Commit Graph

2104 Commits

Author SHA1 Message Date
Paul Dumais e21ed2e689 Added support for Apple Remote Desktop authentication
Fixed eslint warnings

Fixing tests that failed

Added unit tests for ARD authentication

Fixed an issue with the ARD rfb version number in the unit tests

Fixed issue with username/password lengths

Username and password lengths are now capped at 63 characters each.  Improved code for sign bit on public key bytes.

UTF Encoder username and password before packing it

Change UTF encoding to encode the username and password before packing it to prevent it from being expanded beyond the allowed size.  Public key is truncated to proper key length.

Replaced forge with web crypto for ARD authentication

Changed the way in which the async methods are handled, added unit tests to verify ARD encryption output.

Update .eslintignore
2022-04-04 11:40:19 -04:00
Pierre Ossman a85c85fb5f Follow API changes in commander 7.0.0+
Options now have to be exlicitly requested.
2021-09-28 10:46:41 +02:00
Samuel Mannehed d971c0fe55
Merge pull request #1582 from CendioOssman/preload
Preload status bar images
2021-09-24 16:45:11 +02:00
Pierre Ossman ff077f4656 Preload status bar images
These are used via CSS, which means the browser doesn't load them until
an element actually gets those CSS rules. There can be some delay to
this loading which causes visual glitches. By preloading we can make
sure those images are cached and ready when the status bar appears.
2021-09-24 16:15:31 +02:00
Nia Remez bfefd81d4c Fix typos in Russian translation 2021-09-09 12:46:22 +02:00
Samuel Mannehed 0fd0d57fcd Fix snapcraft publish step
A typo caused it to use the incorrect path
2021-09-09 11:27:51 +02:00
Nia Remez a98d72e2e9 Update Russian translation 2021-09-09 11:25:43 +02:00
Samuel Mannehed 0f4a06ffcd noVNC 1.3.0 beta 2021-09-08 16:06:42 +02:00
Samuel Mannehed f69d55c02f Fix parsing of query string variables
This space that was added here was added to the parsed value of the
query variable. This broke any comparisons with the value, for example
"myvar=true" resulted in a value of "true ".

This was broken by f796b05e42

The commit also adds unit tests for webutil.getConfigVar() that will
detect problems like this in the future.
2021-09-08 15:37:42 +02:00
Samuel Mannehed 7841037618
Merge pull request #1365 from baleeds/feature/detect-parent-resize
feature: Detect parent resize
2021-09-03 17:51:18 +02:00
Samuel Mannehed 1afa18f09e Increase browser version requirements
Now that we use ResizeObserver we know that we require more modern
browsers. The most notable ones here are Firefox and Safari.

With regards to Firefox, while the desktop version has had support
since 69, the Android app requires 79. At the time of writing the
current ESR of Firefox is 78, but the concept of ESR doesn't seem to
exist for Android.

The Safari 13 requirement means we no longer support for example iPhone
5S or the 4th generation of the iPad. These are devices from 2013~2014.
2021-09-03 16:52:20 +02:00
Samuel Mannehed 375f36c575 Modify unit tests to work with ResizeObserver 2021-09-03 16:52:20 +02:00
Benjamin Leeds a9c2ff30b6 Replace window.onresize with ResizeObserver
Fixes an issue where if the screen div resizes for a reason other than
window resize, the canvas wouldn't redraw.
2021-09-01 23:45:55 +02:00
Samuel Mannehed fcb95821b7
Merge pull request #1573 from yatru/security-privacy-url-patch
Security privacy to url parameters
2021-09-01 16:00:19 +02:00
yatru f796b05e42 Add support for URL fragment parameters
Passing parameters as part of the fragment could be considered
benifical from a security or privacy standpoint when compared to query
string parameters. The URL fragment parameters are not sent to the
server.
2021-09-01 14:49:37 +02:00
Samuel Mannehed 0a8ced2cfe Update Swedish translation 2021-08-27 16:12:02 +02:00
Samuel Mannehed 7a76fbb767 Remove duplicate translation string from es.po 2021-08-27 16:04:27 +02:00
Samuel Mannehed cb56f35fab Update the translation template file for v1.3.0 2021-08-27 16:04:27 +02:00
Pierre Ossman 7485e82b72 Update playback test to use new API
Hooking in to the underlying WebSocket after it has been created no
longer works, so clean things up and use the new method of passing an
existing object to the RFB constructor.
2021-07-22 16:56:49 +02:00
Samuel Mannehed d44ddbe186
Merge pull request #1449 from JanZerebecki/manpage
add Man page for launch.sh and rename to novnc_proxy
2021-06-30 16:04:01 +02:00
Jan Zerebecki 89e206c146
add Man page and rename launch.sh to novnc_proxy.
Co-Authored-By: Adam Young <ayoung@redhat.com>
2021-06-25 13:54:04 +02:00
Jose (Ito) Matsuda dd20b17d49 feat: add French localization strings 2021-05-06 22:35:18 -04:00
Samuel Mannehed 8ab18125f9
Merge pull request #1545 from ascillato/patch-2
Update Spanish Translation
2021-04-25 01:20:02 +02:00
Adrian Scillato e283f08d04
Update Spanish Translation
Update Spanish Translation.

