diff options
-rw-r--r-- | README.md | 17 | ||||
-rw-r--r-- | app.js | 66 | ||||
-rw-r--r-- | config.json.example | 12 | ||||
-rw-r--r-- | lib/auth.js | 59 | ||||
-rw-r--r-- | lib/config.js | 38 | ||||
-rw-r--r-- | lib/letter-avatars.js | 25 | ||||
-rw-r--r-- | lib/models/note.js | 6 | ||||
-rw-r--r-- | lib/models/user.js | 11 | ||||
-rw-r--r-- | lib/realtime.js | 54 | ||||
-rwxr-xr-x | lib/response.js | 12 | ||||
-rw-r--r-- | package.json | 1 | ||||
-rw-r--r-- | public/css/index.css | 3 | ||||
-rw-r--r-- | public/css/site.css | 2 | ||||
-rw-r--r-- | public/js/cover.js | 2 | ||||
-rw-r--r-- | public/js/index.js | 30 | ||||
-rw-r--r-- | public/views/body.ejs | 2 | ||||
-rw-r--r-- | public/views/index.ejs | 4 | ||||
-rw-r--r-- | public/views/signin-modal.ejs | 31 |
18 files changed, 306 insertions, 69 deletions
@@ -130,8 +130,18 @@ Environment variables (will overwrite other server configs) | HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret | | HMD_GOOGLE_CLIENTID | no example | Google API client id | | HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret | +| HMD_LDAP_URL | ldap://example.com | url of LDAP server | +| HMD_LDAP_BINDDN | no example | bindDn for LDAP access | +| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access | +| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens | +| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from | +| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with | +| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with | +| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format | +| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | -| HMD_EMAIL | `true` or `false` | set to allow email register and signin | +| HMD_EMAIL | `true` or `false` | set to allow email signin | +| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | | HMD_S3_ACCESS_KEY_ID | no example | AWS access key id | | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key | @@ -175,7 +185,8 @@ Application settings `config.json` | heartbeatinterval | `5000` | socket.io heartbeat interval | | heartbeattimeout | `10000` | socket.io heartbeat timeout | | documentmaxlength | `100000` | note max length | -| email | `true` or `false` | set to allow email register and signin | +| email | `true` or `false` | set to allow email signin | +| allowemailregister | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) | | imageUploadType | `imgur`(default), `s3` or `filesystem` | Where to upload image | s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION", "bucket": "YOUR_S3_BUCKET_NAME" }` | When `imageUploadType` be setted to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | @@ -184,7 +195,7 @@ Third-party integration api key settings | service | settings location | description | | ------- | --------- | ----------- | -| facebook, twitter, github, gitlab, dropbox, google | environment variables or `config.json` | for signin | +| facebook, twitter, github, gitlab, dropbox, google, ldap | environment variables or `config.json` | for signin | | imgur | environment variables or `config.json` | for image upload | | google drive(`google/apiKey`, `google/clientID`), dropbox(`dropbox/appKey`) | `config.json` | for export and import | @@ -381,36 +381,50 @@ if (config.google) { failureRedirect: config.serverurl + '/' })); } +// ldap auth +if (config.ldap) { + app.post('/auth/ldap', urlencodedParser, function (req, res, next) { + if (!req.body.username || !req.body.password) return response.errorBadRequest(res); + setReturnToFromReferer(req); + passport.authenticate('ldapauth', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: true + })(req, res, next); + }); +} // email auth if (config.email) { - app.post('/register', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res); - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); - models.User.findOrCreate({ - where: { - email: req.body.email - }, - defaults: { - password: req.body.password - } - }).spread(function (user, created) { - if (user) { - if (created) { - if (config.debug) logger.info('user registered: ' + user.id); - req.flash('info', "You've successfully registered, please signin."); - } else { - if (config.debug) logger.info('user found: ' + user.id); - req.flash('error', "This email has been used, please try another one."); + if (config.allowemailregister) + app.post('/register', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res); + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); + models.User.findOrCreate({ + where: { + email: