summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md5
-rw-r--r--config.json.example4
-rw-r--r--docs/guides/auth.md2
-rw-r--r--lib/config/default.js5
-rw-r--r--lib/config/environment.js11
-rw-r--r--lib/config/utils.js7
-rw-r--r--lib/csp.js7
-rw-r--r--lib/migrations/20180306150303-fix-enum.js11
-rw-r--r--lib/web/auth/ldap/index.js7
-rw-r--r--package.json1
-rw-r--r--public/css/markdown.css16
-rw-r--r--public/js/render.js6
-rw-r--r--webpackBaseConfig.js10
-rw-r--r--yarn.lock77
14 files changed, 66 insertions, 103 deletions
diff --git a/README.md b/README.md
index fb4e2223..7c577bbc 100644
--- a/README.md
+++ b/README.md
@@ -171,11 +171,11 @@ There are some config settings you need to change in the files below.
| `HMD_LDAP_URL` | `ldap://example.com` | URL of LDAP server |
| `HMD_LDAP_BINDDN` | no example | bindDn for LDAP access |
| `HMD_LDAP_BINDCREDENTIALS` | no example | bindCredentials for LDAP access |
-| `HMD_LDAP_TOKENSECRET` | `supersecretkey` | secret used for generating access/refresh tokens |
| `HMD_LDAP_SEARCHBASE` | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
| `HMD_LDAP_SEARCHFILTER` | `(uid={{username}})` | LDAP filter to search with |
| `HMD_LDAP_SEARCHATTRIBUTES` | `displayName, mail` | LDAP attributes to search with (use comma to separate) |
-| `HMD_LDAP_USERNAMEFIELD` | `uid` | The LDAP field which is used as the username on HackMD |
+| `HMD_LDAP_USERIDFIELD` | `uidNumber` or `uid` or `sAMAccountName` | The LDAP field which is used uniquely identify a user on HackMD |
+| `HMD_LDAP_USERNAMEFIELD` | Fallback to userid | The LDAP field which is used as the username on HackMD |
| `HMD_LDAP_TLS_CA` | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
| `HMD_LDAP_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| `HMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |
@@ -207,6 +207,7 @@ There are some config settings you need to change in the files below.
| `HMD_HSTS_MAX_AGE` | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
| `HMD_HSTS_PRELOAD` | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
| `HMD_CSP_ENABLE` | `true` | whether to enable Content Security Policy (directives cannot be configured with environment variables) |
+| `HMD_CSP_REPORTURI` | `https://<someid>.report-uri.com/r/d/csp/enforce` | Allows to add a URL for CSP reports in case of violations |
## Application settings `config.json`
diff --git a/config.json.example b/config.json.example
index 66a0227c..8d1b6abd 100644
--- a/config.json.example
+++ b/config.json.example
@@ -74,11 +74,11 @@
"url": "ldap://change_this",
"bindDn": null,
"bindCredentials": null,
- "tokenSecret": "change this",
"searchBase": "change this",
"searchFilter": "change this",
"searchAttributes": ["change this"],
- "usernameField": "change this e.g. uid",
+ "usernameField": "change this e.g. cn",
+ "useridField": "change this e.g. uid",
"tlsOptions": {
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
}
diff --git a/docs/guides/auth.md b/docs/guides/auth.md
index 4f9ce445..aa629489 100644
--- a/docs/guides/auth.md
+++ b/docs/guides/auth.md
@@ -161,7 +161,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned above
* `attribute.id`: A primary key of user table for your HackMD
* `attribute.username`: Attribute name of displaying user name on HackMD
* `attribute.email`: Attribute name of email address, which will be also used for Gravatar
- * _Note: Default value of all attributes is NameID of SAML response, which is email address if `idfentifierFormat` is default._
+ * _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._
* config.json:
````javascript
{
diff --git a/lib/config/default.js b/lib/config/default.js
index 38dc21a4..7407ec60 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -18,7 +18,8 @@ module.exports = {
directives: {
},
addDefaults: true,
- upgradeInsecureRequests: 'auto'
+ upgradeInsecureRequests: 'auto',
+ reportURI: undefined
},
protocolusessl: false,
usecdn: true,
@@ -110,11 +111,11 @@ module.exports = {
url: undefined,
bindDn: undefined,
