diff --git a/CHANGELOG.md b/CHANGELOG.md index 13bec7535..911ec0fec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## v1.2.1 + +## Bug fixes + + * **Important** Fix invalid `From` email header in contact form that could lead to the blacklisting of your SMTP server + * Fix too long display name overflow in menu + * Fix mention notification when a remote account mention a local account that has the same username than yours + * Fix access to muted servers table for moderators + * Don't crash notification popup on bug + * Fix reset password script that leaks password on invalid value + + ## v1.2.0 ### BREAKING CHANGES diff --git a/client/package.json b/client/package.json index 31fc77887..bc06fbd1c 100644 --- a/client/package.json +++ b/client/package.json @@ -1,6 +1,6 @@ { "name": "peertube-client", - "version": "1.2.0", + "version": "1.2.1", "private": true, "licence": "GPLv3", "author": { diff --git a/client/src/app/+admin/moderation/moderation.routes.ts b/client/src/app/+admin/moderation/moderation.routes.ts index bc6dd49d5..6f6dde290 100644 --- a/client/src/app/+admin/moderation/moderation.routes.ts +++ b/client/src/app/+admin/moderation/moderation.routes.ts @@ -64,7 +64,7 @@ export const ModerationRoutes: Routes = [ component: InstanceServerBlocklistComponent, canActivate: [ UserRightGuard ], data: { - userRight: UserRight.MANAGE_SERVER_REDUNDANCY, + userRight: UserRight.MANAGE_SERVERS_BLOCKLIST, meta: { title: 'Muted instances' } diff --git a/client/src/app/menu/menu.component.html b/client/src/app/menu/menu.component.html index aa5bfa9c9..1e532ec13 100644 --- a/client/src/app/menu/menu.component.html +++ b/client/src/app/menu/menu.component.html @@ -5,8 +5,8 @@
- {{ user.account?.displayName }} -
{{ user.username }}
+ {{ user.account?.displayName }} +
{{ user.username }}
diff --git a/client/src/app/menu/menu.component.scss b/client/src/app/menu/menu.component.scss index f30b89413..69704674a 100644 --- a/client/src/app/menu/menu.component.scss +++ b/client/src/app/menu/menu.component.scss @@ -41,8 +41,11 @@ menu { .logged-in-info { flex-grow: 1; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; - .logged-in-username { + .logged-in-display-name { font-size: 16px; font-weight: $font-semibold; color: var(--menuForegroundColor); @@ -51,7 +54,7 @@ menu { @include disable-default-a-behaviour; } - .logged-in-email { + .logged-in-username { font-size: 13px; color: #C6C6C6; white-space: nowrap; diff --git a/client/src/app/shared/users/user-notification.model.ts b/client/src/app/shared/users/user-notification.model.ts index 125d2120c..5d0dc19ae 100644 --- a/client/src/app/shared/users/user-notification.model.ts +++ b/client/src/app/shared/users/user-notification.model.ts @@ -63,73 +63,79 @@ export class UserNotification implements UserNotificationServer { this.type = hash.type this.read = hash.read - this.video = hash.video - if (this.video) this.setAvatarUrl(this.video.channel) + // We assume that some fields exist + // To prevent a notification popup crash in case of bug, wrap it inside a try/catch + try { + this.video = hash.video + if (this.video) this.setAvatarUrl(this.video.channel) - this.videoImport = hash.videoImport + this.videoImport = hash.videoImport - this.comment = hash.comment - if (this.comment) this.setAvatarUrl(this.comment.account) + this.comment = hash.comment + if (this.comment) this.setAvatarUrl(this.comment.account) - this.videoAbuse = hash.videoAbuse + this.videoAbuse = hash.videoAbuse - this.videoBlacklist = hash.videoBlacklist + this.videoBlacklist = hash.videoBlacklist - this.account = hash.account - if (this.account) this.setAvatarUrl(this.account) + this.account = hash.account + if (this.account) this.setAvatarUrl(this.account) - this.actorFollow = hash.actorFollow - if (this.actorFollow) this.setAvatarUrl(this.actorFollow.follower) + this.actorFollow = hash.actorFollow + if (this.actorFollow) this.setAvatarUrl(this.actorFollow.follower) - this.createdAt = hash.createdAt - this.updatedAt = hash.updatedAt + this.createdAt = hash.createdAt + this.updatedAt = hash.updatedAt - switch (this.type) { - case UserNotificationType.NEW_VIDEO_FROM_SUBSCRIPTION: - this.videoUrl = this.buildVideoUrl(this.video) - break + switch (this.type) { + case UserNotificationType.NEW_VIDEO_FROM_SUBSCRIPTION: + this.videoUrl = this.buildVideoUrl(this.video) + break - case UserNotificationType.UNBLACKLIST_ON_MY_VIDEO: - this.videoUrl = this.buildVideoUrl(this.video) - break + case UserNotificationType.UNBLACKLIST_ON_MY_VIDEO: + this.videoUrl = this.buildVideoUrl(this.video) + break - case UserNotificationType.NEW_COMMENT_ON_MY_VIDEO: - case UserNotificationType.COMMENT_MENTION: - this.accountUrl = this.buildAccountUrl(this.comment.account) - this.commentUrl = [ this.buildVideoUrl(this.comment.video), { threadId: this.comment.threadId } ] - break + case UserNotificationType.NEW_COMMENT_ON_MY_VIDEO: + case UserNotificationType.COMMENT_MENTION: + this.accountUrl = this.buildAccountUrl(this.comment.account) + this.commentUrl = [ this.buildVideoUrl(this.comment.video), { threadId: this.comment.threadId } ] + break - case UserNotificationType.NEW_VIDEO_ABUSE_FOR_MODERATORS: - this.videoAbuseUrl = '/admin/moderation/video-abuses/list' - this.videoUrl = this.buildVideoUrl(this.videoAbuse.video) - break + case UserNotificationType.NEW_VIDEO_ABUSE_FOR_MODERATORS: + this.videoAbuseUrl = '/admin/moderation/video-abuses/list' + this.videoUrl = this.buildVideoUrl(this.videoAbuse.video) + break - case UserNotificationType.BLACKLIST_ON_MY_VIDEO: - this.videoUrl = this.buildVideoUrl(this.videoBlacklist.video) - break + case UserNotificationType.BLACKLIST_ON_MY_VIDEO: + this.videoUrl = this.buildVideoUrl(this.videoBlacklist.video) + break - case UserNotificationType.MY_VIDEO_PUBLISHED: - this.videoUrl = this.buildVideoUrl(this.video) - break + case UserNotificationType.MY_VIDEO_PUBLISHED: + this.videoUrl = this.buildVideoUrl(this.video) + break - case UserNotificationType.MY_VIDEO_IMPORT_SUCCESS: - this.videoImportUrl = this.buildVideoImportUrl() - this.videoImportIdentifier = this.buildVideoImportIdentifier(this.videoImport) - this.videoUrl = this.buildVideoUrl(this.videoImport.video) - break + case UserNotificationType.MY_VIDEO_IMPORT_SUCCESS: + this.videoImportUrl = this.buildVideoImportUrl() + this.videoImportIdentifier = this.buildVideoImportIdentifier(this.videoImport) + this.videoUrl = this.buildVideoUrl(this.videoImport.video) + break - case UserNotificationType.MY_VIDEO_IMPORT_ERROR: - this.videoImportUrl = this.buildVideoImportUrl() - this.videoImportIdentifier = this.buildVideoImportIdentifier(this.videoImport) - break + case UserNotificationType.MY_VIDEO_IMPORT_ERROR: + this.videoImportUrl = this.buildVideoImportUrl() + this.videoImportIdentifier = this.buildVideoImportIdentifier(this.videoImport) + break - case UserNotificationType.NEW_USER_REGISTRATION: - this.accountUrl = this.buildAccountUrl(this.account) - break + case UserNotificationType.NEW_USER_REGISTRATION: + this.accountUrl = this.buildAccountUrl(this.account) + break - case UserNotificationType.NEW_FOLLOW: - this.accountUrl = this.buildAccountUrl(this.actorFollow.follower) - break + case UserNotificationType.NEW_FOLLOW: + this.accountUrl = this.buildAccountUrl(this.actorFollow.follower) + break + } + } catch (err) { + console.error(err) } } diff --git a/package.json b/package.json index 0cf39c7ee..ed99157c4 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "peertube", "description": "Federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.", - "version": "1.2.0", + "version": "1.2.1", "private": true, "licence": "AGPLv3", "engines": { diff --git a/scripts/reset-password.ts b/scripts/reset-password.ts index 6516edc28..4a9037280 100755 --- a/scripts/reset-password.ts +++ b/scripts/reset-password.ts @@ -1,6 +1,7 @@ import * as program from 'commander' import { initDatabaseModels } from '../server/initializers' import { UserModel } from '../server/models/account/user' +import { isUserPasswordValid } from '../server/helpers/custom-validators/users' program .option('-u, --user [user]', 'User') @@ -36,6 +37,11 @@ initDatabaseModels(true) console.log('New password?') rl.on('line', function (password) { + if (!isUserPasswordValid(password)) { + console.error('New password is invalid.') + process.exit(-1) + } + user.password = password