Merge branch 'master' into fix/70354-adjust-access-token-parser

CHANGES.md

@@ -1,6 +1,10 @@
 # CHANGES
 
-## v4.2.19-RC
+## v4.2.20-RC
+
+* 
+
+## v4.2.19
 
 * Feature: Set max-age of the user's cookie with the env var `SESSION_MAX_AGE`
 * Feature: Set max-age of the user's cookie in admin page

package.json

@@ -1,6 +1,6 @@
 {
   "name": "growi",
-  "version": "4.2.19-RC",
+  "version": "4.2.20-RC",
   "description": "Team collaboration software using markdown",
   "tags": [
     "wiki",

src/server/form/invited.js

@@ -5,5 +5,5 @@ const field = form.field;
 module.exports = form(
   field('invitedForm.username').required().is(/^[\da-zA-Z\-_.]+$/),
   field('invitedForm.name').required(),
-  field('invitedForm.password').required().is(/^[\x20-\x7F]{6,}$/),
+  field('invitedForm.password').required().is(/^[\x20-\x7F]*$/).minLength(6),
 );

src/server/form/register.js

@@ -6,6 +6,6 @@ module.exports = form(
   field('registerForm.username').required().is(/^[\da-zA-Z\-_.]+$/),
   field('registerForm.name').required(),
   field('registerForm.email').required(),
-  field('registerForm.password').required().is(/^[\x20-\x7F]{6,}$/),
+  field('registerForm.password').required().is(/^[\x20-\x7F]*$/).minLength(6),
   field('registerForm[app:globalLang]'),
 );

src/server/routes/apiv3/share-links.js

@@ -28,6 +28,7 @@ module.exports = (crowi) => {
   const csrf = require('../../middlewares/csrf')(crowi);
   const apiV3FormValidator = require('../../middlewares/apiv3-form-validator')(crowi);
   const ShareLink = crowi.model('ShareLink');
+  const Page = crowi.model('Page');
 
 
   /**
@@ -35,7 +36,7 @@ module.exports = (crowi) => {
    *
    *  paths:
    *    /share-links/:
-   *      post:
+   *      get:
    *        tags: [ShareLink]
    *        description: get share links
    *        parameters:
@@ -103,6 +104,15 @@ module.exports = (crowi) => {
 
   router.post('/', loginRequired, csrf, validator.shareLinkStatus, apiV3FormValidator, async(req, res) => {
     const { relatedPage, expiredAt, description } = req.body;
+
+    const page = await Page.findByIdAndViewer(relatedPage, req.user);
+
+    if (page == null) {
+      const msg = 'Page is not found or forbidden';
+      logger.error('Error', msg);
+      return res.apiv3Err(new ErrorV3(msg, 'get-shareLink-failed'));
+    }
+
     const ShareLink = crowi.model('ShareLink');
 
     try {

src/server/views/widget/page_content.html

@@ -24,7 +24,7 @@
   data-page-last-update-username="{% if page && page.lastUpdateUser %}{{ page.lastUpdateUser.name }}{% endif %}"
   data-page-updated-at="{% if page %}{{ page.updatedAt|datetz('Y/m/d H:i:s') }}{% endif %}"
   data-page-delete-username="{% if page && page.deleteUser %}{{ page.deleteUser.name }}{% endif %}"
-  data-page-deleted-at="{% if page %}{{ page.deletedAt|datetz('Y/m/d H:i:s') }}{% endif %}"
+  data-page-deleted-at="{% if page && page.deletedAt %}{{ page.deletedAt|datetz('Y/m/d H:i:s') }}{% endif %}"
   data-page-has-children="{% if pages.length > 0 %}true{% else %}false{% endif %}"
   data-page-user="{% if pageUser %}{{ pageUser|json }}{% else %}null{% endif %}"
   data-page-ids-of-seen-users="{{ page.seenUsers|slice(-15)|default([])|reverse|join(',') }}"