bindCredentials: undefined,
- tokenSecret: undefined,
searchBase: undefined,
searchFilter: undefined,
searchAttributes: undefined,
usernameField: undefined,
+ useridField: undefined,
tlsca: undefined
},
saml: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 640f9e07..ddc09e10 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -1,11 +1,11 @@
'use strict'
-const {toBooleanConfig, toArrayConfig} = require('./utils')
+const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
module.exports = {
domain: process.env.HMD_DOMAIN,
urlpath: process.env.HMD_URL_PATH,
- port: process.env.HMD_PORT,
+ port: toIntegerConfig(process.env.HMD_PORT),
urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
usessl: toBooleanConfig(process.env.HMD_USESSL),
hsts: {
@@ -15,7 +15,8 @@ module.exports = {
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
csp: {
- enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+ enable: toBooleanConfig(process.env.HMD_CSP_ENABLE),
+ reportURI: process.env.HMD_CSP_REPORTURI
},
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
@@ -39,7 +40,7 @@ module.exports = {
secretKey: process.env.HMD_MINIO_SECRET_KEY,
endPoint: process.env.HMD_MINIO_ENDPOINT,
secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
- port: process.env.HMD_MINIO_PORT
+ port: toIntegerConfig(process.env.HMD_MINIO_PORT)
},
s3bucket: process.env.HMD_S3_BUCKET,
facebook: {
@@ -79,11 +80,11 @@ module.exports = {
url: process.env.HMD_LDAP_URL,
bindDn: process.env.HMD_LDAP_BINDDN,
bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
- tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
searchBase: process.env.HMD_LDAP_SEARCHBASE,
searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
+ useridField: process.env.HMD_LDAP_USERIDFIELD,
tlsca: process.env.HMD_LDAP_TLS_CA
},
saml: {
diff --git a/lib/config/utils.js b/lib/config/utils.js
index 9ff2f96d..b2406cf1 100644
--- a/lib/config/utils.js
+++ b/lib/config/utils.js
@@ -13,3 +13,10 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa
}
return fallback
}
+
+exports.toIntegerConfig = function toIntegerConfig (configValue) {
+ if (configValue && typeof configValue === 'string') {
+ return parseInt(configValue)
+ }
+ return configValue
+}
diff --git a/lib/csp.js b/lib/csp.js
index 509bc530..b46ae8ef 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -30,6 +30,7 @@ CspStrategy.computeDirectives = function () {
addInlineScriptExceptions(directives)
}
addUpgradeUnsafeRequestsOptionTo(directives)
+ addReportURI(directives)
return directives
}
@@ -72,6 +73,12 @@ function addUpgradeUnsafeRequestsOptionTo (directives) {
}
}
+function addReportURI (directives) {
+ if (config.csp.reportURI) {
+ directives.reportUri = config.csp.reportURI
+ }
+}
+
CspStrategy.addNonceToLocals = function (req, res, next) {
res.locals.nonce = uuid.v4()
next()
diff --git a/lib/migrations/20180306150303-fix-enum.js b/lib/migrations/20180306150303-fix-enum.js
new file mode 100644
index 00000000..0ee58a94
--- /dev/null
+++ b/lib/migrations/20180306150303-fix-enum.js
@@ -0,0 +1,11 @@
+'use strict'
+
+module.exports = {
+ up: function (queryInterface, Sequelize) {
+ queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'limited', 'locked', 'protected', 'private')})
+ },
+
+ down: function (queryInterface, Sequelize) {
+ queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'locked', 'private')})
+ }
+}
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index cc0d29ad..1a5c9938 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -24,8 +24,11 @@ passport.use(new LDAPStrategy({
}
}, function (user, done) {
var uuid = user.uidNumber || user.uid || user.sAMAccountName
- var username = uuid
+ if (config.ldap.useridField && user[config.ldap.useridField]) {
+ uuid = user[config.ldap.useridField]
+ }
+ var username = uuid
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
username = user[config.ldap.usernameField]
}
@@ -34,7 +37,7 @@ passport.use(new LDAPStrategy({
id: 'LDAP-' + uuid,
username: username,
displayName: user.displayName,
- emails: user.mail ? [user.mail] : [],