user.save() diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts index f384a254e..99010f473 100644 --- a/server/lib/emailer.ts +++ b/server/lib/emailer.ts @@ -361,7 +361,8 @@ class Emailer { 'PeerTube.' const emailPayload: EmailPayload = { - from: fromEmail, + fromDisplayName: fromEmail, + replyTo: fromEmail, to: [ CONFIG.ADMIN.EMAIL ], subject: '[PeerTube] Contact form submitted', text @@ -370,16 +371,21 @@ class Emailer { return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload }) } - sendMail (to: string[], subject: string, text: string, from?: string) { + sendMail (options: EmailPayload) { if (!Emailer.isEnabled()) { throw new Error('Cannot send mail because SMTP is not configured.') } + const fromDisplayName = options.fromDisplayName + ? options.fromDisplayName + : CONFIG.WEBSERVER.HOST + return this.transporter.sendMail({ - from: from || CONFIG.SMTP.FROM_ADDRESS, - to: to.join(','), - subject, - text + from: `"${fromDisplayName}" <${CONFIG.SMTP.FROM_ADDRESS}>`, + replyTo: options.replyTo, + to: options.to.join(','), + subject: options.subject, + text: options.text }) } diff --git a/server/lib/job-queue/handlers/email.ts b/server/lib/job-queue/handlers/email.ts index 220d0af32..2ba39a156 100644 --- a/server/lib/job-queue/handlers/email.ts +++ b/server/lib/job-queue/handlers/email.ts @@ -6,14 +6,16 @@ export type EmailPayload = { to: string[] subject: string text: string - from?: string + + fromDisplayName?: string + replyTo?: string } async function processEmail (job: Bull.Job) { const payload = job.data as EmailPayload logger.info('Processing email in job %d.', job.id) - return Emailer.Instance.sendMail(payload.to, payload.subject, payload.text, payload.from) + return Emailer.Instance.sendMail(payload) } // --------------------------------------------------------------------------- diff --git a/server/lib/notifier.ts b/server/lib/notifier.ts index d1b331346..2fa320cd7 100644 --- a/server/lib/notifier.ts +++ b/server/lib/notifier.ts @@ -148,6 +148,8 @@ class Notifier { private async notifyOfCommentMention (comment: VideoCommentModel) { const usernames = comment.extractMentions() + logger.debug('Extracted %d username from comment %s.', usernames.length, comment.url, { usernames, text: comment.text }) + let users = await UserModel.listByUsernames(usernames) if (comment.Video.isOwned()) { diff --git a/server/models/video/video-comment.ts b/server/models/video/video-comment.ts index cf6278da7..1163f9a0e 100644 --- a/server/models/video/video-comment.ts +++ b/server/models/video/video-comment.ts @@ -466,31 +466,41 @@ export class VideoCommentModel extends Model { } extractMentions () { - if (!this.text) return [] + let result: string[] = [] const localMention = `@(${actorNameAlphabet}+)` const remoteMention = `${localMention}@${CONFIG.WEBSERVER.HOST}` + const mentionRegex = this.isOwned() + ? '(?:(?:' + remoteMention + ')|(?:' + localMention + '))' // Include local mentions? + : '(?:' + remoteMention + ')' + + const firstMentionRegex = new RegExp(`^${mentionRegex} `, 'g') + const endMentionRegex = new RegExp(` ${mentionRegex}$`, 'g') const remoteMentionsRegex = new RegExp(' ' + remoteMention + ' ', 'g') - const localMentionsRegex = new RegExp(' ' + localMention + ' ', 'g') - const firstMentionRegex = new RegExp('^(?:(?:' + remoteMention + ')|(?:' + localMention + ')) ', 'g') - const endMentionRegex = new RegExp(' (?:(?:' + remoteMention + ')|(?:' + localMention + '))$', 'g') - return uniq( - [].concat( - regexpCapture(this.text, remoteMentionsRegex) - .map(([ , username ]) => username), + result = result.concat( + regexpCapture(this.text, firstMentionRegex) + .map(([ , username1, username2 ]) => username1 || username2), - regexpCapture(this.text, localMentionsRegex) - .map(([ , username ]) => username), + regexpCapture(this.text, endMentionRegex) + .map(([ , username1, username2 ]) => username1 || username2), - regexpCapture(this.text, firstMentionRegex) - .map(([ , username1, username2 ]) => username1 || username2), - - regexpCapture(this.text, endMentionRegex) - .map(([ , username1, username2 ]) => username1 || username2) - ) + regexpCapture(this.text, remoteMentionsRegex) + .map(([ , username ]) => username) ) + + // Include