NGPixel
e84c15b926
fix: scanSVG incorrect ext reference ( #4825 )
3 years ago
cybrwshl
802dbd96c3
feat: extends plausible analytics to support self hosted installations ( #4824 )
3 years ago
NGPixel
79bdd44093
fix: force download of unsafe extensions
3 years ago
NGPixel
57b56d3a5b
fix: validate svg file extension in addition to client mime type
3 years ago
NGPixel
5d3e81496f
fix: sanitize SVG uploads
3 years ago
NGPixel
5173c4802e
fix: use replace instead of replaceAll to support pre-Node16
3 years ago
NGPixel
414033de9d
fix: asset path traversal on windows
3 years ago
Nicolas Giard
87fcfca6d7
feat: add Plausible Analytics module
3 years ago
NGPixel
5911867b21
fix: various OAuth2 fixes
3 years ago
Artur Shaik
87084c66b0
feat: Generic OAuth2 authentication implementation ( #3094 )
...
* OAuth2 authentication implementation
This PR shoul fix #2392 . Used `passport-oauth2` strategy.
* indentations cleanup
* cleanup code
3 years ago
broxen
12aef93cd6
fix: remove excess div wrappers ( #4528 )
...
* Removing superfluous div wrapping
It seems like standalone text is already wrapped in paragraph elements, so this code seems superfluous. Additionally, it adds div wrappers at every line break as described in #4524
* Fix for newlines and returns
This change skips newlines and returns to focus on unbounded text only.
* misc: fix indentation
* misc: fix indentation (2)
Co-authored-by: Nicolas Giard <github@ngpixel.com>
3 years ago
mordini
d93bd1ad5a
fix: git storage - 'import everything' feature restored ( #4559 ) ( #4572 )
3 years ago
broxen
db73b650c9
fix: issue with Custom Header IDs ( #4527 )
...
Fix the issue described in discussion #3502 regarding header links and TOC failing to properly generate when header ID is custom defined.
3 years ago
Beh
ed3925b1c5
fix: use first email address in Rocket.Chat auth response ( #3122 )
3 years ago
craph
3814eef922
fix: admin email setup toLowerCase ( #4516 )
3 years ago
Frederic Alix
8d1f752620
feat: add possibility to set PostgreSQL schema other than public ( #4161 )
3 years ago
Paul Saunders
66bf914725
fix: scheduled git sync task ( #4481 )
...
Signed-off-by: Paul Saunders <paul.saunders@finbourne.com>
Co-authored-by: Rainshaw <rxg@live.com>
3 years ago
Rainshaw
1dc974245f
fix: sftp error when dir already exists ( #4024 )
...
when the dir exists, sftp.mkdir() would raise an error and ends the for loop.
3 years ago
Andrew Yefanov
94aab69ba8
fix: add beacon and error beacon newrelic parameters for eu region support ( #4421 )
...
* add beacon and error beacon newrelic parameters for eu region support
* add default NewRelic beacon URIs
3 years ago
NGPixel
d5a5820c2f
fix: remove unused middleware
3 years ago
Eric Knibbe
c5a45e578e
fix: git storage - handle renamed files & assets ( #4307 )
3 years ago
Étienne
9864be884d
fix: replace passport-slack implementation ( #4369 )
...
This commit replaces the observably defunct @aoberoi/passport-slack
implementation with that of nmaves's passport-slack-oauth2
3 years ago
Denis
ee8006892e
feat: add support of `hd` auth parameter to work with G Suite domains ( #4010 )
...
* Add support of hd google auth parameter - to work with G Suite domains
* Style-fix
* fix: google auth hostedDomain hint
Co-authored-by: Nicolas Giard <github@ngpixel.com>
4 years ago
opalmay
9081232e7c
fix: disallow # char in file uploads ( #3770 )
4 years ago
LK HO
a103127545
fix: graceful shutdown ( #3821 )
...
* fix: missing graceful shutdown handler
* fix: asar - use async fs operation
* fix: scheduler - graceful shutdown and wait for running jobs to complete
4 years ago
LK HO
71aa0c9346
fix: jobs/worker - pass through job error from worker process ( #3822 )
4 years ago
LK HO
a20f70ed8d
fix: rendering/html-core - null checks ( #3823 )
4 years ago
NGPixel
f55caab359
fix: convert page - handle tabsets
4 years ago
NGPixel
84b927915e
fix: convert page - task list + UI fixes
4 years ago
NGPixel
26f1c0f372
feat: convert page
4 years ago
NGPixel
d75c5532d1
fix: handle raw mustache expressions over multiple lines
4 years ago
NGPixel
c57c9d9018
fix: disable cors
4 years ago
Max
033b8e6b21
fix: S3 copyObject usage - Missing bucket name ( #3745 )
...
