NGPixel
c57c9d9018
fix: disable cors
2021-03-25 21:21:03 -04:00
Max
033b8e6b21
fix: S3 copyObject usage - Missing bucket name ( #3745 )
...
* Fix copyObject usage: supply bucket name
* No semicolon
* Assign empty string on initialization
* Remove empty line
2021-03-23 11:14:29 -04:00
PaulD987
3f001dca2c
fix: loginRedirect doesn't work for non local strategies ( #3222 )
2021-03-18 21:56:59 -04:00
pylr
e87d511978
fix: HSTS header max-age value ( #3225 )
2021-03-18 21:53:55 -04:00
NGPixel
5ffa189383
fix: add v-pre to pre tags at render time
2021-03-11 19:23:24 -05:00
Thomas Nilefalk
919d7c12a1
fix: syntax error in rebuild-tree.js ( #3048 )
2021-02-08 11:26:55 -05:00
Paul
806e4e8f11
fix: get syncInterval from model instead of module data ( #3003 )
2021-02-01 17:45:34 -05:00
Kevyn Bruyere
b106018029
fix: LDAP - avoid reading empty tls cert file ( #2980 )
...
Co-authored-by: Kevyn Bruyere <kevyn@inovasi.fr>
2021-01-31 01:03:24 -05:00
scienceasdf
4b80bab88e
fix: rebuilding tree error when the page number is large enough in sqlite ( #2830 )
...
When the total page number is large enough (usually about 80+), sqlite will throw error: "Too many variables". This commit reduces the chunk size for sqlite configuration.
2021-01-29 14:16:33 -05:00
Adrián Martínez Interactiv4
52304a8149
fix: update storage.js to match pageHelper.injectPageMetadata ( #2832 )
...
* Update storage.js to match pageHelper.injectPageMetadata
At pageHelper.injectPageMetadata references editorKey and tags to build metadata, but this data seems not to be supplied to this function, since page object is only built from specified columns.
As a result, tags are always empty when exporting pages, and editor key appears as undefined.
It happens also with git storage, but may happen with another storage providers.
I run into this issue running Wiki.js 2.5.170 with the following Docker stack:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39373979b693 requarks/wiki:2 "docker-entrypoint.s…" 44 minutes ago Up 9 minutes 0.0.0.0:80->3000/tcp, 0.0.0.0:443->3443/tcp wiki
608de6278aaa requarks/wiki-update-companion:latest "dotnet wiki-update-…" 5 months ago Up 6 hours 80/tcp wiki-update-companion
12c7b35ba295 postgres:11 "docker-entrypoint.s…" 5 months ago Up 6 hours 5432/tcp db
* Provide id to allow to query for tags
* Update git storage to provide editorKey and tags
2021-01-29 14:15:22 -05:00
drewblin
063251248c
fix: set autocommit for mysql ( #2638 )
...
If in server config mysql has autocommit = 0, then wikijs fails with locks like this:
```
2020-10-30T12:56:51.725Z [JOB] error: Rebuilding page tree: [ FAILED ]
2020-10-30T12:56:51.726Z [JOB] error: truncate `pageTree` - Lock wait timeout exceeded; try restarting transaction
```
2020-12-13 14:57:20 -05:00
scienceasdf
d7d00b44f6
fix: search engine broken when renaming or moving pages ( #2815 )
...
For building suggest in elasticsearch, the safeContent field will be splitted into arrays. If the page is renamed or moved, the server will throw error: "Cannot read property 'split' of Undefined", and the index will be broken. Here two lines are added to fix this issue.
2020-12-13 14:51:44 -05:00
scienceasdf
d89224405c
feat: set analyzer for elasticsearch ( #2793 )
...
* Feature: Custom configuration for elasticsearch
For better search results especially in Chinese, which the standard token analyzer may not work well.
* Set default analyzer in settings when building index
* Remove dangling comma
2020-12-08 21:41:45 -05:00
Eric Knibbe
d04e33eb6b
fix: use absolute URL for logo in email if path relative ( #2628 )
2020-11-11 11:39:16 -05:00
avioral
089b7850d9
fix: broken draw io diagram on rtl mode, improve elasticsearch config ( #2647 )
...
