Most places that check for the presence / absence of credentials compare
them against `undefined`, except the one for Plain authentication.
This change makes the very last place to use the same pattern (instead
of checking for falsiness) for consistency. Additionally, there are ways
to configure PAM to accept empty passwords, so it's possible for a user
to legitimately send an empty string as password.
This work is originally by Ryan Castner <castner.rr@gmail.com> and
submitted as a PR here https://github.com/novnc/noVNC/pull/1362
Architecturally it is much the same except it doesn't rename a lot
of variables to make this more reviewable. It also avoids unrelated
changes such as replacing .onclose with an event listener, which
caused numerous test failures.
It also adds in ppoffice's fix to initialise the buffers.
Like the original author I don't have enough time available to
refactor this project to the new style event listeners.
Review cleanup for RTCDataChannel support (see below)
* More descriptive error when url or channel not set.
* Moved websocket property check to WebSock.
This had unintended consequences in the tests that required some
fixup. Mostly due to some tests not always passing FakeWebsocket.
FakeWebsocket also needs to set the listeners to null to be compatible
with what is in thw browser and expected by the property check code.
The property check code now also takes into account class prototypes
for test compatibility.
* Removed unreachable code.
* Reverted comment.
* Cleanup raw channel reference in rfb on websock close.
* Use readyState to check whether a socket is open rather than assuming.
* Updated RFB constructor documentation
Removed an unused boolean passed to attach
Some people have longer passwords than 256 characters (hooray for
password managers!). Server implementations also allow longer passwords:
TigerVNC allows up to 1024 characters.
Windows behaves very oddly for some Japanese IM keys in that it won't
send a key release event when the key is released. In some keys it never
sends the event, and in some cases it sends the release as the key is
pressed the subsequent time.
Windows doesn't give us stable symbols for a bunch of Japanese IM keys,
instead alternating between two symbols. This state is not synchronised
with the IM running on the remote server so to have stable behaviour we
have to collapse these multiple symbols in to a single keysym.
These are very pointless for the server to send, but not a violation of
the protocol so we need to be able to handle them. We've seen this
happen in real world scenarios a few times.
This timer might fire after the Cursor object has detached from a DOM
element, causing crashes. This will likely not happen in real scenarios,
but the tests are quick enough to trigger this.
The new gesture detection code will always prevent the default behaviour
of touchstart, so this check no longer works properly. We might want to
add something similar to GestureHandler in the future, but let's wait
and see what use cases are requested.
With the new gestures we will simulate the cursor being in a different
location than any of the touch points. This is a bit too complex for the
Cursor class, so let's just explicitly tell it where we want the cursor
rendered.
The previous value made the detection too sensitive and it was very
difficult to scroll precisely. A value of 50 pixels should give similar
behaviour to systems that don't do fine grained scrolling.
This isn't really expected behaviour from a user, i.e. that an extremely
small wheel movement still gives a large scroll event in the remote application.
Add several single and multitouch gestures to simulate various mouse
actions that would otherwise be impossible to perform.
This replaces the old system where you could select which mouse button
a single touch would generate.
This is what the browser wants so it avoids having to spend time
converting everything. Unfortunately it usually means the server instead
needs to convert it for us, but we assume it has more power than we do.
The code that used these were removed in the following commits:
* 9ff86fb718 (RFB._mouse_arr)
* bb6965f2e6 (old_requestAnimationFrame)
* 490d471c53 (Display._c_forceCanvas)
This allows using TigerVNC server with PAM authentication (e.g. agains
LDAP or other extensible authentication mechanisms)
Tested with TigerVNC server (Xvnc -SecurityTypes Plain -PlainUsers '*')
Should not break anything else, this method is tried last when all
other fail.
Tested in Firefox 74 and Chromium 80
If too much text is copied in the session, String.fromCharCode.apply()
would crash in Safari on macOS and Chrome on Linux. This commit fixes
this issue by avoiding apply() altogether. Also added test to cover this
issue.
As a rule, instead of hard-coding a behavior on specific platforms we
should do dynamic detection.
This commit moves away from always hiding scrollbars on Android and iOS
and instead detects the rendered width of scrollbars in the browser.
Internet Explorer seems to flag images as loaded prematurely, which
can result in rendering bugs. We can detect this by looking at the
dimensions though.
Caps Lock on iOS only trigged key release or key press events.
When it's clicked it would only send keydown, and next time
it would only send keyup and so on. It should send both a key press
and a key release.
Also added the unit tests for macOS since those were missing.
Co-Authored-By: Alex Tanskanen <aleta@cendio.se>
There is no obvious choice what works best here, but this is what
TigerVNC has been doing for years without complaints. Let's follow
them until we get reports that this doesn't work well.
The standards have unfortunatly caused some confusion between the Windows
key and the original Meta key. Try to handle the common case sanely at least.
Makes it easier to understand what happens when a real element isn't
passed as a target to updateVisibility(). Also makes the code more
robust to future changes.
Co-authored-by: Alex Tanskanen <aleta@cendio.se>
Co-authored-by: Niko Lehto <nikle@cendio.se>
In the cursor emulation when deciding if the cursor should be hidden -
Instead of checking what's under the cursor, we check the element that
has capture.
This introduced another bug in the cursor emulation. The cursor did not
always disappear properly when using our cursor emulation together with
our setCapture polyfill. More specifically, we saw a problem when a
capture ended on an element without cursor emulation.
We solved this by introducing another visibility check on a timer in
the cursor emulation. However this led to yet another problem where
this timer conflicted with the timer in the setCapture polyfill.
We removed the timeout in the setCapture polyfill and created a
variable to make sure that all the events remaining in the queue can be
completed.
Co-authored-by: Alex Tanskanen <aleta@cendio.se>
Co-authored-by: Niko Lehto <nikle@cendio.se>
It's not obvious that we want to hide the cursor when we get a leave,
it depends on the element that we're leaving to. This makes the code
more robust.
Co-authored-by: Alex Tanskanen <aleta@cendio.se>
Co-authored-by: Niko Lehto <nikle@cendio.se>
The names of many variables were too similar. To make the code easier
to follow we renamed:
* _captureElem to _capturedElem
* _captureElemChanged() to _capturedElemChanged()
* captureElem to proxyElem
* elem to target
Co-authored-by: Alex Tanskanen <aleta@cendio.se>
Co-authored-by: Niko Lehto <nikle@cendio.se>
Pierre Ossman
lhchavez
Tim Stableford
Quentin Dreyer
Samuel Mannehed
Uwe Klatt
Filip Stedronsky
Andrey Trebler
Alex Tanskanen
Niko Lehto
Juanjo Diaz
VanyM
Chris "Koying" Browet
Chris J
Alex Tanskanen