ep_oauth 11.0.17 → 11.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -31,7 +31,7 @@ jobs:
|
|
|
31
31
|
uses: actions/checkout@v6
|
|
32
32
|
with:
|
|
33
33
|
repository: ether/etherpad-lite
|
|
34
|
-
- uses: pnpm/action-setup@
|
|
34
|
+
- uses: pnpm/action-setup@v6
|
|
35
35
|
name: Install pnpm
|
|
36
36
|
with:
|
|
37
37
|
version: 10
|
|
@@ -59,12 +59,20 @@ jobs:
|
|
|
59
59
|
[ "${NEW_COMMITS}" -gt 0 ] || exit 0
|
|
60
60
|
git config user.name 'github-actions[bot]'
|
|
61
61
|
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
|
|
62
|
-
pnpm i
|
|
62
|
+
pnpm i --frozen-lockfile
|
|
63
63
|
# `pnpm version patch` bumps package.json, makes a commit, and creates
|
|
64
64
|
# a `v<new-version>` tag. Capture the new tag name from package.json
|
|
65
65
|
# rather than parsing pnpm's output, which has historically varied.
|
|
66
|
-
|
|
67
|
-
|
|
66
|
+
# Bump the patch component directly with Node. pnpm/action-setup@v6
|
|
67
|
+
# sometimes installs pnpm 11 pre-releases even when version: 10.x is
|
|
68
|
+
# requested (pnpm/action-setup#225); those pre-releases either skip
|
|
69
|
+
# the git commit/tag or reject --no-git-tag-version as unknown.
|
|
70
|
+
# Doing the bump in Node sidesteps both failure modes.
|
|
71
|
+
NEW_VERSION=$(node -e "const fs=require('fs');const p=require('./package.json');const v=p.version.split('.');v[2]=String(Number(v[2])+1);p.version=v.join('.');fs.writeFileSync('./package.json',JSON.stringify(p,null,2)+'\n');console.log(p.version);")
|
|
72
|
+
NEW_TAG="v${NEW_VERSION}"
|
|
73
|
+
git add package.json
|
|
74
|
+
git commit -m "${NEW_TAG}"
|
|
75
|
+
git tag -a "${NEW_TAG}" -m "${NEW_TAG}"
|
|
68
76
|
# CRITICAL: use --atomic so the branch update and the tag update
|
|
69
77
|
# succeed (or fail) as a single transaction on the server. The old
|
|
70
78
|
# `git push --follow-tags` was non-atomic per ref: if a concurrent
|
package/README.md
CHANGED
package/auth.js
CHANGED
|
@@ -8,15 +8,29 @@ const request = require('request');
|
|
|
8
8
|
/* eslint-disable-next-line node/no-unpublished-require */
|
|
9
9
|
const OAuth2 = require('oauth').OAuth2;
|
|
10
10
|
|
|
11
|
-
//
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
11
|
+
// If the plugin is installed but the operator hasn't added the
|
|
12
|
+
// `ep_oauth` block to settings.json yet, reading `.clientID` on an
|
|
13
|
+
// undefined object used to crash Etherpad at startup with a cryptic
|
|
14
|
+
// "Cannot read properties of undefined" (that's what produced the "can't
|
|
15
|
+
// access site" report in #63). Bail cleanly with a warning instead so
|
|
16
|
+
// Etherpad keeps running; the plugin's hooks self-disable when the
|
|
17
|
+
// client isn't configured.
|
|
18
|
+
let oauth2 = null;
|
|
19
|
+
if (settings.ep_oauth && settings.ep_oauth.clientID && settings.ep_oauth.clientSecret) {
|
|
20
|
+
// Setup the oauth2 connector -- Doesn't establish any connections etc.
|
|
21
|
+
oauth2 = new OAuth2(settings.ep_oauth.clientID,
|
|
22
|
+
settings.ep_oauth.clientSecret,
|
|
23
|
+
'https://github.com/',
|
|
24
|
+
'login/oauth/authorize',
|
|
25
|
+
'login/oauth/access_token',
|
|
26
|
+
null); /** Custom headers */
|
|
27
|
+
} else {
|
|
28
|
+
console.warn(
|
|
29
|
+
'ep_oauth: missing settings.ep_oauth.clientID / clientSecret — plugin disabled');
|
|
30
|
+
}
|
|
18
31
|
|
|
19
32
|
exports.expressConfigure = (hookName, args, cb) => {
|
|
33
|
+
if (!oauth2) return cb && cb();
|
|
20
34
|
// args.app.get('/auth/callback', function(req, res){
|
|
21
35
|
|
|
22
36
|
// THIRD STEP
|
|
@@ -92,6 +106,7 @@ exports.expressConfigure = (hookName, args, cb) => {
|
|
|
92
106
|
|
|
93
107
|
// FIRST STEP
|
|
94
108
|
exports.authorize = (hookName, args, cb) => {
|
|
109
|
+
if (!oauth2) return cb([true]); // plugin disabled, don't block the request
|
|
95
110
|
// Never lands here for url /auth/callback
|
|
96
111
|
if (args.req.url.indexOf('/auth') === 0) return cb([true]);
|
|
97
112
|
|
|
@@ -104,6 +119,7 @@ exports.authorize = (hookName, args, cb) => {
|
|
|
104
119
|
|
|
105
120
|
// SECOND STEP
|
|
106
121
|
exports.authenticate = (hookName, args, cb) => {
|
|
122
|
+
if (!oauth2) return cb([]); // plugin disabled, defer to other auth plugins
|
|
107
123
|
console.debug(`Database Write -> oauthredirectlookup:${args.req.sessionID}`, '---', args.req.url);
|
|
108
124
|
db.set(`oauthredirectlookup:${args.req.sessionID}`, args.req.url);
|
|
109
125
|
// User is not authorized so we need to do the authentication step
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ep_oauth",
|
|
3
3
|
"description": "Oauth2 authentication for Etherpad",
|
|
4
|
-
"version": "11.0.
|
|
4
|
+
"version": "11.0.19",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "John McLear",
|
|
7
7
|
"email": "john@mclear.co.uk",
|
|
@@ -25,8 +25,8 @@
|
|
|
25
25
|
},
|
|
26
26
|
"devDependencies": {
|
|
27
27
|
"eslint": "^8.57.1",
|
|
28
|
-
"eslint-config-etherpad": "^4.0.
|
|
29
|
-
"typescript": "^6.0.
|
|
28
|
+
"eslint-config-etherpad": "^4.0.5",
|
|
29
|
+
"typescript": "^6.0.3"
|
|
30
30
|
},
|
|
31
31
|
"scripts": {
|
|
32
32
|
"lint": "eslint .",
|