Commit Graph

1056 Commits

Author SHA1 Message Date
Dmitry S
fbc0418118 (core) Fix CustomView taking up more height than page layout gives it.
Summary:
Each view type currently responsible for fitting appropriately within the box
it's given (e.g. deciding which container is scrollable). CustomView wasn't
doing a good job of it, particularly when showing "columns aren't mapped"
message.

Test Plan:
Only CSS affected. Checked manually on FF, Chrome, Safari that CustomViews take
the right amount of space, and scroll well, in 3 situations: not-mapped,
not-configured, and a functional widget.

Reviewers: jarek

Reviewed By: jarek

Subscribers: jarek

Differential Revision: https://phab.getgrist.com/D4316
2024-08-13 12:34:28 -04:00
Dmitry S
5ef54b278f (core) When getting error details for on-demand formulas, provide an explanation
Summary:
Since formula errors are typically obtained from the Python data engine, they
were not returning any info for errors in on-demand tables (not loaded into the
data engine). This change implements a detailed message to explain such errors,
mainly to point out that on-demand table is the reason.

Test Plan: Added a check to the OnDemand test that formula error details are shown.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4317
2024-08-13 12:34:08 -04:00
Dmitry S
69aabd1ae0 (core) Limit related videos when playing onboarding video tour from home page
Summary:
When video is opened from the app homepage, it opens in a popup, which stays
open when it ends. The rel=0 parameter limits the related videos shown at the
end to those from the same channel, avoiding surprising unrelated videos.

This doesn't affect the video shown during initial onboarding, since that once
auto-closes when it ends.

Test Plan: Tested manually

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4313
2024-08-09 19:24:09 -04:00
Paul Fitzpatrick
9b8d0c9fac (core) updates from grist-core 2024-08-09 17:56:34 -04:00
Dmitry S
4ed90faf79 (core) Fix more tests: bundleSize and Embed
Summary:
1. Unclear why Embed fails often. Locally, it fails for me every time, and
   this tweak makes it pass (while still keeping the test useful).
2. Reduced back main bundle's size by removing dependency of some common
   elements on the full AdminPanel. Updated expected size of errorPages
   bundle to the new reduced size.

Test Plan: No changes to functionality; relying on existing tests to verify that.

Reviewers: jordigh

Reviewed By: jordigh

Subscribers: georgegevoian, jordigh

Differential Revision: https://phab.getgrist.com/D4315
2024-08-09 16:08:31 -04:00
Florent
fde6c8142d
Support nonce and acr with OIDC + other improvements and tests (#883)
* Introduces new configuration variables for OIDC:
  - GRIST_OIDC_IDP_ENABLED_PROTECTIONS
  - GRIST_OIDC_IDP_ACR_VALUES
  - GRIST_OIDC_IDP_EXTRA_CLIENT_METADATA
* Implements all supported protections in oidc/Protections.ts
* Includes a better error page for failed OIDC logins
* Includes some other improvements, e.g. to logging, to OIDC
* Adds a large unit test for OIDCConfig
* Adds support for SERVER_NODE_OPTIONS for running tests
* Adds to documentation/develop.md info about GREP_TESTS, VERBOSE, and SERVER_NODE_OPTIONS.
2024-08-08 15:35:37 -04:00
Paul Fitzpatrick
773588f795 (core) updates from grist-core 2024-08-07 14:06:59 -04:00
Jordi Gutiérrez Hermoso
952544432e UserManager: show proper org domain (#476)
We had `getgrist.com` hardcoded here, which only works for SaaS. The
base domain as well as the way that orgs are encoded in the URL can be
different in other circumstances.

