Commit Graph

2575 Commits

Author SHA1 Message Date
Leslie H
24ce54b586
Improve session ID security (#1059)
Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set.

Following is an excerpt from internal conversation.

TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway.

> The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
2024-06-25 15:43:25 -04:00
Florent
550c39156b
Add publiccode.yml (#1056)
Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-06-25 11:37:12 -04:00
Roman Holinec
e007b38115
Translated using Weblate (Slovak)
Currently translated at 29.7% (398 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-25 07:09:26 +02:00
Paul Janzen
3c7623b51b
Translated using Weblate (German)
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2024-06-25 07:09:26 +02:00
Paul Janzen
fbdd896f04
Translated using Weblate (Spanish)
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-06-25 07:09:25 +02:00
Paul Janzen
64dc9e13c9
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt_BR/
2024-06-25 07:09:25 +02:00
Jarosław Sadziński
05214d8f9a (core) Port allocation fix in TestServer
Summary:
- Fixing port allocation in TestServer
- Extending logging in the Billing test
- Fixing negative rowIds support for add/remove actions
- Making FormulaEditor and CardView tests less flacky

Test Plan: Existing

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz, dsagal

Differential Revision: https://phab.getgrist.com/D4280
2024-06-24 22:10:58 +02:00
Roman Holinec
6c2079166c
Translated using Weblate (Slovak)
Currently translated at 27.5% (368 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-23 19:09:30 +00:00
Jordi Gutiérrez Hermoso
7cbb9decc0 README: Rewrite boot page section to reflect new admin page
We removed the boot page in 5dc4706dc7,
but we forgot to update the README to reflect this.
2024-06-20 18:58:15 -04:00
Florent
0ca120a4f4
Add some database documentation (#937)
Start documenting the databases including:
* document ACL and other tables
* Permissions
* Groups, secrets, and other tables

---------

Co-authored-by: jordigh <jordigh@octave.org>
2024-06-20 10:48:30 -04:00
Jordi Gutiérrez Hermoso
91e0a62e91 Dockerfile: remove mention of docker-runner.mjs
When rewriting 1a64910be3, I
accidentally left a stray reference to docker-runner.mjs in there.
Since this file doesn't exist anymore, this prevents Docker builds
from happening.
2024-06-20 09:19:23 -04:00
Jordi Gutiérrez Hermoso
1a64910be3 Dockerfile: use docker-runner.mjs as new entrypoint 2024-06-19 11:56:45 -04:00
Jordi Gutiérrez Hermoso
20035fd58f FlexServer: add new admin restart endpoint
This adds an endpoint for the admin user to be able to signal to a
controlling process to restart the server. This is intended for
`docker-runner.mjs`.
2024-06-19 11:56:45 -04:00
Jordi Gutiérrez Hermoso
2cb38709a5 supervisor: new file
This is a new entrypoint, mostly intended for Docker, so we have one
simple process controlling the main Grist process. The purpose of this
is to be able to make Grist easily restartable with a new environment.
2024-06-19 11:56:45 -04:00
Paul Fitzpatrick
c0ce791e28 (core) updates from grist-core 2024-06-18 13:39:47 -04:00
Jarosław Sadziński
0549e46380 (core) Removing dry option from fixSiteProducts
Summary:
fixSiteProducts was always called with a dry option.
This option was just added for debuging test failure, it should
have been removed.

Test Plan:
Manual.
- on grist core, prepare site with `teamFree` product
- then to recreate run the previous version as
`GRIST_SINGLE_ORG=cool-beans GRIST_DEFAULT_PRODUCT=Free npm start`
- then to confirm it is fixed, run the same command as above
Site should be changed from `teamFree` to `Free`.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4276
2024-06-18 19:30:27 +02:00
Florent
95b2459f25
HomeDBManager refactoration: extract method related to Users management in its own module (#1049)
The HomeDBManager remains the exposed class to the other parts of the code: any module under gen-server/lib/homedb like UsersManager is intended to be used solely by HomeDBManager, and in order to use their methods, an indirection has to be created to pass through HomeDBManager.
2024-06-18 10:57:06 -04:00
github-actions[bot]
8bc8d60fca
automated update to translation keys (#1053)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-06-18 10:54:52 -04:00
Dmitry S
51a34835c5 (core) Disable formula timing UI for non-owners
Summary:
For non-owners, the timing section of Document Settings is now disabled.
For non-editors, the "Reload" section is disabled.