* - Modify elastic settings
- Add tags field to index
- Modify elastic search query
- Remove empty entities from build suggests list
* Fix map parser error
* - Fix broken drawio svg diagram (rtl issue)
* - Restore the spaces in objects to respect the project formatting rules.
- Omit explanation line
2020-11-02 11:59:34 -05:00
YAEGASHI Takeshi
a3513b1bdf
fix: enable passport-azure-ad workaround for SameSite cookies ( #2567 )
...
This adds cookieEncryptionKeyString configuration in the Azure AD
authentication module. It represents an array of cookie encryption
strings and enables workaround for SameSite cookies.
2020-11-01 13:10:50 -05:00
Chris
a6bf2412d7
fix: superscript typo in module definition.yml ( #2577 )
...
Fix spelling of "superscript"
***NO_CI***
2020-11-01 13:08:04 -05:00
Nicolas Giard
04a1896811
fix: revert refactor in markdown-kroki and plantuml modules ( #2619 )
2020-10-25 23:26:55 -04:00
Jafar Akhondali
5ba36ee421
refactor: server code ( #2545 )
...
+ Remove duplicated await
+ Replace some legacy codes with ES6
+ Fix some of eslint problems
2020-10-14 11:16:27 -04:00
NGPixel
63c8a308ba
fix: remove bugsnag + update deps
2020-10-03 17:30:56 -04:00
NGPixel
fe890979af
fix: bypass auth redirect cookie when set to homepage
2020-10-03 17:11:34 -04:00
NGPixel
0fa5b9750d
fix: handle missing extra field during page render
2020-10-03 16:50:51 -04:00
NGPixel
9762bdc2ce
fix: set enableArithAbort explicit value for tedious driver
2020-10-03 16:46:30 -04:00
Mirko Iannella
31a18c8a67
fix: check for email array during processProfile ( #2515 )
...
In our setup (based on yunohost) the profile.email field could be either a string (and that was properly handled) or an array.
This code adds support for the case where it is an array.
2020-10-03 16:23:58 -04:00
Aaron
23e3403054
fix: update Matomo integration client code ( #2526 )
...
Signed-off-by: Aaron <admin@datahoarder.dev>
2020-10-03 16:22:02 -04:00
NGPixel
084dcd69d1
fix: strip directory traversal sequences from asset paths
2020-10-03 01:44:57 -04:00
NGPixel
b0f61d6605
feat: rocket.chat auth module
2020-09-20 20:15:51 -04:00
Иван
79c5b8fac2
fix: security html module removes allow attribute from iframes ( #2354 )
...
* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes
* Apply suggestions from code review
fix: remove deprecated attributes for iframe in secure html module
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-09-13 13:55:32 -04:00
Riccardo Re
660b78d9e2
fix: support permissions by tags for basic db search engine ( #2416 )
...
This code will allow the "search" component to correctly filter pages by usergroup permissions based on tags instead of paths
Co-authored-by: Riccardo Re <riccardo.re@clevermind.cloud>
2020-09-13 13:53:31 -04:00
NGPixel
1404d6343e
fix: API key incorrectly forces token revalidation
2020-09-12 14:33:45 -04:00
NGPixel
8f6cba262f
fix: draw.io svgs are no longer removed with linebreaks ( #2415 )
2020-09-12 14:05:24 -04:00
NGPixel
02c3c66084
fix: checkExclusiveAccess incorrectly includes root admin
2020-09-11 17:37:50 -04:00
NGPixel
7c0d6e2883
fix: prevent write:groups from self-promoting
2020-09-09 22:37:49 -04:00
NGPixel
f988c5f811
fix: logout URL endpoint option for oauth2 module
2020-09-09 20:20:55 -04:00
NGPixel
9009816290
fix: 2fa qr code - handle special chars in site title
2020-09-09 20:10:51 -04:00
NGPixel
aa96e97028
fix: force lowercase for email on local auth
2020-09-09 19:59:46 -04:00
NGPixel
5295e413be
fix: bypass page rule check for global permission check + handle missing page extra field
2020-09-09 19:35:43 -04:00
Rus
68d31af7af
fix: discord auth module new URL. ( #2390 )
...
