This patch fixes a cross-site-scripting vulnerability in Greenlight
which allowed users to inject code into Greenlight by adding scripts
into their names.
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
* Fix wrong conditional (reported by LGTM) (#1477)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
* Bump rack from 2.2.2 to 2.2.3 (#1839)
Bumps [rack](https://github.com/rack/rack) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.2...2.2.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [FIX] Unable to edit long recording names #1776 (#1780)
* Allow to set a filter for LDAP authentication
* [FIX] Unable to edit long recording names #1776
Co-authored-by: François Ménabé <francois.menabe@unistra.fr>
Co-authored-by: farhatahmad <ahmad.af.farhat@gmail.com>
* Desgin for Manage Users Tabs (#1777)
* Update _subtitle.html.erb
* Update _manage_users_tags.html.erb
* Update admins.scss
* Update _primary_themes.scss
* Update _manage_users_tags.html.erb
* Minor style changes to manage users (#1845)
* Maintenance banner moved to admin site (#1775)
* initial
* finish
* travis fixes
* travis again
* not required
* Co-authored-by: Tobias Fiebig <t.fiebig@tudelft.nl> (#1296)
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
* Enhance Room OpenGraph Metadata (#1601)
* Revert "Enhance Room OpenGraph Metadata (#1601)" (#1852)
This reverts commit 3b007c233a.
* GRN2-xx: Tab title now displays the current page name (#1853)
* Tab title now displays the current page name
* Added page title for the rest of the pages
* Split Site Settings into 3 different tabs (#1858)
* Split Site Settings into 3 different tabs
* Fix copyright
* Added redirect to correct tab
* Make sure settings are displaying when they should
* Update en.yml (#1857)
* Build images for alpha branches (#1867)
* Upgraded jquery to latest version (#1896)
* Added favicon tag (#1898)
* Fixed XSS issue with role name (#1899)
* Update path for coloring redirect (#1908)
* Added a fourth section to the room uid (#1910)
* Fixed issue with insecure room sharing removal (#1914)
* Fixes typo (#1917)
Fixes typo: successfully was written incorrect.
* Fixed order of rooms in server rooms (#1915)
* Change default room sort to latest activity (#1919)
* GRN2-xx: Small changes/improvements to the recording settings (#1851)
* Small changes/improvements to the recording settings
* Replaced room warning with info flash
* Added global setting to enable/disable the recording consent feature
* Replace Legal with Terms (#1931)
* Added a more friendly OpenGraph description when invited to join a room (#1932)
* Fixed issue causing maintenance banner not to hide correctly (#1933)
* Hide recording menu and recording list when it is disabled (#1935)
* Hide recording menu and recording list when it is disabled
* Hide recording list when disabled
* GRN2-xx: Added an auto-refresh after 2 mins while waiting for room to start (#1947)
* Added an auto-refresh after 2 mins while waiting for room to start
* Fixed random issue with test case
* GRN2-xx: Added ability to preupload presentations to rooms (#1895)
* Added ability to preupload presentations to rooms (#1868)
* Added setting to site settings and allowed admins to change the presentation
* Added AWS S3 and GCS Storage ENV variables
* Added check to ensure file extension is correct
* Added icon to remove presentation
* Added testcases for preupload
* Add nginx redirect to solve issue with relative root
* Record title, instead of room name, in the popup (#1924)
* Update _public_recording_row.html.erb
* Update _recording_row.html.erb
Co-authored-by: Stefan Weil <sw@weilnetz.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: beckerr-rzht <beckerr@hochschule-trier.de>
Co-authored-by: François Ménabé <francois.menabe@unistra.fr>
Co-authored-by: MrKeksi <mrkeksi@users.noreply.github.com>
Co-authored-by: yanosz <yanosz@users.noreply.github.com>
Co-authored-by: Moritz Schlarb <moschlar@metalabs.de>
Co-authored-by: chronikum <34622984+chronikum@users.noreply.github.com>
Co-authored-by: Mitsutaka Sato <miztaka@honestyworks.jp>
Co-authored-by: hiroshisuga <45039819+hiroshisuga@users.noreply.github.com>
* GRN2-xx: Switch the relation between users and roles to make queries cleaner and faster (#1299)
* First steps
* Fixes in account creation flow
* Fixed most testcases
* more test fixes
* Fixed more test cases
* Passing tests and rubocop
* Added rake task to remove rooms
* Adding translation (#1510)
* Update _account.html.erb
* Update en.yml
* Fix "for" attribute for label elements (#1488)
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
* Fix some issues reported by LGTM (#1478)
* Declare local JavaScript variables (reported by LGTM)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Remove unused local JavaScript variable (reported by LGTM)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Puma Worker Configuration (#1332)
We noticed that the current default settings perform very poorly under
load. We managed to literally take down Greenlight during a larger event
when people where accessing the landing page for rooms and when doing
some tests, I was more or less able to DoS Greenlight on my own.
