18:20:31 +02:00
David Benque
8f0a6319a5
Apply headers
2023-10-20 15:35:26 +01:00
yflory
9b367a0468
SSO SAML test
2023-10-18 18:20:49 +02:00
yflory
e8d719c438
Fix OIDC sso issues
2023-10-18 15:39:54 +02:00
yflory
6e50b9d9dc
Fix HPM error proxy websocket to undefined
2023-10-17 11:50:02 +02:00
Wolfgang Ginolas
13badd7ce4
Use correct mime type for .wasm files
...
https://github.com/cryptpad/cryptpad/issues/1277
2023-10-16 09:42:47 +02:00
yflory
37008242e2
Merge branch 'main' into authsso
2023-10-12 14:56:04 +02:00
yflory
16115de950
Fix expire channel task
2023-10-05 20:37:59 +02:00
yflory
d6a60075cd
Fix DrawIO hash
2023-10-03 11:40:55 +02:00
yflory
d68dde07a9
Remove translation XXX
2023-09-28 18:33:03 +02:00
yflory
ef92d9217c
Merge branch 'moderation' into staging
2023-09-28 17:56:46 +02:00
yflory
fd90827da9
Merge branch 'accessibility' into staging
2023-09-28 17:55:34 +02:00
yflory
30743c295a
Bypass placeholder when removing a pad password
2023-09-28 14:57:45 +02:00
yflory
bc9a335e76
Lint compliance
2023-09-19 15:06:54 +02:00
yflory
f282db9121
Add new placeholder data and account script to admin panel
2023-09-14 17:49:16 +02:00
yflory
399d50e941
Clean unnecessary error log
2023-09-13 17:46:00 +02:00
yflory
235d5594f7
Detect placeholder when reading metadata
2023-09-13 16:54:05 +02:00
yflory
f69dcbdda9
Fix 'Unhandled RPC' log with isNewChannel
2023-09-13 14:48:16 +02:00
yflory
2c12ff5d72
Merge branch 'staging' into moderation
2023-09-11 12:08:07 +02:00
yflory
a0e59dd65b
Fix form responses deletion #1239
2023-09-11 11:55:26 +02:00
yflory
975a177cbb
Add UI/UX when reading a placeholder
2023-09-08 18:10:02 +02:00
yflory
91af47994b
Placeholder on file deletion
2023-09-07 17:03:20 +02:00
yflory
dda4b8777c
Add drive channel metadata to the pin log
2023-09-06 17:15:00 +02:00
yflory
708e36b3ee
New admin command to archive an account
2023-09-05 16:31:04 +02:00
yflory
fde6f15270
Fix headers added by node for the recommended config
2023-09-05 13:01:41 +02:00
yflory
920c307608
Fix websocket issue with some dev instances
2023-09-04 12:10:48 +02:00
yflory
c09e191a16
Blob activity archive
2023-08-30 15:59:15 +02:00
yflory
27b9c9bac3
Update blob activity when loaded
2023-08-29 17:50:39 +02:00
yflory
31a5cbafdb
Fix typo
2023-08-23 10:59:02 +02:00
yflory
ce572e813e
Update eviction script
2023-08-23 10:57:11 +02:00
yflory
cddfc7b5a1
Merge branch '541-rc' of github.com:cryptpad/cryptpad into 541-rc
2023-08-22 15:48:53 +02:00
yflory
395a1ebf5a
Fix broadcast settings not applied instantly #1189
2023-08-22 15:48:43 +02:00
Wolfgang Ginolas
58331b067d
Fix collaboration of Nextcloud integration
2023-08-22 13:31:29 +02:00
yflory
75cd470fb1
Fix checkup test when registration is restricted #1185
2023-08-21 16:42:04 +02:00
yflory
5807b4dddf
Reduce memory usage for the eviction script
2023-08-21 12:45:18 +02:00
yflory
650e4c42ca
Fix websocket only binds to localhost #1182
2023-08-18 10:40:35 +02:00
yflory
867efea83b
Fix CSP headers mismatch between node and Nginx
2023-08-17 16:10:39 +02:00
yflory
cf17b6924a
Fix typo in regex when listing channels
2023-07-20 16:28:31 +02:00
yflory
a70800f928
Remove false positive server error log on page reload
2023-07-13 14:49:07 +02:00
yflory
deb14c412f
Fix XXX
2023-07-13 14:12:47 +02:00
yflory
b11333e7a0
lint compliance
2023-07-11 10:35:44 +02:00
yflory
c10fc37645
Merge branch 'totp-ui' into 5.4-rc
2023-07-11 10:30:36 +02:00
yflory
d1d26571cf
SSO: fix issue with missing config
2023-07-02 12:04:21 +03:00
yflory
d6bf625733
SSO: prototype improvements
2023-06-29 12:32:45 +02:00
Wolfgang Ginolas
6f76972c47
Upgrade drawio to 21.5.2
...
