Merge branch 'master' into dependabot/npm_and_yarn/form-data-4.0.1

Author: ar2rsawseen

.github/workflows/main.yml

@@ -10,6 +10,11 @@ on:
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+    inputs:
+      custom_tag:
+        description: 'Custom Docker tag (optional)'
+        required: false
+        default: ''
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -74,7 +79,7 @@ jobs:
           - 27017:27017
 
     container:
-      image: countly/countly-core:pipelines-${{ github.base_ref || github.ref_name }}
+      image: countly/countly-core:pipelines-${{ inputs.custom_tag || github.base_ref || github.ref_name  }}
       env:
         COUNTLY_CONFIG__MONGODB_HOST: mongodb
         COUNTLY_CONFIG_API_PREVENT_JOBS: true
@@ -131,7 +136,7 @@ jobs:
           - 27017:27017
 
     container:
-      image: countly/countly-core:pipelines-${{ github.base_ref || github.ref_name }}
+      image: countly/countly-core:pipelines-${{ inputs.custom_tag || github.base_ref || github.ref_name }}
       env:
         COUNTLY_CONFIG__MONGODB_HOST: mongodb
         COUNTLY_CONFIG_API_PREVENT_JOBS: true
@@ -178,7 +183,7 @@ jobs:
           - 27017:27017
 
     container:
-      image: countly/countly-core:pipelines-${{ github.base_ref || github.ref_name }}
+      image: countly/countly-core:pipelines-${{ inputs.custom_tag || github.base_ref || github.ref_name }}
       env:
         COUNTLY_CONFIG__MONGODB_HOST: mongodb
         COUNTLY_CONFIG_API_PREVENT_JOBS: true
@@ -231,7 +236,7 @@ jobs:
           - 27017:27017
 
     container:
-      image: countly/countly-core:pipelines-${{ github.base_ref || github.ref_name }}
+      image: countly/countly-core:pipelines-${{ inputs.custom_tag || github.base_ref || github.ref_name }}
       env:
         COUNTLY_CONFIG__MONGODB_HOST: mongodb
         COUNTLY_CONFIG_API_PREVENT_JOBS: true
@@ -281,7 +286,8 @@ jobs:
           /sbin/my_init &
           cd ui-tests
           npm install
-          npm run cy:run:dashboard
+          xvfb-run --auto-servernum --server-args="-screen 0 1280x1024x24" \
+          npm run cy:run:dashboard --headless --no-sandbox --disable-gpu --disable-dev-shm-usage
 
       - name: Upload UI tests artifacts
         if: ${{ failure() }}
@@ -308,7 +314,7 @@ jobs:
           - 27017:27017
 
     container:
-      image: countly/countly-core:pipelines-${{ github.base_ref || github.ref_name }}
+      image: countly/countly-core:pipelines-${{ inputs.custom_tag || github.base_ref || github.ref_name }}
       env:
         COUNTLY_CONFIG__MONGODB_HOST: mongodb
         COUNTLY_CONFIG_API_PREVENT_JOBS: true
@@ -354,7 +360,8 @@ jobs:
           /sbin/my_init &
           cd ui-tests
           npm install
-          npm run cy:run:onboarding
+          xvfb-run --auto-servernum --server-args="-screen 0 1280x1024x24" \
+          npm run cy:run:onboarding --headless --no-sandbox --disable-gpu --disable-dev-shm-usage
 
