dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,738 Commits 73 Branches 132 Tags 560 MiB
Commit Graph

721 Commits

Author SHA1 Message Date
yflory 199dcc8c62 Merge branch 'staging' into authsso 2023-12-11 16:46:11 +01:00
yflory ac090767ca Add admin panel option to enforce MFA 2023-12-11 16:40:05 +01:00
yflory 542111843a Merge branch 'staging' into forcemfa 2023-12-11 16:30:22 +01:00
yflory e2dd7f6305 Merge branch 'authsso' into forcemfa 2023-12-11 16:30:18 +01:00
David Benque fde1edd508 Clean old // XXX comments 
- either removed or changed the comment type
 2023-12-08 15:10:19 +00:00
Wolfgang Ginolas d42539b3b2 Merge remote-tracking branch 'origin/staging' into drawio-image 2023-12-06 09:08:32 +01:00
yflory 23a799d960 Fix missing plugin functions in HTTP workers 2023-12-05 17:10:59 +01:00
yflory 5d801a00fc Remove incorrect error logs 2023-12-05 16:14:59 +01:00
yflory f506e5a8cf Instance invitation and user management prototype 2023-12-01 15:44:20 +01:00
yflory 223dc9394b New plugin structure 2023-11-17 17:19:04 +01:00
yflory 982c15ae0e Add an option to enforce MFA for all accounts on the instance 2023-11-09 15:35:56 +01:00
yflory 72cb827e18 Make MFA session expiration configurable 2023-11-08 15:58:28 +01:00
yflory 046e7abeb8 option to enforce CryptPad password for SSO accounts 2023-11-07 16:02:27 +01:00
yflory 61b3ea50ce Merge branch 'staging' into authsso 2023-11-06 16:45:06 +01:00
yflory ed97d28528 Make SSO plugin optional 2023-11-06 16:27:52 +01:00
Wolfgang Ginolas 7f55498bcc Update draw.io dependency and remove unneeded CSP headers 2023-11-01 09:19:46 +01:00
Wolfgang Ginolas 304fc6e970 Upgrade draw.io to 21.7.5 2023-11-01 09:19:45 +01:00
yflory 77e600ce80 Add signing certificate to SAML auth 2023-10-30 17:14:27 +01:00
yflory 7d3f67cd86 SSO + OTP account deletion and password change 2023-10-26 17:55:54 +02:00
yflory 49f6b69db5 SAML SSO login/registration 2023-10-20 18:20:31 +02:00
David Benque 8f0a6319a5 Apply headers 2023-10-20 15:35:26 +01:00
yflory 9b367a0468 SSO SAML test 2023-10-18 18:20:49 +02:00
yflory e8d719c438 Fix OIDC sso issues 2023-10-18 15:39:54 +02:00
yflory 6e50b9d9dc Fix HPM error proxy websocket to undefined 2023-10-17 11:50:02 +02:00
Wolfgang Ginolas 13badd7ce4 Use correct mime type for .wasm files 
https://github.com/cryptpad/cryptpad/issues/1277
 2023-10-16 09:42:47 +02:00
yflory 37008242e2 Merge branch 'main' into authsso 2023-10-12 14:56:04 +02:00
yflory 16115de950 Fix expire channel task 2023-10-05 20:37:59 +02:00
yflory d6a60075cd Fix DrawIO hash 2023-10-03 11:40:55 +02:00
yflory d68dde07a9 Remove translation XXX 2023-09-28 18:33:03 +02:00
yflory ef92d9217c Merge branch 'moderation' into staging 2023-09-28 17:56:46 +02:00
yflory fd90827da9 Merge branch 'accessibility' into staging 2023-09-28 17:55:34 +02:00
yflory 30743c295a Bypass placeholder when removing a pad password 2023-09-28 14:57:45 +02:00
yflory bc9a335e76 Lint compliance 2023-09-19 15:06:54 +02:00
yflory f282db9121 Add new placeholder data and account script to admin panel 2023-09-14 17:49:16 +02:00
yflory 399d50e941 Clean unnecessary error log 2023-09-13 17:46:00 +02:00
yflory 235d5594f7 Detect placeholder when reading metadata 2023-09-13 16:54:05 +02:00
yflory f69dcbdda9 Fix 'Unhandled RPC' log with isNewChannel 2023-09-13 14:48:16 +02:00
yflory 2c12ff5d72 Merge branch 'staging' into moderation 2023-09-11 12:08:07 +02:00
yflory a0e59dd65b Fix form responses deletion #1239 2023-09-11 11:55:26 +02:00
yflory 975a177cbb Add UI/UX when reading a placeholder 2023-09-08 18:10:02 +02:00