Added missing translations. Fixed some typos.
Also, some changes were made to use a more formal and international spanish.
2021-04-23 12:10:53 -03:00
Pierre Ossman dbd519558c Initiate connection from RFB constructor
We need to do this in order to safely attach to existing WebSocket
objects. There may be message events already pending so we must set up
our event handlers before returning.

This means we will now throw errors instead of generating "disconnect"
events on problems as the caller no longer has the opportunity to set up
event handlers.

This might have been the correct approach from the start as it mimics
how e.g. the WebSocket constructor works.
2021-04-18 14:27:57 +02:00
Pierre Ossman de9fc9508c Don't fake open events in Websock
We don't know if the caller is prepared to receive those events right
now as normally they would get them on a fresh new stack later. We also
can't delay delivery since then we might deliver the event after any
pending "message" events.

Better to push the problem one layer up to the caller, which now needs
to be more aware of the state of the WebSocket object it is trying to
use.
2021-04-18 14:26:30 +02:00
Pierre Ossman 9376191fc4 Refuse to use already closed WebSocket objects
We can't do anything useful with them anyway.
2021-04-18 14:26:28 +02:00
Pierre Ossman b7b7e4e26b Provide readyState for Websock objects
It mainly reports the state of the underlying object in consistent
manner.
2021-04-18 14:26:05 +02:00
Pierre Ossman 2244f53774 Move Websock event handlers to own methods
Avoid cluttering up the RFB constructor.
2021-04-18 14:26:02 +02:00
Pierre Ossman 42100e8233 Add unit tests for connect/attach errors 2021-04-18 14:25:59 +02:00
Pierre Ossman ae3c01f782 Add unit tests for passing WebSocket objects 2021-04-18 14:25:03 +02:00
Pierre Ossman f0e4908dec Stop explicitly testing connection states
These are internal and we should be testing the externally observable
behaviour.
2021-04-18 14:24:05 +02:00
Pierre Ossman ae5f3f6909 Revert "Fixed a race condition when attaching to an existing socket"
This reverts commit ef27628c6d. By
bypassing setTimeout() it creates other race conditions so this is not
the proper fix for the issue.
2021-04-16 13:28:47 +02:00
Samuel Mannehed 84f102d6a9
Merge pull request #1537 from TimSBSquare/bugfix/existing-channel-race-condition
Fixed a race condition when attaching to an existing socket
2021-03-30 15:59:37 +02:00
Tim Stableford ef27628c6d Fixed a race condition when attaching to an existing socket
This is an error that presents itself with RTCDataChannel's, I suspect this could not
happen with a pre-existing WebSocket.

If the remote connection creates a data channel then the local (VNC) side gets a channel
created callback. It may also be the case that in that very same tick the socket is also
opened and buffered data received. This meant that (in my tests) about 1/3 of the time
noVNC would fail to respond to the initial message from the server because it was received
and subsequently not handled during that initial tick.

