Commit graph

42 commits

Author SHA1 Message Date
Jakob Ackermann
15244a54be [misc] WebsocketController: limit the update size to 7mb
bail out early on -- especially do not push the update into redis for
 doc-updater to discard it.

Confirm the update silently, otherwise the frontend will send it again.
Broadcast a 'otUpdateError' message and disconnect the client, like
 doc-updater would do.
2020-03-24 09:12:12 +01:00
Shane Kilkelly
6df88ebc49 Filter "comments" if restricted user. 2019-10-30 13:54:40 +00:00
Shane Kilkelly
403caa65e8 Revert "Revert "Track the isRestrictedUser flag on clients""
This reverts commit 651e392a7c644403f199e1b03e7494b61ce71d0c.
2019-10-30 13:52:36 +00:00
Simon Detheridge
925a8651c1 Revert "Track the isRestrictedUser flag on clients" 2019-10-22 10:17:38 +01:00
Shane Kilkelly
df6cd4a054 Also block getConnectedUsers for restricted users.
Plus refactor to use a pass list instead of a deny list.
2019-10-04 13:41:49 +01:00
Shane Kilkelly
6765d03339 Track the isRestrictedUser flag on clients
Then, don't send new chat messages and new comments to those restricted clients.
We do this because we don't want to leak private information (email addresses
and names) to "restricted" users, those who have read-only access via a
shared token.
2019-10-04 10:30:24 +01:00
Brian Gough
d57b229e17 update tests 2019-08-14 13:03:14 +01:00
Brian Gough
159b39c491 ensure redis channel is subscribed when joining room 2019-07-23 17:02:09 +01:00
Brian Gough
40353a410f fix unit tests 2019-07-19 08:49:57 +01:00
miguel
46dfe56b05 Downgraded unathorised log to warning 2019-06-21 07:30:12 +02:00
Chrystal Maria Griffiths
0b88a63444 Merge pull request #35 from sharelatex/cmg-anonymous-display-name
Nameless logged in user labelled as anonymous
2019-02-15 14:53:18 +00:00
Chrystal Griffiths
bb06f82e04 Still send cursorData for logged in users 2019-02-12 14:00:47 +00:00
Chrystal Griffiths
cb12e1c6f6 Send an empty string for every nameless user 2019-02-08 15:39:51 +00:00
Henry Oswald
bbd88e75eb fix broken tests 2018-12-05 15:41:12 +00:00
Shane Kilkelly
675814f1b1 Handle the case where the user has only a last_name set 2017-12-13 10:28:35 +00:00
Shane Kilkelly
06c8729ce7 If a user has only their first_name set, don't label as Anonymous 2017-12-12 15:27:50 +00:00
Brian Gough
c8ad331551 fix unit tests 2017-11-13 09:41:04 +00:00
Shane Kilkelly
3b39464aa5 Merge branch 'master' into sk-unlisted-projects 2017-11-02 10:58:41 +00:00
Shane Kilkelly
d4c735c3ea Pass anonymous-read token along as header to web-api 2017-09-26 14:21:41 +01:00
Alasdair Smith
785d6e2eea Add tests for comment & change encoding 2017-09-22 10:56:08 +01:00
Alasdair Smith
b8d3f34e54 Fix joinDoc tests not passing options arg and restructure tests 2017-09-22 10:56:08 +01:00
James Allen
d8ff8ba098 Merge pull request #11 from sharelatex/ja-allow-readonly-comments
Allow readonly users to submit comments
2017-03-20 14:25:03 +00:00
James Allen
8766646149 Allow users to send a comment update if they are read-only 2017-03-15 15:45:52 +00:00
Brian Gough
d468f662ac handle disconnects of unauthenticated users 2017-02-23 12:04:36 +00:00
James Allen
bf2620ee0c Return ranges from docupdater to client 2016-12-08 11:37:31 +00:00
Brian Gough
ef85bce3b8 track permissions when clients join and leave docs 2016-09-05 12:46:52 +01:00
James Allen
030abc5340 Don't flush to track changes now that this happens in doc updater 2016-01-20 17:51:24 +00:00
James Allen
79cd0e6a5c Record user id correctly when updating position 2015-02-05 13:41:31 +00:00
James Allen
57a34e940e Authorize users before updating their cursor positions 2014-11-24 12:05:05 +00:00
James Allen
66dfafdebe Add metrics into all end points 2014-11-17 13:12:49 +00:00
James Allen
80b7875414 Add in leaveProject handler 2014-11-14 16:51:55 +00:00
James Allen
347ceaaf03 Listen for updates from doc updater and send them to clients 2014-11-14 15:30:18 +00:00
James Allen
fef5f6b775 Add acceptance tests for applyOtUpdate 2014-11-14 10:12:35 +00:00
James Allen
f0e69bfe2d Add appltOtUpdate end point (sans acceptance tests for now) 2014-11-13 17:07:05 +00:00
James Allen
cc1c85ebf8 Distribute server side socket.io updates over Redis Pub/Sub 2014-11-13 16:03:37 +00:00
James Allen
e769819521 Add in clientTracking.updatePosition end point 2014-11-13 15:27:18 +00:00
James Allen
84778b5961 Mark user as connected for cursor updates when joining project 2014-11-13 13:05:49 +00:00
James Allen
0b18edeff3 Add in /clients and /client/:client_id status end points 2014-11-13 11:48:49 +00:00
James Allen
8b923d2fda Add in leaveDoc end point 2014-11-12 16:51:48 +00:00
James Allen
eb8ccc0298 Create joinDoc socket.io end point 2014-11-12 15:54:55 +00:00
James Allen
dc60f2b736 Add acceptance test for unauthorized project joining 2014-11-10 11:38:26 +00:00
James Allen
02c0a3a867 Create joinProject socket.io endpoint 2014-11-10 11:27:08 +00:00