Commit graph

169 commits

Author SHA1 Message Date
Erik Michelson
90508c15ff fix(backend/auth/oidc): add log message when user identifier is missing
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
b194f3433c chore(deps): upgrade openid-client to 5.7.0
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
0bb09a1597 chore(deps): upgrade uuid to 11.0.3
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
e7d81c5cdf refactor(oidc): simplify callback statement
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Erik Michelson
f71bf7a974 enhancement(oidc): refetch discovery documents regularly
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Ivan Li
19f4baf79b feat(auth): add OIDC state parameter
Signed-off-by: Ivan Li <ivanli2048@gmail.com>
2024-10-21 17:45:43 +02:00
yamashu
8b6bedab39
refactor(test): Replace inline snapshot with file snapshot (#5830) 2024-10-08 21:13:27 +00:00
Erik Michelson
b44f395852 fix(tests): fix tests and linting
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-26 18:39:37 +02:00
yamashu
4fce422bdb
feat(backend revision): add clean-up note revisions job (#5349) 2024-09-26 17:24:24 +02:00
Erik Michelson
2c6717e1ee refactor(api-token): drop passport, rename to ApiToken
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.

The previous name PublicAuthToken was a bit misleading, since PublicAuth
 could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 19:14:32 +02:00
Erik Michelson
1c73e99b0a enhancement(note-deletion): allow to keep uploads
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.

To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:37:39 +02:00
Erik Michelson
603ad8088c enhancement(auth/oidc): allow manual defining end_session_endpoint URL
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
53409825d4 fix(config/auth): error message mappings for manual OIDC attributes
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
c4c5cbd5d0 fix(auth/oidc): string "undefined" for missing userinfo response fields
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
3e17edf95d fix(types): typecast ldap options due to wrong types in ldapjs
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
Erik Michelson
21dcf0eb49 fix(tests): minio upload type is not exported anymore
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 16:55:41 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
4132833b5d refactor(api-docs): move api docs to /api/doc/
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
renovate[bot]
cf51c7572a fix: remove explicit typing
Apparently this is not need anymore and the linter does not like it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-30 11:58:32 +02:00
Erik Michelson
0c4e9bc080
fix(formatting): remove blank line to silence prettier
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-29 00:00:08 +02:00
yamashush
e99ba0615c test: fix update patch when removing old revisions
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-23 18:43:40 +02:00
Erik Michelson
f30f0d8e51 fix(passwords): use argon2id instead of bcrypt
OWASP [1] recommends for password hashing the following algorithms in
descending order: argon2id, scrypt, bcrypt. They state that bcrypt may
be used in legacy systems or when required due to legal regulations.
We're however not building any legacy application. Even HedgeDoc 1.x
utilizes a more modern algorithm by using scrypt.

While bcrypt is not insecure per se, our implementation had a major
security flaw, leading to invalid passwords being accepted in certain
cases. The bcrypt nodejs package - and the OWASP cheatsheet as well -
point out, that the maximum input length of passwords is limited to 72
bytes with bcrypt. When some user has a password longer than 72 bytes in
use, only the first 72 bytes are required to log in successfully.
Depending on the encoding (which could be UTF-8 or UTF-16 depending on
different circumstances) this could in worst-case be at 36 characters,
which is not very unusual for a password. See also [2].

This commit changes the used algorithm to argon2id. Argon2id has been in
use for several years now and seems to be a well-designed password
hashing function that even won the 2015 Password Hashing Competition.
Argon2 does not have any real-world max input length for passwords (it
is at 4 GiB).

The node-rs/argon2 implementation seems to be well maintained, widely
used (more than 150k downloads per week) and is published with
provenance, proving that the npm package was built on GitHub actions
using the source code in the repository. The implementation is written
in Rust, so it should be safe against memory leakages etc.

[1]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Che
     at_Sheet.html#password-hashing-algorithms
[2]: https://security.stackexchange.com/a/39851

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-08 20:29:23 +02:00
Erik Michelson
6684b0f886 enhancement(realtime): send metadata update on revision save
When the frontend is notified about metadata updates, it refreshes the
data and therefore refreshes information like the timestamp of the last
revision save in the sidebar.
This commit adds such a notification from the backend to all clients on
each revision save, so that the "last saved at" value in the frontend is
correct.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-07 22:25:51 +02:00
Erik Michelson
9597ac5422 feat(notes): check for equal alias or note id
When creating a new note or adding a new alias to one,
it is checked that the new name
is neither forbidden nor already in use.

Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:15:11 +02:00
Erik Michelson
8693edbf6a refactor(media): add media redirection endpoint
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:11:49 +02:00
Philip Molares
1f19a6fac4 lint: fix error in new test
This was probably introduced because the PR was open so long

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-04-18 21:52:36 +02:00
yamashush
1c22a425bd test: complete todo
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
2024-04-18 21:26:06 +02:00
Erik Michelson
92bde4d281 enhancement(api-tokens): add prefix and more strict validation
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-09 10:54:35 +02:00
Erik Michelson
956dd28648 feat: add event listener for canceling destroy timer
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-03-03 21:15:32 +01:00
David Mehren
a607128b78 fix(media-service): correct type in chooseBackendType
Signed-off-by: David Mehren <git@herrmehren.de>
2023-12-07 18:46:39 +01:00
Philip Molares
723f3f611c feat(realtime): add disconnect reason
The frontend now doesn't try to reconnect, when the disconnection happened because of a lack of permissions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-10-23 22:39:21 +02:00
David Mehren
85e17bee79 fix: support dots in semver prerelease identifier
Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-08 22:01:47 +02:00
Yannick Bungers
ece2bc2880 Update Tests for HD_SHOW_LOG_TIMESTAMP
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 20:42:37 +02:00
Yannick Bungers
44a7bfdd9c Add config option for Disabling timestamp in log
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 20:42:37 +02:00
David Mehren
10776de54f fix(migrations): use migration file extension according to runtime
We need to use .ts only if we run inside ts-node
or other tools that use it. In all other cases, we need to
refer to the .js migration files.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-08 17:58:32 +02:00
David Mehren
f8f198f9c9 feat: add initial database migration
Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-08 17:58:32 +02:00
Yannick Bungers
fbd5fa8b07 Remove not needed TODOs
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
8879b51344 Adding issues for TODOs
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
7e1123e8a4 Move monitoring TODO
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
944c67e7f1 Remove TODO for tlsOptions in ldap config
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
b145f652e3 Add example noteId
Signed-off-by: Yannick Bungers <git@innay.de>

Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
7a41cce94f Remove gitlab api version option
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
c34176ef85 More context for database todo
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
0aff06637c Remove history entry todos
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
18116f4e64 Remove user creation todo
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
David Mehren
56e2270736 fix(session-service): properly handle session store results
Previously, an undefined result in fetchUsernameForSessionId
was handled the same way as an error, rejecting the promise.

This fixes the behavior, only rejecting the promise if an error
is returned from the session store and properly returning
undefined if the session store returns that.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-07 19:01:57 +02:00
Philip Molares
a73e539a20 fix: check if auth names contain duplicates
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-10-07 16:05:59 +02:00