diff options
20 files changed, 71 insertions, 32 deletions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 8de6e3be..1736721b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -2,7 +2,7 @@ name: Bug report about: Create a report to help us improve HedgeDoc. title: '' -labels: 'bug' +labels: 'type: bug' assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/enhancement_request.md b/.github/ISSUE_TEMPLATE/enhancement_request.md index 3d7af927..dee13b03 100644 --- a/.github/ISSUE_TEMPLATE/enhancement_request.md +++ b/.github/ISSUE_TEMPLATE/enhancement_request.md @@ -2,7 +2,7 @@ name: Enhancement request about: Suggest an enhancement of an existing feature. title: '' -labels: 'enhancement' +labels: 'type: enhancement' assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 98ef5148..8a861a4a 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -2,7 +2,7 @@ name: Feature request about: Suggest a new feature for this project, which isn't existing yet. title: '' -labels: 'feature request' +labels: 'type: feature' assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/question---other.md b/.github/ISSUE_TEMPLATE/question---other.md index 757ba182..36fd3336 100644 --- a/.github/ISSUE_TEMPLATE/question---other.md +++ b/.github/ISSUE_TEMPLATE/question---other.md @@ -2,7 +2,7 @@ name: Question / Other about: Questions about the project, features, or organziational issues title: '' -labels: question +labels: 'type: question' assignees: '' --- diff --git a/docs/dev/openapi.yml b/docs/dev/openapi.yml index 00c81cbc..0c928e2d 100644 --- a/docs/dev/openapi.yml +++ b/docs/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.7.0-rc1 + version: 1.7.0-rc2 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/docs/setup/yunohost.md b/docs/setup/yunohost.md index 9ec9d45b..fd90036c 100644 --- a/docs/setup/yunohost.md +++ b/docs/setup/yunohost.md @@ -3,6 +3,6 @@ YunoHost HedgeDoc is available as a 1-click install on [YunoHost](https://yunohost.org/). YunoHost is a Debian GNU/Linux based distribution packaged with free software that automates the installation of a personal web server. -[](https://install-app.yunohost.org/?app=codimd) +[](https://install-app.yunohost.org/?app=hedgedoc) -The source code for the package can be found [here](https://github.com/YunoHost-Apps/codimd_ynh). +The source code for the package can be found [here](https://github.com/YunoHost-Apps/hedgedoc_ynh). diff --git a/lib/migrations/20150702001020-update-to-0_3_1.js b/lib/migrations/20150702001020-update-to-0_3_1.js index b941048e..16001f2e 100644 --- a/lib/migrations/20150702001020-update-to-0_3_1.js +++ b/lib/migrations/20150702001020-update-to-0_3_1.js @@ -21,7 +21,8 @@ module.exports = { defaultValue: 0 }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: shortid' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'shortid'" || error.message === 'column "shortid" of relation "Notes" already exists') { + if (error.message === 'column "shortid" of relation "Notes" already exists' || + error.message.toLowerCase().includes('duplicate column name')) { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160112220142-note-add-lastchange.js b/lib/migrations/20160112220142-note-add-lastchange.js index 69781cef..430e1cc1 100644 --- a/lib/migrations/20160112220142-note-add-lastchange.js +++ b/lib/migrations/20160112220142-note-add-lastchange.js @@ -8,7 +8,8 @@ module.exports = { type: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: lastchangeuserId' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'lastchangeuserId'" || error.message === 'column "lastchangeuserId" of relation "Notes" already exists') { + if (error.message === 'column "lastchangeuserId" of relation "Notes" already exists' || + error.message.toLowerCase().includes('duplicate column name')) { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160420180355-note-add-alias.js b/lib/migrations/20160420180355-note-add-alias.js index 82941a91..18afb9c0 100644 --- a/lib/migrations/20160420180355-note-add-alias.js +++ b/lib/migrations/20160420180355-note-add-alias.js @@ -8,7 +8,8 @@ module.exports = { indicesType: 'UNIQUE' }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: alias' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'alias'" || error.message === 'column "alias" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "alias" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160515114000-user-add-tokens.js b/lib/migrations/20160515114000-user-add-tokens.js index e47ef5a4..33457824 100644 --- a/lib/migrations/20160515114000-user-add-tokens.js +++ b/lib/migrations/20160515114000-user-add-tokens.js @@ -4,7 +4,8 @@ module.exports = { return queryInterface.addColumn('Users', 'accessToken', Sequelize.STRING).then(function () { return queryInterface.addColumn('Users', 'refreshToken', Sequelize.STRING) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: accessToken' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'accessToken'" || error.message === 'column "accessToken" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "accessToken" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160607060246-support-revision.js b/lib/migrations/20160607060246-support-revision.js index b318ea44..fa2731b8 100644 --- a/lib/migrations/20160607060246-support-revision.js +++ b/lib/migrations/20160607060246-support-revision.js @@ -16,7 +16,8 @@ module.exports = { updatedAt: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: savedAt' | error.message === "ER_DUP_FIELDNAME: Duplicate column name 'savedAt'" || error.message === 'column "savedAt" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "savedAt" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160703062241-support-authorship.js b/lib/migrations/20160703062241-support-authorship.js index 86054f1c..c54dde61 100644 --- a/lib/migrations/20160703062241-support-authorship.js +++ b/lib/migrations/20160703062241-support-authorship.js @@ -17,7 +17,8 @@ module.exports = { updatedAt: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: authorship' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'authorship'" || error.message === 'column "authorship" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "authorship" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20161009040430-support-delete-note.js b/lib/migrations/20161009040430-support-delete-note.js index b7ee72c3..7b9b60cf 100644 --- a/lib/migrations/20161009040430-support-delete-note.js +++ b/lib/migrations/20161009040430-support-delete-note.js @@ -2,7 +2,8 @@ module.exports = { up: function (queryInterface, Sequelize) { return queryInterface.addColumn('Notes', 'deletedAt', Sequelize.DATE).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: deletedAt' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'deletedAt'" || error.message === 'column "deletedAt" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "deletedAt" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20161201050312-support-email-signin.js b/lib/migrations/20161201050312-support-email-signin.js index 5c9fbf85..0ade8cd2 100644 --- a/lib/migrations/20161201050312-support-email-signin.js +++ b/lib/migrations/20161201050312-support-email-signin.js @@ -3,7 +3,8 @@ module.exports = { up: function (queryInterface, Sequelize) { return queryInterface.addColumn('Users', 'email', Sequelize.TEXT).then(function () { return queryInterface.addColumn('Users', 'password', Sequelize.TEXT).catch(function (error) { - if (error.message === "ER_DUP_FIELDNAME: Duplicate column name 'password'" || error.message === 'column "password" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "password" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { @@ -11,7 +12,8 @@ module.exports = { } }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: email' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'email'" || error.message === 'column "email" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "email" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20180525153000-user-add-delete-token.js b/lib/migrations/20180525153000-user-add-delete-token.js index 642fa5d4..2dc88dfb 100644 --- a/lib/migrations/20180525153000-user-add-delete-token.js +++ b/lib/migrations/20180525153000-user-add-delete-token.js @@ -4,6 +4,14 @@ module.exports = { return queryInterface.addColumn('Users', 'deleteToken', { type: Sequelize.UUID, defaultValue: Sequelize.UUIDV4 + }).catch(function (error) { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "deleteToken" of relation "Users" already exists') { + // eslint-disable-next-line no-console + console.log('Migration has already run… ignoring.') + } else { + throw error + } }) }, diff --git a/lib/migrations/20200321153000-fix-account-deletion.js b/lib/migrations/20200321153000-fix-account-deletion.js index e794e993..3b5a4224 100644 --- a/lib/migrations/20200321153000-fix-account-deletion.js +++ b/lib/migrations/20200321153000-fix-account-deletion.js @@ -45,6 +45,13 @@ module.exports = { }, onDelete: 'cascade' }) + }).catch(function (error) { + if (error.message.toLowerCase().includes('duplicate key on write or update')) { + // eslint-disable-next-line no-console + console.log('Migration has already run… ignoring.') + } else { + throw error + } }) }, diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js index b8e62dda..9cb17f26 100644 --- a/lib/web/auth/oauth2/index.js +++ b/lib/web/auth/oauth2/index.js @@ -52,7 +52,8 @@ function extractProfileAttribute (data, path) { } function parseProfile (data) { - const id = extractProfileAttribute(data, config.oauth2.userProfileIdAttr) + // only try to parse the id if a claim is configured + const id = config.oauth2.userProfileIdAttr ? extractProfileAttribute(data, config.oauth2.userProfileIdAttr) : undefined const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) const displayName = extractProfileAttribute(data, config.oauth2.userProfileDisplayNameAttr) const email = extractProfileAttribute(data, config.oauth2.userProfileEmailAttr) @@ -66,18 +67,24 @@ function parseProfile (data) { } function checkAuthorization (data, done) { - const roles = extractProfileAttribute(data, config.oauth2.rolesClaim) - const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) - + // a role the user must have is set in the config if (config.oauth2.accessRole) { - if (!roles) { - logger.error('oauth2: "accessRole" configured, but user profile doesn\'t contain roles attribute. Permission denied') - return done('Permission denied', null) - } - - if (!roles.includes(config.oauth2.accessRole)) { - logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`) - return done('Permission denied', null) + // check if we know which claim contains the list of groups a user is in + if (!config.oauth2.rolesClaim) { + // log error, but accept all logins + logger.error('oauth2: "accessRole" is configured, but "rolesClaim" is missing from the config. Can\'t check group membership!') + } else { + // parse and check role data + const roles = extractProfileAttribute(data, config.oauth2.rolesClaim) + if (!roles) { + logger.error('oauth2: "accessRole" is configured, but user profile doesn\'t contain roles attribute. Permission denied') + return done('Permission denied', null) + } + if (!roles.includes(config.oauth2.accessRole)) { + const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) + logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`) + return done('Permission denied', null) + } } } } diff --git a/package.json b/package.json index 5eaf4d92..dab28ab2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.7.0-rc1", + "version": "1.7.0-rc2", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 5a256c26..d95a8d4f 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,5 +1,13 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.7.0-rc2 <i class="fa fa-calendar-o"></i> 2020-12-02 +Changes since 1.7.0-rc1: + +### Bugfixes +- Fix crash when OAuth2 config parameters are missing (thanks to [@vberger](https://github.com/vberger) for reporting!) +- Handle broken `SequelizeMeta` table on MySQL/MariaDB (thanks to [@titulebolide](https://github.com/titulebolide) for reporting!) + + ## <i class="fa fa-tag"></i> 1.7.0-rc1 <i class="fa fa-calendar-o"></i> 2020-11-29 We have renamed to HedgeDoc! @@ -902,9 +902,9 @@ atob@^2.1.2: integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== aws-sdk@^2.521.0: - version "2.799.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.799.0.tgz#8b1a64c1a9f8ccf5794eb07bdd8051e4cb6adcfd" - integrity sha512-NYAoiNU+bJXhlJsC0rFqrmD5t5ho7/VxldmziP6HLPYHfOCI9Uvk6UVjfPmhLWPm0mHnIxhsHqmsNGyjhHNYmw== + version "2.802.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.802.0.tgz#7215be2437c196f1b0b39a10feffdc1d1b980a62" + integrity sha512-PfjBr5Ag4PdcEYPrfMclVWk85kFSJNe7qllZBE8RhYNu+K+Z2pveKfYkC5mqYoKEYIQyI9by9N47F+Tqm1GXtg== dependencies: buffer "4.9.2" events "1.1.1" |