yflory 91af47994b Placeholder on file deletion 2023-09-07 17:03:20 +02:00
yflory dda4b8777c Add drive channel metadata to the pin log 2023-09-06 17:15:00 +02:00
yflory 708e36b3ee New admin command to archive an account 2023-09-05 16:31:04 +02:00
yflory fde6f15270 Fix headers added by node for the recommended config 2023-09-05 13:01:41 +02:00
yflory 920c307608 Fix websocket issue with some dev instances 2023-09-04 12:10:48 +02:00
yflory c09e191a16 Blob activity archive 2023-08-30 15:59:15 +02:00
yflory 27b9c9bac3 Update blob activity when loaded 2023-08-29 17:50:39 +02:00
yflory 31a5cbafdb Fix typo 2023-08-23 10:59:02 +02:00
yflory ce572e813e Update eviction script 2023-08-23 10:57:11 +02:00
yflory cddfc7b5a1 Merge branch '541-rc' of github.com:cryptpad/cryptpad into 541-rc 2023-08-22 15:48:53 +02:00
yflory 395a1ebf5a Fix broadcast settings not applied instantly #1189 2023-08-22 15:48:43 +02:00
Wolfgang Ginolas 58331b067d Fix collaboration of Nextcloud integration 2023-08-22 13:31:29 +02:00
yflory 75cd470fb1 Fix checkup test when registration is restricted #1185 2023-08-21 16:42:04 +02:00
yflory 5807b4dddf Reduce memory usage for the eviction script 2023-08-21 12:45:18 +02:00
yflory 650e4c42ca Fix websocket only binds to localhost #1182 2023-08-18 10:40:35 +02:00
yflory 867efea83b Fix CSP headers mismatch between node and Nginx 2023-08-17 16:10:39 +02:00
yflory cf17b6924a Fix typo in regex when listing channels 2023-07-20 16:28:31 +02:00
yflory a70800f928 Remove false positive server error log on page reload 2023-07-13 14:49:07 +02:00
yflory deb14c412f Fix XXX 2023-07-13 14:12:47 +02:00
yflory b11333e7a0 lint compliance 2023-07-11 10:35:44 +02:00
yflory c10fc37645 Merge branch 'totp-ui' into 5.4-rc 2023-07-11 10:30:36 +02:00
yflory d1d26571cf SSO: fix issue with missing config 2023-07-02 12:04:21 +03:00
yflory d6bf625733 SSO: prototype improvements 2023-06-29 12:32:45 +02:00
Wolfgang Ginolas 6f76972c47 Upgrade drawio to 21.5.2 
https://github.com/jgraph/drawio/issues/3691
 2023-06-29 10:23:49 +02:00
yflory b93b5eae4e SSO: OIDC login and register 2023-06-27 16:04:32 +02:00
yflory 0c94c1a602 Merge branch 'totp-ui' into authsso 2023-06-23 19:07:11 +02:00
yflory 18d6ccdfd3 SSO: OIDC auth 2023-06-23 19:06:29 +02:00
yflory da5626cbae TOTP: Use session token instead of JWT to prepare for SSO 2023-06-23 18:35:18 +02:00
Wolfgang Ginolas f7d56eea16 Rename drawio to digram 
https://github.com/cryptpad/cryptpad/issues/1062
 2023-06-22 14:59:13 +02:00
Wolfgang Ginolas b5c0cada55 Update draw.io script hashes 2023-06-22 14:39:06 +02:00
Wolfgang Ginolas 17e6d24de4 Use hashes instead of unsafe-eval to secure drawio 2023-06-22 14:39:06 +02:00
Wolfgang Ginolas 67362fc2b9 Remove unsave-eval from draw.ios CSP 2023-06-22 14:39:06 +02:00
yflory 2be39c3749 API: reload content on server restart 2023-06-22 14:39:04 +02:00
yflory 723ecc8bd6 Integration API prototype 2023-06-22 14:39:04 +02:00
yflory 9aac9d1c2f TOTP: Use HTTP challenges to write and remove blocks 2023-06-09 15:06:17 +02:00
yflory b3a620edc0 lint compliance 2023-06-06 16:09:17 +02:00
yflory 36a1c604d8 Auth: Disable TOTP/MFA from the admin panel 2023-05-16 15:11:43 +02:00
Mathilde Grünig f5fb24031e replace xwiki-labs by cryptpad 2023-05-16 14:54:39 +02:00
yflory e893613b43 TOTP: recovery by secret key 2023-05-15 17:33:58 +02:00
yflory d789627920 TOTP setup and revocation in settings 2023-05-12 18:21:19 +02:00
ansuz bd19288869 notes on pending improvements to add before merge/release 2023-05-11 16:42:47 +05:30
ansuz f82c877cbe serialize possible errors 2023-05-07 12:17:28 +05:30