req.body.email + }, + defaults: { + password: req.body.password + } + }).spread(function (user, created) { + if (user) { + if (created) { + if (config.debug) logger.info('user registered: ' + user.id); + req.flash('info', "You've successfully registered, please signin."); + } else { + if (config.debug) logger.info('user found: ' + user.id); + req.flash('error', "This email has been used, please try another one."); + } + return res.redirect(config.serverurl + '/'); } + req.flash('error', "Failed to register your account, please try again."); return res.redirect(config.serverurl + '/'); - } - req.flash('error', "Failed to register your account, please try again."); - return res.redirect(config.serverurl + '/'); - }).catch(function (err) { - logger.error('auth callback failed: ' + err); - return response.errorInternalError(res); + }).catch(function (err) { + logger.error('auth callback failed: ' + err); + return response.errorInternalError(res); + }); }); - }); + app.post('/login', urlencodedParser, function (req, res, next) { if (!req.body.email || !req.body.password) return response.errorBadRequest(res); if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res); @@ -627,7 +641,7 @@ process.on('SIGINT', function () { var checkCleanTimer = setInterval(function () { if (history.isReady() && realtime.isReady()) { models.Revision.checkAllNotesRevision(function (err, notes) { - if (err) throw new Error(err); + if (err) return logger.error(err); if (!notes || notes.length <= 0) { clearInterval(checkCleanTimer); return process.exit(0); diff --git a/config.json.example b/config.json.example index e980566f..80662b0f 100644 --- a/config.json.example +++ b/config.json.example @@ -53,6 +53,18 @@ "clientSecret": "change this", "apiKey": "change this" }, + "ldap": { + "url": "ldap://change_this", + "bindDn": null, + "bindCredentials": null, + "tokenSecret": "change this", + "searchBase": "change this", + "searchFilter": "change this", + "searchAttributes": "change this", + "tlsOptions": { + "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" + } + }, "imgur": { "clientID": "change this" } diff --git a/lib/auth.js b/lib/auth.js index f167cede..4b14e42c 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -7,6 +7,7 @@ var GithubStrategy = require('passport-github').Strategy; var GitlabStrategy = require('passport-gitlab2').Strategy; var DropboxStrategy = require('passport-dropbox-oauth2').Strategy; var GoogleStrategy = require('passport-google-oauth20').Strategy; +var LdapStrategy = require('passport-ldapauth'); var LocalStrategy = require('passport-local').Strategy; var validator = require('validator'); @@ -110,6 +111,62 @@ if (config.google) { callbackURL: config.serverurl + '/auth/google/callback' }, callback)); } +// ldap +if (config.ldap) { + passport.use(new LdapStrategy({ + server: { + url: config.ldap.url || null, + bindDn: config.ldap.bindDn || null, + bindCredentials: config.ldap.bindCredentials || null, + searchBase: config.ldap.searchBase || null, + searchFilter: config.ldap.searchFilter || null, + searchAttributes: config.ldap.searchAttributes || null, + tlsOptions: config.ldap.tlsOptions || null + }, + }, + function(user, done) { + var profile = { + id: 'LDAP-' + user.uidNumber, + username: user.uid, + displayName: user.displayName, + emails: user.mail ? [user.mail] : [], + avatarUrl: null, + profileUrl: null, + provider: 'ldap', + } + var stringifiedProfile = JSON.stringify(profile); + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile, + } + }).spread(function (user, created) { + if (user) { + var needSave = false; + if (user.profile != stringifiedProfile) { + user.profile = stringifiedProfile; + needSave = true; + } + if (needSave) { + user.save().then(function () { + if (config.debug) + logger.info('user login: ' + user.id); + return done(null, user); + }); + } else { + if (config.debug) + logger.info('user login: ' + user.id); + return done(null, user); + } + } + }).catch(function (err) { + logger.error('ldap auth failed: ' + err); + return done(err, null); + }); + })); +} // email if (config.email) { passport.use(new LocalStrategy({ @@ -130,4 +187,4 @@ if (config.email) { return done(err); }); })); -}