https://github.com/jgraph/drawio/issues/3691
2023-06-29 10:23:49 +02:00
yflory
b93b5eae4e
SSO: OIDC login and register
2023-06-27 16:04:32 +02:00
yflory
0c94c1a602
Merge branch 'totp-ui' into authsso
2023-06-23 19:07:11 +02:00
yflory
18d6ccdfd3
SSO: OIDC auth
2023-06-23 19:06:29 +02:00
yflory
da5626cbae
TOTP: Use session token instead of JWT to prepare for SSO
2023-06-23 18:35:18 +02:00
Wolfgang Ginolas
f7d56eea16
Rename drawio to digram
...
https://github.com/cryptpad/cryptpad/issues/1062
2023-06-22 14:59:13 +02:00
Wolfgang Ginolas
b5c0cada55
Update draw.io script hashes
2023-06-22 14:39:06 +02:00
Wolfgang Ginolas
17e6d24de4
Use hashes instead of unsafe-eval to secure drawio
2023-06-22 14:39:06 +02:00
Wolfgang Ginolas
67362fc2b9
Remove unsave-eval from draw.ios CSP
2023-06-22 14:39:06 +02:00
yflory
2be39c3749
API: reload content on server restart
2023-06-22 14:39:04 +02:00
yflory
723ecc8bd6
Integration API prototype
2023-06-22 14:39:04 +02:00
yflory
9aac9d1c2f
TOTP: Use HTTP challenges to write and remove blocks
2023-06-09 15:06:17 +02:00
yflory
b3a620edc0
lint compliance
2023-06-06 16:09:17 +02:00
yflory
36a1c604d8
Auth: Disable TOTP/MFA from the admin panel
2023-05-16 15:11:43 +02:00
Mathilde Grünig
f5fb24031e
replace xwiki-labs by cryptpad
2023-05-16 14:54:39 +02:00
yflory
e893613b43
TOTP: recovery by secret key
2023-05-15 17:33:58 +02:00
yflory
d789627920
TOTP setup and revocation in settings
2023-05-12 18:21:19 +02:00
ansuz
bd19288869
notes on pending improvements to add before merge/release
2023-05-11 16:42:47 +05:30
ansuz
f82c877cbe
serialize possible errors
2023-05-07 12:17:28 +05:30
ansuz
921c46956d
fix a type error by ensuring Env.Log is defined
2023-05-06 20:42:11 +05:30
ansuz
493bf1346c
Merge tag '5.3.0' into 5.3-auth
2023-05-06 15:26:21 +05:30
ansuz
31dc7b523a
XXXs and TODOs for handling blocks now that 2FA is in play
2023-05-05 18:20:51 +05:30
ansuz
06232ab6d7
overwriting basic storage should fail with an error
2023-05-05 18:18:46 +05:30
ansuz
41e870d3db
serverside protocol work for authentication enforcement and configuration
2023-05-05 18:17:58 +05:30
ansuz
b753a067ac
avoid logging for common 404s
2023-05-03 16:32:09 +05:30
ansuz
e895990426
generate a secret at launch time
...