This patch adds a default worker configuration which significantly
improves the situation. The small, 4 core machine I was testing on could
handle about thrice the amount of requests.
While the new default configuration should be reasonably well suited for
most deployments, this patch further allows users to easily configure
the worker pool on their own in the environment file.
* Made name and email readonly for no greenlight accounts (#1534)
* Fixed hardcoded string (#1532)
* fixed spelling error that was bugging me :) - sep a rat e (#1535)
Co-authored-by: Dave Lane <dave@oerfoundation.org>
* Improve Server Rooms View (#1524)
* Order rooms by status
* Cleaned up order function
* Now displays Started/Created/Ended
* Added participant count to rooms list
* Fix rake task user:create so that users can be created when terms are present (#1565)
* Changed user create task to always accept terms
* clean up
* More secure room ID (#1451)
* Legal and privpolicy link (#1421)
* add customizable Links to Imprint and Privacy Policy
* fix copy&paste error in spec
* replace "imprint" with "legal" since that is the correct term
* remove german translation of new strings, transifex will take care of them later
* GRN2-295:Refactored update profile and update password (#1591)
* Refactored update profile and update password
* Relowered rubocop settings
* Fixed email sending when not supposed to (#1592)
* Design changes for small screens (#1580)
* now rap for pagination
* Update _subtitle.html.erb
* Update _rooms.html.erb
* Update _recordings.html.erb
* Update _rooms.html.erb
* Update _users.html.erb
* Update cant_create_rooms.html.erb
* Update room.js
* Update edit.html.erb
* Update new.html.erb
* Update cant_create_rooms.html.erb
* Update _sessions.html.erb
* Update _account.html.erb
* Make Greenlight work with Ruby 2.7 (#1560)
Greenlight's failure to start up with Ruby 2.7 seems to be caused by [an
issue in bootsnap](https://github.com/Shopify/bootsnap/issues/258).
Updating that library makes Greenlight work again.
However, there are still a lot of deprecation warnings. But that's
something to deal with separately.
This fixes#1558
* use email input for sign in (#1199)
* use email input for sign in
* use email input for registration
* use email input for invitation
* use email input for account settings
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
* Fix Gemfile (#1593)
* Fixed invalid token for password reset (#1632)
* HELP_URL env variable now works as expected (#1636)
* #1372 Fix for long Text in Table + Remove invalid HTML Tag (#1403)
* removed invalid HTML Tag
* removed invalid HTML Tag
* Update _public_recording_row.html.erb
* Update _recording_row.html.erb
* Update _server_recording_row.html.erb
form-inline replaced by own css
* Update _server_room_row.html.erb
* Update _public_recording_row.html.erb
* Update _recording_row.html.erb
* Update _public_recording_row.html.erb
* Update _recordings.html.erb
* Update _rooms.html.erb
* Update main.scss
fix for long text
* Update main.scss
* Update _public_recording_row.html.erb
* Added more validation on profile image (#1644)
* Users who can't create rooms but have shared rooms now have a different view (#1649)
* Revert "Puma Worker Configuration (#1332)" (#1667)
This reverts commit 78ed8d7460.