Change "discordapp.com" to "discord.com"
2020-09-07 20:04:19 -04:00
NGPixel
78417524b3
feat: ldap avatar support
2020-09-07 20:02:33 -04:00
NGPixel
794ecc6ef6
fix: new install local auth not enabled ( #2375 )
2020-09-07 14:49:02 -04:00
NGPixel
9f1ba0a32f
fix: elastic apm rum client script
2020-09-06 16:57:45 -04:00
NGPixel
af054257bd
fix: 2.5.108 migration (2)
2020-09-06 15:36:51 -04:00
NGPixel
0ce63c8ef7
fix: 2.5.108 migration
2020-09-06 15:21:06 -04:00
NGPixel
60f2a2a8d9
fix: migration error for new installs
2020-09-05 23:47:41 -04:00
NGPixel
ef739de970
feat: purge history utility
2020-09-05 23:32:00 -04:00
NGPixel
8490fc1267
feat: handle disabled auth strategies
2020-09-05 18:33:15 -04:00
NGPixel
17f8071abe
fix: LDAP missing reqToCallback
2020-09-05 15:19:18 -04:00
NGPixel
062a0b7979
feat: logout by auth strategy + keycloak implementation
2020-09-01 20:01:39 -04:00
jaljo
cda1f1e805
feat: export creation date in dumped content ( #2345 )
...
* Export creation date in dumped content
* date_creation -> dateCreated
Co-authored-by: Joris Langlois <joris.langlois@knplabs.com>
2020-08-31 11:28:55 -04:00
NGPixel
ae733392f3
feat: password reset
2020-08-30 21:46:55 -04:00
NGPixel
4dcf664040
fix: handle removed auth strategies
2020-08-30 16:33:52 -04:00
NGPixel
e319355017
feat: enable/disable TFA per user
2020-08-30 14:18:22 -04:00
NGPixel
32d67adee1
feat: social login providers with dynamic instances
2020-08-30 01:36:37 -04:00
moonkey124
a7ddafd4aa
fix: incorrect error name for 1017 ( #2331 )
...
Fixed a copy and paste mistake
***NO_CI***
2020-08-29 21:25:22 -04:00
NGPixel
8c205b6950
fix: site title check + UI fixes + 2FA setup on account verify
2020-08-23 12:58:56 -04:00
NGPixel
f72530bf84
refactor: deps update + 2FA setup + verify
2020-08-22 19:37:49 -04:00
Dan Nicholson
d5d368cd33
feat: fix + enable OIDC auth method ( #2282 )
...
* fix: pass userinfo URL in oidc strategy
The userinfo URL from the definition was not being provided to the
passport strategy, which resulted in a type error trying to resolve the
user's profile. Furthermore, the name of the defined URL was
inconsistent with all other authentication method URLs.
* fix: pass all necessary scopes to oidc auth method
When no scopes are provided, passport-openidconnect uses only `openid`,
which does not contain the username or email address. Include `profile`
and `email` to ensure the necessary claims are included.
* fix: update oidc method to call processProfile correctly
Now the profile object and providerKey are passed to processProfile. The
usernameClaim no longer has any use as the email address is the
username.
* fix: mark oidc authentication method as available
2020-08-15 13:32:58 -04:00
Marks Polakovs
95b6a7ad82
fix: resolve tags on pages in GraphQL ( #2247 )
2020-08-09 20:04:44 -04:00
Seyed Sajad Kahani
15bca54bdf
fix: change language in edit, history and source pages ( #2194 )
...
* change language in edit, history and source pages
* fix: remove unnecessary i18n locale switch for download page
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-07-29 19:54:31 -04:00
Higor Tavares
06c372d53f
fix: foreign key constraint when page have comments ( #2199 )
...
