Changelog

Added

• Add new unit type Assignment. #600

Changed

• Bump version number to 0.8.6. #1206
• Refactor DownloadController. #913
• Timeout for pdf export tests increased. #1248

Fixed

• Apidoc: parser plugin 'param' not found in block. #1207

Upgrade from 0.8.4 to 0.8.5

• MediaController vulnerabilities #1196 requires database migration

docker-compose run --rm api node migrate.js --up 20190323-course-media

Changelog

Added

• Translatable SnackBarService. #922
• ProgressController GET unit tests & access denial tests in general. #1116
• UnitController GET & DELETE route unit tests for status code 200. #1190
• UnitController status code 403 (not authorized to view / edit course) unit tests for all routes. #1190
• WhitelistController status code 403 unit tests for all routes. #1192
• Sticky header for course view. #1115
• MediaController status code 403 unit tests for all routes. #1196
• CourseMediaMigration to patch the _course properties of a Course's Directory / File tree. #1196

Changed

• Extend ProgressController PUT route to handle both creation and updates. #1116
• Refactor ProgressController unit tests in general. #1116
• Refactor MediaController unit tests in general using the TestHelper. #1196
• Instead of a list of progress data, the ProgressController GET route now responds with a single progress object or an empty object if no data can be found. #1116
• Directory / File schemata and the corresponding interfaces now reference their Course as _course (analogous to the Unit schema). #1196

Removed

• Unused ProgressController GET routes for /courses/ & /users/. #1116
• ProgressController POST route (obviated by extended PUT route). #1116
• Unused WhitelistController PUT route. #1192
• Dependency migrate-mongoose. #1189

Fixed

• TaskUnitComponent.validate validationMode reset. #1116
• CodeKataComponent progress.code loading. #1116
• Code order in the MediaController's createDirectory & createFile. #1196
• Notification scroll bug. #1082

Security

• Close ProgressController vulnerabilities. #1116
• Close UnitController vulnerabilities. #1190
• Close WhitelistController vulnerabilities. #1192
• Close MediaController vulnerabilities. #1196

Changelog

Added

• Export PDF with styled free text units. #997 #1047
• More predefined custom containers. #996
• Styled code snippets. #1017
• LectureController success (200), access denial (403) and not found (404) unit tests for all routes. #1041
• Various NotificationController unit tests (200s, 400s, 403s, 404s). #1065
• Two NotificationSettingsController unit tests for 403 & 404 PUT request errors. #1072
• TestHelper request methods for PUT & DELETE. #1041
• Code kata validation service. #844
• File ↔ video unit display type switching. #912

Fixed

• bundle.scss not available in api container. #1052

Changed

• Update mongoose to 5.4.x. #1003 #1004 #1044 #1077
• Refactor LectureController GET/POST/PUT routes to use async/await. #1041
• Refactor NotificationController unit tests in general. #1065
• Refactor NotificationController to utilize .orFail and the errorCodes file. #1065
• Refactor ExportController & LectureController to utilize .orFail. #1065
• Sanitize {post} /api/lecture/ route parameters by reducing the arbitrary ILecture input to name & description. #1041
• Sanitize NotificationController POST route parameters by taking a targetType and targetId instead of the separate changedCourse/changedLecture/changedUnit which needed a (missing) consistency check. #1065
• Empty success response object in the two NotificationController POST routes. #1065
• Major NotificationSettingsController refactoring and changes in general, plus unit test / front-end adjustments. #1072
• Disable unit submit button when deadline is over. #964
• The background image on the index page. #922

Removed

• Unused Notification class in the front-end. #1065
• Unused NotificationSettings class in the front-end. #1072
• {post} /api/notificationSettings/ route; functionality now handled completely by {put} /api/notificationSettings/. #1072

Fixed

• Some incorrect FixtureUtils return types. #1041 #1065
• LectureController 404 error handling. #1041
• NotificationController 404 error handling. #1065
• NotificationSettingsController 404 PUT error handling. #1072
• Course list broken when course image in invalid state. #1053