local mentions + if (this.isOwned()) { + const localMentionsRegex = new RegExp(' ' + localMention + ' ', 'g') + + result = result.concat( + regexpCapture(this.text, localMentionsRegex) + .map(([ , username ]) => username) + ) + } + + return uniq(result) } toFormattedJSON () { diff --git a/server/tests/api/server/contact-form.ts b/server/tests/api/server/contact-form.ts index 93221d0a3..06a2f89b0 100644 --- a/server/tests/api/server/contact-form.ts +++ b/server/tests/api/server/contact-form.ts @@ -45,7 +45,8 @@ describe('Test contact form', function () { const email = emails[0] - expect(email['from'][0]['address']).equal('toto@example.com') + expect(email['from'][0]['address']).equal('test-admin@localhost') + expect(email['from'][0]['name']).equal('toto@example.com') expect(email['to'][0]['address']).equal('admin1@example.com') expect(email['subject']).contains('Contact form') expect(email['text']).contains('my super message') diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts index f96c57b66..f8f16f54f 100644 --- a/server/tests/api/server/email.ts +++ b/server/tests/api/server/email.ts @@ -89,6 +89,7 @@ describe('Test emails', function () { const email = emails[0] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains('password') @@ -133,6 +134,7 @@ describe('Test emails', function () { const email = emails[1] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('admin1@example.com') expect(email['subject']).contains('abuse') @@ -152,6 +154,7 @@ describe('Test emails', function () { const email = emails[2] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains(' blocked') @@ -169,6 +172,7 @@ describe('Test emails', function () { const email = emails[3] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains(' unblocked') @@ -188,6 +192,7 @@ describe('Test emails', function () { const email = emails[4] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains(' blacklisted') @@ -205,6 +210,7 @@ describe('Test emails', function () { const email = emails[5] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains(' unblacklisted') @@ -224,6 +230,7 @@ describe('Test emails', function () { const email = emails[6] + expect(email['from'][0]['name']).equal('localhost:9001') expect(email['from'][0]['address']).equal('test-admin@localhost') expect(email['to'][0]['address']).equal('user_1@example.com') expect(email['subject']).contains('Verify') diff --git a/server/tests/api/users/user-notifications.ts b/server/tests/api/users/user-notifications.ts index 5260d64cc..72b6a0aa2 100644 --- a/server/tests/api/users/user-notifications.ts +++ b/server/tests/api/users/user-notifications.ts @@ -506,6 +506,20 @@ describe('Test users notifications', function () { await removeAccountFromAccountBlocklist(servers[ 0 ].url, userAccessToken, 'root') }) + it('Should not send a new mention notification if the remote account mention a local account', async function () { + this.timeout(20000) + + const resVideo = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'super video' }) + const uuid = resVideo.body.video.uuid + + await waitJobs(servers) + const resThread = await addVideoCommentThread(servers[1].url, servers[1].accessToken, uuid, '@user_1 hello') + const threadId = resThread.body.comment.id + + await waitJobs(servers) + await checkCommentMention(baseParams, uuid, threadId, threadId, 'super root 2 name', 'absence') + }) + it('Should send a new mention notification after local comments', async function () { this.timeout(10000) diff --git a/server/tests/helpers/comment-model.ts b/server/tests/helpers/comment-model.ts index 76bb0f212..ebfd779e1 100644 --- a/server/tests/helpers/comment-model.ts +++ b/server/tests/helpers/comment-model.ts @@ -10,6 +10,8 @@ class CommentMock { text: string extractMentions = VideoCommentModel.prototype.extractMentions + + isOwned = () => true } describe('Comment model', function () { diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml index f2bb945f9..ea419029c 100644 --- a/support/doc/api/openapi.yaml +++ b/support/doc/api/openapi.yaml @@ -1,7 +1,7 @@ openapi: 3.0.0 info: title: PeerTube - version: 1.2.0 + version: 1.2.1 contact: name: PeerTube Community url: 'https://joinpeertube.org'