etherpad-lite/src/node/db
John McLear 2ba72de1de
feat(pad): suppress deletion token for durable identities + relabel recovery action (#7926) (#7930)
* feat(pad): suppress deletion token for durable identities; relabel recovery action (#7926)

Builds on the allowPadDeletionByAllUsers suppression with the rest of the
ideas discussed on the issue.

Server (handleClientReady):
- A creator's deletion token is now also withheld when they have a *durable*
  identity: authenticated (req.session.user with a username) AND the deployment
  pins that identity to a stable authorID via a getAuthorId hook. Only then does
  the creator path (author === revision-0 author) survive a cookie clear or a
  different device, making the recovery token redundant.
- This deliberately tightens the previous `requireAuthentication => always
  suppress` rule: without a getAuthorId hook the authorID still comes from the
  per-browser token cookie, so an authenticated user on a second device is NOT
  the creator. Withholding the token there would strand them, so they now keep
  getting one. SSO deployments using the documented getAuthorId pattern get the
  clean no-modal experience.
- New `canDeleteWithoutToken` clientVar (allowPadDeletionByAllUsers OR durable
  identity) drives the client label.

Client (pad_editor.ts):
- When canDeleteWithoutToken, the recovery-token disclosure summary is labelled
  plainly "Delete Pad" (reusing the already-translated pad.settings.deletePad
  key) instead of the jargon "Delete with token".

Tests (socketio.ts): anonymous -> token; allowPadDeletionByAllUsers -> none;
authenticated without a getAuthorId hook -> token; authenticated with one ->
none. Verified in a browser for both label/modal outcomes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(pad): render recovery disclosure for all sessions; hide it (not relabel) when no token is needed

Addresses Qodo review on #7930:

1. Token UI fully suppressed when not needed (was: only the summary relabelled).
   When canDeleteWithoutToken (allowPadDeletionByAllUsers or a durable identity),
   pad_editor.ts now hides the whole #delete-pad-with-token disclosure — label,
   token field and submit — so no deletion-token wording remains. With the plain
   "Delete Pad" button present this is also the cleaner UX.

2. Recovery disclosure no longer gated on !requireAuthentication. Because a token
   can now be issued under requireAuthentication when the deployment lacks a
   durable getAuthorId mapping, the template must render the recovery form there
   too — otherwise an authenticated creator gets a token with no UI to enter it
   on another device. It is rendered hidden by default and shown by the client
   only when canDeleteWithoutToken is false.

3. API.createPad aligned: also returns null deletionToken under
   allowPadDeletionByAllUsers, matching the socket/UI path.

Tests: deletePad.ts gains a createPad-under-allowPadDeletionByAllUsers case.
Verified live in Chromium: allowAll -> disclosure hidden, no modal; default
anonymous -> disclosure visible, modal shown.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 14:47:11 +01:00
..
API.ts feat(pad): suppress deletion token for durable identities + relabel recovery action (#7926) (#7930) 2026-06-13 14:47:11 +01:00
AuthorManager.ts feat(gdpr): admin UI for author erasure (follow-up to #7550) (#7667) 2026-05-14 08:11:48 +01:00
DB.ts fix: page sessionstorage cleanup to avoid OOM (#7830) (#7831) 2026-05-22 10:56:35 +01:00
GroupManager.ts feat(gdpr): pad deletion controls (PR1 of #6701) (#7546) 2026-05-01 13:50:04 +01:00
Pad.ts fix(pad): show saved-revision markers in in-pad history mode (#7946) (#7948) 2026-06-12 12:12:36 +01:00
PadDeletionManager.ts feat(gdpr): pad deletion controls (PR1 of #6701) (#7546) 2026-05-01 13:50:04 +01:00
PadManager.ts chore: migrated settings to esm6 (#7062) 2025-08-04 22:42:50 +02:00
ReadOnlyManager.ts chore: moved first files to esm (#7061) 2025-08-04 19:59:28 +02:00
SecurityManager.ts chore: migrated settings to esm6 (#7062) 2025-08-04 22:42:50 +02:00
SessionManager.ts chore: moved first files to esm (#7061) 2025-08-04 19:59:28 +02:00
SessionStore.ts fix: page sessionstorage cleanup to avoid OOM (#7830) (#7831) 2026-05-22 10:56:35 +01:00