       - name: Upload UI tests artifacts
         if: ${{ failure() }}

CHANGELOG.md

@@ -1,5 +1,70 @@
+## Version 24.05.x
+
+Dependencies:
+- Bump puppeteer from 23.8.0 to 23.9.0
+- Bump nodemailer from 6.9.15 to 6.9.16
+- Bump countly-sdk-web from 24.4.1 to 24.11.0
+- Bump tslib from 2.7.0 to 2.8.1
+
+## Version 24.05.19
+Fixes:
+- [dashboards] Fixing issue where dashboard widgets go into single column
+
+Security:
+- Bump puppeteer from 17.1.3 to 23.8.0
+- Bump express from 4.21.0 to 4.21.1 
+- Bump sass from 1.79.4 to 1.81.0
+- Bump express-session from 1.18.0 to 1.18.1
+- Bump cross-spawn from 7.0.3 to 7.0.6 in /ui-tests
+- Bump cross-spawn from 7.0.3 to 7.0.6 in /plugins/hooks
+
+## Version 24.05.18
+Fixes:
+- [core] Fixed bug where changing passwords results in the loss of the "Global Admin" role
+- [core] Fixed bug where exporting incoming data logs could result in "Incorrect parameter \"data\" error
+- [crash] Fixed bug in crash ingestion for scenarios where the "app version" is not a string.
+- [script] Fixing bug with "delete_old_members" script that led to malformed requests
+
+Enterprise fixes:
+- [nps] Fixed bug that showed the wrong nps preview title
+
+## Version 24.05.17
+Fixes:
+- [push] Improved ability to observe push related errors
+
+Enterprise fixes:
+- [cohorts] Fixed issues with nightly cleanup
+- [data-manager] Fixed UI bug where rules were not visible when editing "Merge by regex" transformations
+- [drill] Fixed wrong pie chart label  tooltip in dashboard widget
+- [flows] Fixed bug in case of null data in schema
+- [nps] Fixed bug in the editor where the "internal name" field was not mandatory
+- [ratings] Fixed UI bug where "Internal name" was not a mandatory field
+
+Security:
+- Fixing minor vulnerability that would allow for unauthorized file upload
+
+Enterprise Features:
+- [block] Added a way to filter crashes by their error (stacktrace)
+
+## Version 24.05.16
+Fixes:
+- [core] Replaced "Users" with "Sessions" label on technology home widgets
+- [push] Replaced push plugin with an earlier version of the plugin
+
+Enterprise fixes:
+- [license] Fixed bug with MAU type of licenses that would prevent the server from starting
+- [nps] Fixed bug where it was possible to submit empty nps surveys
+- [ratings] Fixed bug with user consent
+
+Security:
+- Bumped cookie-parser from 1.4.6 to 1.4.7
+- Bumped express-rate-limit from 7.4.0 to 7.4.1
+- Bumped moment-timezone from 0.5.45 to 0.5.46
+- Bumped sass from 1.79.3 to 1.79.4
+
 ## Version 24.05.15
 Enterprise fixes:
+- [ab-testing] Fixed JSON.parse issue preventing creation of AB tests
 - [nps] Fixed UI issues in the widget editor related to the "user consent" section
 - [ratings] Fixed rendering issue for escaped values
 
@@ -34,7 +99,7 @@ Enterprise Features:
 ## Version 24.05.12
 Fixes:
 - [dashboards] Fixes for dashboards grid
-- [dasboards] UI fix for dashboard widget action menu
+- [dashboards] UI fix for dashboard widget action menu
 - [push] Refactored fcm API related code
 - [reports] Use config for encryption key in reports
 

Dockerfile-api

@@ -17,8 +17,9 @@ ENV COUNTLY_CONTAINER="api" \
 	COUNTLY_CONFIG_API_API_WORKERS="1" \
 	COUNTLY_CONFIG_API_API_HOST="0.0.0.0" \
 	NODE_OPTIONS="--max-old-space-size=2048" \
-	TINI_VERSION="0.18.0"
-
+	TINI_VERSION="0.18.0"\
+	PUPPETEER_CACHE_DIR=/opt/countly/.cache/puppeteer
+	
 WORKDIR /opt/countly
 COPY . .
 
@@ -58,7 +59,7 @@ RUN curl -s -L -o /tmp/tini.deb "https://github.com/krallin/tini/releases/downlo
 	# cleanup & chown
 	npm remove -y --no-save mocha nyc should supertest && \
 	apt-get remove -y git gcc g++ make automake autoconf libtool pkg-config unzip sqlite3 && \
-	apt-get install -y libgbm-dev libgbm1 gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils && \
+	apt-get install -y libgbm-dev libgbm1 gconf-service libasound2 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils && \
 	apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
 	rm -rf test /tmp/* /tmp/.??* /var/tmp/* /var/tmp/.??* /var/log/* /root/.npm && \
 	\
@@ -75,4 +76,4 @@ USER 1001:0
 
 ENTRYPOINT ["/usr/bin/tini", "-v", "--"]
 
-CMD ["/opt/countly/bin/docker/cmd.sh"]
+CMD ["/opt/countly/bin/docker/cmd.sh"]

api/utils/render.js

@@ -62,6 +62,11 @@ exports.renderView = function(options, cb) {
 
             var settings = {
                 headless: true,
+                env: {
+                    //https://github.com/hardkoded/puppeteer-sharp/issues/2633
+                    XDG_CONFIG_HOME: pathModule.resolve(__dirname, "../../.cache/chrome/tmp/.chromium"),
+                    XDG_CACHE_HOME: pathModule.resolve(__dirname, "../../.cache/chrome/tmp/.chromium")
+                },
                 args: ['--no-sandbox', '--disable-setuid-sandbox'],
                 ignoreHTTPSErrors: true,
                 userDataDir: pathModule.resolve(__dirname, "../../dump/chrome")
@@ -118,8 +123,11 @@ exports.renderView = function(options, cb) {
                 };
 