If we are encoding orgs in the domain name, that's easy. We just do
`orgname.base.domain.name`. If we are not, then we first try a base
domain, and if that isn't set, we'll use the domain of the home
server.
2024-08-06 14:39:43 -04:00
George Gevoian
1ce26ea6f5 (core) Fix typo in tutorial card
Test Plan: N/A

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4308
2024-08-06 09:53:49 -04:00
Jordi Gutiérrez Hermoso
4bfcbf20ac markdown: document this function 2024-08-05 13:21:09 -04:00
Jordi Gutiérrez Hermoso
1b6a80335f AdminPanel: add the toggle for enterprise
Final ingredient. This surfaces the work in creating the backend
config API, the frontend model, the grainjs observable, and the
grainjs DOM and CSS components.
2024-07-30 13:41:47 -04:00
Jordi Gutiérrez Hermoso
ffe3b22378 ToggleEnterpriseWidget: new frontend toggle for the admin
Strongly patterned after SupportGristPage. In fact, it has almost the
same structure.

Perhaps one day it would be possible to synchronise the logic between
the two toggles even further, but I couldn't see a simple way to do so
now. For now, some code structure duplication seemed easiest in lieau
of more abstractions.
2024-07-30 13:41:47 -04:00
Jordi Gutiérrez Hermoso
0bf3f9bc43 markdown: new utility module
Since we've started using Markdown, why not a simple utility function
to start using it?
2024-07-30 13:41:47 -04:00
Jordi Gutiérrez Hermoso
4621b67c8e AdminToggleCss: factor out CSS from SupportGristPage
We will create a new enterprise toggle, so we will need to share the same CSS.
2024-07-30 13:41:47 -04:00
Jordi Gutiérrez Hermoso
f0cf86be8e ToggleEnterpriseModel: new GrainJS model to handle changes to config API
Patterned after TelemetryModel.ts
2024-07-30 13:41:47 -04:00
Paul Fitzpatrick
5dbdb5c06c (core) updates from grist-core 2024-07-29 17:20:32 -04:00
Dmitry S
bb0213ecbe (core) Fix regression that caused Date/DateTime series to be treated as categorical data
Test Plan: Tested manually with a Date and DateTime column type.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4305
2024-07-29 12:52:57 -07:00
Jordi Gutiérrez Hermoso
c9f9b70b67 apiconsole: allow uploads in console
By adding an XHR to "Try it out" requests, we can make non-JSON
requests pass a CORS check.
2024-07-26 09:09:11 -04:00
Jarosław Sadziński
61942f6f4b (core) Adding confirmation before remove last widget for a table
Summary:
When last widget for a table is removed, user is informed
about that and can decide between removing the widget and removing
both table and widget

Test Plan: Updated

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4295
2024-07-25 16:42:19 +02:00
George Gevoian
4740f1f933 (core) Update onboarding flow
Summary:
A new onboarding page is now shown to all new users visiting the doc
menu for the first time. Tutorial cards on the doc menu have been
replaced with a new version that tracks completion progress, alongside
a new card that opens the orientation video.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4296
2024-07-23 11:49:23 -04:00
Paul Fitzpatrick
3fd8719d8a (core) updates from grist-core 2024-07-23 10:26:49 -04:00
Jarosław Sadziński
8162a6d959 (core) Treating x axis as category for bar chart
Summary: Forcing category xaxis type for bar chart when labels are not numerical.

Test Plan: Added new and updated existing

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4297
2024-07-23 15:41:38 +02:00
Grégoire Cutzach
0272b67240
fix #1035 : Column alignment when zoom font only settings in browser (#1036)
Use rem value instead of fixed pixel where needed.
Removed inline style 52px for .gridview_data_row_num
2024-07-23 14:55:03 +02:00
Dmitry S
063df75204 (core) Forms improvements: mouse selection in firefox, focus, and styling
Summary:
- Remove unused Form file (Label.ts)
- Fix Firefox-specific bug in Forms, where mouse selection wasn't working in textarea.
- Focus and set cursor in textarea on click.
- Save on blur but only when focus stays within the Grist app, as for editing cells.
- Make paragraph margins of rendered form match those in the form editor.

Test Plan: Tested manually on Firefox and Chrome; relying on existing tests that nothing broke.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4281
2024-07-17 08:55:04 -04:00
George Gevoian
b5e0e020ef (core) Disable SelectionSummary when diffing documents
Summary:
Cell values can't be summarized if they are diffs of two different
document versions. This was causing a JS error to be thrown when
comparing snapshots.