* Fix copyObject usage: supply bucket name
* No semicolon
* Assign empty string on initialization
* Remove empty line
4 years ago
PaulD987
3f001dca2c
fix: loginRedirect doesn't work for non local strategies ( #3222 )
4 years ago
pylr
e87d511978
fix: HSTS header max-age value ( #3225 )
4 years ago
NGPixel
5ffa189383
fix: add v-pre to pre tags at render time
4 years ago
Thomas Nilefalk
919d7c12a1
fix: syntax error in rebuild-tree.js ( #3048 )
4 years ago
Paul
806e4e8f11
fix: get syncInterval from model instead of module data ( #3003 )
4 years ago
Kevyn Bruyere
b106018029
fix: LDAP - avoid reading empty tls cert file ( #2980 )
...
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
4 years ago
scienceasdf
4b80bab88e
fix: rebuilding tree error when the page number is large enough in sqlite ( #2830 )
...
When the total page number is large enough (usually about 80+), sqlite will throw error: "Too many variables". This commit reduces the chunk size for sqlite configuration.
4 years ago
Adrián Martínez Interactiv4
52304a8149
fix: update storage.js to match pageHelper.injectPageMetadata ( #2832 )
...
* Update storage.js to match pageHelper.injectPageMetadata
At pageHelper.injectPageMetadata references editorKey and tags to build metadata, but this data seems not to be supplied to this function, since page object is only built from specified columns.
As a result, tags are always empty when exporting pages, and editor key appears as undefined.
It happens also with git storage, but may happen with another storage providers.
I run into this issue running Wiki.js 2.5.170 with the following Docker stack:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39373979b693 requarks/wiki:2 "docker-entrypoint.s…" 44 minutes ago Up 9 minutes 0.0.0.0:80->3000/tcp, 0.0.0.0:443->3443/tcp wiki
608de6278aaa requarks/wiki-update-companion:latest "dotnet wiki-update-…" 5 months ago Up 6 hours 80/tcp wiki-update-companion
12c7b35ba295 postgres:11 "docker-entrypoint.s…" 5 months ago Up 6 hours 5432/tcp db
* Provide id to allow to query for tags
* Update git storage to provide editorKey and tags
4 years ago
drewblin
063251248c
fix: set autocommit for mysql ( #2638 )
...
If in server config mysql has autocommit = 0, then wikijs fails with locks like this:
```
2020-10-30T12:56:51.725Z [JOB] error: Rebuilding page tree: [ FAILED ]
2020-10-30T12:56:51.726Z [JOB] error: truncate `pageTree` - Lock wait timeout exceeded; try restarting transaction
```
4 years ago
scienceasdf
d7d00b44f6
fix: search engine broken when renaming or moving pages ( #2815 )
...
For building suggest in elasticsearch, the safeContent field will be splitted into arrays. If the page is renamed or moved, the server will throw error: "Cannot read property 'split' of Undefined", and the index will be broken. Here two lines are added to fix this issue.
4 years ago
scienceasdf
d89224405c
feat: set analyzer for elasticsearch ( #2793 )
...
* Feature: Custom configuration for elasticsearch
For better search results especially in Chinese, which the standard token analyzer may not work well.
* Set default analyzer in settings when building index
* Remove dangling comma
4 years ago
Eric Knibbe
d04e33eb6b
fix: use absolute URL for logo in email if path relative ( #2628 )
4 years ago
avioral
089b7850d9
fix: broken draw io diagram on rtl mode, improve elasticsearch config ( #2647 )
...
* - Modify elastic settings
- Add tags field to index
- Modify elastic search query
- Remove empty entities from build suggests list
* Fix map parser error
* - Fix broken drawio svg diagram (rtl issue)
* - Restore the spaces in objects to respect the project formatting rules.
- Omit explanation line
4 years ago
YAEGASHI Takeshi
a3513b1bdf
fix: enable passport-azure-ad workaround for SameSite cookies ( #2567 )
...
