Merge branch 'master' into next

# Conflicts:
#	api/parts/mgmt/apps.js
#	plugins/server-stats/api/api.js

Author: ar2rsawseen

CHANGELOG.md

@@ -1,3 +1,52 @@
+## Version 18.08.2
+
+**Fixes**
+
+* [crashes] improved type check
+* [ui] fixed "Email value too long" issue.
+* [slipping-away-users] fix style issue
+* [crashes] fix escaping in crash error and stacktrace
+* [events] updated compare_arrays function for events to have more checks if both passed are arrays
+* [install] fix permission issue
+* [systemlogs] fixed system logs plugin table sorting issue
+* [push] Fix for upload of APN credentials from windows / no mime-aware systems
+* [config] fixes for relative path changes
+* [db]fixed replacement of db name in mongodb connection string
+* [push] Fix for race condition in message status updates
+* [frontend] fix title if not available
+* [data-migration] log redirect url in logger
+* [logger] improve info column formatting
+* [ui] drop down fix
+* [api] deeper escaping of objects
+* [api] more error checks and handling
+* [api] check correctly for finished none http requests
+* [api] fixes for handling unparsable period
+* [api] regular expression checks
+* [security] more cross site scripting preventions
+* [populator] fixed campaign session issue for web apps in populator
+* [nginx] remove server flag
+* [feedback] device_id fix and script for correcting data
+* [frontend] fix not using data on init for today period
+* [frontend] correctly genersate ticks for month buckets
+* [appmanagement] load configuration on new app(on new server)
+* [push] Deny APN app settings update if no file is selected
+
+**Enterprise fixes**
+
+* [push] Approver update
+* [drill] correctly check projection key result type
+* [drill] fix filter render bug
+* [revenue] use user estimation correction
+* [drill] fix switching bucket UI
+
+**New Features**
+* [api] support for multiple errors message
+
+**New Enterprise Features**
+* [drill] added no_map param to display plain country data
+* [dashboard] disabling sharing dashboards
+
+
 ## Version 18.08.1
 
 **Fixes**

Gruntfile.js

@@ -113,6 +113,7 @@ module.exports = function(grunt) {
                     'frontend/express/public/javascripts/utils/webfont.js',
                     'frontend/express/public/javascripts/utils/selectize.min.js',
                     'frontend/express/public/javascripts/utils/vue.min.js',
+                    'frontend/express/public/javascripts/utils/jquery.xss.js',
                     'frontend/express/public/javascripts/countly/countly.common.js'
 
                 ],

README.md

@@ -1,17 +1,51 @@
 
-# Countly Analytics [![Build Status](https://api.travis-ci.org/Countly/countly-server.png?branch=master)](https://travis-ci.org/Countly/countly-server) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/98c2726f2d734697a5f1ac0d453f0a06)](https://app.codacy.com/app/ar2rsawseen/countly-server?utm_source=github.com&utm_medium=referral&utm_content=Countly/countly-server&utm_campaign=Badge_Grade_Dashboard) [![Install Countly on DigitalOcean](https://do.count.ly/button.svg?v2)](http://do.count.ly)
+<h2 align="center"> Countly Analytics </h2>
 
-<br/>
+<p align="center">
 
-![header2](https://count.ly/github/countly-editions.png?v2)
+[![Build Status](https://api.travis-ci.org/Countly/countly-server.png?branch=master)](https://travis-ci.org/Countly/countly-server) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/98c2726f2d734697a5f1ac0d453f0a06)](https://app.codacy.com/app/ar2rsawseen/countly-server?utm_source=github.com&utm_medium=referral&utm_content=Countly/countly-server&utm_campaign=Badge_Grade_Dashboard) [![Install Countly on DigitalOcean](https://do.count.ly/button.svg?v2)](http://do.count.ly)
+
+</p>
 
-<br/>
+<p align="center">
 
-* **We're hiring:** Countly is looking for full stack developers (remote work). [Check out available openings here](https://angel.co/countly/jobs).
-* **Slack user?** [Join our Slack community](https://slack.count.ly)
-* **Questions?** [Ask in our Community forum](http://community.count.ly)
+![header2](https://count.ly/github/countly-editions.png?v2)
 