Test Plan: Added a test case for timing being disabled.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4275
2024-06-18 10:18:38 -04:00
Jarosław Sadziński
76d94483ad (core) Adding fixSiteProducts that changes orgs from teamFree to Free product if it was set be default
Summary:
After release on 2024-06-12 (1.1.15) the GRIST_DEFAULT_PRODUCT env variable wasn't respected by the
method that started the server in single org mode. In all deployments (apart from saas), the default product
used for new sites is set to `Free`, but the code that starts the server enforced `teamFree` product.

This change adds a fix routine that fixes this issue by rewriting team sites from `teamFree` product to `Free`
product only if:
- The default product is set to `Free`
- The deployment type is something other then 'saas'.

Additionally there is a test that will fail after 2024.10.01, as this fix should be removed before this date.

Test Plan: Added test

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4272
2024-06-18 15:05:57 +02:00
Paul Fitzpatrick
14a868c460 (core) updates from grist-core 2024-06-14 15:56:51 -04:00
Jarosław Sadziński
1e2991519f (core) Restoring GRIST_DEFAULT_PRODUCT functionality
Summary: The GRIST_DEFAULT_PRODUCT wasn't used for grist-ee, now it is respected.

Test Plan:
I've build grist-ee docker image from github and run it using our instruction (both for recreating the issue and confirming it is fixed)
```
docker run -p 8484:8484 \
  -v $PWD:/persist \
  -e GRIST_SESSION_SECRET=invent-a-secret-here \
  -e GRIST_SINGLE_ORG=cool-beans
  -it gristlabs/grist-ee
```

For grist-core I recreated/confirmed it is fixed it just by `GRIST_SINGLE_ORG=team npm start` in the core folder.
I also created some team sites using stubbed UI and confirmed that they were using the GRIST_DEFAULT_PRODUCT product.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4271
2024-06-14 19:56:49 +02:00
Dmitry S
40c87f4529 (core) Update documentation of certain functions
Summary:
- lookupOne/lookupRecords explain `sort_by` param better, and
  link to more detailed article.
- Incorporate a typo fix from Help Center
- Fix the omission of TASTEME never having been documented.

Test Plan: Corresponding update to Help Center can be reviewed at https://github.com/gristlabs/grist-help/pull/351

Reviewers: jarek

Reviewed By: jarek

Subscribers: jarek

Differential Revision: https://phab.getgrist.com/D4269
2024-06-14 09:52:23 -04:00
Spoffy
b98bad0b93 (core) Makes EE frontend behave as core if EE isn't activated
Summary:
- Makes EE decide which ActivationPage to use
- Makes ProductUpgrades use core implementation if not activated
- Changes banners to proxy to core implementation if EE not activated
- [Fix] Enables new site creation in EE as in Core:
    - Core enables people to freely create new team sites.
    - Enterprise currently redirects to the pricing page.
    - This enables enterprise to also create team sites, instead of
    redirecting.

Test Plan: Manually test in EE, unit tests in Jenkins

Reviewers: paulfitz, jordigh

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4264
2024-06-14 00:43:51 +01:00
Leslie H
a1b5358c86
Update README to rebrand grist-electron (#1039) 2024-06-13 22:26:23 +00:00
Paul Fitzpatrick
e296e168e8 (core) updates from grist-core 2024-06-12 10:13:56 -04:00
Jarosław Sadziński
98176132b0 (core) Renaming installationId metadata for checkUpdateAPI telemetry endpoint.
Summary:
CheckUpdateAPI is now storing client's installation id in a new field called 'deploymentId'.
Previously it was using installationId which is reserved (and overriden) by the home server.

Test Plan: Existing and manual

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4268
2024-06-12 16:01:45 +02:00
Paul Fitzpatrick
856dbef3df
make the example key on admin panel without auth work when insecure (#1024)
The example key shown on the admin panel to users who are not known to be
administrators is generated using a method that is only available in secure
environments. This adds a fallback for insecure environments. The key is less
solid but again, it is just an example, and for an insecure environment.