* Solving foreing key contraint when page have comments
* Update pages.js
remove indentation changes
Co-authored-by: Higor Tavares <paulo.freire@dellead.com>
2020-07-29 19:39:47 -04:00
NGPixel
26af63a80b
fix: login input hints
2020-07-20 00:22:29 -04:00
NGPixel
4cd6fe8a56
fix: unauthorized admin should receive 403 code
2020-07-19 15:30:29 -04:00
NGPixel
4f16dd0c81
fix: admin permissions + restrict nav settings
2020-07-19 15:26:51 -04:00
NGPixel
10f17c5712
feat: redirect on login based on group
2020-07-19 15:13:35 -04:00
NGPixel
be499e5795
fix: auth strategy dependent username label
2020-07-19 13:20:43 -04:00
NGPixel
52d0af19b4
feat: diagram rendering + post-processor (wip)
2020-07-12 15:58:45 -04:00
Regev Brody
b2ff064d34
fix: stream assets from storage local locations ( #2087 )
2020-07-12 12:19:01 -04:00
NGPixel
57f5cbd5b6
misc: knex update for mssql constraint bug
2020-07-11 16:53:18 -04:00
NGPixel
1ced9649c7
feat: enforce 2fa admin setting + hide local on login screen
2020-07-05 23:55:11 -04:00
NGPixel
b2f292cc39
fix: MSSQL migration 2.5.1
2020-07-05 15:59:02 -04:00
NGPixel
31661b2cb3
fix: token renewal date
2020-07-05 14:16:16 -04:00
NGPixel
b475795595
feat: login bg + bypass + hide local option
2020-07-05 01:36:02 -04:00
NGPixel
5282a82afe
fix: wait for sideload locales before server start ( #1248 )
2020-07-04 17:01:35 -04:00
Nicolas Giard
c009cc1392
feat: new login experience ( #2139 )
...
* feat: multiple auth instances
* fix: auth setup + strategy initialization
* feat: admin auth - add strategy
* feat: redirect on login - group setting
* feat: oauth2 generic - props definitions
* feat: new login UI (wip)
* feat: new login UI (wip)
* feat: admin security login settings
* feat: tabset editor indicators + print view improvements
* fix: code styling
2020-07-03 19:36:33 -04:00
Regev Brody
1c4829f70f
fix: tags filtered by access ( #2100 )
2020-07-03 17:49:54 -04:00
Regev Brody
41327dd1e8
feat: support MultiMarkdown tables ( #2126 )
2020-07-03 17:46:07 -04:00
TakeruDMC
cf3a48a6fa
fix: "undefined" error on deletePage by git storage ( #2132 )
2020-07-03 17:44:42 -04:00
Seyed Sajad Kahani
3c5352fb53
fix: change reconnectLink behavior for page move ( #1991 )
2020-06-28 21:08:17 -04:00
Maho Hiyajo
ea3962d143
fix: change discord module ‘discordapp.com’ to ‘discord.com’ ( #2117 )
2020-06-27 17:01:00 -04:00
Nicolas Giard
2409b286da
fix: matomo module siteId
2020-06-26 15:34:53 -04:00
NGPixel
1c18f3a4c2
fix: revoke typo
2020-06-25 23:48:16 -04:00
NGPixel
98f21b9f6a
fix: revalidate tokens created prior to server startup
2020-06-25 22:04:21 -04:00
NGPixel
92b29d1f06
fix: check revalidation timestamp
2020-06-25 19:25:08 -04:00
NGPixel
c37b0ad1d7
fix: remove console log from authenticate func
2020-06-25 00:04:08 -04:00
NGPixel
a25431bcf8
fix: token revocation incorrect TTL
2020-06-25 00:02:39 -04:00
NGPixel
a690e5597f
fix: revocation token list for users + groups
2020-06-24 23:57:35 -04:00
Regev Brody
33a9d5774c
fix: GraphQL error with MySQL and FULL OUTER JOIN ( #2104 )
...