-## What's Countly?
+</p>
+
+<p align="center">
+	<strong>
+		<a href="https://count.ly/">Website</a>
+		•
+		<a href="https://resources.count.ly">Docs</a>
+		•
+		<a href="https://count.ly/try">Try demo</a>
+        •
+		<a href="https://slack.count.ly">Slack group</a>  
+        •
+		<a href="https://community.count.ly">Community forum</a>
+	</strong>
+</p>
+
+
+## Table of Contents
+
+- [What is Countly?](#what-is-countly)
+- [What is included?](#what-is-included)
+- [What can Countly track?](#what-can-countly-track)
+- [What components does Countly have?](#built-with)
+- [Security](#security)
+- [What makes Countly unique?](#what-makes-countly-unique)
+- [Differences between Community Edition & Enterprise Edition](#differences-between-community-edition--enterprise-edition)
+- [Installing and upgrading Countly server](#installing-and-upgrading-countly-server)
+- [API and Frontend](#api-and-frontend)
+- [Extensibility and plugins](#extensibility-and-plugins)
+- [How can I help you with your efforts?](#how-can-i-help-you-with-your-efforts)
+- [Badges](#badges)
+- [Links](#links)
+
+
+## What is Countly?
 [Countly](http://count.ly) is an innovative, real-time, open source [mobile](https://count.ly/mobile-analytics) & [web analytics](http://count.ly/web-analytics), [rich push notifications](https://count.ly/plugins/rich-push-notifications) and [crash reporting](https://count.ly/plugins/crash-analytics) platform powering more than 2500 web sites, 14000 mobile applications and several tens of thousands of desktop applications as of 2017 Q3. It collects data from mobile, desktop, web apps including Apple Watch, TvOS and other internet-connected devices, and visualizes this information to analyze application usage and end-user behavior. 
 
 With the help of [Javascript SDK](http://github.com/countly/countly-sdk-web), Countly is a web analytics platform with features on par with mobile SDKs. For more information about web analytics capabilities, [see this link](http://count.ly/web-analytics).
@@ -23,7 +57,7 @@ Click on the below image for a 1 minute video introduction to Countly (opens You
 [![Countly Community Edition - Video](https://count.ly/github/countly-community-1min.png)](https://youtu.be/htKeh9bsZwA)
 
 
-## What is included? 
+## What is included?
 
 This repository includes server-side part of Countly, with following features: 
 
@@ -38,7 +72,7 @@ This repository includes server-side part of Countly, with following features:
 
 ![content](https://count.ly/github/countly-highlights.png)
 
-## What can Countly track? 
+## What can Countly track?
 
 [Countly](https://count.ly) can collect and visualize data from iOS, Android, Windows Phone devices, desktop applications (Windows, Mac OS) and web applications. You can find a list of [official and community supported Countly SDK libraries here](https://resources.count.ly/docs/downloading-sdks). Each SDK has its own installation instructions.
 
@@ -55,7 +89,7 @@ Plus lots of [open source libraries](http://resources.count.ly/docs/list-of-open
 
 Security is very important to us. If you discover any issue regarding security, please disclose the information responsibly by sending an email to [email protected] and **not by creating a GitHub issue**.
 
-## What makes Countly unique? 
+## What makes Countly unique?
 
 Countly is a privacy-focused and 360-degree analytics approach with several, unique values:
 
@@ -74,7 +108,7 @@ Countly is a privacy-focused and 360-degree analytics approach with several, uni
 * **Guarantee:** Community Edition is on the bleeding edge regarding version upgrades and with no bugfix guarantee. Enterprise Edition has bugfix guarantee, immediate resolution, verified builds, on-site and automatic version upgrades.
 * **Features:** Enterprise Edition has more features compared to Countly, with a focus on end-to-end analytics and marketing platform. Additional features include but not limited to automated push notifications, drilling on the raw data, user profiles, in-app purchase analytics, retention & engagement, user flows, cohorts and custom dashboards.
 
-## Installing & upgrading Countly server
+## Installing and upgrading Countly server
 
 Countly installation script assumes it is running on a fresh, decent Ubuntu/CentOS/RHEL Linux without any services listening on port 80 or 443 (which should also be open to incoming traffic), and takes care of every library and software required to be installed for Countly to run. 
 
@@ -92,11 +126,11 @@ There are several ways to install Countly:
 
 If you want to upgrade Countly from a previous version, please take a look at [upgrading documentation](http://resources.count.ly/v1.0/docs/upgrading-countly-server).
 
-## API & Frontend
+## API and Frontend
 
 Countly has a [well defined API](http://resources.count.ly), that reads and writes data from/to the Countly backend. Dashboard is built using the read API, so it's possible to fetch any information you see on the dashboard using the Countly API. If you are interested in creating new reports or visualisations in the UI, we recommend checking out the next section for creating plugins.
 