ansuz 921c46956d fix a type error by ensuring Env.Log is defined 2023-05-06 20:42:11 +05:30
ansuz 493bf1346c Merge tag '5.3.0' into 5.3-auth 2023-05-06 15:26:21 +05:30
ansuz 31dc7b523a XXXs and TODOs for handling blocks now that 2FA is in play 2023-05-05 18:20:51 +05:30
ansuz 06232ab6d7 overwriting basic storage should fail with an error 2023-05-05 18:18:46 +05:30
ansuz 41e870d3db serverside protocol work for authentication enforcement and configuration 2023-05-05 18:17:58 +05:30
ansuz b753a067ac avoid logging for common 404s 2023-05-03 16:32:09 +05:30
ansuz e895990426 generate a secret at launch time 
used for issuing and validating JWTs
 2023-05-03 16:19:01 +05:30
ansuz 3c6a35b713 new types of storage for challenges, MFA settings, and sessions 2023-05-02 23:42:09 +05:30
yflory 7b03df37f7 Merge remote-tracking branch 'origin/deprecatedcache' into staging 2023-04-24 14:52:56 +02:00
yflory 6b743a787c Fix mailbox message deletion 2023-03-28 12:19:16 +02:00
ansuz cbaff2f3c0 Merge branch 'soon' into staging 2023-03-07 15:34:00 +05:30
ansuz b5a01231b7 Merge branch '5.3-storage' into merge-storage 2023-03-07 14:49:28 +05:30
ansuz d231451b49 Merge branch 'http-workers' into merge-storage 2023-03-07 14:49:22 +05:30
ansuz d8ef2c8371 print login block size when it exceeds the maximum 2023-03-07 13:30:30 +05:30
ansuz 64d24f8b20 clean up http-worker code and add comments 2023-03-07 11:17:46 +05:30
ansuz 8fce5bcaf6 use configured http ports 2023-03-02 12:45:38 +05:30
ansuz b003d4d825 Merge branch 'staging' into http-workers 2023-03-02 11:59:58 +05:30
ansuz 6bb336034b Merge branch 'staging' into 5.3-storage 2023-03-02 10:53:05 +05:30
ansuz 47afa26fc5 Merge branch 'soon' into 5.3-storage 2023-02-09 16:16:26 +05:30
yflory f4b477ee37 Clean XXX 2023-02-01 18:02:03 +01:00
ansuz 7b65d3e8c8 judge blob activity based on mtime instead of atime 
and output a basic overview when eviction completes
 2023-01-23 08:29:36 +05:30
ansuz c7dedf4054 more logging for potentially long-running eviction processes 2023-01-19 10:14:22 +05:30
ansuz 0bf26588e5 Merge branch 'soon' into 5.3-storage 2023-01-19 09:57:16 +05:30
ansuz 15272a6604 relocate blobs that have been archived to the wrong location 2023-01-19 08:57:39 +05:30
ansuz 911c15df25 fix incorrectly constructed archival path for blobs 2023-01-19 08:56:32 +05:30
yflory a0714b9cc8 Prevent type error with the new admin script 2023-01-12 15:54:16 +01:00
ansuz b0d10c3777 oops - fix inverted not 2023-01-11 15:08:16 +05:30
ansuz 3f18a38714 report http-worker RPC errors to the main process for logging 2023-01-11 15:02:02 +05:30
ansuz 4968bbf961 WIP limit on block size 2023-01-11 14:50:16 +05:30
ansuz 96de4dffe9 fix an inverted not in a non-functional telemetry attribute 2023-01-11 13:03:10 +05:30
yflory 1971553e1f Flush cache when adding new admin 2022-12-20 17:25:54 +01:00
yflory 70e602d9c9 Prototype install app 2022-12-20 16:57:51 +01:00
ansuz 953c817c5b clean up more prototype code: 
* remove commented code
* serialize errors sent from http workers to the main process
* drop support for custom http headers set via config.js#httpHeaders
* websockets: only listen on localhost, respect websocketPort config in workers' proxy config
 2022-12-20 18:03:52 +05:30
ansuz 24274e6c9b remove some prototyping code that was overwriting values in responses to http-workers 2022-12-20 17:10:10 +05:30
ansuz 7e4518b43d More server cleanup: 
* make the websocket port configurable
* reorder some tasks at launch time to use more consistent logging