* fix: GraphQL error with MySQL and FULL OUTER JOIN #2071
2020-06-24 18:51:21 -04:00
Regev Brody
6ef7b0f130
fix: deactivated users can still refresh their token ( #2105 )
2020-06-24 18:15:36 -04:00
Regev Brody
4bc284b06e
fix: page schema validation for extra field ( #2097 )
2020-06-23 18:26:29 -04:00
NGPixel
4cb7f33dcf
feat: visual editor code + sub/sup + table props
2020-06-21 14:47:11 -04:00
NGPixel
4855051d87
feat: page published state + comments localization
2020-06-20 22:08:59 -04:00
NGPixel
83b83a7510
feat: page css + scripts
2020-06-20 16:39:36 -04:00
NGPixel
53ddb50b51
feat: save page scripts + styles
2020-06-20 01:11:05 -04:00
NGPixel
718c14dd74
feat: editor props scripts + styles code editor
2020-06-19 21:00:44 -04:00
Regev Brody
0a16929a57
fix: editing buttons showing up even if no action is allowed ( #2043 )
...
* feat: Edit / Page Create Buttons showing up even if no action is allowed #1780
2020-06-19 18:54:05 -04:00
NGPixel
b723d7d626
fix: markdown core props + styles/scripts permissions
2020-06-18 22:49:26 -04:00
Regev Brody
77086a6e0a
feat: optional kroki/plantuml svg caching ( #2047 )
...
* feat: Caching kroki svgs #2020
2020-06-18 18:39:25 -04:00
Regev Brody
e03a80dccc
feat: underline markdown support ( #2073 )
...
* fix: no markdown support for underline #2072
2020-06-18 18:37:24 -04:00
Regev Brody
0e6340f51e
fix: use config value for tokenRenewal expiration ( #2042 )
...
* fix: tokenRenewal seems to be hard coded #1540
2020-06-18 13:08:57 -04:00
jonasjoest
3b055f2ed5
fix: use first email address when retrieving multiple from LDAP ( #2051 )
...
Signed-off-by: Jonas Jöst <jonas@gpplanet.de>
2020-06-16 00:11:38 -04:00
Nicolas Giard
9e08718ee9
Merge pull request from GHSA-9jgg-4xj2-vjjj
2020-06-13 21:43:21 -04:00
Regev Brody
4ffd1325bd
fix: sidebar is empty when the jwt token is expired ( #2037 )
2020-06-10 09:11:14 -04:00
Regev Brody
037822b994
fix: secure html module removes target attribute from links ( #2012 )
2020-06-07 19:23:33 -04:00
NGPixel
ca0708ea75
feat: extra options for generic S3 module
2020-06-07 18:28:16 -04:00
NGPixel
e45145986a
feat: generic S3 module
2020-06-07 18:08:33 -04:00
Regev Brody
a508a27475
fix: validate permissions when listing assets ( #1928 )
...
* fix: assets permission issues #1926
2020-06-07 16:58:12 -04:00
NGPixel
65f71d8e3b
fix: strip starting slash from path during page create
2020-06-05 14:52:36 -04:00
NGPixel
deacd80c45
fix: dashboard invalid version on load
2020-06-05 14:46:54 -04:00
NGPixel
c2a0773633
fix: site config host slice
2020-06-04 00:33:27 -04:00
NGPixel
2013ee4fa2
fix: failed auth strategy prevent local auth from initializing
2020-06-01 21:20:21 -04:00
NGPixel
3891816758
fix: setup assets location + mysql migration 2.4.13
2020-05-31 22:39:45 -04:00
NGPixel
7a946ec0f5
feat: edit comment
2020-05-31 18:15:15 -04:00
NGPixel
e74605501f
feat: comments post min delay
2020-05-31 15:54:20 -04:00
NGPixel
8a74904731
feat: comments delete + refresh on post + formatting
2020-05-31 02:13:41 -04:00
NGPixel
83f7c2867d
fix: admin security UI
2020-05-30 16:42:48 -04:00
NGPixel
1f9e5b3fd0
feat: delete user with replace target
2020-05-30 16:34:09 -04:00
daneallen
20e6bc1a70
fix: Open Redirect Vulnerability Mitigation - CWE 601 ( #1963 )
...
* Open redirect vulnerabilty mitigation
* Refacted Open Redirect to user configurable and corrected incorrect security variable names.
Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
2020-05-29 18:24:20 -04:00
NGPixel
1222355046
feat: comments - default provider create (wip) + permissions
2020-05-26 22:56:24 -04:00
NGPixel
8205faca53
feat: use asar for twemoji assets
2020-05-24 18:02:05 -04:00
NGPixel
a0618ee4f6
feat: comments UI improvements
2020-05-23 18:49:10 -04:00
Regev Brody
8a1b5b1383
fix: S3 Export all trigger ( #1922 )
2020-05-22 13:20:47 -04:00
NGPixel
6b561623ee
fix: incorrect migration name 2.4.14
2020-05-21 00:20:57 -04:00
NGPixel
df246af3bb
fix: remove makefile + update nvmrc version
2020-05-21 00:20:57 -04:00
NGPixel
e1382771cf
feat: extensions check + resolver
2020-05-21 00:20:57 -04:00
NGPixel
fb6c01c538
fix: legacy page view
2020-05-21 00:20:57 -04:00
NGPixel
887e8a0f5a
feat: comments disqus + commento
2020-05-21 00:20:57 -04:00
NGPixel
f6bad765a2
feat: assets move + comments migration + admin users UI
2020-05-21 00:20:57 -04:00
NGPixel
1def5289af
feat: admin comments page
2020-05-21 00:20:57 -04:00
Robert Lanyi
a581d9837a
feat: add Kroki renderer ( #1900 )
...
* feat: Kroki integration
see https://kroki.io/
* fix: markdown-kroki def updates
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-05-17 18:41:29 -04:00
Simon Lichtinghagen
764d98fa1d
fix: use fullname from keycloak profile info with username as fallback ( #1888 )
2020-05-15 13:28:55 -04:00
kaziu687
66e725f426
fix: elasticsearch partial match ( #1882 )
...
Improved full text search in elastic provider
2020-05-13 19:32:28 -04:00
NGPixel
1a33a43a0d
fix: use semver for latest version check
2020-05-11 00:09:10 -04:00
NGPixel
7508d92f92
feat: redirect editor UI (wip)
2020-05-10 18:43:45 -04:00
NGPixel
134f057bb8
feat: uploads config + security admin page
2020-05-10 15:55:28 -04:00
NGPixel
53da387082
feat: plantuml in markdown preview
2020-05-08 22:51:32 -04:00
NGPixel
cc9f022051
fix: nav external blank option
2020-05-08 18:48:07 -04:00
NGPixel
98bf0d9ccb
fix: escape mustache template chars in content
2020-05-08 17:00:02 -04:00
NGPixel
2ff0e42c1d
fix: add verifySSL option to mail settings
2020-05-08 14:35:57 -04:00
NGPixel
6a4b25bc28
fix: plantuml deflate raw
2020-05-08 14:15:19 -04:00
daneallen
4aa7828a92
fix: add rel option to external links in content ( #1853 )
...
* #1853 : XSS attack fix by adding rel noferrer or rel noopen to _blank target external links
* fix: relAttributeExternalLink noopener
Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-05-07 16:45:11 -04:00
NGPixel
d2b99a2032
feat: timezone + dateFOrmat + appearance profile settings
2020-05-03 00:38:02 -04:00
NGPixel
c81ba5a503
fix: markdown footnotes id incorrectly stripped
2020-05-02 15:13:58 -04:00
NGPixel
281172a9f4
feat: mathjax markdown module
2020-04-29 22:32:03 -04:00
NGPixel
954262f517
fix: tabs renderer remove switchTab handler
2020-04-26 21:18:51 -04:00
NGPixel
5d43f6ada1
feat: content tabs
2020-04-26 21:04:08 -04:00
NGPixel
bbe64ef6b6
feat: static navigation menu option
2020-04-25 17:45:59 -04:00
NGPixel
b2931471c0
fix: remove ssh port param for git module
2020-04-25 14:04:14 -04:00
NGPixel
89debd57f7
fix: path chars check typo
2020-04-25 02:58:00 -04:00
NGPixel
7306fabdba
fix: auto-trim trailing slash from paths + illegal chars check during move
2020-04-24 20:39:07 -04:00
NGPixel
566043ec43
fix: perform git move manually to prevent bad source
2020-04-24 20:30:08 -04:00