+ emails: user.mail ? Array.isArray(user.mail) ? user.mail : [user.mail] : [],
avatarUrl: null,
profileUrl: null,
provider: 'ldap'
diff --git a/package.json b/package.json
index beb01122..58e2afff 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,6 @@
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
"ejs": "^2.5.5",
"emojify.js": "~1.1.0",
- "engine.io-client": "^1.8.2",
"express": ">=4.14",
"express-session": "^1.14.2",
"file-saver": "^1.3.3",
diff --git a/public/css/markdown.css b/public/css/markdown.css
index 36e45781..eaa9ab5c 100644
--- a/public/css/markdown.css
+++ b/public/css/markdown.css
@@ -190,10 +190,22 @@
}
/* Make details boxes look like on GitHub */
+.markdown-body summary {
+ display: list-item;
+}
+
+.markdown-body summary:focus {
+ outline: none;
+}
+
.markdown-body details summary {
cursor: pointer;
}
-.markdown-body summary {
- display: list-item;
+.markdown-body details:not([open]) > *:not(summary) {
+ display: none;
+}
+
+.markdown-body figure {
+ margin: 1em 40px;
}
diff --git a/public/js/render.js b/public/js/render.js
index 860f8272..23b8934e 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -19,12 +19,12 @@ whiteList['style'] = []
whiteList['kbd'] = []
// allow ifram tag with some safe attributes
whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height']
-// allow details tag
-whiteList['details'] = []
-// allow summary tag for details
+// allow summary tag
whiteList['summary'] = []
// allow ruby tag
whiteList['ruby'] = []
+// allow rp tag for ruby
+whiteList['rp'] = []
// allow rt tag for ruby
whiteList['rt'] = []
// allow figure tag
diff --git a/webpackBaseConfig.js b/webpackBaseConfig.js
index 41a63e7d..e8630841 100644
--- a/webpackBaseConfig.js
+++ b/webpackBaseConfig.js
@@ -355,10 +355,7 @@ module.exports = {
},
resolve: {
- modulesDirectories: [
- path.resolve(__dirname, 'src'),
- path.resolve(__dirname, 'node_modules')
- ],
+ modulesDirectories: ['node_modules'],
extensions: ['', '.js'],
alias: {
codemirror: path.join(__dirname, 'node_modules/codemirror/codemirror.min.js'),
@@ -374,7 +371,8 @@ module.exports = {
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
- abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js')
+ abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
+ raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')
}
},
@@ -407,7 +405,7 @@ module.exports = {
loader: ExtractTextPlugin.extract('style-loader', 'less-loader')
}, {
test: require.resolve('js-sequence-diagrams'),
- loader: 'imports?_=lodash&Raphael=raphael'
+ loader: 'imports?_=lodash&Raphael=raphael&eve=eve'
}, {
test: /\.eot(\?v=\d+\.\d+\.\d+)?$/,
loader: 'file'
diff --git a/yarn.lock b/yarn.lock
index 9d3e1167..b19ecaa8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -230,10 +230,6 @@ array.prototype.find@^2.0.1:
define-properties "^1.1.2"
es-abstract "^1.7.0"
-arraybuffer.slice@0.0.6:
- version "0.0.6"
- resolved "https://registry.yarnpkg.com/arraybuffer.slice/-/arraybuffer.slice-0.0.6.tgz#f33b2159f0532a3f3107a272c0ccfbd1ad2979ca"
-
arraybuffer.slice@~0.0.7:
version "0.0.7"
resolved "https://registry.yarnpkg.com/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz#3bbc4275dd584cc1b10809b89d4e8b63a69e7675"
@@ -1720,12 +1716,6 @@ debug@2.2.0:
dependencies:
ms "0.7.1"
-debug@2.3.3:
- version "2.3.3"
- resolved "https://registry.yarnpkg.com/debug/-/debug-2.3.3.tgz#40c453e67e6e13c901ddec317af8986cda9eff8c"
- dependencies:
- ms "0.7.2"
-
debug@2.6.7:
version "2.6.7"
resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.7.tgz#92bad1f6d05bbb6bba22cca88bcd0ec894c2861e"
@@ -2020,23 +2010,6 @@ end-of-stream@~0.1.5:
dependencies:
once "~1.3.0"
-engine.io-client@^1.8.2:
- version "1.8.4"
- resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-1.8.4.tgz#9fe85dee25853ca6babe25bd2ad68710863e91c2"
- dependencies:
- component-emitter "1.2.1"
- component-inherit "0.0.3"
- debug "2.3.3"
- engine.io-parser "1.3.2"
- has-cors "1.1.0"
- indexof "0.0.1"
- parsejson "0.0.3"
- parseqs "0.0.5"
- parseuri "0.0.5"