* relaunch http workers if they crash
* refuse to launch if httpUnsafeOrigin cannot be parsed as a URL
* fix a path issue reintroduced by a git merge
 2022-12-20 16:29:38 +05:30
ansuz d58096636a Merge tag '5.2.0' into test-merge 2022-12-20 14:49:47 +05:30
ansuz 6f19101f42 big server changes: 
* use the nodejs cluster module to handle http traffic with multiple threads
* listen for websocket traffic on a new port because all such logic needs to share state
* proxy websocket URLs from the cluster to the new port so everything is backwards compatible
* implement logic for http workers to make requests and stay in sync with the main process
* unrelated: define the expected nodejs version in a constant
 2022-12-20 14:20:59 +05:30
yflory d39d64626d Fix deprecated cache issue 2022-12-16 15:12:19 +01:00
yflory 9a6455759f Merge branch 'staging' into deprecatedcache 2022-12-16 15:04:14 +01:00
yflory 600771682a Allow edit/delete/multiple answers without a drive and fix race condition 2022-12-08 16:53:29 +01:00
ansuz ed981f2b63 generalize recommended version code for easier updates 2022-12-07 13:09:24 +05:30
ansuz c762353cad interpret maxWorkers config in lib/env instead of in worker handler 2022-12-07 13:04:07 +05:30
yflory c75a75b243 Don't search for an old hash in a file when a cache is deprecated 2022-11-30 14:39:38 +01:00
yflory 5d350f1c45 Merge branch 'form' into form-del 2022-10-26 17:51:10 +02:00
yflory 89448115c5 Delete form own answers 2022-10-18 10:19:57 +02:00
yflory bde6bb0032 Clean server code 2022-10-14 16:53:38 +02:00
yflory 8a3be878e8 Merge branch 'staging' into form-del 2022-10-12 17:19:22 +02:00
yflory c3df1bb0ec Use flag in pad metadata to allow line deletion in file 2022-10-12 17:17:58 +02:00
yflory 6a1c64fe9a Delete your own form answers 2022-10-06 17:12:23 +02:00
ansuz 1acdb4180d fix for bogus metadata lines wiping ownership and other parameters 2022-10-06 16:05:05 +05:30
ansuz 863ab4f380 Merge branch 'soon' into absolute-paths 2022-10-06 15:34:05 +05:30
ansuz fede73efb1 enable admin option to opt-in to aggregate statistics 2022-09-22 16:35:20 +05:30
ansuz 333ba82970 allow admins to overwrite live data with archived data when both exist 2022-09-13 18:32:50 +05:30
ansuz 2b365694f6 fix server logic and logs messages related to quotas 2022-09-13 13:00:36 +05:30
ansuz cf180158dc remove temporary comments 2022-09-07 18:15:19 +05:30
ansuz e78e57c039 unify accounts_api and quota_api config options 2022-08-30 17:23:10 +05:30
ansuz b903e1351d serverside component of admin metadata history 2022-08-26 18:11:59 +05:30
ansuz ccd0b580f8 fix broken file uploads 2022-08-24 12:38:34 +05:30
ansuz 6cfce42c58 refactor admin panel and include reasons for archiving and restoring 2022-08-24 10:10:32 +05:30
ansuz d05063a5a2 ensure that the correct form of a signing key is used 2022-08-23 16:08:57 +05:30
ansuz 31f61c7f1d refactor admin database tab 2022-08-11 18:30:19 +05:30
ansuz 60e58e8f7a first version of admin 'database' tab 2022-08-11 11:53:03 +05:30
ansuz 6c73e05d19 ignore an expected error 2022-07-25 16:33:05 +05:30
yflory 6ae07bb480 Allow accounts server to trigger quota updates 2022-07-05 11:48:40 +02:00
ansuz 7e0977f0d6 add missing name, description, location to public instance telemetry 2022-06-08 13:30:25 +05:30
Quentin Dufour 51e6136a58
Create the block folder at boot 2022-05-17 10:08:56 +02:00
ansuz 958b3e4376 remove references to removed pages and notes that have been addressed 2022-05-13 15:50:38 +05:30
ansuz 0be64ac958 simplify accounts configuration on dev instances 2022-05-11 13:12:12 +05:30