Security

• Fix multiple security issues of the LectureController. #1041
• Fix missing teacher authorization check for the two NotificationController POST routes. #1065
• Fix missing NotificationController POST teacher authorization check. #1065
• Fix {get} /api/notification/ response leaks by introducing INotificationView, a reduced and safe variant of the INotification interface. #1065
• Fix response leaks for all three (now two) NotificationSettingsController routes by introducing INotificationSettingsView, a strongly reduced _(no own id) and safe variant of the INotificationSettings interface. #1072
• Secure {get} /api/notification/ by using the @CurrentUser instead of allowing arbitrary id requests. #1065
• Secure {get} /api/notificationSettings/ by using the @CurrentUser instead of allowing arbitrary id requests. #1072
• Secure {put} /api/notificationSettings/ by using the @CurrentUser instead of allowing arbitrary id requests. #1072
• Minimize NotificationSettingsController attack surface by severely simplifying its routes. #1072

Changelog

Added

• Chat system access denial unit tests. #989
• DuplicationController access denial unit tests. #1016
• ExportController access denial unit tests. #1039
• ExportController 404 unit tests. #1039
• DuplicationController 404 unit tests. #1039
• TestHelper class for shared API unit test functionality. #989 #1016
• extractSingleMongoId variant of the ExtractMongoId utility function(s). #989
• Show message count for UnitComponent chat. #933
• Styles for free text units. #867
• Export PDF with styled free text units. #997
• Extend ICourseView with userCanEditCourse & active properties. #924
• Make MongoDB port configurable as DB_PORT. #1034
• IUserPrivileges, IUserEditPrivileges, ICourseUserPrivileges, i.a. for the checkPrivileges methods. #1039

Changed

• Update mongoose to 5.2.x. #1004
• Update contributors list. #1007
• Display only one notification per course update. #914
• Use terser instead of uglify-js. #1018
• ExtractMongoId utility upgrades & streamlining. #989 #1016 #1039
• Switch project license to Apache License, Version 2.0 instead of GPL-3.0. #1033

Removed

• PDF export with styled free text units. #997

Fixed

• Notifications for invisible courses and lectures will no longer be created. #877
• EU-DSGVO: Exclusion of comments in the user chat data export. #998
• Nondeterministic chat system unit test authorization failures. #989
• Unnecessarily verbose DuplicationController route responses. #1016
• Prepare mongoose update. #1003 #1027
• ExportController missing 404 handling. #1039
• DuplicationController missing 404 handling. #1039
• Fix invalid translation key hasBeenDeleted. #1032

Security

• Fix multiple severe security issues of the chat system. #989
• Fix multiple security issues of the three DuplicationController routes. #1016
• Fix missing teacher authorization checks in the ExportController course/lecture/unit routes. #1039
• Update node to latest LTS (Long Term Support) version. #1019

Changelog

Added

• My courses: Make title or teaser image clickable. #904
• EU-DSGVO: Export Chat User Data. #862

Changed

• Minor ConfigController bugs and refactoring-flaws. #899
• Don't pin @types/express to a specific version. #947
• Switched to cookie-based JWT authentication. #840 #968
• Prepare typescript 3.1 upgrade. #967
• Use npm ci instead npm install and cache $HOME/.npm instead of node_modules. #972

Removed

• Remove @types/winston. #945
• Remove the now obsolete 'mediaToken' and JwtPipe systems. #840

Fixed

• Deprecated Messages.count replace with Message.countDocuments. #925
• Deprecated User.count replace with User.countDocuments. #934
• Redirect to initial URL after login. #318
• Error when clicking on notification. #916
• Remove unused controller code. #986

Security

• Progress leak of invisible units and courses #735
• Reduced XSS attack surface by switching from localStorage tokens to HttpOnly, strict SameSite cookie-based JWT authentication. #840

