blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix XXX

Browse source
This commit is contained in:
yflory 2023-07-13 14:12:47 +02:00
parent 8b1aaaa9a7
commit deb14c412f
19 changed files with 31 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
customize.dist/login.js
View file

@ -499,12 +499,6 @@ define([
// Finally, create the login block for the object you just created.
var toPublish = {};
// XXX I did some basic testing and searching and could not find this attribute
// actually being used anywhere. Including it means either supporting arbitrarily
// large blocks (a DoS vector) or having registration fail for large usernames.
// Can someone please double-check that removing this doesn't break anything?
// --Aaron
//toPublish[Constants.userNameKey] = uname;
toPublish[Constants.userHashKey] = userHash;
toPublish.edPublic = RT.proxy.edPublic;

2
lib/decrees.js
View file

@ -374,7 +374,7 @@ var handleCommand = Decrees.handleCommand = function (Env, line) {
var outcome = commands[command](Env, args);
if (outcome) {
// trigger Env change event...
Env.envUpdated.fire(); // XXX
Env.envUpdated.fire();
}
return outcome;
};

11
lib/hk-util.js
View file

@ -40,6 +40,9 @@ const ADMIN_CHANNEL_LENGTH = HK.ADMIN_CHANNEL_LENGTH = 33;
// with a 34 character id
const EPHEMERAL_CHANNEL_LENGTH = HK.EPHEMERAL_CHANNEL_LENGTH = 34;
// Temporary channels are archived X ms after everyone has left them
const TEMPORARY_CHANNEL_LIFETIME = 30 * 1000;
const tryParse = HK.tryParse = function (Env, str) {
try {
return JSON.parse(str);
@ -138,8 +141,8 @@ const dropChannel = HK.dropChannel = function (Env, chanName) {
delete Env.channel_cache[chanName];
if (meta && meta.selfdestruct && Env.selfDestructTo) {
Env.selfDestructTo[chanName] = setTimeout(function () {
expireChannel(Env, chanName); // XXX add new function?
}, 30*1000); // XXX CONSTANT XXX XXX XXX
expireChannel(Env, chanName);
}, TEMPORARY_CHANNEL_LIFETIME);
}
};
@ -484,8 +487,8 @@ const getHistoryOffset = (Env, channelName, lastKnownHash, _cb) => {
cb(null, lkh);
}));
}).nThen((w) => {
// XXX entire block and getHashOffset to remove?
// If we're here it means we asked for a lastKnownHash but it is old (not in the index)
// and this is not a "chainpad" channel so we can't recover from a checkpoint.
// skip past this block if the offset is anything other than -1
// this basically makes these first two nThen blocks behave like if-else

2
lib/http-worker.js
View file

@ -91,7 +91,7 @@ process.on('message', msg => {
return void ev(msg.data, () => {});
}
}
console.error("UNHANDLED_MESSAGE", msg); // XXX
//console.error("UNHANDLED_MESSAGE", msg);
});

2
lib/storage/basic.js
View file

@ -52,7 +52,7 @@ Basic.write = function (Env, path, data, cb) {
});
};
// XXX I didn't bother implementing the usual "archive/restore/delete-from-archives" methods
// TODO I didn't bother implementing the usual "archive/restore/delete-from-archives" methods
// because they didn't seem particularly important for the data implemented with this module.
// They're still worth considering, though, so don't let my ommission stop you.
// Login blocks could probably be implemented with this module if these methods were supported.

2
lib/storage/block.js
View file

@ -116,7 +116,7 @@ Block.check = function (Env, publicKey, _cb) { // 'check' because 'exists' impli
Fs.access(path, Fs.constants.F_OK, cb);
};
Block.MAX_SIZE = 256; // XXX confirm that this is sufficient, prevent user inputs that would result in larger blocks
Block.MAX_SIZE = 256;
Block.write = function (Env, publicKey, buffer, _cb) {
var cb = Util.once(Util.mkAsync(_cb));

6
lib/storage/sessions.js
View file

@ -56,9 +56,3 @@ Sessions.deleteUser = function (Env, id, cb) {
});
};
// XXX All of a user's sessions should be removed When a user deletes their account
// The fact that each user is given their own publicKey-scoped directory makes them easy
// to remove all at once. Nodejs provides an easy way to `rm -rf` since 14.14.0:
// Fs.rm(dir, { recursive: true, force: true }, console.log)
// just be careful to validate the directory's path
// --Aaron

2
scripts/translations/lint-translations.js
View file

@ -170,7 +170,7 @@ var processLang = function (map, lang, primary) {
console.log();
}
//if (mismatchedTags.length) { console.log(mismatchedTags); } // XXX
//if (mismatchedTags.length) { console.log(mismatchedTags); } // TODO
}
});
};

4
server.js
View file

@ -154,7 +154,7 @@ nThen(function (w) {
};
var broadcast = (command, data, cb) => {
cb = cb; // XXX nThen/concurrency
cb = cb; // TODO nThen/concurrency
for (const worker of Object.values(Cluster.workers)) {
sendCommand(worker, command, data /*, cb */);
}
@ -187,7 +187,7 @@ nThen(function (w) {
});
}
if (Env.OFFLINE_MODE) { return; }
//if (Env.websocketPath) { return; } // XXX
if (Env.websocketPath) { return; }
require("./lib/api").create(Env);
});