Test Plan: Browser test.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4292
2024-07-16 09:52:07 -04:00
Paul Fitzpatrick
6171a012db (core) updates from grist-core 2024-07-08 08:52:56 -04:00
Jarosław Sadziński
9c4814e7aa (core) Bundling save funciton in the field editor
Summary:
Some editors do some async work before saving the value (Ref column can add new
records). Those actions were send without bundling, so it wasn't possible to undo those
actions with togheter.

Test Plan: Added new test

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4285
2024-07-05 08:58:09 +02:00
CamilleLegeron
0bfdaa9c02
Add authorization header in webhooks stored in secrets table (#941)
Summary:
Adding authorization header support for webhooks.

Issue:  https://github.com/gristlabs/grist-core/issues/827

---------

Co-authored-by: Florent <florent.git@zeteo.me>
2024-07-04 14:17:10 +02:00
Jarosław Sadziński
7f28aee79c (core) Billing updates
Summary:
- Adding confirmation dialog when user doesn't want to cancel site
- Changing `Cancel subscription` to `Cancel plan`
- Removing `Pro` from upgrade header on pricing modal
- Better handling situation when there is no default price
- Removing mentions about sprouts program
- Removing cache for stripe plans

Test Plan: Updated tests

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4273
2024-07-03 09:18:50 +02:00
Leslie H
24ce54b586
Improve session ID security (#1059)
Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set.

Following is an excerpt from internal conversation.

TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway.

> The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
2024-06-25 15:43:25 -04:00
Dmitry S
51a34835c5 (core) Disable formula timing UI for non-owners
Summary:
For non-owners, the timing section of Document Settings is now disabled.
For non-editors, the "Reload" section is disabled.

Test Plan: Added a test case for timing being disabled.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4275
2024-06-18 10:18:38 -04:00
Jarosław Sadziński
1e2991519f (core) Restoring GRIST_DEFAULT_PRODUCT functionality
Summary: The GRIST_DEFAULT_PRODUCT wasn't used for grist-ee, now it is respected.

Test Plan:
I've build grist-ee docker image from github and run it using our instruction (both for recreating the issue and confirming it is fixed)
```
docker run -p 8484:8484 \
  -v $PWD:/persist \
  -e GRIST_SESSION_SECRET=invent-a-secret-here \
  -e GRIST_SINGLE_ORG=cool-beans
  -it gristlabs/grist-ee
```

For grist-core I recreated/confirmed it is fixed it just by `GRIST_SINGLE_ORG=team npm start` in the core folder.
I also created some team sites using stubbed UI and confirmed that they were using the GRIST_DEFAULT_PRODUCT product.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4271
2024-06-14 19:56:49 +02:00
Spoffy
b98bad0b93 (core) Makes EE frontend behave as core if EE isn't activated
Summary:
- Makes EE decide which ActivationPage to use
- Makes ProductUpgrades use core implementation if not activated
- Changes banners to proxy to core implementation if EE not activated
- [Fix] Enables new site creation in EE as in Core:
    - Core enables people to freely create new team sites.
    - Enterprise currently redirects to the pricing page.
    - This enables enterprise to also create team sites, instead of
    redirecting.

Test Plan: Manually test in EE, unit tests in Jenkins

Reviewers: paulfitz, jordigh

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4264
2024-06-14 00:43:51 +01:00
Paul Fitzpatrick
856dbef3df
make the example key on admin panel without auth work when insecure (#1024)
The example key shown on the admin panel to users who are not known to be
administrators is generated using a method that is only available in secure
environments. This adds a fallback for insecure environments. The key is less
solid but again, it is just an example, and for an insecure environment.

Tested manually running locally and using a hostname set in /etc/hosts.
2024-06-12 09:34:31 -04:00
George Gevoian
72066bf0e4 (core) Support user variable in dropdown conditions
Summary:
Dropdown conditions can now reference a `user` variable, similar to the
one available in Access Rules.

Test Plan: Browser test.

