This is an error that presents itself with RTCDataChannel's, I suspect this could not
happen with a pre-existing WebSocket.
If the remote connection creates a data channel then the local (VNC) side gets a channel
created callback. It may also be the case that in that very same tick the socket is also
opened and buffered data received. This meant that (in my tests) about 1/3 of the time
noVNC would fail to respond to the initial message from the server because it was received
and subsequently not handled during that initial tick.
Also made the documentation reflect this new behaviour and document the existing behaviour.
Most places that check for the presence / absence of credentials compare
them against `undefined`, except the one for Plain authentication.
This change makes the very last place to use the same pattern (instead
of checking for falsiness) for consistency. Additionally, there are ways
to configure PAM to accept empty passwords, so it's possible for a user
to legitimately send an empty string as password.
This work is originally by Ryan Castner <castner.rr@gmail.com> and
submitted as a PR here https://github.com/novnc/noVNC/pull/1362
Architecturally it is much the same except it doesn't rename a lot
of variables to make this more reviewable. It also avoids unrelated
changes such as replacing .onclose with an event listener, which
caused numerous test failures.
It also adds in ppoffice's fix to initialise the buffers.
Like the original author I don't have enough time available to
refactor this project to the new style event listeners.
Review cleanup for RTCDataChannel support (see below)
* More descriptive error when url or channel not set.
* Moved websocket property check to WebSock.
This had unintended consequences in the tests that required some
fixup. Mostly due to some tests not always passing FakeWebsocket.
FakeWebsocket also needs to set the listeners to null to be compatible
with what is in thw browser and expected by the property check code.
The property check code now also takes into account class prototypes
for test compatibility.
* Removed unreachable code.
* Reverted comment.
* Cleanup raw channel reference in rfb on websock close.
* Use readyState to check whether a socket is open rather than assuming.
* Updated RFB constructor documentation
Removed an unused boolean passed to attach
Some people have longer passwords than 256 characters (hooray for
password managers!). Server implementations also allow longer passwords:
TigerVNC allows up to 1024 characters.
The new gesture detection code will always prevent the default behaviour
of touchstart, so this check no longer works properly. We might want to
add something similar to GestureHandler in the future, but let's wait
and see what use cases are requested.
With the new gestures we will simulate the cursor being in a different
location than any of the touch points. This is a bit too complex for the
Cursor class, so let's just explicitly tell it where we want the cursor
rendered.
The previous value made the detection too sensitive and it was very
difficult to scroll precisely. A value of 50 pixels should give similar
behaviour to systems that don't do fine grained scrolling.
Add several single and multitouch gestures to simulate various mouse
actions that would otherwise be impossible to perform.
This replaces the old system where you could select which mouse button
a single touch would generate.
This is what the browser wants so it avoids having to spend time
converting everything. Unfortunately it usually means the server instead
needs to convert it for us, but we assume it has more power than we do.
The code that used these were removed in the following commits:
* 9ff86fb718 (RFB._mouse_arr)
* bb6965f2e6 (old_requestAnimationFrame)
* 490d471c53 (Display._c_forceCanvas)
This allows using TigerVNC server with PAM authentication (e.g. agains
LDAP or other extensible authentication mechanisms)
Tested with TigerVNC server (Xvnc -SecurityTypes Plain -PlainUsers '*')
Should not break anything else, this method is tried last when all
other fail.
Tested in Firefox 74 and Chromium 80
If too much text is copied in the session, String.fromCharCode.apply()
would crash in Safari on macOS and Chrome on Linux. This commit fixes
this issue by avoiding apply() altogether. Also added test to cover this
issue.
Supports both classic cursor type and alpha cursor type. In classic
mode the server can send 'inverted' pixels for the cursor, our code
does not support this but handles these pixels as opaque black.
Co-authored-by: Samuel Mannehed <samuel@cendio.se>
It is not relevant for the connection stage so it should not have
been a constructor argument to begin with. Ship with a warning for
a release before we remove it.
The cursor object is only attached to our canvas whilst connecting,
so we need to make sure we don't try to update anything when were
not connected or we'll get a crash.
These are harmless and really only for debugging. So remove them
as they tend to trick people in to thinking something is wrong.
We already print the entire server pixel format earlier anyway in
case we need the details.
It is not necessary as Websock.flush() is guaranteed to succeed and
give us some space. It also remove the call to _fail(), which was
invalid at this place as clientCutText() is not a method on RFB.
* Change copyright header
This updates the copyright header to say "The noVNC Authors". People
who previously had copyright listings are now under the AUTHORS file.
With high DPI systems we can end up with a container with a size that
is not an integer number of CSS pixels. Make sure we can handle those
cases by allowing a fractional size for the output canvas. Framebuffer
size and viewport coordinates are still restricted to integer dimensions
though.
Based on initial patch by Alexander E. Patrakov.
Always use the shorthand notation if the function is a method of an object or class `{ foo() { ... } }` or `class bar { foo() { ... } }`
unless it's a callback in which case you a fat arrow function should be used `{ cb: () => { ... } }`
Some browsers don't support custom cursors, and there are cases
where the browsers refuse to show the cursor. Handle both of these
cases by letting the browser render the cursor via a floating
canvas.
This allows us to support a local cursor at all times.
Siemens' touch panels support Tight authentication as well as NOTUNNEL,
but they fail to advertise the latter. Work around this issue by detecting
a Siemens device (through their custom tunnel types) and assume NOTUNNEL
support even if not advertised.
Pasting clipboard texts that were larger than 10240 bytes didnt work and
caused a crash in noVNC. This commit fixes the crash and adds handling
for sending large clipboard texts. Fixes issue #1065.
Tight PNG rects cannot use the basic compression variants, and PNG
cannot be used in a standard Tight rect.
This is a partial revert of 3e8b26a based on better understanding
of the encoding.
The function removeChild throws an exception when the element specified
doesn't exist. This can happen when opening the websocket throws an
exception during connect. Fixes issue #979
The API allowed strings to be passed from the RFB module to the
application using the disconnect reason. This caused problems since
the application didn't have control over translations for these
strings.
Most of the information being passed using this string was very
technical and not helpful to the end user. One exception to this was
the security result information regarding for example authentication
failures. The protocol allows the VNC server to pass a string
directly to the user in the security result.
So the disconnect reason is replaced by a boolean saying if the
disconnection was clean or not. And for the security result information
from the server, a new event has been added.
Instead of exposing all the internal connection states, the RFB module
will now only send events on connect and on disconnect. This makes it
simpler for the application and gets rid of the double events that were
being sent on disconnect (previously updatestate and disconnect).
Tim Stableford
lhchavez
Pierre Ossman
Samuel Mannehed
Filip Stedronsky
Andrey Trebler
Alex Tanskanen
Niko Lehto
VanyM
Chris "Koying" Browet
Chris J
Shira Maximov
Juanjo Diaz
Mykola Mokhnach
Solly Ross
Alexander E. Patrakov
Leslie Qi Wang
Juanjo Diaz