- ws "1.1.2"
- xmlhttprequest-ssl "1.5.3"
- yeast "0.1.2"
-
engine.io-client@~3.1.0:
version "3.1.4"
resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.1.4.tgz#4fcf1370b47163bd2ce9be2733972430350d4ea1"
@@ -2053,17 +2026,6 @@ engine.io-client@~3.1.0:
xmlhttprequest-ssl "~1.5.4"
yeast "0.1.2"
-engine.io-parser@1.3.2:
- version "1.3.2"
- resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-1.3.2.tgz#937b079f0007d0893ec56d46cb220b8cb435220a"
- dependencies:
- after "0.8.2"
- arraybuffer.slice "0.0.6"
- base64-arraybuffer "0.1.5"
- blob "0.0.4"
- has-binary "0.1.7"
- wtf-8 "1.0.0"
-
engine.io-parser@~2.1.0, engine.io-parser@~2.1.1:
version "2.1.2"
resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.1.2.tgz#4c0f4cff79aaeecbbdcfdea66a823c6085409196"
@@ -3149,12 +3111,6 @@ has-binary2@~1.0.2:
dependencies:
isarray "2.0.1"
-has-binary@0.1.7:
- version "0.1.7"
- resolved "https://registry.yarnpkg.com/has-binary/-/has-binary-0.1.7.tgz#68e61eb16210c9545a0a5cce06a873912fe1e68c"
- dependencies:
- isarray "0.0.1"
-
has-color@~0.1.0:
version "0.1.7"
resolved "https://registry.yarnpkg.com/has-color/-/has-color-0.1.7.tgz#67144a5260c34fc3cca677d041daf52fe7b78b2f"
@@ -4728,10 +4684,6 @@ ms@0.7.1:
version "0.7.1"
resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098"
-ms@0.7.2:
- version "0.7.2"
- resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.2.tgz#ae25cf2512b3885a1d95d7f037868d8431124765"
-
ms@2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
@@ -5051,10 +5003,6 @@ optionator@^0.8.1, optionator@^0.8.2:
type-check "~0.3.2"
wordwrap "~1.0.0"
-options@>=0.0.5:
- version "0.0.6"
- resolved "https://registry.yarnpkg.com/options/-/options-0.0.6.tgz#ec22d312806bb53e731773e7cdaefcf1c643128f"
-
orchestrator@^0.3.0:
version "0.3.8"
resolved "https://registry.yarnpkg.com/orchestrator/-/orchestrator-0.3.8.tgz#14e7e9e2764f7315fbac184e506c7aa6df94ad7e"
@@ -5176,12 +5124,6 @@ parse5@^1.5.1:
version "1.5.1"
resolved "https://registry.yarnpkg.com/parse5/-/parse5-1.5.1.tgz#9b7f3b0de32be78dc2401b17573ccaf0f6f59d94"
-parsejson@0.0.3:
- version "0.0.3"
- resolved "https://registry.yarnpkg.com/parsejson/-/parsejson-0.0.3.tgz#ab7e3759f209ece99437973f7d0f1f64ae0e64ab"
- dependencies:
- better-assert "~1.0.0"
-
parseqs@0.0.5:
version "0.0.5"
resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.5.tgz#d5208a3738e46766e291ba2ea173684921a8b89d"
@@ -7205,10 +7147,6 @@ uid2@0.0.x:
version "0.0.3"
resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.3.tgz#483126e11774df2f71b8b639dcd799c376162b82"
-ultron@1.0.x:
- version "1.0.2"
- resolved "https://registry.yarnpkg.com/ultron/-/ultron-1.0.2.tgz#ace116ab557cd197386a4e88f4685378c8b2e4fa"
-
ultron@~1.1.0:
version "1.1.1"
resolved "https://registry.yarnpkg.com/ultron/-/ultron-1.1.1.tgz#9fe1536a10a664a65266a1e3ccf85fd36302bc9c"
@@ -7647,13 +7585,6 @@ write@^0.2.1:
dependencies:
mkdirp "^0.5.1"
-ws@1.1.2:
- version "1.1.2"
- resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.2.tgz#8a244fa052401e08c9886cf44a85189e1fd4067f"
- dependencies:
- options ">=0.0.5"
- ultron "1.0.x"
-
ws@~3.3.1:
version "3.3.3"
resolved "https://registry.yarnpkg.com/ws/-/ws-3.3.3.tgz#f1cf84fe2d5e901ebce94efaece785f187a228f2"
@@ -7662,10 +7593,6 @@ ws@~3.3.1:
safe-buffer "~5.1.0"
ultron "~1.1.0"
-wtf-8@1.0.0:
- version "1.0.0"
- resolved "https://registry.yarnpkg.com/wtf-8/-/wtf-8-1.0.0.tgz#392d8ba2d0f1c34d1ee2d630f15d0efb68e1048a"
-
x-xss-protection@1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/x-xss-protection/-/x-xss-protection-1.0.0.tgz#898afb93869b24661cf9c52f9ee8db8ed0764dd9"
@@ -7731,10 +7658,6 @@ xmldom@=0.1.19:
version "0.1.19"
resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.1.19.tgz#631fc07776efd84118bf25171b37ed4d075a0abc"
-xmlhttprequest-ssl@1.5.3:
- version "1.5.3"
- resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.3.tgz#185a888c04eca46c3e4070d99f7b49de3528992d"
-
xmlhttprequest-ssl@~1.5.4:
version "1.5.5"
resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz#c2876b06168aadc40e57d97e81191ac8f4398b3e"