Reviewers: jarek, paulfitz

Reviewed By: jarek, paulfitz

Differential Revision: https://phab.getgrist.com/D4255
2024-06-04 06:56:55 -07:00
Paul Fitzpatrick
50077540e2 (core) updates from grist-core 2024-06-03 12:31:22 -04:00
Spoffy
587d187453
Removes spacing from admin page auth translation key (#1001)
Updates the authentication message on the admin page, removing newlines and tabs. 

This cleans up the formatting of the resulting translation key (in `en.client.json`). 

Context: https://github.com/gristlabs/grist-core/pull/987#discussion_r1603799796
2024-05-30 15:32:32 +01:00
CamilleLegeron
5956c20c29
feat: add new translations (#1004) 2024-05-29 11:02:00 -07:00
George Gevoian
c469a68d6e (core) Removing virtual tables when they are not needed
Summary:
Clearing virtual tables after user navigates away from the pages
that show them. Leaving them behind will reveal them on the Raw
Data page, with a buggy experience as user can't view the data
there.

Test Plan: Extended tests.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: jarek, georgegevoian

Differential Revision: https://phab.getgrist.com/D4258
2024-05-29 08:46:49 -07:00
Paul Fitzpatrick
5dc4706dc7
reconcile boot and admin pages further (#963)
This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
2024-05-23 16:40:31 -04:00
Paul Fitzpatrick
76a43129f1 (core) updates from grist-core 2024-05-23 13:27:59 -04:00
George Gevoian
31722de2eb (core) Fix drag selection bug in add row
Summary:
Relaxes selection restrictions on the add row, which was causing a
bug where the row above the add row was also being selected
whenever drag selection was started from the add row.

Test Plan: Browser test.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4253
2024-05-22 14:11:17 -07:00
Jarosław Sadziński
a6ffa6096a (core) Adding UI for timing API
Summary:
Adding new buttons to control the `timing` API and a way to view the results
using virtual table features.

Test Plan: Added new

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4252
2024-05-22 14:56:53 +02:00
Jarosław Sadziński
60423edc17 (core) Customizable stripe plans.
Summary:
- Reading plans from Stripe, and allowing Stripe to define custom plans.
- Storing product features (aka limits) in Stripe, that override those in db.
- Adding hierarchical data in Stripe. All features are defined at Product level but can be overwritten on Price levels.
- New options for Support user to
-- Override product for team site (if he is added as a billing manager)
-- Override subscription and customer id for a team site
-- Attach an "offer", an custom plan configured in stripe that a team site can use
-- Enabling wire transfer for subscription by allowing subscription to be created without a payment method (which is customizable)

Test Plan: Updated and new.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4201
2024-05-19 09:09:19 +02:00
CamilleLegeron
6443c9f914
feat: add translation of vue types when added (#946) 2024-05-17 11:55:24 -07:00
Spoffy
b4acb157f8
Displays the current authentication mechanism in the admin panel (#981)
* Adds authentication mechanism to admin panel

Adds field to the "Security settings" admin display, showing the
currently configured authentication mechanism.

* Adds 14px margin to admin panel names
2024-05-16 18:09:38 +01:00
Grégoire Cutzach
d8f4e075fe
feat: ADD Terms of service link (#985)
Adds an optional terms of service link for sites that need it.

---------

Co-authored-by: Jonathan Perret <j-github@jonathanperret.net>
2024-05-16 11:31:37 -04:00
Grégoire Cutzach
bb249ff462
fix: cancel when escape (#986) 2024-05-16 17:15:14 +02:00
George Gevoian
ed9514bae0 (core) Revert Safari overflow fix
Summary: The fix introduced a regression.

Test Plan: Existing tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4254
2024-05-15 12:29:51 -07:00
Dmitry S
3267012226 (core) Attempt to fix truncated div issues for menu popups on Safari
Summary:
This affects the "Add Column" submenu under the sort-and-filter dropdown. The
explicit overflow setting (which *should* be the default) seems to fix it.

Test Plan: Tested manually on Safari 17.3 on Mac

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: jarek, georgegevoian

Differential Revision: https://phab.getgrist.com/D4249
2024-05-14 18:44:48 -04:00