Fix XXX
This commit is contained in:
parent
8b1aaaa9a7
commit
deb14c412f
19 changed files with 31 additions and 41 deletions
|
@ -499,12 +499,6 @@ define([
|
|||
// Finally, create the login block for the object you just created.
|
||||
var toPublish = {};
|
||||
|
||||
// XXX I did some basic testing and searching and could not find this attribute
|
||||
// actually being used anywhere. Including it means either supporting arbitrarily
|
||||
// large blocks (a DoS vector) or having registration fail for large usernames.
|
||||
// Can someone please double-check that removing this doesn't break anything?
|
||||
// --Aaron
|
||||
//toPublish[Constants.userNameKey] = uname;
|
||||
toPublish[Constants.userHashKey] = userHash;
|
||||
toPublish.edPublic = RT.proxy.edPublic;
|
||||
|
||||
|
|
|
@ -374,7 +374,7 @@ var handleCommand = Decrees.handleCommand = function (Env, line) {
|
|||
var outcome = commands[command](Env, args);
|
||||
if (outcome) {
|
||||
// trigger Env change event...
|
||||
Env.envUpdated.fire(); // XXX
|
||||
Env.envUpdated.fire();
|
||||
}
|
||||
return outcome;
|
||||
};
|
||||
|
|
|
@ -40,6 +40,9 @@ const ADMIN_CHANNEL_LENGTH = HK.ADMIN_CHANNEL_LENGTH = 33;
|
|||
// with a 34 character id
|
||||
const EPHEMERAL_CHANNEL_LENGTH = HK.EPHEMERAL_CHANNEL_LENGTH = 34;
|
||||
|
||||
// Temporary channels are archived X ms after everyone has left them
|
||||
const TEMPORARY_CHANNEL_LIFETIME = 30 * 1000;
|
||||
|
||||
const tryParse = HK.tryParse = function (Env, str) {
|
||||
try {
|
||||
return JSON.parse(str);
|
||||
|
@ -138,8 +141,8 @@ const dropChannel = HK.dropChannel = function (Env, chanName) {
|
|||
delete Env.channel_cache[chanName];
|
||||
if (meta && meta.selfdestruct && Env.selfDestructTo) {
|
||||
Env.selfDestructTo[chanName] = setTimeout(function () {
|
||||
expireChannel(Env, chanName); // XXX add new function?
|
||||
}, 30*1000); // XXX CONSTANT XXX XXX XXX
|
||||
expireChannel(Env, chanName);
|
||||
}, TEMPORARY_CHANNEL_LIFETIME);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -484,8 +487,8 @@ const getHistoryOffset = (Env, channelName, lastKnownHash, _cb) => {
|
|||
cb(null, lkh);
|
||||
}));
|
||||
}).nThen((w) => {
|
||||
// XXX entire block and getHashOffset to remove?
|
||||
|
||||
// If we're here it means we asked for a lastKnownHash but it is old (not in the index)
|
||||
// and this is not a "chainpad" channel so we can't recover from a checkpoint.
|
||||
|
||||
// skip past this block if the offset is anything other than -1
|
||||
// this basically makes these first two nThen blocks behave like if-else
|
||||
|
|
|
@ -91,7 +91,7 @@ process.on('message', msg => {
|
|||
return void ev(msg.data, () => {});
|
||||
}
|
||||
}
|
||||
console.error("UNHANDLED_MESSAGE", msg); // XXX
|
||||
//console.error("UNHANDLED_MESSAGE", msg);
|
||||
});
|
||||
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ Basic.write = function (Env, path, data, cb) {
|
|||
});
|
||||
};
|
||||
|
||||
// XXX I didn't bother implementing the usual "archive/restore/delete-from-archives" methods
|
||||
// TODO I didn't bother implementing the usual "archive/restore/delete-from-archives" methods
|
||||
// because they didn't seem particularly important for the data implemented with this module.
|
||||
// They're still worth considering, though, so don't let my ommission stop you.
|
||||
// Login blocks could probably be implemented with this module if these methods were supported.