\ No newline at end of file +} diff --git a/lib/config.js b/lib/config.js index c0a7fffe..84f6b3d7 100644 --- a/lib/config.js +++ b/lib/config.js @@ -95,8 +95,44 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE clientID: process.env.HMD_GOOGLE_CLIENTID, clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET } : (config.google && config.google.clientID && config.google.clientSecret) || false; +var ldap = config.ldap || ( + process.env.HMD_LDAP_URL || + process.env.HMD_LDAP_BINDDN || + process.env.HMD_LDAP_BINDCREDENTIALS || + process.env.HMD_LDAP_TOKENSECRET || + process.env.HMD_LDAP_SEARCHBASE || + process.env.HMD_LDAP_SEARCHFILTER || + process.env.HMD_LDAP_SEARCHATTRIBUTES || + process.env.HMD_LDAP_PROVIDERNAME +) || false; +if (ldap == true) + ldap = {}; +if (process.env.HMD_LDAP_URL) + ldap.url = process.env.HMD_LDAP_URL; +if (process.env.HMD_LDAP_BINDDN) + ldap.bindDn = process.env.HMD_LDAP_BINDDN; +if (process.env.HMD_LDAP_BINDCREDENTIALS) + ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS; +if (process.env.HMD_LDAP_TOKENSECRET) + ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET; +if (process.env.HMD_LDAP_SEARCHBASE) + ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE; +if (process.env.HMD_LDAP_SEARCHFILTER) + ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER; +if (process.env.HMD_LDAP_SEARCHATTRIBUTES) + ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES; +if (process.env.HMD_LDAP_TLS_CA) { + var ca = { + ca: process.env.HMD_LDAP_TLS_CA + } + ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca +} +if (process.env.HMD_LDAP_PROVIDERNAME) { + ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME; +} var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false; var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email; +var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true); function getserverurl() { var url = ''; @@ -156,8 +192,10 @@ module.exports = { gitlab: gitlab, dropbox: dropbox, google: google, + ldap: ldap, imgur: imgur, email: email, + allowemailregister: allowemailregister, imageUploadType: imageUploadType, s3: s3, s3bucket: s3bucket diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js new file mode 100644 index 00000000..3afa03fe --- /dev/null +++ b/lib/letter-avatars.js @@ -0,0 +1,25 @@ +"use strict"; + +// external modules +var randomcolor = require('randomcolor'); + +// core +module.exports = function(name) { + var color = randomcolor({ + seed: name, + luminosity: 'dark' + }); + var letter = name.substring(0, 1).toUpperCase(); + + var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'; + svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'; + svg += '<g>'; + svg += '<rect width="96" height="96" fill="' + color + '" />'; + svg += '<text font-size="64px" font-family="sans-serif" text-anchor="middle" fill="#ffffff">'; + svg += '<tspan x="48" y="72" stroke-width=".26458px" fill="#ffffff">' + letter + '</tspan>'; + svg += '</text>'; + svg += '</g>'; + svg += '</svg>'; + + return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64'); +}; diff --git a/lib/models/note.js b/lib/models/note.js index 132f8b1e..86112973 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -23,7 +23,7 @@ var logger = require("../logger.js"); var ot = require("../ot/index.js"); // permission types -var permissionTypes = ["freely", "editable", "locked", "private"]; +var permissionTypes = ["freely", "editable", "limited", "locked", "protected", "private"]; module.exports = function (sequelize, DataTypes) { var Note = sequelize.define("Note", { @@ -333,7 +333,7 @@ module.exports = function (sequelize, DataTypes) { if (meta.slideOptions && (typeof meta.slideOptions == "object")) _meta.slideOptions = meta.slideOptions; } - return _meta; + return _meta; }, updateAuthorshipByOperation: function (operation, userId, authorships) { var index = 0; @@ -532,4 +532,4 @@ module.exports = function (sequelize, DataTypes) { }); return Note; -};
\ No newline at end of file +}; diff --git a/lib/models/user.js b/lib/models/user.js index aaf344de..7d27242c 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -7,6 +7,7 @@ var scrypt = require('scrypt'); // core var logger = require("../logger.js"); +var letterAvatars = require('../letter-avatars.js'); module.exports = function (sequelize, DataTypes) { var User = sequelize.define("User", { @@ -105,6 +106,16 @@ module.exports = function (sequelize, DataTypes) { case "google": photo = profile.photos[0].value.replace(/(\?sz=)\d*$/i, '$196'); break; + case "ldap": + //no image api provided, + //use gravatar if email exists, + //otherwise generate a letter avatar + if (profile.emails[0]) { + photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) + '?s=96'; + } else { + photo = letterAvatars(profile.username); + } + break; } return photo; }, diff --git a/lib/realtime.js b/lib/realtime.js index