Upgrade from 0.8.0 to 0.8.1

• Invalid course chatroom #942 requires database migration

docker-compose run --rm api node migrate.js --up 20181030-course

Changelog

Fixed

• People can enroll in courses again. #942

Upgrade from 0.7.x to 0.8.0

• Anonymous forum #792 & Unit visibility toggle #660 requires database migration
• fileUnitType for some FileUnit is missing #907

docker-compose run --rm api node migrate.js --up 20180821-course 20180821-unit 20181019-fileUnit 20181020-unit

Changelog

Added

• Cookie information banner. #565
• Course progress can now be exported as a CSV-file. #766
• More EN/DE translations. #753
• Use i18n for new course view. #763
• FileIconService. #607
• Legal notice and privacy declaration. #768
• More NotificationController tests. #772
• Anonymous forum. #46 #857
• Unit-specific comments. #761
• Simple E2E test for login. #795
• Checkboxes for accepting our terms of use and privacy declarations while registering. #778
• PDF course content download functionality. #720, #913, #923
• User data deletion functionality for EU-GDPR compliance. #775
• Personal data export functionality for EU-GDPR compliance. #805
• Guided dialog for adding a whitelist. #727 #509
• JwtPipe to easily append 'mediaToken's to file URLs. #729
• FileComponent to flexibly display a single file e.g. in a new tab. #729
• More DownloadController unit tests, including a new DeleteCache admin-only API. #729
• 'Misc.' front-end admin sub-component with cache-clearing control re. the DeleteCache API. #729
• E2E test for invalid email & password input. #825
• Search function for available courses. #723
• Form validation before submit when creating a new course. #724
• ID validation of the CourseController /api/courses/:id route. #724
• Possibility to add files directly in the file unit. #728
• Execute npm rebuild in docker. #855
• Sentry reporting for missing translations. #858
• Migration for visible field. #890
• Migration for fileUnitType field. #907
• Fixed error on clicking on notification. #916

Changed

• Minor fixes and adaptations and merge-failure fixes. #785
• Reworked existing translations. #753, #906
• Migrate MatSnackBar to SnackBarService. #724 #730
• Reload user list after deleting an account. #724
• getNotificationSettings does not create new notification settings. #731
• Refactored save mechanism of unit edit form. #532
• Moved the 'create course' button into a MatDialog. #725
• Update bcrypt dependency. #774
• Use path-module to extract extensions from filenames. #773
• Update validator dependency. #791
• Appended 'mediaToken' to various file URLs via JwtPipe. #729
• Moved all URL etc. from utetrapp/geli and h-da/geli to current repo geli-lms/geli. #849
• Adjusted nginx config in web-frontend for ws-chat. #839
• Update insecure dependencies. #816
• Updated frontend to Angular 6. #716
• Update Node.js version to 10.8.0. #821
• Update README.md with latest information. #845
• Exit build when no change to CHANGELOG.md. #880
• Use deploy token to push geli-docs. #851, #900, #902
• Adjust CHANGELOG.md for next release. #879, #928
• Exclude pull requests from dependabot from changelog check. #854

Removed

• isCourseTeacherOrAdmin and isMemberOfCourse from UserService. #731
• fs-extra dependency. #780
• winston dependency. #806

Fixed

• Unit export. #42
• Notification settings. #731
• API-doc. #737
• tutor role is now disabled. #710
• Notifications on hidden units. #733
• User input validation for notication settings API. #771
• Identification only via matriculation number. #685
• Typo in UserProfileDialog component. #782
• Missing capitalization typo for common.users EN-translation. #729
• Broken badge links after repository migration. #783 #892
• Invalid response for dependency. #787
• Travis usages after Angular 6 update. #789
• Build with source maps. #797
• Missing import for RxJS operators. #808
• Wrong image URL in profile export. #811
• picture.path backslash issue / regression. #729
• Remaining hard-coded 'upload' strings in the API, now replaced with config.uploadFolder. #729
• Missing @UseBefore middleware in MediaController. #729
• Make E2E login test more stable. #823 #824
• sentry.sh build warning regarding invalid -eq usage. #830 #832
• PDF download fix if text is empty + added path to local PhantomJS. #833
• Wrong reset password translation. #836
• Various flawed code kata translations. #886
• Fix migrations for adding chatrooms to course and unit. #888
• Fix maxium width of main content area #893
• Migrations for adding chatrooms to course and unit. #888, #903, #905
• AuthController addWhitelistedUserToCourses broken condition & typos. #895
• ChatRoomController internal data leak. #897
• Depcreated warning on startup. #920

