mirror of
https://github.com/ether/etherpad-lite.git
synced 2026-07-18 09:04:54 +00:00
ep_readonly_guest is archived (read-only on GitHub) and its authenticate hook unconditionally swaps req.session.user with a read-only guest, even when the request carries an HTTP Authorization header. That silently demoted admin login attempts and stalled the anonymizeAuthorSocket tests for 14 min/run on every with-plugins CI matrix (#7795). The pre-fix theory blamed ep_hash_auth.handleMessage; the actual hook trace is a red herring — handleMessage only fires on the /pad namespace and never on /settings. ep_guest is the maintained successor (same authors, same purpose). 1.0.72 on npm already includes the "defer to basic auth / admin paths" fix backported to ep_readonly_guest by intent here. Swapping the matrix unblocks the anonymizeAuthorSocket suite on Linux, Windows, and the upgrade-from-latest-release workflow. The runtime probe added in #7796 stays — it still catches any other authenticate-hook plugin that rejects the test's plain-text credentials (e.g. a future ep_hash_auth-style hashed-only plugin). Reattribute its comment so future readers don't chase ep_hash_auth. Closes #7795. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| backend-tests.yml | ||
| build-and-deploy-docs.yml | ||
| codeql-analysis.yml | ||
| deb-package.yml | ||
| dependency-review.yml | ||
| docker.yml | ||
| frontend-admin-tests.yml | ||
| frontend-tests.yml | ||
| handleRelease.yml | ||
| installer-test.yml | ||
| load-test.yml | ||
| perform-type-check.yml | ||
| rate-limit.yml | ||
| release.yml | ||
| releaseEtherpad.yml | ||
| snap-build.yml | ||
| snap-publish.yml | ||
| stale.yml | ||
| update-plugins.yml | ||
| upgrade-from-latest-release.yml | ||