Tested manually running locally and using a hostname set in /etc/hosts.
2024-06-12 09:34:31 -04:00
Jordi Gutiérrez Hermoso
e6e09e8645 v1.1.15 2024-06-11 23:00:25 -04:00
Roman Holinec
414e0c5e69
Translated using Weblate (Slovak)
Currently translated at 13.7% (184 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-11 16:09:26 +02:00
Paul Fitzpatrick
f071d91a0a (core) updates from grist-core 2024-06-11 09:18:23 -04:00
Dmitry S
f280de6aef (core) Fix for flaky GridViewNewColumnMenu test which may have been flaky because of window resizing.
Test Plan: Only a test change

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4267
2024-06-11 08:43:43 -04:00
Spoffy
e00c7f7d2b
Fixes flaky ViewLayoutCollapse test (#1027)
This fixes the flaky test in "ViewLayoutCollapse.ts": "fix: should not dispose the instance when drag is cancelled".

The 'mouseenter' event wasn't consistently triggering properly on the drop target (LayoutEditor.ts - line 342) when the mouse was moved onto it.

The change simulates a "drag" over the drop target, moving the mouse into multiple positions over it, seemingly fixing the problem.
2024-06-10 21:39:57 +01:00
Spoffy
caa1acdd0d
Attempts to make DropdownConditionEditor tests less flaky (#1026)
Attempts to fix "DropdownConditionEditor in choice columns creates
dropdown conditions", and adds comments to inform future investigators.
2024-06-07 20:07:25 +01:00
Jordi Gutiérrez Hermoso
c3e23ca81e admin: fix warning in websocket probe
This is a small thing, but when visiting the admin, the websocket test
doesn't send valid JSON, which the receiving endpoint expects. This
results in a harmless exception being thrown.

While this test should eventually be modified to be run from the
frontend, for now let's just make a small fix and send valid JSON in
order to avoid that JSON parsing exception.
2024-06-06 18:25:27 -04:00
fflorent
a304b22623 Dockerfile: use tini to reap zombie processes 2024-06-05 16:50:36 -04:00
Paul Fitzpatrick
4358ff8ead
include pyodide in the docker image (#1019)
Grist has for some time supported a sandbox based on pyodide.
It is a bit slower to start than the gvisor-based sandbox, but
can run in situations where it can't. Until now it hasn't been
easy to use when running Grist as a container, since the support
files weren't included. This change rectifies that omission.

Nothing changes by default. But now if you start Grist as a container
and set `GRIST_SANDBOX_FLAVOR=pyodide`, it should work rather than
fail.
2024-06-05 14:29:44 -04:00
George Gevoian
b555bf5d8d
Add user id middleware to form pages (#1020) 2024-06-05 09:18:02 -07:00
gallegonovato
f8a8684fe8
Translated using Weblate (Spanish)
Currently translated at 100.0% (1334 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-06-05 13:09:18 +02:00
Paul Janzen
ebdaadcb9c
Translated using Weblate (Spanish)
Currently translated at 100.0% (1334 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-06-05 13:09:17 +02:00
George Gevoian
72066bf0e4 (core) Support user variable in dropdown conditions
Summary:
Dropdown conditions can now reference a `user` variable, similar to the
one available in Access Rules.

Test Plan: Browser test.

Reviewers: jarek, paulfitz

Reviewed By: jarek, paulfitz

Differential Revision: https://phab.getgrist.com/D4255
2024-06-04 06:56:55 -07:00
Florentina Petcu
7f88d11a25
Translated using Weblate (Romanian)
Currently translated at 80.2% (1071 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2024-06-04 12:09:15 +02:00
Владимир В
b03a0d1639
Translated using Weblate (Russian)
Currently translated at 99.6% (1329 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ru/
2024-06-04 12:09:15 +02:00
Paul Janzen
88e6a3e202
Translated using Weblate (German)
Currently translated at 100.0% (1334 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2024-06-04 12:09:15 +02:00
Paul Janzen
53238b3e7b
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (1334 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt_BR/
2024-06-04 12:09:15 +02:00
Paul Fitzpatrick
50077540e2 (core) updates from grist-core 2024-06-03 12:31:22 -04:00
Leslie H
9c90da7398
Bump minio to v8.0.0 (#991) 2024-06-03 15:20:10 +00:00
Roman Holinec
c27512fee7
Translated using Weblate (Slovak)
Currently translated at 12.4% (166 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-02 19:09:26 +00:00
Franček Prijatelj
7265735b37
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1334 of 1334 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2024-06-02 19:09:25 +00:00
Florentina Petcu
940cff3d7a
Translated using Weblate (Romanian)
Currently translated at 79.8% (1065 of 1333 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/ro/
2024-06-01 10:09:27 +02:00