This adds cookieEncryptionKeyString configuration in the Azure AD
authentication module. It represents an array of cookie encryption
strings and enables workaround for SameSite cookies.
4 years ago
Chris
a6bf2412d7
fix: superscript typo in module definition.yml ( #2577 )
...
Fix spelling of "superscript"
***NO_CI***
4 years ago
Nicolas Giard
04a1896811
fix: revert refactor in markdown-kroki and plantuml modules ( #2619 )
4 years ago
Jafar Akhondali
5ba36ee421
refactor: server code ( #2545 )
...
+ Remove duplicated await
+ Replace some legacy codes with ES6
+ Fix some of eslint problems
4 years ago
NGPixel
63c8a308ba
fix: remove bugsnag + update deps
4 years ago
NGPixel
fe890979af
fix: bypass auth redirect cookie when set to homepage
4 years ago
NGPixel
0fa5b9750d
fix: handle missing extra field during page render
4 years ago
NGPixel
9762bdc2ce
fix: set enableArithAbort explicit value for tedious driver
4 years ago
Mirko Iannella
31a18c8a67
fix: check for email array during processProfile ( #2515 )
...
In our setup (based on yunohost) the profile.email field could be either a string (and that was properly handled) or an array.
This code adds support for the case where it is an array.
4 years ago
Aaron
23e3403054
fix: update Matomo integration client code ( #2526 )
...
Signed-off-by: Aaron <admin@datahoarder.dev>
4 years ago
NGPixel
084dcd69d1
fix: strip directory traversal sequences from asset paths
4 years ago
NGPixel
b0f61d6605
feat: rocket.chat auth module
4 years ago
Иван
79c5b8fac2
fix: security html module removes allow attribute from iframes ( #2354 )
...
* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes
* Apply suggestions from code review
fix: remove deprecated attributes for iframe in secure html module
Co-authored-by: Nicolas Giard <github@ngpixel.com>
4 years ago
Riccardo Re
660b78d9e2
fix: support permissions by tags for basic db search engine ( #2416 )
...
This code will allow the "search" component to correctly filter pages by usergroup permissions based on tags instead of paths
Co-authored-by: Riccardo Re <riccardo.re@clevermind.cloud>
4 years ago
NGPixel
1404d6343e
fix: API key incorrectly forces token revalidation
4 years ago
NGPixel
8f6cba262f
fix: draw.io svgs are no longer removed with linebreaks ( #2415 )
4 years ago
NGPixel
02c3c66084
fix: checkExclusiveAccess incorrectly includes root admin
4 years ago
NGPixel
7c0d6e2883
fix: prevent write:groups from self-promoting
4 years ago
NGPixel
f988c5f811
fix: logout URL endpoint option for oauth2 module
4 years ago
NGPixel
9009816290
fix: 2fa qr code - handle special chars in site title
4 years ago
NGPixel
aa96e97028
fix: force lowercase for email on local auth
4 years ago
NGPixel
5295e413be
fix: bypass page rule check for global permission check + handle missing page extra field
4 years ago
Rus
68d31af7af
fix: discord auth module new URL. ( #2390 )
...
Change "discordapp.com" to "discord.com"
4 years ago
NGPixel
78417524b3
feat: ldap avatar support
4 years ago
NGPixel
794ecc6ef6
fix: new install local auth not enabled ( #2375 )
4 years ago
NGPixel
9f1ba0a32f
fix: elastic apm rum client script
4 years ago
NGPixel
af054257bd
fix: 2.5.108 migration (2)
4 years ago
NGPixel
0ce63c8ef7
fix: 2.5.108 migration
4 years ago
NGPixel
60f2a2a8d9
fix: migration error for new installs
4 years ago
NGPixel
ef739de970
feat: purge history utility
4 years ago
NGPixel
8490fc1267
feat: handle disabled auth strategies
4 years ago
NGPixel
17f8071abe
fix: LDAP missing reqToCallback
4 years ago
NGPixel
062a0b7979
feat: logout by auth strategy + keycloak implementation
4 years ago
jaljo
cda1f1e805
feat: export creation date in dumped content ( #2345 )
...