-## Extensibility & plugins 
+## Extensibility and plugins 
 
 Countly is extensible using the [plugin architecture](https://count.ly/plugins). We suggest [you read this document](http://resources.count.ly/docs/plugins-development-introduction) before creating your plugin. We provide support to companies with know-how in need to create their own plugins.
 

api/api.js

@@ -201,6 +201,7 @@ const passToMaster = (worker) => {
 };
 
 if (cluster.isMaster) {
+    console.log("Starting master");
     common.db = plugins.dbConnection();
 
     const workerCount = (countlyConfig.api.workers)
@@ -235,6 +236,7 @@ if (cluster.isMaster) {
     }, 10000);
 }
 else {
+    console.log("Starting worker", process.pid, "parent:", process.ppid);
     const taskManager = require('./utils/taskmanager.js');
     common.db = plugins.dbConnection(countlyConfig);
     //since process restarted mark running tasks as errored
@@ -251,6 +253,11 @@ else {
         }
     });
 
+    process.on('exit', () => {
+        console.log('Exiting due to master exited');
+        process.exit(1);
+    });
+
     plugins.dispatch("/worker", {common: common});
 
     http.Server((req, res) => {
@@ -277,7 +284,7 @@ else {
                 }
             });
         }
-        else if (req.method === 'OPTIONS') {
+        else if (req.method.toLowerCase() === 'options') {
             const headers = {};
             headers["Access-Control-Allow-Origin"] = "*";
             headers["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS";
@@ -286,9 +293,12 @@ else {
             res.end();
         }
         //attempt process GET request
-        else {
+        else if (req.method.toLowerCase() === 'get') {
             processRequest(params);
         }
+        else {
+            common.returnMessage(params, 405, "Method not allowed");
+        }
     }).listen(common.config.api.port, common.config.api.host || '').timeout = common.config.api.timeout || 120000;
 
     plugins.loadConfigs(common.db);

api/parts/data/fetch.js

@@ -1513,7 +1513,7 @@ function getPeriodObj(params) {
         }
         catch (SyntaxError) {
             console.log('Parse period JSON failed');
-            return false;
+            params.qstring.period = "30days";
         }
     }
 

api/parts/jobs/executor.js

@@ -11,6 +11,11 @@ process.on('unhandledRejection', (reason, p) => {
     console.log('Unhandled rejection for %j with reason %j stack ', p, reason, reason ? reason.stack : undefined);
 });
 
+process.on('exit', () => {
+    console.log('Exiting due to master exited');
+    process.exit(1);
+});
+
 /**
  * Entry point for child_process.fork to run a corresponding resource / job.
  */

api/parts/mgmt/apps.js

@@ -241,35 +241,40 @@ appsApi.createApp = function(params) {
     newApp.seq = 0;
 
     common.db.collection('apps').insert(newApp, function(err, app) {
-        var appKey = common.sha1Hash(app.ops[0]._id, true);
-
-        common.db.collection('apps').update({'_id': app.ops[0]._id}, {$set: {key: appKey}}, function() {});
-
-        newApp._id = app.ops[0]._id;
-        newApp.key = appKey;
-
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({ls: -1}, { background: true }, function() {});
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"uid": 1}, { background: true }, function() {});
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"sc": 1}, { background: true }, function() {});
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({
-            "lac": 1,
-            "ls": 1
-        }, { background: true }, function() {});
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"tsd": 1}, { background: true }, function() {});
-        common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"did": 1}, { background: true }, function() {});
-        common.db.collection('app_user_merges' + app.ops[0]._id).ensureIndex({cd: 1}, {
-            expireAfterSeconds: 60 * 60 * 3,
-            background: true
-        }, function() {});
-        common.db.collection('metric_changes' + app.ops[0]._id).ensureIndex({ts: -1}, { background: true }, function() {});
-        common.db.collection('metric_changes' + app.ops[0]._id).ensureIndex({uid: 1}, { background: true }, function() {});
-        plugins.dispatch("/i/apps/create", {
-            params: params,
-            appId: app.ops[0]._id,
-            data: newApp
-        });
+        if (!err && app && app.ops && app.ops[0] && app.ops[0]._id) {
+            var appKey = common.sha1Hash(app.ops[0]._id, true);
+
+            common.db.collection('apps').update({'_id': app.ops[0]._id}, {$set: {key: appKey}}, function() {});
+
+            newApp._id = app.ops[0]._id;
+            newApp.key = appKey;
+
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({ls: -1}, { background: true }, function() {});
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"uid": 1}, { background: true }, function() {});
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"sc": 1}, { background: true }, function() {});
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({
+                "lac": 1,
+                "ls": 1
+            }, { background: true }, function() {});
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"tsd": 1}, { background: true }, function() {});
+            common.db.collection('app_users' + app.ops[0]._id).ensureIndex({"did": 1}, { background: true }, function() {});
+            common.db.collection('app_user_merges' + app.ops[0]._id).ensureIndex({cd: 1}, {
+                expireAfterSeconds: 60 * 60 * 3,
+                background: true
+            }, function() {});
+            common.db.collection('metric_changes' + app.ops[0]._id).ensureIndex({ts: -1}, { background: true }, function() {});
+            common.db.collection('metric_changes' + app.ops[0]._id).ensureIndex({uid: 1}, { background: true }, function() {});
+            plugins.dispatch("/i/apps/create", {
+                params: params,
+                appId: app.ops[0]._id,
+                data: newApp
+            });
         iconUpload(Object.assign({}, params, {app_id: app.ops[0]._id}));
-        common.returnOutput(params, newApp);
+            common.returnOutput(params, newApp);
+        }
+        else {
+            common.returnMessage(params, 500, "Error creating App: " + err);
+        }
     });
 };
 
