We release Alpha v3 of HedgeDoc 2.0 and need to make sure that all
version are changed accordingly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The url the placeholder text linked to is not accurate anymore
and needed to be changed. Also the "Happy hacking" part seemed
outdated so we changed it to "Let the ideas grow" in accordance
with the new slogan of HedgeDoc
Signed-off-by: Philip Molares <philip.molares@udo.edu>
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.
The previous name PublicAuthToken was a bit misleading, since PublicAuth
could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.
To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The dark-mode selector changed from the class "dark" attached to the
body element to a data-attribute with some react-bootstrap upgrade.
This commit reflects this change in our custom css.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