6
www/auth/main.js
View file

@ -63,7 +63,7 @@ Note: The login process performs many checks, confirming that crentials point to
h('div.bordered#totp-app-config', [
h('h2#app', "TOTP app configuration"),
h('blockquote', `// XXX TOTP app configuration notes
h('blockquote', `// TOTP app configuration notes
Time-based One-Time Passwords are generated using a relatively simple algorithm which uses:
1. a hash function
@ -126,7 +126,7 @@ Scan the generated code with your preferred app so that you can generate a code
h('div.bordered', [
h('h2#setup', "MFA account settings"),
h('blockquote',
`// XXX MFA account settings notes
`// MFA account settings notes
Once you have:
@ -158,7 +158,7 @@ Note: This must currently be reversed manually (by deleting the mfa config file)
document.body.appendChild(main);
// XXX hack to make the page jump to a given element once the content has been rendered
// hack to make the page jump to a given element once the content has been rendered
window.location.hash = window.location.hash;
// Key derivation

4
www/checkup/main.js
View file

@ -1192,7 +1192,7 @@ define([
assert(function (cb, msg) {
var url = new URL(relativeURL, trimmedUnsafe).href;
Tools.common_xhr(url, xhr => {
var span = h('span', h('p', '// XXX DEBUGGING DUPLICATED HEADERS'));
var span = h('span', h('p', '// DEBUGGING DUPLICATED HEADERS'));
var duplicated = false;
var pre = [];
@ -1270,7 +1270,7 @@ define([
// check if they provide legal data
assert(function (cb, msg) {
if (true) { return void cb(true); } // XXX stubbed while we determine whether this is necessary
if (true) { return void cb(true); } // FIXME stubbed while we determine whether this is necessary
if (ApiConfig.restrictRegistration) { return void cb(true); }
var url = Pages.customURLs.imprint;

4
www/common/cryptpad-common.js
View file

@ -2447,8 +2447,8 @@ define([
// the login page, where they will be able to authenticate
// and request a new JWT
// XXX We may only require them to provid a new TOTP code here
// instead of redirecting them to the login page
// TODO Re-authenticate without user password? We'd need another way
// to send the OTP code to the server
waitFor.abort();
return void LocalStore.logout(function () {

6
www/common/inner/share.js
View file

@ -848,13 +848,11 @@ define([
title: Messages.share_linkCategory,
icon: "fa fa-link",
active: !contactsActive,
/* XXX QR-code tab
}, {
}, window.CP_DEV_MODE ? { // XXX enable for all
getTab: getQRTab,
title: Messages.share_QRCategory,
icon: 'fa fa-qrcode',
*/
}];
} : undefined].filter(Boolean);
if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) {
tabs.push({
getTab: getEmbedTab,

2
www/common/media-tag.js
View file

@ -3,7 +3,7 @@ var factory = function () {
var Promise = window.Promise;
var cache;
var cypherChunkLength = 131088;
var sendCredentials = window.sendCredentials || false; // XXX find a logical place to infer whether this should be set
var sendCredentials = window.sendCredentials || false; // XXX SSO find a logical place to infer whether this should be set
// Save a blob on the file system
var saveFile = function (blob, url, fileName) {

1
www/common/outer/async-store.js
View file

@ -739,7 +739,6 @@ define([
list.push(m.channel);
});
}
// XXX calendars
} else {
list = store.manager.getChannelsList('owned');
/*

2
www/integration/main.js
View file

@ -69,8 +69,6 @@ define([
var chan = makeChan();
var isNew = false;
// Make a HEAD request to the servre to check if a file exists in datastore
// XXX update nginx config
var checkSession = function (oldKey, cb) {
var channel = Hash.hrefToHexChannelId(Hash.hashToHref(oldKey));
var prefix = channel.slice(0,2);

6
www/nextcloud/main.js
View file

@ -6,8 +6,12 @@ define([
if (window.top !== window) { return; }
$(function () {
// TODO
// This is a test application
// It can be used to embed another cryptpad instance using the new API
console.log(Api);
var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/'; // XXX
var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/';
var key = window.location.hash ? window.location.hash.slice(1)
: permaKey;
window.location.hash = key;

3
www/recovery/main.js
View file

@ -94,7 +94,7 @@ define([
var revokeTOTP = function () {
var recoveryKey = $recoveryKey.val().trim();
if (!recoveryKey || recoveryKey.length !== 32) {
return void UI.warn(Messages.error); // XXX error message?
return void UI.warn(Messages.error);
}
ServerCommand(blockKeys.sign, {
command: 'TOTP_REVOKE',
@ -105,7 +105,6 @@ define([
console.error(err, response);
return void UI.warn(Messages.error);
}
// XXX redirect to login?
UI.log(Messages.ui_success);
LocalStore.login(undefined, blockHash, uname, function () {
Login.redirect();

1
www/secureiframe/main.js
View file

@ -108,6 +108,7 @@ define([
propChannels: config.data.getPropChannels(),
isTemplate: isTemplate,
file: config.data.file,
devMode: localStorage.CryptPad_dev === '1',
secureIframe: true,
};
for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; }