used for issuing and validating JWTs
2023-05-03 16:19:01 +05:30
ansuz
3c6a35b713
new types of storage for challenges, MFA settings, and sessions
2023-05-02 23:42:09 +05:30
yflory
7b03df37f7
Merge remote-tracking branch 'origin/deprecatedcache' into staging
2023-04-24 14:52:56 +02:00
yflory
6b743a787c
Fix mailbox message deletion
2023-03-28 12:19:16 +02:00
ansuz
cbaff2f3c0
Merge branch 'soon' into staging
2023-03-07 15:34:00 +05:30
ansuz
b5a01231b7
Merge branch '5.3-storage' into merge-storage
2023-03-07 14:49:28 +05:30
ansuz
d231451b49
Merge branch 'http-workers' into merge-storage
2023-03-07 14:49:22 +05:30
ansuz
d8ef2c8371
print login block size when it exceeds the maximum
2023-03-07 13:30:30 +05:30
ansuz
64d24f8b20
clean up http-worker code and add comments
2023-03-07 11:17:46 +05:30
ansuz
8fce5bcaf6
use configured http ports
2023-03-02 12:45:38 +05:30
ansuz
b003d4d825
Merge branch 'staging' into http-workers
2023-03-02 11:59:58 +05:30
ansuz
6bb336034b
Merge branch 'staging' into 5.3-storage
2023-03-02 10:53:05 +05:30
ansuz
47afa26fc5
Merge branch 'soon' into 5.3-storage
2023-02-09 16:16:26 +05:30
yflory
f4b477ee37
Clean XXX
2023-02-01 18:02:03 +01:00
ansuz
7b65d3e8c8
judge blob activity based on mtime instead of atime
...
and output a basic overview when eviction completes
2023-01-23 08:29:36 +05:30
ansuz
c7dedf4054
more logging for potentially long-running eviction processes
2023-01-19 10:14:22 +05:30
ansuz
0bf26588e5
Merge branch 'soon' into 5.3-storage
2023-01-19 09:57:16 +05:30
ansuz
15272a6604
relocate blobs that have been archived to the wrong location
2023-01-19 08:57:39 +05:30
ansuz
911c15df25
fix incorrectly constructed archival path for blobs
2023-01-19 08:56:32 +05:30
yflory
a0714b9cc8
Prevent type error with the new admin script
2023-01-12 15:54:16 +01:00
ansuz
b0d10c3777
oops - fix inverted not
2023-01-11 15:08:16 +05:30
ansuz
3f18a38714
report http-worker RPC errors to the main process for logging
2023-01-11 15:02:02 +05:30
ansuz
4968bbf961
WIP limit on block size
2023-01-11 14:50:16 +05:30
ansuz
96de4dffe9
fix an inverted not in a non-functional telemetry attribute
2023-01-11 13:03:10 +05:30
yflory
1971553e1f
Flush cache when adding new admin
2022-12-20 17:25:54 +01:00
yflory
70e602d9c9
Prototype install app
2022-12-20 16:57:51 +01:00
ansuz
953c817c5b
clean up more prototype code:
...
* remove commented code
* serialize errors sent from http workers to the main process
* drop support for custom http headers set via config.js#httpHeaders
* websockets: only listen on localhost, respect websocketPort config in workers' proxy config
2022-12-20 18:03:52 +05:30
ansuz
24274e6c9b
remove some prototyping code that was overwriting values in responses to http-workers
2022-12-20 17:10:10 +05:30
ansuz
7e4518b43d
More server cleanup:
...
* make the websocket port configurable
* reorder some tasks at launch time to use more consistent logging
* relaunch http workers if they crash
* refuse to launch if httpUnsafeOrigin cannot be parsed as a URL
* fix a path issue reintroduced by a git merge
2022-12-20 16:29:38 +05:30
ansuz
d58096636a
Merge tag '5.2.0' into test-merge
2022-12-20 14:49:47 +05:30
ansuz
6f19101f42
big server changes:
...