a662deeb..0f2a6680 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -251,13 +251,13 @@ function getStatus(callback) { return logger.error('count user failed: ' + err); }); }).catch(function (err) { - return logger.error('count note failed: ' + err); + return logger.error('count note failed: ' + err); }); } function isReady() { - return realtime.io - && Object.keys(notes).length == 0 && Object.keys(users).length == 0 + return realtime.io + && Object.keys(notes).length == 0 && Object.keys(users).length == 0 && connectionSocketQueue.length == 0 && !isConnectionBusy && disconnectSocketQueue.length == 0 && !isDisconnectBusy; } @@ -374,7 +374,7 @@ function finishConnection(socket, note, user) { return interruptConnection(socket, note, user); } //check view permission - if (note.permission == 'private') { + if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') { if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) { //na } else { @@ -420,7 +420,7 @@ function finishConnection(socket, note, user) { function startConnection(socket) { if (isConnectionBusy) return; isConnectionBusy = true; - + var noteId = socket.noteId; if (!noteId) { return failConnection(404, 'note id not found', socket); @@ -521,7 +521,7 @@ function disconnect(socket) { logger.info("SERVER disconnected a client"); logger.info(JSON.stringify(users[socket.id])); } - + if (users[socket.id]) { delete users[socket.id]; } @@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) { case "freely": //not blocking anyone break; - case "editable": + case "editable": case "limited": //only login user can change if (!socket.request.user || !socket.request.user.logged_in) mayEdit = false; break; - case "locked": case "private": + case "locked": case "private": case "protected": //only owner can change if (!note.owner || note.owner != socket.request.user.id) mayEdit = false; @@ -652,17 +652,25 @@ function operationCallback(socket, operation) { if (!user) return; userId = socket.request.user.id; if (!note.authors[userId]) { - models.Author.create({ - noteId: noteId, - userId: userId, - color: user.color - }).then(function (author) { - note.authors[author.userId] = { - userid: author.userId, - color: author.color, - photo: user.photo, - name: user.name - }; + models.Author.findOrCreate({ + where: { + noteId: noteId, + userId: userId + }, + defaults: { + noteId: noteId, + userId: userId, + color: user.color + } + }).spread(function (author, created) { + if (author) { + note.authors[author.userId] = { + userid: author.userId, + color: author.color, + photo: user.photo, + name: user.name + }; + } }).catch(function (err) { return logger.error('operation callback failed: ' + err); }); @@ -672,7 +680,7 @@ function operationCallback(socket, operation) { var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id); if (note.server) history.updateHistory(userId, noteId, note.server.document); }, 0); - + } // save authorship note.authorship = models.Note.updateAuthorshipByOperation(operation, userId, note.authorship); @@ -689,10 +697,10 @@ function connection(socket) { } if (isDuplicatedInSocketQueue(socket, connectionSocketQueue)) return; - + // store noteId in this socket session socket.noteId = noteId; - + //initialize user data //random color var color = randomcolor(); @@ -782,7 +790,7 @@ function connection(socket) { var sock = note.socks[i]; if (typeof sock !== 'undefined' && sock) { //check view permission - if (permission == 'private') { + if (permission == 'limited' || permission == 'protected' || permission == 'private') { if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) { //na } else { diff --git a/lib/response.js b/lib/response.js index a0dc8b1f..9014a0a0 100755 --- a/lib/response.js +++ b/lib/response.js @@ -66,7 +66,9 @@ function showIndex(req, res, next) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email, + allowemailregister: config.allowemailregister, signin: req.isAuthenticated(), infoMessage: req.flash('info'), errorMessage: req.flash('error') @@ -94,6 +96,7 @@ function responseHackMD(res, note) { gitlab: config.gitlab, dropbox: config.dropbox, google: config.google, + ldap: config.ldap, email: config.email }); } @@ -122,6 +125,11 @@ function checkViewPermission(req, note) { return false; else return true; + } else if (note.permission == 'limited' || note.permission == 'protected') { + if( !req.isAuthenticated() ) { + return false; + } + return true; } else { return true; } @@ -161,7 +169,7 @@ function showNote(req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId; - var id = LZString.compressToBase64(note.id); + var id = LZString.compressToBase64(note.id); if ((note.alias && noteId != note.alias) || (!note.alias && noteId != id)) return res.redirect(config.serverurl + "/" + (note.alias || id)); return responseHackMD(res, note); @@ -413,7 +421,7 @@ function publishSlideActions(req, res, next) { res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))); break; default: - res.redirect(config.serverurl + '/p/' + note.shortid); + res.redirect(config.serverurl + '/p/' + note.shortid); break; } }); diff --git a/package.json b/package.json index dde6328b..e22f9e73 100644 --- a/package.json +++ b/package.json @@ -85,6 +85,7 @@ "passport-github": "^1.1.0", "passport-gitlab2": "^2.2.0", "passport-google-oauth20": "^1.0.0", + "passport-ldapauth": "^0.6.0", "passport-local": "^1.0.0", "passport-twitter": "^1.0.4", "passport.socketio": "^3.7.0", diff --git a/public/css/index.css b/public/css/index.css index da1823f2..8f483aa7 100644 --- a/public/css/index.css +++ b/public/css/index.css @@ -240,6 +240,9 @@ body { } .dropdown-menu > li > a { cursor: pointer; + text-overflow: ellipsis; + max-width: calc(100vw - 30px); + overflow: hidden; } .dropdown-menu.CodeMirror-other-cursor { transition: none; diff --git a/public/css/site.css b/public/css/site.css index 3685149b..d88f8429 100644 --- a/public/css/site.css +++ b/public/css/site.css @@ -3,7 +3,7 @@ body { font-smoothing: subpixel-antialiased !important; -webkit-font-smoothing: subpixel-antialiased !important; -moz-osx-font-smoothing: auto !important; - text-shadow: 1px 1px 1.2px rgba(0, 0, 0, 0.004); + text-shadow: 0 0 1em transparent, 1px 1px 1.2px rgba(0, 0, 0, 0.004); /*text-rendering: optimizeLegibility;*/ -webkit-overflow-scrolling: touch; font-family: "Source Sans Pro", Helvetica, Arial, sans-serif; diff --git a/public/js/cover.js b/public/js/cover.js index bc04923b..a3ed7784 100644 --- a/public/js/cover.js +++ b/public/js/cover.js @@ -118,9 +118,11 @@ $(".ui-history").click(() => { function checkHistoryList() { if ($("#history-list").children().length > 0) { + $('.pagination').show(); $(".ui-nohistory").hide(); $(".ui-import-from-browser").hide(); } else if ($("#history-list").children().length == 0) { + $('.pagination').hide(); $(".ui-nohistory").slideDown(); getStorageHistory(data => { if (data && data.length > 0 && getLoginState() && historyList.items.length == 0) { diff --git a/public/js/index.js b/public/js/index.js index 3bf42ad4..a7e69e81 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -864,7 +864,9 @@ window.ui = { freely: $(".ui-permission-freely"), editable: $(".ui-permission-editable"), locked: $(".ui-permission-locked"), - private: $(".ui-permission-private") + private: $(".ui-permission-private"), + limited: $(".ui-permission-limited"), + protected: $(".ui-permission-protected") }, delete: $(".ui-delete-note") }, @@ -2254,6 +2256,14 @@ ui.infobar.permission.locked.click(function () { ui.infobar.permission.private.click(function () { emitPermission("private"); }); +//limited +ui.infobar.permission.limited.click(function() { + emitPermission("limited"); +}); +//protected +ui.infobar.permission.protected.click(function() { + emitPermission("protected"); +}); // delete note ui.infobar.delete.click(function () { $('.delete-modal').modal('show'); @@ -2284,10 +2294,18 @@ function updatePermission(newPermission) { label = '<i class="fa fa-shield"></i> Editable'; title = "Signed people can edit"; break; + case "limited": + label = '<i class="fa fa-id-card"></i> Limited'; + title = "Signed people can edit (forbid guest)" + break; case "locked": label = '<i class="fa fa-lock"></i> Locked'; title = "Only owner can edit"; break; + case "protected": + label = '<i class="fa fa-umbrella"></i> Protected'; + title = "Only owner can edit (forbid guest)"; + break; case "private": label = '<i class="fa fa-hand-stop-o"></i> Private'; title = "Only owner can view & edit"; @@ -2309,6 +2327,7 @@ function havePermission() { bool = true; break; case "editable": + case "limited": if (!personalInfo.login) { bool = false; } else { @@ -2317,6 +2336,7 @@ function havePermission() { break; case "locked": case "private": + case "protected": if (!owner || personalInfo.userid != owner) { bool = false; } else { @@ -2933,14 +2953,14 @@ function sortOnlineUserList(list) { else if (usera.idle && !userb.idle) return 1; else { - if (usera.name && usera.name.toLowerCase() < userb.name.toLowerCase()) { + if (usera.name && userb.name && usera.name.toLowerCase() < userb.name.toLowerCase()) { return -1; - } else if (usera.name && usera.name.toLowerCase() > userb.name.toLowerCase()) { + } else if (usera.name && userb.name && usera.name.toLowerCase() > userb.name.toLowerCase()) { return 1; } else { - if (usera.color && usera.color.toLowerCase() < userb.color.toLowerCase()) + if (usera.color && userb.color && usera.color.toLowerCase() < userb.color.toLowerCase()) return -1; - else if (usera.color && usera.color.toLowerCase() > userb.color.toLowerCase()) + else if (usera.color && userb.color && usera.color.toLowerCase() > userb.color.toLowerCase()) return 1; else return 0; diff --git a/public/views/body.ejs b/public/views/body.ejs index 83a82fa3..5ad1733e 100644 --- a/public/views/body.ejs +++ b/public/views/body.ejs @@ -17,7 +17,9 @@ <ul class="dropdown-menu" aria-labelledby="permissionLabel"> <li class="ui-permission-freely"<% if(!allowAnonymous) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li> <li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed people can edit</a></li> + <li class="ui-permission-limited"><a><i class="fa fa-id-card fa-fw"></i> Limited - Signed people can edit (forbid guest)</a></li> <li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li> + <li class="ui-permission-protected"><a><i class="fa fa-umbrella fa-fw"></i> Protected - Only owner can edit (forbid guest)</a></li> <li class="ui-permission-private"><a><i class="fa fa-hand-stop-o fa-fw"></i> Private - Only owner can view & edit</a></li> <li class="divider"></li> <li class="ui-delete-note"><a><i class="fa fa-trash-o fa-fw"></i> Delete this note</a></li> diff --git a/public/views/index.ejs b/public/views/index.ejs index fe900673..b1a1feb4 100644 --- a/public/views/index.ejs +++ b/public/views/index.ejs @@ -58,7 +58,7 @@ <% if (errorMessage && errorMessage.length > 0) { %> <div class="alert alert-danger" style="max-width: 400px; margin: 0 auto;"><%= errorMessage %></div> <% } %> - <% if(facebook || twitter || github || gitlab || dropbox || google || email) { %> + <% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %> <span class="ui-signin"> <br> <a type="button" class="btn btn-lg btn-success ui-signin" data-toggle="modal" data-target=".signin-modal" style="min-width: 170px;"><%= __('Sign In') %></a> @@ -98,7 +98,7 @@ </div> <div id="history" class="section"<% if(!signin) { %> style="display:none;"<% } %>> - <% if(facebook || twitter || github || gitlab || dropbox || google || email) { %> + <% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %> <div class="ui-signin"> <p><%= __('Below is the history from browser') %></p> </div> diff --git a/public/views/signin-modal.ejs b/public/views/signin-modal.ejs index 58d8a690..a8af62e7 100644 --- a/public/views/signin-modal.ejs +++ b/public/views/signin-modal.ejs @@ -38,7 +38,32 @@ <i class="fa fa-google"></i> <%= __('Sign in via %s', 'Google') %> </a> <% } %> - <% if((facebook || twitter || github || gitlab || dropbox || google) && email) { %> + <% if((facebook || twitter || github || gitlab || dropbox || google) && ldap) { %> + <hr> + <% }%> + <% if(ldap) { %> + <h4>Via <% if (ldap.providerName) { %> <%- ldap.providerName %> (LDAP) <% } else { %> LDAP <% } %></h4> + <form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded"> + <div class="form-group"> + <div class="col-sm-12"> + <input type="username" class="form-control" name="username" placeholder="Username" required> + <span class="help-block control-label with-errors" style="display: inline;"></span> + </div> + </div> + <div class="form-group"> + <div class="col-sm-12"> + <input type="password" class="form-control" name="password" placeholder="Password" required> + <span class="help-block control-label with_errors" style="display: inline;"></span> + </div> + </div> + <div class="form-group"> + <div class="col-sm-12"> + <button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/ldap">Sign in</button> + </div> + </div> + </form> + <% } %> + <% if((facebook || twitter || github || gitlab || dropbox || google || ldap) && email) { %> <hr> <% }%> <% if(email) { %> @@ -59,7 +84,7 @@ <div class="form-group"> <div class="col-sm-12"> <button type="submit" class="btn btn-primary" formaction="<%- url %>/login">Sign in</button> - <button type="submit" class="btn btn-default" formaction="<%- url %>/register">Register</button> + <% if(allowemailregister) { %><button type="submit" class="btn btn-default" formaction="<%- url %>/register">Register</button><% }%> </div> </div> </form> @@ -67,4 +92,4 @@ </div> </div> </div> -</div>
\ No newline at end of file +</div> |