                 page.setDefaultNavigationTimeout(updatedTimeout);
-
-                await page.goto(host + '/login/token/' + token + '?ssr=true');
+                const resp = await page.goto(host + '/login/token/' + token + '?ssr=true');
+                const status = resp?.status();
+                if (status !== 200) {
+                    throw new Error(`Failed to open login page. Status: ${status}`);
+                }
 
                 await page.waitForSelector('countly', {timeout: updatedTimeout});
 

bin/countly.install_rhel.sh

@@ -55,7 +55,7 @@ else
 fi
 
 #Install dependancies required by the puppeteer
-sudo dnf install -y alsa-lib.x86_64 atk.x86_64 cups-libs.x86_64 gtk3.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 libXext.x86_64 libXi.x86_64 libXrandr.x86_64 GConf2.x86_64 libXScrnSaver.x86_64 libXtst.x86_64 pango.x86_64 xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-fonts-cyrillic xorg-x11-fonts-misc xorg-x11-fonts-Type1 xorg-x11-utils
+sudo dnf install -y alsa-lib.x86_64 atk.x86_64 cups-libs.x86_64 gtk3.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 libXext.x86_64 libXi.x86_64 libXrandr.x86_64 GConf2.x86_64 libXScrnSaver.x86_64 libXtst.x86_64 pango.x86_64 xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-fonts-cyrillic xorg-x11-fonts-misc xorg-x11-fonts-Type1 xorg-x11-utils libdrm libgbm at-spi2-atk libxkbcommon
 #Install nss after installing above dependencies
 sudo dnf update -y nss
 

bin/scripts/expire-data/delete_custom_events_regex.js

@@ -6,7 +6,6 @@
  */
 
 
-const { ObjectId } = require('mongodb');
 const pluginManager = require('../../../plugins/pluginManager.js');
 const common = require('../../../api/utils/common.js');
 const drillCommon = require('../../../plugins/drill/api/common.js');
@@ -25,7 +24,7 @@ Promise.all([pluginManager.dbConnection("countly"), pluginManager.dbConnection("
 
     //GET APP
     try {
-        const app = await countlyDb.collection("apps").findOne({_id: ObjectId(APP_ID)}, {_id: 1, name: 1});
+        const app = await countlyDb.collection("apps").findOne({_id: countlyDb.ObjectID(APP_ID)}, {_id: 1, name: 1});
         console.log("App:", app.name);
         //GET EVENTS
         var events = [];
@@ -51,6 +50,27 @@ Promise.all([pluginManager.dbConnection("countly"), pluginManager.dbConnection("
                     }
                 ]).toArray();
                 events = events.length ? events[0].list : [];
+                const metaEvents = await drillDb.collection("drill_meta").aggregate([
+                    {
+                        $match: {
+                            'app_id': app._id + "",
+                            "type": "e",
+                            "e": { $regex: regex, $options: CASE_INSENSITIVE ? "i" : "", $nin: events }
+                        }
+                    },
+                    {
+                        $group: {
+                            _id: "$e"
+                        }
+                    },
+                    {
+                        $project: {
+                            _id: 0,
+                            e: "$_id"
+                        }
+                    }
+                ]).toArray();
+                events = events.concat(metaEvents.map(e => e.e));
             }
             catch (err) {
                 close("Invalid regex");
@@ -86,6 +106,7 @@ Promise.all([pluginManager.dbConnection("countly"), pluginManager.dbConnection("
         close(err);
     }
 
+
     async function deleteDrillEvents(appId, events) {
         for (let i = 0; i < events.length; i++) {
             var collectionName = drillCommon.getCollectionName(events[i], appId);

bin/scripts/member-managament/delete_old_members.js

@@ -44,7 +44,7 @@ Promise.all([pluginManager.dbConnection("countly")]).spread(function(countlyDb)
                         Url: SERVER_URL + "/i/users/delete",
                         body: {
                             api_key: API_KEY,
-                            args: JSON.stringify({user_ids: [(data._id + "")]})
+                            args: {user_ids: [data._id + ""]}
                         }
                     }, function(data) {
                         if (data.err) {
@@ -99,8 +99,7 @@ function sendRequest(params, callback) {
         const options = {
             uri: url.href,
             method: params.requestType,
-            json: true,
-            body: body,
+            json: body,
             strictSSL: false
         };
 