Security

• Secured the static 'uploads' route by introducing a special 'mediaToken' with new JWT strategy & middleware. #729
• Secured DownloadController → getArchivedFile → id input usage. #729
• (Scrapped experiment of a @Controller-based replacement for the static 'uploads' route: UploadsController. #729)

Many small changes for production use:

Added

• Added the possibility to sort all courses alphabetically. #567
• Added a box for information on the homescreen. #216
• Added an account activation resend feature. #601
• Added SnackBarService as wrapper for MatSnackBar. #574
• Added new course & user API unit tests. #654 #691
• Added details of courseAdmin and teacher to course detail view. on click profiles are shown.#598
• Added small auto linting scripts to package.json #688
• Added changed size of drop down arrows for better usability. #686
• Added new contributors #624
• Added the date and the teacher under each unit #582
• Added E-Mail validation to reset password #597
• Added Language code to header #554
• Added icon for access key #547
• Unit visibility toggle #582

Changed

• Refactored or slightly altered various course & user related APIs. #654 #691
• Removed firstname from resend activation feature and change button positioning. #711
• Refactored register and resend activation to use geli email validator with top level domain check. #713
• Refactored the unitCreator with a forsafe user object. #717
• Changed the text in download course#718
• Removed firstname from resend activation feature and change button positioning. #711
• Refactored register and resend activation to use geli email validator with top level domain check. #713

Fixed

• Fixed route /users/roles #204
• Fixed profile picture will be deleted after changing any other profile data #504
• Fixed some UI issues in create code kata unit #543
• Fixed reading wrong error message across the whole application #572
• Fixed admin can changed his own role #606
• Fixed a typo in admin panel #533
• Fixed an admin cannot delete any courses #647
• Fixed some issues with download a course #659
• Fixed an issue with deleting a course and the notification was not triggered #642
• Fixed Course progress mechanism #593
• Fixed wasteful course data usage via specialized course model interfaces. #654
• Fixed a broken documentation link. #583
• Limited the first and last name to 64 characters in the registration- and edit page. #585
• Added a correct email validator to the user-edit and register components. #564
• Upload of profile pictures now prevents files with forbidden extensions. #581
• Fixed empty course downloads. #659
• Videos in the course now get sized equally and can't grow too big in mobile views. #534
• Fixed missing background on the password reset page. #673
• Fixed notification icon spacing in the navbar for students. #696
• Repair Angular CLI code generation. #701
• Fixed tsconfig.spec.ts for ng test. #656
• Fixed .travis.yml. #706
• Fixed wording of progress display on profile page. #715
• Fixed form validator in create task #579
• Fixed Mongoose pre hook usage #680 #677

Security

• Fixed numerous severe user related security issues. #691 #709
• Fixed multiple severe course related security issues. #594 #653 #691
• Updated the dependencies for security. #661

You need to run the migrations after the update. Backup your DB and run: docker-compose run --rm api node migrate.js --up fileUnit

Adds many new features like

• selective download of the course
• progress dashboard for teacher
• translateable frontend with i18n
• notification system added
• introduces new error message system
• dark theme option
• introducing an api documentation
• courses are ordered by last visit
• user password edit
• adds imprint

Please run the migrations:

docker-compose exec api node migrate.js --up unit
docker-compose exec api node migrate.js --up taskUnit videoUnit