@@ -619,6 +624,9 @@ appsApi.resetApp = function(params) {
                 });
             }
         }
+        else {
+            common.returnMessage(params, 404, 'App not found');
+        }
     });
 
     return true;

api/parts/mgmt/users.js

@@ -451,7 +451,7 @@ usersApi.deleteUser = function(params) {
         else {
             common.db.collection('auth_tokens').remove({ 'owner': userIds[i] });
             common.db.collection('members').findAndModify({ '_id': common.db.ObjectID(userIds[i]) }, {}, {}, { remove: true }, function(err, user) {
-                if (!err && user && user.ok) {
+                if (!err && user && user.ok && user.value) {
                     plugins.dispatch("/i/users/delete", {
                         params: params,
                         data: user.value

api/utils/common.js

@@ -80,7 +80,7 @@ common.escape_html = function(string, more) {
 * @returns {vary} escaped value
 **/
 function escape_html_entities(key, value, more) {
-    if (typeof value === 'object' && value) {
+    if (typeof value === 'object' && value && (value.constructor === Object || value.constructor === Array)) {
         if (Array.isArray(value)) {
             let replacement = [];
             for (let k = 0; k < value.length; k++) {
@@ -94,7 +94,7 @@ function escape_html_entities(key, value, more) {
                     }
                 }
                 else {
-                    replacement[k] = value[k];
+                    replacement[k] = escape_html_entities(k, value[k], more);
                 }
             }
             return replacement;
@@ -113,7 +113,7 @@ function escape_html_entities(key, value, more) {
                         }
                     }
                     else {
-                        replacement[common.escape_html(k, more)] = value[k];
+                        replacement[common.escape_html(k, more)] = escape_html_entities(k, value[k], more);
                     }
                 }
             }
@@ -969,7 +969,10 @@ common.unblockResponses = function(params) {
 */
 common.returnRaw = function(params, returnCode, body, heads) {
     if (params && params.APICallback && typeof params.APICallback === 'function') {
-        if (!params.blockResponses && !params.res.finished) {
+        if (!params.blockResponses && (!params.res || !params.res.finished)) {
+            if (!params.res) {
+                params.res = {};
+            }
             params.res.finished = true;
             params.APICallback(returnCode === 200, body, heads, returnCode, params);
         }
@@ -1007,7 +1010,10 @@ common.returnRaw = function(params, returnCode, body, heads) {
 */
 common.returnMessage = function(params, returnCode, message, heads) {
     if (params && params.APICallback && typeof params.APICallback === 'function') {
-        if (!params.blockResponses && !params.res.finished) {
+        if (!params.blockResponses && (!params.res || !params.res.finished)) {
+            if (!params.res) {
+                params.res = {};
+            }
             params.res.finished = true;
             params.APICallback(returnCode === 200, JSON.stringify({result: message}), heads, returnCode, params);
         }
@@ -1062,7 +1068,10 @@ common.returnMessage = function(params, returnCode, message, heads) {
 */
 common.returnOutput = function(params, output, noescape, heads) {
     if (params && params.APICallback && typeof params.APICallback === 'function') {
-        if (!params.blockResponses && !params.res.finished) {
+        if (!params.blockResponses && (!params.res || !params.res.finished)) {
+            if (!params.res) {
+                params.res = {};
+            }
             params.res.finished = true;
             params.APICallback(true, output, heads, 200, params);
         }