* use the nodejs cluster module to handle http traffic with multiple threads
* listen for websocket traffic on a new port because all such logic needs to share state
* proxy websocket URLs from the cluster to the new port so everything is backwards compatible
* implement logic for http workers to make requests and stay in sync with the main process
* unrelated: define the expected nodejs version in a constant
2022-12-20 14:20:59 +05:30
yflory
d39d64626d
Fix deprecated cache issue
2022-12-16 15:12:19 +01:00
yflory
9a6455759f
Merge branch 'staging' into deprecatedcache
2022-12-16 15:04:14 +01:00
yflory
600771682a
Allow edit/delete/multiple answers without a drive and fix race condition
2022-12-08 16:53:29 +01:00
ansuz
ed981f2b63
generalize recommended version code for easier updates
2022-12-07 13:09:24 +05:30
ansuz
c762353cad
interpret maxWorkers config in lib/env instead of in worker handler
2022-12-07 13:04:07 +05:30
yflory
c75a75b243
Don't search for an old hash in a file when a cache is deprecated
2022-11-30 14:39:38 +01:00
yflory
5d350f1c45
Merge branch 'form' into form-del
2022-10-26 17:51:10 +02:00
yflory
89448115c5
Delete form own answers
2022-10-18 10:19:57 +02:00
yflory
bde6bb0032
Clean server code
2022-10-14 16:53:38 +02:00
yflory
8a3be878e8
Merge branch 'staging' into form-del
2022-10-12 17:19:22 +02:00
yflory
c3df1bb0ec
Use flag in pad metadata to allow line deletion in file
2022-10-12 17:17:58 +02:00
yflory
6a1c64fe9a
Delete your own form answers
2022-10-06 17:12:23 +02:00
ansuz
1acdb4180d
fix for bogus metadata lines wiping ownership and other parameters
2022-10-06 16:05:05 +05:30
ansuz
863ab4f380
Merge branch 'soon' into absolute-paths
2022-10-06 15:34:05 +05:30
ansuz
fede73efb1
enable admin option to opt-in to aggregate statistics
2022-09-22 16:35:20 +05:30
ansuz
333ba82970
allow admins to overwrite live data with archived data when both exist
2022-09-13 18:32:50 +05:30
ansuz
2b365694f6
fix server logic and logs messages related to quotas
2022-09-13 13:00:36 +05:30
ansuz
cf180158dc
remove temporary comments
2022-09-07 18:15:19 +05:30
ansuz
e78e57c039
unify accounts_api and quota_api config options
2022-08-30 17:23:10 +05:30
ansuz
b903e1351d
serverside component of admin metadata history
2022-08-26 18:11:59 +05:30
ansuz
ccd0b580f8
fix broken file uploads
2022-08-24 12:38:34 +05:30
ansuz
6cfce42c58
refactor admin panel and include reasons for archiving and restoring
2022-08-24 10:10:32 +05:30
ansuz
d05063a5a2
ensure that the correct form of a signing key is used
2022-08-23 16:08:57 +05:30
ansuz
31f61c7f1d
refactor admin database tab
2022-08-11 18:30:19 +05:30
ansuz
60e58e8f7a
first version of admin 'database' tab
2022-08-11 11:53:03 +05:30
ansuz
6c73e05d19
ignore an expected error
2022-07-25 16:33:05 +05:30
yflory
6ae07bb480
Allow accounts server to trigger quota updates
2022-07-05 11:48:40 +02:00
ansuz
7e0977f0d6
add missing name, description, location to public instance telemetry
2022-06-08 13:30:25 +05:30
Quentin Dufour
51e6136a58
Create the block folder at boot
2022-05-17 10:08:56 +02:00
ansuz
958b3e4376
remove references to removed pages and notes that have been addressed
2022-05-13 15:50:38 +05:30
ansuz
0be64ac958
simplify accounts configuration on dev instances
2022-05-11 13:12:12 +05:30