etherpad-lite/src/node
John McLear 2ba72de1de
feat(pad): suppress deletion token for durable identities + relabel recovery action (#7926) (#7930)
* feat(pad): suppress deletion token for durable identities; relabel recovery action (#7926)

Builds on the allowPadDeletionByAllUsers suppression with the rest of the
ideas discussed on the issue.

Server (handleClientReady):
- A creator's deletion token is now also withheld when they have a *durable*
  identity: authenticated (req.session.user with a username) AND the deployment
  pins that identity to a stable authorID via a getAuthorId hook. Only then does
  the creator path (author === revision-0 author) survive a cookie clear or a
  different device, making the recovery token redundant.
- This deliberately tightens the previous `requireAuthentication => always
  suppress` rule: without a getAuthorId hook the authorID still comes from the
  per-browser token cookie, so an authenticated user on a second device is NOT
  the creator. Withholding the token there would strand them, so they now keep
  getting one. SSO deployments using the documented getAuthorId pattern get the
  clean no-modal experience.
- New `canDeleteWithoutToken` clientVar (allowPadDeletionByAllUsers OR durable
  identity) drives the client label.

Client (pad_editor.ts):
- When canDeleteWithoutToken, the recovery-token disclosure summary is labelled
  plainly "Delete Pad" (reusing the already-translated pad.settings.deletePad
  key) instead of the jargon "Delete with token".

Tests (socketio.ts): anonymous -> token; allowPadDeletionByAllUsers -> none;
authenticated without a getAuthorId hook -> token; authenticated with one ->
none. Verified in a browser for both label/modal outcomes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(pad): render recovery disclosure for all sessions; hide it (not relabel) when no token is needed

Addresses Qodo review on #7930:

1. Token UI fully suppressed when not needed (was: only the summary relabelled).
   When canDeleteWithoutToken (allowPadDeletionByAllUsers or a durable identity),
   pad_editor.ts now hides the whole #delete-pad-with-token disclosure — label,
   token field and submit — so no deletion-token wording remains. With the plain
   "Delete Pad" button present this is also the cleaner UX.

2. Recovery disclosure no longer gated on !requireAuthentication. Because a token
   can now be issued under requireAuthentication when the deployment lacks a
   durable getAuthorId mapping, the template must render the recovery form there
   too — otherwise an authenticated creator gets a token with no UI to enter it
   on another device. It is rendered hidden by default and shown by the client
   only when canDeleteWithoutToken is false.

3. API.createPad aligned: also returns null deletionToken under
   allowPadDeletionByAllUsers, matching the socket/UI path.

Tests: deletePad.ts gains a createPad-under-allowPadDeletionByAllUsers case.
Verified live in Chromium: allowAll -> disclosure hidden, no modal; default
anonymous -> disclosure visible, modal shown.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 14:47:11 +01:00
..
db feat(pad): suppress deletion token for durable identities + relabel recovery action (#7926) (#7930) 2026-06-13 14:47:11 +01:00
eejs chore: migrated settings to esm6 (#7062) 2025-08-04 22:42:50 +02:00
handler feat(pad): suppress deletion token for durable identities + relabel recovery action (#7926) (#7930) 2026-06-13 14:47:11 +01:00
hooks fix(admin): don't let one unreadable pad empty the Manage-pads list (#7935) (#7938) 2026-06-10 10:46:37 +01:00
security Hardening: API request handling, random IDs, and plugin loading (#7906) 2026-06-07 19:17:39 +02:00
types fix(admin/pads): apply filter chip server-side, before pagination (#7798) 2026-05-17 19:43:36 +01:00
updater Fix offline/air-gapped Docker boot: stop pnpm self-provisioning the pinned version (#7911) (#7918) 2026-06-09 09:31:00 +01:00
utils fix(theme-color): dark address bar + no light-flash on dark-OS load (#7606) (#7909) 2026-06-08 21:54:08 +02:00
metrics.ts chore: added prometheus support in Etherpad 2025-08-25 20:34:29 +02:00
padaccess.ts feat: make cookie names configurable with prefix setting (#7450) 2026-04-05 01:58:29 +01:00
prom-instruments.ts feat(metrics): 3 Prometheus counters for scaling dive (#7756) (#7762) 2026-05-15 19:54:42 +01:00
prometheus.ts feat(metrics): 3 Prometheus counters for scaling dive (#7756) (#7762) 2026-05-15 19:54:42 +01:00
README.md Added typescript to etherpad 2024-02-05 21:13:02 +01:00
server.ts fix: eliminate the Windows backend silent-ELIFECYCLE flake (handler gate + Node 24.16.0) (#7866) 2026-05-28 16:12:34 +01:00
stats.ts Added typescript to etherpad 2024-02-05 21:13:02 +01:00

About the folder structure

  • db - all modules that are accessing the data structure and are communicating directly to the database
  • handler - all modules that respond directly to requests/messages of the browser
  • utils - helper modules

Module name conventions

Module file names start with a capital letter and uses camelCase

Where does it start?

server.ts is started directly