Version 1.5.0

https://freshrss.github.io/FreshRSS/en/admins/02_Installation.html says so

CHANGELOG

@@ -56,3 +56,35 @@
 [1.2.0]
 * Use latest base image
 
+[1.3.0]
+* Update FreshRSS to 1.12.0
+* Features
+  * Ability to add labels (custom tags) to articles #928
+  * Handle article tags containing spaces, as well as comma-separated tags #2023
+  * Handle authors containing spaces, as well as comma or semi-colon separated authors #2025
+  * Searches by tag, author, etc. accept Unicode characters #2025
+  * New option to disable cache for feeds with invalid HTTP caching #2052
+* UI
+  * New theme Swage #2069
+  * Click on authors to initiate a search by author #2025
+  * Fix CSS for button alignments in older Chrome versions #2020
+* Security
+  * Improved flow for password change (avoid error 403) #2056
+  * Allow dot . in username (best to avoid, though) #2061
+* Performance
+  * Remove some counterproductive preload / prefetch rules #2040
+  * Improved fast flush (earlier transfer, fetching of resources, and rendering) #2045
+
+[1.4.0]
+* Update FreshRSS to 1.13.0
+* [Full changelog](https://github.com/FreshRSS/FreshRSS/blob/1.13.0/CHANGELOG.md)
+* Improvements to the Google Reader API #2093
+* Support for Vienna RSS (client for Mac OS X) #2091
+* Ability to import XML files exported from Tiny-Tiny-RSS #2079
+* Ability to show all the feeds that have a warning #2146
+* Share with Pinboard #1972
+
+[1.5.0]
+* Fix security issue where root directory was exposed
+* Enable mod rewrite for mobile apps like FeedMe to work
+

CloudronManifest.json

@@ -5,7 +5,7 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG",
   "tagline": "RSS feed reader",
-  "version": "1.2.0",
+  "version": "1.5.0",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {

DESCRIPTION.md

@@ -1,4 +1,4 @@
-This app packages FreshRSS <upstream>1.11.2</upstream>.
+This app packages FreshRSS <upstream>1.13.0</upstream>.
 
 FreshRSS is a self-hosted RSS feed aggregator such as Leed or Kriss Feed.
 

Dockerfile

@@ -3,7 +3,7 @@ FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c
 RUN mkdir -p /app/code
 WORKDIR /app/code
 
-RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/1.11.2.tar.gz | tar -zxvf - --strip-components=1
+RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/1.13.0.tar.gz | tar -zxvf - --strip-components=1
 
 RUN mv data data-orig && ln -s /app/data data
 
@@ -21,7 +21,7 @@ RUN a2disconf other-vhosts-access-log
 ADD apache/freshrss.conf /etc/apache2/sites-enabled/freshrss.conf
 RUN echo "Listen 8000" > /etc/apache2/ports.conf
 
-RUN a2enmod headers expires
+RUN a2enmod headers expires deflate mime dir rewrite
 
 RUN rm -rf /var/lib/php \
     && ln -s /run/php /var/lib/php \

POSTINSTALL.md

@@ -3,7 +3,7 @@ This application does not integrate with Cloudron authentication.
 There is a preconfigured administrator account with the following credentials:
 
 * Username: `admin`
-* Password: `password`
+* Password: `changeme`
 
 (Please change that password on first login)
 