|
||||
|
|
|
@ -116,7 +116,7 @@ Block.check = function (Env, publicKey, _cb) { // 'check' because 'exists' impli
|
|||
Fs.access(path, Fs.constants.F_OK, cb);
|
||||
};
|
||||
|
||||
Block.MAX_SIZE = 256; // XXX confirm that this is sufficient, prevent user inputs that would result in larger blocks
|
||||
Block.MAX_SIZE = 256;
|
||||
|
||||
Block.write = function (Env, publicKey, buffer, _cb) {
|
||||
var cb = Util.once(Util.mkAsync(_cb));
|
||||
|
|
|
@ -56,9 +56,3 @@ Sessions.deleteUser = function (Env, id, cb) {
|
|||
});
|
||||
};
|
||||
|
||||
// XXX All of a user's sessions should be removed When a user deletes their account
|
||||
// The fact that each user is given their own publicKey-scoped directory makes them easy
|
||||
// to remove all at once. Nodejs provides an easy way to `rm -rf` since 14.14.0:
|
||||
// Fs.rm(dir, { recursive: true, force: true }, console.log)
|
||||
// just be careful to validate the directory's path
|
||||
// --Aaron
|
||||
|
|
|
@ -170,7 +170,7 @@ var processLang = function (map, lang, primary) {
|
|||
|
||||
console.log();
|
||||
}
|
||||
//if (mismatchedTags.length) { console.log(mismatchedTags); } // XXX
|
||||
//if (mismatchedTags.length) { console.log(mismatchedTags); } // TODO
|
||||
}
|
||||
});
|
||||
};
|
||||
|
|
|
@ -154,7 +154,7 @@ nThen(function (w) {
|
|||
};
|
||||
|
||||
var broadcast = (command, data, cb) => {
|
||||
cb = cb; // XXX nThen/concurrency
|
||||
cb = cb; // TODO nThen/concurrency
|
||||
for (const worker of Object.values(Cluster.workers)) {
|
||||
sendCommand(worker, command, data /*, cb */);
|
||||
}
|
||||
|
@ -187,7 +187,7 @@ nThen(function (w) {
|
|||
});
|
||||
}
|
||||
if (Env.OFFLINE_MODE) { return; }
|
||||
//if (Env.websocketPath) { return; } // XXX
|
||||
if (Env.websocketPath) { return; }
|
||||
|
||||
require("./lib/api").create(Env);
|
||||
});
|
||||
|
|
|
@ -63,7 +63,7 @@ Note: The login process performs many checks, confirming that crentials point to
|
|||
|
||||
h('div.bordered#totp-app-config', [
|
||||
h('h2#app', "TOTP app configuration"),
|
||||
h('blockquote', `// XXX TOTP app configuration notes
|
||||
h('blockquote', `// TOTP app configuration notes
|
||||
Time-based One-Time Passwords are generated using a relatively simple algorithm which uses:
|
||||
|
||||
1. a hash function
|
||||
|
@ -126,7 +126,7 @@ Scan the generated code with your preferred app so that you can generate a code
|
|||
h('div.bordered', [
|
||||
h('h2#setup', "MFA account settings"),
|
||||
h('blockquote',
|
||||
`// XXX MFA account settings notes
|
||||
`// MFA account settings notes
|
||||
|
||||
Once you have:
|
||||
|
||||
|
@ -158,7 +158,7 @@ Note: This must currently be reversed manually (by deleting the mfa config file)
|
|||
|
||||
document.body.appendChild(main);
|
||||
|
||||
// XXX hack to make the page jump to a given element once the content has been rendered
|
||||
// hack to make the page jump to a given element once the content has been rendered
|
||||
window.location.hash = window.location.hash;
|
||||
|
||||
// Key derivation
|
||||
|
|
|
@ -1192,7 +1192,7 @@ define([
|
|||
assert(function (cb, msg) {
|
||||
var url = new URL(relativeURL, trimmedUnsafe).href;
|
||||
Tools.common_xhr(url, xhr => {
|
||||
var span = h('span', h('p', '// XXX DEBUGGING DUPLICATED HEADERS'));
|
||||
var span = h('span', h('p', '// DEBUGGING DUPLICATED HEADERS'));
|
||||
|
||||
var duplicated = false;
|
||||
var pre = [];
|
||||
|
@ -1270,7 +1270,7 @@ define([
|
|||
|
||||
// check if they provide legal data
|
||||
assert(function (cb, msg) {
|
||||
if (true) { return void cb(true); } // XXX stubbed while we determine whether this is necessary
|
||||
if (true) { return void cb(true); } // FIXME stubbed while we determine whether this is necessary
