Commit graph

834 commits

Author SHA1 Message Date
Erik Michelson
90508c15ff fix(backend/auth/oidc): add log message when user identifier is missing
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
71658aecff chore(deps): upgrade eslint-plugins
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
b796f1c6f2 chore(deps): upgrade yarn to 4.5.1
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
b194f3433c chore(deps): upgrade openid-client to 5.7.0
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
a039a97446 chore(deps): upgrade @nestjs/swagger to 8.0.5
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
9cd6003619 chore(deps): upgrade cookie to 1.0.1
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
e65cbd95d9 chore(deps): upgrade diff to 7.0.0
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
0bb09a1597 chore(deps): upgrade uuid to 11.0.3
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-12 20:58:09 +01:00
Erik Michelson
932ecac326 fix(deps): use non-breaking versions
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
a15ece1e7f chore(deps): upgrade dependencies for backend + lint fixes
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
e7d81c5cdf refactor(oidc): simplify callback statement
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Erik Michelson
f71bf7a974 enhancement(oidc): refetch discovery documents regularly
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Ivan Li
19f4baf79b feat(auth): add OIDC state parameter
Signed-off-by: Ivan Li <ivanli2048@gmail.com>
2024-10-21 17:45:43 +02:00
yamashu
8b6bedab39
refactor(test): Replace inline snapshot with file snapshot (#5830) 2024-10-08 21:13:27 +00:00
renovate[bot]
3a1ad565cb chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v5.0.25
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:51:19 +00:00
Erik Michelson
b44f395852 fix(tests): fix tests and linting
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-26 18:39:37 +02:00
renovate[bot]
4250f4458b fix(deps): update dependency ws to v8.18.0 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 18:39:37 +02:00
yamashu
4fce422bdb
feat(backend revision): add clean-up note revisions job (#5349) 2024-09-26 17:24:24 +02:00
Philip Molares
81a9058347 chore: increase version of all relevant files
We release Alpha v3 of HedgeDoc 2.0 and need to make sure that all
version are changed accordingly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-18 21:30:14 +02:00
renovate[bot]
ddc5f07faa chore(deps): update node.js to 2d07db0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 19:01:05 +00:00
Erik Michelson
2c6717e1ee refactor(api-token): drop passport, rename to ApiToken
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.

The previous name PublicAuthToken was a bit misleading, since PublicAuth
 could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 19:14:32 +02:00
Erik Michelson
1c73e99b0a enhancement(note-deletion): allow to keep uploads
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.

To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:37:39 +02:00
Erik Michelson
603ad8088c enhancement(auth/oidc): allow manual defining end_session_endpoint URL
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
53409825d4 fix(config/auth): error message mappings for manual OIDC attributes
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
c4c5cbd5d0 fix(auth/oidc): string "undefined" for missing userinfo response fields
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Emmanuel Ferdman
3e0d84f031 fix(docker): update docker documentation reference
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2024-09-17 01:35:45 +02:00
Erik Michelson
3e17edf95d fix(types): typecast ldap options due to wrong types in ldapjs
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
Erik Michelson
3261929a2a fix(types): move and remove unused types
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
renovate[bot]
7b66965014 fix(deps): update dependency ldapauth-fork to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-13 13:56:02 +02:00
Erik Michelson
21dcf0eb49 fix(tests): minio upload type is not exported anymore
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 16:55:41 +02:00
renovate[bot]
57cba653e3 fix(deps): update dependency minio to v8
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-12 16:55:41 +02:00
Erik Michelson
62eb4b6d2b fix(packages): backend was missing uuid package
Due to failing docker builds it was brought to our attention,
that the backend relied on the uuid package without declaring
it as dependency. This worked in all development and build
scenarios as the frontend declares uuid as dependency already
and top-level `yarn install` installs all dependencies from all
workspaces. However as the docker build only runs for either
the backend or the frontend, this failed.
This commit adds the dependency to the backend as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 15:45:14 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
4132833b5d refactor(api-docs): move api docs to /api/doc/
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
renovate[bot]
61fc33fc73 chore(deps): update yarn to v4.4.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2024-09-02 16:38:54 +02:00
renovate[bot]
528f4dade1 fix(deps): update dependency raw-body to v3
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:36:06 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
renovate[bot]
52fe7f55de fix(deps): update dependency rimraf to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:28:52 +02:00
Philip Molares
03a388c6f9 fix: turbo filter commands
turbo now wants you to specify the whole name and not just part of the name.

See: https://github.com/vercel/turborepo/pull/8137
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 12:53:53 +02:00
renovate[bot]
b481f79c34 chore(deps): remove dependency http-proxy-middleware
This is no longer necessary, as we needed this previously when the backend proxied the frontend

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 09:56:18 +02:00
renovate[bot]
3a8869fab9 chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v5
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 17:27:29 +02:00
renovate[bot]
5d45fc21e4 fix(deps): update definitelytyped
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 12:50:58 +02:00
renovate[bot]
cf51c7572a fix: remove explicit typing
Apparently this is not need anymore and the linter does not like it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-30 11:58:32 +02:00
renovate[bot]
f35d00806e chore(deps): update dependency typescript to v5.5.4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 11:58:32 +02:00
renovate[bot]
f948861bfe chore(deps): update nestjs packages
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 10:47:49 +02:00
renovate[bot]
d00b1c454d chore(deps): update linters
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 10:07:01 +02:00
renovate[bot]
cf7fe9df10 fix(deps): update dependency @azure/storage-blob to v12.24.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 14:51:29 +02:00
renovate[bot]
818e2bcddc fix(deps): update dependency diff to v5.2.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 14:48:35 +02:00