README.md

@@ -34,3 +34,18 @@ npm install
 PATH=$PATH:node_modules/.bin mocha --bail test.js
 ```
 
+## Debugging
+
+
+* Update your data/config.php with the following, to get more debugging information:
+
+```
+'environment' => 'development',
+
+```
+
+* Check your logs:
+  * Web server / PHP logs
+  * FreshRSS API log in ./data/users/_/log_api.txt
+  * FreshRSS logs in ./data/users/you/log.txt
+

apache/freshrss.conf

@@ -1,11 +1,11 @@
 <VirtualHost *:8000>
-    DocumentRoot /app/code  
+    DocumentRoot /app/code/p
     AllowEncodedSlashes On
 
     ErrorLog /dev/stderr 
     CustomLog /dev/stdout combined
 
-    <Directory /app/code/>
+    <Directory /app/code/p/>
         Options +FollowSymLinks
         AllowOverride All
         Require all granted

start.sh

@@ -13,7 +13,7 @@ if ! [ -f /app/data/.installed ]; then
     --db-user "${MYSQL_USERNAME}" --db-password "${MYSQL_PASSWORD}" \
     --db-base "${MYSQL_DATABASE}" --db-prefix "" \
     --disable_update
-  php cli/create-user.php --user admin --password password --language en
+  php cli/create-user.php --user admin --password changeme --language en
   php cli/actualize-user.php --user admin
   touch /app/data/.installed
   echo "Done."
@@ -35,7 +35,7 @@ done
 
 
 echo "Updating config file"
-php cli/reconfigure.php --default_user admin --base_url "https://${APP_DOMAIN}/p" \
+php cli/reconfigure.php --default_user admin --base_url "https://${APP_DOMAIN}" \
     --db-type mysql --db-host "${MYSQL_HOST}" \
     --db-user "${MYSQL_USERNAME}" --db-password "${MYSQL_PASSWORD}" \
     --db-base "${MYSQL_DATABASE}" --db-prefix "" \

test/test.js

@@ -14,8 +14,7 @@ var by = webdriver.By,
     until = webdriver.until;
 
 var username = 'admin',
-    password = 'password';
-
+    password = 'changeme';
 
 process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
@@ -55,8 +54,26 @@ describe('Application life cycle test', function () {
         });
     }
 
-    function login(callback) {
-        browser.manage().deleteAllCookies().then(function () {
+    function baseUrl() {
+        if (app.manifest.version === '1.4.0') return `https://${app.fqdn}/p`;
+        return `https://${app.fqdn}`;
+    }
+
+    // we do this because it perm redirects to /p/ in old versions
+    function clearCache() {
+        // https://stackoverflow.com/questions/49614217/selenium-clear-chrome-cache
+        // defaut clearance is 1 hour of cache
+        return browser.get('chrome://settings/clearBrowserData').then(function () {
+            return visible(by.css('* /deep/ #clearBrowsingDataConfirm'));
+        }).then(function () {
+            return browser.findElement(by.css('* /deep/ #clearBrowsingDataConfirm')).click();
+        }).then(function () {
+            return browser.sleep(5000);
+        });
+    }
+
+    function login(password, callback) {
+        clearCache().then(function () {
             return browser.get('https://' + app.fqdn);
         }).then(function () {
             return visible(by.id('loginButton'));
@@ -94,7 +111,7 @@ describe('Application life cycle test', function () {
     function addSubscription(callback) {
         var url = "https://cloudron.io/blog/rss.xml";
 
-        browser.get(`https://${app.fqdn}/p/i/?c=subscription`).then(function () {
+        browser.get(`${baseUrl()}/i/?c=subscription`).then(function () {
             return visible(by.xpath('//input[@name="url_rss"]'));
         }).then(function () {
             return browser.findElement(by.xpath('//input[@name="url_rss"]')).sendKeys(url);
@@ -107,10 +124,10 @@ describe('Application life cycle test', function () {
         });
     }
 
-    function addUser(callback) {
+    function addUser(password, callback) {
         var test_username = 'test';
 
-        browser.get(`https://${app.fqdn}/p/i/?c=user&a=manage`).then(function () {
+        browser.get(`${baseUrl()}/i/?c=user&a=manage`).then(function () {
             return visible(by.id('new_user_name'));
         }).then(function () {
             return browser.findElement(by.id('new_user_name')).sendKeys(test_username);
@@ -126,7 +143,7 @@ describe('Application life cycle test', function () {
     }
 
     function enableApi(callback) {
-        browser.get('https://' + app.fqdn + '/p/i/?c=auth').then(function () {
+        browser.get(`${baseUrl()}/i/?c=auth`).then(function () {
             return browser.findElement(by.id('api_enabled')).click();
         }).then(function () {
             return browser.findElement(by.xpath('//button[text()="Submit"]')).submit();
@@ -136,7 +153,7 @@ describe('Application life cycle test', function () {
     }
 
     function checkApiConfiguration(callback) {
-        browser.get('https://' + app.fqdn + '/p/api/greader.php/check%2Fcompatibility').then(function () {
+        browser.get(`${baseUrl()}/api/greader.php/check%2Fcompatibility`).then(function () {
             return exists(by.xpath('//pre[text()="PASS"]'));
         }).then(function () {
             callback();
@@ -150,7 +167,7 @@ describe('Application life cycle test', function () {
     }
 
     function subscriptionExists(callback) {
-        browser.get('https://' + app.fqdn + '/p/i/?get=c_1').then(function () {
+        browser.get(`${baseUrl()}/i/?get=c_1`).then(function () {
             return visible(by.xpath('//a[text()="Cloudron.io"]'));
         }).then(function () {
             callback();
@@ -158,7 +175,7 @@ describe('Application life cycle test', function () {
     }
 
     function getStaticExtensionFile(callback) {
-        superagent.get(`https://${app.fqdn}/p/ext.php?f=xExtension-StickyFeeds/static/script.js&t=js`)
+        superagent.get(`${baseUrl()}/ext.php?f=xExtension-StickyFeeds/static/script.js&t=js`)
             .buffer(true)
             .end(function (err, res) {
                 expect(err).to.be(null);
@@ -178,9 +195,9 @@ describe('Application life cycle test', function () {
 
     it('can get app information', getAppInfo);
 
-    it('can login', login);
+    it('can login', login.bind(null, password));
     it('can subscribe', addSubscription);
-    it('can add users', addUser);
+    it('can add users', addUser.bind(null, password));
     it('can enable API', enableApi);
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
@@ -195,7 +212,7 @@ describe('Application life cycle test', function () {
         execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, password));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -209,7 +226,7 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, password));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -225,9 +242,9 @@ describe('Application life cycle test', function () {
     });
 
     it('can get app information', getAppInfo);
-    it('can login', login);
+    it('can login', login.bind(null, 'password'));
     it('can subscribe', addSubscription);
-    it('can add users', addUser);
+    it('can add users', addUser.bind(null, password));
 
     it('can update', function () {
         execSync('cloudron install --wait --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
@@ -236,7 +253,7 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, 'password'));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);