* Removed html safe from all flash messages (#1668)
* Remove hardcoded guest=true if require mod approval is set (#1669)
* Change random generation for room uid (#1670)
* GRN2-290: Update gems and update to Rails 5.2.4.3 (#1671)
* Update gems and update to Rails 5.2.4.3
* remove gemfile error
Co-authored-by: MrKeksi <mrkeksi@users.noreply.github.com>
Co-authored-by: Florian Weber <fnwbr@users.noreply.github.com>
Co-authored-by: Stefan Weil <sw@weilnetz.de>
Co-authored-by: Lars Kiesow <lkiesow@uos.de>
Co-authored-by: Dave Lane <dave@lane.net.nz>
Co-authored-by: Dave Lane <dave@oerfoundation.org>
Co-authored-by: Henning <hng@users.noreply.github.com>
Co-authored-by: Marcel Waldvogel <marcel@waldvogel.family>
Co-authored-by: Christian Marg <marg@rz.tu-clausthal.de>
Co-authored-by: Klaus <klaus@jsxc.org>
* Color Configuration for Cookie Banner
Right now, the colors of the cookie banner are hard-coded which can
easily clash with the configured site colors in site settings.
This patch switches to using the configured colors instead.
* Update application.scss
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Co-authored-by: Jesus Federico <jesus@123it.ca>
* GRN2-269: Pulling room settings using GET instead of data-attributes
* GRN2-269: added test case and fixed documentation
* GRN2:269: rubocop fix
* GRN2-269: Fixed test case
* added autofocus to the Room Name field
* added autofocus to Room Name text field
* added autofocus to Room Name text field
* GRN2-266 Fixing autofocus for Room name when creating room
* removing whitespace
* fixing whitespace
* fixing whitespace
* Added the ability to manage rooms
* Small fixes
* Fixed travis complaints
* Fixed issues with role permissions
* Fixed issue with delete room
* Fixed rubocop and added testcases
* Added Active Pending Banned Deleted tabs to manage users
* Removed hard coded strings
* Fixed issues with sign in flow
* Fixed issues with rooms not deleting
* Email rescues and authenticator concern
* Application controller and helper clean up
* Moved controller code out of helpers
* More helper and email clean up
* Cleaned up remaining helpers and create omniauth_options
* Controller code clean up
* restructured views structure
* Restructured role code
* Restructured profile and code clean up
* Master merge
* Added bbb server concern to deal with bbb calls
* Bug fixes and changes after changes
* rspec
* More rubocop fixes
* Added event logs and production caching
* Added Support: before logs for easy identification
* Added more Support for log errors
* Reverted change to assets precompile check
* Added vendor assets to precompile list
* Travis fix
* GRN2-ZZZ: Added messages for debugging actioncable
* GRN2-ZZZ: Added data to the js message for debugging actioncable
* GRN2-ZZZ: Added data to the js message for debugging actioncable
* Log unsubscribe
* Allow users with just the manage users permission to edit roles
* Allow users with just the manage users permission to edit roles
* Fix update recordings bug
* Fixed issue with recording row and added small fix to roles migration
* Fixed issue with edit user avatar
* Small bug fixes for user settings
* Added autofocus on name field when joining
* Added extra check for admin password check
* Rubocop fixes
* Add roles editor
* Add colour selection ability to roles
* Add ability to assign roles to users in the UI
* Remove rolify and replace it with our own custom roles implemenation
* - Fix all existing roles functionality
- Fix super admins
* Fix bugs with new customers not have default roles
* Add can't create room setting
* Code improvements
* Fix migration
* Add tests for new methods
* Translate reserved role names
* Pull roles from saml/ldap
* Fix rspec
* Fix scrutinizer issues
* Fix email promoted/demoted tests
* Apply comments
* Redirect directly to the main room
* Add comments
Ahmad Farhat
Lars Kiesow
MrKeksi
Klaus
etiennevvv
farhatahmad
Jesus Federico
shawn-higgins1