|
||||
if (ApiConfig.restrictRegistration) { return void cb(true); }
|
||||
|
||||
var url = Pages.customURLs.imprint;
|
||||
|
|
|
@ -2447,8 +2447,8 @@ define([
|
|||
// the login page, where they will be able to authenticate
|
||||
// and request a new JWT
|
||||
|
||||
// XXX We may only require them to provid a new TOTP code here
|
||||
// instead of redirecting them to the login page
|
||||
// TODO Re-authenticate without user password? We'd need another way
|
||||
// to send the OTP code to the server
|
||||
|
||||
waitFor.abort();
|
||||
return void LocalStore.logout(function () {
|
||||
|
|
|
@ -848,13 +848,11 @@ define([
|
|||
title: Messages.share_linkCategory,
|
||||
icon: "fa fa-link",
|
||||
active: !contactsActive,
|
||||
/* XXX QR-code tab
|
||||
}, {
|
||||
}, window.CP_DEV_MODE ? { // XXX enable for all
|
||||
getTab: getQRTab,
|
||||
title: Messages.share_QRCategory,
|
||||
icon: 'fa fa-qrcode',
|
||||
*/
|
||||
}];
|
||||
} : undefined].filter(Boolean);
|
||||
if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) {
|
||||
tabs.push({
|
||||
getTab: getEmbedTab,
|
||||
|
|
|
@ -3,7 +3,7 @@ var factory = function () {
|
|||
var Promise = window.Promise;
|
||||
var cache;
|
||||
var cypherChunkLength = 131088;
|
||||
var sendCredentials = window.sendCredentials || false; // XXX find a logical place to infer whether this should be set
|
||||
var sendCredentials = window.sendCredentials || false; // XXX SSO find a logical place to infer whether this should be set
|
||||
|
||||
// Save a blob on the file system
|
||||
var saveFile = function (blob, url, fileName) {
|
||||
|
|
|
@ -739,7 +739,6 @@ define([
|
|||
list.push(m.channel);
|
||||
});
|
||||
}
|
||||
// XXX calendars
|
||||
} else {
|
||||
list = store.manager.getChannelsList('owned');
|
||||
/*
|
||||
|
|
|
@ -69,8 +69,6 @@ define([
|
|||
var chan = makeChan();
|
||||
|
||||
var isNew = false;
|
||||
// Make a HEAD request to the servre to check if a file exists in datastore
|
||||
// XXX update nginx config
|
||||
var checkSession = function (oldKey, cb) {
|
||||
var channel = Hash.hrefToHexChannelId(Hash.hashToHref(oldKey));
|
||||
var prefix = channel.slice(0,2);
|
||||
|
|
|
@ -6,8 +6,12 @@ define([
|
|||
if (window.top !== window) { return; }
|
||||
$(function () {
|
||||
|
||||
// TODO
|
||||
// This is a test application
|
||||
// It can be used to embed another cryptpad instance using the new API
|
||||
|
||||
console.log(Api);
|
||||
var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/'; // XXX
|
||||
var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/';
|
||||
var key = window.location.hash ? window.location.hash.slice(1)
|
||||
: permaKey;
|
||||
window.location.hash = key;
|
||||
|
|
|
@ -94,7 +94,7 @@ define([
|
|||
var revokeTOTP = function () {
|
||||
var recoveryKey = $recoveryKey.val().trim();
|
||||
if (!recoveryKey || recoveryKey.length !== 32) {
|
||||
return void UI.warn(Messages.error); // XXX error message?
|
||||
return void UI.warn(Messages.error);
|
||||
}
|
||||
ServerCommand(blockKeys.sign, {
|
||||
command: 'TOTP_REVOKE',
|
||||
|
@ -105,7 +105,6 @@ define([
|
|||
console.error(err, response);
|
||||
return void UI.warn(Messages.error);
|
||||
}
|
||||
// XXX redirect to login?
|
||||
UI.log(Messages.ui_success);
|
||||
LocalStore.login(undefined, blockHash, uname, function () {
|
||||
Login.redirect();
|
||||
|
|
|
@ -108,6 +108,7 @@ define([
|
|||
propChannels: config.data.getPropChannels(),
|
||||
isTemplate: isTemplate,
|
||||
file: config.data.file,
|
||||
devMode: localStorage.CryptPad_dev === '1',
|
||||
secureIframe: true,
|
||||
};
|
||||
for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; }
|
||||
|
|
Loading…
Reference in a new issue