* Export creation date in dumped content
* date_creation -> dateCreated
Co-authored-by: Joris Langlois <joris.langlois@knplabs.com>
4 years ago
NGPixel
ae733392f3
feat: password reset
4 years ago
NGPixel
4dcf664040
fix: handle removed auth strategies
4 years ago
NGPixel
e319355017
feat: enable/disable TFA per user
4 years ago
NGPixel
32d67adee1
feat: social login providers with dynamic instances
4 years ago
moonkey124
a7ddafd4aa
fix: incorrect error name for 1017 ( #2331 )
...
Fixed a copy and paste mistake
***NO_CI***
4 years ago
NGPixel
8c205b6950
fix: site title check + UI fixes + 2FA setup on account verify
4 years ago
NGPixel
f72530bf84
refactor: deps update + 2FA setup + verify
4 years ago
Dan Nicholson
d5d368cd33
feat: fix + enable OIDC auth method ( #2282 )
...
* fix: pass userinfo URL in oidc strategy
The userinfo URL from the definition was not being provided to the
passport strategy, which resulted in a type error trying to resolve the
user's profile. Furthermore, the name of the defined URL was
inconsistent with all other authentication method URLs.
* fix: pass all necessary scopes to oidc auth method
When no scopes are provided, passport-openidconnect uses only `openid`,
which does not contain the username or email address. Include `profile`
and `email` to ensure the necessary claims are included.
* fix: update oidc method to call processProfile correctly
Now the profile object and providerKey are passed to processProfile. The
usernameClaim no longer has any use as the email address is the
username.
* fix: mark oidc authentication method as available
4 years ago
Marks Polakovs
95b6a7ad82
fix: resolve tags on pages in GraphQL ( #2247 )
4 years ago
Seyed Sajad Kahani
15bca54bdf
fix: change language in edit, history and source pages ( #2194 )
...
* change language in edit, history and source pages
* fix: remove unnecessary i18n locale switch for download page
Co-authored-by: Nicolas Giard <github@ngpixel.com>
4 years ago
Higor Tavares
06c372d53f
fix: foreign key constraint when page have comments ( #2199 )
...
* Solving foreing key contraint when page have comments
* Update pages.js
remove indentation changes
Co-authored-by: Higor Tavares <paulo.freire@dellead.com>
4 years ago
NGPixel
26af63a80b
fix: login input hints
4 years ago
NGPixel
4cd6fe8a56
fix: unauthorized admin should receive 403 code
4 years ago
NGPixel
4f16dd0c81
fix: admin permissions + restrict nav settings
4 years ago
NGPixel
10f17c5712
feat: redirect on login based on group
4 years ago
NGPixel
be499e5795
fix: auth strategy dependent username label
4 years ago
NGPixel
52d0af19b4
feat: diagram rendering + post-processor (wip)
4 years ago
Regev Brody
b2ff064d34
fix: stream assets from storage local locations ( #2087 )
4 years ago
NGPixel
57f5cbd5b6
misc: knex update for mssql constraint bug
4 years ago
NGPixel
1ced9649c7
feat: enforce 2fa admin setting + hide local on login screen
4 years ago
NGPixel
b2f292cc39
fix: MSSQL migration 2.5.1
4 years ago
NGPixel
31661b2cb3
fix: token renewal date
4 years ago
NGPixel
b475795595
feat: login bg + bypass + hide local option
4 years ago
NGPixel
5282a82afe
fix: wait for sideload locales before server start ( #1248 )
4 years ago
Nicolas Giard
c009cc1392
feat: new login experience ( #2139 )
...
* feat: multiple auth instances
* fix: auth setup + strategy initialization
* feat: admin auth - add strategy
* feat: redirect on login - group setting
* feat: oauth2 generic - props definitions
* feat: new login UI (wip)
* feat: new login UI (wip)
* feat: admin security login settings
* feat: tabset editor indicators + print view improvements
* fix: code styling
4 years ago
Regev Brody
1c4829f70f
fix: tags filtered by access ( #2100 )
4 years ago
Regev Brody
41327dd1e8
feat: support MultiMarkdown tables ( #2126 )
4 years ago
TakeruDMC
cf3a48a6fa
fix: "undefined" error on deletePage by git storage ( #2132 )
4 years ago
Seyed Sajad Kahani
3c5352fb53
fix: change reconnectLink behavior for page move ( #1991 )
4 years ago
Maho Hiyajo
ea3962d143
fix: change discord module ‘discordapp.com’ to ‘discord.com’ ( #2117 )
4 years ago
Nicolas Giard
2409b286da
fix: matomo module siteId
4 years ago
NGPixel
1c18f3a4c2
fix: revoke typo
4 years ago
NGPixel
98f21b9f6a
fix: revalidate tokens created prior to server startup
4 years ago
NGPixel
92b29d1f06
fix: check revalidation timestamp
4 years ago
NGPixel
c37b0ad1d7
fix: remove console log from authenticate func
4 years ago
NGPixel
a25431bcf8
fix: token revocation incorrect TTL
4 years ago
NGPixel
a690e5597f
fix: revocation token list for users + groups
4 years ago
Regev Brody
33a9d5774c
fix: GraphQL error with MySQL and FULL OUTER JOIN ( #2104 )
...