frontend/express/app.js

@@ -603,6 +603,10 @@ Promise.all([plugins.dbConnection(countlyConfig), plugins.dbConnection("countly_
     app.use(function(req, res, next) {
         var contentType = req.headers['content-type'];
         if (req.method.toLowerCase() === 'post' && contentType && contentType.indexOf('multipart/form-data') >= 0) {
+            if (!req.session?.uid || Date.now() > req.session?.expires) {
+                res.status(401).send('Unauthorized');
+                return;
+            }
             var form = new formidable.IncomingForm();
             form.uploadDir = __dirname + '/uploads';
             form.parse(req, function(err, fields, files) {
@@ -657,7 +661,7 @@ Promise.all([plugins.dbConnection(countlyConfig), plugins.dbConnection("countly_
             favicon: "images/favicon.png",
             documentationLink: convertLink(versionInfo.documentationLink, "https://support.count.ly/hc/en-us/categories/360002373332-Knowledge-Base"),
             helpCenterLink: convertLink(versionInfo.helpCenterLink, "https://support.count.ly/hc/en-us"),
-            featureRequestLink: convertLink(versionInfo.featureRequestLink, "https://support.count.ly/hc/en-us/community/topics/360001464272-Feature-Requests"),
+            featureRequestLink: convertLink(versionInfo.featureRequestLink, "https://discord.com/channels/1088398296789299280/1088721958218248243"),
             feedbackLink: convertLink(versionInfo.feedbackLink, "https://count.ly/legal/privacy-policy"),
         };
         plugins.loadConfigs(countlyDb, function() {

frontend/express/public/core/device-and-type/templates/technologyHomeWidget.html

@@ -12,7 +12,7 @@
 								<div class="version-graph-block bu-p-3" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}`">
 									<div class="bu-columns version-graph-title">
 										<div class="bu-column" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-name`">{{item2.name}}</div>
-										<div class="bu-column" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-value`">{{formatNumber(item2.value)}} {{item2.value > 1 ? 'Users' : 'User'}}<span class="divider" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-divider`"> | </span><span :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-percent`">{{item2.percent}}% </span></div>
+										<div class="bu-column" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-value`">{{formatNumber(item2.value)}} {{item2.value > 1 ? i18n('common.sessions') : i18n('common.session')}}<span class="divider" :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-divider`"> | </span><span :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-percent`">{{item2.percent}}% </span></div>
 									</div>
 									<cly-progress-bar :data-test-id="`cly-section-${item.title.toLowerCase().replaceAll(/\s/g, '-')}-item-${idx2}-progress-bar`" :entities="item2.bar" :height=8></cly-progress-bar>
 								</div>

frontend/express/public/core/user-management/javascripts/countly.views.js

@@ -949,8 +949,20 @@
         watch: {
             'groups': function() {
                 if (this.groups.length > 0) {
-                    // Remove global admin role if user is assigned to any group
-                    this.$refs.userDrawer.editedObject.global_admin = false;
+                    // Remove global admin role if the assigned groups does not have global admin access
+                    var groupHasGlobalAdmin = false;
+
+                    this.groups.forEach(function(grpId) {
+                        var group = groupsModel.data().find(function(grp) {
+                            return grpId === grp._id;
+                        });
+
+                        if (group && group.global_admin === true) {
+                            groupHasGlobalAdmin = true;
+                        }
+                    });
+
+                    this.$refs.userDrawer.editedObject.global_admin = groupHasGlobalAdmin;
                 }
 
                 if (this.groups.length === 0) {
@@ -1152,4 +1164,4 @@
     countlyVue.container.registerData("user-management/edit-user-drawer", {
         component: Drawer
     });
-})();
+})();

frontend/express/public/javascripts/countly/vue/templates/sidebar/users-menu.html

@@ -157,7 +157,7 @@
                         <i class="ion-android-textsms"></i>
                     </div>
                     <div class="bu-level-item">
-                        <a href="https://support.count.ly/hc/en-us/community/topics/360001464272-Feature-Requests" target="_blank">
+                        <a href="https://discord.com/channels/1088398296789299280/1088721958218248243" target="_blank">
                             <div>{{i18nM('common.feature-request')}}</div>
                         </a>
                     </div>

frontend/express/public/localization/dashboard/dashboard.properties

@@ -255,6 +255,8 @@ common.selected-with-count ={0} Selected
 common.selected = Selected
 common.select-all-with-count = Select all {0}
 common.deselect = Deselect
+common.session = Session
+common.sessions = Sessions
 
 #vue
 common.undo = Undo