Also made the documentation reflect this new behaviour and document the existing behaviour.
2021-03-30 14:32:04 +01:00
Liddack 89f9ac0016 Add Portuguese (Brazil) translation 2021-03-16 13:30:23 +01:00
lhchavez f9a8c4ccd5 Add VeNCrypt Plain authentication tests
This change adds tests for the VeNCrypt Plain authentication. In doing
that, this also fixes a typo that was introduced in a recent change.
2021-03-13 05:40:38 -08:00
Pierre Ossman 9ca337d3a8 Merge branch 'homogenize-credentials-testing' of https://github.com/lhchavez/noVNC 2021-03-11 16:47:35 +01:00
Pierre Ossman 4c96d4b7bd Merge branch 'feature/support-existing-rtcdatachannel-or-websocket-squashed' of https://github.com/TimSBSquare/noVNC 2021-03-11 16:30:22 +01:00
lhchavez 0c55c64757 Normalize the credentials presence check
Most places that check for the presence / absence of credentials compare
them against `undefined`, except the one for Plain authentication.

This change makes the very last place to use the same pattern (instead
of checking for falsiness) for consistency. Additionally, there are ways
to configure PAM to accept empty passwords, so it's possible for a user
to legitimately send an empty string as password.
2021-03-11 06:42:11 -08:00
Tim Stableford 44d384b99c Added support for RTCDataChannel
This work is originally by Ryan Castner <castner.rr@gmail.com> and
submitted as a PR here https://github.com/novnc/noVNC/pull/1362

Architecturally it is much the same except it doesn't rename a lot
of variables to make this more reviewable. It also avoids unrelated
changes such as replacing .onclose with an event listener, which
caused numerous test failures.

It also adds in ppoffice's fix to initialise the buffers.

Like the original author I don't have enough time available to
refactor this project to the new style event listeners.

Review cleanup for RTCDataChannel support (see below)

* More descriptive error when url or channel not set.
* Moved websocket property check to WebSock.
  This had unintended consequences in the tests that required some
  fixup. Mostly due to some tests not always passing FakeWebsocket.
  FakeWebsocket also needs to set the listeners to null to be compatible
  with what is in thw browser and expected by the property check code.
  The property check code now also takes into account class prototypes
  for test compatibility.
* Removed unreachable code.
* Reverted comment.
* Cleanup raw channel reference in rfb on websock close.
* Use readyState to check whether a socket is open rather than assuming.
* Updated RFB constructor documentation

Removed an unused boolean passed to attach
2021-03-04 18:55:06 +00:00
lhchavez 18593154d3 Allow longer passwords in Plain authentication
Some people have longer passwords than 256 characters (hooray for
password managers!). Server implementations also allow longer passwords:
TigerVNC allows up to 1024 characters.
2021-03-03 17:34:02 -08:00
Pierre Ossman 5a0cceb815 Change phrasing for discussion group link
It's listed with the issue templates, so make sure it follows the same
style in phrasing.
2021-01-15 16:16:38 +01:00
Pierre Ossman d56e042fee Add link to discussion group from issues
So that people can easily find it and not file bug reports for
things that are just questions.
2021-01-15 16:14:40 +01:00
Pierre Ossman babd665c03 Hide link to create blank issues
We want users to use the templates so we don't miss any relevant
information.
2021-01-15 16:08:13 +01:00
NNN1590 199910e63b
Update Japanese translation 2021-01-15 14:04:49 +09:00
Pierre Ossman 4a319c414d Merge branch 'more_noie' of https://github.com/CendioOssman/noVNC 2020-12-30 16:13:52 +01:00
Pierre Ossman adfb99e7ec Update conversion documentation for Node.js
We now only support conversion to CommonJS, in order to support Node.js
older than version 15.
2020-12-30 15:57:02 +01:00
Pierre Ossman 32222304f4 Remove documentation about converting the app
This is no longer possible as we now require browser support for
modules.
2020-12-30 15:56:42 +01:00
Pierre Ossman 4a8efa6bc9 Use snap actions instead of the broken container
The container didn't work properly for our base snap anyway.
2020-12-30 15:46:03 +01:00