* fix: GraphQL error with MySQL and FULL OUTER JOIN #2071
4 years ago
Regev Brody
6ef7b0f130
fix: deactivated users can still refresh their token ( #2105 )
4 years ago
Regev Brody
4bc284b06e
fix: page schema validation for extra field ( #2097 )
4 years ago
NGPixel
4cb7f33dcf
feat: visual editor code + sub/sup + table props
4 years ago
NGPixel
4855051d87
feat: page published state + comments localization
4 years ago
NGPixel
83b83a7510
feat: page css + scripts
4 years ago
NGPixel
53ddb50b51
feat: save page scripts + styles
4 years ago
NGPixel
718c14dd74
feat: editor props scripts + styles code editor
4 years ago
Regev Brody
0a16929a57
fix: editing buttons showing up even if no action is allowed ( #2043 )
...
* feat: Edit / Page Create Buttons showing up even if no action is allowed #1780
4 years ago
NGPixel
b723d7d626
fix: markdown core props + styles/scripts permissions
4 years ago
Regev Brody
77086a6e0a
feat: optional kroki/plantuml svg caching ( #2047 )
...
* feat: Caching kroki svgs #2020
4 years ago
Regev Brody
e03a80dccc
feat: underline markdown support ( #2073 )
...
* fix: no markdown support for underline #2072
4 years ago
Regev Brody
0e6340f51e
fix: use config value for tokenRenewal expiration ( #2042 )
...
* fix: tokenRenewal seems to be hard coded #1540
4 years ago
jonasjoest
3b055f2ed5
fix: use first email address when retrieving multiple from LDAP ( #2051 )
...
Signed-off-by: Jonas Jöst <jonas@gpplanet.de>
4 years ago
Nicolas Giard
9e08718ee9
Merge pull request from GHSA-9jgg-4xj2-vjjj
4 years ago
Regev Brody
4ffd1325bd
fix: sidebar is empty when the jwt token is expired ( #2037 )
5 years ago
Regev Brody
037822b994
fix: secure html module removes target attribute from links ( #2012 )
5 years ago
NGPixel
ca0708ea75
feat: extra options for generic S3 module
5 years ago
NGPixel
e45145986a
feat: generic S3 module
5 years ago
Regev Brody
a508a27475
fix: validate permissions when listing assets ( #1928 )
...
* fix: assets permission issues #1926
5 years ago
NGPixel
65f71d8e3b
fix: strip starting slash from path during page create
5 years ago
NGPixel
deacd80c45
fix: dashboard invalid version on load
5 years ago
NGPixel
c2a0773633
fix: site config host slice
5 years ago
NGPixel
2013ee4fa2
fix: failed auth strategy prevent local auth from initializing
5 years ago
NGPixel
3891816758
fix: setup assets location + mysql migration 2.4.13
5 years ago
NGPixel
7a946ec0f5
feat: edit comment
5 years ago
NGPixel
e74605501f
feat: comments post min delay
5 years ago
NGPixel
8a74904731
feat: comments delete + refresh on post + formatting
5 years ago
NGPixel
83f7c2867d
fix: admin security UI
5 years ago
NGPixel
1f9e5b3fd0
feat: delete user with replace target
5 years ago
daneallen
20e6bc1a70
fix: Open Redirect Vulnerability Mitigation - CWE 601 ( #1963 )
...
* Open redirect vulnerabilty mitigation
* Refacted Open Redirect to user configurable and corrected incorrect security variable names.
Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
5 years ago
NGPixel
1222355046
feat: comments - default provider create (wip) + permissions
5 years ago
NGPixel
8205faca53
feat: use asar for twemoji assets
5 years ago