diff --git a/README.md b/README.md index 19806737..942857c1 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,7 @@ [![Build + Publish](https://github.com/Requarks/wiki/actions/workflows/build.yml/badge.svg)](https://github.com/Requarks/wiki/actions/workflows/build.yml) [![Huntr](https://img.shields.io/badge/security%20bounty-disclose-brightgreen.svg?style=flat&logo=cachet&logoColor=white)](https://huntr.dev/bounties/disclose) [![GitHub Sponsors](https://img.shields.io/github/sponsors/ngpixel?logo=github&color=ea4aaa)](https://github.com/users/NGPixel/sponsorship) -[![Open Collective backers and sponsors](https://img.shields.io/opencollective/all/wikijs?label=backers&color=218bff&logo=opencollective&logoColor=white)](https://opencollective.com/wikijs) -[![Subscribe to Newsletter](https://img.shields.io/badge/newsletter-subscribe-yellow.svg?style=flat&logo=mailchimp&logoColor=white)](https://blog.js.wiki/subscribe) +[![Open Collective backers and sponsors](https://img.shields.io/opencollective/all/wikijs?label=backers&color=218bff&logo=opencollective&logoColor=white)](https://opencollective.com/wikijs) [![Chat on Slack](https://img.shields.io/badge/slack-requarks-CC2B5E.svg?style=flat&logo=slack)](https://wiki.requarks.io/slack) [![Follow on Twitter](https://img.shields.io/badge/twitter-%40requarks-blue.svg?style=flat&logo=twitter&logoColor=white)](https://twitter.com/requarks) [![Follow on Telegram](https://img.shields.io/badge/telegram-%40wiki__js-blue.svg?style=flat&logo=telegram)](https://t.me/wiki_js) @@ -81,8 +80,8 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - - + + @@ -94,6 +93,11 @@ Support this project by becoming a sponsor. Your name will show up in the Contri + + + + - - - -
+ + + + Alexander Casassovici
(@alexksso) @@ -114,6 +118,13 @@ Support this project by becoming a sponsor. Your name will show up in the Contri 		+ + + +
Jay Daley
(@JayDaley) @@ -124,8 +135,6 @@ Support this project by becoming a sponsor. Your name will show up in the Contri Oleksii
(@idokka)
@@ -136,16 +145,6 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - - - - - - - - @@ -168,6 +167,7 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - Cloud Data Hosting LLC ([@CloudDataHostingLLC](https://github.com/CloudDataHostingLLC)) - Cole Manning ([@RVRX](https://github.com/RVRX)) - CrazyMarvin ([@CrazyMarvin](https://github.com/CrazyMarvin)) +- Daniel Horner ([@danhorner](https://github.com/danhorner)) - David Christian Holin ([@SirGibihm](https://github.com/SirGibihm)) - Dragan Espenschied ([@despens](https://github.com/despens)) - Elijah Zobenko ([@he110](https://github.com/he110)) @@ -215,6 +215,7 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - ameyrakheja ([@ameyrakheja](https://github.com/ameyrakheja)) - aniketpanjwani ([@aniketpanjwani](https://github.com/aniketpanjwani)) - aytaa ([@aytaa](https://github.com/aytaa)) +- cesar ([@cesarnr21](https://github.com/cesarnr21)) - chaee ([@chaee](https://github.com/chaee)) - lwileczek ([@lwileczek](https://github.com/lwileczek)) - magicpotato ([@fortheday](https://github.com/fortheday)) @@ -399,6 +400,7 @@ Thank you to all our patrons! 🙏 [[Become a patron](https://www.patreon.com/re
+- Aeternum - Al Romano - Alex Balabanov - Alex Milanov @@ -423,11 +425,11 @@ Thank you to all our patrons! 🙏 [[Become a patron](https://www.patreon.com/re - Ian - Imari Childress - Iskander Callos -- Josh Stewart +- Josh Stewart - Justin Dunsworth - Keir - Loïc CRAMPON diff --git a/client/components/admin/admin-security.vue b/client/components/admin/admin-security.vue index 7a8d305b..8c062c52 100644 --- a/client/components/admin/admin-security.vue +++ b/client/components/admin/admin-security.vue @@ -265,7 +265,7 @@ export default { securityOpenRedirect: true, securityIframe: true, securityReferrerPolicy: true, - securityTrustProxy: true, + securityTrustProxy: false, securitySRI: true, securityHSTS: false, securityHSTSDuration: 0, diff --git a/client/components/editor/editor-markdown.vue b/client/components/editor/editor-markdown.vue index 04b5c6aa..4ca6e192 100644 --- a/client/components/editor/editor-markdown.vue +++ b/client/components/editor/editor-markdown.vue @@ -200,7 +200,7 @@ import 'codemirror/addon/fold/foldgutter.css' import MarkdownIt from 'markdown-it' import mdAttrs from 'markdown-it-attrs' import mdDecorate from 'markdown-it-decorate' -import mdEmoji from 'markdown-it-emoji' +import { full as mdEmoji } from 'markdown-it-emoji' import mdTaskLists from 'markdown-it-task-lists' import mdExpandTabs from 'markdown-it-expand-tabs' import mdAbbr from 'markdown-it-abbr' diff --git a/package.json b/package.json index e78c91b1..d6723534 100644 --- a/package.json +++ b/package.json @@ -109,7 +109,7 @@ "markdown-it-abbr": "1.0.4", "markdown-it-attrs": "3.0.3", "markdown-it-decorate": "1.2.2", - "markdown-it-emoji": "1.4.0", + "markdown-it-emoji": "3.0.0", "markdown-it-expand-tabs": "1.0.13", "markdown-it-external-links": "0.0.6", "markdown-it-footnote": "3.0.3", diff --git a/server/app/data.yml b/server/app/data.yml index 7c3d0803..0cd628a6 100644 --- a/server/app/data.yml +++ b/server/app/data.yml @@ -85,7 +85,7 @@ defaults: securityOpenRedirect: true securityIframe: true securityReferrerPolicy: true - securityTrustProxy: true + securityTrustProxy: false securitySRI: true securityHSTS: false securityHSTSDuration: 300 diff --git a/server/modules/authentication/saml/authentication.js b/server/modules/authentication/saml/authentication.js index 6eeef27a..13248907 100644 --- a/server/modules/authentication/saml/authentication.js +++ b/server/modules/authentication/saml/authentication.js @@ -56,6 +56,26 @@ module.exports = { picture: _.get(profile, conf.mappingPicture, '') } }) + + // map users provider groups to wiki groups with the same name, and remove any groups that don't match + // Code copied from the LDAP implementation with a slight variation on the field we extract the value from + // In SAML v2 groups come in profile.attributes and can be 1 string or an array of strings + if (conf.mapGroups) { + const maybeArrayOfGroups = _.get(profile.attributes, conf.mappingGroups) + const groups = (maybeArrayOfGroups && !_.isArray(maybeArrayOfGroups)) ? [maybeArrayOfGroups] : maybeArrayOfGroups + + if (groups && _.isArray(groups)) { + const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id) + const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id) + for (const groupId of _.difference(expectedGroups, currentGroups)) { + await user.$relatedQuery('groups').relate(groupId) + } + for (const groupId of _.difference(currentGroups, expectedGroups)) { + await user.$relatedQuery('groups').unrelate().where('groupId', groupId) + } + } + } + cb(null, user) } catch (err) { cb(err, null) diff --git a/server/modules/authentication/saml/definition.yml b/server/modules/authentication/saml/definition.yml index bfb24d15..c39dd731 100644 --- a/server/modules/authentication/saml/definition.yml +++ b/server/modules/authentication/saml/definition.yml @@ -162,3 +162,15 @@ props: default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/picture' hint: The field storing the user avatar picture. Can be a variable name or a URI-formatted string. order: 43 + mapGroups: + type: Boolean + title: Map Groups + hint: Map groups matching names from the provider user groups. User Groups Field Mapping must also be defined for this to work. Note this will remove any groups the user has that doesn't match any group from the provider. + default: false + order: 44 + mappingGroups: + title: User Groups Field Mapping + type: String + default: 'memberOf' + hint: The field storing the user groups attribute (when Map Groups is enabled). Can be a variable name or a URI-formatted string. + order: 45 diff --git a/server/modules/comments/default/comment.js b/server/modules/comments/default/comment.js index fa819c8b..10948f3e 100644 --- a/server/modules/comments/default/comment.js +++ b/server/modules/comments/default/comment.js @@ -1,5 +1,5 @@ const md = require('markdown-it') -const mdEmoji = require('markdown-it-emoji') +const { full: mdEmoji } = require('markdown-it-emoji') const { JSDOM } = require('jsdom') const createDOMPurify = require('dompurify') const _ = require('lodash') diff --git a/server/modules/rendering/html-image-prefetch/definition.yml b/server/modules/rendering/html-image-prefetch/definition.yml index bf7a65df..4a4d2b14 100644 --- a/server/modules/rendering/html-image-prefetch/definition.yml +++ b/server/modules/rendering/html-image-prefetch/definition.yml @@ -1,6 +1,6 @@ key: htmlImagePrefetch title: Image Prefetch -description: Prefetch remotely rendered images (korki/plantuml) +description: Prefetch remotely rendered images (kroki/plantuml) author: requarks.io icon: mdi-cloud-download-outline enabledDefault: false diff --git a/server/modules/rendering/markdown-emoji/renderer.js b/server/modules/rendering/markdown-emoji/renderer.js index 331b97ef..0c7e7407 100644 --- a/server/modules/rendering/markdown-emoji/renderer.js +++ b/server/modules/rendering/markdown-emoji/renderer.js @@ -1,4 +1,4 @@ -const mdEmoji = require('markdown-it-emoji') +const { full: mdEmoji } = require('markdown-it-emoji') const twemoji = require('twemoji') // ------------------------------------ diff --git a/yarn.lock b/yarn.lock index d7003475..6ac6a6f4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13146,10 +13146,10 @@ markdown-it-decorate@1.2.2: resolved "https://registry.yarnpkg.com/markdown-it-decorate/-/markdown-it-decorate-1.2.2.tgz#f1e11d11d837ae78906198f8a2c974f0e646acb7" integrity sha512-7BFWJ97KBXgkaPVjKHISQnhSW8RWQ7yRNXpr8pPUV2Rw4GHvGrgb6CelKCM+GSijP0uSLCAVfc/knWIz+2v/Sw== -markdown-it-emoji@1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/markdown-it-emoji/-/markdown-it-emoji-1.4.0.tgz#9bee0e9a990a963ba96df6980c4fddb05dfb4dcc" - integrity sha512-QCz3Hkd+r5gDYtS2xsFXmBYrgw6KuWcJZLCEkdfAuwzZbShCmCfta+hwAMq4NX/4xPzkSHduMKgMkkPUJxSXNg== +markdown-it-emoji@3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/markdown-it-emoji/-/markdown-it-emoji-3.0.0.tgz#8475a04d671d7c93f931b76fb90c582768b7f0b5" + integrity sha512-+rUD93bXHubA4arpEZO3q80so0qgoFJEKRkRbjKX8RTdca89v2kfyF+xR3i2sQTwql9tpPZPOQN5B+PunspXRg== markdown-it-expand-tabs@1.0.13: version "1.0.13"